Certificate Transparency: Remove the obsolete invalid sct status.

net/http/http_response_info_unittest.cc

Index: net/http/http_response_info_unittest.cc
diff --git a/net/http/http_response_info_unittest.cc b/net/http/http_response_info_unittest.cc
index 75ae43532c4d71aeead410bbd4d3589a886d8afb..0eff3ed0cbbc7ddc0dfc96ca82129e0734407cd2 100644
--- a/net/http/http_response_info_unittest.cc
+++ b/net/http/http_response_info_unittest.cc
@@ -5,7 +5,10 @@
 #include "net/http/http_response_info.h"
 
 #include "base/pickle.h"
+#include "net/cert/signed_certificate_timestamp.h"
+#include "net/cert/signed_certificate_timestamp_and_status.h"
 #include "net/http/http_response_headers.h"
+#include "net/test/ct_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -90,6 +93,21 @@ TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredNotPersisted) {
   EXPECT_FALSE(restored_response_info.async_revalidation_required);
 }
 
+TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithInvalidSCTStatus) {
+  scoped_refptr<ct::SignedCertificateTimestamp> sct;
+  ct::GetX509CertSCT(&sct);
+
+  response_info_.ssl_info.signed_certificate_timestamps.push_back(
+      SignedCertificateTimestampAndStatus(sct,
+                                          static_cast<ct::SCTVerifyStatus>(2)));
+
+  base::Pickle pickle;
+  response_info_.Persist(&pickle, false, false);
+  bool truncated = false;
+  net::HttpResponseInfo restored_response_info;
+  EXPECT_FALSE(restored_response_info.InitFromPickle(pickle, &truncated));

[estark, 2016/08/31 22:03:33]

I would find this test slightly more comforting if you had a check before or
after that InitFromPickle() returns true with a legitimate SCTVerifyStatus. (So
that it's obvious that InitFromPickle() fails due to the bad SCTVerifyStatus
rather than some other reason.)

[Ryan Sleevi, 2016/09/01 00:01:29]

+1

[Eran Messeri, 2016/09/01 14:16:34]

Good catch, thanks - turns out SCTs aren't serialized properly if there's no
cert.

+}
+
 }  // namespace
 
 }  // namespace net