| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "ios/web/public/cert_policy.h" |
| |
| #include "base/memory/ref_counted.h" |
| #include "net/cert/x509_certificate.h" |
| #include "net/test/test_certificate_data.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace web { |
| |
| TEST(CertPolicyTest, Policy) { |
| scoped_refptr<net::X509Certificate> google_cert( |
| net::X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| |
| scoped_refptr<net::X509Certificate> webkit_cert( |
| net::X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); |
| |
| CertPolicy policy; |
| |
| // To begin with, everything should be unknown. |
| EXPECT_EQ(CertPolicy::UNKNOWN, |
| policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::UNKNOWN, |
| policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| |
| // Test adding one certificate with one error. |
| policy.Allow(google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| EXPECT_EQ(CertPolicy::ALLOWED, |
| policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::UNKNOWN, |
| policy.Check(google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| EXPECT_EQ(CertPolicy::UNKNOWN, |
| policy.Check(google_cert.get(), |
| net::CERT_STATUS_DATE_INVALID | |
| net::CERT_STATUS_COMMON_NAME_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::UNKNOWN, |
| policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| |
| // Test saving the same certificate with a new error. |
| policy.Allow(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID); |
| EXPECT_EQ(CertPolicy::UNKNOWN, |
| policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::ALLOWED, |
| policy.Check(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::UNKNOWN, |
| policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| |
| // Test adding one certificate with two errors. |
| policy.Allow( |
| google_cert.get(), |
| net::CERT_STATUS_DATE_INVALID | net::CERT_STATUS_AUTHORITY_INVALID); |
| EXPECT_EQ(CertPolicy::ALLOWED, |
| policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::ALLOWED, |
| policy.Check(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::UNKNOWN, |
| policy.Check(google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| EXPECT_EQ( |
| CertPolicy::UNKNOWN, |
| policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| } |
| |
| } // namespace web |