| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/parse_ocsp.h" | 5 #include "net/cert/internal/parse_ocsp.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/cert/internal/test_helpers.h" | 10 #include "net/cert/internal/test_helpers.h" |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 if (!ParseCertificate(cert_input, &cert)) | 55 if (!ParseCertificate(cert_input, &cert)) |
| 56 return PARSE_CERT; | 56 return PARSE_CERT; |
| 57 OCSPResponse parsed_ocsp; | 57 OCSPResponse parsed_ocsp; |
| 58 OCSPResponseData parsed_ocsp_data; | 58 OCSPResponseData parsed_ocsp_data; |
| 59 if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp)) | 59 if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp)) |
| 60 return PARSE_OCSP; | 60 return PARSE_OCSP; |
| 61 if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL) | 61 if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL) |
| 62 return OCSP_NOT_SUCCESSFUL; | 62 return OCSP_NOT_SUCCESSFUL; |
| 63 if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) | 63 if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) |
| 64 return PARSE_OCSP_DATA; | 64 return PARSE_OCSP_DATA; |
| 65 if (!VerifyOCSPResponse(parsed_ocsp, issuer)) |
| 66 return VERIFY_OCSP; |
| 65 | 67 |
| 66 OCSPCertStatus status; | 68 OCSPCertStatus status; |
| 67 | 69 |
| 68 if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status)) | 70 if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status)) |
| 69 return PARSE_OCSP_SINGLE_RESPONSE; | 71 return PARSE_OCSP_SINGLE_RESPONSE; |
| 70 | 72 |
| 71 switch (status.status) { | 73 switch (status.status) { |
| 72 case OCSPCertStatus::Status::GOOD: | 74 case OCSPCertStatus::Status::GOOD: |
| 73 return OCSP_SUCCESS; | 75 return OCSP_SUCCESS; |
| 74 case OCSPCertStatus::Status::REVOKED: | 76 case OCSPCertStatus::Status::REVOKED: |
| (...skipping 21 matching lines...) Expand all Loading... |
| 96 | 98 |
| 97 TEST(ParseOCSPTest, OCSPBadStatus) { | 99 TEST(ParseOCSPTest, OCSPBadStatus) { |
| 98 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); | 100 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); |
| 99 } | 101 } |
| 100 | 102 |
| 101 TEST(ParseOCSPTest, OCSPInvalidOCSPOid) { | 103 TEST(ParseOCSPTest, OCSPInvalidOCSPOid) { |
| 102 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); | 104 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); |
| 103 } | 105 } |
| 104 | 106 |
| 105 TEST(ParseOCSPTest, OCSPBadSignature) { | 107 TEST(ParseOCSPTest, OCSPBadSignature) { |
| 106 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("bad_signature.pem")); | 108 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("bad_signature.pem")); |
| 107 } | 109 } |
| 108 | 110 |
| 109 TEST(ParseOCSPTest, OCSPDirectSignature) { | 111 TEST(ParseOCSPTest, OCSPDirectSignature) { |
| 110 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); | 112 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); |
| 111 } | 113 } |
| 112 | 114 |
| 113 TEST(ParseOCSPTest, OCSPIndirectSignature) { | 115 TEST(ParseOCSPTest, OCSPIndirectSignature) { |
| 114 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); | 116 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); |
| 115 } | 117 } |
| 116 | 118 |
| 117 TEST(ParseOCSPTest, OCSPMissingIndirectSignature) { | 119 TEST(ParseOCSPTest, OCSPMissingIndirectSignature) { |
| 118 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect_missing.pem")); | 120 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_indirect_missing.pem")); |
| 119 } | 121 } |
| 120 | 122 |
| 121 TEST(ParseOCSPTest, OCSPInvalidSignature) { | 123 TEST(ParseOCSPTest, OCSPInvalidSignature) { |
| 122 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_bad_indirect.pem")); | 124 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_bad_indirect.pem")); |
| 123 } | 125 } |
| 124 | 126 |
| 125 TEST(ParseOCSPTest, OCSPExtraCerts) { | 127 TEST(ParseOCSPTest, OCSPExtraCerts) { |
| 126 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); | 128 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); |
| 127 } | 129 } |
| 128 | 130 |
| 129 TEST(ParseOCSPTest, OCSPIncludesVersion) { | 131 TEST(ParseOCSPTest, OCSPIncludesVersion) { |
| 130 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); | 132 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); |
| 131 } | 133 } |
| 132 | 134 |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 168 | 170 |
| 169 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { | 171 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { |
| 170 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); | 172 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); |
| 171 } | 173 } |
| 172 | 174 |
| 173 TEST(ParseOCSPTest, OCSPMissingResponse) { | 175 TEST(ParseOCSPTest, OCSPMissingResponse) { |
| 174 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); | 176 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); |
| 175 } | 177 } |
| 176 | 178 |
| 177 } // namespace net | 179 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1849773002:
Adding OCSP Verification
Base URL: https://chromium.googlesource.com/chromium/src.git@master