[webview_flutter_wkwebview] Fixes loadFlutterAsset exception and updates native wrapper for SecTrust and SecCertificate (#9016)

Adds support to the native wrapper to handle `SecTrust` and `SecCertificate`. 

This is a part of landing #7893 by splitting of the native wrapper implementation. 

Also fixes flutter/flutter#162938 and adds an integration test for `loadFlutterAsset`.

## Pre-Review Checklist

[^1]: Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling.

Author: bparrishMines

packages/webview_flutter/webview_flutter_wkwebview/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 3.18.6
+
+* Fixes `PlatformException` when calling `loadFlutterAsset` on macOS.
+* Updates native wrapper with methods handling `SecTust` and `SecCertificate`. 
+
 ## 3.18.5
 
 * Fixes crash when sending undefined message via JavaScript channel.

packages/webview_flutter/webview_flutter_wkwebview/darwin/Tests/GetTrustResultResponseProxyAPITests.swift

@@ -0,0 +1,29 @@
+// Copyright 2013 The Flutter Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+import XCTest
+
+@testable import webview_flutter_wkwebview
+
+class GetTrustResultResponseProxyAPITests: XCTestCase {
+  func testResult() {
+    let registrar = TestProxyApiRegistrar()
+    let api = registrar.apiDelegate.pigeonApiGetTrustResultResponse(registrar)
+
+    let instance = GetTrustResultResponse(result: SecTrustResultType.invalid, resultCode: -1)
+    let value = try? api.pigeonDelegate.result(pigeonApi: api, pigeonInstance: instance)
+
+    XCTAssertEqual(value, DartSecTrustResultType.invalid)
+  }
+
+  func testResultCode() {
+    let registrar = TestProxyApiRegistrar()
+    let api = registrar.apiDelegate.pigeonApiGetTrustResultResponse(registrar)
+
+    let instance = GetTrustResultResponse(result: SecTrustResultType.invalid, resultCode: -1)
+    let value = try? api.pigeonDelegate.resultCode(pigeonApi: api, pigeonInstance: instance)
+
+    XCTAssertEqual(value, -1)
+  }
+}

packages/webview_flutter/webview_flutter_wkwebview/darwin/Tests/SecCertificateProxyAPITests.swift

@@ -0,0 +1,43 @@
+// Copyright 2013 The Flutter Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+import XCTest
+
+@testable import webview_flutter_wkwebview
+
+#if os(iOS)
+  import Flutter
+#elseif os(macOS)
+  import FlutterMacOS
+#else
+  #error("Unsupported platform.")
+#endif
+
+class SecCertificateProxyAPITests: XCTestCase {
+  func createDummyCertificate() -> SecCertificate {
+    let url = FlutterAssetManager().urlForAsset("assets/test_cert.der")!
+    let certificateData = NSData(contentsOf: url)
+
+    return SecCertificateCreateWithData(nil, certificateData!)!
+  }
+
+  func testCopyData() {
+    let registrar = TestProxyApiRegistrar()
+    let delegate = TestSecCertificateProxyAPIDelegate()
+    let api = PigeonApiSecCertificate(pigeonRegistrar: registrar, delegate: delegate)
+
+    let value = try? api.pigeonDelegate.copyData(
+      pigeonApi: api, certificate: SecCertificateWrapper(value: createDummyCertificate()))
+
+    XCTAssertEqual(value?.data, delegate.data)
+  }
+}
+
+class TestSecCertificateProxyAPIDelegate: SecCertificateProxyAPIDelegate {
+  let data = Data()
+
+  override func secCertificateCopyData(_ certificate: SecCertificate) -> CFData {
+    return data as CFData
+  }
+}

packages/webview_flutter/webview_flutter_wkwebview/darwin/Tests/SecTrustProxyAPITests.swift

@@ -0,0 +1,133 @@
+// Copyright 2013 The Flutter Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+import XCTest
+
+@testable import webview_flutter_wkwebview
+
+#if os(iOS)
+  import Flutter
+#elseif os(macOS)
+  import FlutterMacOS
+#else
+  #error("Unsupported platform.")
+#endif
+
+class SecTrustProxyAPITests: XCTestCase {
+  func createTrust(delegate: TestSecTrustProxyAPIDelegate) -> SecTrustWrapper {
+    var trust: SecTrust?
+    SecTrustCreateWithCertificates(
+      [delegate.createDummyCertificate()] as AnyObject, SecPolicyCreateBasicX509(), &trust)
+
+    return SecTrustWrapper(value: trust!)
+  }
+
+  func testEvaluateWithError() {
+    let registrar = TestProxyApiRegistrar()
+    let delegate = TestSecTrustProxyAPIDelegate()
+    let api = PigeonApiSecTrust(pigeonRegistrar: registrar, delegate: delegate)
+
+    let expect = expectation(description: "Wait for setCookie.")
+    let trust = createTrust(delegate: delegate)
+    var resultValue: Bool?
+
+    api.pigeonDelegate.evaluateWithError(pigeonApi: api, trust: trust) { result in
+      switch result {
+      case .success(let value):
+        resultValue = value
+      case .failure(_):
+        break
+      }
+      expect.fulfill()
+    }
+
+    wait(for: [expect], timeout: 5.0)
+    XCTAssertEqual(resultValue, true)
+  }
+
+  func testCopyExceptions() {
+    let registrar = TestProxyApiRegistrar()
+    let delegate = TestSecTrustProxyAPIDelegate()
+    let api = PigeonApiSecTrust(pigeonRegistrar: registrar, delegate: delegate)
+
+    let trust = createTrust(delegate: delegate)
+    let value = try? api.pigeonDelegate.copyExceptions(pigeonApi: api, trust: trust)
+
+    XCTAssertEqual(value?.data, Data())
+  }
+
+  func testSetExceptions() {
+    let registrar = TestProxyApiRegistrar()
+    let delegate = TestSecTrustProxyAPIDelegate()
+    let api = PigeonApiSecTrust(pigeonRegistrar: registrar, delegate: delegate)
+
+    let trust = createTrust(delegate: delegate)
+    let value = try? api.pigeonDelegate.setExceptions(
+      pigeonApi: api, trust: trust, exceptions: FlutterStandardTypedData(bytes: Data()))
+
+    XCTAssertEqual(value, false)
+  }
+
+  func testGetTrustResult() {
+    let registrar = TestProxyApiRegistrar()
+    let delegate = TestSecTrustProxyAPIDelegate()
+    let api = PigeonApiSecTrust(pigeonRegistrar: registrar, delegate: delegate)
+
+    let trust = createTrust(delegate: delegate)
+    let value = try? api.pigeonDelegate.getTrustResult(pigeonApi: api, trust: trust)
+
+    XCTAssertEqual(value?.result, SecTrustResultType.invalid)
+    XCTAssertEqual(value?.resultCode, -1)
+  }
+
+  func testCopyCertificateChain() {
+    let registrar = TestProxyApiRegistrar()
+    let delegate = TestSecTrustProxyAPIDelegate()
+    let api = PigeonApiSecTrust(pigeonRegistrar: registrar, delegate: delegate)
+
+    let trust = createTrust(delegate: delegate)
+    let value = try? api.pigeonDelegate.copyCertificateChain(pigeonApi: api, trust: trust)
+
+    XCTAssertEqual(value?.count, 1)
+    XCTAssertNotNil(value?.first?.value)
+  }
+}
+
+class TestSecTrustProxyAPIDelegate: SecTrustProxyAPIDelegate {
+  func createDummyCertificate() -> SecCertificate {
+    let url = FlutterAssetManager().urlForAsset("assets/test_cert.der")!
+    let certificateData = NSData(contentsOf: url)
+
+    return SecCertificateCreateWithData(nil, certificateData!)!
+  }
+
+  override func secTrustEvaluateWithError(
+    _ trust: SecTrust, _ error: UnsafeMutablePointer<CFError?>?
+  ) -> Bool {
+    return true
+  }
+
+  override func secTrustCopyExceptions(_ trust: SecTrust) -> CFData? {
+    return Data() as CFData
+  }
+
+  override func secTrustSetExceptions(_ trust: SecTrust, _ exceptions: CFData?) -> Bool {
+    return false
+  }
+
+  override func secTrustGetTrustResult(
+    _ trust: SecTrust, _ result: UnsafeMutablePointer<SecTrustResultType>
+  ) -> OSStatus {
+    result.pointee = SecTrustResultType.invalid
+    return -1
+  }
+
+  override func secTrustCopyCertificateChain(_ trust: SecTrust) -> CFArray? {
+    if #available(iOS 15.0, *) {
+      return [createDummyCertificate()] as CFArray
+    }
+
+    return nil
+  }
+}

packages/webview_flutter/webview_flutter_wkwebview/darwin/Tests/TestProxyApiRegistrar.swift

@@ -8,7 +8,9 @@ import XCTest
 
 class TestProxyApiRegistrar: ProxyAPIRegistrar {
   init() {
-    super.init(binaryMessenger: TestBinaryMessenger(), bundle: TestBundle())
+    super.init(
+      binaryMessenger: TestBinaryMessenger(),
+      assetManager: FlutterAssetManager(bundle: TestBundle()))
   }
 
   override func dispatchOnMainThread(

packages/webview_flutter/webview_flutter_wkwebview/darwin/Tests/URLProtectionSpaceProxyAPITests.swift

@@ -56,4 +56,34 @@ class ProtectionSpaceProxyAPITests: XCTestCase {
     XCTAssertEqual(value, instance.authenticationMethod)
   }
 
+  func testGetServerTrust() {
+    let registrar = TestProxyApiRegistrar()
+    let api = registrar.apiDelegate.pigeonApiURLProtectionSpace(registrar)
+
+    let instance = TestProtectionSpace(
+      host: "host", port: 23, protocol: "protocol", realm: "realm", authenticationMethod: "myMethod"
+    )
+    let value = try? api.pigeonDelegate.getServerTrust(pigeonApi: api, pigeonInstance: instance)
+
+    XCTAssertEqual(value!.value, instance.serverTrust)
+  }
+}
+
+class TestProtectionSpace: URLProtectionSpace, @unchecked Sendable {
+  var serverTrustVal: SecTrust?
+
+  override var serverTrust: SecTrust? {
+    if serverTrustVal == nil {
+      let url = FlutterAssetManager().urlForAsset("assets/test_cert.der")!
+
+      let certificateData = NSData(contentsOf: url)
+      let dummyCertificate: SecCertificate! = SecCertificateCreateWithData(nil, certificateData!)
+
+      var trust: SecTrust?
+      SecTrustCreateWithCertificates(
+        [dummyCertificate] as AnyObject, SecPolicyCreateBasicX509(), &trust)
+      serverTrustVal = trust!
+    }
+    return serverTrustVal
+  }
 }

packages/webview_flutter/webview_flutter_wkwebview/darwin/webview_flutter_wkwebview/Sources/webview_flutter_wkwebview/FlutterAssetManager.swift

@@ -11,7 +11,35 @@
 #endif
 
 open class FlutterAssetManager {
-  func lookupKeyForAsset(_ asset: String) -> String {
+  let bundle: Bundle
+
+  init(bundle: Bundle = Bundle.main) {
+    self.bundle = bundle
+  }
+
+  func lookupKeyForAsset(_ asset: String) -> String? {
     return FlutterDartProject.lookupKey(forAsset: asset)
   }
+
+  func urlForAsset(_ asset: String) -> URL? {
+    let assetFilePath: String? = lookupKeyForAsset(asset)
+
+    guard let assetFilePath = assetFilePath else {
+      return nil
+    }
+
+    var url: URL? = bundle.url(
+      forResource: (assetFilePath as NSString).deletingPathExtension,
+      withExtension: (assetFilePath as NSString).pathExtension)
+
+    #if os(macOS)
+      // See https://github.com/flutter/flutter/issues/135302
+      // TODO(stuartmorgan): Remove this if the asset APIs are adjusted to work better for macOS.
+      if url == nil {
+        url = URL(string: assetFilePath, relativeTo: bundle.bundleURL)
+      }
+    #endif
+
+    return url
+  }
 }

packages/webview_flutter/webview_flutter_wkwebview/darwin/webview_flutter_wkwebview/Sources/webview_flutter_wkwebview/GetTrustResultResponse.swift

@@ -0,0 +1,20 @@
+// Copyright 2013 The Flutter Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+import Darwin
+import Security
+
+/// Data class used to respond to `SecTrustGetTrustResult`.
+///
+/// The native method needs to return two values, so this custom class is
+/// created to support this.
+class GetTrustResultResponse {
+  let result: SecTrustResultType
+  let resultCode: OSStatus
+
+  init(result: SecTrustResultType, resultCode: OSStatus) {
+    self.result = result
+    self.resultCode = resultCode
+  }
+}

packages/webview_flutter/webview_flutter_wkwebview/darwin/webview_flutter_wkwebview/Sources/webview_flutter_wkwebview/GetTrustResultResponseProxyAPIDelegate.swift

@@ -0,0 +1,42 @@
+// Copyright 2013 The Flutter Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+import Foundation
+
+/// ProxyApi implementation for `GetTrustResultResponse`.
+///
+/// This class may handle instantiating native object instances that are attached to a Dart instance
+/// or handle method calls on the associated native class or an instance of that class.
+class GetTrustResultResponseProxyAPIDelegate: PigeonApiDelegateGetTrustResultResponse {
+  func result(pigeonApi: PigeonApiGetTrustResultResponse, pigeonInstance: GetTrustResultResponse)
+    throws -> DartSecTrustResultType
+  {
+    switch pigeonInstance.result {
+    case .unspecified:
+      return .unspecified
+    case .proceed:
+      return .proceed
+    case .deny:
+      return .deny
+    case .recoverableTrustFailure:
+      return .recoverableTrustFailure
+    case .fatalTrustFailure:
+      return .fatalTrustFailure
+    case .otherError:
+      return .otherError
+    case .invalid:
+      return .invalid
+    case .confirm:
+      return .confirm
+    @unknown default:
+      return .unknown
+    }
+  }
+
+  func resultCode(
+    pigeonApi: PigeonApiGetTrustResultResponse, pigeonInstance: GetTrustResultResponse
+  ) throws -> Int64 {
+    return Int64(pigeonInstance.resultCode)
+  }
+}