net/ocsp/nss_ocsp_unittest.cc - Issue 1070893002: Move net/ocsp/* into net/cert_net/

Side by Side Diff: net/ocsp/nss_ocsp_unittest.cc

Issue 1070893002: Move net/ocsp/* into net/cert_net/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_fetcher

Patch Set: undo header re-ordering -- seems to be breaking compile Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/ocsp/nss_ocsp.h"

6

7 #include <string>

8

9 #include "base/files/file_path.h"

10 #include "base/files/file_util.h"

11 #include "base/logging.h"

12 #include "base/memory/ref_counted.h"

13 #include "net/base/net_errors.h"

14 #include "net/base/test_completion_callback.h"

15 #include "net/base/test_data_directory.h"

16 #include "net/cert/cert_status_flags.h"

17 #include "net/cert/cert_verifier.h"

18 #include "net/cert/cert_verify_proc.h"

19 #include "net/cert/cert_verify_proc_nss.h"

20 #include "net/cert/cert_verify_result.h"

21 #include "net/cert/multi_threaded_cert_verifier.h"

22 #include "net/cert/test_root_certs.h"

23 #include "net/cert/x509_certificate.h"

24 #include "net/test/cert_test_util.h"

25 #include "net/url_request/url_request_filter.h"

26 #include "net/url_request/url_request_interceptor.h"

27 #include "net/url_request/url_request_test_job.h"

28 #include "net/url_request/url_request_test_util.h"

29 #include "testing/gtest/include/gtest/gtest.h"

30

31 namespace net {

32

33 namespace {

34

35 // Matches the caIssuers hostname from the generated certificate.

36 const char kAiaHost[] = "aia-test.invalid";

37 // Returning a single DER-encoded cert, so the mime-type must be

38 // application/pkix-cert per RFC 5280.

39 const char kAiaHeaders[] = "HTTP/1.1 200 OK\0"

40 "Content-type: application/pkix-cert\0"

41 "\0";

42

43 class AiaResponseHandler : public net::URLRequestInterceptor {

44 public:

45 AiaResponseHandler(const std::string& headers, const std::string& cert_data)

46 : headers_(headers), cert_data_(cert_data), request_count_(0) {}

47 ~AiaResponseHandler() override {}

48

49 // net::URLRequestInterceptor implementation:

50 net::URLRequestJob* MaybeInterceptRequest(

51 net::URLRequest* request,

52 net::NetworkDelegate* network_delegate) const override {

53 ++const_cast<AiaResponseHandler*>(this)->request_count_;

54

55 return new net::URLRequestTestJob(

56 request, network_delegate, headers_, cert_data_, true);

57 }

58

59 int request_count() const { return request_count_; }

60

61 private:

62 std::string headers_;

63 std::string cert_data_;

64 int request_count_;

65

66 DISALLOW_COPY_AND_ASSIGN(AiaResponseHandler);

67 };

68

69 } // namespace

70

71 class NssHttpTest : public ::testing::Test {

72 public:

73 NssHttpTest()

74 : context_(false),

75 handler_(NULL),

76 verify_proc_(new CertVerifyProcNSS),

77 verifier_(new MultiThreadedCertVerifier(verify_proc_.get())) {}

78 ~NssHttpTest() override {}

79

80 void SetUp() override {

81 std::string file_contents;

82 ASSERT_TRUE(base::ReadFileToString(

83 GetTestCertsDirectory().AppendASCII("aia-intermediate.der"),

84 &file_contents));

85 ASSERT_FALSE(file_contents.empty());

86

87 // Ownership of \|handler\| is transferred to the URLRequestFilter, but

88 // hold onto the original pointer in order to access \|request_count()\|.

89 scoped_ptr<AiaResponseHandler> handler(

90 new AiaResponseHandler(kAiaHeaders, file_contents));

91 handler_ = handler.get();

92

93 URLRequestFilter::GetInstance()->AddHostnameInterceptor(

94 "http", kAiaHost, handler.Pass());

95

96 SetURLRequestContextForNSSHttpIO(&context_);

97 EnsureNSSHttpIOInit();

98 }

99

100 void TearDown() override {

101 ShutdownNSSHttpIO();

102

103 if (handler_)

104 URLRequestFilter::GetInstance()->RemoveHostnameHandler("http", kAiaHost);

105 }

106

107 CertVerifier* verifier() const {

108 return verifier_.get();

109 }

110

111 int request_count() const {

112 return handler_->request_count();

113 }

114

115 protected:

116 const CertificateList empty_cert_list_;

117

118 private:

119 TestURLRequestContext context_;

120 AiaResponseHandler* handler_;

121 scoped_refptr<CertVerifyProc> verify_proc_;

122 scoped_ptr<CertVerifier> verifier_;

123 };

124

125 // Tests that when using NSS to verify certificates, and IO is enabled,

126 // that a request to fetch missing intermediate certificates is

127 // made successfully.

128 TEST_F(NssHttpTest, TestAia) {

129 scoped_refptr<X509Certificate> test_cert(

130 ImportCertFromFile(GetTestCertsDirectory(), "aia-cert.pem"));

131 ASSERT_TRUE(test_cert.get());

132

133 scoped_refptr<X509Certificate> test_root(

134 ImportCertFromFile(GetTestCertsDirectory(), "aia-root.pem"));

135 ASSERT_TRUE(test_root.get());

136

137 ScopedTestRoot scoped_root(test_root.get());

138

139 CertVerifyResult verify_result;

140 TestCompletionCallback test_callback;

141 CertVerifier::RequestHandle request_handle;

142

143 int flags = CertVerifier::VERIFY_CERT_IO_ENABLED;

144 int error = verifier()->Verify(test_cert.get(),

145 "aia-host.invalid",

146 flags,

147 NULL,

148 &verify_result,

149 test_callback.callback(),

150 &request_handle,

151 BoundNetLog());

152 ASSERT_EQ(ERR_IO_PENDING, error);

153

154 error = test_callback.WaitForResult();

155

156 EXPECT_EQ(OK, error);

157

158 // Ensure that NSS made an AIA request for the missing intermediate.

159 EXPECT_LT(0, request_count());

160 }

161

162 } // namespace net

OLD	NEW

« no previous file with comments | « net/ocsp/nss_ocsp.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »