Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(818)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/multi_log_ct_verifier_unittest.cc

Issue 108113006: Revert of Extract Certificate Transparency SCTs from stapled OCSP responses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/multi_log_ct_verifier.cc ('k') | net/socket/ssl_client_socket.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/multi_log_ct_verifier.h" 5 #include "net/cert/multi_log_ct_verifier.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/file_util.h" 9 #include "base/file_util.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 //a string, add more checks here. 76 //a string, add more checks here.
77 77
78 return true; 78 return true;
79 } 79 }
80 80
81 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { 81 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) {
82 ct::CTVerifyResult result; 82 ct::CTVerifyResult result;
83 CapturingNetLog net_log; 83 CapturingNetLog net_log;
84 BoundNetLog bound_net_log = 84 BoundNetLog bound_net_log =
85 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); 85 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB);
86 return (verifier_->Verify(chain, std::string(), std::string(), &result, 86 return (verifier_->Verify(chain, "", "", &result, bound_net_log) == OK) &&
87 bound_net_log) == OK) &&
88 CheckForSingleVerifiedSCTInResult(result) && 87 CheckForSingleVerifiedSCTInResult(result) &&
89 CheckForSCTOrigin( 88 CheckForSCTOrigin(
90 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && 89 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) &&
91 CheckForEmbeddedSCTInNetLog(net_log); 90 CheckForEmbeddedSCTInNetLog(net_log);
92 } 91 }
93 92
94 protected: 93 protected:
95 scoped_ptr<MultiLogCTVerifier> verifier_; 94 scoped_ptr<MultiLogCTVerifier> verifier_;
96 scoped_refptr<X509Certificate> chain_; 95 scoped_refptr<X509Certificate> chain_;
97 }; 96 };
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 134
136 TEST_F(MultiLogCTVerifierTest, 135 TEST_F(MultiLogCTVerifierTest,
137 VerifiesSCTOverX509Cert) { 136 VerifiesSCTOverX509Cert) {
138 std::string sct(ct::GetTestSignedCertificateTimestamp()); 137 std::string sct(ct::GetTestSignedCertificateTimestamp());
139 138
140 std::string sct_list; 139 std::string sct_list;
141 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); 140 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
142 141
143 ct::CTVerifyResult result; 142 ct::CTVerifyResult result;
144 EXPECT_EQ(OK, 143 EXPECT_EQ(OK,
145 verifier_->Verify(chain_, std::string(), sct_list, &result, 144 verifier_->Verify(chain_, "", sct_list, &result, BoundNetLog()));
146 BoundNetLog()));
147 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result)); 145 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));
148 ASSERT_TRUE(CheckForSCTOrigin( 146 ASSERT_TRUE(CheckForSCTOrigin(
149 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); 147 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));
150 } 148 }
151 149
152 TEST_F(MultiLogCTVerifierTest, 150 TEST_F(MultiLogCTVerifierTest,
153 IdentifiesSCTFromUnknownLog) { 151 IdentifiesSCTFromUnknownLog) {
154 std::string sct(ct::GetTestSignedCertificateTimestamp()); 152 std::string sct(ct::GetTestSignedCertificateTimestamp());
155 153
156 // Change a byte inside the Log ID part of the SCT so it does 154 // Change a byte inside the Log ID part of the SCT so it does
157 // not match the log used in the tests 155 // not match the log used in the tests
158 sct[15] = 't'; 156 sct[15] = 't';
159 157
160 std::string sct_list; 158 std::string sct_list;
161 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); 159 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
162 160
163 ct::CTVerifyResult result; 161 ct::CTVerifyResult result;
164 EXPECT_NE(OK, 162 EXPECT_NE(OK,
165 verifier_->Verify(chain_, std::string(), sct_list, &result, 163 verifier_->Verify(chain_, sct_list, "", &result, BoundNetLog()));
166 BoundNetLog()));
167 EXPECT_EQ(1U, result.unknown_logs_scts.size()); 164 EXPECT_EQ(1U, result.unknown_logs_scts.size());
168 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description); 165 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description);
169 } 166 }
170 167
171 } // namespace 168 } // namespace
172 169
173 } // namespace net 170 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/multi_log_ct_verifier.cc ('k') | net/socket/ssl_client_socket.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698