net: add OCSP tests.

net/test/base_test_server.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/test/base_test_server.h"
 
 #include <string>
 #include <vector>
 
 #include "base/base64.h"
@@ skipping 37 matching lines @@
   if (cipher & BaseTestServer::HTTPSOptions::BULK_CIPHER_AES256)
     values->Append(base::Value::CreateStringValue("aes256"));
   if (cipher & BaseTestServer::HTTPSOptions::BULK_CIPHER_3DES)
     values->Append(base::Value::CreateStringValue("3des"));
 }
 
 }  // namespace
 
 BaseTestServer::HTTPSOptions::HTTPSOptions()
     : server_certificate(CERT_OK),
+      ocsp_status(OCSP_OK),
       request_client_certificate(false),
       bulk_ciphers(HTTPSOptions::BULK_CIPHER_ANY),
       record_resume(false) {}
 
 BaseTestServer::HTTPSOptions::HTTPSOptions(
     BaseTestServer::HTTPSOptions::ServerCertificate cert)
     : server_certificate(cert),
       request_client_certificate(false),
       bulk_ciphers(HTTPSOptions::BULK_CIPHER_ANY),
       record_resume(false) {}
 
 BaseTestServer::HTTPSOptions::~HTTPSOptions() {}
 
 FilePath BaseTestServer::HTTPSOptions::GetCertificateFile() const {
   switch (server_certificate) {
     case CERT_OK:
     case CERT_MISMATCHED_NAME:
       return FilePath(FILE_PATH_LITERAL("ok_cert.pem"));
     case CERT_EXPIRED:
       return FilePath(FILE_PATH_LITERAL("expired_cert.pem"));
     case CERT_CHAIN_WRONG_ROOT:
       // This chain uses its own dedicated test root certificate to avoid
       // side-effects that may affect testing.
       return FilePath(FILE_PATH_LITERAL("redundant-server-chain.pem"));
+    case CERT_AUTO:
+      return FilePath();
     default:
       NOTREACHED();
   }
   return FilePath();
 }
 
+std::string BaseTestServer::HTTPSOptions::GetOCSPArgument() const {
+  if (server_certificate != CERT_AUTO)
+    return "";
+
+  switch (ocsp_status) {
+    case OCSP_OK:
+      return "ok";
+    case OCSP_REVOKED:
+      return "revoked";
+    case OCSP_INVALID:
+      return "invalid";
+    default:
+      NOTREACHED();
+      return "";
+  }
+}
+
 const char BaseTestServer::kLocalhost[] = "127.0.0.1";
 const char BaseTestServer::kGDataAuthToken[] = "testtoken";
 
 BaseTestServer::BaseTestServer(Type type, const std::string& host)
     : type_(type),
       started_(false),
       log_to_console_(false) {
   Init(host);
 }
 
@@ skipping 204 matching lines @@
   DCHECK(arguments);
 
   arguments->SetString("host", host_port_pair_.host());
   arguments->SetInteger("port", host_port_pair_.port());
   arguments->SetString("data-dir", document_root_.value());
 
   if (VLOG_IS_ON(1) || log_to_console_)
     arguments->Set("log-to-console", base::Value::CreateNullValue());
 
   if (type_ == TYPE_HTTPS) {
+    arguments->Set("https", base::Value::CreateNullValue());
+
     // Check the certificate arguments of the HTTPS server.
     FilePath certificate_path(certificates_dir_);
-    certificate_path = certificate_path.Append(
-        https_options_.GetCertificateFile());
-    if (certificate_path.IsAbsolute() &&
-        !file_util::PathExists(certificate_path)) {
-      LOG(ERROR) << "Certificate path " << certificate_path.value()
-                 << " doesn't exist. Can't launch https server.";
-      return false;
+    FilePath certificate_file(https_options_.GetCertificateFile());
+    if (!certificate_file.value().empty()) {
+      certificate_path = certificate_path.Append(certificate_file);
+      if (certificate_path.IsAbsolute() &&
+          !file_util::PathExists(certificate_path)) {
+        LOG(ERROR) << "Certificate path " << certificate_path.value()
+                   << " doesn't exist. Can't launch https server.";
+        return false;
+      }
+      arguments->SetString("cert-and-key-file", certificate_path.value());
     }
-    arguments->SetString("https", certificate_path.value());
+
+    std::string ocsp_arg = https_options_.GetOCSPArgument();
+    if (!ocsp_arg.empty())
+      arguments->SetString("ocsp", ocsp_arg);
 
     // Check the client certificate related arguments.
     if (https_options_.request_client_certificate)
       arguments->Set("ssl-client-auth", base::Value::CreateNullValue());
     scoped_ptr<base::ListValue> ssl_client_certs(new base::ListValue());
 
     std::vector<FilePath>::const_iterator it;
     for (it = https_options_.client_authorities.begin();
          it != https_options_.client_authorities.end(); ++it) {
       if (it->IsAbsolute() && !file_util::PathExists(*it)) {
@@ skipping 12 matching lines @@
     GetCiphersList(https_options_.bulk_ciphers, bulk_cipher_values.get());
     if (bulk_cipher_values->GetSize())
       arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release());
     if (https_options_.record_resume)
       arguments->Set("https-record-resume", base::Value::CreateNullValue());
   }
   return true;
 }
 
 }  // namespace net