Chromium Code Reviews Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <shlobj.h> | 8 #include <shlobj.h> |
| 9 #include <windows.h> | 9 #include <windows.h> |
| 10 #endif | 10 #endif |
| 11 | 11 |
| 12 #include <algorithm> | 12 #include <algorithm> |
| 13 #include <string> | 13 #include <string> |
| 14 | 14 |
| 15 #include "base/basictypes.h" | 15 #include "base/basictypes.h" |
| 16 #include "base/bind.h" | 16 #include "base/bind.h" |
| 17 #include "base/compiler_specific.h" | 17 #include "base/compiler_specific.h" |
| 18 #include "base/file_util.h" | 18 #include "base/file_util.h" |
| 19 #include "base/format_macros.h" | 19 #include "base/format_macros.h" |
| 20 #include "base/memory/weak_ptr.h" | 20 #include "base/memory/weak_ptr.h" |
| 21 #include "base/message_loop.h" | 21 #include "base/message_loop.h" |
| 22 #include "base/path_service.h" | 22 #include "base/path_service.h" |
| 23 #include "base/process_util.h" | 23 #include "base/process_util.h" |
| 24 #include "base/string_number_conversions.h" | 24 #include "base/string_number_conversions.h" |
| 25 #include "base/string_piece.h" | 25 #include "base/string_piece.h" |
| 26 #include "base/string_split.h" | 26 #include "base/string_split.h" |
| 27 #include "base/string_util.h" | 27 #include "base/string_util.h" |
| 28 #include "base/stringprintf.h" | 28 #include "base/stringprintf.h" |
| 29 #include "base/utf_string_conversions.h" | 29 #include "base/utf_string_conversions.h" |
| 30 #include "net/base/cert_test_util.h" | |
| 30 #include "net/base/cookie_monster.h" | 31 #include "net/base/cookie_monster.h" |
| 31 #include "net/base/cookie_store_test_helpers.h" | 32 #include "net/base/cookie_store_test_helpers.h" |
| 32 #include "net/base/load_flags.h" | 33 #include "net/base/load_flags.h" |
| 33 #include "net/base/mock_host_resolver.h" | 34 #include "net/base/mock_host_resolver.h" |
| 34 #include "net/base/net_errors.h" | 35 #include "net/base/net_errors.h" |
| 35 #include "net/base/net_log.h" | 36 #include "net/base/net_log.h" |
| 36 #include "net/base/net_log_unittest.h" | 37 #include "net/base/net_log_unittest.h" |
| 37 #include "net/base/net_module.h" | 38 #include "net/base/net_module.h" |
| 38 #include "net/base/net_util.h" | 39 #include "net/base/net_util.h" |
| 39 #include "net/base/ssl_connection_status_flags.h" | 40 #include "net/base/ssl_connection_status_flags.h" |
| 41 #include "net/base/test_root_certs.h" | |
| 40 #include "net/base/upload_data.h" | 42 #include "net/base/upload_data.h" |
| 41 #include "net/disk_cache/disk_cache.h" | 43 #include "net/disk_cache/disk_cache.h" |
| 42 #include "net/ftp/ftp_network_layer.h" | 44 #include "net/ftp/ftp_network_layer.h" |
| 43 #include "net/http/http_cache.h" | 45 #include "net/http/http_cache.h" |
| 44 #include "net/http/http_network_layer.h" | 46 #include "net/http/http_network_layer.h" |
| 45 #include "net/http/http_network_session.h" | 47 #include "net/http/http_network_session.h" |
| 46 #include "net/http/http_request_headers.h" | 48 #include "net/http/http_request_headers.h" |
| 47 #include "net/http/http_response_headers.h" | 49 #include "net/http/http_response_headers.h" |
| 50 #include "net/ocsp/nss_ocsp.h" | |
| 48 #include "net/proxy/proxy_service.h" | 51 #include "net/proxy/proxy_service.h" |
| 49 #include "net/socket/ssl_client_socket.h" | 52 #include "net/socket/ssl_client_socket.h" |
| 50 #include "net/test/test_server.h" | 53 #include "net/test/test_server.h" |
| 51 #include "net/url_request/url_request.h" | 54 #include "net/url_request/url_request.h" |
| 52 #include "net/url_request/url_request_file_dir_job.h" | 55 #include "net/url_request/url_request_file_dir_job.h" |
| 53 #include "net/url_request/url_request_http_job.h" | 56 #include "net/url_request/url_request_http_job.h" |
| 54 #include "net/url_request/url_request_job_factory.h" | 57 #include "net/url_request/url_request_job_factory.h" |
| 55 #include "net/url_request/url_request_redirect_job.h" | 58 #include "net/url_request/url_request_redirect_job.h" |
| 56 #include "net/url_request/url_request_test_job.h" | 59 #include "net/url_request/url_request_test_job.h" |
| 57 #include "net/url_request/url_request_test_util.h" | 60 #include "net/url_request/url_request_test_util.h" |
| (...skipping 1302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1360 if (err_allowed) { | 1363 if (err_allowed) { |
| 1361 EXPECT_NE(0, d.bytes_received()); | 1364 EXPECT_NE(0, d.bytes_received()); |
| 1362 CheckSSLInfo(r.ssl_info()); | 1365 CheckSSLInfo(r.ssl_info()); |
| 1363 } else { | 1366 } else { |
| 1364 EXPECT_EQ(0, d.bytes_received()); | 1367 EXPECT_EQ(0, d.bytes_received()); |
| 1365 } | 1368 } |
| 1366 } | 1369 } |
| 1367 } | 1370 } |
| 1368 } | 1371 } |
| 1369 | 1372 |
| 1373 class RevCheckedEnabledSSLConfigService : public SSLConfigService { | |
| 1374 public: | |
| 1375 virtual void GetSSLConfig(SSLConfig* config) { | |
| 1376 *config = SSLConfig(); | |
| 1377 config->rev_checking_enabled = true; | |
| 1378 config->verify_ev_cert = true; | |
| 1379 } | |
| 1380 }; | |
| 1381 | |
| 1382 class HTTPSOCSPTest : public HTTPSRequestTest { | |
| 1383 public: | |
| 1384 HTTPSOCSPTest() | |
| 1385 : context_(new TestURLRequestContext(true)) { | |
| 1386 context_->set_ssl_config_service(new RevCheckedEnabledSSLConfigService); | |
| 1387 context_->Init(); | |
| 1388 | |
| 1389 scoped_refptr<net::X509Certificate> root_cert = | |
| 1390 ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem"); | |
| 1391 CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert); | |
| 1392 test_root_.reset(new ScopedTestRoot(root_cert)); | |
| 1393 | |
| 1394 #if defined(USE_NSS) | |
| 1395 EnsureOCSPInit(); | |
| 1396 SetURLRequestContextForOCSP(context_.get()); | |
| 1397 #endif | |
| 1398 } | |
| 1399 | |
| 1400 void DoConnection(const TestServer::HTTPSOptions& https_options, | |
| 1401 CertStatus* out_cert_status) { | |
| 1402 TestServer test_server(https_options, | |
| 1403 FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | |
| 1404 ASSERT_TRUE(test_server.Start()); | |
| 1405 | |
| 1406 TestDelegate d; | |
| 1407 d.set_allow_certificate_errors(true); | |
| 1408 URLRequest r(test_server.GetURL(""), &d); | |
| 1409 r.set_context(context_.get()); | |
| 1410 r.Start(); | |
| 1411 | |
| 1412 MessageLoop::current()->Run(); | |
| 1413 | |
| 1414 EXPECT_EQ(1, d.response_started_count()); | |
| 1415 *out_cert_status = r.ssl_info().cert_status; | |
| 1416 } | |
| 1417 | |
| 1418 private: | |
| 1419 scoped_ptr<ScopedTestRoot> test_root_; | |
| 1420 scoped_refptr<TestURLRequestContext> context_; | |
| 1421 }; | |
| 1422 | |
| 1423 #if !defined(OS_ANDROID) && !defined(USE_OPENSSL) | |
| 1424 // TODO(jnd): http://crbug.com/117478 - EV verification is not yet supported. | |
| 1425 TEST_F(HTTPSOCSPTest, OCSPValid) { | |
| 1426 TestServer::HTTPSOptions https_options(TestServer::HTTPSOptions::OCSP_OK); | |
| 1427 | |
| 1428 CertStatus cert_status; | |
| 1429 DoConnection(https_options, &cert_status); | |
| 1430 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); | |
| 1431 EXPECT_TRUE(cert_status & CERT_STATUS_IS_EV); | |
| 1432 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | |
| 1433 } | |
| 1434 | |
| 1435 TEST_F(HTTPSOCSPTest, OCSPRevoked) { | |
| 1436 TestServer::HTTPSOptions https_options( | |
| 1437 TestServer::HTTPSOptions::OCSP_REVOKED); | |
| 1438 | |
| 1439 CertStatus cert_status; | |
| 1440 DoConnection(https_options, &cert_status); | |
| 1441 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | |
| 1442 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | |
| 1443 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | |
| 1444 } | |
| 1445 | |
| 1446 TEST_F(HTTPSOCSPTest, OCSPInvalid) { | |
| 1447 TestServer::HTTPSOptions https_options( | |
| 1448 TestServer::HTTPSOptions::OCSP_INVALID); | |
| 1449 | |
| 1450 CertStatus cert_status; | |
| 1451 DoConnection(https_options, &cert_status); | |
| 1452 // Windows can return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION but we don't | |
| 1453 // have that ability on other platforms. | |
|
Ryan Sleevi
2012/03/09 22:07:53
For OS X, we should. What errors are you seeing?
agl
2012/03/13 22:24:29
I think the test passed on Mac when I tried it. Ce
| |
| 1454 #if defined(OS_WIN) | |
| 1455 EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, | |
| 1456 cert_status & CERT_STATUS_ALL_ERRORS); | |
| 1457 #else | |
| 1458 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); | |
| 1459 #endif | |
| 1460 | |
| 1461 // Without a positive OCSP response, we shouldn't show the EV status. | |
| 1462 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | |
| 1463 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | |
| 1464 } | |
| 1465 #endif // !OS_ANDROID && !USE_OPENSSL | |
| 1466 | |
| 1370 // This tests that a load of www.google.com with a certificate error sets | 1467 // This tests that a load of www.google.com with a certificate error sets |
| 1371 // the |certificate_errors_are_fatal| flag correctly. This flag will cause | 1468 // the |certificate_errors_are_fatal| flag correctly. This flag will cause |
| 1372 // the interstitial to be fatal. | 1469 // the interstitial to be fatal. |
| 1373 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { | 1470 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { |
| 1374 TestServer::HTTPSOptions https_options( | 1471 TestServer::HTTPSOptions https_options( |
| 1375 TestServer::HTTPSOptions::CERT_MISMATCHED_NAME); | 1472 TestServer::HTTPSOptions::CERT_MISMATCHED_NAME); |
| 1376 TestServer test_server(https_options, | 1473 TestServer test_server(https_options, |
| 1377 FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 1474 FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 1378 ASSERT_TRUE(test_server.Start()); | 1475 ASSERT_TRUE(test_server.Start()); |
| 1379 | 1476 |
| (...skipping 2818 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4198 req.SetExtraRequestHeaders(headers); | 4295 req.SetExtraRequestHeaders(headers); |
| 4199 req.Start(); | 4296 req.Start(); |
| 4200 MessageLoop::current()->Run(); | 4297 MessageLoop::current()->Run(); |
| 4201 // If the net tests are being run with ChromeFrame then we need to allow for | 4298 // If the net tests are being run with ChromeFrame then we need to allow for |
| 4202 // the 'chromeframe' suffix which is added to the user agent before the | 4299 // the 'chromeframe' suffix which is added to the user agent before the |
| 4203 // closing parentheses. | 4300 // closing parentheses. |
| 4204 EXPECT_TRUE(StartsWithASCII(d.data_received(), "Lynx (textmode", true)); | 4301 EXPECT_TRUE(StartsWithASCII(d.data_received(), "Lynx (textmode", true)); |
| 4205 } | 4302 } |
| 4206 | 4303 |
| 4207 } // namespace net | 4304 } // namespace net |
| OLD | NEW |
