ios/web/net/cert_policy_unittest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "ios/web/public/cert_policy.h"
   6
   7 #include "base/memory/ref_counted.h"
   8 #include "net/cert/x509_certificate.h"
   9 #include "net/test/test_certificate_data.h"
  10 #include "testing/gtest/include/gtest/gtest.h"
  11
  12 namespace web {
  13
  14 TEST(CertPolicyTest, Policy) {
  15   scoped_refptr<net::X509Certificate> google_cert(
  16       net::X509Certificate::CreateFromBytes(
  17           reinterpret_cast<const char*>(google_der), sizeof(google_der)));
  18
  19   scoped_refptr<net::X509Certificate> webkit_cert(
  20       net::X509Certificate::CreateFromBytes(
  21           reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
  22
  23   CertPolicy policy;
  24
  25   // To begin with, everything should be unknown.
  26   EXPECT_EQ(CertPolicy::UNKNOWN,
  27             policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
  28   EXPECT_EQ(
  29       CertPolicy::UNKNOWN,
  30       policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
  31
  32   // Test adding one certificate with one error.
  33   policy.Allow(google_cert.get(), net::CERT_STATUS_DATE_INVALID);
  34   EXPECT_EQ(CertPolicy::ALLOWED,
  35             policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
  36   EXPECT_EQ(
  37       CertPolicy::UNKNOWN,
  38       policy.Check(google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
  39   EXPECT_EQ(CertPolicy::UNKNOWN,
  40             policy.Check(google_cert.get(),
  41                          net::CERT_STATUS_DATE_INVALID |
  42                              net::CERT_STATUS_COMMON_NAME_INVALID));
  43   EXPECT_EQ(
  44       CertPolicy::UNKNOWN,
  45       policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
  46
  47   // Test saving the same certificate with a new error.
  48   policy.Allow(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID);
  49   EXPECT_EQ(CertPolicy::UNKNOWN,
  50             policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
  51   EXPECT_EQ(
  52       CertPolicy::ALLOWED,
  53       policy.Check(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID));
  54   EXPECT_EQ(
  55       CertPolicy::UNKNOWN,
  56       policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
  57
  58   // Test adding one certificate with two errors.
  59   policy.Allow(
  60       google_cert.get(),
  61       net::CERT_STATUS_DATE_INVALID | net::CERT_STATUS_AUTHORITY_INVALID);
  62   EXPECT_EQ(CertPolicy::ALLOWED,
  63             policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
  64   EXPECT_EQ(
  65       CertPolicy::ALLOWED,
  66       policy.Check(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID));
  67   EXPECT_EQ(
  68       CertPolicy::UNKNOWN,
  69       policy.Check(google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
  70   EXPECT_EQ(
  71       CertPolicy::UNKNOWN,
  72       policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
  73 }
  74
  75 }  // namespace web