Chromium Code Reviews Chromium Code Reviews
Issue 2040513003:
Implement Expect-Staple (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/cert/expect_staple_report.h" | |
| 6 | |
| 7 #include "net/base/host_port_pair.h" | |
| 8 #include "net/cert/internal/test_helpers.h" | |
| 9 | |
| 10 namespace net { | |
| 11 | |
| 12 namespace { | |
| 13 | |
| 14 const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; | |
| 15 | |
| 16 const base::TimeDelta kAgeTenYears = base::TimeDelta::FromDays(3650); | |
|
estark
2016/06/15 23:51:46
My preference would be to name this what it is use
| |
| 17 | |
| 18 struct OCSPTest { | |
| 19 std::string response; | |
| 20 scoped_refptr<X509Certificate> certificate; | |
| 21 }; | |
| 22 | |
| 23 bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { | |
| 24 std::string ca_data; | |
| 25 std::string cert_data; | |
| 26 const PemBlockMapping mappings[] = { | |
| 27 {"OCSP RESPONSE", &ocsp->response}, | |
| 28 {"CA CERTIFICATE", &ca_data}, | |
| 29 {"CERTIFICATE", &cert_data}, | |
| 30 }; | |
| 31 std::string full_path = std::string(kOCSPPathPrefix) + file_name; | |
| 32 if (!ReadTestDataFromPemFile(full_path, mappings)) | |
| 33 return false; | |
| 34 | |
| 35 // Parse the server certificate | |
| 36 CertificateList server_cert_list = | |
| 37 X509Certificate::CreateCertificateListFromBytes( | |
| 38 cert_data.data(), cert_data.size(), | |
| 39 X509Certificate::FORMAT_SINGLE_CERTIFICATE); | |
| 40 ocsp->certificate = server_cert_list[0]; | |
| 41 return true; | |
| 42 } | |
| 43 | |
| 44 } // namespace | |
| 45 | |
| 46 class ExpectStapleReportTest : public testing::Test { | |
| 47 protected: | |
| 48 base::Time verify_time_; | |
|
estark
2016/06/15 23:51:46
This should be below the methods.
dadrian
2016/06/16 03:27:23
Done.
| |
| 49 | |
| 50 void SetUp() override { verify_time_ = base::Time::Now(); } | |
| 51 | |
| 52 std::unique_ptr<ExpectStapleReport> MakeReport(const OCSPTest& ocsp) { | |
| 53 std::unique_ptr<ExpectStapleReport> report = | |
| 54 ExpectStapleReport::FromRawOCSPResponse( | |
| 55 ocsp.response, verify_time_, kAgeTenYears, *ocsp.certificate); | |
| 56 return report; | |
| 57 } | |
|
estark
2016/06/15 23:51:46
DISALLOW_COPY_AND_ASSIGN
dadrian
2016/06/16 03:27:23
Done.
| |
| 58 }; | |
| 59 | |
| 60 TEST_F(ExpectStapleReportTest, Valid) { | |
| 61 OCSPTest ocsp; | |
| 62 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); | |
| 63 auto report = MakeReport(ocsp); | |
| 64 ASSERT_TRUE(report); | |
| 65 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
| 66 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 67 const auto& stapled_responses = report->stapled_responses(); | |
| 68 ASSERT_EQ(1u, stapled_responses.size()); | |
| 69 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
| 70 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
| 71 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
| 72 }; | |
| 73 | |
| 74 TEST_F(ExpectStapleReportTest, ValidWithExtension) { | |
| 75 OCSPTest ocsp; | |
| 76 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); | |
| 77 auto report = MakeReport(ocsp); | |
| 78 ASSERT_TRUE(report); | |
| 79 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
| 80 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 81 }; | |
| 82 | |
| 83 TEST_F(ExpectStapleReportTest, MissingSingleResponse) { | |
| 84 OCSPTest ocsp; | |
| 85 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); | |
| 86 auto report = MakeReport(ocsp); | |
| 87 ASSERT_TRUE(report); | |
| 88 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
| 89 report->staple_error()); | |
| 90 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 91 const auto& stapled_responses = report->stapled_responses(); | |
| 92 EXPECT_EQ(0u, stapled_responses.size()); | |
| 93 }; | |
| 94 | |
| 95 TEST_F(ExpectStapleReportTest, MultipleResponse) { | |
| 96 OCSPTest ocsp; | |
| 97 ASSERT_TRUE(LoadOCSPFromFile("multiple_response.pem", &ocsp)); | |
| 98 auto report = MakeReport(ocsp); | |
| 99 ASSERT_TRUE(report); | |
| 100 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
| 101 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 102 const auto& stapled_responses = report->stapled_responses(); | |
| 103 ASSERT_EQ(2u, stapled_responses.size()); | |
| 104 for (const auto& staple : stapled_responses) { | |
| 105 EXPECT_TRUE(staple.is_date_valid); | |
| 106 EXPECT_TRUE(staple.is_correct_certificate); | |
| 107 } | |
| 108 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
| 109 EXPECT_EQ(OCSPCertStatus::Status::UNKNOWN, stapled_responses[1].status); | |
| 110 }; | |
| 111 | |
| 112 TEST_F(ExpectStapleReportTest, RevokeResponse) { | |
| 113 OCSPTest ocsp; | |
| 114 ASSERT_TRUE(LoadOCSPFromFile("revoke_response.pem", &ocsp)); | |
| 115 auto report = MakeReport(ocsp); | |
| 116 ASSERT_TRUE(report); | |
| 117 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
| 118 report->staple_error()); | |
| 119 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 120 const auto& stapled_responses = report->stapled_responses(); | |
| 121 ASSERT_EQ(1u, stapled_responses.size()); | |
| 122 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
| 123 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
| 124 EXPECT_EQ(OCSPCertStatus::Status::REVOKED, stapled_responses[0].status); | |
| 125 }; | |
| 126 | |
| 127 } // namespace | |
| OLD | NEW |
