Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_unittest.cc

Issue 2100303002: Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check
Patch Set: Comments from estark Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/test/spawned_test_server/base_test_server.cc ('K') | « net/tools/testserver/testserver.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <memory> 5 #include <memory>
6 #include <utility> 6 #include <utility>
7 7
8 #include "base/memory/ptr_util.h" 8 #include "base/memory/ptr_util.h"
9 #include "base/run_loop.h" 9 #include "base/run_loop.h"
10 #include "build/build_config.h" 10 #include "build/build_config.h"
(...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after
689 GURL latest_report_uri_; 689 GURL latest_report_uri_;
690 std::string latest_report_; 690 std::string latest_report_;
691 }; 691 };
692 692
693 class TestExperimentalFeaturesNetworkDelegate : public TestNetworkDelegate { 693 class TestExperimentalFeaturesNetworkDelegate : public TestNetworkDelegate {
694 public: 694 public:
695 bool OnAreExperimentalCookieFeaturesEnabled() const override { return true; } 695 bool OnAreExperimentalCookieFeaturesEnabled() const override { return true; }
696 bool OnAreStrictSecureCookiesEnabled() const override { return true; } 696 bool OnAreStrictSecureCookiesEnabled() const override { return true; }
697 }; 697 };
698 698
699 // OCSPErrorTestDelegate caches the SSLInfo passed to OnSSLCertificateError.
700 // This is needed because after the certificate failure, the URLRequest will
701 // retry the connection, and return a partial SSLInfo with a cached cert status.
702 // The partial SSLInfo does not have the OCSP information filled out.
703 class OCSPErrorTestDelegate : public TestDelegate {
704 public:
705 void OnSSLCertificateError(URLRequest* request,
706 const SSLInfo& ssl_info,
707 bool fatal) override {
708 ssl_info_ = ssl_info;
709 on_ssl_certificate_error_called_ = true;
710 TestDelegate::OnSSLCertificateError(request, ssl_info, fatal);
711 }
712
713 bool on_ssl_certificate_error_called() {
714 return on_ssl_certificate_error_called_;
715 }
716
717 SSLInfo ssl_info() { return ssl_info_; }
718
719 private:
720 bool on_ssl_certificate_error_called_ = false;
721 SSLInfo ssl_info_;
722 };
723
699 } // namespace 724 } // namespace
700 725
701 // Inherit PlatformTest since we require the autorelease pool on Mac OS X. 726 // Inherit PlatformTest since we require the autorelease pool on Mac OS X.
702 class URLRequestTest : public PlatformTest { 727 class URLRequestTest : public PlatformTest {
703 public: 728 public:
704 URLRequestTest() : default_context_(true) { 729 URLRequestTest() : default_context_(true) {
705 default_context_.set_network_delegate(&default_network_delegate_); 730 default_context_.set_network_delegate(&default_network_delegate_);
706 default_context_.set_net_log(&net_log_); 731 default_context_.set_net_log(&net_log_);
707 job_factory_impl_ = new URLRequestJobFactoryImpl(); 732 job_factory_impl_ = new URLRequestJobFactoryImpl();
708 job_factory_.reset(job_factory_impl_); 733 job_factory_.reset(job_factory_impl_);
(...skipping 8245 matching lines...) Expand 10 before | Expand all | Expand 10 after
8954 ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem"); 8979 ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem");
8955 CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); 8980 CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
8956 test_root_.reset(new ScopedTestRoot(root_cert.get())); 8981 test_root_.reset(new ScopedTestRoot(root_cert.get()));
8957 8982
8958 #if defined(USE_NSS_CERTS) 8983 #if defined(USE_NSS_CERTS)
8959 SetURLRequestContextForNSSHttpIO(&context_); 8984 SetURLRequestContextForNSSHttpIO(&context_);
8960 EnsureNSSHttpIOInit(); 8985 EnsureNSSHttpIOInit();
8961 #endif 8986 #endif
8962 } 8987 }
8963 8988
8964 void DoConnection(const SpawnedTestServer::SSLOptions& ssl_options, 8989 void DoConnectionWithDelegate(
8965 CertStatus* out_cert_status) { 8990 const SpawnedTestServer::SSLOptions& ssl_options,
8966 // We always overwrite out_cert_status. 8991 TestDelegate* delegate,
8967 *out_cert_status = 0; 8992 SSLInfo* out_ssl_info) {
8993 // Always overwrite |out_ssl_info|.
8994 out_ssl_info->Reset();
8995
8968 SpawnedTestServer test_server( 8996 SpawnedTestServer test_server(
8969 SpawnedTestServer::TYPE_HTTPS, 8997 SpawnedTestServer::TYPE_HTTPS,
8970 ssl_options, 8998 ssl_options,
8971 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); 8999 base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
8972 ASSERT_TRUE(test_server.Start()); 9000 ASSERT_TRUE(test_server.Start());
8973 9001
8974 TestDelegate d; 9002 delegate->set_allow_certificate_errors(true);
8975 d.set_allow_certificate_errors(true); 9003 std::unique_ptr<URLRequest> r(context_.CreateRequest(
8976 std::unique_ptr<URLRequest> r( 9004 test_server.GetURL("/"), DEFAULT_PRIORITY, delegate));
8977 context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, &d));
8978 r->Start(); 9005 r->Start();
8979 9006
8980 base::RunLoop().Run(); 9007 base::RunLoop().Run();
9008 EXPECT_EQ(1, delegate->response_started_count());
8981 9009
8982 EXPECT_EQ(1, d.response_started_count()); 9010 *out_ssl_info = r->ssl_info();
8983 *out_cert_status = r->ssl_info().cert_status; 9011 }
9012
9013 void DoConnection(const SpawnedTestServer::SSLOptions& ssl_options,
9014 CertStatus* out_cert_status) {
9015 // Always overwrite |out_cert_status|.
9016 *out_cert_status = 0;
9017
9018 TestDelegate d;
9019 SSLInfo ssl_info;
9020 ASSERT_NO_FATAL_FAILURE(
9021 DoConnectionWithDelegate(ssl_options, &d, &ssl_info));
9022
9023 *out_cert_status = ssl_info.cert_status;
8984 } 9024 }
8985 9025
8986 ~HTTPSOCSPTest() override { 9026 ~HTTPSOCSPTest() override {
8987 #if defined(USE_NSS_CERTS) 9027 #if defined(USE_NSS_CERTS)
8988 ShutdownNSSHttpIO(); 9028 ShutdownNSSHttpIO();
8989 #endif 9029 #endif
8990 } 9030 }
8991 9031
8992 protected: 9032 protected:
8993 class AllowAnyCertCTPolicyEnforcer : public CTPolicyEnforcer { 9033 class AllowAnyCertCTPolicyEnforcer : public CTPolicyEnforcer {
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
9128 } 9168 }
9129 9169
9130 TEST_F(HTTPSOCSPTest, Invalid) { 9170 TEST_F(HTTPSOCSPTest, Invalid) {
9131 if (!SystemSupportsOCSP()) { 9171 if (!SystemSupportsOCSP()) {
9132 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9172 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9133 return; 9173 return;
9134 } 9174 }
9135 9175
9136 SpawnedTestServer::SSLOptions ssl_options( 9176 SpawnedTestServer::SSLOptions ssl_options(
9137 SpawnedTestServer::SSLOptions::CERT_AUTO); 9177 SpawnedTestServer::SSLOptions::CERT_AUTO);
9138 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9178 ssl_options.ocsp_status =
9179 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9139 9180
9140 CertStatus cert_status; 9181 CertStatus cert_status;
9141 DoConnection(ssl_options, &cert_status); 9182 DoConnection(ssl_options, &cert_status);
9142 9183
9143 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9184 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
9144 cert_status & CERT_STATUS_ALL_ERRORS); 9185 cert_status & CERT_STATUS_ALL_ERRORS);
9145 9186
9146 // Without a positive OCSP response, we shouldn't show the EV status. 9187 // Without a positive OCSP response, we shouldn't show the EV status.
9147 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9188 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9148 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); 9189 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
9192 ssl_options.ocsp_server_unavailable = true; 9233 ssl_options.ocsp_server_unavailable = true;
9193 9234
9194 CertStatus cert_status; 9235 CertStatus cert_status;
9195 DoConnection(ssl_options, &cert_status); 9236 DoConnection(ssl_options, &cert_status);
9196 9237
9197 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); 9238 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
9198 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9239 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9199 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); 9240 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
9200 } 9241 }
9201 9242
9243 static const struct OCSPVerifyTestData {
9244 std::vector<SpawnedTestServer::SSLOptions::SingleResponse> ocsp_responses;
9245 SpawnedTestServer::SSLOptions::OCSPProduced ocsp_produced;
9246 OCSPVerifyResult::ResponseStatus response_status;
9247 bool has_revocation_status;
9248 OCSPRevocationStatus cert_status;
9249 } kOCSPVerifyData[] = {
9250
9251 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9252 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9253 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9254 OCSPVerifyResult::PROVIDED,
9255 true,
9256 OCSPRevocationStatus::GOOD},
9257
9258 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9259 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}},
9260 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9261 OCSPVerifyResult::INVALID_DATE,
9262 false,
9263 OCSPRevocationStatus::UNKNOWN},
9264
9265 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9266 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9267 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9268 OCSPVerifyResult::INVALID_DATE,
9269 false,
9270 OCSPRevocationStatus::UNKNOWN},
9271
9272 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9273 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9274 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9275 OCSPVerifyResult::INVALID_DATE,
9276 false,
9277 OCSPRevocationStatus::UNKNOWN},
9278
9279 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9280 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9281 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9282 OCSPVerifyResult::INVALID_DATE,
9283 false,
9284 OCSPRevocationStatus::UNKNOWN},
9285
9286 {{{SpawnedTestServer::SSLOptions::OCSP_TRY_LATER,
9287 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9288 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9289 OCSPVerifyResult::BAD_RESPONSE,
9290 false,
9291 OCSPRevocationStatus::UNKNOWN},
9292
9293 {{{SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE,
9294 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9295 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9296 OCSPVerifyResult::PARSE_RESPONSE,
9297 false,
9298 OCSPRevocationStatus::UNKNOWN},
9299
9300 {{{SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE_DATA,
9301 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9302 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9303 OCSPVerifyResult::PARSE_RESPONSE_DATA,
9304 false,
9305 OCSPRevocationStatus::UNKNOWN},
9306
9307 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9308 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9309 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9310 OCSPVerifyResult::INVALID_DATE,
9311 false,
9312 OCSPRevocationStatus::UNKNOWN},
9313
9314 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9315 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9316 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9317 OCSPVerifyResult::PROVIDED,
9318 true,
9319 OCSPRevocationStatus::UNKNOWN},
9320
9321 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9322 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}},
9323 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9324 OCSPVerifyResult::INVALID_DATE,
9325 false,
9326 OCSPRevocationStatus::UNKNOWN},
9327
9328 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9329 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9330 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9331 OCSPVerifyResult::INVALID_DATE,
9332 false,
9333 OCSPRevocationStatus::UNKNOWN},
9334
9335 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9336 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9337 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_BEFORE_CERT,
9338 OCSPVerifyResult::BAD_PRODUCED_AT,
9339 false,
9340 OCSPRevocationStatus::UNKNOWN},
9341
9342 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9343 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9344 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_AFTER_CERT,
9345 OCSPVerifyResult::BAD_PRODUCED_AT,
9346 false,
9347 OCSPRevocationStatus::UNKNOWN},
9348
9349 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9350 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9351 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_AFTER_CERT,
9352 OCSPVerifyResult::BAD_PRODUCED_AT,
9353 false,
9354 OCSPRevocationStatus::UNKNOWN},
9355
9356 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9357 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9358 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9359 OCSPVerifyResult::PROVIDED,
9360 true,
9361 OCSPRevocationStatus::REVOKED},
9362
9363 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9364 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}},
9365 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9366 OCSPVerifyResult::INVALID_DATE,
9367 false,
9368 OCSPRevocationStatus::UNKNOWN},
9369
9370 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9371 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9372 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9373 OCSPVerifyResult::INVALID_DATE,
9374 false,
9375 OCSPRevocationStatus::UNKNOWN},
9376
9377 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9378 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9379 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9380 OCSPVerifyResult::PROVIDED,
9381 true,
9382 OCSPRevocationStatus::GOOD},
9383
9384 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9385 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD},
9386 {SpawnedTestServer::SSLOptions::OCSP_OK,
9387 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9388 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9389 OCSPVerifyResult::PROVIDED,
9390 true,
9391 OCSPRevocationStatus::GOOD},
9392
9393 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9394 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY},
9395 {SpawnedTestServer::SSLOptions::OCSP_OK,
9396 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9397 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9398 OCSPVerifyResult::PROVIDED,
9399 true,
9400 OCSPRevocationStatus::GOOD},
9401
9402 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9403 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG},
9404 {SpawnedTestServer::SSLOptions::OCSP_OK,
9405 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9406 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9407 OCSPVerifyResult::PROVIDED,
9408 true,
9409 OCSPRevocationStatus::GOOD},
9410
9411 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9412 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY},
9413 {SpawnedTestServer::SSLOptions::OCSP_OK,
9414 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD},
9415 {SpawnedTestServer::SSLOptions::OCSP_OK,
9416 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9417 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9418 OCSPVerifyResult::INVALID_DATE,
9419 false,
9420 OCSPRevocationStatus::UNKNOWN},
9421
9422 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9423 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9424 {SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9425 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9426 {SpawnedTestServer::SSLOptions::OCSP_OK,
9427 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9428 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9429 OCSPVerifyResult::PROVIDED,
9430 true,
9431 OCSPRevocationStatus::REVOKED},
9432
9433 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9434 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9435 {SpawnedTestServer::SSLOptions::OCSP_OK,
9436 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9437 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9438 OCSPVerifyResult::PROVIDED,
9439 true,
9440 OCSPRevocationStatus::UNKNOWN},
9441
9442 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9443 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9444 {SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9445 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG},
9446 {SpawnedTestServer::SSLOptions::OCSP_OK,
9447 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9448 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9449 OCSPVerifyResult::PROVIDED,
9450 true,
9451 OCSPRevocationStatus::UNKNOWN},
9452
9453 {{{SpawnedTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL,
9454 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9455 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9456 OCSPVerifyResult::NO_MATCHING_RESPONSE,
9457 false,
9458 OCSPRevocationStatus::UNKNOWN},
9459
9460 {{{SpawnedTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL,
9461 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9462 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9463 OCSPVerifyResult::NO_MATCHING_RESPONSE,
9464 false,
9465 OCSPRevocationStatus::UNKNOWN},
9466
9467 };
9468
9469 class HTTPSOCSPVerifyTest
9470 : public HTTPSOCSPTest,
9471 public testing::WithParamInterface<OCSPVerifyTestData> {
9472 public:
9473 HTTPSOCSPVerifyTest() = default;
9474 virtual ~HTTPSOCSPVerifyTest() {}
9475 };
9476
9477 TEST_P(HTTPSOCSPVerifyTest, VerifyResult) {
9478 SpawnedTestServer::SSLOptions ssl_options(
9479 SpawnedTestServer::SSLOptions::CERT_AUTO);
9480 OCSPVerifyTestData test = GetParam();
9481
9482 ssl_options.ocsp_responses = test.ocsp_responses;
9483 ssl_options.ocsp_produced = test.ocsp_produced;
9484 ssl_options.staple_ocsp_response = true;
9485
9486 SSLInfo ssl_info;
9487 OCSPErrorTestDelegate delegate;
9488 ASSERT_NO_FATAL_FAILURE(
9489 DoConnectionWithDelegate(ssl_options, &delegate, &ssl_info));
9490
9491 // The SSLInfo must be extracted from |delegate| on error, due to how
9492 // URLRequest caches certificate errors.
9493 if (delegate.have_certificate_errors()) {
9494 ASSERT_TRUE(delegate.on_ssl_certificate_error_called());
9495 ssl_info = delegate.ssl_info();
9496 }
9497
9498 EXPECT_EQ(test.response_status, ssl_info.ocsp.response_status);
9499
9500 if (test.has_revocation_status) {
9501 ASSERT_TRUE(ssl_info.ocsp.revocation_status);
9502 EXPECT_EQ(test.cert_status, *ssl_info.ocsp.revocation_status);
9503 } else {
9504 EXPECT_FALSE(ssl_info.ocsp.revocation_status);
9505 }
9506 }
9507
9508 INSTANTIATE_TEST_CASE_P(OCSPVerify,
9509 HTTPSOCSPVerifyTest,
9510 testing::ValuesIn(kOCSPVerifyData));
9511
9202 class HTTPSHardFailTest : public HTTPSOCSPTest { 9512 class HTTPSHardFailTest : public HTTPSOCSPTest {
9203 protected: 9513 protected:
9204 void SetupContext() override { 9514 void SetupContext() override {
9205 context_.set_ssl_config_service(new TestSSLConfigService( 9515 context_.set_ssl_config_service(new TestSSLConfigService(
9206 false /* check for EV */, false /* online revocation checking */, 9516 false /* check for EV */, false /* online revocation checking */,
9207 true /* require rev. checking for local 9517 true /* require rev. checking for local
9208 anchors */, 9518 anchors */,
9209 false /* token binding enabled */)); 9519 false /* token binding enabled */));
9210 } 9520 }
9211 }; 9521 };
9212 9522
9213 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { 9523 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) {
9214 if (!SystemSupportsOCSP()) { 9524 if (!SystemSupportsOCSP()) {
9215 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9525 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9216 return; 9526 return;
9217 } 9527 }
9218 9528
9219 if (!SystemSupportsHardFailRevocationChecking()) { 9529 if (!SystemSupportsHardFailRevocationChecking()) {
9220 LOG(WARNING) << "Skipping test because system doesn't support hard fail " 9530 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
9221 << "revocation checking"; 9531 << "revocation checking";
9222 return; 9532 return;
9223 } 9533 }
9224 9534
9225 SpawnedTestServer::SSLOptions ssl_options( 9535 SpawnedTestServer::SSLOptions ssl_options(
9226 SpawnedTestServer::SSLOptions::CERT_AUTO); 9536 SpawnedTestServer::SSLOptions::CERT_AUTO);
9227 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9537 ssl_options.ocsp_status =
9538 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9228 9539
9229 CertStatus cert_status; 9540 CertStatus cert_status;
9230 DoConnection(ssl_options, &cert_status); 9541 DoConnection(ssl_options, &cert_status);
9231 9542
9232 EXPECT_EQ(CERT_STATUS_REVOKED, 9543 EXPECT_EQ(CERT_STATUS_REVOKED,
9233 cert_status & CERT_STATUS_REVOKED); 9544 cert_status & CERT_STATUS_REVOKED);
9234 9545
9235 // Without a positive OCSP response, we shouldn't show the EV status. 9546 // Without a positive OCSP response, we shouldn't show the EV status.
9236 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); 9547 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
9237 } 9548 }
(...skipping 10 matching lines...) Expand all
9248 }; 9559 };
9249 9560
9250 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { 9561 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) {
9251 if (!SystemSupportsOCSP()) { 9562 if (!SystemSupportsOCSP()) {
9252 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9563 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9253 return; 9564 return;
9254 } 9565 }
9255 9566
9256 SpawnedTestServer::SSLOptions ssl_options( 9567 SpawnedTestServer::SSLOptions ssl_options(
9257 SpawnedTestServer::SSLOptions::CERT_AUTO); 9568 SpawnedTestServer::SSLOptions::CERT_AUTO);
9258 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9569 ssl_options.ocsp_status =
9570 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9259 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>()); 9571 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>());
9260 9572
9261 CertStatus cert_status; 9573 CertStatus cert_status;
9262 DoConnection(ssl_options, &cert_status); 9574 DoConnection(ssl_options, &cert_status);
9263 9575
9264 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9576 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
9265 cert_status & CERT_STATUS_ALL_ERRORS); 9577 cert_status & CERT_STATUS_ALL_ERRORS);
9266 9578
9267 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9579 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9268 EXPECT_EQ(SystemUsesChromiumEVMetadata(), 9580 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
9320 } 9632 }
9321 9633
9322 TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSet) { 9634 TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSet) {
9323 if (!SystemSupportsOCSP()) { 9635 if (!SystemSupportsOCSP()) {
9324 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9636 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9325 return; 9637 return;
9326 } 9638 }
9327 9639
9328 SpawnedTestServer::SSLOptions ssl_options( 9640 SpawnedTestServer::SSLOptions ssl_options(
9329 SpawnedTestServer::SSLOptions::CERT_AUTO); 9641 SpawnedTestServer::SSLOptions::CERT_AUTO);
9330 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9642 ssl_options.ocsp_status =
9643 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9331 SSLConfigService::SetCRLSet( 9644 SSLConfigService::SetCRLSet(
9332 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); 9645 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting()));
9333 9646
9334 CertStatus cert_status; 9647 CertStatus cert_status;
9335 DoConnection(ssl_options, &cert_status); 9648 DoConnection(ssl_options, &cert_status);
9336 9649
9337 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9650 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
9338 cert_status & CERT_STATUS_ALL_ERRORS); 9651 cert_status & CERT_STATUS_ALL_ERRORS);
9339 9652
9340 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9653 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9341 EXPECT_EQ(SystemUsesChromiumEVMetadata(), 9654 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
9342 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); 9655 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));
9343 } 9656 }
9344 9657
9345 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetCovered) { 9658 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetCovered) {
9346 if (!SystemSupportsOCSP()) { 9659 if (!SystemSupportsOCSP()) {
9347 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9660 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9348 return; 9661 return;
9349 } 9662 }
9350 9663
9351 SpawnedTestServer::SSLOptions ssl_options( 9664 SpawnedTestServer::SSLOptions ssl_options(
9352 SpawnedTestServer::SSLOptions::CERT_AUTO); 9665 SpawnedTestServer::SSLOptions::CERT_AUTO);
9353 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9666 ssl_options.ocsp_status =
9667 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9354 SSLConfigService::SetCRLSet( 9668 SSLConfigService::SetCRLSet(
9355 scoped_refptr<CRLSet>(CRLSet::ForTesting( 9669 scoped_refptr<CRLSet>(CRLSet::ForTesting(
9356 false, &kOCSPTestCertSPKI, ""))); 9670 false, &kOCSPTestCertSPKI, "")));
9357 9671
9358 CertStatus cert_status; 9672 CertStatus cert_status;
9359 DoConnection(ssl_options, &cert_status); 9673 DoConnection(ssl_options, &cert_status);
9360 9674
9361 // With a fresh CRLSet that covers the issuing certificate, we shouldn't do a 9675 // With a fresh CRLSet that covers the issuing certificate, we shouldn't do a
9362 // revocation check for EV. 9676 // revocation check for EV.
9363 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); 9677 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
9364 EXPECT_EQ(SystemUsesChromiumEVMetadata(), 9678 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
9365 static_cast<bool>(cert_status & CERT_STATUS_IS_EV)); 9679 static_cast<bool>(cert_status & CERT_STATUS_IS_EV));
9366 EXPECT_FALSE( 9680 EXPECT_FALSE(
9367 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); 9681 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));
9368 } 9682 }
9369 9683
9370 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) { 9684 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) {
9371 if (!SystemSupportsOCSP()) { 9685 if (!SystemSupportsOCSP()) {
9372 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9686 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9373 return; 9687 return;
9374 } 9688 }
9375 9689
9376 SpawnedTestServer::SSLOptions ssl_options( 9690 SpawnedTestServer::SSLOptions ssl_options(
9377 SpawnedTestServer::SSLOptions::CERT_AUTO); 9691 SpawnedTestServer::SSLOptions::CERT_AUTO);
9378 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9692 ssl_options.ocsp_status =
9693 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9379 SSLConfigService::SetCRLSet( 9694 SSLConfigService::SetCRLSet(
9380 scoped_refptr<CRLSet>(CRLSet::EmptyCRLSetForTesting())); 9695 scoped_refptr<CRLSet>(CRLSet::EmptyCRLSetForTesting()));
9381 9696
9382 CertStatus cert_status = 0; 9697 CertStatus cert_status = 0;
9383 DoConnection(ssl_options, &cert_status); 9698 DoConnection(ssl_options, &cert_status);
9384 9699
9385 // Even with a fresh CRLSet, we should still do online revocation checks when 9700 // Even with a fresh CRLSet, we should still do online revocation checks when
9386 // the certificate chain isn't covered by the CRLSet, which it isn't in this 9701 // the certificate chain isn't covered by the CRLSet, which it isn't in this
9387 // test. 9702 // test.
9388 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9703 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
9428 false /* check for EV */, false /* online revocation checking */, 9743 false /* check for EV */, false /* online revocation checking */,
9429 false /* require rev. checking for local 9744 false /* require rev. checking for local
9430 anchors */, 9745 anchors */,
9431 false /* token binding enabled */)); 9746 false /* token binding enabled */));
9432 } 9747 }
9433 }; 9748 };
9434 9749
9435 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { 9750 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) {
9436 SpawnedTestServer::SSLOptions ssl_options( 9751 SpawnedTestServer::SSLOptions ssl_options(
9437 SpawnedTestServer::SSLOptions::CERT_AUTO); 9752 SpawnedTestServer::SSLOptions::CERT_AUTO);
9438 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9753 ssl_options.ocsp_status =
9754 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9439 SSLConfigService::SetCRLSet( 9755 SSLConfigService::SetCRLSet(
9440 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); 9756 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting()));
9441 9757
9442 CertStatus cert_status; 9758 CertStatus cert_status;
9443 DoConnection(ssl_options, &cert_status); 9759 DoConnection(ssl_options, &cert_status);
9444 9760
9445 // If we're not trying EV verification then, even if the CRLSet has expired, 9761 // If we're not trying EV verification then, even if the CRLSet has expired,
9446 // we don't fall back to online revocation checks. 9762 // we don't fall back to online revocation checks.
9447 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); 9763 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
9448 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9764 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
(...skipping 394 matching lines...) Expand 10 before | Expand all | Expand 10 after
9843 AddTestInterceptor()->set_main_intercept_job(std::move(job)); 10159 AddTestInterceptor()->set_main_intercept_job(std::move(job));
9844 10160
9845 req->Start(); 10161 req->Start();
9846 req->Cancel(); 10162 req->Cancel();
9847 base::RunLoop().RunUntilIdle(); 10163 base::RunLoop().RunUntilIdle();
9848 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); 10164 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status());
9849 EXPECT_EQ(0, d.received_redirect_count()); 10165 EXPECT_EQ(0, d.received_redirect_count());
9850 } 10166 }
9851 10167
9852 } // namespace net 10168 } // namespace net
OLDNEW
« net/test/spawned_test_server/base_test_server.cc ('K') | « net/tools/testserver/testserver.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698