search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
QUIC - enable LargePostSmallBandwidthLargeBuffer unittest.
[chromium-blink-merge.git] / net / cert_net / nss_ocsp_unittest.cc
blob29adebc1a9d1223d062a73f9ed627f0204fc1e23
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert_net/nss_ocsp.h"
6
7 #include <string>
8
9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h"
11 #include "base/logging.h"
12 #include "base/memory/ref_counted.h"
13 #include "net/base/net_errors.h"
14 #include "net/base/test_completion_callback.h"
15 #include "net/base/test_data_directory.h"
16 #include "net/cert/cert_status_flags.h"
17 #include "net/cert/cert_verifier.h"
18 #include "net/cert/cert_verify_proc.h"
19 #include "net/cert/cert_verify_proc_nss.h"
20 #include "net/cert/cert_verify_result.h"
21 #include "net/cert/multi_threaded_cert_verifier.h"
22 #include "net/cert/test_root_certs.h"
23 #include "net/cert/x509_certificate.h"
24 #include "net/test/cert_test_util.h"
25 #include "net/url_request/url_request_filter.h"
26 #include "net/url_request/url_request_interceptor.h"
27 #include "net/url_request/url_request_test_job.h"
28 #include "net/url_request/url_request_test_util.h"
29 #include "testing/gtest/include/gtest/gtest.h"
30
31 namespace net {
32
33 namespace {
34
35 // Matches the caIssuers hostname from the generated certificate.
36 const char kAiaHost[] = "aia-test.invalid";
37 // Returning a single DER-encoded cert, so the mime-type must be
38 // application/pkix-cert per RFC 5280.
39 const char kAiaHeaders[] = "HTTP/1.1 200 OK\0"
40 "Content-type: application/pkix-cert\0"
41 "\0";
42
43 class AiaResponseHandler : public URLRequestInterceptor {
44 public:
45 AiaResponseHandler(const std::string& headers, const std::string& cert_data)
46 : headers_(headers), cert_data_(cert_data), request_count_(0) {}
47 ~AiaResponseHandler() override {}
48
49 // URLRequestInterceptor implementation:
50 URLRequestJob* MaybeInterceptRequest(
51 URLRequest* request,
52 NetworkDelegate* network_delegate) const override {
53 ++const_cast<AiaResponseHandler*>(this)->request_count_;
54
55 return new URLRequestTestJob(request, network_delegate, headers_,
56 cert_data_, true);
57 }
58
59 int request_count() const { return request_count_; }
60
61 private:
62 std::string headers_;
63 std::string cert_data_;
64 int request_count_;
65
66 DISALLOW_COPY_AND_ASSIGN(AiaResponseHandler);
67 };
68
69 } // namespace
70
71 class NssHttpTest : public ::testing::Test {
72 public:
73 NssHttpTest()
74 : context_(false),
75 handler_(NULL),
76 verify_proc_(new CertVerifyProcNSS),
77 verifier_(new MultiThreadedCertVerifier(verify_proc_.get())) {}
78 ~NssHttpTest() override {}
79
80 void SetUp() override {
81 std::string file_contents;
82 ASSERT_TRUE(base::ReadFileToString(
83 GetTestCertsDirectory().AppendASCII("aia-intermediate.der"),
84 &file_contents));
85 ASSERT_FALSE(file_contents.empty());
86
87 // Ownership of |handler| is transferred to the URLRequestFilter, but
88 // hold onto the original pointer in order to access |request_count()|.
89 scoped_ptr<AiaResponseHandler> handler(
90 new AiaResponseHandler(kAiaHeaders, file_contents));
91 handler_ = handler.get();
92
93 URLRequestFilter::GetInstance()->AddHostnameInterceptor(
94 "http", kAiaHost, handler.Pass());
95
96 SetURLRequestContextForNSSHttpIO(&context_);
97 EnsureNSSHttpIOInit();
98 }
99
100 void TearDown() override {
101 ShutdownNSSHttpIO();
102
103 if (handler_)
104 URLRequestFilter::GetInstance()->RemoveHostnameHandler("http", kAiaHost);
105 }
106
107 CertVerifier* verifier() const {
108 return verifier_.get();
109 }
110
111 int request_count() const {
112 return handler_->request_count();
113 }
114
115 protected:
116 const CertificateList empty_cert_list_;
117
118 private:
119 TestURLRequestContext context_;
120 AiaResponseHandler* handler_;
121 scoped_refptr<CertVerifyProc> verify_proc_;
122 scoped_ptr<CertVerifier> verifier_;
123 };
124
125 // Tests that when using NSS to verify certificates, and IO is enabled,
126 // that a request to fetch missing intermediate certificates is
127 // made successfully.
128 TEST_F(NssHttpTest, TestAia) {
129 scoped_refptr<X509Certificate> test_cert(
130 ImportCertFromFile(GetTestCertsDirectory(), "aia-cert.pem"));
131 ASSERT_TRUE(test_cert.get());
132
133 scoped_refptr<X509Certificate> test_root(
134 ImportCertFromFile(GetTestCertsDirectory(), "aia-root.pem"));
135 ASSERT_TRUE(test_root.get());
136
137 ScopedTestRoot scoped_root(test_root.get());
138
139 CertVerifyResult verify_result;
140 TestCompletionCallback test_callback;
141 scoped_ptr<CertVerifier::Request> request;
142
143 int flags = CertVerifier::VERIFY_CERT_IO_ENABLED;
144 int error = verifier()->Verify(
145 test_cert.get(), "aia-host.invalid", std::string(), flags, NULL,
146 &verify_result, test_callback.callback(), &request, BoundNetLog());
147 ASSERT_EQ(ERR_IO_PENDING, error);
148
149 error = test_callback.WaitForResult();
150
151 EXPECT_EQ(OK, error);
152
153 // Ensure that NSS made an AIA request for the missing intermediate.
154 EXPECT_LT(0, request_count());
155 }
156
157 } // namespace net