OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <memory> | 5 #include <memory> |
6 #include <utility> | 6 #include <utility> |
7 | 7 |
8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
(...skipping 9229 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9240 ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem"); | 9240 ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem"); |
9241 CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); | 9241 CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); |
9242 test_root_.reset(new ScopedTestRoot(root_cert.get())); | 9242 test_root_.reset(new ScopedTestRoot(root_cert.get())); |
9243 | 9243 |
9244 #if defined(USE_NSS_CERTS) | 9244 #if defined(USE_NSS_CERTS) |
9245 SetURLRequestContextForNSSHttpIO(&context_); | 9245 SetURLRequestContextForNSSHttpIO(&context_); |
9246 EnsureNSSHttpIOInit(); | 9246 EnsureNSSHttpIOInit(); |
9247 #endif | 9247 #endif |
9248 } | 9248 } |
9249 | 9249 |
9250 void DoConnection(const SpawnedTestServer::SSLOptions& ssl_options, | 9250 ::testing::AssertionResult DoConnection( |
svaldez
2016/06/23 14:03:16
Is this change necessary?
| |
9251 CertStatus* out_cert_status) { | 9251 const SpawnedTestServer::SSLOptions& ssl_options, |
9252 // We always overwrite out_cert_status. | 9252 SSLInfo* out_ssl_info) { |
9253 *out_cert_status = 0; | 9253 // Always overwrite |out_ssl_info|. |
9254 out_ssl_info->Reset(); | |
9255 | |
9254 SpawnedTestServer test_server( | 9256 SpawnedTestServer test_server( |
9255 SpawnedTestServer::TYPE_HTTPS, | 9257 SpawnedTestServer::TYPE_HTTPS, |
9256 ssl_options, | 9258 ssl_options, |
9257 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 9259 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
9258 ASSERT_TRUE(test_server.Start()); | 9260 EXPECT_TRUE(test_server.Start()); |
9259 | 9261 |
9260 TestDelegate d; | 9262 TestDelegate d; |
9261 d.set_allow_certificate_errors(true); | 9263 d.set_allow_certificate_errors(true); |
9262 std::unique_ptr<URLRequest> r( | 9264 std::unique_ptr<URLRequest> r( |
9263 context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, &d)); | 9265 context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, &d)); |
9264 r->Start(); | 9266 r->Start(); |
9265 | 9267 |
9266 base::RunLoop().Run(); | 9268 base::RunLoop().Run(); |
9269 EXPECT_EQ(1, d.response_started_count()); | |
9267 | 9270 |
9268 EXPECT_EQ(1, d.response_started_count()); | 9271 *out_ssl_info = r->ssl_info(); |
9269 *out_cert_status = r->ssl_info().cert_status; | 9272 return ::testing::AssertionSuccess(); |
9273 } | |
9274 | |
9275 ::testing::AssertionResult DoConnection( | |
svaldez
2016/06/23 14:03:16
Same.
| |
9276 const SpawnedTestServer::SSLOptions& ssl_options, | |
9277 CertStatus* out_cert_status) { | |
9278 // Always overwrite |out_cert_status|. | |
9279 *out_cert_status = 0; | |
9280 | |
9281 SSLInfo ssl_info; | |
9282 EXPECT_TRUE(DoConnection(ssl_options, &ssl_info)); | |
9283 | |
9284 *out_cert_status = ssl_info.cert_status; | |
9285 return ::testing::AssertionSuccess(); | |
9270 } | 9286 } |
9271 | 9287 |
9272 ~HTTPSOCSPTest() override { | 9288 ~HTTPSOCSPTest() override { |
9273 #if defined(USE_NSS_CERTS) | 9289 #if defined(USE_NSS_CERTS) |
9274 ShutdownNSSHttpIO(); | 9290 ShutdownNSSHttpIO(); |
9275 #endif | 9291 #endif |
9276 } | 9292 } |
9277 | 9293 |
9278 protected: | 9294 protected: |
9279 class AllowAnyCertCTPolicyEnforcer : public CTPolicyEnforcer { | 9295 class AllowAnyCertCTPolicyEnforcer : public CTPolicyEnforcer { |
(...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9478 ssl_options.ocsp_server_unavailable = true; | 9494 ssl_options.ocsp_server_unavailable = true; |
9479 | 9495 |
9480 CertStatus cert_status; | 9496 CertStatus cert_status; |
9481 DoConnection(ssl_options, &cert_status); | 9497 DoConnection(ssl_options, &cert_status); |
9482 | 9498 |
9483 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 9499 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
9484 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9500 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
9485 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 9501 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
9486 } | 9502 } |
9487 | 9503 |
9504 static const struct OCSPVerifyTestData { | |
9505 SpawnedTestServer::SSLOptions::OCSPStatus ocsp_status; | |
9506 SpawnedTestServer::SSLOptions::OCSPDate ocsp_date; | |
9507 OCSPVerifyResult::ResponseStatus response_status; | |
9508 bool is_date_valid; | |
9509 bool has_cert_status; | |
9510 OCSPCertStatus::Status cert_status; | |
9511 } kOCSPVerifyData[] = { | |
9512 { | |
9513 SpawnedTestServer::SSLOptions::OCSP_OK, | |
9514 SpawnedTestServer::SSLOptions::OCSP_VALID, OCSPVerifyResult::PROVIDED, | |
9515 true, true, OCSPCertStatus::Status::GOOD, | |
9516 }, | |
9517 { | |
9518 SpawnedTestServer::SSLOptions::OCSP_OK, | |
9519 SpawnedTestServer::SSLOptions::OCSP_OLD, | |
9520 OCSPVerifyResult::NO_MATCHING_RESPONSE, false, false, | |
9521 OCSPCertStatus::Status::GOOD, | |
9522 }, | |
9523 { | |
9524 SpawnedTestServer::SSLOptions::OCSP_OK, | |
9525 SpawnedTestServer::SSLOptions::OCSP_YOUNG, | |
9526 OCSPVerifyResult::NO_MATCHING_RESPONSE, false, false, | |
9527 OCSPCertStatus::Status::GOOD, | |
9528 }, | |
9529 { | |
9530 SpawnedTestServer::SSLOptions::OCSP_OK, | |
9531 SpawnedTestServer::SSLOptions::OCSP_LONG, | |
9532 OCSPVerifyResult::NO_MATCHING_RESPONSE, false, false, | |
9533 OCSPCertStatus::Status::GOOD, | |
9534 }, | |
9535 }; | |
9536 | |
9537 class HTTPSOCSPVerifyTest | |
9538 : public HTTPSOCSPTest, | |
9539 public testing::WithParamInterface<OCSPVerifyTestData> { | |
9540 public: | |
9541 HTTPSOCSPVerifyTest() = default; | |
9542 virtual ~HTTPSOCSPVerifyTest() {} | |
9543 }; | |
9544 | |
9545 TEST_P(HTTPSOCSPVerifyTest, SingleResponse) { | |
9546 SpawnedTestServer::SSLOptions ssl_options( | |
9547 SpawnedTestServer::SSLOptions::CERT_AUTO); | |
9548 OCSPVerifyTestData test = GetParam(); | |
9549 ssl_options.ocsp_status = test.ocsp_status; | |
9550 ssl_options.ocsp_date = test.ocsp_date; | |
9551 ssl_options.staple_ocsp_response = true; | |
9552 | |
9553 SSLInfo ssl_info; | |
9554 ASSERT_TRUE(DoConnection(ssl_options, &ssl_info)); | |
9555 | |
9556 EXPECT_EQ(0u, ssl_info.cert_status & CERT_STATUS_ALL_ERRORS); | |
9557 EXPECT_EQ(test.response_status, ssl_info.ocsp.response_status); | |
9558 | |
9559 ASSERT_EQ(1u, ssl_info.ocsp.stapled_responses.size()); | |
9560 EXPECT_TRUE(ssl_info.ocsp.stapled_responses[0].did_parse); | |
9561 EXPECT_EQ(test.is_date_valid, | |
9562 ssl_info.ocsp.stapled_responses[0].is_date_valid); | |
9563 EXPECT_TRUE(ssl_info.ocsp.stapled_responses[0].is_correct_certificate); | |
9564 EXPECT_EQ(OCSPCertStatus::Status::GOOD, | |
9565 ssl_info.ocsp.stapled_responses[0].status); | |
9566 | |
9567 if (test.has_cert_status) { | |
9568 ASSERT_TRUE(ssl_info.ocsp.cert_status); | |
9569 EXPECT_EQ(test.cert_status, *ssl_info.ocsp.cert_status); | |
9570 } else { | |
9571 EXPECT_FALSE(ssl_info.ocsp.cert_status); | |
9572 } | |
9573 }; | |
9574 | |
9575 INSTANTIATE_TEST_CASE_P(OCSPVerify, | |
9576 HTTPSOCSPVerifyTest, | |
9577 testing::ValuesIn(kOCSPVerifyData)); | |
9578 | |
9488 class HTTPSHardFailTest : public HTTPSOCSPTest { | 9579 class HTTPSHardFailTest : public HTTPSOCSPTest { |
9489 protected: | 9580 protected: |
9490 void SetupContext() override { | 9581 void SetupContext() override { |
9491 context_.set_ssl_config_service(new TestSSLConfigService( | 9582 context_.set_ssl_config_service(new TestSSLConfigService( |
9492 false /* check for EV */, false /* online revocation checking */, | 9583 false /* check for EV */, false /* online revocation checking */, |
9493 true /* require rev. checking for local | 9584 true /* require rev. checking for local |
9494 anchors */, | 9585 anchors */, |
9495 false /* token binding enabled */)); | 9586 false /* token binding enabled */)); |
9496 } | 9587 } |
9497 }; | 9588 }; |
(...skipping 650 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10148 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10239 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
10149 | 10240 |
10150 req->Start(); | 10241 req->Start(); |
10151 req->Cancel(); | 10242 req->Cancel(); |
10152 base::RunLoop().RunUntilIdle(); | 10243 base::RunLoop().RunUntilIdle(); |
10153 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 10244 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
10154 EXPECT_EQ(0, d.received_redirect_count()); | 10245 EXPECT_EQ(0, d.received_redirect_count()); |
10155 } | 10246 } |
10156 | 10247 |
10157 } // namespace net | 10248 } // namespace net |
OLD | NEW |