Chromium Code Reviews Chromium Code Reviews
Issue 2100303002:
Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/test/spawned_test_server/base_test_server.h" | 5 #include "net/test/spawned_test_server/base_test_server.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 #include <limits> | 8 #include <limits> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 116 | 116 |
| 117 std::unique_ptr<base::ListValue> GetTokenBindingParams( | 117 std::unique_ptr<base::ListValue> GetTokenBindingParams( |
| 118 std::vector<int> params) { | 118 std::vector<int> params) { |
| 119 std::unique_ptr<base::ListValue> values(new base::ListValue()); | 119 std::unique_ptr<base::ListValue> values(new base::ListValue()); |
| 120 for (int param : params) { | 120 for (int param : params) { |
| 121 values->AppendInteger(param); | 121 values->AppendInteger(param); |
| 122 } | 122 } |
| 123 return values; | 123 return values; |
| 124 } | 124 } |
| 125 | 125 |
| 126 std::string OCSPStatusToString( | |
| 127 const BaseTestServer::SSLOptions::OCSPStatus& ocsp_status) { | |
| 128 switch (ocsp_status) { | |
| 129 case BaseTestServer::SSLOptions::OCSP_OK: | |
| 130 return "ok"; | |
| 131 case BaseTestServer::SSLOptions::OCSP_REVOKED: | |
| 132 return "revoked"; | |
| 133 case BaseTestServer::SSLOptions::OCSP_INVALID_RESPONSE: | |
| 134 return "invalid"; | |
| 135 case BaseTestServer::SSLOptions::OCSP_UNAUTHORIZED: | |
| 136 return "unauthorized"; | |
| 137 case BaseTestServer::SSLOptions::OCSP_UNKNOWN: | |
| 138 return "unknown"; | |
| 139 case BaseTestServer::SSLOptions::OCSP_TRY_LATER: | |
| 140 return "later"; | |
| 141 case BaseTestServer::SSLOptions::OCSP_INVALID_RESPONSE_DATA: | |
| 142 return "invalid_data"; | |
| 143 case BaseTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL: | |
| 144 return "mismatched_serial"; | |
| 145 } | |
| 146 NOTREACHED(); | |
| 147 return ""; | |
|
Ryan Sleevi
2016/07/18 20:08:08
std::string, not ""
dadrian
2016/07/18 22:23:32
Done.
| |
| 148 } | |
| 149 | |
| 150 std::string OCSPDateToString( | |
| 151 const BaseTestServer::SSLOptions::OCSPDate& ocsp_date) { | |
| 152 switch (ocsp_date) { | |
| 153 case BaseTestServer::SSLOptions::OCSP_DATE_VALID: | |
| 154 return "valid"; | |
| 155 case BaseTestServer::SSLOptions::OCSP_DATE_OLD: | |
| 156 return "old"; | |
| 157 case BaseTestServer::SSLOptions::OCSP_DATE_EARLY: | |
| 158 return "early"; | |
| 159 case BaseTestServer::SSLOptions::OCSP_DATE_LONG: | |
| 160 return "long"; | |
| 161 } | |
| 162 NOTREACHED(); | |
| 163 return ""; | |
|
Ryan Sleevi
2016/07/18 20:08:08
std::string() not ""
dadrian
2016/07/18 22:23:32
Done.
| |
| 164 } | |
| 165 | |
| 126 } // namespace | 166 } // namespace |
| 127 | 167 |
| 128 BaseTestServer::SSLOptions::SSLOptions() | 168 BaseTestServer::SSLOptions::SSLOptions() |
| 129 : server_certificate(CERT_OK), | 169 : server_certificate(CERT_OK), |
| 130 ocsp_status(OCSP_OK), | 170 ocsp_status(OCSP_OK), |
| 171 ocsp_date(OCSP_DATE_VALID), | |
| 172 ocsp_produced(OCSP_PRODUCED_VALID), | |
| 131 cert_serial(0), | 173 cert_serial(0), |
| 132 request_client_certificate(false), | 174 request_client_certificate(false), |
| 133 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY), | 175 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY), |
| 134 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), | 176 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), |
| 135 record_resume(false), | 177 record_resume(false), |
| 136 tls_intolerant(TLS_INTOLERANT_NONE), | 178 tls_intolerant(TLS_INTOLERANT_NONE), |
| 137 tls_intolerance_type(TLS_INTOLERANCE_ALERT), | 179 tls_intolerance_type(TLS_INTOLERANCE_ALERT), |
| 138 fallback_scsv_enabled(false), | 180 fallback_scsv_enabled(false), |
| 139 staple_ocsp_response(false), | 181 staple_ocsp_response(false), |
| 140 ocsp_server_unavailable(false), | 182 ocsp_server_unavailable(false), |
| 141 alert_after_handshake(false), | 183 alert_after_handshake(false), |
| 142 disable_channel_id(false), | 184 disable_channel_id(false), |
| 143 disable_extended_master_secret(false) {} | 185 disable_extended_master_secret(false) {} |
| 144 | 186 |
| 145 BaseTestServer::SSLOptions::SSLOptions( | 187 BaseTestServer::SSLOptions::SSLOptions( |
| 146 BaseTestServer::SSLOptions::ServerCertificate cert) | 188 BaseTestServer::SSLOptions::ServerCertificate cert) |
| 147 : server_certificate(cert), | 189 : server_certificate(cert), |
| 148 ocsp_status(OCSP_OK), | 190 ocsp_status(OCSP_OK), |
| 191 ocsp_date(OCSP_DATE_VALID), | |
| 192 ocsp_produced(OCSP_PRODUCED_VALID), | |
| 149 cert_serial(0), | 193 cert_serial(0), |
| 150 request_client_certificate(false), | 194 request_client_certificate(false), |
| 151 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY), | 195 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY), |
| 152 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), | 196 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), |
| 153 record_resume(false), | 197 record_resume(false), |
| 154 tls_intolerant(TLS_INTOLERANT_NONE), | 198 tls_intolerant(TLS_INTOLERANT_NONE), |
| 155 tls_intolerance_type(TLS_INTOLERANCE_ALERT), | 199 tls_intolerance_type(TLS_INTOLERANCE_ALERT), |
| 156 fallback_scsv_enabled(false), | 200 fallback_scsv_enabled(false), |
| 157 staple_ocsp_response(false), | 201 staple_ocsp_response(false), |
| 158 ocsp_server_unavailable(false), | 202 ocsp_server_unavailable(false), |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 184 default: | 228 default: |
| 185 NOTREACHED(); | 229 NOTREACHED(); |
| 186 } | 230 } |
| 187 return base::FilePath(); | 231 return base::FilePath(); |
| 188 } | 232 } |
| 189 | 233 |
| 190 std::string BaseTestServer::SSLOptions::GetOCSPArgument() const { | 234 std::string BaseTestServer::SSLOptions::GetOCSPArgument() const { |
| 191 if (server_certificate != CERT_AUTO) | 235 if (server_certificate != CERT_AUTO) |
| 192 return std::string(); | 236 return std::string(); |
| 193 | 237 |
| 194 switch (ocsp_status) { | 238 // |ocsp_responses| overrides when it is non-empty. |
| 195 case OCSP_OK: | 239 if (!ocsp_responses.empty()) { |
| 196 return "ok"; | 240 std::string arg; |
| 197 case OCSP_REVOKED: | 241 for (size_t i = 0; i < ocsp_responses.size(); i++) { |
| 198 return "revoked"; | 242 if (i != 0) |
| 199 case OCSP_INVALID: | 243 arg += ":"; |
| 200 return "invalid"; | 244 arg += OCSPStatusToString(ocsp_responses[i].status); |
| 201 case OCSP_UNAUTHORIZED: | 245 } |
| 202 return "unauthorized"; | 246 return arg; |
| 203 case OCSP_UNKNOWN: | 247 } |
| 204 return "unknown"; | 248 |
| 249 return OCSPStatusToString(ocsp_status); | |
| 250 } | |
| 251 | |
| 252 std::string BaseTestServer::SSLOptions::GetOCSPDateArgument() const { | |
| 253 if (server_certificate != CERT_AUTO) | |
| 254 return std::string(); | |
| 255 | |
| 256 if (!ocsp_responses.empty()) { | |
| 257 std::string arg; | |
| 258 for (size_t i = 0; i < ocsp_responses.size(); i++) { | |
| 259 if (i != 0) | |
| 260 arg += ":"; | |
| 261 arg += OCSPDateToString(ocsp_responses[i].date); | |
| 262 } | |
| 263 return arg; | |
| 264 } | |
| 265 | |
| 266 return OCSPDateToString(ocsp_date); | |
| 267 } | |
| 268 | |
| 269 std::string BaseTestServer::SSLOptions::GetOCSPProducedArgument() const { | |
| 270 if (server_certificate != CERT_AUTO) | |
| 271 return std::string(); | |
| 272 | |
| 273 switch (ocsp_produced) { | |
| 274 case OCSP_PRODUCED_VALID: | |
| 275 return "valid"; | |
| 276 case OCSP_PRODUCED_BEFORE_CERT: | |
| 277 return "before"; | |
| 278 case OCSP_PRODUCED_AFTER_CERT: | |
| 279 return "after"; | |
| 205 default: | 280 default: |
| 206 NOTREACHED(); | 281 NOTREACHED(); |
| 207 return std::string(); | 282 return std::string(); |
| 208 } | 283 } |
| 209 } | 284 } |
| 210 | 285 |
| 211 const char BaseTestServer::kLocalhost[] = "127.0.0.1"; | 286 const char BaseTestServer::kLocalhost[] = "127.0.0.1"; |
| 212 | 287 |
| 213 BaseTestServer::BaseTestServer(Type type, const std::string& host) | 288 BaseTestServer::BaseTestServer(Type type, const std::string& host) |
| 214 : type_(type), | 289 : type_(type), |
| (...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 517 arguments->Set("ssl-client-cert-type", client_cert_types.release()); | 592 arguments->Set("ssl-client-cert-type", client_cert_types.release()); |
| 518 } | 593 } |
| 519 | 594 |
| 520 if (type_ == TYPE_HTTPS) { | 595 if (type_ == TYPE_HTTPS) { |
| 521 arguments->Set("https", base::Value::CreateNullValue()); | 596 arguments->Set("https", base::Value::CreateNullValue()); |
| 522 | 597 |
| 523 std::string ocsp_arg = ssl_options_.GetOCSPArgument(); | 598 std::string ocsp_arg = ssl_options_.GetOCSPArgument(); |
| 524 if (!ocsp_arg.empty()) | 599 if (!ocsp_arg.empty()) |
| 525 arguments->SetString("ocsp", ocsp_arg); | 600 arguments->SetString("ocsp", ocsp_arg); |
| 526 | 601 |
| 602 std::string ocsp_date_arg = ssl_options_.GetOCSPDateArgument(); | |
| 603 if (!ocsp_date_arg.empty()) | |
| 604 arguments->SetString("ocsp-date", ocsp_date_arg); | |
| 605 | |
| 606 std::string ocsp_produced_arg = ssl_options_.GetOCSPProducedArgument(); | |
| 607 if (!ocsp_produced_arg.empty()) | |
| 608 arguments->SetString("ocsp-produced", ocsp_produced_arg); | |
| 609 | |
| 527 if (ssl_options_.cert_serial != 0) { | 610 if (ssl_options_.cert_serial != 0) { |
| 528 arguments->SetInteger("cert-serial", ssl_options_.cert_serial); | 611 arguments->SetInteger("cert-serial", ssl_options_.cert_serial); |
| 529 } | 612 } |
| 530 | 613 |
| 531 // Check key exchange argument. | 614 // Check key exchange argument. |
| 532 std::unique_ptr<base::ListValue> key_exchange_values(new base::ListValue()); | 615 std::unique_ptr<base::ListValue> key_exchange_values(new base::ListValue()); |
| 533 GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get()); | 616 GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get()); |
| 534 if (key_exchange_values->GetSize()) | 617 if (key_exchange_values->GetSize()) |
| 535 arguments->Set("ssl-key-exchange", key_exchange_values.release()); | 618 arguments->Set("ssl-key-exchange", key_exchange_values.release()); |
| 536 // Check bulk cipher argument. | 619 // Check bulk cipher argument. |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 586 | 669 |
| 587 return GenerateAdditionalArguments(arguments); | 670 return GenerateAdditionalArguments(arguments); |
| 588 } | 671 } |
| 589 | 672 |
| 590 bool BaseTestServer::GenerateAdditionalArguments( | 673 bool BaseTestServer::GenerateAdditionalArguments( |
| 591 base::DictionaryValue* arguments) const { | 674 base::DictionaryValue* arguments) const { |
| 592 return true; | 675 return true; |
| 593 } | 676 } |
| 594 | 677 |
| 595 } // namespace net | 678 } // namespace net |
| OLD | NEW |
