st0o0
diff --git a/‎.maggus/features/feature_021.md‎
Lines changed: 7 additions & 7 deletions b/‎.maggus/features/feature_021.md‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎src/TurboHttp.IntegrationTests/TLS/CacheIntegrationTests.cs‎
Lines changed: 281 additions & 0 deletions b/‎src/TurboHttp.IntegrationTests/TLS/CacheIntegrationTests.cs‎
Lines changed: 281 additions & 0 deletions
@@ -228,13 +228,13 @@ TurboHttp has 139 integration tests but coverage is heavily skewed toward HTTP/1
 **Parallel:** yes — can run alongside TASK-021-001, TASK-021-002, TASK-021-003, TASK-021-004, TASK-021-005, TASK-021-006
 
 **Acceptance Criteria:**
-- [ ] `CacheIntegrationTests.cs` created with 11 tests
-- [ ] `ErrorHandlingIntegrationTests.cs` created with ~8 tests (adapted from HTTP/1.1 version)
-- [ ] `ConnectionIntegrationTests.cs` created with 5 tests (keep-alive over TLS, Connection: close over TLS, sequential reuse)
-- [ ] All tests use `KestrelTlsFixture`, `[Collection("TLS")]`, `scheme: "https"`
-- [ ] DisplayNames follow `Cache-TLS-001` / `Error-TLS-001` / `Conn-TLS-001`
-- [ ] All ~24 tests pass
-- [ ] Build passes with zero warnings
+- [x] `CacheIntegrationTests.cs` created with 11 tests
+- [x] `ErrorHandlingIntegrationTests.cs` created with ~8 tests (adapted from HTTP/1.1 version)
+- [x] `ConnectionIntegrationTests.cs` created with 5 tests (keep-alive over TLS, Connection: close over TLS, sequential reuse)
+- [x] All tests use `KestrelTlsFixture`, `[Collection("TLS")]`, `scheme: "https"`
+- [x] DisplayNames follow `Cache-TLS-001` / `Error-TLS-001` / `Conn-TLS-001`
+- [x] All ~24 tests pass
+- [x] Build passes with zero warnings
 
 **Files:**
 - `src/TurboHttp.IntegrationTests/TLS/CacheIntegrationTests.cs`
 
@@ -0,0 +1,281 @@
+using System.Net;
+using TurboHttp.IntegrationTests.Shared;
+using TurboHttp.Protocol.RFC9111;
+
+namespace TurboHttp.IntegrationTests.TLS;
+
+[Collection("TLS")]
+public sealed class CacheIntegrationTests
+{
+    private readonly ServerFixture _server;
+    private readonly ActorSystemFixture _systemFixture;
+
+    public CacheIntegrationTests(ServerFixture server, ActorSystemFixture systemFixture)
+    {
+        _server = server;
+        _systemFixture = systemFixture;
+    }
+
+    private ClientHelper CreateCacheClient()
+    {
+        return ClientHelper.CreateClient(
+            _server.HttpsPort,
+            new Version(1, 1),
+            scheme: "https",
+            configure: builder => builder.WithCache(CachePolicy.Default),
+            system: _systemFixture.System);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-001: max-age response served from cache on second request over HTTPS")]
+    public async Task MaxAge_Response_Served_From_Cache()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        // First request — populates the cache
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/max-age/3600");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+        Assert.False(string.IsNullOrEmpty(body1), "First response body should be non-empty");
+
+        // Second request — should be served from cache (identical timestamp)
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/max-age/3600");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.Equal(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-002: no-cache forces revalidation with server over HTTPS")]
+    public async Task NoCache_Forces_Revalidation()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/no-cache");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+
+        // Small delay to ensure server timestamp differs
+        await Task.Delay(TimeSpan.FromMilliseconds(50), cts.Token);
+
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/no-cache");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.NotEqual(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-003: no-store response never cached over HTTPS")]
+    public async Task NoStore_Response_Never_Cached()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/no-store");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/no-store");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        // no-store returns a fixed string "no-store-resource", so bodies will be equal,
+        // but the response must not come from cache.
+        Assert.Equal("no-store-resource", body1);
+        Assert.Equal("no-store-resource", body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-004: ETag revalidation sends If-None-Match over HTTPS")]
+    public async Task ETag_Revalidation_Sends_IfNoneMatch()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/etag/test1");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+        Assert.Equal("etag-resource-test1", body1);
+
+        // Second request should serve from cache (max-age=3600)
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/etag/test1");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.Equal(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-005: Last-Modified revalidation sends If-Modified-Since over HTTPS")]
+    public async Task LastModified_Revalidation_Sends_IfModifiedSince()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/last-modified/doc1");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+        Assert.Equal("last-modified-resource-doc1", body1);
+
+        // Second request should serve from cache (max-age=3600)
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/last-modified/doc1");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.Equal(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-006: Vary header produces different cache entries per header value over HTTPS")]
+    public async Task Vary_Header_Produces_Different_Cache_Entries()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        // Request with Accept-Language: en
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/vary/Accept-Language");
+        request1.Headers.TryAddWithoutValidation("Accept-Language", "en");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+        Assert.Equal("vary-Accept-Language:en", body1);
+
+        // Request with Accept-Language: de — should NOT come from cache
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/vary/Accept-Language");
+        request2.Headers.TryAddWithoutValidation("Accept-Language", "de");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+        Assert.Equal("vary-Accept-Language:de", body2);
+
+        Assert.NotEqual(body1, body2);
+
+        // Request again with Accept-Language: en — should come from cache
+        var request3 = new HttpRequestMessage(HttpMethod.Get, "/cache/vary/Accept-Language");
+        request3.Headers.TryAddWithoutValidation("Accept-Language", "en");
+        var response3 = await helper.Client.SendAsync(request3, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response3.StatusCode);
+        var body3 = await response3.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.Equal(body1, body3);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-007: must-revalidate with max-age=0 forces revalidation over HTTPS")]
+    public async Task MustRevalidate_Forces_Revalidation()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/must-revalidate");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+
+        // Second request — must revalidate (max-age=0), server returns 304 if ETag matches,
+        // client should get the same cached body back after merge
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/must-revalidate");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.Equal(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-008: s-maxage respected by shared cache over HTTPS")]
+    public async Task SMaxAge_Respected_By_SharedCache()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        // Use shared cache policy to honour s-maxage
+        await using var helper = ClientHelper.CreateClient(
+            _server.HttpsPort,
+            new Version(1, 1),
+            scheme: "https",
+            configure: builder => builder.WithCache(new CachePolicy { SharedCache = true }));
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/s-maxage/3600");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/s-maxage/3600");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.Equal(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-009: Expires header enables caching over HTTPS")]
+    public async Task Expires_Header_Enables_Caching()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/expires");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/expires");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        Assert.Equal(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-010: private response cached by private cache over HTTPS")]
+    public async Task Private_Response_Cached_By_Private_Cache()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = CreateCacheClient();
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/private");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/private");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        // Private cache should still cache private responses
+        Assert.Equal(body1, body2);
+    }
+
+    [Fact(DisplayName = "Cache-TLS-011: private response not cached by shared cache over HTTPS")]
+    public async Task Private_Response_Not_Cached_By_Shared_Cache()
+    {
+        using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
+        await using var helper = ClientHelper.CreateClient(
+            _server.HttpsPort,
+            new Version(1, 1),
+            scheme: "https",
+            configure: builder => builder.WithCache(new CachePolicy { SharedCache = true }));
+
+        var request1 = new HttpRequestMessage(HttpMethod.Get, "/cache/private");
+        var response1 = await helper.Client.SendAsync(request1, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
+        var body1 = await response1.Content.ReadAsStringAsync(cts.Token);
+
+        // Small delay to ensure server timestamp differs
+        await Task.Delay(TimeSpan.FromMilliseconds(50), cts.Token);
+
+        var request2 = new HttpRequestMessage(HttpMethod.Get, "/cache/private");
+        var response2 = await helper.Client.SendAsync(request2, cts.Token);
+        Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
+        var body2 = await response2.Content.ReadAsStringAsync(cts.Token);
+
+        // Shared cache must not cache private responses
+        Assert.NotEqual(body1, body2);
+    }
+}