OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
8 | 8 |
9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
10 #include <windows.h> | 10 #include <windows.h> |
11 #include <shlobj.h> | 11 #include <shlobj.h> |
12 #endif | 12 #endif |
13 | 13 |
14 #include <stdint.h> | 14 #include <stdint.h> |
15 | 15 |
16 #include <algorithm> | 16 #include <algorithm> |
17 #include <limits> | 17 #include <limits> |
18 | 18 |
19 #include "base/base64.h" | |
davidben
2016/01/22 00:19:22
Unused?
nharper
2016/01/22 19:36:52
Removed.
| |
20 #include "base/base64url.h" | |
19 #include "base/bind.h" | 21 #include "base/bind.h" |
20 #include "base/compiler_specific.h" | 22 #include "base/compiler_specific.h" |
21 #include "base/files/file_path.h" | 23 #include "base/files/file_path.h" |
22 #include "base/files/file_util.h" | 24 #include "base/files/file_util.h" |
23 #include "base/files/scoped_temp_dir.h" | 25 #include "base/files/scoped_temp_dir.h" |
24 #include "base/format_macros.h" | 26 #include "base/format_macros.h" |
25 #include "base/json/json_reader.h" | 27 #include "base/json/json_reader.h" |
26 #include "base/location.h" | 28 #include "base/location.h" |
27 #include "base/macros.h" | 29 #include "base/macros.h" |
28 #include "base/memory/scoped_ptr.h" | 30 #include "base/memory/scoped_ptr.h" |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
72 #include "net/http/http_network_session.h" | 74 #include "net/http/http_network_session.h" |
73 #include "net/http/http_request_headers.h" | 75 #include "net/http/http_request_headers.h" |
74 #include "net/http/http_response_headers.h" | 76 #include "net/http/http_response_headers.h" |
75 #include "net/http/http_util.h" | 77 #include "net/http/http_util.h" |
76 #include "net/log/net_log.h" | 78 #include "net/log/net_log.h" |
77 #include "net/log/test_net_log.h" | 79 #include "net/log/test_net_log.h" |
78 #include "net/log/test_net_log_entry.h" | 80 #include "net/log/test_net_log_entry.h" |
79 #include "net/log/test_net_log_util.h" | 81 #include "net/log/test_net_log_util.h" |
80 #include "net/proxy/proxy_service.h" | 82 #include "net/proxy/proxy_service.h" |
81 #include "net/socket/ssl_client_socket.h" | 83 #include "net/socket/ssl_client_socket.h" |
84 #include "net/ssl/channel_id_service.h" | |
85 #include "net/ssl/default_channel_id_store.h" | |
82 #include "net/ssl/ssl_cipher_suite_names.h" | 86 #include "net/ssl/ssl_cipher_suite_names.h" |
83 #include "net/ssl/ssl_connection_status_flags.h" | 87 #include "net/ssl/ssl_connection_status_flags.h" |
84 #include "net/ssl/ssl_server_config.h" | 88 #include "net/ssl/ssl_server_config.h" |
89 #include "net/ssl/token_binding.h" | |
85 #include "net/test/cert_test_util.h" | 90 #include "net/test/cert_test_util.h" |
86 #include "net/test/embedded_test_server/embedded_test_server.h" | 91 #include "net/test/embedded_test_server/embedded_test_server.h" |
87 #include "net/test/embedded_test_server/http_request.h" | 92 #include "net/test/embedded_test_server/http_request.h" |
88 #include "net/test/embedded_test_server/http_response.h" | 93 #include "net/test/embedded_test_server/http_response.h" |
89 #include "net/test/spawned_test_server/spawned_test_server.h" | 94 #include "net/test/spawned_test_server/spawned_test_server.h" |
90 #include "net/test/url_request/url_request_failed_job.h" | 95 #include "net/test/url_request/url_request_failed_job.h" |
91 #include "net/url_request/data_protocol_handler.h" | 96 #include "net/url_request/data_protocol_handler.h" |
92 #include "net/url_request/static_http_user_agent_settings.h" | 97 #include "net/url_request/static_http_user_agent_settings.h" |
93 #include "net/url_request/url_request.h" | 98 #include "net/url_request/url_request.h" |
94 #include "net/url_request/url_request_filter.h" | 99 #include "net/url_request/url_request_filter.h" |
(...skipping 3237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3332 scoped_ptr<test_server::BasicHttpResponse> http_response( | 3337 scoped_ptr<test_server::BasicHttpResponse> http_response( |
3333 new test_server::BasicHttpResponse); | 3338 new test_server::BasicHttpResponse); |
3334 http_response->set_code(HTTP_FOUND); | 3339 http_response->set_code(HTTP_FOUND); |
3335 http_response->AddCustomHeader("Location", | 3340 http_response->AddCustomHeader("Location", |
3336 "http://www.destination.com/foo.js"); | 3341 "http://www.destination.com/foo.js"); |
3337 return std::move(http_response); | 3342 return std::move(http_response); |
3338 } | 3343 } |
3339 | 3344 |
3340 } // namespace | 3345 } // namespace |
3341 | 3346 |
3342 // In this unit test, we're using the EmbeddedTestServer as a proxy server and | 3347 class TestSSLConfigService : public SSLConfigService { |
3348 public: | |
3349 TestSSLConfigService(bool ev_enabled, | |
3350 bool online_rev_checking, | |
3351 bool rev_checking_required_local_anchors, | |
3352 bool token_binding_enabled) | |
3353 : ev_enabled_(ev_enabled), | |
3354 online_rev_checking_(online_rev_checking), | |
3355 rev_checking_required_local_anchors_( | |
3356 rev_checking_required_local_anchors), | |
3357 token_binding_enabled_(token_binding_enabled), | |
3358 min_version_(kDefaultSSLVersionMin), | |
3359 fallback_min_version_(kDefaultSSLVersionFallbackMin) {} | |
3360 | |
3361 void set_min_version(uint16_t version) { min_version_ = version; } | |
3362 | |
3363 void set_fallback_min_version(uint16_t version) { | |
3364 fallback_min_version_ = version; | |
3365 } | |
3366 | |
3367 // SSLConfigService: | |
3368 void GetSSLConfig(SSLConfig* config) override { | |
3369 *config = SSLConfig(); | |
3370 config->rev_checking_enabled = online_rev_checking_; | |
3371 config->verify_ev_cert = ev_enabled_; | |
3372 config->rev_checking_required_local_anchors = | |
3373 rev_checking_required_local_anchors_; | |
3374 if (fallback_min_version_) { | |
3375 config->version_fallback_min = fallback_min_version_; | |
3376 } | |
3377 if (min_version_) { | |
3378 config->version_min = min_version_; | |
3379 } | |
3380 if (token_binding_enabled_) { | |
3381 config->token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
3382 } | |
3383 } | |
3384 | |
3385 protected: | |
3386 ~TestSSLConfigService() override {} | |
3387 | |
3388 private: | |
3389 const bool ev_enabled_; | |
3390 const bool online_rev_checking_; | |
3391 const bool rev_checking_required_local_anchors_; | |
3392 const bool token_binding_enabled_; | |
3393 uint16_t min_version_; | |
3394 uint16_t fallback_min_version_; | |
3395 }; | |
3396 | |
3397 // TODO(svaldez): Update tests to user EmbeddedTestServer. | |
davidben
2016/01/22 00:19:22
Nit: user -> use?
nharper
2016/01/22 19:36:52
Done.
| |
3398 #if !defined(OS_IOS) | |
3399 class TokenBindingURLRequestTest : public URLRequestTestHTTP { | |
3400 public: | |
3401 void SetUp() override { | |
3402 default_context_.set_ssl_config_service( | |
3403 new TestSSLConfigService(false, false, false, true)); | |
3404 channel_id_service_.reset(new ChannelIDService( | |
3405 new DefaultChannelIDStore(NULL), base::ThreadTaskRunnerHandle::Get())); | |
3406 default_context_.set_channel_id_service(channel_id_service_.get()); | |
3407 URLRequestTestHTTP::SetUp(); | |
3408 } | |
3409 | |
3410 protected: | |
3411 scoped_ptr<ChannelIDService> channel_id_service_; | |
3412 }; | |
3413 | |
3414 TEST_F(TokenBindingURLRequestTest, TokenBindingTest) { | |
3415 SpawnedTestServer::SSLOptions ssl_options; | |
3416 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
3417 SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS, | |
3418 ssl_options, | |
3419 base::FilePath(kTestFilePath)); | |
3420 ASSERT_TRUE(https_test_server.Start()); | |
3421 | |
3422 TestDelegate d; | |
3423 { | |
3424 scoped_ptr<URLRequest> r(default_context_.CreateRequest( | |
3425 https_test_server.GetURL("tokbind-ekm"), DEFAULT_PRIORITY, &d)); | |
3426 r->Start(); | |
3427 EXPECT_TRUE(r->is_pending()); | |
3428 | |
3429 base::RunLoop().Run(); | |
3430 | |
3431 EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status()); | |
3432 | |
3433 HttpRequestHeaders headers; | |
3434 std::string token_binding_header, token_binding_message; | |
3435 EXPECT_TRUE(r->GetFullRequestHeaders(&headers)); | |
3436 EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, | |
3437 &token_binding_header)); | |
3438 EXPECT_TRUE(base::Base64UrlDecode( | |
3439 token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING, | |
3440 &token_binding_message)); | |
3441 base::StringPiece ec_point, signature; | |
3442 EXPECT_TRUE( | |
3443 ParseTokenBindingMessage(token_binding_message, &ec_point, &signature)); | |
3444 | |
3445 EXPECT_GT(d.bytes_received(), 0); | |
3446 std::string ekm = d.data_received(); | |
3447 | |
3448 EXPECT_TRUE(VerifyEKMSignature(ec_point, signature, ekm)); | |
3449 } | |
3450 } | |
3451 #endif // !defined(OS_IOS) | |
3452 | |
3453 // In this unit test, we're using the HTTPTestServer as a proxy server and | |
3343 // issuing a CONNECT request with the magic host name "www.redirect.com". | 3454 // issuing a CONNECT request with the magic host name "www.redirect.com". |
3344 // The EmbeddedTestServer will return a 302 response, which we should not | 3455 // The EmbeddedTestServer will return a 302 response, which we should not |
3345 // follow. | 3456 // follow. |
3346 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { | 3457 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { |
3347 http_test_server()->RegisterRequestHandler( | 3458 http_test_server()->RegisterRequestHandler( |
3348 base::Bind(&HandleRedirectConnect)); | 3459 base::Bind(&HandleRedirectConnect)); |
3349 ASSERT_TRUE(http_test_server()->Start()); | 3460 ASSERT_TRUE(http_test_server()->Start()); |
3350 | 3461 |
3351 TestNetworkDelegate network_delegate; // Must outlive URLRequest. | 3462 TestNetworkDelegate network_delegate; // Must outlive URLRequest. |
3352 TestURLRequestContextWithProxy context( | 3463 TestURLRequestContextWithProxy context( |
(...skipping 5137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8490 for (size_t i = 0; i < lines.size(); i++) { | 8601 for (size_t i = 0; i < lines.size(); i++) { |
8491 int cipher_suite; | 8602 int cipher_suite; |
8492 ASSERT_TRUE(base::StringToInt(lines[i], &cipher_suite)); | 8603 ASSERT_TRUE(base::StringToInt(lines[i], &cipher_suite)); |
8493 EXPECT_FALSE(IsECDSACipherSuite(cipher_suite)) | 8604 EXPECT_FALSE(IsECDSACipherSuite(cipher_suite)) |
8494 << "ClientHello advertised " << cipher_suite; | 8605 << "ClientHello advertised " << cipher_suite; |
8495 } | 8606 } |
8496 } | 8607 } |
8497 | 8608 |
8498 #endif // OS_WIN | 8609 #endif // OS_WIN |
8499 | 8610 |
8500 class TestSSLConfigService : public SSLConfigService { | |
8501 public: | |
8502 TestSSLConfigService(bool ev_enabled, | |
8503 bool online_rev_checking, | |
8504 bool rev_checking_required_local_anchors) | |
8505 : ev_enabled_(ev_enabled), | |
8506 online_rev_checking_(online_rev_checking), | |
8507 rev_checking_required_local_anchors_( | |
8508 rev_checking_required_local_anchors), | |
8509 min_version_(kDefaultSSLVersionMin), | |
8510 fallback_min_version_(kDefaultSSLVersionFallbackMin) {} | |
8511 | |
8512 void set_min_version(uint16_t version) { min_version_ = version; } | |
8513 | |
8514 void set_fallback_min_version(uint16_t version) { | |
8515 fallback_min_version_ = version; | |
8516 } | |
8517 | |
8518 // SSLConfigService: | |
8519 void GetSSLConfig(SSLConfig* config) override { | |
8520 *config = SSLConfig(); | |
8521 config->rev_checking_enabled = online_rev_checking_; | |
8522 config->verify_ev_cert = ev_enabled_; | |
8523 config->rev_checking_required_local_anchors = | |
8524 rev_checking_required_local_anchors_; | |
8525 if (fallback_min_version_) { | |
8526 config->version_fallback_min = fallback_min_version_; | |
8527 } | |
8528 if (min_version_) { | |
8529 config->version_min = min_version_; | |
8530 } | |
8531 } | |
8532 | |
8533 protected: | |
8534 ~TestSSLConfigService() override {} | |
8535 | |
8536 private: | |
8537 const bool ev_enabled_; | |
8538 const bool online_rev_checking_; | |
8539 const bool rev_checking_required_local_anchors_; | |
8540 uint16_t min_version_; | |
8541 uint16_t fallback_min_version_; | |
8542 }; | |
8543 | |
8544 class FallbackTestURLRequestContext : public TestURLRequestContext { | 8611 class FallbackTestURLRequestContext : public TestURLRequestContext { |
8545 public: | 8612 public: |
8546 explicit FallbackTestURLRequestContext(bool delay_initialization) | 8613 explicit FallbackTestURLRequestContext(bool delay_initialization) |
8547 : TestURLRequestContext(delay_initialization) {} | 8614 : TestURLRequestContext(delay_initialization) {} |
8548 | 8615 |
8549 void set_fallback_min_version(uint16_t version) { | 8616 void set_fallback_min_version(uint16_t version) { |
8550 TestSSLConfigService *ssl_config_service = | 8617 TestSSLConfigService* ssl_config_service = new TestSSLConfigService( |
8551 new TestSSLConfigService(true /* check for EV */, | 8618 true /* check for EV */, false /* online revocation checking */, |
8552 false /* online revocation checking */, | 8619 false /* require rev. checking for local |
8553 false /* require rev. checking for local | 8620 anchors */, |
8554 anchors */); | 8621 false /* token binding enabled */); |
8555 ssl_config_service->set_fallback_min_version(version); | 8622 ssl_config_service->set_fallback_min_version(version); |
8556 set_ssl_config_service(ssl_config_service); | 8623 set_ssl_config_service(ssl_config_service); |
8557 } | 8624 } |
8558 }; | 8625 }; |
8559 | 8626 |
8560 class HTTPSFallbackTest : public testing::Test { | 8627 class HTTPSFallbackTest : public testing::Test { |
8561 public: | 8628 public: |
8562 HTTPSFallbackTest() : context_(true) {} | 8629 HTTPSFallbackTest() : context_(true) {} |
8563 ~HTTPSFallbackTest() override {} | 8630 ~HTTPSFallbackTest() override {} |
8564 | 8631 |
(...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8919 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 8986 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
8920 ShutdownNSSHttpIO(); | 8987 ShutdownNSSHttpIO(); |
8921 #endif | 8988 #endif |
8922 } | 8989 } |
8923 | 8990 |
8924 protected: | 8991 protected: |
8925 // SetupContext configures the URLRequestContext that will be used for making | 8992 // SetupContext configures the URLRequestContext that will be used for making |
8926 // connetions to testserver. This can be overridden in test subclasses for | 8993 // connetions to testserver. This can be overridden in test subclasses for |
8927 // different behaviour. | 8994 // different behaviour. |
8928 virtual void SetupContext(URLRequestContext* context) { | 8995 virtual void SetupContext(URLRequestContext* context) { |
8929 context->set_ssl_config_service( | 8996 context->set_ssl_config_service(new TestSSLConfigService( |
8930 new TestSSLConfigService(true /* check for EV */, | 8997 true /* check for EV */, true /* online revocation checking */, |
8931 true /* online revocation checking */, | 8998 false /* require rev. checking for local |
8932 false /* require rev. checking for local | 8999 anchors */, |
8933 anchors */)); | 9000 false /* token binding enabled */)); |
8934 } | 9001 } |
8935 | 9002 |
8936 scoped_ptr<ScopedTestRoot> test_root_; | 9003 scoped_ptr<ScopedTestRoot> test_root_; |
8937 TestURLRequestContext context_; | 9004 TestURLRequestContext context_; |
8938 scoped_ptr<ScopedTestEVPolicy> ev_test_policy_; | 9005 scoped_ptr<ScopedTestEVPolicy> ev_test_policy_; |
8939 }; | 9006 }; |
8940 | 9007 |
8941 static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() { | 9008 static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() { |
8942 #if defined(OS_WIN) | 9009 #if defined(OS_WIN) |
8943 // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't | 9010 // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9114 DoConnection(ssl_options, &cert_status); | 9181 DoConnection(ssl_options, &cert_status); |
9115 | 9182 |
9116 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 9183 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
9117 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9184 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
9118 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9185 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
9119 } | 9186 } |
9120 | 9187 |
9121 class HTTPSHardFailTest : public HTTPSOCSPTest { | 9188 class HTTPSHardFailTest : public HTTPSOCSPTest { |
9122 protected: | 9189 protected: |
9123 void SetupContext(URLRequestContext* context) override { | 9190 void SetupContext(URLRequestContext* context) override { |
9124 context->set_ssl_config_service( | 9191 context->set_ssl_config_service(new TestSSLConfigService( |
9125 new TestSSLConfigService(false /* check for EV */, | 9192 false /* check for EV */, false /* online revocation checking */, |
9126 false /* online revocation checking */, | 9193 true /* require rev. checking for local |
9127 true /* require rev. checking for local | 9194 anchors */, |
9128 anchors */)); | 9195 false /* token binding enabled */)); |
9129 } | 9196 } |
9130 }; | 9197 }; |
9131 | 9198 |
9132 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { | 9199 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { |
9133 if (!SystemSupportsOCSP()) { | 9200 if (!SystemSupportsOCSP()) { |
9134 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; | 9201 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; |
9135 return; | 9202 return; |
9136 } | 9203 } |
9137 | 9204 |
9138 if (!SystemSupportsHardFailRevocationChecking()) { | 9205 if (!SystemSupportsHardFailRevocationChecking()) { |
(...skipping 12 matching lines...) Expand all Loading... | |
9151 EXPECT_EQ(CERT_STATUS_REVOKED, | 9218 EXPECT_EQ(CERT_STATUS_REVOKED, |
9152 cert_status & CERT_STATUS_REVOKED); | 9219 cert_status & CERT_STATUS_REVOKED); |
9153 | 9220 |
9154 // Without a positive OCSP response, we shouldn't show the EV status. | 9221 // Without a positive OCSP response, we shouldn't show the EV status. |
9155 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9222 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
9156 } | 9223 } |
9157 | 9224 |
9158 class HTTPSEVCRLSetTest : public HTTPSOCSPTest { | 9225 class HTTPSEVCRLSetTest : public HTTPSOCSPTest { |
9159 protected: | 9226 protected: |
9160 void SetupContext(URLRequestContext* context) override { | 9227 void SetupContext(URLRequestContext* context) override { |
9161 context->set_ssl_config_service( | 9228 context->set_ssl_config_service(new TestSSLConfigService( |
9162 new TestSSLConfigService(true /* check for EV */, | 9229 true /* check for EV */, false /* online revocation checking */, |
9163 false /* online revocation checking */, | 9230 false /* require rev. checking for local |
9164 false /* require rev. checking for local | 9231 anchors */, |
9165 anchors */)); | 9232 false /* token binding enabled */)); |
9166 } | 9233 } |
9167 }; | 9234 }; |
9168 | 9235 |
9169 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { | 9236 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { |
9170 if (!SystemSupportsOCSP()) { | 9237 if (!SystemSupportsOCSP()) { |
9171 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; | 9238 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; |
9172 return; | 9239 return; |
9173 } | 9240 } |
9174 | 9241 |
9175 SpawnedTestServer::SSLOptions ssl_options( | 9242 SpawnedTestServer::SSLOptions ssl_options( |
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9336 | 9403 |
9337 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); | 9404 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); |
9338 | 9405 |
9339 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9406 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
9340 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9407 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
9341 } | 9408 } |
9342 | 9409 |
9343 class HTTPSCRLSetTest : public HTTPSOCSPTest { | 9410 class HTTPSCRLSetTest : public HTTPSOCSPTest { |
9344 protected: | 9411 protected: |
9345 void SetupContext(URLRequestContext* context) override { | 9412 void SetupContext(URLRequestContext* context) override { |
9346 context->set_ssl_config_service( | 9413 context->set_ssl_config_service(new TestSSLConfigService( |
9347 new TestSSLConfigService(false /* check for EV */, | 9414 false /* check for EV */, false /* online revocation checking */, |
9348 false /* online revocation checking */, | 9415 false /* require rev. checking for local |
9349 false /* require rev. checking for local | 9416 anchors */, |
9350 anchors */)); | 9417 false /* token binding enabled */)); |
9351 } | 9418 } |
9352 }; | 9419 }; |
9353 | 9420 |
9354 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { | 9421 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { |
9355 SpawnedTestServer::SSLOptions ssl_options( | 9422 SpawnedTestServer::SSLOptions ssl_options( |
9356 SpawnedTestServer::SSLOptions::CERT_AUTO); | 9423 SpawnedTestServer::SSLOptions::CERT_AUTO); |
9357 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; | 9424 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; |
9358 SSLConfigService::SetCRLSet( | 9425 SSLConfigService::SetCRLSet( |
9359 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); | 9426 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); |
9360 | 9427 |
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9768 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 9835 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
9769 | 9836 |
9770 req->Start(); | 9837 req->Start(); |
9771 req->Cancel(); | 9838 req->Cancel(); |
9772 base::RunLoop().RunUntilIdle(); | 9839 base::RunLoop().RunUntilIdle(); |
9773 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 9840 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
9774 EXPECT_EQ(0, d.received_redirect_count()); | 9841 EXPECT_EQ(0, d.received_redirect_count()); |
9775 } | 9842 } |
9776 | 9843 |
9777 } // namespace net | 9844 } // namespace net |
OLD | NEW |