OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "ios/web/web_state/wk_web_view_security_util.h" | 5 #import "ios/web/web_state/wk_web_view_security_util.h" |
6 | 6 |
7 #import <Foundation/Foundation.h> | 7 #import <Foundation/Foundation.h> |
8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
11 | 11 |
| 12 #include "base/mac/foundation_util.h" |
12 #include "base/mac/scoped_cftyperef.h" | 13 #include "base/mac/scoped_cftyperef.h" |
13 #include "crypto/rsa_private_key.h" | 14 #include "crypto/rsa_private_key.h" |
14 #include "net/cert/x509_cert_types.h" | 15 #include "net/cert/x509_cert_types.h" |
15 #include "net/cert/x509_certificate.h" | 16 #include "net/cert/x509_certificate.h" |
16 #include "net/cert/x509_util.h" | 17 #include "net/cert/x509_util.h" |
17 #include "net/cert/x509_util_ios.h" | 18 #include "net/cert/x509_util_ios.h" |
18 #include "net/ssl/ssl_info.h" | 19 #include "net/ssl/ssl_info.h" |
19 #include "testing/gtest/include/gtest/gtest.h" | 20 #include "testing/gtest/include/gtest/gtest.h" |
20 #import "testing/gtest_mac.h" | 21 #import "testing/gtest_mac.h" |
21 #include "testing/platform_test.h" | 22 #include "testing/platform_test.h" |
22 | 23 |
| 24 #if !defined(__has_feature) || !__has_feature(objc_arc) |
| 25 #error "This file requires ARC support." |
| 26 #endif |
| 27 |
23 namespace web { | 28 namespace web { |
24 namespace { | 29 namespace { |
25 // Subject for testing self-signed certificate. | 30 // Subject for testing self-signed certificate. |
26 const char kTestSubject[] = "self-signed"; | 31 const char kTestSubject[] = "self-signed"; |
27 // Hostname for testing SecTrustRef objects. | 32 // Hostname for testing SecTrustRef objects. |
28 NSString* const kTestHost = @"www.example.com"; | 33 NSString* const kTestHost = @"www.example.com"; |
29 | 34 |
30 // Returns an autoreleased certificate chain for testing. Chain will contain a | 35 // Returns an autoreleased certificate chain for testing. Chain will contain a |
31 // single self-signed cert with |subject| as a subject. | 36 // single self-signed cert with |subject| as a subject. |
32 NSArray* MakeTestCertChain(const std::string& subject) { | 37 NSArray* MakeTestCertChain(const std::string& subject) { |
33 std::unique_ptr<crypto::RSAPrivateKey> private_key; | 38 std::unique_ptr<crypto::RSAPrivateKey> private_key; |
34 std::string der_cert; | 39 std::string der_cert; |
35 net::x509_util::CreateKeyAndSelfSignedCert( | 40 net::x509_util::CreateKeyAndSelfSignedCert( |
36 "CN=" + subject, 1, base::Time::Now(), | 41 "CN=" + subject, 1, base::Time::Now(), |
37 base::Time::Now() + base::TimeDelta::FromDays(1), &private_key, | 42 base::Time::Now() + base::TimeDelta::FromDays(1), &private_key, |
38 &der_cert); | 43 &der_cert); |
39 | 44 |
40 base::ScopedCFTypeRef<SecCertificateRef> cert( | 45 base::ScopedCFTypeRef<SecCertificateRef> cert( |
41 net::x509_util::CreateSecCertificateFromBytes( | 46 net::x509_util::CreateSecCertificateFromBytes( |
42 reinterpret_cast<const uint8_t*>(der_cert.data()), der_cert.size())); | 47 reinterpret_cast<const uint8_t*>(der_cert.data()), der_cert.size())); |
43 if (!cert) | 48 if (!cert) |
44 return nullptr; | 49 return nullptr; |
45 NSArray* result = @[ reinterpret_cast<id>(cert.get()) ]; | 50 return @[ (__bridge id)cert.get() ]; |
46 return result; | |
47 } | 51 } |
48 | 52 |
49 // Returns an autoreleased dictionary, which represents NSError's user info for | 53 // Returns an autoreleased dictionary, which represents NSError's user info for |
50 // testing. | 54 // testing. |
51 NSDictionary* MakeTestSSLCertErrorUserInfo() { | 55 NSDictionary* MakeTestSSLCertErrorUserInfo() { |
52 return @{ | 56 return @{ |
53 web::kNSErrorPeerCertificateChainKey : MakeTestCertChain(kTestSubject), | 57 web::kNSErrorPeerCertificateChainKey : MakeTestCertChain(kTestSubject), |
54 }; | 58 }; |
55 } | 59 } |
56 | 60 |
57 // Returns SecTrustRef object for testing. | 61 // Returns SecTrustRef object for testing. |
58 base::ScopedCFTypeRef<SecTrustRef> CreateTestTrust(NSArray* cert_chain) { | 62 base::ScopedCFTypeRef<SecTrustRef> CreateTestTrust(NSArray* cert_chain) { |
59 base::ScopedCFTypeRef<SecPolicyRef> policy(SecPolicyCreateBasicX509()); | 63 base::ScopedCFTypeRef<SecPolicyRef> policy(SecPolicyCreateBasicX509()); |
60 SecTrustRef trust = nullptr; | 64 SecTrustRef trust = nullptr; |
61 SecTrustCreateWithCertificates(cert_chain, policy, &trust); | 65 SecTrustCreateWithCertificates(base::mac::NSToCFCast(cert_chain), policy, |
| 66 &trust); |
62 return base::ScopedCFTypeRef<SecTrustRef>(trust); | 67 return base::ScopedCFTypeRef<SecTrustRef>(trust); |
63 } | 68 } |
64 | 69 |
65 } // namespace | 70 } // namespace |
66 | 71 |
67 // Test class for wk_web_view_security_util functions. | 72 // Test class for wk_web_view_security_util functions. |
68 typedef PlatformTest WKWebViewSecurityUtilTest; | 73 typedef PlatformTest WKWebViewSecurityUtilTest; |
69 | 74 |
70 // Tests CreateCertFromChain with self-signed cert. | 75 // Tests CreateCertFromChain with self-signed cert. |
71 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromChain) { | 76 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromChain) { |
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
281 GetSecurityStyleFromTrustResult(kSecTrustResultUnspecified)); | 286 GetSecurityStyleFromTrustResult(kSecTrustResultUnspecified)); |
282 } | 287 } |
283 | 288 |
284 // Tests GetSecurityStyleFromTrustResult with invalid SecTrustResultType result. | 289 // Tests GetSecurityStyleFromTrustResult with invalid SecTrustResultType result. |
285 TEST_F(WKWebViewSecurityUtilTest, GetSecurityStyleFromInvalidResult) { | 290 TEST_F(WKWebViewSecurityUtilTest, GetSecurityStyleFromInvalidResult) { |
286 EXPECT_EQ(SECURITY_STYLE_UNKNOWN, | 291 EXPECT_EQ(SECURITY_STYLE_UNKNOWN, |
287 GetSecurityStyleFromTrustResult(kSecTrustResultInvalid)); | 292 GetSecurityStyleFromTrustResult(kSecTrustResultInvalid)); |
288 } | 293 } |
289 | 294 |
290 } // namespace web | 295 } // namespace web |
OLD | NEW |