OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/cert/expect_staple_report.h" | |
6 | |
7 #include "net/base/host_port_pair.h" | |
8 #include "net/cert/internal/test_helpers.h" | |
9 | |
10 namespace net { | |
11 | |
12 namespace { | |
13 | |
14 const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; | |
15 | |
16 const base::TimeDelta kAgeTenYears = base::TimeDelta::FromDays(3650); | |
estark
2016/06/15 23:51:46
My preference would be to name this what it is use
| |
17 | |
18 struct OCSPTest { | |
19 std::string response; | |
20 scoped_refptr<X509Certificate> certificate; | |
21 }; | |
22 | |
23 bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { | |
24 std::string ca_data; | |
25 std::string cert_data; | |
26 const PemBlockMapping mappings[] = { | |
27 {"OCSP RESPONSE", &ocsp->response}, | |
28 {"CA CERTIFICATE", &ca_data}, | |
29 {"CERTIFICATE", &cert_data}, | |
30 }; | |
31 std::string full_path = std::string(kOCSPPathPrefix) + file_name; | |
32 if (!ReadTestDataFromPemFile(full_path, mappings)) | |
33 return false; | |
34 | |
35 // Parse the server certificate | |
36 CertificateList server_cert_list = | |
37 X509Certificate::CreateCertificateListFromBytes( | |
38 cert_data.data(), cert_data.size(), | |
39 X509Certificate::FORMAT_SINGLE_CERTIFICATE); | |
40 ocsp->certificate = server_cert_list[0]; | |
41 return true; | |
42 } | |
43 | |
44 } // namespace | |
45 | |
46 class ExpectStapleReportTest : public testing::Test { | |
47 protected: | |
48 base::Time verify_time_; | |
estark
2016/06/15 23:51:46
This should be below the methods.
dadrian
2016/06/16 03:27:23
Done.
| |
49 | |
50 void SetUp() override { verify_time_ = base::Time::Now(); } | |
51 | |
52 std::unique_ptr<ExpectStapleReport> MakeReport(const OCSPTest& ocsp) { | |
53 std::unique_ptr<ExpectStapleReport> report = | |
54 ExpectStapleReport::FromRawOCSPResponse( | |
55 ocsp.response, verify_time_, kAgeTenYears, *ocsp.certificate); | |
56 return report; | |
57 } | |
estark
2016/06/15 23:51:46
DISALLOW_COPY_AND_ASSIGN
dadrian
2016/06/16 03:27:23
Done.
| |
58 }; | |
59 | |
60 TEST_F(ExpectStapleReportTest, Valid) { | |
61 OCSPTest ocsp; | |
62 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); | |
63 auto report = MakeReport(ocsp); | |
64 ASSERT_TRUE(report); | |
65 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
66 EXPECT_EQ(verify_time_, report->verify_time()); | |
67 const auto& stapled_responses = report->stapled_responses(); | |
68 ASSERT_EQ(1u, stapled_responses.size()); | |
69 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
70 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
71 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
72 }; | |
73 | |
74 TEST_F(ExpectStapleReportTest, ValidWithExtension) { | |
75 OCSPTest ocsp; | |
76 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); | |
77 auto report = MakeReport(ocsp); | |
78 ASSERT_TRUE(report); | |
79 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
80 EXPECT_EQ(verify_time_, report->verify_time()); | |
81 }; | |
82 | |
83 TEST_F(ExpectStapleReportTest, MissingSingleResponse) { | |
84 OCSPTest ocsp; | |
85 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); | |
86 auto report = MakeReport(ocsp); | |
87 ASSERT_TRUE(report); | |
88 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
89 report->staple_error()); | |
90 EXPECT_EQ(verify_time_, report->verify_time()); | |
91 const auto& stapled_responses = report->stapled_responses(); | |
92 EXPECT_EQ(0u, stapled_responses.size()); | |
93 }; | |
94 | |
95 TEST_F(ExpectStapleReportTest, MultipleResponse) { | |
96 OCSPTest ocsp; | |
97 ASSERT_TRUE(LoadOCSPFromFile("multiple_response.pem", &ocsp)); | |
98 auto report = MakeReport(ocsp); | |
99 ASSERT_TRUE(report); | |
100 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
101 EXPECT_EQ(verify_time_, report->verify_time()); | |
102 const auto& stapled_responses = report->stapled_responses(); | |
103 ASSERT_EQ(2u, stapled_responses.size()); | |
104 for (const auto& staple : stapled_responses) { | |
105 EXPECT_TRUE(staple.is_date_valid); | |
106 EXPECT_TRUE(staple.is_correct_certificate); | |
107 } | |
108 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
109 EXPECT_EQ(OCSPCertStatus::Status::UNKNOWN, stapled_responses[1].status); | |
110 }; | |
111 | |
112 TEST_F(ExpectStapleReportTest, RevokeResponse) { | |
113 OCSPTest ocsp; | |
114 ASSERT_TRUE(LoadOCSPFromFile("revoke_response.pem", &ocsp)); | |
115 auto report = MakeReport(ocsp); | |
116 ASSERT_TRUE(report); | |
117 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
118 report->staple_error()); | |
119 EXPECT_EQ(verify_time_, report->verify_time()); | |
120 const auto& stapled_responses = report->stapled_responses(); | |
121 ASSERT_EQ(1u, stapled_responses.size()); | |
122 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
123 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
124 EXPECT_EQ(OCSPCertStatus::Status::REVOKED, stapled_responses[0].status); | |
125 }; | |
126 | |
127 } // namespace | |
OLD | NEW |