OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/parse_ocsp.h" | 5 #include "net/cert/internal/ocsp.h" |
6 | 6 |
7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
10 #include "net/cert/internal/test_helpers.h" | 10 #include "net/cert/internal/test_helpers.h" |
11 #include "net/cert/x509_certificate.h" | 11 #include "net/cert/x509_certificate.h" |
12 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
13 | 13 |
14 namespace net { | 14 namespace net { |
15 | 15 |
16 namespace { | 16 namespace { |
17 | 17 |
18 std::string GetFilePath(const std::string& file_name) { | 18 std::string GetFilePath(const std::string& file_name) { |
19 return std::string("net/data/parse_ocsp_unittest/") + file_name; | 19 return std::string("net/data/ocsp_unittest/") + file_name; |
20 } | 20 } |
21 | 21 |
22 enum OCSPFailure { | 22 enum OCSPFailure { |
23 OCSP_SUCCESS, | 23 OCSP_SUCCESS, |
24 PARSE_CERT, | 24 PARSE_CERT, |
25 PARSE_OCSP, | 25 PARSE_OCSP, |
26 OCSP_NOT_SUCCESSFUL, | 26 OCSP_NOT_SUCCESSFUL, |
27 PARSE_OCSP_DATA, | 27 PARSE_OCSP_DATA, |
28 PARSE_OCSP_SINGLE_RESPONSE, | 28 PARSE_OCSP_SINGLE_RESPONSE, |
29 VERIFY_OCSP, | 29 VERIFY_OCSP, |
30 OCSP_SUCCESS_REVOKED, | 30 OCSP_SUCCESS_REVOKED, |
31 OCSP_SUCCESS_UNKNOWN, | 31 OCSP_SUCCESS_UNKNOWN, |
32 }; | 32 }; |
33 | 33 |
34 OCSPFailure ParseOCSP(const std::string& file_name) { | 34 OCSPFailure ParseOCSP(const std::string& file_name) { |
eroman
2016/05/31 19:12:47
Please rename this as well, to reflect the other c
| |
35 std::string ocsp_data; | 35 std::string ocsp_data; |
36 std::string ca_data; | 36 std::string ca_data; |
37 std::string cert_data; | 37 std::string cert_data; |
38 const PemBlockMapping mappings[] = { | 38 const PemBlockMapping mappings[] = { |
39 {"OCSP RESPONSE", &ocsp_data}, | 39 {"OCSP RESPONSE", &ocsp_data}, |
40 {"CA CERTIFICATE", &ca_data}, | 40 {"CA CERTIFICATE", &ca_data}, |
41 {"CERTIFICATE", &cert_data}, | 41 {"CERTIFICATE", &cert_data}, |
42 }; | 42 }; |
43 | 43 |
44 if (!ReadTestDataFromPemFile(GetFilePath(file_name), mappings)) | 44 if (!ReadTestDataFromPemFile(GetFilePath(file_name), mappings)) |
(...skipping 10 matching lines...) Expand all Loading... | |
55 if (!ParseCertificate(cert_input, &cert)) | 55 if (!ParseCertificate(cert_input, &cert)) |
56 return PARSE_CERT; | 56 return PARSE_CERT; |
57 OCSPResponse parsed_ocsp; | 57 OCSPResponse parsed_ocsp; |
58 OCSPResponseData parsed_ocsp_data; | 58 OCSPResponseData parsed_ocsp_data; |
59 if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp)) | 59 if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp)) |
60 return PARSE_OCSP; | 60 return PARSE_OCSP; |
61 if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL) | 61 if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL) |
62 return OCSP_NOT_SUCCESSFUL; | 62 return OCSP_NOT_SUCCESSFUL; |
63 if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) | 63 if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) |
64 return PARSE_OCSP_DATA; | 64 return PARSE_OCSP_DATA; |
65 const SimpleSignaturePolicy policy(1024); | |
eroman
2016/05/31 19:12:47
Do we need to allow 1024-bit RSA keys in these tes
| |
66 if (!VerifyOCSPResponse(parsed_ocsp, issuer, policy)) | |
67 return VERIFY_OCSP; | |
65 | 68 |
66 OCSPCertStatus status; | 69 OCSPCertStatus status; |
67 | 70 |
68 if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status)) | 71 if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status)) |
69 return PARSE_OCSP_SINGLE_RESPONSE; | 72 return PARSE_OCSP_SINGLE_RESPONSE; |
70 | 73 |
71 switch (status.status) { | 74 switch (status.status) { |
72 case OCSPCertStatus::Status::GOOD: | 75 case OCSPCertStatus::Status::GOOD: |
73 return OCSP_SUCCESS; | 76 return OCSP_SUCCESS; |
74 case OCSPCertStatus::Status::REVOKED: | 77 case OCSPCertStatus::Status::REVOKED: |
75 return OCSP_SUCCESS_REVOKED; | 78 return OCSP_SUCCESS_REVOKED; |
76 case OCSPCertStatus::Status::UNKNOWN: | 79 case OCSPCertStatus::Status::UNKNOWN: |
77 return OCSP_SUCCESS_UNKNOWN; | 80 return OCSP_SUCCESS_UNKNOWN; |
78 } | 81 } |
79 | 82 |
80 return OCSP_SUCCESS_UNKNOWN; | 83 return OCSP_SUCCESS_UNKNOWN; |
81 } | 84 } |
82 | 85 |
83 } // namespace | 86 } // namespace |
84 | 87 |
85 TEST(ParseOCSPTest, OCSPGoodResponse) { | 88 TEST(OCSPTest, OCSPGoodResponse) { |
86 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response.pem")); | 89 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response.pem")); |
87 } | 90 } |
88 | 91 |
89 TEST(ParseOCSPTest, OCSPNoResponse) { | 92 TEST(OCSPTest, OCSPNoResponse) { |
90 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("no_response.pem")); | 93 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("no_response.pem")); |
91 } | 94 } |
92 | 95 |
93 TEST(ParseOCSPTest, OCSPMalformedStatus) { | 96 TEST(OCSPTest, OCSPMalformedStatus) { |
94 ASSERT_EQ(OCSP_NOT_SUCCESSFUL, ParseOCSP("malformed_status.pem")); | 97 ASSERT_EQ(OCSP_NOT_SUCCESSFUL, ParseOCSP("malformed_status.pem")); |
95 } | 98 } |
96 | 99 |
97 TEST(ParseOCSPTest, OCSPBadStatus) { | 100 TEST(OCSPTest, OCSPBadStatus) { |
98 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); | 101 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); |
99 } | 102 } |
100 | 103 |
101 TEST(ParseOCSPTest, OCSPInvalidOCSPOid) { | 104 TEST(OCSPTest, OCSPInvalidOCSPOid) { |
102 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); | 105 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); |
103 } | 106 } |
104 | 107 |
105 TEST(ParseOCSPTest, OCSPBadSignature) { | 108 TEST(OCSPTest, OCSPBadSignature) { |
106 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("bad_signature.pem")); | 109 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("bad_signature.pem")); |
107 } | 110 } |
108 | 111 |
109 TEST(ParseOCSPTest, OCSPDirectSignature) { | 112 TEST(OCSPTest, OCSPDirectSignature) { |
110 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); | 113 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); |
111 } | 114 } |
112 | 115 |
113 TEST(ParseOCSPTest, OCSPIndirectSignature) { | 116 TEST(OCSPTest, OCSPIndirectSignature) { |
114 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); | 117 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); |
115 } | 118 } |
116 | 119 |
117 TEST(ParseOCSPTest, OCSPMissingIndirectSignature) { | 120 TEST(OCSPTest, OCSPMissingIndirectSignature) { |
118 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect_missing.pem")); | 121 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_indirect_missing.pem")); |
119 } | 122 } |
120 | 123 |
121 TEST(ParseOCSPTest, OCSPInvalidSignature) { | 124 TEST(OCSPTest, OCSPInvalidSignature) { |
122 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_bad_indirect.pem")); | 125 ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_bad_indirect.pem")); |
123 } | 126 } |
124 | 127 |
125 TEST(ParseOCSPTest, OCSPExtraCerts) { | 128 TEST(OCSPTest, OCSPExtraCerts) { |
126 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); | 129 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); |
127 } | 130 } |
128 | 131 |
129 TEST(ParseOCSPTest, OCSPIncludesVersion) { | 132 TEST(OCSPTest, OCSPIncludesVersion) { |
130 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); | 133 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); |
131 } | 134 } |
132 | 135 |
133 TEST(ParseOCSPTest, OCSPResponderName) { | 136 TEST(OCSPTest, OCSPResponderName) { |
134 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_name.pem")); | 137 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_name.pem")); |
135 } | 138 } |
136 | 139 |
137 TEST(ParseOCSPTest, OCSPResponderKeyHash) { | 140 TEST(OCSPTest, OCSPResponderKeyHash) { |
138 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_id.pem")); | 141 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_id.pem")); |
139 } | 142 } |
140 | 143 |
141 TEST(ParseOCSPTest, OCSPOCSPExtension) { | 144 TEST(OCSPTest, OCSPOCSPExtension) { |
142 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_extension.pem")); | 145 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_extension.pem")); |
143 } | 146 } |
144 | 147 |
145 TEST(ParseOCSPTest, OCSPIncludeNextUpdate) { | 148 TEST(OCSPTest, OCSPIncludeNextUpdate) { |
146 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response_next_update.pem")); | 149 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response_next_update.pem")); |
147 } | 150 } |
148 | 151 |
149 TEST(ParseOCSPTest, OCSPRevokedResponse) { | 152 TEST(OCSPTest, OCSPRevokedResponse) { |
150 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response.pem")); | 153 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response.pem")); |
151 } | 154 } |
152 | 155 |
153 TEST(ParseOCSPTest, OCSPRevokedResponseWithReason) { | 156 TEST(OCSPTest, OCSPRevokedResponseWithReason) { |
154 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response_reason.pem")); | 157 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response_reason.pem")); |
155 } | 158 } |
156 | 159 |
157 TEST(ParseOCSPTest, OCSPUnknownCertStatus) { | 160 TEST(OCSPTest, OCSPUnknownCertStatus) { |
158 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("unknown_response.pem")); | 161 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("unknown_response.pem")); |
159 } | 162 } |
160 | 163 |
161 TEST(ParseOCSPTest, OCSPMultipleCertStatus) { | 164 TEST(OCSPTest, OCSPMultipleCertStatus) { |
162 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("multiple_response.pem")); | 165 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("multiple_response.pem")); |
163 } | 166 } |
164 | 167 |
165 TEST(ParseOCSPTest, OCSPWrongCertResponse) { | 168 TEST(OCSPTest, OCSPWrongCertResponse) { |
166 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("other_response.pem")); | 169 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("other_response.pem")); |
167 } | 170 } |
168 | 171 |
169 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { | 172 TEST(OCSPTest, OCSPOCSPSingleExtension) { |
170 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); | 173 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); |
171 } | 174 } |
172 | 175 |
173 TEST(ParseOCSPTest, OCSPMissingResponse) { | 176 TEST(OCSPTest, OCSPMissingResponse) { |
174 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); | 177 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); |
175 } | 178 } |
176 | 179 |
177 } // namespace net | 180 } // namespace net |
OLD | NEW |