Add ICU message format support
[chromium-blink-merge.git] / ios / web / web_state / wk_web_view_security_util_unittest.mm
blob88e7701efc0a0c8b06062710acc4c54e4cd51320
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #import "ios/web/web_state/wk_web_view_security_util.h"
7 #import <Foundation/Foundation.h>
8 #include <Security/Security.h>
10 #include "base/mac/scoped_cftyperef.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "crypto/rsa_private_key.h"
13 #include "ios/web/public/test/web_test_util.h"
14 #include "net/cert/x509_cert_types.h"
15 #include "net/cert/x509_certificate.h"
16 #include "net/cert/x509_util.h"
17 #include "net/ssl/ssl_info.h"
18 #include "testing/gtest/include/gtest/gtest.h"
19 #include "testing/platform_test.h"
21 namespace web {
22 namespace {
23 // Subject for testing self-signed certificate.
24 const char kTestSubject[] = "self-signed";
26 // Returns an autoreleased certificate chain for testing. Chain will contain a
27 // single self-signed cert with |subject| as a subject.
28 NSArray* MakeTestCertChain(const std::string& subject) {
29   scoped_ptr<crypto::RSAPrivateKey> private_key;
30   std::string der_cert;
31   net::x509_util::CreateKeyAndSelfSignedCert(
32       "CN=" + subject, 1, base::Time::Now(),
33       base::Time::Now() + base::TimeDelta::FromDays(1), &private_key,
34       &der_cert);
36   base::ScopedCFTypeRef<SecCertificateRef> cert(
37       net::X509Certificate::CreateOSCertHandleFromBytes(der_cert.data(),
38                                                         der_cert.size()));
39   NSArray* result = @[ reinterpret_cast<id>(cert.get()) ];
40   return result;
43 // Returns SecTrustRef object for testing.
44 base::ScopedCFTypeRef<SecTrustRef> CreateTestTrust(NSArray* cert_chain) {
45   base::ScopedCFTypeRef<SecPolicyRef> policy(SecPolicyCreateBasicX509());
46   SecTrustRef trust = nullptr;
47   SecTrustCreateWithCertificates(cert_chain, policy, &trust);
48   return base::ScopedCFTypeRef<SecTrustRef>(trust);
51 }  // namespace
53 // Test class for wk_web_view_security_util functions.
54 typedef PlatformTest WKWebViewSecurityUtilTest;
56 // Tests CreateCertFromChain with self-signed cert.
57 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromChain) {
58   scoped_refptr<net::X509Certificate> cert =
59       CreateCertFromChain(MakeTestCertChain(kTestSubject));
60   EXPECT_TRUE(cert->subject().GetDisplayName() == kTestSubject);
63 // Tests CreateCertFromChain with nil chain.
64 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromNilChain) {
65   EXPECT_FALSE(CreateCertFromChain(nil));
68 // Tests CreateCertFromChain with empty chain.
69 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromEmptyChain) {
70   EXPECT_FALSE(CreateCertFromChain(@[]));
73 // Tests MakeTrustValid with self-signed cert.
74 TEST_F(WKWebViewSecurityUtilTest, MakingTrustValid) {
75   // Create invalid trust object.
76   base::ScopedCFTypeRef<SecTrustRef> trust =
77       CreateTestTrust(MakeTestCertChain(kTestSubject));
79   SecTrustResultType result = -1;
80   SecTrustEvaluate(trust, &result);
81   EXPECT_EQ(kSecTrustResultRecoverableTrustFailure, result);
83   // Make sure that trust becomes valid after
84   // |EnsureFutureTrustEvaluationSucceeds| call.
85   EnsureFutureTrustEvaluationSucceeds(trust);
86   SecTrustEvaluate(trust, &result);
87   EXPECT_EQ(kSecTrustResultProceed, result);
90 // Tests CreateCertFromTrust.
91 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromTrust) {
92   base::ScopedCFTypeRef<SecTrustRef> trust =
93       CreateTestTrust(MakeTestCertChain(kTestSubject));
94   scoped_refptr<net::X509Certificate> cert = CreateCertFromTrust(trust);
95   EXPECT_TRUE(cert->subject().GetDisplayName() == kTestSubject);
98 // Tests CreateCertFromTrust with nil trust.
99 TEST_F(WKWebViewSecurityUtilTest, CreationCertFromNilTrust) {
100   EXPECT_FALSE(CreateCertFromTrust(nil));
103 // Tests that IsWKWebViewSSLError returns true for NSError with NSURLErrorDomain
104 // domain and NSURLErrorSecureConnectionFailed error code.
105 TEST_F(WKWebViewSecurityUtilTest, CheckSecureConnectionFailedError) {
106   CR_TEST_REQUIRES_WK_WEB_VIEW();
108   EXPECT_TRUE(IsWKWebViewSSLError(
109       [NSError errorWithDomain:NSURLErrorDomain
110                           code:NSURLErrorSecureConnectionFailed
111                       userInfo:nil]));
114 // Tests that IsWKWebViewSSLError returns true for NSError with NSURLErrorDomain
115 // domain and NSURLErrorClientCertificateRequired error code.
116 TEST_F(WKWebViewSecurityUtilTest, CheckCannotLoadFromNetworkError) {
117   CR_TEST_REQUIRES_WK_WEB_VIEW();
119   EXPECT_TRUE(IsWKWebViewSSLError(
120       [NSError errorWithDomain:NSURLErrorDomain
121                           code:NSURLErrorClientCertificateRequired
122                       userInfo:nil]));
125 // Tests that IsWKWebViewSSLError returns false for NSError with empty domain
126 // and NSURLErrorClientCertificateRequired error code.
127 TEST_F(WKWebViewSecurityUtilTest, CheckCannotLoadFromNetworkErrorWithNoDomain) {
128   CR_TEST_REQUIRES_WK_WEB_VIEW();
130   EXPECT_FALSE(IsWKWebViewSSLError(
131       [NSError errorWithDomain:@""
132                           code:NSURLErrorClientCertificateRequired
133                       userInfo:nil]));
136 // Tests that IsWKWebViewSSLError returns false for NSError with
137 // NSURLErrorDomain domain and NSURLErrorDataLengthExceedsMaximum error code.
138 TEST_F(WKWebViewSecurityUtilTest, CheckDataLengthExceedsMaximumError) {
139   CR_TEST_REQUIRES_WK_WEB_VIEW();
141   EXPECT_FALSE(IsWKWebViewSSLError(
142       [NSError errorWithDomain:NSURLErrorDomain
143                           code:NSURLErrorDataLengthExceedsMaximum
144                       userInfo:nil]));
147 // Tests that IsWKWebViewSSLError returns false for NSError with
148 // NSURLErrorDomain domain and NSURLErrorCannotLoadFromNetwork error code.
149 TEST_F(WKWebViewSecurityUtilTest, CheckCannotCreateFileError) {
150   CR_TEST_REQUIRES_WK_WEB_VIEW();
152   EXPECT_FALSE(IsWKWebViewSSLError(
153       [NSError errorWithDomain:NSURLErrorDomain
154                           code:NSURLErrorCannotLoadFromNetwork
155                       userInfo:nil]));
158 // Tests GetSSLInfoFromWKWebViewSSLError with NSError without user info.
159 TEST_F(WKWebViewSecurityUtilTest, SSLInfoFromErrorWithoutUserInfo) {
160   CR_TEST_REQUIRES_WK_WEB_VIEW();
162   NSError* badDateError =
163       [NSError errorWithDomain:NSURLErrorDomain
164                           code:NSURLErrorServerCertificateHasBadDate
165                       userInfo:nil];
166   net::SSLInfo info;
167   GetSSLInfoFromWKWebViewSSLError(badDateError, &info);
168   EXPECT_TRUE(info.is_valid());
169   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, info.cert_status);
170   info.cert->subject();
171   EXPECT_EQ("", info.cert->subject().GetDisplayName());
174 // Tests GetSSLInfoFromWKWebViewSSLError with NSError without cert.
175 TEST_F(WKWebViewSecurityUtilTest, SSLInfoFromErrorWithoutCert) {
176   CR_TEST_REQUIRES_WK_WEB_VIEW();
178   NSError* untrustedCertError = [NSError
179       errorWithDomain:NSURLErrorDomain
180                  code:NSURLErrorServerCertificateUntrusted
181              userInfo:@{
182                NSURLErrorFailingURLStringErrorKey : @"https://www.google.com/",
183              }];
184   net::SSLInfo info;
185   GetSSLInfoFromWKWebViewSSLError(untrustedCertError, &info);
186   EXPECT_TRUE(info.is_valid());
187   EXPECT_EQ(net::CERT_STATUS_INVALID, info.cert_status);
188   EXPECT_EQ("https://www.google.com/", info.cert->subject().GetDisplayName());
191 // Tests GetSSLInfoFromWKWebViewSSLError with NSError and self-signed cert.
192 TEST_F(WKWebViewSecurityUtilTest, SSLInfoFromErrorWithCert) {
193   CR_TEST_REQUIRES_WK_WEB_VIEW();
195   NSError* unknownCertError =
196       [NSError errorWithDomain:NSURLErrorDomain
197                           code:NSURLErrorServerCertificateHasUnknownRoot
198                       userInfo:@{
199                         kNSErrorPeerCertificateChainKey :
200                             MakeTestCertChain(kTestSubject),
201                       }];
203   net::SSLInfo info;
204   GetSSLInfoFromWKWebViewSSLError(unknownCertError, &info);
205   EXPECT_TRUE(info.is_valid());
206   EXPECT_EQ(net::CERT_STATUS_INVALID, info.cert_status);
207   EXPECT_TRUE(info.cert->subject().GetDisplayName() == kTestSubject);
210 }  // namespace web