Index: net/http/transport_security_state_unittest.cc |
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc |
index 9f092d84a8462f27928f5630af1fd225c51681d9..c1f36e142e0a73107b3c15e8dbe045031f921c23 100644 |
--- a/net/http/transport_security_state_unittest.cc |
+++ b/net/http/transport_security_state_unittest.cc |
@@ -26,6 +26,7 @@ |
#include "net/cert/cert_verifier.h" |
#include "net/cert/cert_verify_result.h" |
#include "net/cert/ct_policy_status.h" |
+#include "net/cert/internal/test_helpers.h" |
#include "net/cert/test_root_certs.h" |
#include "net/cert/x509_cert_types.h" |
#include "net/cert/x509_certificate.h" |
@@ -1851,4 +1852,88 @@ TEST_F(TransportSecurityStateTest, ExpectCTReporter) { |
EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); |
} |
+static const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; |
svaldez
2016/06/13 14:03:04
Doesn't need to be static?
dadrian
2016/06/13 23:03:32
Done.
|
+ |
+class MockExpectStapleReportSender : public MockCertificateReportSender { |
+ public: |
+ bool ReportSent() { return latest_report() != ""; } |
+}; |
+ |
+class ExpectStapleTest : public TransportSecurityStateTest { |
+ public: |
+ void SetUp() override { |
+ TransportSecurityStateTest::SetUp(); |
+ security_state_.SetReportSender(&report_sender_); |
+ EnableStaticExpectStaple(&security_state_); |
+ } |
+ |
+ struct OCSPTest { |
+ std::string ocsp_response; |
+ scoped_refptr<X509Certificate> certificate; |
+ }; |
+ |
+ static bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { |
+ std::string ca_data; |
+ std::string cert_data; |
+ const PemBlockMapping mappings[] = { |
+ {"OCSP RESPONSE", &ocsp->ocsp_response}, |
+ {"CA CERTIFICATE", &ca_data}, |
+ {"CERTIFICATE", &cert_data}, |
+ }; |
+ std::string full_path = std::string(kOCSPPathPrefix) + file_name; |
+ if (!ReadTestDataFromPemFile(full_path, mappings)) |
+ return false; |
+ |
+ // Parse the server certificate |
+ CertificateList server_cert_list = |
+ X509Certificate::CreateCertificateListFromBytes( |
+ cert_data.data(), cert_data.size(), |
+ X509Certificate::FORMAT_SINGLE_CERTIFICATE); |
+ ocsp->certificate = server_cert_list[0]; |
+ return true; |
+ } |
+ |
+ static TransportSecurityState::ExpectStapleState |
+ GetDefaultExpectStapleState() { |
+ TransportSecurityState::ExpectStapleState state; |
+ state.domain = "example.com"; // Doesn't matter |
svaldez
2016/06/13 14:03:04
Can you use kHost?
dadrian
2016/06/13 23:03:32
Done.
|
+ state.report_uri = GURL("reports.example.com/expect-staple"); |
svaldez
2016/06/13 14:03:04
Use constant.
dadrian
2016/06/13 23:03:32
Done.
|
+ state.include_subdomains = false; |
+ return state; |
+ } |
+ |
+ protected: |
+ void CheckExpectStaple(const OCSPTest& ocsp) { |
+ TransportSecurityState::ExpectStapleState expect_staple_state = |
+ GetDefaultExpectStapleState(); |
+ HostPortPair host_port(kExpectCTStaticHostname, 443); |
+ security_state_.CheckExpectStaple(host_port, expect_staple_state, |
+ *ocsp.certificate, ocsp.ocsp_response); |
+ } |
+ |
+ TransportSecurityState security_state_; |
+ MockExpectStapleReportSender report_sender_; |
+}; |
+ |
+TEST_F(ExpectStapleTest, Valid) { |
+ OCSPTest ocsp; |
+ ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); |
+ CheckExpectStaple(ocsp); |
+ EXPECT_FALSE(report_sender_.ReportSent()); |
+}; |
+ |
+TEST_F(ExpectStapleTest, ValidWithExtension) { |
+ OCSPTest ocsp; |
+ ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); |
+ CheckExpectStaple(ocsp); |
+ EXPECT_FALSE(report_sender_.ReportSent()); |
+}; |
+ |
+TEST_F(ExpectStapleTest, MissingSingleResponse) { |
+ OCSPTest ocsp; |
+ ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); |
+ CheckExpectStaple(ocsp); |
+ EXPECT_TRUE(report_sender_.ReportSent()); |
+}; |
+ |
} // namespace net |