|
|
@@ -205,6 +205,44 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ // MARK: Server Trust Policy - Perform Revoked Tests
|
|
|
+
|
|
|
+ func testThatRevokedCertificateRequestFailsWithRevokedServerTrustPolicy() {
|
|
|
+ // Given
|
|
|
+ let policy = ServerTrustPolicy.performRevokedEvaluation(
|
|
|
+ validateHost: true,
|
|
|
+ revocationFlags: kSecRevocationUseAnyAvailableMethod
|
|
|
+ )
|
|
|
+
|
|
|
+ let policies = [revokedHost: policy]
|
|
|
+
|
|
|
+ let manager = SessionManager(
|
|
|
+ configuration: configuration,
|
|
|
+ serverTrustPolicyManager: ServerTrustPolicyManager(policies: policies)
|
|
|
+ )
|
|
|
+
|
|
|
+ let expectation = self.expectation(description: "\(revokedURLString)")
|
|
|
+ var error: Error?
|
|
|
+
|
|
|
+ // When
|
|
|
+ manager.request(revokedURLString)
|
|
|
+ .response { resp in
|
|
|
+ error = resp.error
|
|
|
+ expectation.fulfill()
|
|
|
+ }
|
|
|
+
|
|
|
+ waitForExpectations(timeout: timeout, handler: nil)
|
|
|
+
|
|
|
+ // Then
|
|
|
+ XCTAssertNotNil(error, "error should not be nil")
|
|
|
+
|
|
|
+ if let error = error as? URLError {
|
|
|
+ XCTAssertEqual(error.code, .cancelled, "code should be cancelled")
|
|
|
+ } else {
|
|
|
+ XCTFail("error should be an URLError")
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
// MARK: Server Trust Policy - Certificate Pinning Tests
|
|
|
|
|
|
func testThatExpiredCertificateRequestFailsWhenPinningLeafCertificateWithCertificateChainValidation() {
|
WataruSuzuki