Merge remote-tracking branch 'andrea/ticket19323_squashed'

9 files changed, 1805 insertions, 0 deletions

diff --git a/src/or/control.c b/src/or/control.c
index 6e5dcf62e6..f127090612 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -190,6 +190,8 @@ static void set_cached_network_liveness(int liveness);
 
 static void flush_queued_events_cb(evutil_socket_t fd, short what, void *arg);
 
+static char * download_status_to_string(const download_status_t *dl);
+
 /** Given a control event code for a message event, return the corresponding
  * log severity. */
 static inline int
@@ -2051,6 +2053,410 @@ getinfo_helper_dir(control_connection_t *control_conn,
   return 0;
 }
 
+/** Turn a smartlist of digests into a human-readable list of hex strings */
+
+static char *
+digest_list_to_string(smartlist_t *sl)
+{
+  int len;
+  char *result, *s;
+
+  /* Allow for newlines, and a \0 at the end */
+  len = smartlist_len(sl) * (HEX_DIGEST_LEN + 1) + 1;
+  result = tor_malloc_zero(len);
+
+  s = result;
+  SMARTLIST_FOREACH_BEGIN(sl, char *, digest) {
+    base16_encode(s, HEX_DIGEST_LEN + 1, digest, DIGEST_LEN);
+    s[HEX_DIGEST_LEN] = '\n';
+    s += HEX_DIGEST_LEN + 1;
+  } SMARTLIST_FOREACH_END(digest);
+  *s = '\0';
+
+  return result;
+}
+
+/** Turn a download_status_t into a human-readable description in a newly
+ * allocated string. */
+
+static char *
+download_status_to_string(const download_status_t *dl)
+{
+  char *rv = NULL, *tmp;
+  char tbuf[ISO_TIME_LEN+1];
+  const char *schedule_str, *want_authority_str;
+  const char *increment_on_str, *backoff_str;
+
+  if (dl) {
+    /* Get some substrings of the eventual output ready */
+    format_iso_time(tbuf, dl->next_attempt_at);
+
+    switch (dl->schedule) {
+      case DL_SCHED_GENERIC:
+        schedule_str = "DL_SCHED_GENERIC";
+        break;
+      case DL_SCHED_CONSENSUS:
+        schedule_str = "DL_SCHED_CONSENSUS";
+        break;
+      case DL_SCHED_BRIDGE:
+        schedule_str = "DL_SCHED_BRIDGE";
+        break;
+      default:
+        schedule_str = "unknown";
+        break;
+    }
+
+    switch (dl->want_authority) {
+      case DL_WANT_ANY_DIRSERVER:
+        want_authority_str = "DL_WANT_ANY_DIRSERVER";
+        break;
+      case DL_WANT_AUTHORITY:
+        want_authority_str = "DL_WANT_AUTHORITY";
+        break;
+      default:
+        want_authority_str = "unknown";
+        break;
+    }
+
+    switch (dl->increment_on) {
+      case DL_SCHED_INCREMENT_FAILURE:
+        increment_on_str = "DL_SCHED_INCREMENT_FAILURE";
+        break;
+      case DL_SCHED_INCREMENT_ATTEMPT:
+        increment_on_str = "DL_SCHED_INCREMENT_ATTEMPT";
+        break;
+      default:
+        increment_on_str = "unknown";
+        break;
+    }
+
+    switch (dl->backoff) {
+      case DL_SCHED_DETERMINISTIC:
+        backoff_str = "DL_SCHED_DETERMINISTIC";
+        break;
+      case DL_SCHED_RANDOM_EXPONENTIAL:
+        backoff_str = "DL_SCHED_RANDOM_EXPONENTIAL";
+        break;
+      default:
+        backoff_str = "unknown";
+        break;
+    }
+
+    /* Now assemble them */
+    tor_asprintf(&tmp,
+                 "next-attempt-at %s\n"
+                 "n-download-failures %u\n"
+                 "n-download-attempts %u\n"
+                 "schedule %s\n"
+                 "want-authority %s\n"
+                 "increment-on %s\n"
+                 "backoff %s\n",
+                 tbuf,
+                 dl->n_download_failures,
+                 dl->n_download_attempts,
+                 schedule_str,
+                 want_authority_str,
+                 increment_on_str,
+                 backoff_str);
+
+    if (dl->backoff == DL_SCHED_RANDOM_EXPONENTIAL) {
+      /* Additional fields become relevant in random-exponential mode */
+      tor_asprintf(&rv,
+                   "%s"
+                   "last-backoff-position %u\n"
+                   "last-delay-used %d\n",
+                   tmp,
+                   dl->last_backoff_position,
+                   dl->last_delay_used);
+      tor_free(tmp);
+    } else {
+      /* That was it */
+      rv = tmp;
+    }
+  }
+
+  return rv;
+}
+
+/** Handle the consensus download cases for getinfo_helper_downloads() */
+STATIC void
+getinfo_helper_downloads_networkstatus(const char *flavor,
+                                       download_status_t **dl_to_emit,
+                                       const char **errmsg)
+{
+  /*
+   * We get the one for the current bootstrapped status by default, or
+   * take an extra /bootstrap or /running suffix
+   */
+  if (strcmp(flavor, "ns") == 0) {
+    *dl_to_emit = networkstatus_get_dl_status_by_flavor(FLAV_NS);
+  } else if (strcmp(flavor, "ns/bootstrap") == 0) {
+    *dl_to_emit = networkstatus_get_dl_status_by_flavor_bootstrap(FLAV_NS);
+  } else if (strcmp(flavor, "ns/running") == 0 ) {
+    *dl_to_emit = networkstatus_get_dl_status_by_flavor_running(FLAV_NS);
+  } else if (strcmp(flavor, "microdesc") == 0) {
+    *dl_to_emit = networkstatus_get_dl_status_by_flavor(FLAV_MICRODESC);
+  } else if (strcmp(flavor, "microdesc/bootstrap") == 0) {
+    *dl_to_emit =
+      networkstatus_get_dl_status_by_flavor_bootstrap(FLAV_MICRODESC);
+  } else if (strcmp(flavor, "microdesc/running") == 0) {
+    *dl_to_emit =
+      networkstatus_get_dl_status_by_flavor_running(FLAV_MICRODESC);
+  } else {
+    *errmsg = "Unknown flavor";
+  }
+}
+
+/** Handle the cert download cases for getinfo_helper_downloads() */
+STATIC void
+getinfo_helper_downloads_cert(const char *fp_sk_req,
+                              download_status_t **dl_to_emit,
+                              smartlist_t **digest_list,
+                              const char **errmsg)
+{
+  const char *sk_req;
+  char id_digest[DIGEST_LEN];
+  char sk_digest[DIGEST_LEN];
+
+  /*
+   * We have to handle four cases; fp_sk_req is the request with
+   * a prefix of "downloads/cert/" snipped off.
+   *
+   * Case 1: fp_sk_req = "fps"
+   *  - We should emit a digest_list with a list of all the identity
+   *    fingerprints that can be queried for certificate download status;
+   *    get it by calling list_authority_ids_with_downloads().
+   *
+   * Case 2: fp_sk_req = "fp/<fp>" for some fingerprint fp
+   *  - We want the default certificate for this identity fingerprint's
+   *    download status; this is the download we get from URLs starting
+   *    in /fp/ on the directory server.  We can get it with
+   *    id_only_download_status_for_authority_id().
+   *
+   * Case 3: fp_sk_req = "fp/<fp>/sks" for some fingerprint fp
+   *  - We want a list of all signing key digests for this identity
+   *    fingerprint which can be queried for certificate download status.
+   *    Get it with list_sk_digests_for_authority_id().
+   *
+   * Case 4: fp_sk_req = "fp/<fp>/<sk>" for some fingerprint fp and
+   *         signing key digest sk
+   *   - We want the download status for the certificate for this specific
+   *     signing key and fingerprint.  These correspond to the ones we get
+   *     from URLs starting in /fp-sk/ on the directory server.  Get it with
+   *     list_sk_digests_for_authority_id().
+   */
+
+  if (strcmp(fp_sk_req, "fps") == 0) {
+    *digest_list = list_authority_ids_with_downloads();
+    if (!(*digest_list)) {
+      *errmsg = "Failed to get list of authority identity digests (!)";
+    }
+  } else if (!strcmpstart(fp_sk_req, "fp/")) {
+    fp_sk_req += strlen("fp/");
+    /* Okay, look for another / to tell the fp from fp-sk cases */
+    sk_req = strchr(fp_sk_req, '/');
+    if (sk_req) {
+      /* okay, split it here and try to parse <fp> */
+      if (base16_decode(id_digest, DIGEST_LEN,
+                        fp_sk_req, sk_req - fp_sk_req) == DIGEST_LEN) {
+        /* Skip past the '/' */
+        ++sk_req;
+        if (strcmp(sk_req, "sks") == 0) {
+          /* We're asking for the list of signing key fingerprints */
+          *digest_list = list_sk_digests_for_authority_id(id_digest);
+          if (!(*digest_list)) {
+            *errmsg = "Failed to get list of signing key digests for this "
+                      "authority identity digest";
+          }
+        } else {
+          /* We've got a signing key digest */
+          if (base16_decode(sk_digest, DIGEST_LEN,
+                            sk_req, strlen(sk_req)) == DIGEST_LEN) {
+            *dl_to_emit =
+              download_status_for_authority_id_and_sk(id_digest, sk_digest);
+            if (!(*dl_to_emit)) {
+              *errmsg = "Failed to get download status for this identity/"
+                        "signing key digest pair";
+            }
+          } else {
+            *errmsg = "That didn't look like a signing key digest";
+          }
+        }
+      } else {
+        *errmsg = "That didn't look like an identity digest";
+      }
+    } else {
+      /* We're either in downloads/certs/fp/<fp>, or we can't parse <fp> */
+      if (strlen(fp_sk_req) == HEX_DIGEST_LEN) {
+        if (base16_decode(id_digest, DIGEST_LEN,
+                          fp_sk_req, strlen(fp_sk_req)) == DIGEST_LEN) {
+          *dl_to_emit = id_only_download_status_for_authority_id(id_digest);
+          if (!(*dl_to_emit)) {
+            *errmsg = "Failed to get download status for this authority "
+                      "identity digest";
+          }
+        } else {
+          *errmsg = "That didn't look like a digest";
+        }
+      } else {
+        *errmsg = "That didn't look like a digest";
+      }
+    }
+  } else {
+    *errmsg = "Unknown certificate download status query";
+  }
+}
+
+/** Handle the routerdesc download cases for getinfo_helper_downloads() */
+STATIC void
+getinfo_helper_downloads_desc(const char *desc_req,
+                              download_status_t **dl_to_emit,
+                              smartlist_t **digest_list,
+                              const char **errmsg)
+{
+  char desc_digest[DIGEST_LEN];
+  /*
+   * Two cases to handle here:
+   *
+   * Case 1: desc_req = "descs"
+   *   - Emit a list of all router descriptor digests, which we get by
+   *     calling router_get_descriptor_digests(); this can return NULL
+   *     if we have no current ns-flavor consensus.
+   *
+   * Case 2: desc_req = <fp>
+   *   - Check on the specified fingerprint and emit its download_status_t
+   *     using router_get_dl_status_by_descriptor_digest().
+   */
+
+  if (strcmp(desc_req, "descs") == 0) {
+    *digest_list = router_get_descriptor_digests();
+    if (!(*digest_list)) {
+      *errmsg = "We don't seem to have a networkstatus-flavored consensus";
+    }
+    /*
+     * Microdescs don't use the download_status_t mechanism, so we don't
+     * answer queries about their downloads here; see microdesc.c.
+     */
+  } else if (strlen(desc_req) == HEX_DIGEST_LEN) {
+    if (base16_decode(desc_digest, DIGEST_LEN,
+                      desc_req, strlen(desc_req)) == DIGEST_LEN) {
+      /* Okay we got a digest-shaped thing; try asking for it */
+      *dl_to_emit = router_get_dl_status_by_descriptor_digest(desc_digest);
+      if (!(*dl_to_emit)) {
+        *errmsg = "No such descriptor digest found";
+      }
+    } else {
+      *errmsg = "That didn't look like a digest";
+    }
+  } else {
+    *errmsg = "Unknown router descriptor download status query";
+  }
+}
+
+/** Handle the bridge download cases for getinfo_helper_downloads() */
+STATIC void
+getinfo_helper_downloads_bridge(const char *bridge_req,
+                                download_status_t **dl_to_emit,
+                                smartlist_t **digest_list,
+                                const char **errmsg)
+{
+  char bridge_digest[DIGEST_LEN];
+  /*
+   * Two cases to handle here:
+   *
+   * Case 1: bridge_req = "bridges"
+   *   - Emit a list of all bridge identity digests, which we get by
+   *     calling list_bridge_identities(); this can return NULL if we are
+   *     not using bridges.
+   *
+   * Case 2: bridge_req = <fp>
+   *   - Check on the specified fingerprint and emit its download_status_t
+   *     using get_bridge_dl_status_by_id().
+   */
+
+  if (strcmp(bridge_req, "bridges") == 0) {
+    *digest_list = list_bridge_identities();
+    if (!(*digest_list)) {
+      *errmsg = "We don't seem to be using bridges";
+    }
+  } else if (strlen(bridge_req) == HEX_DIGEST_LEN) {
+    if (base16_decode(bridge_digest, DIGEST_LEN,
+                      bridge_req, strlen(bridge_req)) == DIGEST_LEN) {
+      /* Okay we got a digest-shaped thing; try asking for it */
+      *dl_to_emit = get_bridge_dl_status_by_id(bridge_digest);
+      if (!(*dl_to_emit)) {
+        *errmsg = "No such bridge identity digest found";
+      }
+    } else {
+      *errmsg = "That didn't look like a digest";
+    }
+  } else {
+    *errmsg = "Unknown bridge descriptor download status query";
+  }
+}
+
+/** Implementation helper for GETINFO: knows the answers for questions about
+ * download status information. */
+STATIC int
+getinfo_helper_downloads(control_connection_t *control_conn,
+                   const char *question, char **answer,
+                   const char **errmsg)
+{
+  download_status_t *dl_to_emit = NULL;
+  smartlist_t *digest_list = NULL;
+
+  /* Assert args are sane */
+  tor_assert(control_conn != NULL);
+  tor_assert(question != NULL);
+  tor_assert(answer != NULL);
+  tor_assert(errmsg != NULL);
+
+  /* We check for this later to see if we should supply a default */
+  *errmsg = NULL;
+
+  /* Are we after networkstatus downloads? */
+  if (!strcmpstart(question, "downloads/networkstatus/")) {
+    getinfo_helper_downloads_networkstatus(
+        question + strlen("downloads/networkstatus/"),
+        &dl_to_emit, errmsg);
+  /* Certificates? */
+  } else if (!strcmpstart(question, "downloads/cert/")) {
+    getinfo_helper_downloads_cert(
+        question + strlen("downloads/cert/"),
+        &dl_to_emit, &digest_list, errmsg);
+  /* Router descriptors? */
+  } else if (!strcmpstart(question, "downloads/desc/")) {
+    getinfo_helper_downloads_desc(
+        question + strlen("downloads/desc/"),
+        &dl_to_emit, &digest_list, errmsg);
+  /* Bridge descriptors? */
+  } else if (!strcmpstart(question, "downloads/bridge/")) {
+    getinfo_helper_downloads_bridge(
+        question + strlen("downloads/bridge/"),
+        &dl_to_emit, &digest_list, errmsg);
+  } else {
+    *errmsg = "Unknown download status query";
+  }
+
+  if (dl_to_emit) {
+    *answer = download_status_to_string(dl_to_emit);
+
+    return 0;
+  } else if (digest_list) {
+    *answer = digest_list_to_string(digest_list);
+    SMARTLIST_FOREACH(digest_list, void *, s, tor_free(s));
+    smartlist_free(digest_list);
+
+    return 0;
+  } else {
+    if (!(*errmsg)) {
+      *errmsg = "Unknown error";
+    }
+
+    return -1;
+  }
+}
+
 /** Allocate and return a description of <b>circ</b>'s current status,
  * including its path (if any). */
 static char *
@@ -2490,6 +2896,49 @@ static const getinfo_item_t getinfo_items[] = {
   DOC("config/defaults",
       "List of default values for configuration options. "
       "See also config/names"),
+  PREFIX("downloads/networkstatus/", downloads,
+         "Download statuses for networkstatus objects"),
+  DOC("downloads/networkstatus/ns",
+      "Download status for current-mode networkstatus download"),
+  DOC("downloads/networkstatus/ns/bootstrap",
+      "Download status for bootstrap-time networkstatus download"),
+  DOC("downloads/networkstatus/ns/running",
+      "Download status for run-time networkstatus download"),
+  DOC("downloads/networkstatus/microdesc",
+      "Download status for current-mode microdesc download"),
+  DOC("downloads/networkstatus/microdesc/bootstrap",
+      "Download status for bootstrap-time microdesc download"),
+  DOC("downloads/networkstatus/microdesc/running",
+      "Download status for run-time microdesc download"),
+  PREFIX("downloads/cert/", downloads,
+         "Download statuses for certificates, by id fingerprint and "
+         "signing key"),
+  DOC("downloads/cert/fps",
+      "List of authority fingerprints for which any download statuses "
+      "exist"),
+  DOC("downloads/cert/fp/<fp>",
+      "Download status for <fp> with the default signing key; corresponds "
+      "to /fp/ URLs on directory server."),
+  DOC("downloads/cert/fp/<fp>/sks",
+      "List of signing keys for which specific download statuses are "
+      "available for this id fingerprint"),
+  DOC("downloads/cert/fp/<fp>/<sk>",
+      "Download status for <fp> with signing key <sk>; corresponds "
+      "to /fp-sk/ URLs on directory server."),
+  PREFIX("downloads/desc/", downloads,
+         "Download statuses for router descriptors, by descriptor digest"),
+  DOC("downloads/desc/descs",
+      "Return a list of known router descriptor digests"),
+  DOC("downloads/desc/<desc>",
+      "Return a download status for a given descriptor digest"),
+  PREFIX("downloads/bridge/", downloads,
+         "Download statuses for bridge descriptors, by bridge identity "
+         "digest"),
+  DOC("downloads/bridge/bridges",
+      "Return a list of configured bridge identity digests with download "
+      "statuses"),
+  DOC("downloads/bridge/<desc>",
+      "Return a download status for a given bridge identity digest"),
   ITEM("info/names", misc,
        "List of GETINFO options, types, and documentation."),
   ITEM("events/names", misc,
diff --git a/src/or/control.h b/src/or/control.h
index b3902e64bd..6330c85571 100644
--- a/src/or/control.h
+++ b/src/or/control.h
@@ -261,6 +261,31 @@ STATIC crypto_pk_t *add_onion_helper_keyarg(const char *arg, int discard_pk,
                                             char **err_msg_out);
 STATIC rend_authorized_client_t *
 add_onion_helper_clientauth(const char *arg, int *created, char **err_msg_out);
+
+STATIC void getinfo_helper_downloads_networkstatus(
+    const char *flavor,
+    download_status_t **dl_to_emit,
+    const char **errmsg);
+STATIC void getinfo_helper_downloads_cert(
+    const char *fp_sk_req,
+    download_status_t **dl_to_emit,
+    smartlist_t **digest_list,
+    const char **errmsg);
+STATIC void getinfo_helper_downloads_desc(
+    const char *desc_req,
+    download_status_t **dl_to_emit,
+    smartlist_t **digest_list,
+    const char **errmsg);
+STATIC void getinfo_helper_downloads_bridge(
+    const char *bridge_req,
+    download_status_t **dl_to_emit,
+    smartlist_t **digest_list,
+    const char **errmsg);
+STATIC int getinfo_helper_downloads(
+    control_connection_t *control_conn,
+    const char *question, char **answer,
+    const char **errmsg);
+
 #endif
 
 #endif
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 68241af987..17507fefbd 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -2424,6 +2424,44 @@ num_bridges_usable(void)
   return n_options;
 }
 
+/** Return a smartlist containing all bridge identity digests */
+MOCK_IMPL(smartlist_t *,
+list_bridge_identities, (void))
+{
+  smartlist_t *result = NULL;
+  char *digest_tmp;
+
+  if (get_options()->UseBridges && bridge_list) {
+    result = smartlist_new();
+
+    SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) {
+      digest_tmp = tor_malloc(DIGEST_LEN);
+      memcpy(digest_tmp, b->identity, DIGEST_LEN);
+      smartlist_add(result, digest_tmp);
+    } SMARTLIST_FOREACH_END(b);
+  }
+
+  return result;
+}
+
+/** Get the download status for a bridge descriptor given its identity */
+MOCK_IMPL(download_status_t *,
+get_bridge_dl_status_by_id, (const char *digest))
+{
+  download_status_t *dl = NULL;
+
+  if (digest && get_options()->UseBridges && bridge_list) {
+    SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) {
+      if (memcmp(digest, b->identity, DIGEST_LEN) == 0) {
+        dl = &(b->fetch_status);
+        break;
+      }
+    } SMARTLIST_FOREACH_END(b);
+  }
+
+  return dl;
+}
+
 /** Return 1 if we have at least one descriptor for an entry guard
  * (bridge or member of EntryNodes) and all descriptors we know are
  * down. Else return 0. If <b>act</b> is 1, then mark the down guards
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 247c80940e..1021e67d43 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -179,5 +179,9 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
                                   int orig_bandwidth,
                                   uint32_t guardfraction_percentage);
 
+MOCK_DECL(smartlist_t *, list_bridge_identities, (void));
+MOCK_DECL(download_status_t *, get_bridge_dl_status_by_id,
+          (const char *digest));
+
 #endif
 
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 3471288969..99680472f5 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -659,6 +659,43 @@ router_get_consensus_status_by_descriptor_digest(networkstatus_t *consensus,
                                                           consensus, digest);
 }
 
+/** Return a smartlist of all router descriptor digests in a consensus */
+static smartlist_t *
+router_get_descriptor_digests_in_consensus(networkstatus_t *consensus)
+{
+  smartlist_t *result = smartlist_new();
+  digestmap_iter_t *i;
+  const char *digest;
+  void *rs;
+  char *digest_tmp;
+
+  for (i = digestmap_iter_init(consensus->desc_digest_map);
+       !(digestmap_iter_done(i));
+       i = digestmap_iter_next(consensus->desc_digest_map, i)) {
+    digestmap_iter_get(i, &digest, &rs);
+    digest_tmp = tor_malloc(DIGEST_LEN);
+    memcpy(digest_tmp, digest, DIGEST_LEN);
+    smartlist_add(result, digest_tmp);
+  }
+
+  return result;
+}
+
+/** Return a smartlist of all router descriptor digests in the current
+ * consensus */
+MOCK_IMPL(smartlist_t *,
+router_get_descriptor_digests,(void))
+{
+  smartlist_t *result = NULL;
+
+  if (current_ns_consensus) {
+    result =
+      router_get_descriptor_digests_in_consensus(current_ns_consensus);
+  }
+
+  return result;
+}
+
 /** Given the digest of a router descriptor, return its current download
  * status, or NULL if the digest is unrecognized. */
 MOCK_IMPL(download_status_t *,
@@ -1179,6 +1216,52 @@ consensus_is_waiting_for_certs(void)
     ? 1 : 0;
 }
 
+/** Look up the currently active (depending on bootstrap status) download
+ * status for this consensus flavor and return a pointer to it.
+ */
+MOCK_IMPL(download_status_t *,
+networkstatus_get_dl_status_by_flavor,(consensus_flavor_t flavor))
+{
+  download_status_t *dl = NULL;
+  const int we_are_bootstrapping =
+    networkstatus_consensus_is_bootstrapping(time(NULL));
+
+  if (flavor <= N_CONSENSUS_FLAVORS) {
+    dl = &((we_are_bootstrapping ?
+           consensus_bootstrap_dl_status : consensus_dl_status)[flavor]);
+  }
+
+  return dl;
+}
+
+/** Look up the bootstrap download status for this consensus flavor
+ * and return a pointer to it. */
+MOCK_IMPL(download_status_t *,
+networkstatus_get_dl_status_by_flavor_bootstrap,(consensus_flavor_t flavor))
+{
+  download_status_t *dl = NULL;
+
+  if (flavor <= N_CONSENSUS_FLAVORS) {
+    dl = &(consensus_bootstrap_dl_status[flavor]);
+  }
+
+  return dl;
+}
+
+/** Look up the running (non-bootstrap) download status for this consensus
+ * flavor and return a pointer to it. */
+MOCK_IMPL(download_status_t *,
+networkstatus_get_dl_status_by_flavor_running,(consensus_flavor_t flavor))
+{
+  download_status_t *dl = NULL;
+
+  if (flavor <= N_CONSENSUS_FLAVORS) {
+    dl = &(consensus_dl_status[flavor]);
+  }
+
+  return dl;
+}
+
 /** Return the most recent consensus that we have downloaded, or NULL if we
  * don't have one. */
 networkstatus_t *
diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h
index aee6641c6e..65923b67ba 100644
--- a/src/or/networkstatus.h
+++ b/src/or/networkstatus.h
@@ -38,6 +38,17 @@ routerstatus_t *networkstatus_vote_find_mutable_entry(networkstatus_t *ns,
 int networkstatus_vote_find_entry_idx(networkstatus_t *ns,
                                       const char *digest, int *found_out);
 
+MOCK_DECL(download_status_t *,
+  networkstatus_get_dl_status_by_flavor,
+  (consensus_flavor_t flavor));
+MOCK_DECL(download_status_t *,
+  networkstatus_get_dl_status_by_flavor_bootstrap,
+  (consensus_flavor_t flavor));
+MOCK_DECL(download_status_t *,
+  networkstatus_get_dl_status_by_flavor_running,
+  (consensus_flavor_t flavor));
+
+MOCK_DECL(smartlist_t *, router_get_descriptor_digests, (void));
 MOCK_DECL(download_status_t *,router_get_dl_status_by_descriptor_digest,
           (const char *d));
 
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 5925d97ad5..d8319afe19 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -253,6 +253,112 @@ get_cert_list(const char *id_digest)
   return cl;
 }
 
+/** Return a list of authority ID digests with potentially enumerable lists
+ * of download_status_t objects; used by controller GETINFO queries.
+ */
+
+MOCK_IMPL(smartlist_t *,
+list_authority_ids_with_downloads, (void))
+{
+  smartlist_t *ids = smartlist_new();
+  digestmap_iter_t *i;
+  const char *digest;
+  char *tmp;
+  void *cl;
+
+  if (trusted_dir_certs) {
+    for (i = digestmap_iter_init(trusted_dir_certs);
+         !(digestmap_iter_done(i));
+         i = digestmap_iter_next(trusted_dir_certs, i)) {
+      /*
+       * We always have at least dl_status_by_id to query, so no need to
+       * probe deeper than the existence of a cert_list_t.
+       */
+      digestmap_iter_get(i, &digest, &cl);
+      tmp = tor_malloc(DIGEST_LEN);
+      memcpy(tmp, digest, DIGEST_LEN);
+      smartlist_add(ids, tmp);
+    }
+  }
+  /* else definitely no downlaods going since nothing even has a cert list */
+
+  return ids;
+}
+
+/** Given an authority ID digest, return a pointer to the default download
+ * status, or NULL if there is no such entry in trusted_dir_certs */
+
+MOCK_IMPL(download_status_t *,
+id_only_download_status_for_authority_id, (const char *digest))
+{
+  download_status_t *dl = NULL;
+  cert_list_t *cl;
+
+  if (trusted_dir_certs) {
+    cl = digestmap_get(trusted_dir_certs, digest);
+    if (cl) {
+      dl = &(cl->dl_status_by_id);
+    }
+  }
+
+  return dl;
+}
+
+/** Given an authority ID digest, return a smartlist of signing key digests
+ * for which download_status_t is potentially queryable, or NULL if no such
+ * authority ID digest is known. */
+
+MOCK_IMPL(smartlist_t *,
+list_sk_digests_for_authority_id, (const char *digest))
+{
+  smartlist_t *sks = NULL;
+  cert_list_t *cl;
+  dsmap_iter_t *i;
+  const char *sk_digest;
+  char *tmp;
+  download_status_t *dl;
+
+  if (trusted_dir_certs) {
+    cl = digestmap_get(trusted_dir_certs, digest);
+    if (cl) {
+      sks = smartlist_new();
+      if (cl->dl_status_map) {
+        for (i = dsmap_iter_init(cl->dl_status_map);
+             !(dsmap_iter_done(i));
+             i = dsmap_iter_next(cl->dl_status_map, i)) {
+          /* Pull the digest out and add it to the list */
+          dsmap_iter_get(i, &sk_digest, &dl);
+          tmp = tor_malloc(DIGEST_LEN);
+          memcpy(tmp, sk_digest, DIGEST_LEN);
+          smartlist_add(sks, tmp);
+        }
+      }
+    }
+  }
+
+  return sks;
+}
+
+/** Given an authority ID digest and a signing key digest, return the
+ * download_status_t or NULL if none exists. */
+
+MOCK_IMPL(download_status_t *,
+  download_status_for_authority_id_and_sk,
+  (const char *id_digest, const char *sk_digest))
+{
+  download_status_t *dl = NULL;
+  cert_list_t *cl = NULL;
+
+  if (trusted_dir_certs) {
+    cl = digestmap_get(trusted_dir_certs, id_digest);
+    if (cl && cl->dl_status_map) {
+      dl = dsmap_get(cl->dl_status_map, sk_digest);
+    }
+  }
+
+  return dl;
+}
+
 /** Release all space held by a cert_list_t */
 static void
 cert_list_free(cert_list_t *cl)
diff --git a/src/or/routerlist.h b/src/or/routerlist.h
index be242d6e87..e75c922d4e 100644
--- a/src/or/routerlist.h
+++ b/src/or/routerlist.h
@@ -104,6 +104,14 @@ void routerlist_remove(routerlist_t *rl, routerinfo_t *ri, int make_old,
 void routerlist_free_all(void);
 void routerlist_reset_warnings(void);
 
+MOCK_DECL(smartlist_t *, list_authority_ids_with_downloads, (void);)
+MOCK_DECL(download_status_t *, id_only_download_status_for_authority_id,
+          (const char *digest));
+MOCK_DECL(smartlist_t *, list_sk_digests_for_authority_id,
+          (const char *digest));
+MOCK_DECL(download_status_t *, download_status_for_authority_id_and_sk,
+    (const char *id_digest, const char *sk_digest));
+
 static int WRA_WAS_ADDED(was_router_added_t s);
 static int WRA_WAS_OUTDATED(was_router_added_t s);
 static int WRA_WAS_REJECTED(was_router_added_t s);
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
index b276e06787..0dea8473b9 100644
--- a/src/test/test_controller.c
+++ b/src/test/test_controller.c
@@ -4,7 +4,10 @@
 #define CONTROL_PRIVATE
 #include "or.h"
 #include "control.h"
+#include "entrynodes.h"
+#include "networkstatus.h"
 #include "rendservice.h"
+#include "routerlist.h"
 #include "test.h"
 
 static void
@@ -203,12 +206,1090 @@ test_add_onion_helper_clientauth(void *arg)
   tor_free(err_msg);
 }
 
+/* Mocks and data/variables used for GETINFO download status tests */
+
+static const download_status_t dl_status_default =
+  { 0, 0, 0, DL_SCHED_CONSENSUS, DL_WANT_ANY_DIRSERVER,
+    DL_SCHED_INCREMENT_FAILURE, DL_SCHED_RANDOM_EXPONENTIAL, 0, 0 };
+static download_status_t ns_dl_status[N_CONSENSUS_FLAVORS];
+static download_status_t ns_dl_status_bootstrap[N_CONSENSUS_FLAVORS];
+static download_status_t ns_dl_status_running[N_CONSENSUS_FLAVORS];
+
+/*
+ * These should explore all the possible cases of download_status_to_string()
+ * in control.c
+ */
+static const download_status_t dls_sample_1 =
+  { 1467163900, 0, 0, DL_SCHED_GENERIC, DL_WANT_ANY_DIRSERVER,
+    DL_SCHED_INCREMENT_FAILURE, DL_SCHED_DETERMINISTIC, 0, 0 };
+static const char * dls_sample_1_str =
+    "next-attempt-at 2016-06-29 01:31:40\n"
+    "n-download-failures 0\n"
+    "n-download-attempts 0\n"
+    "schedule DL_SCHED_GENERIC\n"
+    "want-authority DL_WANT_ANY_DIRSERVER\n"
+    "increment-on DL_SCHED_INCREMENT_FAILURE\n"
+    "backoff DL_SCHED_DETERMINISTIC\n";
+static const download_status_t dls_sample_2 =
+  { 1467164400, 1, 2, DL_SCHED_CONSENSUS, DL_WANT_AUTHORITY,
+    DL_SCHED_INCREMENT_FAILURE, DL_SCHED_DETERMINISTIC, 0, 0 };
+static const char * dls_sample_2_str =
+    "next-attempt-at 2016-06-29 01:40:00\n"
+    "n-download-failures 1\n"
+    "n-download-attempts 2\n"
+    "schedule DL_SCHED_CONSENSUS\n"
+    "want-authority DL_WANT_AUTHORITY\n"
+    "increment-on DL_SCHED_INCREMENT_FAILURE\n"
+    "backoff DL_SCHED_DETERMINISTIC\n";
+static const download_status_t dls_sample_3 =
+  { 1467154400, 12, 25, DL_SCHED_BRIDGE, DL_WANT_ANY_DIRSERVER,
+    DL_SCHED_INCREMENT_ATTEMPT, DL_SCHED_DETERMINISTIC, 0, 0 };
+static const char * dls_sample_3_str =
+    "next-attempt-at 2016-06-28 22:53:20\n"
+    "n-download-failures 12\n"
+    "n-download-attempts 25\n"
+    "schedule DL_SCHED_BRIDGE\n"
+    "want-authority DL_WANT_ANY_DIRSERVER\n"
+    "increment-on DL_SCHED_INCREMENT_ATTEMPT\n"
+    "backoff DL_SCHED_DETERMINISTIC\n";
+static const download_status_t dls_sample_4 =
+  { 1467166600, 3, 0, DL_SCHED_GENERIC, DL_WANT_ANY_DIRSERVER,
+    DL_SCHED_INCREMENT_FAILURE, DL_SCHED_RANDOM_EXPONENTIAL, 0, 0 };
+static const char * dls_sample_4_str =
+    "next-attempt-at 2016-06-29 02:16:40\n"
+    "n-download-failures 3\n"
+    "n-download-attempts 0\n"
+    "schedule DL_SCHED_GENERIC\n"
+    "want-authority DL_WANT_ANY_DIRSERVER\n"
+    "increment-on DL_SCHED_INCREMENT_FAILURE\n"
+    "backoff DL_SCHED_RANDOM_EXPONENTIAL\n"
+    "last-backoff-position 0\n"
+    "last-delay-used 0\n";
+static const download_status_t dls_sample_5 =
+  { 1467164600, 3, 7, DL_SCHED_CONSENSUS, DL_WANT_ANY_DIRSERVER,
+    DL_SCHED_INCREMENT_FAILURE, DL_SCHED_RANDOM_EXPONENTIAL, 1, 2112, };
+static const char * dls_sample_5_str =
+    "next-attempt-at 2016-06-29 01:43:20\n"
+    "n-download-failures 3\n"
+    "n-download-attempts 7\n"
+    "schedule DL_SCHED_CONSENSUS\n"
+    "want-authority DL_WANT_ANY_DIRSERVER\n"
+    "increment-on DL_SCHED_INCREMENT_FAILURE\n"
+    "backoff DL_SCHED_RANDOM_EXPONENTIAL\n"
+    "last-backoff-position 1\n"
+    "last-delay-used 2112\n";
+static const download_status_t dls_sample_6 =
+  { 1467164200, 4, 9, DL_SCHED_CONSENSUS, DL_WANT_AUTHORITY,
+    DL_SCHED_INCREMENT_ATTEMPT, DL_SCHED_RANDOM_EXPONENTIAL, 3, 432 };
+static const char * dls_sample_6_str =
+    "next-attempt-at 2016-06-29 01:36:40\n"
+    "n-download-failures 4\n"
+    "n-download-attempts 9\n"
+    "schedule DL_SCHED_CONSENSUS\n"
+    "want-authority DL_WANT_AUTHORITY\n"
+    "increment-on DL_SCHED_INCREMENT_ATTEMPT\n"
+    "backoff DL_SCHED_RANDOM_EXPONENTIAL\n"
+    "last-backoff-position 3\n"
+    "last-delay-used 432\n";
+
+/* Simulated auth certs */
+static const char *auth_id_digest_1_str =
+    "63CDD326DFEF0CA020BDD3FEB45A3286FE13A061";
+static download_status_t auth_def_cert_download_status_1;
+static const char *auth_id_digest_2_str =
+    "2C209FCDD8D48DC049777B8DC2C0F94A0408BE99";
+static download_status_t auth_def_cert_download_status_2;
+/* Expected form of digest list returned for GETINFO downloads/cert/fps */
+static const char *auth_id_digest_expected_list =
+    "63CDD326DFEF0CA020BDD3FEB45A3286FE13A061\n"
+    "2C209FCDD8D48DC049777B8DC2C0F94A0408BE99\n";
+
+/* Signing keys for simulated auth 1 */
+static const char *auth_1_sk_1_str =
+    "AA69566029B1F023BA09451B8F1B10952384EB58";
+static download_status_t auth_1_sk_1_dls;
+static const char *auth_1_sk_2_str =
+    "710865C7F06B73C5292695A8C34F1C94F769FF72";
+static download_status_t auth_1_sk_2_dls;
+/*
+ * Expected form of sk digest list for
+ * GETINFO downloads/cert/<auth_id_digest_1_str>/sks
+ */
+static const char *auth_1_sk_digest_expected_list =
+    "AA69566029B1F023BA09451B8F1B10952384EB58\n"
+    "710865C7F06B73C5292695A8C34F1C94F769FF72\n";
+
+/* Signing keys for simulated auth 2 */
+static const char *auth_2_sk_1_str =
+    "4299047E00D070AD6703FE00BE7AA756DB061E62";
+static download_status_t auth_2_sk_1_dls;
+static const char *auth_2_sk_2_str =
+    "9451B8F1B10952384EB58B5F230C0BB701626C9B";
+static download_status_t auth_2_sk_2_dls;
+/*
+ * Expected form of sk digest list for
+ * GETINFO downloads/cert/<auth_id_digest_2_str>/sks
+ */
+static const char *auth_2_sk_digest_expected_list =
+    "4299047E00D070AD6703FE00BE7AA756DB061E62\n"
+    "9451B8F1B10952384EB58B5F230C0BB701626C9B\n";
+
+/* Simulated router descriptor digests or bridge identity digests */
+static const char *descbr_digest_1_str =
+    "616408544C7345822696074A1A3DFA16AB381CBD";
+static download_status_t descbr_digest_1_dl;
+static const char *descbr_digest_2_str =
+    "06E8067246967265DBCB6641631B530EFEC12DC3";
+static download_status_t descbr_digest_2_dl;
+/* Expected form of digest list returned for GETINFO downloads/desc/descs */
+static const char *descbr_expected_list =
+    "616408544C7345822696074A1A3DFA16AB381CBD\n"
+    "06E8067246967265DBCB6641631B530EFEC12DC3\n";
+/*
+ * Flag to make all descbr queries fail, to simulate not being
+ * configured such that such queries make sense.
+ */
+static int disable_descbr = 0;
+
+static void
+reset_mocked_dl_statuses(void)
+{
+  int i;
+
+  for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) {
+    memcpy(&(ns_dl_status[i]), &dl_status_default,
+           sizeof(download_status_t));
+    memcpy(&(ns_dl_status_bootstrap[i]), &dl_status_default,
+           sizeof(download_status_t));
+    memcpy(&(ns_dl_status_running[i]), &dl_status_default,
+           sizeof(download_status_t));
+  }
+
+  memcpy(&auth_def_cert_download_status_1, &dl_status_default,
+         sizeof(download_status_t));
+  memcpy(&auth_def_cert_download_status_2, &dl_status_default,
+         sizeof(download_status_t));
+  memcpy(&auth_1_sk_1_dls, &dl_status_default,
+         sizeof(download_status_t));
+  memcpy(&auth_1_sk_2_dls, &dl_status_default,
+         sizeof(download_status_t));
+  memcpy(&auth_2_sk_1_dls, &dl_status_default,
+         sizeof(download_status_t));
+  memcpy(&auth_2_sk_2_dls, &dl_status_default,
+         sizeof(download_status_t));
+
+  memcpy(&descbr_digest_1_dl, &dl_status_default,
+         sizeof(download_status_t));
+  memcpy(&descbr_digest_2_dl, &dl_status_default,
+         sizeof(download_status_t));
+}
+
+static download_status_t *
+ns_dl_status_mock(consensus_flavor_t flavor)
+{
+  return &(ns_dl_status[flavor]);
+}
+
+static download_status_t *
+ns_dl_status_bootstrap_mock(consensus_flavor_t flavor)
+{
+  return &(ns_dl_status_bootstrap[flavor]);
+}
+
+static download_status_t *
+ns_dl_status_running_mock(consensus_flavor_t flavor)
+{
+  return &(ns_dl_status_running[flavor]);
+}
+
+static void
+setup_ns_mocks(void)
+{
+  MOCK(networkstatus_get_dl_status_by_flavor, ns_dl_status_mock);
+  MOCK(networkstatus_get_dl_status_by_flavor_bootstrap,
+       ns_dl_status_bootstrap_mock);
+  MOCK(networkstatus_get_dl_status_by_flavor_running,
+       ns_dl_status_running_mock);
+  reset_mocked_dl_statuses();
+}
+
+static void
+clear_ns_mocks(void)
+{
+  UNMOCK(networkstatus_get_dl_status_by_flavor);
+  UNMOCK(networkstatus_get_dl_status_by_flavor_bootstrap);
+  UNMOCK(networkstatus_get_dl_status_by_flavor_running);
+}
+
+static smartlist_t *
+cert_dl_status_auth_ids_mock(void)
+{
+  char digest[DIGEST_LEN], *tmp;
+  int len;
+  smartlist_t *list = NULL;
+
+  /* Just pretend we have only the two hard-coded digests listed above */
+  list = smartlist_new();
+  len = base16_decode(digest, DIGEST_LEN,
+                      auth_id_digest_1_str, strlen(auth_id_digest_1_str));
+  tt_int_op(len, OP_EQ, DIGEST_LEN);
+  tmp = tor_malloc(DIGEST_LEN);
+  memcpy(tmp, digest, DIGEST_LEN);
+  smartlist_add(list, tmp);
+  len = base16_decode(digest, DIGEST_LEN,
+                      auth_id_digest_2_str, strlen(auth_id_digest_2_str));
+  tt_int_op(len, OP_EQ, DIGEST_LEN);
+  tmp = tor_malloc(DIGEST_LEN);
+  memcpy(tmp, digest, DIGEST_LEN);
+  smartlist_add(list, tmp);
+
+ done:
+  return list;
+}
+
+static download_status_t *
+cert_dl_status_def_for_auth_mock(const char *digest)
+{
+  download_status_t *dl = NULL;
+  char digest_str[HEX_DIGEST_LEN+1];
+
+  tt_assert(digest != NULL);
+  base16_encode(digest_str, HEX_DIGEST_LEN + 1,
+                digest, DIGEST_LEN);
+  digest_str[HEX_DIGEST_LEN] = '\0';
+
+  if (strcmp(digest_str, auth_id_digest_1_str) == 0) {
+    dl = &auth_def_cert_download_status_1;
+  } else if (strcmp(digest_str, auth_id_digest_2_str) == 0) {
+    dl = &auth_def_cert_download_status_2;
+  }
+
+ done:
+  return dl;
+}
+
+static smartlist_t *
+cert_dl_status_sks_for_auth_id_mock(const char *digest)
+{
+  smartlist_t *list = NULL;
+  char sk[DIGEST_LEN];
+  char digest_str[HEX_DIGEST_LEN+1];
+  char *tmp;
+  int len;
+
+  tt_assert(digest != NULL);
+  base16_encode(digest_str, HEX_DIGEST_LEN + 1,
+                digest, DIGEST_LEN);
+  digest_str[HEX_DIGEST_LEN] = '\0';
+
+  /*
+   * Build a list of two hard-coded digests, depending on what we
+   * were just passed.
+   */
+  if (strcmp(digest_str, auth_id_digest_1_str) == 0) {
+    list = smartlist_new();
+    len = base16_decode(sk, DIGEST_LEN,
+                        auth_1_sk_1_str, strlen(auth_1_sk_1_str));
+    tt_int_op(len, OP_EQ, DIGEST_LEN);
+    tmp = tor_malloc(DIGEST_LEN);
+    memcpy(tmp, sk, DIGEST_LEN);
+    smartlist_add(list, tmp);
+    len = base16_decode(sk, DIGEST_LEN,
+                        auth_1_sk_2_str, strlen(auth_1_sk_2_str));
+    tt_int_op(len, OP_EQ, DIGEST_LEN);
+    tmp = tor_malloc(DIGEST_LEN);
+    memcpy(tmp, sk, DIGEST_LEN);
+    smartlist_add(list, tmp);
+  } else if (strcmp(digest_str, auth_id_digest_2_str) == 0) {
+    list = smartlist_new();
+    len = base16_decode(sk, DIGEST_LEN,
+                        auth_2_sk_1_str, strlen(auth_2_sk_1_str));
+    tt_int_op(len, OP_EQ, DIGEST_LEN);
+    tmp = tor_malloc(DIGEST_LEN);
+    memcpy(tmp, sk, DIGEST_LEN);
+    smartlist_add(list, tmp);
+    len = base16_decode(sk, DIGEST_LEN,
+                        auth_2_sk_2_str, strlen(auth_2_sk_2_str));
+    tt_int_op(len, OP_EQ, DIGEST_LEN);
+    tmp = tor_malloc(DIGEST_LEN);
+    memcpy(tmp, sk, DIGEST_LEN);
+    smartlist_add(list, tmp);
+  }
+
+ done:
+  return list;
+}
+
+static download_status_t *
+cert_dl_status_fp_sk_mock(const char *fp_digest, const char *sk_digest)
+{
+  download_status_t *dl = NULL;
+  char fp_digest_str[HEX_DIGEST_LEN+1], sk_digest_str[HEX_DIGEST_LEN+1];
+
+  /*
+   * Unpack the digests so we can compare them and figure out which
+   * dl status we want.
+   */
+
+  tt_assert(fp_digest != NULL);
+  base16_encode(fp_digest_str, HEX_DIGEST_LEN + 1,
+                fp_digest, DIGEST_LEN);
+  fp_digest_str[HEX_DIGEST_LEN] = '\0';
+  tt_assert(sk_digest != NULL);
+  base16_encode(sk_digest_str, HEX_DIGEST_LEN + 1,
+                sk_digest, DIGEST_LEN);
+  sk_digest_str[HEX_DIGEST_LEN] = '\0';
+
+  if (strcmp(fp_digest_str, auth_id_digest_1_str) == 0) {
+    if (strcmp(sk_digest_str, auth_1_sk_1_str) == 0) {
+      dl = &auth_1_sk_1_dls;
+    } else if (strcmp(sk_digest_str, auth_1_sk_2_str) == 0) {
+      dl = &auth_1_sk_2_dls;
+    }
+  } else if (strcmp(fp_digest_str, auth_id_digest_2_str) == 0) {
+    if (strcmp(sk_digest_str, auth_2_sk_1_str) == 0) {
+      dl = &auth_2_sk_1_dls;
+    } else if (strcmp(sk_digest_str, auth_2_sk_2_str) == 0) {
+      dl = &auth_2_sk_2_dls;
+    }
+  }
+
+ done:
+  return dl;
+}
+
+static void
+setup_cert_mocks(void)
+{
+  MOCK(list_authority_ids_with_downloads, cert_dl_status_auth_ids_mock);
+  MOCK(id_only_download_status_for_authority_id,
+       cert_dl_status_def_for_auth_mock);
+  MOCK(list_sk_digests_for_authority_id,
+       cert_dl_status_sks_for_auth_id_mock);
+  MOCK(download_status_for_authority_id_and_sk,
+       cert_dl_status_fp_sk_mock);
+  reset_mocked_dl_statuses();
+}
+
+static void
+clear_cert_mocks(void)
+{
+  UNMOCK(list_authority_ids_with_downloads);
+  UNMOCK(id_only_download_status_for_authority_id);
+  UNMOCK(list_sk_digests_for_authority_id);
+  UNMOCK(download_status_for_authority_id_and_sk);
+}
+
+static smartlist_t *
+descbr_get_digests_mock(void)
+{
+  char digest[DIGEST_LEN], *tmp;
+  int len;
+  smartlist_t *list = NULL;
+
+  if (!disable_descbr) {
+    /* Just pretend we have only the two hard-coded digests listed above */
+    list = smartlist_new();
+    len = base16_decode(digest, DIGEST_LEN,
+                        descbr_digest_1_str, strlen(descbr_digest_1_str));
+    tt_int_op(len, OP_EQ, DIGEST_LEN);
+    tmp = tor_malloc(DIGEST_LEN);
+    memcpy(tmp, digest, DIGEST_LEN);
+    smartlist_add(list, tmp);
+    len = base16_decode(digest, DIGEST_LEN,
+                        descbr_digest_2_str, strlen(descbr_digest_2_str));
+    tt_int_op(len, OP_EQ, DIGEST_LEN);
+    tmp = tor_malloc(DIGEST_LEN);
+    memcpy(tmp, digest, DIGEST_LEN);
+    smartlist_add(list, tmp);
+  }
+
+ done:
+  return list;
+}
+
+static download_status_t *
+descbr_get_dl_by_digest_mock(const char *digest)
+{
+  download_status_t *dl = NULL;
+  char digest_str[HEX_DIGEST_LEN+1];
+
+  if (!disable_descbr) {
+    tt_assert(digest != NULL);
+    base16_encode(digest_str, HEX_DIGEST_LEN + 1,
+                  digest, DIGEST_LEN);
+    digest_str[HEX_DIGEST_LEN] = '\0';
+
+    if (strcmp(digest_str, descbr_digest_1_str) == 0) {
+      dl = &descbr_digest_1_dl;
+    } else if (strcmp(digest_str, descbr_digest_2_str) == 0) {
+      dl = &descbr_digest_2_dl;
+    }
+  }
+
+ done:
+  return dl;
+}
+
+static void
+setup_desc_mocks(void)
+{
+  MOCK(router_get_descriptor_digests,
+       descbr_get_digests_mock);
+  MOCK(router_get_dl_status_by_descriptor_digest,
+       descbr_get_dl_by_digest_mock);
+  reset_mocked_dl_statuses();
+}
+
+static void
+clear_desc_mocks(void)
+{
+  UNMOCK(router_get_descriptor_digests);
+  UNMOCK(router_get_dl_status_by_descriptor_digest);
+}
+
+static void
+setup_bridge_mocks(void)
+{
+  disable_descbr = 0;
+
+  MOCK(list_bridge_identities,
+       descbr_get_digests_mock);
+  MOCK(get_bridge_dl_status_by_id,
+       descbr_get_dl_by_digest_mock);
+  reset_mocked_dl_statuses();
+}
+
+static void
+clear_bridge_mocks(void)
+{
+  UNMOCK(list_bridge_identities);
+  UNMOCK(get_bridge_dl_status_by_id);
+
+  disable_descbr = 0;
+}
+
+static void
+test_download_status_consensus(void *arg)
+{
+  /* We just need one of these to pass, it doesn't matter what's in it */
+  control_connection_t dummy;
+  /* Get results out */
+  char *answer = NULL;
+  const char *errmsg = NULL;
+
+  (void)arg;
+
+  /* Check that the unknown prefix case works; no mocks needed yet */
+  getinfo_helper_downloads(&dummy, "downloads/foo", &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_str_op(errmsg, OP_EQ, "Unknown download status query");
+
+  setup_ns_mocks();
+
+  /*
+   * Check returning serialized dlstatuses, and implicitly also test
+   * download_status_to_string().
+   */
+
+  /* Case 1 default/FLAV_NS*/
+  memcpy(&(ns_dl_status[FLAV_NS]), &dls_sample_1,
+         sizeof(download_status_t));
+  getinfo_helper_downloads(&dummy, "downloads/networkstatus/ns",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_1_str);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 2 default/FLAV_MICRODESC */
+  memcpy(&(ns_dl_status[FLAV_MICRODESC]), &dls_sample_2,
+         sizeof(download_status_t));
+  getinfo_helper_downloads(&dummy, "downloads/networkstatus/microdesc",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_2_str);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 3 bootstrap/FLAV_NS */
+  memcpy(&(ns_dl_status_bootstrap[FLAV_NS]), &dls_sample_3,
+         sizeof(download_status_t));
+  getinfo_helper_downloads(&dummy, "downloads/networkstatus/ns/bootstrap",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_3_str);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 4 bootstrap/FLAV_MICRODESC */
+  memcpy(&(ns_dl_status_bootstrap[FLAV_MICRODESC]), &dls_sample_4,
+         sizeof(download_status_t));
+  getinfo_helper_downloads(&dummy,
+                           "downloads/networkstatus/microdesc/bootstrap",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_4_str);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 5 running/FLAV_NS */
+  memcpy(&(ns_dl_status_running[FLAV_NS]), &dls_sample_5,
+         sizeof(download_status_t));
+  getinfo_helper_downloads(&dummy,
+                           "downloads/networkstatus/ns/running",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_5_str);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 6 running/FLAV_MICRODESC */
+  memcpy(&(ns_dl_status_running[FLAV_MICRODESC]), &dls_sample_6,
+         sizeof(download_status_t));
+  getinfo_helper_downloads(&dummy,
+                           "downloads/networkstatus/microdesc/running",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_6_str);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Now check the error case */
+  getinfo_helper_downloads(&dummy, "downloads/networkstatus/foo",
+                           &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "Unknown flavor");
+  errmsg = NULL;
+
+ done:
+  clear_ns_mocks();
+  tor_free(answer);
+
+  return;
+}
+
+static void
+test_download_status_cert(void *arg)
+{
+  /* We just need one of these to pass, it doesn't matter what's in it */
+  control_connection_t dummy;
+  /* Get results out */
+  char *question = NULL;
+  char *answer = NULL;
+  const char *errmsg = NULL;
+
+  (void)arg;
+
+  setup_cert_mocks();
+
+  /*
+   * Check returning serialized dlstatuses and digest lists, and implicitly
+   * also test download_status_to_string() and digest_list_to_string().
+   */
+
+  /* Case 1 - list of authority identity fingerprints */
+  getinfo_helper_downloads(&dummy,
+                           "downloads/cert/fps",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, auth_id_digest_expected_list);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 2 - download status for default cert for 1st auth id */
+  memcpy(&auth_def_cert_download_status_1, &dls_sample_1,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/cert/fp/%s", auth_id_digest_1_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_1_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 3 - download status for default cert for 2nd auth id */
+  memcpy(&auth_def_cert_download_status_2, &dls_sample_2,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/cert/fp/%s", auth_id_digest_2_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_2_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 4 - list of signing key digests for 1st auth id */
+  tor_asprintf(&question, "downloads/cert/fp/%s/sks", auth_id_digest_1_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, auth_1_sk_digest_expected_list);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 5 - list of signing key digests for 2nd auth id */
+  tor_asprintf(&question, "downloads/cert/fp/%s/sks", auth_id_digest_2_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, auth_2_sk_digest_expected_list);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 6 - download status for 1st auth id, 1st sk */
+  memcpy(&auth_1_sk_1_dls, &dls_sample_3,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/cert/fp/%s/%s",
+               auth_id_digest_1_str, auth_1_sk_1_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_3_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 7 - download status for 1st auth id, 2nd sk */
+  memcpy(&auth_1_sk_2_dls, &dls_sample_4,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/cert/fp/%s/%s",
+               auth_id_digest_1_str, auth_1_sk_2_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_4_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 8 - download status for 2nd auth id, 1st sk */
+  memcpy(&auth_2_sk_1_dls, &dls_sample_5,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/cert/fp/%s/%s",
+               auth_id_digest_2_str, auth_2_sk_1_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_5_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 9 - download status for 2nd auth id, 2nd sk */
+  memcpy(&auth_2_sk_2_dls, &dls_sample_6,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/cert/fp/%s/%s",
+               auth_id_digest_2_str, auth_2_sk_2_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_6_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Now check the error cases */
+
+  /* Case 1 - query is garbage after downloads/cert/ part */
+  getinfo_helper_downloads(&dummy, "downloads/cert/blahdeblah",
+                           &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "Unknown certificate download status query");
+  errmsg = NULL;
+
+  /*
+   * Case 2 - looks like downloads/cert/fp/<fp>, but <fp> isn't even
+   * the right length for a digest.
+   */
+  getinfo_helper_downloads(&dummy, "downloads/cert/fp/2B1D36D32B2942406",
+                           &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like a digest");
+  errmsg = NULL;
+
+  /*
+   * Case 3 - looks like downloads/cert/fp/<fp>, and <fp> is digest-sized,
+   * but not parseable as one.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/82F52AF55D250115FE44D3GC81D49643241D56A1",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like a digest");
+  errmsg = NULL;
+
+  /*
+   * Case 4 - downloads/cert/fp/<fp>, and <fp> is not a known authority
+   * identity digest
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ,
+      "Failed to get download status for this authority identity digest");
+  errmsg = NULL;
+
+  /*
+   * Case 5 - looks like downloads/cert/fp/<fp>/<anything>, but <fp> doesn't
+   * parse as a sensible digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/82F52AF55D250115FE44D3GC81D49643241D56A1/blah",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like an identity digest");
+  errmsg = NULL;
+
+  /*
+   * Case 6 - looks like downloads/cert/fp/<fp>/<anything>, but <fp> doesn't
+   * parse as a sensible digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/82F52AF55D25/blah",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like an identity digest");
+  errmsg = NULL;
+
+  /*
+   * Case 7 - downloads/cert/fp/<fp>/sks, and <fp> is not a known authority
+   * digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61/sks",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ,
+      "Failed to get list of signing key digests for this authority "
+      "identity digest");
+  errmsg = NULL;
+
+  /*
+   * Case 8 - looks like downloads/cert/fp/<fp>/<sk>, but <sk> doesn't
+   * parse as a signing key digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61/"
+      "82F52AF55D250115FE44D3GC81D49643241D56A1",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like a signing key digest");
+  errmsg = NULL;
+
+  /*
+   * Case 9 - looks like downloads/cert/fp/<fp>/<sk>, but <sk> doesn't
+   * parse as a signing key digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61/"
+      "82F52AF55D250115FE44D",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like a signing key digest");
+  errmsg = NULL;
+
+  /*
+   * Case 10 - downloads/cert/fp/<fp>/<sk>, but <fp> isn't a known
+   * authority identity digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/C6B05DF332F74DB9A13498EE3BBC7AA2F69FCB45/"
+      "3A214FC21AE25B012C2ECCB5F4EC8A3602D0545D",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ,
+      "Failed to get download status for this identity/"
+      "signing key digest pair");
+  errmsg = NULL;
+
+  /*
+   * Case 11 - downloads/cert/fp/<fp>/<sk>, but <sk> isn't a known
+   * signing key digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/63CDD326DFEF0CA020BDD3FEB45A3286FE13A061/"
+      "3A214FC21AE25B012C2ECCB5F4EC8A3602D0545D",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ,
+      "Failed to get download status for this identity/"
+      "signing key digest pair");
+  errmsg = NULL;
+
+  /*
+   * Case 12 - downloads/cert/fp/<fp>/<sk>, but <sk> is on the list for
+   * a different authority identity digest.
+   */
+  getinfo_helper_downloads(&dummy,
+      "downloads/cert/fp/63CDD326DFEF0CA020BDD3FEB45A3286FE13A061/"
+      "9451B8F1B10952384EB58B5F230C0BB701626C9B",
+      &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ,
+      "Failed to get download status for this identity/"
+      "signing key digest pair");
+  errmsg = NULL;
+
+ done:
+  clear_cert_mocks();
+  tor_free(answer);
+
+  return;
+}
+
+static void
+test_download_status_desc(void *arg)
+{
+  /* We just need one of these to pass, it doesn't matter what's in it */
+  control_connection_t dummy;
+  /* Get results out */
+  char *question = NULL;
+  char *answer = NULL;
+  const char *errmsg = NULL;
+
+  (void)arg;
+
+  setup_desc_mocks();
+
+  /*
+   * Check returning serialized dlstatuses and digest lists, and implicitly
+   * also test download_status_to_string() and digest_list_to_string().
+   */
+
+  /* Case 1 - list of router descriptor digests */
+  getinfo_helper_downloads(&dummy,
+                           "downloads/desc/descs",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, descbr_expected_list);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 2 - get download status for router descriptor 1 */
+  memcpy(&descbr_digest_1_dl, &dls_sample_1,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/desc/%s", descbr_digest_1_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_1_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 3 - get download status for router descriptor 1 */
+  memcpy(&descbr_digest_2_dl, &dls_sample_2,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/desc/%s", descbr_digest_2_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_2_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Now check the error cases */
+
+  /* Case 1 - non-digest-length garbage after downloads/desc */
+  getinfo_helper_downloads(&dummy, "downloads/desc/blahdeblah",
+                           &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "Unknown router descriptor download status query");
+  errmsg = NULL;
+
+  /* Case 2 - nonparseable digest-shaped thing */
+  getinfo_helper_downloads(
+    &dummy,
+    "downloads/desc/774EC52FD9A5B80A6FACZE536616E8022E3470AG",
+    &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like a digest");
+  errmsg = NULL;
+
+  /* Case 3 - digest we have no descriptor for */
+  getinfo_helper_downloads(
+    &dummy,
+    "downloads/desc/B05B46135B0B2C04EBE1DD6A6AE4B12D7CD2226A",
+    &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "No such descriptor digest found");
+  errmsg = NULL;
+
+  /* Case 4 - microdescs only */
+  disable_descbr = 1;
+  getinfo_helper_downloads(&dummy,
+                           "downloads/desc/descs",
+                           &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ,
+            "We don't seem to have a networkstatus-flavored consensus");
+  errmsg = NULL;
+  disable_descbr = 0;
+
+ done:
+  clear_desc_mocks();
+  tor_free(answer);
+
+  return;
+}
+
+static void
+test_download_status_bridge(void *arg)
+{
+  /* We just need one of these to pass, it doesn't matter what's in it */
+  control_connection_t dummy;
+  /* Get results out */
+  char *question = NULL;
+  char *answer = NULL;
+  const char *errmsg = NULL;
+
+  (void)arg;
+
+  setup_bridge_mocks();
+
+  /*
+   * Check returning serialized dlstatuses and digest lists, and implicitly
+   * also test download_status_to_string() and digest_list_to_string().
+   */
+
+  /* Case 1 - list of bridge identity digests */
+  getinfo_helper_downloads(&dummy,
+                           "downloads/bridge/bridges",
+                           &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, descbr_expected_list);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 2 - get download status for bridge descriptor 1 */
+  memcpy(&descbr_digest_1_dl, &dls_sample_3,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/bridge/%s", descbr_digest_1_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_3_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Case 3 - get download status for router descriptor 1 */
+  memcpy(&descbr_digest_2_dl, &dls_sample_4,
+         sizeof(download_status_t));
+  tor_asprintf(&question, "downloads/bridge/%s", descbr_digest_2_str);
+  tt_assert(question != NULL);
+  getinfo_helper_downloads(&dummy, question, &answer, &errmsg);
+  tt_assert(answer != NULL);
+  tt_assert(errmsg == NULL);
+  tt_str_op(answer, OP_EQ, dls_sample_4_str);
+  tor_free(question);
+  tor_free(answer);
+  errmsg = NULL;
+
+  /* Now check the error cases */
+
+  /* Case 1 - non-digest-length garbage after downloads/bridge */
+  getinfo_helper_downloads(&dummy, "downloads/bridge/blahdeblah",
+                           &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "Unknown bridge descriptor download status query");
+  errmsg = NULL;
+
+  /* Case 2 - nonparseable digest-shaped thing */
+  getinfo_helper_downloads(
+    &dummy,
+    "downloads/bridge/774EC52FD9A5B80A6FACZE536616E8022E3470AG",
+    &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "That didn't look like a digest");
+  errmsg = NULL;
+
+  /* Case 3 - digest we have no descriptor for */
+  getinfo_helper_downloads(
+    &dummy,
+    "downloads/bridge/B05B46135B0B2C04EBE1DD6A6AE4B12D7CD2226A",
+    &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "No such bridge identity digest found");
+  errmsg = NULL;
+
+  /* Case 4 - bridges disabled */
+  disable_descbr = 1;
+  getinfo_helper_downloads(&dummy,
+                           "downloads/bridge/bridges",
+                           &answer, &errmsg);
+  tt_assert(answer == NULL);
+  tt_assert(errmsg != NULL);
+  tt_str_op(errmsg, OP_EQ, "We don't seem to be using bridges");
+  errmsg = NULL;
+  disable_descbr = 0;
+
+ done:
+  clear_bridge_mocks();
+  tor_free(answer);
+
+  return;
+}
+
 struct testcase_t controller_tests[] = {
   { "add_onion_helper_keyarg", test_add_onion_helper_keyarg, 0, NULL, NULL },
   { "rend_service_parse_port_config", test_rend_service_parse_port_config, 0,
     NULL, NULL },
   { "add_onion_helper_clientauth", test_add_onion_helper_clientauth, 0, NULL,
     NULL },
+  { "download_status_consensus", test_download_status_consensus, 0, NULL,
+    NULL },
+  { "download_status_cert", test_download_status_cert, 0, NULL,
+    NULL },
+  { "download_status_desc", test_download_status_desc, 0, NULL, NULL },
+  { "download_status_bridge", test_download_status_bridge, 0, NULL, NULL },
   END_OF_TESTCASES
 };