Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(337)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_unittest.cc

Issue 2100303002: Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check
Patch Set: Optional was optional. Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/test/spawned_test_server/base_test_server.h ('K') | « net/tools/testserver/testserver.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <memory> 5 #include <memory>
6 #include <utility> 6 #include <utility>
7 7
8 #include "base/memory/ptr_util.h" 8 #include "base/memory/ptr_util.h"
9 #include "base/run_loop.h" 9 #include "base/run_loop.h"
10 #include "build/build_config.h" 10 #include "build/build_config.h"
(...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after
689 GURL latest_report_uri_; 689 GURL latest_report_uri_;
690 std::string latest_report_; 690 std::string latest_report_;
691 }; 691 };
692 692
693 class TestExperimentalFeaturesNetworkDelegate : public TestNetworkDelegate { 693 class TestExperimentalFeaturesNetworkDelegate : public TestNetworkDelegate {
694 public: 694 public:
695 bool OnAreExperimentalCookieFeaturesEnabled() const override { return true; } 695 bool OnAreExperimentalCookieFeaturesEnabled() const override { return true; }
696 bool OnAreStrictSecureCookiesEnabled() const override { return true; } 696 bool OnAreStrictSecureCookiesEnabled() const override { return true; }
697 }; 697 };
698 698
699 // OCSPErrorTestDelegate caches the SSLInfo passed to OnSSLCertificateError.
700 // This is needed because after the certificate failure, the URLRequest will
701 // retry the connection, and return a partial SSLInfo with a cached cert status.
702 // The partial SSLInfo does not have the OCSP information filled out.
703 class OCSPErrorTestDelegate : public TestDelegate {
704 public:
705 void OnSSLCertificateError(URLRequest* request,
706 const SSLInfo& ssl_info,
707 bool fatal) override {
708 ssl_info_ = ssl_info;
709 on_ssl_certificate_error_called_ = true;
710 TestDelegate::OnSSLCertificateError(request, ssl_info, fatal);
711 }
712
713 bool on_ssl_certificate_error_called() {
714 return on_ssl_certificate_error_called_;
715 }
716
717 SSLInfo ssl_info() { return ssl_info_; }
718
719 private:
720 bool on_ssl_certificate_error_called_ = false;
721 SSLInfo ssl_info_;
722 };
723
699 } // namespace 724 } // namespace
700 725
701 // Inherit PlatformTest since we require the autorelease pool on Mac OS X. 726 // Inherit PlatformTest since we require the autorelease pool on Mac OS X.
702 class URLRequestTest : public PlatformTest { 727 class URLRequestTest : public PlatformTest {
703 public: 728 public:
704 URLRequestTest() : default_context_(true) { 729 URLRequestTest() : default_context_(true) {
705 default_context_.set_network_delegate(&default_network_delegate_); 730 default_context_.set_network_delegate(&default_network_delegate_);
706 default_context_.set_net_log(&net_log_); 731 default_context_.set_net_log(&net_log_);
707 job_factory_impl_ = new URLRequestJobFactoryImpl(); 732 job_factory_impl_ = new URLRequestJobFactoryImpl();
708 job_factory_.reset(job_factory_impl_); 733 job_factory_.reset(job_factory_impl_);
(...skipping 8259 matching lines...) Expand 10 before | Expand all | Expand 10 after
8968 ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem"); 8993 ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem");
8969 CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); 8994 CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
8970 test_root_.reset(new ScopedTestRoot(root_cert.get())); 8995 test_root_.reset(new ScopedTestRoot(root_cert.get()));
8971 8996
8972 #if defined(USE_NSS_CERTS) 8997 #if defined(USE_NSS_CERTS)
8973 SetURLRequestContextForNSSHttpIO(&context_); 8998 SetURLRequestContextForNSSHttpIO(&context_);
8974 EnsureNSSHttpIOInit(); 8999 EnsureNSSHttpIOInit();
8975 #endif 9000 #endif
8976 } 9001 }
8977 9002
8978 void DoConnection(const SpawnedTestServer::SSLOptions& ssl_options, 9003 void DoConnectionWithDelegate(
8979 CertStatus* out_cert_status) { 9004 const SpawnedTestServer::SSLOptions& ssl_options,
8980 // We always overwrite out_cert_status. 9005 TestDelegate* delegate,
8981 *out_cert_status = 0; 9006 SSLInfo* out_ssl_info) {
9007 // Always overwrite |out_ssl_info|.
9008 out_ssl_info->Reset();
9009
8982 SpawnedTestServer test_server( 9010 SpawnedTestServer test_server(
8983 SpawnedTestServer::TYPE_HTTPS, 9011 SpawnedTestServer::TYPE_HTTPS,
8984 ssl_options, 9012 ssl_options,
8985 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); 9013 base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
8986 ASSERT_TRUE(test_server.Start()); 9014 ASSERT_TRUE(test_server.Start());
8987 9015
8988 TestDelegate d; 9016 delegate->set_allow_certificate_errors(true);
8989 d.set_allow_certificate_errors(true); 9017 std::unique_ptr<URLRequest> r(context_.CreateRequest(
8990 std::unique_ptr<URLRequest> r( 9018 test_server.GetURL("/"), DEFAULT_PRIORITY, delegate));
8991 context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, &d));
8992 r->Start(); 9019 r->Start();
8993 9020
8994 base::RunLoop().Run(); 9021 base::RunLoop().Run();
9022 EXPECT_EQ(1, delegate->response_started_count());
8995 9023
8996 EXPECT_EQ(1, d.response_started_count()); 9024 *out_ssl_info = r->ssl_info();
8997 *out_cert_status = r->ssl_info().cert_status; 9025 }
9026
9027 void DoConnection(const SpawnedTestServer::SSLOptions& ssl_options,
9028 CertStatus* out_cert_status) {
9029 // Always overwrite |out_cert_status|.
9030 *out_cert_status = 0;
9031
9032 TestDelegate d;
9033 SSLInfo ssl_info;
9034 ASSERT_NO_FATAL_FAILURE(
9035 DoConnectionWithDelegate(ssl_options, &d, &ssl_info));
9036
9037 *out_cert_status = ssl_info.cert_status;
8998 } 9038 }
8999 9039
9000 ~HTTPSOCSPTest() override { 9040 ~HTTPSOCSPTest() override {
9001 #if defined(USE_NSS_CERTS) 9041 #if defined(USE_NSS_CERTS)
9002 ShutdownNSSHttpIO(); 9042 ShutdownNSSHttpIO();
9003 #endif 9043 #endif
9004 } 9044 }
9005 9045
9006 protected: 9046 protected:
9007 class AllowAnyCertCTPolicyEnforcer : public CTPolicyEnforcer { 9047 class AllowAnyCertCTPolicyEnforcer : public CTPolicyEnforcer {
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
9142 } 9182 }
9143 9183
9144 TEST_F(HTTPSOCSPTest, Invalid) { 9184 TEST_F(HTTPSOCSPTest, Invalid) {
9145 if (!SystemSupportsOCSP()) { 9185 if (!SystemSupportsOCSP()) {
9146 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9186 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9147 return; 9187 return;
9148 } 9188 }
9149 9189
9150 SpawnedTestServer::SSLOptions ssl_options( 9190 SpawnedTestServer::SSLOptions ssl_options(
9151 SpawnedTestServer::SSLOptions::CERT_AUTO); 9191 SpawnedTestServer::SSLOptions::CERT_AUTO);
9152 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9192 ssl_options.ocsp_status =
9193 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9153 9194
9154 CertStatus cert_status; 9195 CertStatus cert_status;
9155 DoConnection(ssl_options, &cert_status); 9196 DoConnection(ssl_options, &cert_status);
9156 9197
9157 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9198 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
9158 cert_status & CERT_STATUS_ALL_ERRORS); 9199 cert_status & CERT_STATUS_ALL_ERRORS);
9159 9200
9160 // Without a positive OCSP response, we shouldn't show the EV status. 9201 // Without a positive OCSP response, we shouldn't show the EV status.
9161 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9202 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9162 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); 9203 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
9206 ssl_options.ocsp_server_unavailable = true; 9247 ssl_options.ocsp_server_unavailable = true;
9207 9248
9208 CertStatus cert_status; 9249 CertStatus cert_status;
9209 DoConnection(ssl_options, &cert_status); 9250 DoConnection(ssl_options, &cert_status);
9210 9251
9211 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); 9252 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
9212 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9253 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9213 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); 9254 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
9214 } 9255 }
9215 9256
9257 static const struct OCSPVerifyTestData {
9258 std::vector<SpawnedTestServer::SSLOptions::OCSPSingleResponse> ocsp_responses;
9259 SpawnedTestServer::SSLOptions::OCSPProduced ocsp_produced;
9260 OCSPVerifyResult::ResponseStatus response_status;
Ryan Sleevi 2016/07/18 22:56:37 It's arguably more typing, but if it makes you fee
dadrian 2016/07/18 23:20:26 If I never have to touch this array again, it'll s
9261 bool has_revocation_status;
9262 OCSPRevocationStatus cert_status;
9263 } kOCSPVerifyData[] = {
9264
9265 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9266 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9267 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9268 OCSPVerifyResult::PROVIDED,
9269 true,
9270 OCSPRevocationStatus::GOOD},
9271
9272 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9273 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}},
9274 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9275 OCSPVerifyResult::INVALID_DATE,
9276 false,
9277 OCSPRevocationStatus::UNKNOWN},
9278
9279 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9280 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9281 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9282 OCSPVerifyResult::INVALID_DATE,
9283 false,
9284 OCSPRevocationStatus::UNKNOWN},
9285
9286 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9287 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9288 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9289 OCSPVerifyResult::INVALID_DATE,
9290 false,
9291 OCSPRevocationStatus::UNKNOWN},
9292
9293 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9294 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9295 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9296 OCSPVerifyResult::INVALID_DATE,
9297 false,
9298 OCSPRevocationStatus::UNKNOWN},
9299
9300 {{{SpawnedTestServer::SSLOptions::OCSP_TRY_LATER,
9301 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9302 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9303 OCSPVerifyResult::ERROR_RESPONSE,
9304 false,
9305 OCSPRevocationStatus::UNKNOWN},
9306
9307 {{{SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE,
9308 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9309 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9310 OCSPVerifyResult::PARSE_RESPONSE_ERROR,
9311 false,
9312 OCSPRevocationStatus::UNKNOWN},
9313
9314 {{{SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE_DATA,
9315 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9316 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9317 OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR,
9318 false,
9319 OCSPRevocationStatus::UNKNOWN},
9320
9321 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9322 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9323 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9324 OCSPVerifyResult::INVALID_DATE,
9325 false,
9326 OCSPRevocationStatus::UNKNOWN},
9327
9328 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9329 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9330 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9331 OCSPVerifyResult::PROVIDED,
9332 true,
9333 OCSPRevocationStatus::UNKNOWN},
9334
9335 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9336 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}},
9337 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9338 OCSPVerifyResult::INVALID_DATE,
9339 false,
9340 OCSPRevocationStatus::UNKNOWN},
9341
9342 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9343 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9344 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9345 OCSPVerifyResult::INVALID_DATE,
9346 false,
9347 OCSPRevocationStatus::UNKNOWN},
9348
9349 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9350 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9351 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_BEFORE_CERT,
9352 OCSPVerifyResult::BAD_PRODUCED_AT,
9353 false,
9354 OCSPRevocationStatus::UNKNOWN},
9355
9356 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9357 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9358 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_AFTER_CERT,
9359 OCSPVerifyResult::BAD_PRODUCED_AT,
9360 false,
9361 OCSPRevocationStatus::UNKNOWN},
9362
9363 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9364 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9365 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_AFTER_CERT,
9366 OCSPVerifyResult::BAD_PRODUCED_AT,
9367 false,
9368 OCSPRevocationStatus::UNKNOWN},
9369
9370 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9371 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9372 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9373 OCSPVerifyResult::PROVIDED,
9374 true,
9375 OCSPRevocationStatus::REVOKED},
9376
9377 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9378 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}},
9379 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9380 OCSPVerifyResult::INVALID_DATE,
9381 false,
9382 OCSPRevocationStatus::UNKNOWN},
9383
9384 {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9385 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9386 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9387 OCSPVerifyResult::INVALID_DATE,
9388 false,
9389 OCSPRevocationStatus::UNKNOWN},
9390
9391 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9392 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9393 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9394 OCSPVerifyResult::PROVIDED,
9395 true,
9396 OCSPRevocationStatus::GOOD},
9397
9398 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9399 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD},
9400 {SpawnedTestServer::SSLOptions::OCSP_OK,
9401 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9402 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9403 OCSPVerifyResult::PROVIDED,
9404 true,
9405 OCSPRevocationStatus::GOOD},
9406
9407 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9408 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY},
9409 {SpawnedTestServer::SSLOptions::OCSP_OK,
9410 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9411 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9412 OCSPVerifyResult::PROVIDED,
9413 true,
9414 OCSPRevocationStatus::GOOD},
9415
9416 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9417 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG},
9418 {SpawnedTestServer::SSLOptions::OCSP_OK,
9419 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9420 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9421 OCSPVerifyResult::PROVIDED,
9422 true,
9423 OCSPRevocationStatus::GOOD},
9424
9425 {{{SpawnedTestServer::SSLOptions::OCSP_OK,
9426 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY},
9427 {SpawnedTestServer::SSLOptions::OCSP_OK,
9428 SpawnedTestServer::SSLOptions::OCSP_DATE_OLD},
9429 {SpawnedTestServer::SSLOptions::OCSP_OK,
9430 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}},
9431 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9432 OCSPVerifyResult::INVALID_DATE,
9433 false,
9434 OCSPRevocationStatus::UNKNOWN},
9435
9436 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9437 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9438 {SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9439 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9440 {SpawnedTestServer::SSLOptions::OCSP_OK,
9441 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9442 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9443 OCSPVerifyResult::PROVIDED,
9444 true,
9445 OCSPRevocationStatus::REVOKED},
9446
9447 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9448 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9449 {SpawnedTestServer::SSLOptions::OCSP_OK,
9450 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9451 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9452 OCSPVerifyResult::PROVIDED,
9453 true,
9454 OCSPRevocationStatus::UNKNOWN},
9455
9456 {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN,
9457 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID},
9458 {SpawnedTestServer::SSLOptions::OCSP_REVOKED,
9459 SpawnedTestServer::SSLOptions::OCSP_DATE_LONG},
9460 {SpawnedTestServer::SSLOptions::OCSP_OK,
9461 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9462 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9463 OCSPVerifyResult::PROVIDED,
9464 true,
9465 OCSPRevocationStatus::UNKNOWN},
9466
9467 {{{SpawnedTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL,
9468 SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}},
9469 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9470 OCSPVerifyResult::NO_MATCHING_RESPONSE,
9471 false,
9472 OCSPRevocationStatus::UNKNOWN},
9473
9474 {{{SpawnedTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL,
9475 SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}},
9476 SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID,
9477 OCSPVerifyResult::NO_MATCHING_RESPONSE,
9478 false,
9479 OCSPRevocationStatus::UNKNOWN},
9480
9481 };
9482
9483 class HTTPSOCSPVerifyTest
9484 : public HTTPSOCSPTest,
9485 public testing::WithParamInterface<OCSPVerifyTestData> {
9486 public:
9487 HTTPSOCSPVerifyTest() = default;
9488 virtual ~HTTPSOCSPVerifyTest() {}
Ryan Sleevi 2016/07/18 22:56:37 Pretty sure you can omit both of these, so that it
dadrian 2016/07/18 23:20:26 Done.
9489 };
9490
9491 TEST_P(HTTPSOCSPVerifyTest, VerifyResult) {
9492 SpawnedTestServer::SSLOptions ssl_options(
9493 SpawnedTestServer::SSLOptions::CERT_AUTO);
9494 OCSPVerifyTestData test = GetParam();
9495
9496 ssl_options.ocsp_responses = test.ocsp_responses;
9497 ssl_options.ocsp_produced = test.ocsp_produced;
9498 ssl_options.staple_ocsp_response = true;
9499
9500 SSLInfo ssl_info;
9501 OCSPErrorTestDelegate delegate;
9502 ASSERT_NO_FATAL_FAILURE(
9503 DoConnectionWithDelegate(ssl_options, &delegate, &ssl_info));
9504
9505 // The SSLInfo must be extracted from |delegate| on error, due to how
9506 // URLRequest caches certificate errors.
9507 if (delegate.have_certificate_errors()) {
9508 ASSERT_TRUE(delegate.on_ssl_certificate_error_called());
9509 ssl_info = delegate.ssl_info();
9510 }
9511
9512 EXPECT_EQ(test.response_status, ssl_info.ocsp_result.response_status);
9513
9514 if (test.has_revocation_status) {
9515 EXPECT_EQ(test.cert_status, ssl_info.ocsp_result.revocation_status);
9516 }
Ryan Sleevi 2016/07/18 22:56:37 omit braces
dadrian 2016/07/18 23:20:26 headdesk dot gif. Done.
9517 }
9518
9519 INSTANTIATE_TEST_CASE_P(OCSPVerify,
9520 HTTPSOCSPVerifyTest,
9521 testing::ValuesIn(kOCSPVerifyData));
9522
9216 class HTTPSHardFailTest : public HTTPSOCSPTest { 9523 class HTTPSHardFailTest : public HTTPSOCSPTest {
9217 protected: 9524 protected:
9218 void SetupContext() override { 9525 void SetupContext() override {
9219 context_.set_ssl_config_service(new TestSSLConfigService( 9526 context_.set_ssl_config_service(new TestSSLConfigService(
9220 false /* check for EV */, false /* online revocation checking */, 9527 false /* check for EV */, false /* online revocation checking */,
9221 true /* require rev. checking for local 9528 true /* require rev. checking for local
9222 anchors */, 9529 anchors */,
9223 false /* token binding enabled */)); 9530 false /* token binding enabled */));
9224 } 9531 }
9225 }; 9532 };
9226 9533
9227 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { 9534 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) {
9228 if (!SystemSupportsOCSP()) { 9535 if (!SystemSupportsOCSP()) {
9229 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9536 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9230 return; 9537 return;
9231 } 9538 }
9232 9539
9233 if (!SystemSupportsHardFailRevocationChecking()) { 9540 if (!SystemSupportsHardFailRevocationChecking()) {
9234 LOG(WARNING) << "Skipping test because system doesn't support hard fail " 9541 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
9235 << "revocation checking"; 9542 << "revocation checking";
9236 return; 9543 return;
9237 } 9544 }
9238 9545
9239 SpawnedTestServer::SSLOptions ssl_options( 9546 SpawnedTestServer::SSLOptions ssl_options(
9240 SpawnedTestServer::SSLOptions::CERT_AUTO); 9547 SpawnedTestServer::SSLOptions::CERT_AUTO);
9241 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9548 ssl_options.ocsp_status =
9549 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9242 9550
9243 CertStatus cert_status; 9551 CertStatus cert_status;
9244 DoConnection(ssl_options, &cert_status); 9552 DoConnection(ssl_options, &cert_status);
9245 9553
9246 EXPECT_EQ(CERT_STATUS_REVOKED, 9554 EXPECT_EQ(CERT_STATUS_REVOKED,
9247 cert_status & CERT_STATUS_REVOKED); 9555 cert_status & CERT_STATUS_REVOKED);
9248 9556
9249 // Without a positive OCSP response, we shouldn't show the EV status. 9557 // Without a positive OCSP response, we shouldn't show the EV status.
9250 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); 9558 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
9251 } 9559 }
(...skipping 10 matching lines...) Expand all
9262 }; 9570 };
9263 9571
9264 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { 9572 TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) {
9265 if (!SystemSupportsOCSP()) { 9573 if (!SystemSupportsOCSP()) {
9266 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9574 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9267 return; 9575 return;
9268 } 9576 }
9269 9577
9270 SpawnedTestServer::SSLOptions ssl_options( 9578 SpawnedTestServer::SSLOptions ssl_options(
9271 SpawnedTestServer::SSLOptions::CERT_AUTO); 9579 SpawnedTestServer::SSLOptions::CERT_AUTO);
9272 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9580 ssl_options.ocsp_status =
9581 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9273 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>()); 9582 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>());
9274 9583
9275 CertStatus cert_status; 9584 CertStatus cert_status;
9276 DoConnection(ssl_options, &cert_status); 9585 DoConnection(ssl_options, &cert_status);
9277 9586
9278 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9587 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
9279 cert_status & CERT_STATUS_ALL_ERRORS); 9588 cert_status & CERT_STATUS_ALL_ERRORS);
9280 9589
9281 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9590 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9282 EXPECT_EQ(SystemUsesChromiumEVMetadata(), 9591 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
9334 } 9643 }
9335 9644
9336 TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSet) { 9645 TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSet) {
9337 if (!SystemSupportsOCSP()) { 9646 if (!SystemSupportsOCSP()) {
9338 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9647 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9339 return; 9648 return;
9340 } 9649 }
9341 9650
9342 SpawnedTestServer::SSLOptions ssl_options( 9651 SpawnedTestServer::SSLOptions ssl_options(
9343 SpawnedTestServer::SSLOptions::CERT_AUTO); 9652 SpawnedTestServer::SSLOptions::CERT_AUTO);
9344 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9653 ssl_options.ocsp_status =
9654 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9345 SSLConfigService::SetCRLSet( 9655 SSLConfigService::SetCRLSet(
9346 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); 9656 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting()));
9347 9657
9348 CertStatus cert_status; 9658 CertStatus cert_status;
9349 DoConnection(ssl_options, &cert_status); 9659 DoConnection(ssl_options, &cert_status);
9350 9660
9351 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9661 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
9352 cert_status & CERT_STATUS_ALL_ERRORS); 9662 cert_status & CERT_STATUS_ALL_ERRORS);
9353 9663
9354 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9664 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
9355 EXPECT_EQ(SystemUsesChromiumEVMetadata(), 9665 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
9356 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); 9666 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));
9357 } 9667 }
9358 9668
9359 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetCovered) { 9669 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetCovered) {
9360 if (!SystemSupportsOCSP()) { 9670 if (!SystemSupportsOCSP()) {
9361 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9671 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9362 return; 9672 return;
9363 } 9673 }
9364 9674
9365 SpawnedTestServer::SSLOptions ssl_options( 9675 SpawnedTestServer::SSLOptions ssl_options(
9366 SpawnedTestServer::SSLOptions::CERT_AUTO); 9676 SpawnedTestServer::SSLOptions::CERT_AUTO);
9367 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9677 ssl_options.ocsp_status =
9678 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9368 SSLConfigService::SetCRLSet( 9679 SSLConfigService::SetCRLSet(
9369 scoped_refptr<CRLSet>(CRLSet::ForTesting( 9680 scoped_refptr<CRLSet>(CRLSet::ForTesting(
9370 false, &kOCSPTestCertSPKI, ""))); 9681 false, &kOCSPTestCertSPKI, "")));
9371 9682
9372 CertStatus cert_status; 9683 CertStatus cert_status;
9373 DoConnection(ssl_options, &cert_status); 9684 DoConnection(ssl_options, &cert_status);
9374 9685
9375 // With a fresh CRLSet that covers the issuing certificate, we shouldn't do a 9686 // With a fresh CRLSet that covers the issuing certificate, we shouldn't do a
9376 // revocation check for EV. 9687 // revocation check for EV.
9377 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); 9688 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
9378 EXPECT_EQ(SystemUsesChromiumEVMetadata(), 9689 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
9379 static_cast<bool>(cert_status & CERT_STATUS_IS_EV)); 9690 static_cast<bool>(cert_status & CERT_STATUS_IS_EV));
9380 EXPECT_FALSE( 9691 EXPECT_FALSE(
9381 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); 9692 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED));
9382 } 9693 }
9383 9694
9384 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) { 9695 TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) {
9385 if (!SystemSupportsOCSP()) { 9696 if (!SystemSupportsOCSP()) {
9386 LOG(WARNING) << "Skipping test because system doesn't support OCSP"; 9697 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
9387 return; 9698 return;
9388 } 9699 }
9389 9700
9390 SpawnedTestServer::SSLOptions ssl_options( 9701 SpawnedTestServer::SSLOptions ssl_options(
9391 SpawnedTestServer::SSLOptions::CERT_AUTO); 9702 SpawnedTestServer::SSLOptions::CERT_AUTO);
9392 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9703 ssl_options.ocsp_status =
9704 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9393 SSLConfigService::SetCRLSet( 9705 SSLConfigService::SetCRLSet(
9394 scoped_refptr<CRLSet>(CRLSet::EmptyCRLSetForTesting())); 9706 scoped_refptr<CRLSet>(CRLSet::EmptyCRLSetForTesting()));
9395 9707
9396 CertStatus cert_status = 0; 9708 CertStatus cert_status = 0;
9397 DoConnection(ssl_options, &cert_status); 9709 DoConnection(ssl_options, &cert_status);
9398 9710
9399 // Even with a fresh CRLSet, we should still do online revocation checks when 9711 // Even with a fresh CRLSet, we should still do online revocation checks when
9400 // the certificate chain isn't covered by the CRLSet, which it isn't in this 9712 // the certificate chain isn't covered by the CRLSet, which it isn't in this
9401 // test. 9713 // test.
9402 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(), 9714 EXPECT_EQ(ExpectedCertStatusForFailedOnlineRevocationCheck(),
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
9442 false /* check for EV */, false /* online revocation checking */, 9754 false /* check for EV */, false /* online revocation checking */,
9443 false /* require rev. checking for local 9755 false /* require rev. checking for local
9444 anchors */, 9756 anchors */,
9445 false /* token binding enabled */)); 9757 false /* token binding enabled */));
9446 } 9758 }
9447 }; 9759 };
9448 9760
9449 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { 9761 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) {
9450 SpawnedTestServer::SSLOptions ssl_options( 9762 SpawnedTestServer::SSLOptions ssl_options(
9451 SpawnedTestServer::SSLOptions::CERT_AUTO); 9763 SpawnedTestServer::SSLOptions::CERT_AUTO);
9452 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_INVALID; 9764 ssl_options.ocsp_status =
9765 SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE;
9453 SSLConfigService::SetCRLSet( 9766 SSLConfigService::SetCRLSet(
9454 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting())); 9767 scoped_refptr<CRLSet>(CRLSet::ExpiredCRLSetForTesting()));
9455 9768
9456 CertStatus cert_status; 9769 CertStatus cert_status;
9457 DoConnection(ssl_options, &cert_status); 9770 DoConnection(ssl_options, &cert_status);
9458 9771
9459 // If we're not trying EV verification then, even if the CRLSet has expired, 9772 // If we're not trying EV verification then, even if the CRLSet has expired,
9460 // we don't fall back to online revocation checks. 9773 // we don't fall back to online revocation checks.
9461 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); 9774 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
9462 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); 9775 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
(...skipping 394 matching lines...) Expand 10 before | Expand all | Expand 10 after
9857 AddTestInterceptor()->set_main_intercept_job(std::move(job)); 10170 AddTestInterceptor()->set_main_intercept_job(std::move(job));
9858 10171
9859 req->Start(); 10172 req->Start();
9860 req->Cancel(); 10173 req->Cancel();
9861 base::RunLoop().RunUntilIdle(); 10174 base::RunLoop().RunUntilIdle();
9862 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); 10175 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status());
9863 EXPECT_EQ(0, d.received_redirect_count()); 10176 EXPECT_EQ(0, d.received_redirect_count());
9864 } 10177 }
9865 10178
9866 } // namespace net 10179 } // namespace net
OLDNEW
« net/test/spawned_test_server/base_test_server.h ('K') | « net/tools/testserver/testserver.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698