search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Reland: WKWebView: Added cert verification API to web controller.
[chromium-blink-merge.git] / ios / web / net / cert_verifier_block_adapter_unittest.cc
blobf05acf68945f1b15ab00435c5b0a28ad1dec6555
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "ios/web/net/cert_verifier_block_adapter.h"
6
7 #include "base/message_loop/message_loop.h"
8 #include "base/test/ios/wait_util.h"
9 #include "ios/web/public/test/test_web_thread_bundle.h"
10 #include "net/base/net_errors.h"
11 #include "net/base/test_data_directory.h"
12 #include "net/cert/cert_verifier.h"
13 #include "net/cert/cert_verify_result.h"
14 #include "net/cert/crl_set.h"
15 #include "net/cert/mock_cert_verifier.h"
16 #include "net/cert/x509_certificate.h"
17 #include "net/log/net_log.h"
18 #include "net/test/cert_test_util.h"
19 #include "testing/platform_test.h"
20
21 namespace web {
22
23 namespace {
24 // Test cert filename.
25 const char kCertFileName[] = "ok_cert.pem";
26 // Test hostname for CertVerifier.
27 const char kHostName[] = "www.example.com";
28
29 } // namespace
30
31 // Test fixture to test CertVerifierBlockAdapter class.
32 class CertVerifierBlockAdapterTest : public PlatformTest {
33 protected:
34 void SetUp() override {
35 PlatformTest::SetUp();
36 cert_ =
37 net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
38 ASSERT_TRUE(cert_);
39 }
40
41 // Performs synchronous verification.
42 void Verify(CertVerifierBlockAdapter* cert_verifier_adapter,
43 CertVerifierBlockAdapter::Params params,
44 net::CertVerifyResult* result,
45 int* error) {
46 __block bool verification_completed = false;
47 cert_verifier_adapter->Verify(
48 params, ^(net::CertVerifyResult callback_result, int callback_error) {
49 *result = callback_result;
50 *error = callback_error;
51 verification_completed = true;
52 });
53 base::test::ios::WaitUntilCondition(^{
54 return verification_completed;
55 }, base::MessageLoop::current(), base::TimeDelta());
56 }
57
58 web::TestWebThreadBundle thread_bundle_;
59 scoped_refptr<net::X509Certificate> cert_;
60 net::NetLog net_log_;
61 };
62
63 // Tests |Verify| with default params and synchronous verification.
64 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) {
65 // Set up verifier mock.
66 net::MockCertVerifier verifier;
67 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
68 const int kExpectedError = net::ERR_CERT_AUTHORITY_INVALID;
69 net::CertVerifyResult expected_result;
70 expected_result.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
71 expected_result.verified_cert = cert_;
72 verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result,
73 kExpectedError);
74
75 // Call |Verify|.
76 net::CertVerifyResult actual_result;
77 int actual_error = -1;
78 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
79 Verify(&test_adapter, params, &actual_result, &actual_error);
80
81 // Ensure that Verification results are correct.
82 EXPECT_EQ(kExpectedError, actual_error);
83 EXPECT_EQ(expected_result.cert_status, actual_result.cert_status);
84 }
85
86 // Tests |Verify| with default params and asynchronous verification using real
87 // net::CertVerifier and ok_cert.pem cert.
88 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) {
89 // Call |Verify|.
90 scoped_ptr<net::CertVerifier> verifier(net::CertVerifier::CreateDefault());
91 CertVerifierBlockAdapter test_adapter(verifier.get(), &net_log_);
92 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
93 net::CertVerifyResult actual_result;
94 int actual_error = -1;
95 Verify(&test_adapter, params, &actual_result, &actual_error);
96
97 // Ensure that Verification results are correct.
98 EXPECT_FALSE(actual_result.is_issued_by_known_root);
99 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, actual_error);
100 }
101
102 // Tests |Verify| with invalid cert argument.
103 TEST_F(CertVerifierBlockAdapterTest, InvalidCert) {
104 // Call |Verify|.
105 net::MockCertVerifier verifier;
106 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
107 net::CertVerifyResult actual_result;
108 int actual_error = -1;
109 CertVerifierBlockAdapter::Params params(nullptr, kHostName);
110 Verify(&test_adapter, params, &actual_result, &actual_error);
111
112 // Ensure that Verification results are correct.
113 EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error);
114 }
115
116 // Tests |Verify| with invalid hostname argument.
117 TEST_F(CertVerifierBlockAdapterTest, InvalidHostname) {
118 // Call |Verify|.
119 net::MockCertVerifier verifier;
120 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
121 net::CertVerifyResult actual_result;
122 int actual_error = -1;
123 CertVerifierBlockAdapter::Params params(cert_.get(), std::string());
124 Verify(&test_adapter, params, &actual_result, &actual_error);
125
126 // Ensure that Verification results are correct.
127 EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error);
128 }
129
130 // Tests |Verify| with synchronous error.
131 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSyncError) {
132 // Set up expectation.
133 net::MockCertVerifier verifier;
134 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
135 const int kExpectedError = net::ERR_INSUFFICIENT_RESOURCES;
136 net::CertVerifyResult expected_result;
137 expected_result.verified_cert = cert_;
138 verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result,
139 kExpectedError);
140
141 // Call |Verify|.
142 net::CertVerifyResult actual_result;
143 int actual_error = -1;
144 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
145 Verify(&test_adapter, params, &actual_result, &actual_error);
146
147 // Ensure that Verification results are correct.
148 EXPECT_EQ(kExpectedError, actual_error);
149 }
150
151 } // namespace web