Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(914)

Unified Diff: net/url_request/url_request_unittest.cc

Issue 2040513003: Implement Expect-Staple (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move OCSP into cert_verify_proc Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/tools/testserver/minica.py ('K') | « net/tools/testserver/testserver.py ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index cd41ebba004bd5a806f7ee4d2799f6c29f36fc2d..ff6610fb59b82705d391af929e8b7b13c039562d 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -9247,15 +9247,17 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
#endif
}
- void DoConnection(const SpawnedTestServer::SSLOptions& ssl_options,
- CertStatus* out_cert_status) {
- // We always overwrite out_cert_status.
- *out_cert_status = 0;
+ ::testing::AssertionResult DoConnection(
svaldez 2016/06/23 14:03:16 Is this change necessary?
+ const SpawnedTestServer::SSLOptions& ssl_options,
+ SSLInfo* out_ssl_info) {
+ // Always overwrite |out_ssl_info|.
+ out_ssl_info->Reset();
+
SpawnedTestServer test_server(
SpawnedTestServer::TYPE_HTTPS,
ssl_options,
base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
- ASSERT_TRUE(test_server.Start());
+ EXPECT_TRUE(test_server.Start());
TestDelegate d;
d.set_allow_certificate_errors(true);
@@ -9264,9 +9266,23 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
r->Start();
base::RunLoop().Run();
-
EXPECT_EQ(1, d.response_started_count());
- *out_cert_status = r->ssl_info().cert_status;
+
+ *out_ssl_info = r->ssl_info();
+ return ::testing::AssertionSuccess();
+ }
+
+ ::testing::AssertionResult DoConnection(
svaldez 2016/06/23 14:03:16 Same.
+ const SpawnedTestServer::SSLOptions& ssl_options,
+ CertStatus* out_cert_status) {
+ // Always overwrite |out_cert_status|.
+ *out_cert_status = 0;
+
+ SSLInfo ssl_info;
+ EXPECT_TRUE(DoConnection(ssl_options, &ssl_info));
+
+ *out_cert_status = ssl_info.cert_status;
+ return ::testing::AssertionSuccess();
}
~HTTPSOCSPTest() override {
@@ -9485,6 +9501,81 @@ TEST_F(HTTPSOCSPTest, MAYBE_RevokedStapled) {
EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
}
+static const struct OCSPVerifyTestData {
+ SpawnedTestServer::SSLOptions::OCSPStatus ocsp_status;
+ SpawnedTestServer::SSLOptions::OCSPDate ocsp_date;
+ OCSPVerifyResult::ResponseStatus response_status;
+ bool is_date_valid;
+ bool has_cert_status;
+ OCSPCertStatus::Status cert_status;
+} kOCSPVerifyData[] = {
+ {
+ SpawnedTestServer::SSLOptions::OCSP_OK,
+ SpawnedTestServer::SSLOptions::OCSP_VALID, OCSPVerifyResult::PROVIDED,
+ true, true, OCSPCertStatus::Status::GOOD,
+ },
+ {
+ SpawnedTestServer::SSLOptions::OCSP_OK,
+ SpawnedTestServer::SSLOptions::OCSP_OLD,
+ OCSPVerifyResult::NO_MATCHING_RESPONSE, false, false,
+ OCSPCertStatus::Status::GOOD,
+ },
+ {
+ SpawnedTestServer::SSLOptions::OCSP_OK,
+ SpawnedTestServer::SSLOptions::OCSP_YOUNG,
+ OCSPVerifyResult::NO_MATCHING_RESPONSE, false, false,
+ OCSPCertStatus::Status::GOOD,
+ },
+ {
+ SpawnedTestServer::SSLOptions::OCSP_OK,
+ SpawnedTestServer::SSLOptions::OCSP_LONG,
+ OCSPVerifyResult::NO_MATCHING_RESPONSE, false, false,
+ OCSPCertStatus::Status::GOOD,
+ },
+};
+
+class HTTPSOCSPVerifyTest
+ : public HTTPSOCSPTest,
+ public testing::WithParamInterface<OCSPVerifyTestData> {
+ public:
+ HTTPSOCSPVerifyTest() = default;
+ virtual ~HTTPSOCSPVerifyTest() {}
+};
+
+TEST_P(HTTPSOCSPVerifyTest, SingleResponse) {
+ SpawnedTestServer::SSLOptions ssl_options(
+ SpawnedTestServer::SSLOptions::CERT_AUTO);
+ OCSPVerifyTestData test = GetParam();
+ ssl_options.ocsp_status = test.ocsp_status;
+ ssl_options.ocsp_date = test.ocsp_date;
+ ssl_options.staple_ocsp_response = true;
+
+ SSLInfo ssl_info;
+ ASSERT_TRUE(DoConnection(ssl_options, &ssl_info));
+
+ EXPECT_EQ(0u, ssl_info.cert_status & CERT_STATUS_ALL_ERRORS);
+ EXPECT_EQ(test.response_status, ssl_info.ocsp.response_status);
+
+ ASSERT_EQ(1u, ssl_info.ocsp.stapled_responses.size());
+ EXPECT_TRUE(ssl_info.ocsp.stapled_responses[0].did_parse);
+ EXPECT_EQ(test.is_date_valid,
+ ssl_info.ocsp.stapled_responses[0].is_date_valid);
+ EXPECT_TRUE(ssl_info.ocsp.stapled_responses[0].is_correct_certificate);
+ EXPECT_EQ(OCSPCertStatus::Status::GOOD,
+ ssl_info.ocsp.stapled_responses[0].status);
+
+ if (test.has_cert_status) {
+ ASSERT_TRUE(ssl_info.ocsp.cert_status);
+ EXPECT_EQ(test.cert_status, *ssl_info.ocsp.cert_status);
+ } else {
+ EXPECT_FALSE(ssl_info.ocsp.cert_status);
+ }
+};
+
+INSTANTIATE_TEST_CASE_P(OCSPVerify,
+ HTTPSOCSPVerifyTest,
+ testing::ValuesIn(kOCSPVerifyData));
+
class HTTPSHardFailTest : public HTTPSOCSPTest {
protected:
void SetupContext() override {
« net/tools/testserver/minica.py ('K') | « net/tools/testserver/testserver.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698