| Index: components/certificate_transparency/single_tree_tracker_unittest.cc
|
| diff --git a/components/certificate_transparency/single_tree_tracker_unittest.cc b/components/certificate_transparency/single_tree_tracker_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..ff810a2bf859b218fe83f05bd0b821f98b6c7011
|
| --- /dev/null
|
| +++ b/components/certificate_transparency/single_tree_tracker_unittest.cc
|
| @@ -0,0 +1,139 @@
|
| +// Copyright 2016 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "components/certificate_transparency/single_tree_tracker.h"
|
| +
|
| +#include <string>
|
| +#include <utility>
|
| +
|
| +#include "base/strings/string_number_conversions.h"
|
| +#include "base/strings/string_piece.h"
|
| +#include "net/cert/ct_log_verifier.h"
|
| +#include "net/cert/ct_serialization.h"
|
| +#include "net/cert/signed_certificate_timestamp.h"
|
| +#include "net/cert/signed_tree_head.h"
|
| +#include "net/cert/x509_certificate.h"
|
| +#include "net/test/ct_test_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace certificate_transparency {
|
| +
|
| +namespace {
|
| +
|
| +const char kOldSTHSignatureData[] =
|
| + "0403004730450220157b2342a25f88c90b30a6b44950b3abf525fe27f03f9abfc1165a7ac"
|
| + "0622bbb022100e657a3fefc5a829b2946151dbcfd9e877fd0005d624f9a1a9f2079d0c134"
|
| + "2e08";
|
| +
|
| +size_t kOldSTHTreeSize = 12u;
|
| +int64_t kOldSTHTimestamp = INT64_C(1348589665525);
|
| +
|
| +const char kOldSTHRootHash[] =
|
| + "18041bd4665083001fba8c5411d2d748e8abbfdcdfd9218cb02b68a78e7d4c23";
|
| +
|
| +bool GetOldSignedTreeHead(net::ct::SignedTreeHead* sth) {
|
| + sth->version = net::ct::SignedTreeHead::V1;
|
| + sth->timestamp = base::Time::UnixEpoch() +
|
| + base::TimeDelta::FromMilliseconds(kOldSTHTimestamp);
|
| + sth->tree_size = kOldSTHTreeSize;
|
| +
|
| + std::vector<uint8_t> hex_output;
|
| + if (!base::HexStringToBytes(kOldSTHRootHash, &hex_output))
|
| + return false;
|
| +
|
| + std::string sha256_root_hash(hex_output.begin(), hex_output.end());
|
| + memcpy(sth->sha256_root_hash, sha256_root_hash.c_str(),
|
| + net::ct::kSthRootHashLength);
|
| + sth->log_id = net::ct::GetTestPublicKeyId();
|
| +
|
| + hex_output.clear();
|
| + if (!base::HexStringToBytes(kOldSTHSignatureData, &hex_output))
|
| + return false;
|
| + std::string tree_head_signature(hex_output.begin(), hex_output.end());
|
| + base::StringPiece sp(tree_head_signature);
|
| + return DecodeDigitallySigned(&sp, &(sth->signature)) && sp.empty();
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +class SingleTreeTrackerTest : public ::testing::Test {
|
| + void SetUp() override {
|
| + log_ = net::CTLogVerifier::Create(net::ct::GetTestPublicKey(), "testlog",
|
| + "https://ct.example.com");
|
| +
|
| + ASSERT_TRUE(log_);
|
| + ASSERT_EQ(log_->key_id(), net::ct::GetTestPublicKeyId());
|
| +
|
| + tree_tracker_.reset(new SingleTreeTracker(log_));
|
| + std::string der_test_cert(net::ct::GetDerEncodedX509Cert());
|
| + chain_ = net::X509Certificate::CreateFromBytes(der_test_cert.data(),
|
| + der_test_cert.length());
|
| + ASSERT_TRUE(chain_.get());
|
| + net::ct::GetX509CertSCT(&cert_sct_);
|
| + }
|
| +
|
| + protected:
|
| + scoped_refptr<const net::CTLogVerifier> log_;
|
| + scoped_ptr<SingleTreeTracker> tree_tracker_;
|
| + scoped_refptr<net::X509Certificate> chain_;
|
| + scoped_refptr<net::ct::SignedCertificateTimestamp> cert_sct_;
|
| +};
|
| +
|
| +TEST_F(SingleTreeTrackerTest, TestCorrectlyClassifiesUnobservedSCTNoSTH) {
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_NOT_OBSERVED,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| + tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());
|
| +
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_PENDING_NEWER_STH,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +}
|
| +
|
| +TEST_F(SingleTreeTrackerTest,
|
| + TestCorrectlyClassifiesUnobservedSCTWithRecentSTH) {
|
| + net::ct::SignedTreeHead sth;
|
| + net::ct::GetSampleSignedTreeHead(&sth);
|
| + tree_tracker_->NewSTHObserved(sth);
|
| +
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_NOT_OBSERVED,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +
|
| + tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());
|
| +
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +}
|
| +
|
| +TEST_F(SingleTreeTrackerTest, TestCorrectlyUpdatesSCTStatusOnNewSTH) {
|
| + tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_PENDING_NEWER_STH,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +
|
| + net::ct::SignedTreeHead sth;
|
| + net::ct::GetSampleSignedTreeHead(&sth);
|
| + tree_tracker_->NewSTHObserved(sth);
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +}
|
| +
|
| +TEST_F(SingleTreeTrackerTest, TestDoesNotUpdatesSCTStatusOnOldSTH) {
|
| + tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_PENDING_NEWER_STH,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +
|
| + net::ct::SignedTreeHead sth;
|
| + GetOldSignedTreeHead(&sth);
|
| + tree_tracker_->NewSTHObserved(sth);
|
| + EXPECT_EQ(
|
| + SingleTreeTracker::SCT_PENDING_NEWER_STH,
|
| + tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +}
|
| +
|
| +} // namespace certificate_transparency
|
|
|
Chromium Code Reviews
Issue 1845113003:
Certificate Transparency: Start tracking logs' state (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master