net: add OCSP tests.

I was getting increasingly unhappy altering EV and revocation checking
semantics without any tests. We historically haven't had tests because
online revocation checking is inherently flaky so I amended testserver
with the minimum code to be able to sign and vend OCSP responses.

These tests do not test the final EV/CRLSet/revocation checking
semantics. They are intended to be altered in future CLs.

BUG=none
TEST=net_unittests

https://chromiumcodereview.appspot.com/9663017/

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127486 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 36 insertions, 8 deletions

diff --git a/net/test/base_test_server.cc b/net/test/base_test_server.cc
index c4f0fc6..eefd953 100644
--- a/net/test/base_test_server.cc
+++ b/net/test/base_test_server.cc
@@ -55,6 +55,7 @@ void GetCiphersList(int cipher, base::ListValue* values) {
 
 BaseTestServer::HTTPSOptions::HTTPSOptions()
     : server_certificate(CERT_OK),
+      ocsp_status(OCSP_OK),
       request_client_certificate(false),
       bulk_ciphers(HTTPSOptions::BULK_CIPHER_ANY),
       record_resume(false) {}
@@ -79,12 +80,31 @@ FilePath BaseTestServer::HTTPSOptions::GetCertificateFile() const {
       // This chain uses its own dedicated test root certificate to avoid
       // side-effects that may affect testing.
       return FilePath(FILE_PATH_LITERAL("redundant-server-chain.pem"));
+    case CERT_AUTO:
+      return FilePath();
     default:
       NOTREACHED();
   }
   return FilePath();
 }
 
+std::string BaseTestServer::HTTPSOptions::GetOCSPArgument() const {
+  if (server_certificate != CERT_AUTO)
+    return "";
+
+  switch (ocsp_status) {
+    case OCSP_OK:
+      return "ok";
+    case OCSP_REVOKED:
+      return "revoked";
+    case OCSP_INVALID:
+      return "invalid";
+    default:
+      NOTREACHED();
+      return "";
+  }
+}
+
 const char BaseTestServer::kLocalhost[] = "127.0.0.1";
 const char BaseTestServer::kGDataAuthToken[] = "testtoken";
 
@@ -309,17 +329,25 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
     arguments->Set("log-to-console", base::Value::CreateNullValue());
 
   if (type_ == TYPE_HTTPS) {
+    arguments->Set("https", base::Value::CreateNullValue());
+
     // Check the certificate arguments of the HTTPS server.
     FilePath certificate_path(certificates_dir_);
-    certificate_path = certificate_path.Append(
-        https_options_.GetCertificateFile());
-    if (certificate_path.IsAbsolute() &&
-        !file_util::PathExists(certificate_path)) {
-      LOG(ERROR) << "Certificate path " << certificate_path.value()
-                 << " doesn't exist. Can't launch https server.";
-      return false;
+    FilePath certificate_file(https_options_.GetCertificateFile());
+    if (!certificate_file.value().empty()) {
+      certificate_path = certificate_path.Append(certificate_file);
+      if (certificate_path.IsAbsolute() &&
+          !file_util::PathExists(certificate_path)) {
+        LOG(ERROR) << "Certificate path " << certificate_path.value()
+                   << " doesn't exist. Can't launch https server.";
+        return false;
+      }
+      arguments->SetString("cert-and-key-file", certificate_path.value());
     }
-    arguments->SetString("https", certificate_path.value());
+
+    std::string ocsp_arg = https_options_.GetOCSPArgument();
+    if (!ocsp_arg.empty())
+      arguments->SetString("ocsp", ocsp_arg);
 
     // Check the client certificate related arguments.
     if (https_options_.request_client_certificate)