components/certificate_transparency/single_tree_tracker_unittest.cc - Issue 1845113003: Certificate Transparency: Start tracking logs' state

Side by Side Diff: components/certificate_transparency/single_tree_tracker_unittest.cc

Issue 1845113003: Certificate Transparency: Start tracking logs' state (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressing review comments Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« components/certificate_transparency/single_tree_tracker.cc ('K') | « components/certificate_transparency/single_tree_tracker.cc ('k') | components/certificate_transparency/tree_state_tracker.h » ('j') | components/certificate_transparency/tree_state_tracker.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "components/certificate_transparency/single_tree_tracker.h"

	6

	7 #include <string>

	8 #include <utility>

	9

	10 #include "base/strings/string_number_conversions.h"

	11 #include "base/strings/string_piece.h"

	12 #include "net/cert/ct_log_verifier.h"

	13 #include "net/cert/ct_serialization.h"

	14 #include "net/cert/signed_certificate_timestamp.h"

	15 #include "net/cert/signed_tree_head.h"

	16 #include "net/cert/x509_certificate.h"

	17 #include "net/test/ct_test_util.h"

	18 #include "testing/gtest/include/gtest/gtest.h"

	19

	20 namespace certificate_transparency {

	21

	22 namespace {

	23

	24 const char kOldSTHSignatureData[] =

	25 "0403004730450220157b2342a25f88c90b30a6b44950b3abf525fe27f03f9abfc1165a7ac"

	26 "0622bbb022100e657a3fefc5a829b2946151dbcfd9e877fd0005d624f9a1a9f2079d0c134"

	27 "2e08";

	28

	29 size_t kOldSTHTreeSize = 12u;
	Sorin Jianu 2016/05/11 17:03:39 const? const? Eran Messeri 2016/05/12 17:04:49 Done. Show quoted text On 2016/05/11 17:03:39, Sorin Jianu wrote: > const? Done.
	30 int64_t kOldSTHTimestamp = INT64_C(1348589665525);

	31

	32 const char kOldSTHRootHash[] =

	33 "18041bd4665083001fba8c5411d2d748e8abbfdcdfd9218cb02b68a78e7d4c23";

	34

	35 bool GetOldSignedTreeHead(net::ct::SignedTreeHead* sth) {

	36 sth->version = net::ct::SignedTreeHead::V1;

	37 sth->timestamp = base::Time::UnixEpoch() +

	38 base::TimeDelta::FromMilliseconds(kOldSTHTimestamp);

	39 sth->tree_size = kOldSTHTreeSize;

	40

	41 std::vector<uint8_t> hex_output;

	42 if (!base::HexStringToBytes(kOldSTHRootHash, &hex_output))

	43 return false;

	44

	45 std::string sha256_root_hash(hex_output.begin(), hex_output.end());
	Sorin Jianu 2016/05/11 17:03:39 const? const? Eran Messeri 2016/05/12 17:04:49 Done. Show quoted text On 2016/05/11 17:03:39, Sorin Jianu wrote: > const? Done.
	46 memcpy(sth->sha256_root_hash, sha256_root_hash.c_str(),

	47 net::ct::kSthRootHashLength);

	48 sth->log_id = net::ct::GetTestPublicKeyId();

	49

	50 hex_output.clear();

	51 if (!base::HexStringToBytes(kOldSTHSignatureData, &hex_output))

	52 return false;

	53 std::string tree_head_signature(hex_output.begin(), hex_output.end());
	Sorin Jianu 2016/05/11 17:03:39 const? const? Eran Messeri 2016/05/12 17:04:49 Done. Show quoted text On 2016/05/11 17:03:39, Sorin Jianu wrote: > const? Done.
	54 base::StringPiece sp(tree_head_signature);

	55 return DecodeDigitallySigned(&sp, &(sth->signature)) && sp.empty();
	Sorin Jianu 2016/05/11 17:03:39 Is && sp.empty() correct? Not sure what the logic Is && sp.empty() correct? Not sure what the logic is here, just asking to double check. Eran Messeri 2016/05/12 17:04:49 Yes - DecodeDigitallySigned modifies the StringPie Show quoted text On 2016/05/11 17:03:39, Sorin Jianu wrote: > Is && sp.empty() correct? Not sure what the logic is here, just asking to double > check. Yes - DecodeDigitallySigned modifies the StringPiece, so not only should it succeed, but there should be no bytes left over in the StringPiece afterwards.
	56 }

	57

	58 } // namespace

	59

	60 class SingleTreeTrackerTest : public ::testing::Test {

	61 void SetUp() override {

	62 log_ = net::CTLogVerifier::Create(net::ct::GetTestPublicKey(), "testlog",

	63 "https://ct.example.com");

	64

	65 ASSERT_TRUE(log_);

	66 ASSERT_EQ(log_->key_id(), net::ct::GetTestPublicKeyId());

	67

	68 tree_tracker_.reset(new SingleTreeTracker(log_));

	69 std::string der_test_cert(net::ct::GetDerEncodedX509Cert());
	Sorin Jianu 2016/05/11 17:03:39 const? const? Eran Messeri 2016/05/12 17:04:49 Done. Show quoted text On 2016/05/11 17:03:39, Sorin Jianu wrote: > const? Done.
	70 chain_ = net::X509Certificate::CreateFromBytes(der_test_cert.data(),

	71 der_test_cert.length());

	72 ASSERT_TRUE(chain_.get());

	73 net::ct::GetX509CertSCT(&cert_sct_);

	74 }

	75

	76 protected:

	77 scoped_refptr<const net::CTLogVerifier> log_;

	78 std::unique_ptr<SingleTreeTracker> tree_tracker_;

	79 scoped_refptr<net::X509Certificate> chain_;

	80 scoped_refptr<net::ct::SignedCertificateTimestamp> cert_sct_;

	81 };

	82

	83 TEST_F(SingleTreeTrackerTest, TestCorrectlyClassifiesUnobservedSCTNoSTH) {

	84 EXPECT_EQ(

	85 SingleTreeTracker::SCT_NOT_OBSERVED,

	86 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	87 tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());

	88

	89 EXPECT_EQ(

	90 SingleTreeTracker::SCT_PENDING_NEWER_STH,

	91 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	92 }

	93

	94 TEST_F(SingleTreeTrackerTest,

	95 TestCorrectlyClassifiesUnobservedSCTWithRecentSTH) {

	96 net::ct::SignedTreeHead sth;

	97 net::ct::GetSampleSignedTreeHead(&sth);

	98 tree_tracker_->NewSTHObserved(sth);

	99

	100 EXPECT_EQ(

	101 SingleTreeTracker::SCT_NOT_OBSERVED,

	102 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	103

	104 tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());

	105

	106 EXPECT_EQ(

	107 SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK,

	108 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	109 }

	110

	111 TEST_F(SingleTreeTrackerTest, TestCorrectlyUpdatesSCTStatusOnNewSTH) {

	112 tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());

	113 EXPECT_EQ(

	114 SingleTreeTracker::SCT_PENDING_NEWER_STH,

	115 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	116

	117 net::ct::SignedTreeHead sth;

	118 net::ct::GetSampleSignedTreeHead(&sth);

	119 tree_tracker_->NewSTHObserved(sth);

	120 EXPECT_EQ(

	121 SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK,

	122 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	123 }

	124

	125 TEST_F(SingleTreeTrackerTest, TestDoesNotUpdatesSCTStatusOnOldSTH) {

	126 tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());

	127 EXPECT_EQ(

	128 SingleTreeTracker::SCT_PENDING_NEWER_STH,

	129 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	130

	131 net::ct::SignedTreeHead sth;

	132 GetOldSignedTreeHead(&sth);

	133 tree_tracker_->NewSTHObserved(sth);

	134 EXPECT_EQ(

	135 SingleTreeTracker::SCT_PENDING_NEWER_STH,

	136 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));

	137 }

	138

	139 } // namespace certificate_transparency

OLD	NEW