net: add OCSP tests.

net/test/base_test_server.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_TEST_BASE_TEST_SERVER_H_
 #define NET_TEST_BASE_TEST_SERVER_H_
 #pragma once
 
 #include <string>
 #include <utility>
@@ skipping 28 matching lines @@
     TYPE_SYNC,
     TYPE_TCP_ECHO,
     TYPE_UDP_ECHO,
   };
 
   // Container for various options to control how the HTTPS server is
   // initialized.
   struct HTTPSOptions {
     enum ServerCertificate {
       CERT_OK,
+
+      // CERT_AUTO causes the testserver to generate a test certificate issued
+      // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
+      CERT_AUTO,
+
       CERT_MISMATCHED_NAME,
       CERT_EXPIRED,
       // Cross-signed certificate to test PKIX path building. Contains an
       // intermediate cross-signed by an unknown root, while the client (via
       // TestRootStore) is expected to have a self-signed version of the
       // intermediate.
       CERT_CHAIN_WRONG_ROOT,
     };
 
+    // OCSPStatus enumerates the types of OCSP response that the testserver
+    // can produce.
+    enum OCSPStatus {
+      OCSP_OK,
+      OCSP_REVOKED,
+      OCSP_INVALID,
+    };
+
     // Bitmask of bulk encryption algorithms that the test server supports
     // and that can be selectively enabled or disabled.
     enum BulkCipher {
       // Special value used to indicate that any algorithm the server supports
       // is acceptable. Preferred over explicitly OR-ing all ciphers.
       BULK_CIPHER_ANY    = 0,
 
       BULK_CIPHER_RC4    = (1 << 0),
       BULK_CIPHER_AES128 = (1 << 1),
       BULK_CIPHER_AES256 = (1 << 2),
 
       // NOTE: 3DES support in the Python test server has external
       // dependencies and not be available on all machines. Clients may not
       // be able to connect if only 3DES is specified.
       BULK_CIPHER_3DES   = (1 << 3),
     };
 
     // Initialize a new HTTPSOptions using CERT_OK as the certificate.
     HTTPSOptions();
 
     // Initialize a new HTTPSOptions that will use the specified certificate.
     explicit HTTPSOptions(ServerCertificate cert);
     ~HTTPSOptions();
 
     // Returns the relative filename of the file that contains the
     // |server_certificate|.
     FilePath GetCertificateFile() const;
 
+    // GetOCSPArgument returns the value of any OCSP argument to testserver or
+    // the empty string if there is none.
+    std::string GetOCSPArgument() const;
+
     // The certificate to use when serving requests.
     ServerCertificate server_certificate;
 
+    // If |server_certificate==CERT_AUTO| then this determines the type of OCSP
+    // response returned.
+    OCSPStatus ocsp_status;
+
     // True if a CertificateRequest should be sent to the client during
     // handshaking.
     bool request_client_certificate;
 
     // If |request_client_certificate| is true, an optional list of files,
     // each containing a single, PEM-encoded X.509 certificates. The subject
     // from each certificate will be added to the certificate_authorities
     // field of the CertificateRequest.
     std::vector<FilePath> client_authorities;
 
@@ skipping 105 matching lines @@
 
   scoped_ptr<ScopedPortException> allowed_port_;
 
   DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
 };
 
 }  // namespace net
 
 #endif  // NET_TEST_BASE_TEST_SERVER_H_