From 4e72ee50e8f859f1b7dc9a8904d41462c107277e Mon Sep 17 00:00:00 2001
From: "ekasper@google.com"
 <ekasper@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 28 Nov 2013 13:43:26 +0000
Subject: Add support for fetching Certificate Transparency SCTs over a TLS
 extension

BUG=309578

Review URL: https://codereview.chromium.org/83333003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@237775 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/test/spawned_test_server/base_test_server.cc | 6 ++++++
 net/test/spawned_test_server/base_test_server.h  | 9 ++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

(limited to 'net/test/spawned_test_server')

diff --git a/net/test/spawned_test_server/base_test_server.cc b/net/test/spawned_test_server/base_test_server.cc
index b8697d4..775341b 100644
--- a/net/test/spawned_test_server/base_test_server.cc
+++ b/net/test/spawned_test_server/base_test_server.cc
@@ -398,6 +398,12 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
       arguments->Set("tls-intolerant",
                      new base::FundamentalValue(ssl_options_.tls_intolerant));
     }
+    if (!ssl_options_.signed_cert_timestamps.empty()) {
+      std::string b64_scts;
+      if (!base::Base64Encode(ssl_options_.signed_cert_timestamps, &b64_scts))
+        return false;
+      arguments->SetString("signed-cert-timestamps", b64_scts);
+    }
   }
 
   return GenerateAdditionalArguments(arguments);
diff --git a/net/test/spawned_test_server/base_test_server.h b/net/test/spawned_test_server/base_test_server.h
index ff395c5..9d5cda8 100644
--- a/net/test/spawned_test_server/base_test_server.h
+++ b/net/test/spawned_test_server/base_test_server.h
@@ -147,6 +147,14 @@ class BaseTestServer {
     // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
     // negotiates an intolerant TLS version in order to test version fallback.
     TLSIntolerantLevel tls_intolerant;
+
+    // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
+    // a TLS extension.
+    // Temporary glue for testing: validation of SCTs is application-controlled
+    // and can be appropriately mocked out, so sending fake data here does not
+    // affect handshaking behaviour.
+    // TODO(ekasper): replace with valid SCT files for test certs.
+    std::string signed_cert_timestamps;
   };
 
   // Pass as the 'host' parameter during construction to server on 127.0.0.1
@@ -260,4 +268,3 @@ class BaseTestServer {
 }  // namespace net
 
 #endif  // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
-
-- 
cgit v1.1