Move certificate files into //ios/web/security.

This CL moves all certificate related files from //ios/web/net into
//ios/web/security. This is a prerequisite work for navigation refactor.

Bug: 956511,942244
Change-Id: Iddf802f75b8ca7038e00a062fcb26773d7948a2f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1624572Reviewed-by: Eugene But <eugenebut@chromium.org>
Commit-Queue: Yi Su <mrsuyi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#662542}

ios/web/BUILD.gn

@@ -336,13 +336,9 @@ source_set("ios_web_net_unittests") {
   ]
 
   sources = [
-    "net/cert_host_pair_unittest.cc",
-    "net/cert_policy_unittest.cc",
     "net/cookies/crw_wk_http_cookie_store_unittest.mm",
     "net/cookies/wk_cookie_util_unittest.mm",
     "net/cookies/wk_http_system_cookie_store_unittest.mm",
-    "net/crw_cert_verification_controller_unittest.mm",
-    "net/crw_ssl_status_updater_unittest.mm",
   ]
 }
 

ios/web/net/BUILD.gn

@@ -9,26 +9,12 @@ source_set("net") {
     "//base",
     "//ios/net",
     "//ios/web:core",
-    "//ios/web/common",
-    "//ios/web/navigation:core",
-    "//ios/web/navigation:navigation_manager_util",
-    "//ios/web/navigation:wk_navigation_util",
     "//ios/web/public",
-    "//ios/web/security",
-    "//net",
   ]
 
   sources = [
-    "cert_host_pair.cc",
-    "cert_host_pair.h",
-    "cert_policy.cc",
-    "certificate_policy_cache.cc",
     "cookie_notification_bridge.h",
     "cookie_notification_bridge.mm",
-    "crw_cert_verification_controller.h",
-    "crw_cert_verification_controller.mm",
-    "crw_ssl_status_updater.h",
-    "crw_ssl_status_updater.mm",
   ]
 
   configs += [ "//build/config/compiler:enable_arc" ]

ios/web/security/BUILD.gn

@@ -10,6 +10,7 @@ source_set("security") {
     "//base",
     "//ios/web/common",
     "//ios/web/navigation:core",
+    "//ios/web/navigation:navigation_manager_util",
     "//ios/web/public",
     "//ios/web/web_state:web_state_impl_header",
     "//ios/web/web_state/ui:web_view_js_utils",
@@ -18,6 +19,14 @@ source_set("security") {
   ]
 
   sources = [
+    "cert_host_pair.cc",
+    "cert_host_pair.h",
+    "cert_policy.cc",
+    "certificate_policy_cache.cc",
+    "crw_cert_verification_controller.h",
+    "crw_cert_verification_controller.mm",
+    "crw_ssl_status_updater.h",
+    "crw_ssl_status_updater.mm",
     "ssl_status.cc",
     "web_interstitial_impl.h",
     "web_interstitial_impl.mm",
@@ -36,18 +45,23 @@ source_set("unittests") {
     "//crypto",
     "//ios/testing:ocmock_support",
     "//ios/web",
-    "//ios/web/navigation:core",
+    "//ios/web/navigation",
     "//ios/web/public",
     "//ios/web/public/test",
     "//ios/web/public/test/fakes",
     "//ios/web/test/fakes",
     "//ios/web/web_state:web_state_impl_header",
     "//net",
+    "//net:test_support",
     "//testing/gmock",
     "//testing/gtest",
   ]
 
   sources = [
+    "cert_host_pair_unittest.cc",
+    "cert_policy_unittest.cc",
+    "crw_cert_verification_controller_unittest.mm",
+    "crw_ssl_status_updater_unittest.mm",
     "ssl_status_unittest.cc",
     "web_interstitial_unittest.mm",
     "wk_web_view_security_util_unittest.mm",

ios/web/net/cert_host_pair.cc → ios/web/security/cert_host_pair.cc

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "ios/web/net/cert_host_pair.h"
+#include "ios/web/security/cert_host_pair.h"
 
 #include <utility>
 
@@ -24,4 +24,4 @@ bool CertHostPair::operator<(const CertHostPair& other) const {
   return std::tie(host_, cert_hash_) < std::tie(other.host_, other.cert_hash_);
 }
 
-}  // web
+}  // namespace web

ios/web/net/cert_host_pair.h → ios/web/security/cert_host_pair.h

@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef IOS_WEB_NET_CERT_HOST_PAIR_H_
-#define IOS_WEB_NET_CERT_HOST_PAIR_H_
+#ifndef IOS_WEB_SECURITY_CERT_HOST_PAIR_H_
+#define IOS_WEB_SECURITY_CERT_HOST_PAIR_H_
 
 #include <string>
 
@@ -37,4 +37,4 @@ class CertHostPair {
 
 }  // namespace web
 
-#endif  // IOS_WEB_NET_CERT_HOST_PAIR_H_
+#endif  // IOS_WEB_SECURITY_CERT_HOST_PAIR_H_

ios/web/net/cert_host_pair_unittest.cc → ios/web/security/cert_host_pair_unittest.cc

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "ios/web/net/cert_host_pair.h"
+#include "ios/web/security/cert_host_pair.h"
 
 #include "net/test/cert_test_util.h"
 #include "net/test/test_data_directory.h"

ios/web/net/cert_policy.cc → ios/web/security/cert_policy.cc

@@ -9,11 +9,9 @@
 
 namespace web {
 
-CertPolicy::CertPolicy() {
-}
+CertPolicy::CertPolicy() {}
 
-CertPolicy::~CertPolicy() {
-}
+CertPolicy::~CertPolicy() {}
 
 // We consider a given |cert| to be a match to a saved allowed cert if the
 // |error| is an exact match to or subset of the errors in the saved CertStatus.

ios/web/net/cert_policy_unittest.cc → ios/web/security/cert_policy_unittest.cc

@@ -61,9 +61,8 @@ TEST_F(CertPolicyTest, Policy) {
       policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
 
   // Test adding one certificate with two errors.
-  policy.Allow(
-      google_cert.get(),
-      net::CERT_STATUS_DATE_INVALID | net::CERT_STATUS_AUTHORITY_INVALID);
+  policy.Allow(google_cert.get(), net::CERT_STATUS_DATE_INVALID |
+                                      net::CERT_STATUS_AUTHORITY_INVALID);
   EXPECT_EQ(CertPolicy::ALLOWED,
             policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
   EXPECT_EQ(

ios/web/net/certificate_policy_cache.cc → ios/web/security/certificate_policy_cache.cc

@@ -9,11 +9,9 @@
 
 namespace web {
 
-CertificatePolicyCache::CertificatePolicyCache() {
-}
+CertificatePolicyCache::CertificatePolicyCache() {}
 
-CertificatePolicyCache::~CertificatePolicyCache() {
-}
+CertificatePolicyCache::~CertificatePolicyCache() {}
 
 void CertificatePolicyCache::AllowCertForHost(net::X509Certificate* cert,
                                               const std::string& host,

ios/web/net/crw_cert_verification_controller.h → ios/web/security/crw_cert_verification_controller.h

@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_
-#define IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_
+#ifndef IOS_WEB_SECURITY_CRW_CERT_VERIFICATION_CONTROLLER_H_
+#define IOS_WEB_SECURITY_CRW_CERT_VERIFICATION_CONTROLLER_H_
 
 #import <Foundation/Foundation.h>
 
@@ -91,4 +91,4 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
 
 @end
 
-#endif  // IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_
+#endif  // IOS_WEB_SECURITY_CRW_CERT_VERIFICATION_CONTROLLER_H_

ios/web/net/crw_cert_verification_controller.mm → ios/web/security/crw_cert_verification_controller.mm

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#import "ios/web/net/crw_cert_verification_controller.h"
+#import "ios/web/security/crw_cert_verification_controller.h"
 
 #include <memory>
 
@@ -42,11 +42,12 @@ using web::WebThread;
 // Decides the policy for the given |trust| which was rejected by iOS and the
 // given |host| and calls |handler| on completion. Must be called on UI thread.
 // |handler| can not be null and will be called on UI thread.
-- (void)
-decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
-                           serverTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust
-                                  host:(NSString*)host
-                     completionHandler:(web::PolicyDecisionHandler)handler;
+- (void)decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
+                                   serverTrust:
+                                       (base::ScopedCFTypeRef<SecTrustRef>)trust
+                                          host:(NSString*)host
+                             completionHandler:
+                                 (web::PolicyDecisionHandler)handler;
 
 // Verifies the given |trust| using SecTrustRef API. |completionHandler| cannot
 // be null and will be called on UI thread or never be called if the worker task
@@ -57,10 +58,10 @@ decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
 // Returns cert accept policy for the given SecTrust result. |trustResult| must
 // not be for a valid cert. Must be called on IO thread.
 - (web::CertAcceptPolicy)
-loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
-                      certStatus:(net::CertStatus)certStatus
-                     serverTrust:(SecTrustRef)trust
-                            host:(NSString*)host;
+    loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
+                          certStatus:(net::CertStatus)certStatus
+                         serverTrust:(SecTrustRef)trust
+                                host:(NSString*)host;
 
 @end
 
@@ -111,8 +112,8 @@ loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
         web::SecurityStyle securityStyle =
             web::GetSecurityStyleFromTrustResult(trustResult);
 
-        net::CertStatus certStatus =
-            [self certStatusFromTrustResult:trustResult serverTrust:trust];
+        net::CertStatus certStatus = [self certStatusFromTrustResult:trustResult
+                                                         serverTrust:trust];
         completionHandler(securityStyle, certStatus);
       }];
 }
@@ -162,35 +163,38 @@ loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
   return certStatus;
 }
 
-- (void)
-decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
-                           serverTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust
-                                  host:(NSString*)host
-                     completionHandler:(web::PolicyDecisionHandler)handler {
+- (void)decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
+                                   serverTrust:
+                                       (base::ScopedCFTypeRef<SecTrustRef>)trust
+                                          host:(NSString*)host
+                             completionHandler:
+                                 (web::PolicyDecisionHandler)handler {
   DCHECK_CURRENTLY_ON(WebThread::UI);
   DCHECK(handler);
   TaskTraits traits{WebThread::IO, TaskShutdownBehavior::BLOCK_SHUTDOWN};
-  base::PostTaskWithTraits(
-      FROM_HERE, traits, base::BindOnce(^{
-        // |loadPolicyForRejectedTrustResult:certStatus:serverTrust:host:| can
-        // only be called on IO thread.
-        net::CertStatus certStatus =
-            [self certStatusFromTrustResult:trustResult serverTrust:trust];
-
-        web::CertAcceptPolicy policy =
-            [self loadPolicyForRejectedTrustResult:trustResult
-                                        certStatus:certStatus
-                                       serverTrust:trust.get()
-                                              host:host];
-
-        // TODO(crbug.com/872372): This should use PostTaskWithTraits to post to
-        // WebThread::UI with BLOCK_SHUTDOWN once shutdown behaviors are
-        // supported on the UI thread. BLOCK_SHUTDOWN is necessary because
-        // WKWebView throws an exception if the completion handler doesn't run.
-        dispatch_async(dispatch_get_main_queue(), ^{
-          handler(policy, certStatus);
-        });
-      }));
+  base::PostTaskWithTraits(FROM_HERE, traits, base::BindOnce(^{
+                             // |loadPolicyForRejectedTrustResult:certStatus:serverTrust:host:|
+                             // can only be called on IO thread.
+                             net::CertStatus certStatus =
+                                 [self certStatusFromTrustResult:trustResult
+                                                     serverTrust:trust];
+
+                             web::CertAcceptPolicy policy = [self
+                                 loadPolicyForRejectedTrustResult:trustResult
+                                                       certStatus:certStatus
+                                                      serverTrust:trust.get()
+                                                             host:host];
+
+                             // TODO(crbug.com/872372): This should use
+                             // PostTaskWithTraits to post to WebThread::UI with
+                             // BLOCK_SHUTDOWN once shutdown behaviors are
+                             // supported on the UI thread. BLOCK_SHUTDOWN is
+                             // necessary because WKWebView throws an exception
+                             // if the completion handler doesn't run.
+                             dispatch_async(dispatch_get_main_queue(), ^{
+                               handler(policy, certStatus);
+                             });
+                           }));
 }
 
 - (void)verifyTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust
@@ -216,10 +220,10 @@ decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
 }
 
 - (web::CertAcceptPolicy)
-loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
-                      certStatus:(net::CertStatus)certStatus
-                     serverTrust:(SecTrustRef)trust
-                            host:(NSString*)host {
+    loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult
+                          certStatus:(net::CertStatus)certStatus
+                         serverTrust:(SecTrustRef)trust
+                                host:(NSString*)host {
   DCHECK_CURRENTLY_ON(WebThread::IO);
   DCHECK_NE(web::SECURITY_STYLE_AUTHENTICATED,
             web::GetSecurityStyleFromTrustResult(trustResult));

ios/web/net/crw_cert_verification_controller_unittest.mm → ios/web/security/crw_cert_verification_controller_unittest.mm

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#import "ios/web/net/crw_cert_verification_controller.h"
+#import "ios/web/security/crw_cert_verification_controller.h"
 
 #include "base/mac/foundation_util.h"
 #import "base/test/ios/wait_util.h"

ios/web/net/crw_ssl_status_updater.h → ios/web/security/crw_ssl_status_updater.h

@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef IOS_WEB_NET_CRW_SSL_STATUS_UPDATER_H_
-#define IOS_WEB_NET_CRW_SSL_STATUS_UPDATER_H_
+#ifndef IOS_WEB_SECURITY_CRW_SSL_STATUS_UPDATER_H_
+#define IOS_WEB_SECURITY_CRW_SSL_STATUS_UPDATER_H_
 
 #import <Foundation/Foundation.h>
 #import <Security/Security.h>
@@ -66,7 +66,7 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
 @end
 
 // Delegate for CRWSSLStatusUpdater.
-@protocol CRWSSLStatusUpdaterDelegate<NSObject>
+@protocol CRWSSLStatusUpdaterDelegate <NSObject>
 
 @optional
 
@@ -78,4 +78,4 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
 
 @end
 
-#endif  // IOS_WEB_NET_CRW_SSL_STATUS_UPDATER_H_
+#endif  // IOS_WEB_SECURITY_CRW_SSL_STATUS_UPDATER_H_

ios/web/net/crw_ssl_status_updater.mm → ios/web/security/crw_ssl_status_updater.mm

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#import "ios/web/net/crw_ssl_status_updater.h"
+#import "ios/web/security/crw_ssl_status_updater.h"
 
 #import "base/strings/sys_string_conversions.h"
 #import "ios/web/navigation/navigation_item_impl.h"
@@ -170,8 +170,8 @@ using web::SecurityStyle;
 }
 
 - (void)didChangeSSLStatusForNavigationItem:(web::NavigationItem*)navItem {
-  if ([_delegate respondsToSelector:
-          @selector(SSLStatusUpdater:didChangeSSLStatusForNavigationItem:)]) {
+  if ([_delegate respondsToSelector:@selector
+                 (SSLStatusUpdater:didChangeSSLStatusForNavigationItem:)]) {
     [_delegate SSLStatusUpdater:self
         didChangeSSLStatusForNavigationItem:navItem];
   }

ios/web/net/crw_ssl_status_updater_unittest.mm → ios/web/security/crw_ssl_status_updater_unittest.mm

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#import "ios/web/net/crw_ssl_status_updater.h"
+#import "ios/web/security/crw_ssl_status_updater.h"
 
 #include "base/mac/foundation_util.h"
 #include "base/mac/scoped_block.h"
@@ -28,7 +28,7 @@
 
 // Mocks CRWSSLStatusUpdaterTestDataSource.
 @interface CRWSSLStatusUpdaterTestDataSource
-    : NSObject<CRWSSLStatusUpdaterDataSource> {
+    : NSObject <CRWSSLStatusUpdaterDataSource> {
   StatusQueryHandler _verificationCompletionHandler;
 }
 

ios/web/web_state/ui/crw_web_controller.mm

@@ -63,9 +63,6 @@
 #import "ios/web/navigation/wk_navigation_action_policy_util.h"
 #import "ios/web/navigation/wk_navigation_action_util.h"
 #import "ios/web/navigation/wk_navigation_util.h"
-#include "ios/web/net/cert_host_pair.h"
-#import "ios/web/net/crw_cert_verification_controller.h"
-#import "ios/web/net/crw_ssl_status_updater.h"
 #include "ios/web/public/browser_state.h"
 #import "ios/web/public/download/download_controller.h"
 #include "ios/web/public/favicon_url.h"
@@ -88,6 +85,9 @@
 #import "ios/web/public/web_state/web_state.h"
 #import "ios/web/public/web_state/web_state_policy_decider.h"
 #include "ios/web/public/webui/web_ui_ios.h"
+#include "ios/web/security/cert_host_pair.h"
+#import "ios/web/security/crw_cert_verification_controller.h"
+#import "ios/web/security/crw_ssl_status_updater.h"
 #import "ios/web/security/web_interstitial_impl.h"
 #import "ios/web/security/wk_web_view_security_util.h"
 #import "ios/web/web_state/error_translation_util.h"