ios/web/net/crw_cert_verification_controller_unittest.mm

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "ios/web/net/crw_cert_verification_controller.h"
   6
   7 #include "base/mac/bind_objc_block.h"
   8 #include "base/message_loop/message_loop.h"
   9 #include "base/test/ios/wait_util.h"
  10 #include "ios/web/public/web_thread.h"
  11 #include "ios/web/test/web_test.h"
  12 #include "net/base/test_data_directory.h"
  13 #include "net/cert/mock_cert_verifier.h"
  14 #include "net/cert/x509_certificate.h"
  15 #include "net/test/cert_test_util.h"
  16 #include "net/url_request/url_request_context.h"
  17 #include "net/url_request/url_request_context_getter.h"
  18
  19 namespace web {
  20
  21 namespace {
  22 // Generated cert filename.
  23 const char kCertFileName[] = "ok_cert.pem";
  24 // Test hostname for cert verification.
  25 NSString* const kHostName = @"www.example.com";
  26 }  // namespace
  27
  28 // Test fixture to test CRWCertVerificationController class.
  29 class CRWCertVerificationControllerTest : public web::WebTest {
  30  protected:
  31   void SetUp() override {
  32     web::WebTest::SetUp();
  33
  34     web::BrowserState* browser_state = GetBrowserState();
  35     net::URLRequestContextGetter* getter = browser_state->GetRequestContext();
  36     web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{
  37       getter->GetURLRequestContext()->set_cert_verifier(&cert_verifier_);
  38     }));
  39
  40     controller_.reset([[CRWCertVerificationController alloc]
  41         initWithBrowserState:browser_state]);
  42     cert_ =
  43         net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
  44   }
  45
  46   void TearDown() override {
  47     [controller_ shutDown];
  48     web::WebTest::TearDown();
  49   }
  50
  51   // Synchronously returns result of decidePolicyForCert:host:completionHandler:
  52   // call.
  53   void DecidePolicy(const scoped_refptr<net::X509Certificate>& cert,
  54                     NSString* host,
  55                     web::CertAcceptPolicy* policy,
  56                     net::CertStatus* status) {
  57     __block bool completion_handler_called = false;
  58     [controller_ decidePolicyForCert:cert
  59                                 host:host
  60                    completionHandler:^(web::CertAcceptPolicy callback_policy,
  61                                        net::CertStatus callback_status) {
  62                      *policy = callback_policy;
  63                      *status = callback_status;
  64                      completion_handler_called = true;
  65                    }];
  66     base::test::ios::WaitUntilCondition(^{
  67       return completion_handler_called;
  68     }, base::MessageLoop::current(), base::TimeDelta());
  69   }
  70
  71   scoped_refptr<net::X509Certificate> cert_;
  72   net::MockCertVerifier cert_verifier_;
  73   base::scoped_nsobject<CRWCertVerificationController> controller_;
  74 };
  75
  76 // Tests cert policy with a valid cert.
  77 TEST_F(CRWCertVerificationControllerTest, ValidCert) {
  78   net::CertVerifyResult verify_result;
  79   verify_result.cert_status = net::CERT_STATUS_NO_REVOCATION_MECHANISM;
  80   verify_result.verified_cert = cert_;
  81   cert_verifier_.AddResultForCertAndHost(cert_.get(), [kHostName UTF8String],
  82                                          verify_result, net::OK);
  83   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
  84   net::CertStatus status;
  85   DecidePolicy(cert_, kHostName, &policy, &status);
  86   EXPECT_EQ(CERT_ACCEPT_POLICY_ALLOW, policy);
  87   EXPECT_EQ(verify_result.cert_status, status);
  88 }
  89
  90 // Tests cert policy with an invalid cert.
  91 TEST_F(CRWCertVerificationControllerTest, InvalidCert) {
  92   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
  93   net::CertStatus status;
  94   DecidePolicy(cert_, kHostName, &policy, &status);
  95   EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR, policy);
  96 }
  97
  98 // Tests cert policy with null cert.
  99 TEST_F(CRWCertVerificationControllerTest, NullCert) {
 100   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
 101   net::CertStatus status;
 102   DecidePolicy(nullptr, kHostName, &policy, &status);
 103   EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
 104 }
 105
 106 // Tests cert policy with null cert and null host.
 107 TEST_F(CRWCertVerificationControllerTest, NullHost) {
 108   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
 109   net::CertStatus status;
 110   DecidePolicy(cert_, nil, &policy, &status);
 111   EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
 112 }
 113
 114 }  // namespace web