| Index: net/cert/multi_log_ct_verifier_unittest.cc
|
| diff --git a/net/cert/multi_log_ct_verifier_unittest.cc b/net/cert/multi_log_ct_verifier_unittest.cc
|
| index e9505d73c057c1fa2e369f53d232e458a1bfa614..d5d609a8ec4d204b26585ba7603e604b8a0cfc03 100644
|
| --- a/net/cert/multi_log_ct_verifier_unittest.cc
|
| +++ b/net/cert/multi_log_ct_verifier_unittest.cc
|
| @@ -70,6 +70,20 @@
|
| ASSERT_TRUE(embedded_sct_chain_.get());
|
| }
|
|
|
| + bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result) {
|
| + return (result.verified_scts.size() == 1U) &&
|
| + result.invalid_scts.empty() &&
|
| + result.unknown_logs_scts.empty() &&
|
| + result.verified_scts[0]->log_description == kLogDescription;
|
| + }
|
| +
|
| + bool CheckForSCTOrigin(
|
| + const ct::CTVerifyResult& result,
|
| + ct::SignedCertificateTimestamp::Origin origin) {
|
| + return (result.verified_scts.size() > 0) &&
|
| + (result.verified_scts[0]->origin == origin);
|
| + }
|
| +
|
| bool CheckForEmbeddedSCTInNetLog(TestNetLog& net_log) {
|
| TestNetLogEntry::List entries;
|
| net_log.GetEntries(&entries);
|
| @@ -112,6 +126,18 @@
|
| }
|
|
|
| return true;
|
| + }
|
| +
|
| + std::string GetSCTListWithInvalidSCT() {
|
| + std::string sct(ct::GetTestSignedCertificateTimestamp());
|
| +
|
| + // Change a byte inside the Log ID part of the SCT so it does
|
| + // not match the log used in the tests
|
| + sct[15] = 't';
|
| +
|
| + std::string sct_list;
|
| + ct::EncodeSCTListForTesting(sct, &sct_list);
|
| + return sct_list;
|
| }
|
|
|
| bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain,
|
| @@ -143,9 +169,9 @@
|
| BoundNetLog bound_net_log =
|
| BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB);
|
| return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) &&
|
| - ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) &&
|
| - ct::CheckForSCTOrigin(
|
| - result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) &&
|
| + CheckForSingleVerifiedSCTInResult(result) &&
|
| + CheckForSCTOrigin(result,
|
| + ct::SignedCertificateTimestamp::SCT_EMBEDDED) &&
|
| CheckForEmbeddedSCTInNetLog(net_log));
|
| }
|
|
|
| @@ -215,20 +241,25 @@
|
| ASSERT_TRUE(CheckPrecertificateVerification(chain));
|
| }
|
|
|
| -TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) {
|
| - std::string sct_list = ct::GetSCTListForTesting();
|
| +TEST_F(MultiLogCTVerifierTest,
|
| + VerifiesSCTOverX509Cert) {
|
| + std::string sct(ct::GetTestSignedCertificateTimestamp());
|
| +
|
| + std::string sct_list;
|
| + ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
|
|
|
| ct::CTVerifyResult result;
|
| EXPECT_EQ(OK,
|
| verifier_->Verify(
|
| chain_.get(), std::string(), sct_list, &result, BoundNetLog()));
|
| - ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription));
|
| - ASSERT_TRUE(ct::CheckForSCTOrigin(
|
| + ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));
|
| + ASSERT_TRUE(CheckForSCTOrigin(
|
| result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));
|
| }
|
|
|
| -TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) {
|
| - std::string sct_list = ct::GetSCTListWithInvalidSCT();
|
| +TEST_F(MultiLogCTVerifierTest,
|
| + IdentifiesSCTFromUnknownLog) {
|
| + std::string sct_list = GetSCTListWithInvalidSCT();
|
| ct::CTVerifyResult result;
|
|
|
| EXPECT_NE(OK,
|
| @@ -247,7 +278,7 @@
|
| }
|
|
|
| TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) {
|
| - std::string sct_list = ct::GetSCTListWithInvalidSCT();
|
| + std::string sct_list = GetSCTListWithInvalidSCT();
|
| ct::CTVerifyResult result;
|
| int num_valid_scts = NumValidSCTsInStatusHistogram();
|
| int num_invalid_scts = GetValueFromHistogram(
|
|
|
Chromium Code Reviews
Issue 1517593002:
Revert of CT Verify test utilities change - Moved the following common functions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master