Chromium Code Reviews Chromium Code Reviews
Issue 2100303002:
Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ | 5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ |
| 6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ | 6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 74 // A certificate with invalid notBefore and notAfter times. Windows' | 74 // A certificate with invalid notBefore and notAfter times. Windows' |
| 75 // certificate library will not parse this certificate. | 75 // certificate library will not parse this certificate. |
| 76 CERT_BAD_VALIDITY, | 76 CERT_BAD_VALIDITY, |
| 77 }; | 77 }; |
| 78 | 78 |
| 79 // OCSPStatus enumerates the types of OCSP response that the testserver | 79 // OCSPStatus enumerates the types of OCSP response that the testserver |
| 80 // can produce. | 80 // can produce. |
| 81 enum OCSPStatus { | 81 enum OCSPStatus { |
| 82 OCSP_OK, | 82 OCSP_OK, |
| 83 OCSP_REVOKED, | 83 OCSP_REVOKED, |
| 84 OCSP_INVALID, | 84 OCSP_INVALID_RESPONSE, |
| 85 OCSP_UNAUTHORIZED, | 85 OCSP_UNAUTHORIZED, |
| 86 OCSP_UNKNOWN, | 86 OCSP_UNKNOWN, |
| 87 OCSP_INVALID_RESPONSE_DATA, | |
| 88 OCSP_TRY_LATER, | |
| 89 OCSP_MISMATCHED_SERIAL, | |
| 90 }; | |
| 91 | |
| 92 // OCSPDate enumerates the date ranges for OCSP responses that the | |
| 93 // testserver can produce. | |
| 94 enum OCSPDate { | |
| 95 OCSP_DATE_VALID, | |
| 96 OCSP_DATE_OLD, | |
| 97 OCSP_DATE_EARLY, | |
| 98 OCSP_DATE_LONG, | |
| 99 }; | |
| 100 | |
| 101 // SingleResponse is used when specifying multiple stapled responses, each | |
| 102 // with their own CertStatus and date validity. | |
| 103 struct SingleResponse { | |
|
Ryan Sleevi
2016/07/18 20:08:08
Naming: OCSPSingleResponse - since this is very mu
dadrian
2016/07/18 22:23:32
Done.
Although now the full type is SpawnedTestSe
| |
| 104 OCSPStatus status; | |
| 105 OCSPDate date; | |
| 106 }; | |
| 107 | |
| 108 // OCSPProduced enumerates the validity of the producedAt field in OCSP | |
| 109 // responses produced by the testserver. | |
| 110 enum OCSPProduced { | |
| 111 OCSP_PRODUCED_VALID, | |
| 112 OCSP_PRODUCED_BEFORE_CERT, | |
| 113 OCSP_PRODUCED_AFTER_CERT, | |
| 87 }; | 114 }; |
| 88 | 115 |
| 89 // Bitmask of key exchange algorithms that the test server supports and that | 116 // Bitmask of key exchange algorithms that the test server supports and that |
| 90 // can be selectively enabled or disabled. | 117 // can be selectively enabled or disabled. |
| 91 enum KeyExchange { | 118 enum KeyExchange { |
| 92 // Special value used to indicate that any algorithm the server supports | 119 // Special value used to indicate that any algorithm the server supports |
| 93 // is acceptable. Preferred over explicitly OR-ing all key exchange | 120 // is acceptable. Preferred over explicitly OR-ing all key exchange |
| 94 // algorithms. | 121 // algorithms. |
| 95 KEY_EXCHANGE_ANY = 0, | 122 KEY_EXCHANGE_ANY = 0, |
| 96 | 123 |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 144 ~SSLOptions(); | 171 ~SSLOptions(); |
| 145 | 172 |
| 146 // Returns the relative filename of the file that contains the | 173 // Returns the relative filename of the file that contains the |
| 147 // |server_certificate|. | 174 // |server_certificate|. |
| 148 base::FilePath GetCertificateFile() const; | 175 base::FilePath GetCertificateFile() const; |
| 149 | 176 |
| 150 // GetOCSPArgument returns the value of any OCSP argument to testserver or | 177 // GetOCSPArgument returns the value of any OCSP argument to testserver or |
| 151 // the empty string if there is none. | 178 // the empty string if there is none. |
| 152 std::string GetOCSPArgument() const; | 179 std::string GetOCSPArgument() const; |
| 153 | 180 |
| 181 // GetOCSPDateArgument returns the value of the OCSP date argument to | |
| 182 // testserver or the empty string if there is none. | |
| 183 std::string GetOCSPDateArgument() const; | |
| 184 | |
| 185 // GetOCSPProducedArgument returns the value of the OCSP produced argument | |
| 186 // to testserver or the empty string if there is none. | |
| 187 std::string GetOCSPProducedArgument() const; | |
| 188 | |
| 154 // The certificate to use when serving requests. | 189 // The certificate to use when serving requests. |
| 155 ServerCertificate server_certificate; | 190 ServerCertificate server_certificate; |
| 156 | 191 |
| 157 // If |server_certificate==CERT_AUTO| then this determines the type of OCSP | 192 // If |server_certificate==CERT_AUTO| then this determines the type of OCSP |
| 158 // response returned. | 193 // response returned. Ignored if |ocsp_responses| is non-empty. |
| 159 OCSPStatus ocsp_status; | 194 OCSPStatus ocsp_status; |
| 160 | 195 |
| 196 // If |server_certificate==CERT_AUTO| then this determines the date range | |
| 197 // set on the OCSP response returned. Ignore if |ocsp_responses| is | |
| 198 // non-empty. | |
| 199 OCSPDate ocsp_date; | |
| 200 | |
| 201 // If |server_certificate==CERT_AUTO|, contains the status and validity for | |
| 202 // multiple stapled responeses. Overrides |ocsp_status| and |ocsp_date| when | |
| 203 // non-empty. | |
| 204 std::vector<SingleResponse> ocsp_responses; | |
| 205 | |
| 206 // If |server_certificate==CERT_AUTO| then this determines the validity of | |
| 207 // the producedAt field on the returned OCSP response. | |
| 208 OCSPProduced ocsp_produced; | |
| 209 | |
| 161 // If not zero, |cert_serial| will be the serial number of the | 210 // If not zero, |cert_serial| will be the serial number of the |
| 162 // auto-generated leaf certificate when |server_certificate==CERT_AUTO|. | 211 // auto-generated leaf certificate when |server_certificate==CERT_AUTO|. |
| 163 uint64_t cert_serial; | 212 uint64_t cert_serial; |
| 164 | 213 |
| 165 // True if a CertificateRequest should be sent to the client during | 214 // True if a CertificateRequest should be sent to the client during |
| 166 // handshaking. | 215 // handshaking. |
| 167 bool request_client_certificate; | 216 bool request_client_certificate; |
| 168 | 217 |
| 169 // If |request_client_certificate| is true, an optional list of files, | 218 // If |request_client_certificate| is true, an optional list of files, |
| 170 // each containing a single, PEM-encoded X.509 certificates. The subject | 219 // each containing a single, PEM-encoded X.509 certificates. The subject |
| (...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 364 bool no_anonymous_ftp_user_; | 413 bool no_anonymous_ftp_user_; |
| 365 | 414 |
| 366 std::unique_ptr<ScopedPortException> allowed_port_; | 415 std::unique_ptr<ScopedPortException> allowed_port_; |
| 367 | 416 |
| 368 DISALLOW_COPY_AND_ASSIGN(BaseTestServer); | 417 DISALLOW_COPY_AND_ASSIGN(BaseTestServer); |
| 369 }; | 418 }; |
| 370 | 419 |
| 371 } // namespace net | 420 } // namespace net |
| 372 | 421 |
| 373 #endif // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ | 422 #endif // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ |
| OLD | NEW |
