url_request_unittest: Enable AIA tests on android.

On android, adb is used to forward connections from the device to the
host, but there isn't a way to reserve the source port before deciding
which destination port on the host to forward it to. Change
RemoteTestServer reserve a port for AIA & OCSP, and forward it to another
port, like it already does on Fuchsia. Unlike Fuchsia, the second adb
forwarding step is still required to forward the connection from device to
host.

Change-Id: I739543fd0036f189928b5c7ce31c4d9a520e1cf0
Reviewed-on: https://chromium-review.googlesource.com/887171Reviewed-by: Scott Graham <scottmg@chromium.org>
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#532946}

build/util/lib/common/chrome_test_server_spawner.py

@@ -257,7 +257,7 @@ class TestServerThread(threading.Thread):
     if self.is_ready:
       port_map = [(0, self.host_port)]
       if self.host_ocsp_port:
-        port_map.append([(0, self.host_ocsp_port)])
+        port_map.extend([(0, self.host_ocsp_port)])
       self.port_forwarder.Map(port_map)
 
       self.forwarder_device_port = \

net/test/spawned_test_server/remote_test_server.cc

@@ -88,14 +88,17 @@ bool RemoteTestServer::StartInBackground() {
   // pass right server type to Python test server.
   arguments_dict.SetString("server-type", GetServerTypeString(type()));
 
-  // If the server is not on localhost and it's expected to start OCSP server
-  // then pass OCSP proxy port number, so the server can generate certificates
-  // for the OCSP server valid for the proxied port.
+  // If the server is expected to handle OCSP, it needs to know what port
+  // number to write into the AIA urls. Initialize the ocsp proxy to
+  // reserve a port, and pass it to the testserver so it can generate
+  // certificates for the OCSP server valid for the proxied port. Note that
+  // the test spawer may forward OCSP a second time, from the device to the
+  // host.
   bool ocsp_server_enabled =
       type() == TYPE_HTTPS && (ssl_options().server_certificate ==
                                    SSLOptions::CERT_AUTO_AIA_INTERMEDIATE ||
                                !ssl_options().GetOCSPArgument().empty());
-  if (config_.address() != IPAddress::IPv4Localhost() && ocsp_server_enabled) {
+  if (ocsp_server_enabled) {
     ocsp_proxy_ = std::make_unique<TcpSocketProxy>(io_thread_.task_runner());
     bool initialized = ocsp_proxy_->Initialize();
     CHECK(initialized);
@@ -141,21 +144,21 @@ bool RemoteTestServer::BlockUntilStarted() {
     CHECK(initialized);
     test_server_proxy_->Start(IPEndPoint(config_.address(), remote_port_));
 
-    if (ocsp_proxy_) {
-      const base::Value* ocsp_port_value = server_data().FindKey("ocsp_port");
-      if (ocsp_port_value && ocsp_port_value->is_int()) {
-        ocsp_proxy_->Start(
-            IPEndPoint(config_.address(), ocsp_port_value->GetInt()));
-      } else {
-        LOG(WARNING) << "testserver.py didn't return ocsp_port.";
-      }
-    }
-
     SetPort(test_server_proxy_->local_port());
   } else {
     SetPort(remote_port_);
   }
 
+  if (ocsp_proxy_) {
+    const base::Value* ocsp_port_value = server_data().FindKey("ocsp_port");
+    if (ocsp_port_value && ocsp_port_value->is_int()) {
+      ocsp_proxy_->Start(
+          IPEndPoint(config_.address(), ocsp_port_value->GetInt()));
+    } else {
+      LOG(WARNING) << "testserver.py didn't return ocsp_port.";
+    }
+  }
+
   return SetupWhenServerStarted();
 }
 

net/url_request/url_request_unittest.cc

@@ -149,7 +149,7 @@
 #include "net/url_request/network_error_logging_delegate.h"
 #endif  // BUILDFLAG(ENABLE_REPORTING)
 
-#if defined(USE_BUILTIN_CERT_VERIFIER)
+#if defined(OS_ANDROID) || defined(USE_BUILTIN_CERT_VERIFIER)
 #include "net/cert/cert_net_fetcher.h"
 #include "net/cert_net/cert_net_fetcher_impl.h"
 #endif
@@ -10405,7 +10405,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
     CHECK_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
     test_root_.reset(new ScopedTestRoot(root_cert.get()));
 
-#if defined(USE_BUILTIN_CERT_VERIFIER)
+#if defined(OS_ANDROID) || defined(USE_BUILTIN_CERT_VERIFIER)
     SetGlobalCertNetFetcherForTesting(net::CreateCertNetFetcher(&context_));
 #endif
 
@@ -10454,7 +10454,7 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
   }
 
   ~HTTPSOCSPTest() override {
-#if defined(USE_BUILTIN_CERT_VERIFIER)
+#if defined(OS_ANDROID) || defined(USE_BUILTIN_CERT_VERIFIER)
     ShutdownGlobalCertNetFetcher();
 #endif
 
@@ -11200,14 +11200,6 @@ INSTANTIATE_TEST_CASE_P(OCSPVerify,
                         HTTPSOCSPVerifyTest,
                         testing::ValuesIn(kOCSPVerifyData));
 
-static bool SystemSupportsAIA() {
-#if defined(OS_ANDROID)
-  return false;
-#else
-  return true;
-#endif
-}
-
 class HTTPSAIATest : public HTTPSOCSPTest {
  public:
   void SetupContext() override {
@@ -11240,15 +11232,10 @@ TEST_F(HTTPSAIATest, AIAFetching) {
   EXPECT_EQ(1, d.response_started_count());
 
   CertStatus cert_status = r->ssl_info().cert_status;
-  if (SystemSupportsAIA()) {
-    EXPECT_EQ(OK, d.request_status());
-    EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
-    ASSERT_TRUE(r->ssl_info().cert);
-    EXPECT_EQ(2u, r->ssl_info().cert->intermediate_buffers().size());
-  } else {
-    EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID,
-              cert_status & CERT_STATUS_ALL_ERRORS);
-  }
+  EXPECT_EQ(OK, d.request_status());
+  EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
+  ASSERT_TRUE(r->ssl_info().cert);
+  EXPECT_EQ(2u, r->ssl_info().cert->intermediate_buffers().size());
   ASSERT_TRUE(r->ssl_info().unverified_cert);
   EXPECT_EQ(0u, r->ssl_info().unverified_cert->intermediate_buffers().size());
 }