diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-19 16:23:30 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-19 16:23:30 +0000 |
| commit | 19c879d573f028a5ebee68e0da627b03c2f6baec (patch) | |
| tree | 5797c5b79b3238bd5c4c3c9f86e6dc3cad0e95ac /net/test/base_test_server.h | |
| parent | 31a5e31f355d386a5e18444fa32df7efdcacfb8c (diff) | |
| download | chromium_src-19c879d573f028a5ebee68e0da627b03c2f6baec.zip chromium_src-19c879d573f028a5ebee68e0da627b03c2f6baec.tar.gz chromium_src-19c879d573f028a5ebee68e0da627b03c2f6baec.tar.bz2 | |
net: add OCSP tests.
I was getting increasingly unhappy altering EV and revocation checking
semantics without any tests. We historically haven't had tests because
online revocation checking is inherently flaky so I amended testserver
with the minimum code to be able to sign and vend OCSP responses.
These tests do not test the final EV/CRLSet/revocation checking
semantics. They are intended to be altered in future CLs.
BUG=none
TEST=net_unittests
https://chromiumcodereview.appspot.com/9663017/
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127486 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/test/base_test_server.h')
| -rw-r--r-- | net/test/base_test_server.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/net/test/base_test_server.h b/net/test/base_test_server.h index 7264a65..fd04e55 100644 --- a/net/test/base_test_server.h +++ b/net/test/base_test_server.h @@ -46,6 +46,11 @@ class BaseTestServer { struct HTTPSOptions { enum ServerCertificate { CERT_OK, + + // CERT_AUTO causes the testserver to generate a test certificate issued + // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem). + CERT_AUTO, + CERT_MISMATCHED_NAME, CERT_EXPIRED, // Cross-signed certificate to test PKIX path building. Contains an @@ -55,6 +60,14 @@ class BaseTestServer { CERT_CHAIN_WRONG_ROOT, }; + // OCSPStatus enumerates the types of OCSP response that the testserver + // can produce. + enum OCSPStatus { + OCSP_OK, + OCSP_REVOKED, + OCSP_INVALID, + }; + // Bitmask of bulk encryption algorithms that the test server supports // and that can be selectively enabled or disabled. enum BulkCipher { @@ -83,9 +96,17 @@ class BaseTestServer { // |server_certificate|. FilePath GetCertificateFile() const; + // GetOCSPArgument returns the value of any OCSP argument to testserver or + // the empty string if there is none. + std::string GetOCSPArgument() const; + // The certificate to use when serving requests. ServerCertificate server_certificate; + // If |server_certificate==CERT_AUTO| then this determines the type of OCSP + // response returned. + OCSPStatus ocsp_status; + // True if a CertificateRequest should be sent to the client during // handshaking. bool request_client_certificate; |