| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import "ios/web/web_state/wk_web_view_security_util.h" | 5 #import "ios/web/web_state/wk_web_view_security_util.h" |
| 6 | 6 |
| 7 #import <Foundation/Foundation.h> | 7 #import <Foundation/Foundation.h> |
| 8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
| 9 | 9 |
| 10 #include <memory> | 10 #include <memory> |
| 11 | 11 |
| 12 #include "base/mac/scoped_cftyperef.h" | 12 #include "base/mac/scoped_cftyperef.h" |
| 13 #include "crypto/rsa_private_key.h" | 13 #include "crypto/rsa_private_key.h" |
| 14 #include "net/cert/x509_cert_types.h" | 14 #include "net/cert/x509_cert_types.h" |
| 15 #include "net/cert/x509_certificate.h" | 15 #include "net/cert/x509_certificate.h" |
| 16 #include "net/cert/x509_util.h" | 16 #include "net/cert/x509_util.h" |
| 17 #include "net/cert/x509_util_ios.h" |
| 17 #include "net/ssl/ssl_info.h" | 18 #include "net/ssl/ssl_info.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 19 #import "testing/gtest_mac.h" | 20 #import "testing/gtest_mac.h" |
| 20 #include "testing/platform_test.h" | 21 #include "testing/platform_test.h" |
| 21 | 22 |
| 22 namespace web { | 23 namespace web { |
| 23 namespace { | 24 namespace { |
| 24 // Subject for testing self-signed certificate. | 25 // Subject for testing self-signed certificate. |
| 25 const char kTestSubject[] = "self-signed"; | 26 const char kTestSubject[] = "self-signed"; |
| 26 // Hostname for testing SecTrustRef objects. | 27 // Hostname for testing SecTrustRef objects. |
| 27 NSString* const kTestHost = @"www.example.com"; | 28 NSString* const kTestHost = @"www.example.com"; |
| 28 | 29 |
| 29 // Returns an autoreleased certificate chain for testing. Chain will contain a | 30 // Returns an autoreleased certificate chain for testing. Chain will contain a |
| 30 // single self-signed cert with |subject| as a subject. | 31 // single self-signed cert with |subject| as a subject. |
| 31 NSArray* MakeTestCertChain(const std::string& subject) { | 32 NSArray* MakeTestCertChain(const std::string& subject) { |
| 32 std::unique_ptr<crypto::RSAPrivateKey> private_key; | 33 std::unique_ptr<crypto::RSAPrivateKey> private_key; |
| 33 std::string der_cert; | 34 std::string der_cert; |
| 34 net::x509_util::CreateKeyAndSelfSignedCert( | 35 net::x509_util::CreateKeyAndSelfSignedCert( |
| 35 "CN=" + subject, 1, base::Time::Now(), | 36 "CN=" + subject, 1, base::Time::Now(), |
| 36 base::Time::Now() + base::TimeDelta::FromDays(1), &private_key, | 37 base::Time::Now() + base::TimeDelta::FromDays(1), &private_key, |
| 37 &der_cert); | 38 &der_cert); |
| 38 | 39 |
| 39 base::ScopedCFTypeRef<SecCertificateRef> cert( | 40 base::ScopedCFTypeRef<SecCertificateRef> cert( |
| 40 net::X509Certificate::CreateOSCertHandleFromBytes(der_cert.data(), | 41 net::x509_util::CreateSecCertificateFromBytes( |
| 41 der_cert.size())); | 42 reinterpret_cast<const uint8_t*>(der_cert.data()), der_cert.size())); |
| 43 if (!cert) |
| 44 return nullptr; |
| 42 NSArray* result = @[ reinterpret_cast<id>(cert.get()) ]; | 45 NSArray* result = @[ reinterpret_cast<id>(cert.get()) ]; |
| 43 return result; | 46 return result; |
| 44 } | 47 } |
| 45 | 48 |
| 46 // Returns an autoreleased dictionary, which represents NSError's user info for | 49 // Returns an autoreleased dictionary, which represents NSError's user info for |
| 47 // testing. | 50 // testing. |
| 48 NSDictionary* MakeTestSSLCertErrorUserInfo() { | 51 NSDictionary* MakeTestSSLCertErrorUserInfo() { |
| 49 return @{ | 52 return @{ |
| 50 web::kNSErrorPeerCertificateChainKey : MakeTestCertChain(kTestSubject), | 53 web::kNSErrorPeerCertificateChainKey : MakeTestCertChain(kTestSubject), |
| 51 }; | 54 }; |
| 52 } | 55 } |
| 53 | 56 |
| 54 // Returns SecTrustRef object for testing. | 57 // Returns SecTrustRef object for testing. |
| 55 base::ScopedCFTypeRef<SecTrustRef> CreateTestTrust(NSArray* cert_chain) { | 58 base::ScopedCFTypeRef<SecTrustRef> CreateTestTrust(NSArray* cert_chain) { |
| 56 base::ScopedCFTypeRef<SecPolicyRef> policy(SecPolicyCreateBasicX509()); | 59 base::ScopedCFTypeRef<SecPolicyRef> policy(SecPolicyCreateBasicX509()); |
| 57 SecTrustRef trust = nullptr; | 60 SecTrustRef trust = nullptr; |
| 58 SecTrustCreateWithCertificates(cert_chain, policy, &trust); | 61 SecTrustCreateWithCertificates(cert_chain, policy, &trust); |
| 59 return base::ScopedCFTypeRef<SecTrustRef>(trust); | 62 return base::ScopedCFTypeRef<SecTrustRef>(trust); |
| 60 } | 63 } |
| 61 | 64 |
| 62 } // namespace | 65 } // namespace |
| 63 | 66 |
| 64 // Test class for wk_web_view_security_util functions. | 67 // Test class for wk_web_view_security_util functions. |
| 65 typedef PlatformTest WKWebViewSecurityUtilTest; | 68 typedef PlatformTest WKWebViewSecurityUtilTest; |
| 66 | 69 |
| 67 // Tests CreateCertFromChain with self-signed cert. | 70 // Tests CreateCertFromChain with self-signed cert. |
| 68 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromChain) { | 71 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromChain) { |
| 69 scoped_refptr<net::X509Certificate> cert = | 72 scoped_refptr<net::X509Certificate> cert = |
| 70 CreateCertFromChain(MakeTestCertChain(kTestSubject)); | 73 CreateCertFromChain(MakeTestCertChain(kTestSubject)); |
| 74 ASSERT_TRUE(cert); |
| 71 EXPECT_TRUE(cert->subject().GetDisplayName() == kTestSubject); | 75 EXPECT_TRUE(cert->subject().GetDisplayName() == kTestSubject); |
| 72 } | 76 } |
| 73 | 77 |
| 74 // Tests CreateCertFromChain with nil chain. | 78 // Tests CreateCertFromChain with nil chain. |
| 75 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromNilChain) { | 79 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromNilChain) { |
| 76 EXPECT_FALSE(CreateCertFromChain(nil)); | 80 EXPECT_FALSE(CreateCertFromChain(nil)); |
| 77 } | 81 } |
| 78 | 82 |
| 79 // Tests CreateCertFromChain with empty chain. | 83 // Tests CreateCertFromChain with empty chain. |
| 80 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromEmptyChain) { | 84 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromEmptyChain) { |
| (...skipping 15 matching lines...) Expand all Loading... |
| 96 EnsureFutureTrustEvaluationSucceeds(trust); | 100 EnsureFutureTrustEvaluationSucceeds(trust); |
| 97 SecTrustEvaluate(trust, &result); | 101 SecTrustEvaluate(trust, &result); |
| 98 EXPECT_EQ(kSecTrustResultProceed, result); | 102 EXPECT_EQ(kSecTrustResultProceed, result); |
| 99 } | 103 } |
| 100 | 104 |
| 101 // Tests CreateCertFromTrust. | 105 // Tests CreateCertFromTrust. |
| 102 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromTrust) { | 106 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromTrust) { |
| 103 base::ScopedCFTypeRef<SecTrustRef> trust = | 107 base::ScopedCFTypeRef<SecTrustRef> trust = |
| 104 CreateTestTrust(MakeTestCertChain(kTestSubject)); | 108 CreateTestTrust(MakeTestCertChain(kTestSubject)); |
| 105 scoped_refptr<net::X509Certificate> cert = CreateCertFromTrust(trust); | 109 scoped_refptr<net::X509Certificate> cert = CreateCertFromTrust(trust); |
| 110 ASSERT_TRUE(cert); |
| 106 EXPECT_TRUE(cert->subject().GetDisplayName() == kTestSubject); | 111 EXPECT_TRUE(cert->subject().GetDisplayName() == kTestSubject); |
| 107 } | 112 } |
| 108 | 113 |
| 109 // Tests CreateCertFromTrust with nil trust. | 114 // Tests CreateCertFromTrust with nil trust. |
| 110 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromNilTrust) { | 115 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromNilTrust) { |
| 111 EXPECT_FALSE(CreateCertFromTrust(nil)); | 116 EXPECT_FALSE(CreateCertFromTrust(nil)); |
| 112 } | 117 } |
| 113 | 118 |
| 114 // Tests CreateServerTrustFromChain with valid input. | 119 // Tests CreateServerTrustFromChain with valid input. |
| 115 TEST_F(WKWebViewSecurityUtilTest, CreationServerTrust) { | 120 TEST_F(WKWebViewSecurityUtilTest, CreationServerTrust) { |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 276 GetSecurityStyleFromTrustResult(kSecTrustResultUnspecified)); | 281 GetSecurityStyleFromTrustResult(kSecTrustResultUnspecified)); |
| 277 } | 282 } |
| 278 | 283 |
| 279 // Tests GetSecurityStyleFromTrustResult with invalid SecTrustResultType result. | 284 // Tests GetSecurityStyleFromTrustResult with invalid SecTrustResultType result. |
| 280 TEST_F(WKWebViewSecurityUtilTest, GetSecurityStyleFromInvalidResult) { | 285 TEST_F(WKWebViewSecurityUtilTest, GetSecurityStyleFromInvalidResult) { |
| 281 EXPECT_EQ(SECURITY_STYLE_UNKNOWN, | 286 EXPECT_EQ(SECURITY_STYLE_UNKNOWN, |
| 282 GetSecurityStyleFromTrustResult(kSecTrustResultInvalid)); | 287 GetSecurityStyleFromTrustResult(kSecTrustResultInvalid)); |
| 283 } | 288 } |
| 284 | 289 |
| 285 } // namespace web | 290 } // namespace web |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2864133002:
Convert iOS to use X509CertificateBytes. (Closed)
