| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
| 10 #include <windows.h> | 10 #include <windows.h> |
| 11 #include <shlobj.h> | 11 #include <shlobj.h> |
| 12 #endif | 12 #endif |
| 13 | 13 |
| 14 #include <stdint.h> | 14 #include <stdint.h> |
| 15 | 15 |
| 16 #include <algorithm> | 16 #include <algorithm> |
| 17 #include <limits> | 17 #include <limits> |
| 18 | 18 |
| 19 #include "base/base64url.h" |
| 19 #include "base/bind.h" | 20 #include "base/bind.h" |
| 20 #include "base/compiler_specific.h" | 21 #include "base/compiler_specific.h" |
| 21 #include "base/files/file_path.h" | 22 #include "base/files/file_path.h" |
| 22 #include "base/files/file_util.h" | 23 #include "base/files/file_util.h" |
| 23 #include "base/files/scoped_temp_dir.h" | 24 #include "base/files/scoped_temp_dir.h" |
| 24 #include "base/format_macros.h" | 25 #include "base/format_macros.h" |
| 25 #include "base/json/json_reader.h" | 26 #include "base/json/json_reader.h" |
| 26 #include "base/location.h" | 27 #include "base/location.h" |
| 27 #include "base/macros.h" | 28 #include "base/macros.h" |
| 28 #include "base/memory/scoped_ptr.h" | 29 #include "base/memory/scoped_ptr.h" |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 72 #include "net/http/http_network_session.h" | 73 #include "net/http/http_network_session.h" |
| 73 #include "net/http/http_request_headers.h" | 74 #include "net/http/http_request_headers.h" |
| 74 #include "net/http/http_response_headers.h" | 75 #include "net/http/http_response_headers.h" |
| 75 #include "net/http/http_util.h" | 76 #include "net/http/http_util.h" |
| 76 #include "net/log/net_log.h" | 77 #include "net/log/net_log.h" |
| 77 #include "net/log/test_net_log.h" | 78 #include "net/log/test_net_log.h" |
| 78 #include "net/log/test_net_log_entry.h" | 79 #include "net/log/test_net_log_entry.h" |
| 79 #include "net/log/test_net_log_util.h" | 80 #include "net/log/test_net_log_util.h" |
| 80 #include "net/proxy/proxy_service.h" | 81 #include "net/proxy/proxy_service.h" |
| 81 #include "net/socket/ssl_client_socket.h" | 82 #include "net/socket/ssl_client_socket.h" |
| 83 #include "net/ssl/channel_id_service.h" |
| 84 #include "net/ssl/default_channel_id_store.h" |
| 82 #include "net/ssl/ssl_cipher_suite_names.h" | 85 #include "net/ssl/ssl_cipher_suite_names.h" |
| 83 #include "net/ssl/ssl_connection_status_flags.h" | 86 #include "net/ssl/ssl_connection_status_flags.h" |
| 84 #include "net/ssl/ssl_server_config.h" | 87 #include "net/ssl/ssl_server_config.h" |
| 88 #include "net/ssl/token_binding.h" |
| 85 #include "net/test/cert_test_util.h" | 89 #include "net/test/cert_test_util.h" |
| 86 #include "net/test/embedded_test_server/embedded_test_server.h" | 90 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 87 #include "net/test/embedded_test_server/http_request.h" | 91 #include "net/test/embedded_test_server/http_request.h" |
| 88 #include "net/test/embedded_test_server/http_response.h" | 92 #include "net/test/embedded_test_server/http_response.h" |
| 89 #include "net/test/spawned_test_server/spawned_test_server.h" | 93 #include "net/test/spawned_test_server/spawned_test_server.h" |
| 90 #include "net/test/url_request/url_request_failed_job.h" | 94 #include "net/test/url_request/url_request_failed_job.h" |
| 91 #include "net/url_request/data_protocol_handler.h" | 95 #include "net/url_request/data_protocol_handler.h" |
| 92 #include "net/url_request/static_http_user_agent_settings.h" | 96 #include "net/url_request/static_http_user_agent_settings.h" |
| 93 #include "net/url_request/url_request.h" | 97 #include "net/url_request/url_request.h" |
| 94 #include "net/url_request/url_request_filter.h" | 98 #include "net/url_request/url_request_filter.h" |
| (...skipping 3268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3363 scoped_ptr<test_server::BasicHttpResponse> http_response( | 3367 scoped_ptr<test_server::BasicHttpResponse> http_response( |
| 3364 new test_server::BasicHttpResponse); | 3368 new test_server::BasicHttpResponse); |
| 3365 http_response->set_code(HTTP_FOUND); | 3369 http_response->set_code(HTTP_FOUND); |
| 3366 http_response->AddCustomHeader("Location", | 3370 http_response->AddCustomHeader("Location", |
| 3367 "http://www.destination.com/foo.js"); | 3371 "http://www.destination.com/foo.js"); |
| 3368 return std::move(http_response); | 3372 return std::move(http_response); |
| 3369 } | 3373 } |
| 3370 | 3374 |
| 3371 } // namespace | 3375 } // namespace |
| 3372 | 3376 |
| 3373 // In this unit test, we're using the EmbeddedTestServer as a proxy server and | 3377 class TestSSLConfigService : public SSLConfigService { |
| 3378 public: |
| 3379 TestSSLConfigService(bool ev_enabled, |
| 3380 bool online_rev_checking, |
| 3381 bool rev_checking_required_local_anchors, |
| 3382 bool token_binding_enabled) |
| 3383 : ev_enabled_(ev_enabled), |
| 3384 online_rev_checking_(online_rev_checking), |
| 3385 rev_checking_required_local_anchors_( |
| 3386 rev_checking_required_local_anchors), |
| 3387 token_binding_enabled_(token_binding_enabled), |
| 3388 min_version_(kDefaultSSLVersionMin), |
| 3389 fallback_min_version_(kDefaultSSLVersionFallbackMin) {} |
| 3390 |
| 3391 void set_min_version(uint16_t version) { min_version_ = version; } |
| 3392 |
| 3393 void set_fallback_min_version(uint16_t version) { |
| 3394 fallback_min_version_ = version; |
| 3395 } |
| 3396 |
| 3397 // SSLConfigService: |
| 3398 void GetSSLConfig(SSLConfig* config) override { |
| 3399 *config = SSLConfig(); |
| 3400 config->rev_checking_enabled = online_rev_checking_; |
| 3401 config->verify_ev_cert = ev_enabled_; |
| 3402 config->rev_checking_required_local_anchors = |
| 3403 rev_checking_required_local_anchors_; |
| 3404 if (fallback_min_version_) { |
| 3405 config->version_fallback_min = fallback_min_version_; |
| 3406 } |
| 3407 if (min_version_) { |
| 3408 config->version_min = min_version_; |
| 3409 } |
| 3410 if (token_binding_enabled_) { |
| 3411 config->token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 3412 } |
| 3413 } |
| 3414 |
| 3415 protected: |
| 3416 ~TestSSLConfigService() override {} |
| 3417 |
| 3418 private: |
| 3419 const bool ev_enabled_; |
| 3420 const bool online_rev_checking_; |
| 3421 const bool rev_checking_required_local_anchors_; |
| 3422 const bool token_binding_enabled_; |
| 3423 uint16_t min_version_; |
| 3424 uint16_t fallback_min_version_; |
| 3425 }; |
| 3426 |
| 3427 // TODO(svaldez): Update tests to use EmbeddedTestServer. |
| 3428 #if !defined(OS_IOS) |
| 3429 class TokenBindingURLRequestTest : public URLRequestTestHTTP { |
| 3430 public: |
| 3431 void SetUp() override { |
| 3432 default_context_.set_ssl_config_service( |
| 3433 new TestSSLConfigService(false, false, false, true)); |
| 3434 channel_id_service_.reset(new ChannelIDService( |
| 3435 new DefaultChannelIDStore(NULL), base::ThreadTaskRunnerHandle::Get())); |
| 3436 default_context_.set_channel_id_service(channel_id_service_.get()); |
| 3437 URLRequestTestHTTP::SetUp(); |
| 3438 } |
| 3439 |
| 3440 protected: |
| 3441 scoped_ptr<ChannelIDService> channel_id_service_; |
| 3442 }; |
| 3443 |
| 3444 TEST_F(TokenBindingURLRequestTest, TokenBindingTest) { |
| 3445 SpawnedTestServer::SSLOptions ssl_options; |
| 3446 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); |
| 3447 SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS, |
| 3448 ssl_options, |
| 3449 base::FilePath(kTestFilePath)); |
| 3450 ASSERT_TRUE(https_test_server.Start()); |
| 3451 |
| 3452 TestDelegate d; |
| 3453 { |
| 3454 scoped_ptr<URLRequest> r(default_context_.CreateRequest( |
| 3455 https_test_server.GetURL("tokbind-ekm"), DEFAULT_PRIORITY, &d)); |
| 3456 r->Start(); |
| 3457 EXPECT_TRUE(r->is_pending()); |
| 3458 |
| 3459 base::RunLoop().Run(); |
| 3460 |
| 3461 EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status()); |
| 3462 |
| 3463 HttpRequestHeaders headers; |
| 3464 std::string token_binding_header, token_binding_message; |
| 3465 EXPECT_TRUE(r->GetFullRequestHeaders(&headers)); |
| 3466 EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, |
| 3467 &token_binding_header)); |
| 3468 EXPECT_TRUE(base::Base64UrlDecode( |
| 3469 token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING, |
| 3470 &token_binding_message)); |
| 3471 base::StringPiece ec_point, signature; |
| 3472 EXPECT_TRUE( |
| 3473 ParseTokenBindingMessage(token_binding_message, &ec_point, &signature)); |
| 3474 |
| 3475 EXPECT_GT(d.bytes_received(), 0); |
| 3476 std::string ekm = d.data_received(); |
| 3477 |
| 3478 EXPECT_TRUE(VerifyEKMSignature(ec_point, signature, ekm)); |
| 3479 } |
| 3480 } |
| 3481 #endif // !defined(OS_IOS) |
| 3482 |
| 3483 // In this unit test, we're using the HTTPTestServer as a proxy server and |
| 3374 // issuing a CONNECT request with the magic host name "www.redirect.com". | 3484 // issuing a CONNECT request with the magic host name "www.redirect.com". |
| 3375 // The EmbeddedTestServer will return a 302 response, which we should not | 3485 // The EmbeddedTestServer will return a 302 response, which we should not |
| 3376 // follow. | 3486 // follow. |
| 3377 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { | 3487 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { |
| 3378 http_test_server()->RegisterRequestHandler( | 3488 http_test_server()->RegisterRequestHandler( |
| 3379 base::Bind(&HandleRedirectConnect)); | 3489 base::Bind(&HandleRedirectConnect)); |
| 3380 ASSERT_TRUE(http_test_server()->Start()); | 3490 ASSERT_TRUE(http_test_server()->Start()); |
| 3381 | 3491 |
| 3382 TestNetworkDelegate network_delegate; // Must outlive URLRequest. | 3492 TestNetworkDelegate network_delegate; // Must outlive URLRequest. |
| 3383 TestURLRequestContextWithProxy context( | 3493 TestURLRequestContextWithProxy context( |
| (...skipping 5137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8521 for (size_t i = 0; i < lines.size(); i++) { | 8631 for (size_t i = 0; i < lines.size(); i++) { |
| 8522 int cipher_suite; | 8632 int cipher_suite; |
| 8523 ASSERT_TRUE(base::StringToInt(lines[i], &cipher_suite)); | 8633 ASSERT_TRUE(base::StringToInt(lines[i], &cipher_suite)); |
| 8524 EXPECT_FALSE(IsECDSACipherSuite(cipher_suite)) | 8634 EXPECT_FALSE(IsECDSACipherSuite(cipher_suite)) |
| 8525 << "ClientHello advertised " << cipher_suite; | 8635 << "ClientHello advertised " << cipher_suite; |
| 8526 } | 8636 } |
| 8527 } | 8637 } |
| 8528 | 8638 |
| 8529 #endif // OS_WIN | 8639 #endif // OS_WIN |
| 8530 | 8640 |
| 8531 class TestSSLConfigService : public SSLConfigService { | |
| 8532 public: | |
| 8533 TestSSLConfigService(bool ev_enabled, | |
| 8534 bool online_rev_checking, | |
| 8535 bool rev_checking_required_local_anchors) | |
| 8536 : ev_enabled_(ev_enabled), | |
| 8537 online_rev_checking_(online_rev_checking), | |
| 8538 rev_checking_required_local_anchors_( | |
| 8539 rev_checking_required_local_anchors), | |
| 8540 min_version_(kDefaultSSLVersionMin), | |
| 8541 fallback_min_version_(kDefaultSSLVersionFallbackMin) {} | |
| 8542 | |
| 8543 void set_min_version(uint16_t version) { min_version_ = version; } | |
| 8544 | |
| 8545 void set_fallback_min_version(uint16_t version) { | |
| 8546 fallback_min_version_ = version; | |
| 8547 } | |
| 8548 | |
| 8549 // SSLConfigService: | |
| 8550 void GetSSLConfig(SSLConfig* config) override { | |
| 8551 *config = SSLConfig(); | |
| 8552 config->rev_checking_enabled = online_rev_checking_; | |
| 8553 config->verify_ev_cert = ev_enabled_; | |
| 8554 config->rev_checking_required_local_anchors = | |
| 8555 rev_checking_required_local_anchors_; | |
| 8556 if (fallback_min_version_) { | |
| 8557 config->version_fallback_min = fallback_min_version_; | |
| 8558 } | |
| 8559 if (min_version_) { | |
| 8560 config->version_min = min_version_; | |
| 8561 } | |
| 8562 } | |
| 8563 | |
| 8564 protected: | |
| 8565 ~TestSSLConfigService() override {} | |
| 8566 | |
| 8567 private: | |
| 8568 const bool ev_enabled_; | |
| 8569 const bool online_rev_checking_; | |
| 8570 const bool rev_checking_required_local_anchors_; | |
| 8571 uint16_t min_version_; | |
| 8572 uint16_t fallback_min_version_; | |
| 8573 }; | |
| 8574 | |
| 8575 class FallbackTestURLRequestContext : public TestURLRequestContext { | 8641 class FallbackTestURLRequestContext : public TestURLRequestContext { |
| 8576 public: | 8642 public: |
| 8577 explicit FallbackTestURLRequestContext(bool delay_initialization) | 8643 explicit FallbackTestURLRequestContext(bool delay_initialization) |
| 8578 : TestURLRequestContext(delay_initialization) {} | 8644 : TestURLRequestContext(delay_initialization) {} |
| 8579 | 8645 |
| 8580 void set_fallback_min_version(uint16_t version) { | 8646 void set_fallback_min_version(uint16_t version) { |
| 8581 TestSSLConfigService *ssl_config_service = | 8647 TestSSLConfigService* ssl_config_service = new TestSSLConfigService( |
| 8582 new TestSSLConfigService(true /* check for EV */, | 8648 true /* check for EV */, false /* online revocation checking */, |
| 8583 false /* online revocation checking */, | 8649 false /* require rev. checking for local |
| 8584 false /* require rev. checking for local | 8650 anchors */, |
| 8585 anchors */); | 8651 false /* token binding enabled */); |
| 8586 ssl_config_service->set_fallback_min_version(version); | 8652 ssl_config_service->set_fallback_min_version(version); |
| 8587 set_ssl_config_service(ssl_config_service); | 8653 set_ssl_config_service(ssl_config_service); |
| 8588 } | 8654 } |
| 8589 }; | 8655 }; |
| 8590 | 8656 |
| 8591 class HTTPSFallbackTest : public testing::Test { | 8657 class HTTPSFallbackTest : public testing::Test { |
| 8592 public: | 8658 public: |
| 8593 HTTPSFallbackTest() : context_(true) {} | 8659 HTTPSFallbackTest() : context_(true) {} |
| 8594 ~HTTPSFallbackTest() override {} | 8660 ~HTTPSFallbackTest() override {} |
| 8595 | 8661 |
| (...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8950 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 9016 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
| 8951 ShutdownNSSHttpIO(); | 9017 ShutdownNSSHttpIO(); |
| 8952 #endif | 9018 #endif |
| 8953 } | 9019 } |
| 8954 | 9020 |
| 8955 protected: | 9021 protected: |
| 8956 // SetupContext configures the URLRequestContext that will be used for making | 9022 // SetupContext configures the URLRequestContext that will be used for making |
| 8957 // connetions to testserver. This can be overridden in test subclasses for | 9023 // connetions to testserver. This can be overridden in test subclasses for |
| 8958 // different behaviour. | 9024 // different behaviour. |
| 8959 virtual void SetupContext(URLRequestContext* context) { | 9025 virtual void SetupContext(URLRequestContext* context) { |
| 8960 context->set_ssl_config_service( | 9026 context->set_ssl_config_service(new TestSSLConfigService( |
| 8961 new TestSSLConfigService(true /* check for EV */, | 9027 true /* check for EV */, true /* online revocation checking */, |
| 8962 true /* online revocation checking */, | 9028 false /* require rev. checking for local |
| 8963 false /* require rev. checking for local | 9029 anchors */, |
| 8964 anchors */)); | 9030 false /* token binding enabled */)); |
| 8965 } | 9031 } |
| 8966 | 9032 |
| 8967 scoped_ptr<ScopedTestRoot> test_root_; | 9033 scoped_ptr<ScopedTestRoot> test_root_; |
| 8968 TestURLRequestContext context_; | 9034 TestURLRequestContext context_; |
| 8969 scoped_ptr<ScopedTestEVPolicy> ev_test_policy_; | 9035 scoped_ptr<ScopedTestEVPolicy> ev_test_policy_; |
| 8970 }; | 9036 }; |
| 8971 | 9037 |
| 8972 static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() { | 9038 static CertStatus ExpectedCertStatusForFailedOnlineRevocationCheck() { |
| 8973 #if defined(OS_WIN) | 9039 #if defined(OS_WIN) |
| 8974 // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't | 9040 // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't |
| (...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9145 DoConnection(ssl_options, &cert_status); | 9211 DoConnection(ssl_options, &cert_status); |
| 9146 | 9212 |
| 9147 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 9213 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
| 9148 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9214 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
| 9149 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9215 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
| 9150 } | 9216 } |
| 9151 | 9217 |
| 9152 class HTTPSHardFailTest : public HTTPSOCSPTest { | 9218 class HTTPSHardFailTest : public HTTPSOCSPTest { |
| 9153 protected: | 9219 protected: |
| 9154 void SetupContext(URLRequestContext* context) override { | 9220 void SetupContext(URLRequestContext* context) override { |
| 9155 context->set_ssl_config_service( | 9221 context->set_ssl_config_service(new TestSSLConfigService( |
| 9156 new TestSSLConfigService(false /* check for EV */, | 9222 false /* check for EV */, false /* online revocation checking */, |
| 9157 false /* online revocation checking */, | 9223 true /* require rev. checking for local |
| 9158 true /* require rev. checking for local | 9224 anchors */, |
| 9159 anchors */)); | 9225 false /* token binding enabled */)); |
| 9160 } | 9226 } |
| 9161 }; | 9227 }; |
| 9162 | 9228 |
| 9163 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { | 9229 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { |
| 9164 if (!SystemSupportsOCSP()) { | 9230 if (!SystemSupportsOCSP()) { |
| 9165 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; | 9231 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; |
| 9166 return; | 9232 return; |
| 9167 } | 9233 } |
| 9168 | 9234 |
| 9169 if (!SystemSupportsHardFailRevocationChecking()) { | 9235 if (!SystemSupportsHardFailRevocationChecking()) { |
| (...skipping 12 matching lines...) Expand all Loading... |
| 9182 EXPECT_EQ(CERT_STATUS_REVOKED, | 9248 EXPECT_EQ(CERT_STATUS_REVOKED, |
| 9183 cert_status & CERT_STATUS_REVOKED); | 9249 cert_status & CERT_STATUS_REVOKED); |
| 9184 | 9250 |
| 9185 // Without a positive OCSP response, we shouldn't show the EV status. | 9251 // Without a positive OCSP response, we shouldn't show the EV status. |
| 9186 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9252 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
| 9187 } | 9253 } |
| 9188 | 9254 |
| 9189 class HTTPSEVCRLSetTest : public HTTPSOCSPTest { | 9255 class HTTPSEVCRLSetTest : public HTTPSOCSPTest { |
| 9190 protected: | 9256 protected: |
| 9191 void SetupContext(URLRequestContext* context) override { | 9257 void SetupContext(URLRequestContext* context) override { |
| 9192 context->set_ssl_config_service( | 9258 context->set_ssl_config_service(new TestSSLConfigService( |
| 9193 new TestSSLConfigService(true /* check for EV */, | 9259 true /* check for EV */, false /* online revocation checking */, |
| 9194 false /* online revocation checking */, | 9260 false /* require rev. checking for local |
| 9195 false /* require rev. checking for local | 9261 anchors */, |
| 9196 anchors */)); | 9262 false /* token binding enabled */)); |
| 9197 } | 9263 } |
| 9198 }; | 9264 }; |
| 9199 | 9265 |
| 9200 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { | 9266 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { |
| 9201 if (!SystemSupportsOCSP()) { | 9267 if (!SystemSupportsOCSP()) { |
| 9202 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; | 9268 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; |
| 9203 return; | 9269 return; |
| 9204 } | 9270 } |
| 9205 | 9271 |
| 9206 SpawnedTestServer::SSLOptions ssl_options( | 9272 SpawnedTestServer::SSLOptions ssl_options( |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9367 | 9433 |
| 9368 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); | 9434 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); |
| 9369 | 9435 |
| 9370 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9436 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
| 9371 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9437 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
| 9372 } | 9438 } |
| 9373 | 9439 |
| 9374 class HTTPSCRLSetTest : public HTTPSOCSPTest { | 9440 class HTTPSCRLSetTest : public HTTPSOCSPTest { |
| 9375 protected: | 9441 protected: |
| 9376 void SetupContext(URLRequestContext* context) override { | 9442 void SetupContext(URLRequestContext* context) override { |
| 9377 context->set_ssl_config_service( | 9443 context->set_ssl_config_service(new TestSSLConfigService( |
| 9378 new TestSSLConfigService(false /* check for EV */, | 9444 false /* check for EV */, false /* online revocation checking */, |
| 9379 false /* online revocation checking */, | 9445 false /* require rev. checking for local |
| 9380 false /* require rev. checking for local | 9446 anchors */, |
| 9381 anchors */)); | 9447 false /* token binding enabled */)); |
| 9382 } | 9448 } |
| 9383 }; | 9449 }; |
| 9384 | 9450 |
| 9385 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { | 9451 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { |
| 9386 SpawnedTestServer::SSLOptions ssl_options( | 9452 SpawnedTestServer::SSLOptions ssl_options( |
| 9387 SpawnedTestServer::SSLOptions::CERT_AUTO); | 9453 SpawnedTestServer::SSLOptions::CERT_AUTO); |
| 9388 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; | 9454 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; |
| 9389 SSLConfigService::SetCRLSet( | 9455 SSLConfigService::SetCRLSet( |
| 9390 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); | 9456 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); |
| 9391 | 9457 |
| (...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9799 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 9865 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 9800 | 9866 |
| 9801 req->Start(); | 9867 req->Start(); |
| 9802 req->Cancel(); | 9868 req->Cancel(); |
| 9803 base::RunLoop().RunUntilIdle(); | 9869 base::RunLoop().RunUntilIdle(); |
| 9804 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 9870 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
| 9805 EXPECT_EQ(0, d.received_redirect_count()); | 9871 EXPECT_EQ(0, d.received_redirect_count()); |
| 9806 } | 9872 } |
| 9807 | 9873 |
| 9808 } // namespace net | 9874 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1378613004:
Set Token-Binding HTTP header (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@tb-tls-ext-new