| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/cert/internal/parse_ocsp.h" |
| 6 |
| 7 #include "base/files/file_path.h" |
| 8 #include "base/logging.h" |
| 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/cert/internal/test_helpers.h" |
| 11 #include "net/cert/x509_certificate.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" |
| 13 |
| 14 namespace net { |
| 15 |
| 16 namespace { |
| 17 |
| 18 std::string GetFilePath(const std::string& file_name) { |
| 19 return std::string("net/data/parse_ocsp_unittest/") + file_name; |
| 20 } |
| 21 |
| 22 void ReadOCSPFromFile(const std::string& file_name, |
| 23 std::string* ocsp_data, |
| 24 std::string* ca_data, |
| 25 std::string* cert_data) { |
| 26 const PemBlockMapping mappings[] = { |
| 27 {"OCSP RESPONSE", ocsp_data}, |
| 28 {"CA CERTIFICATE", ca_data}, |
| 29 {"CERTIFICATE", cert_data}, |
| 30 }; |
| 31 |
| 32 ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings)); |
| 33 } |
| 34 |
| 35 enum OCSPFailure { |
| 36 PARSE_CERT, |
| 37 PARSE_OCSP, |
| 38 OCSP_NOT_SUCCESSFUL, |
| 39 PARSE_OCSP_DATA, |
| 40 PARSE_OCSP_SINGLE_RESPONSE, |
| 41 VERIFY_OCSP, |
| 42 OCSP_SUCCESS, |
| 43 OCSP_SUCCESS_REVOKED, |
| 44 OCSP_SUCCESS_UNKNOWN, |
| 45 }; |
| 46 |
| 47 OCSPFailure ParseOCSP(const std::string& file_name) { |
| 48 std::string ocsp_data; |
| 49 std::string ca_data; |
| 50 std::string cert_data; |
| 51 ReadOCSPFromFile(file_name, &ocsp_data, &ca_data, &cert_data); |
| 52 der::Input ocsp_input(&ocsp_data); |
| 53 der::Input ca_input(&ca_data); |
| 54 der::Input cert_input(&cert_data); |
| 55 |
| 56 ParsedCertificate issuer; |
| 57 ParsedCertificate cert; |
| 58 if (!ParseCertificate(ca_input, &issuer)) |
| 59 return PARSE_CERT; |
| 60 if (!ParseCertificate(cert_input, &cert)) |
| 61 return PARSE_CERT; |
| 62 OCSPResponse parsed_ocsp; |
| 63 OCSPResponseData parsed_ocsp_data; |
| 64 if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp)) |
| 65 return PARSE_OCSP; |
| 66 if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL) |
| 67 return OCSP_NOT_SUCCESSFUL; |
| 68 if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) |
| 69 return PARSE_OCSP_DATA; |
| 70 if (!VerifyOCSPResponse(parsed_ocsp, issuer)) |
| 71 return VERIFY_OCSP; |
| 72 |
| 73 OCSPCertStatus status; |
| 74 |
| 75 if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status)) |
| 76 return PARSE_OCSP_SINGLE_RESPONSE; |
| 77 |
| 78 switch (status.status) { |
| 79 case OCSPCertStatus::Status::GOOD: |
| 80 return OCSP_SUCCESS; |
| 81 case OCSPCertStatus::Status::REVOKED: |
| 82 return OCSP_SUCCESS_REVOKED; |
| 83 case OCSPCertStatus::Status::UNKNOWN: |
| 84 return OCSP_SUCCESS_UNKNOWN; |
| 85 } |
| 86 } |
| 87 |
| 88 } // namespace |
| 89 |
| 90 TEST(ParseOCSPTest, OCSPGoodResponse) { |
| 91 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response.pem")); |
| 92 } |
| 93 |
| 94 TEST(ParseOCSPTest, OCSPNoResponse) { |
| 95 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("no_response.pem")); |
| 96 } |
| 97 |
| 98 TEST(ParseOCSPTest, OCSPMalformedStatus) { |
| 99 ASSERT_EQ(OCSP_NOT_SUCCESSFUL, ParseOCSP("malformed_status.pem")); |
| 100 } |
| 101 |
| 102 TEST(ParseOCSPTest, OCSPBadStatus) { |
| 103 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); |
| 104 } |
| 105 |
| 106 TEST(ParseOCSPTest, OCSPInvalidOCSPOid) { |
| 107 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); |
| 108 } |
| 109 |
| 110 TEST(ParseOCSPTest, OCSPBadSignature) { |
| 111 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("bad_signature.pem")); |
| 112 } |
| 113 |
| 114 TEST(ParseOCSPTest, OCSPDirectSignature) { |
| 115 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); |
| 116 } |
| 117 |
| 118 TEST(ParseOCSPTest, OCSPIndirectSignature) { |
| 119 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); |
| 120 } |
| 121 |
| 122 TEST(ParseOCSPTest, OCSPMissingIndirectSignature) { |
| 123 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_indirect_missing.pem")); |
| 124 } |
| 125 |
| 126 TEST(ParseOCSPTest, OCSPInvalidSignature) { |
| 127 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_bad_indirect.pem")); |
| 128 } |
| 129 |
| 130 TEST(ParseOCSPTest, OCSPExtraCerts) { |
| 131 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); |
| 132 } |
| 133 |
| 134 TEST(ParseOCSPTest, OCSPIncludesVersion) { |
| 135 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); |
| 136 } |
| 137 |
| 138 TEST(ParseOCSPTest, OCSPResponderName) { |
| 139 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_name.pem")); |
| 140 } |
| 141 |
| 142 TEST(ParseOCSPTest, OCSPResponderKeyHash) { |
| 143 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_id.pem")); |
| 144 } |
| 145 |
| 146 TEST(ParseOCSPTest, OCSPOCSPExtension) { |
| 147 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_extension.pem")); |
| 148 } |
| 149 |
| 150 TEST(ParseOCSPTest, OCSPIncludeNextUpdate) { |
| 151 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response_next_update.pem")); |
| 152 } |
| 153 |
| 154 TEST(ParseOCSPTest, OCSPRevokedResponse) { |
| 155 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response.pem")); |
| 156 } |
| 157 |
| 158 TEST(ParseOCSPTest, OCSPRevokedResponseWithReason) { |
| 159 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response_reason.pem")); |
| 160 } |
| 161 |
| 162 TEST(ParseOCSPTest, OCSPUnknownCertStatus) { |
| 163 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("unknown_response.pem")); |
| 164 } |
| 165 |
| 166 TEST(ParseOCSPTest, OCSPMultipleCertStatus) { |
| 167 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("multiple_response.pem")); |
| 168 } |
| 169 |
| 170 TEST(ParseOCSPTest, OCSPWrongCertResponse) { |
| 171 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("other_response.pem")); |
| 172 } |
| 173 |
| 174 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { |
| 175 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); |
| 176 } |
| 177 |
| 178 TEST(ParseOCSPTest, OCSPMissingResponse) { |
| 179 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("missing_response.pem")); |
| 180 } |
| 181 |
| 182 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1541213002:
Adding OCSP Parser (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master