OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/cert/expect_staple_report.h" | |
6 | |
7 #include "base/macros.h" | |
8 #include "net/base/host_port_pair.h" | |
9 #include "net/cert/internal/test_helpers.h" | |
10 | |
11 namespace net { | |
12 | |
13 namespace { | |
14 | |
15 const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; | |
16 | |
17 const base::TimeDelta kOCSPResponseMaxAge = base::TimeDelta::FromDays(3650); | |
18 | |
19 struct OCSPTest { | |
20 std::string response; | |
21 scoped_refptr<X509Certificate> certificate; | |
22 }; | |
23 | |
24 bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { | |
25 std::string ca_data; | |
26 std::string cert_data; | |
27 const PemBlockMapping mappings[] = { | |
28 {"OCSP RESPONSE", &ocsp->response}, | |
29 {"CA CERTIFICATE", &ca_data}, | |
30 {"CERTIFICATE", &cert_data}, | |
31 }; | |
32 std::string full_path = std::string(kOCSPPathPrefix) + file_name; | |
33 if (!ReadTestDataFromPemFile(full_path, mappings)) | |
34 return false; | |
35 | |
36 // Parse the server certificate | |
37 CertificateList server_cert_list = | |
38 X509Certificate::CreateCertificateListFromBytes( | |
39 cert_data.data(), cert_data.size(), | |
40 X509Certificate::FORMAT_SINGLE_CERTIFICATE); | |
41 ocsp->certificate = server_cert_list[0]; | |
42 return true; | |
43 } | |
44 | |
45 } // namespace | |
46 | |
47 class ExpectStapleReportTest : public testing::Test { | |
48 public: | |
49 ExpectStapleReportTest() {} | |
50 | |
51 protected: | |
52 void SetUp() override { verify_time_ = base::Time::Now(); } | |
svaldez
2016/06/16 11:14:38
Maybe hardcode this so that the tests don't break?
dadrian
2016/06/16 19:20:18
Done.
| |
53 | |
54 std::unique_ptr<ExpectStapleReport> MakeReport(const OCSPTest& ocsp) { | |
55 std::unique_ptr<ExpectStapleReport> report = | |
56 ExpectStapleReport::FromRawOCSPResponse(ocsp.response, verify_time_, | |
57 kOCSPResponseMaxAge, | |
58 *ocsp.certificate); | |
59 return report; | |
60 } | |
61 | |
62 base::Time verify_time_; | |
63 | |
64 private: | |
65 DISALLOW_COPY_AND_ASSIGN(ExpectStapleReportTest); | |
66 }; | |
67 | |
68 TEST_F(ExpectStapleReportTest, Valid) { | |
69 OCSPTest ocsp; | |
70 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); | |
71 auto report = MakeReport(ocsp); | |
72 ASSERT_TRUE(report); | |
73 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
74 EXPECT_EQ(verify_time_, report->verify_time()); | |
75 const auto& stapled_responses = report->stapled_responses(); | |
76 ASSERT_EQ(1u, stapled_responses.size()); | |
77 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
78 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
79 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
80 }; | |
81 | |
82 TEST_F(ExpectStapleReportTest, ValidWithExtension) { | |
83 OCSPTest ocsp; | |
84 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); | |
85 auto report = MakeReport(ocsp); | |
86 ASSERT_TRUE(report); | |
87 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
88 EXPECT_EQ(verify_time_, report->verify_time()); | |
89 }; | |
90 | |
91 TEST_F(ExpectStapleReportTest, MissingSingleResponse) { | |
92 OCSPTest ocsp; | |
93 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); | |
94 auto report = MakeReport(ocsp); | |
95 ASSERT_TRUE(report); | |
96 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
97 report->staple_error()); | |
98 EXPECT_EQ(verify_time_, report->verify_time()); | |
99 const auto& stapled_responses = report->stapled_responses(); | |
100 EXPECT_EQ(0u, stapled_responses.size()); | |
101 }; | |
102 | |
103 TEST_F(ExpectStapleReportTest, MultipleResponse) { | |
104 OCSPTest ocsp; | |
105 ASSERT_TRUE(LoadOCSPFromFile("multiple_response.pem", &ocsp)); | |
106 auto report = MakeReport(ocsp); | |
107 ASSERT_TRUE(report); | |
108 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
109 EXPECT_EQ(verify_time_, report->verify_time()); | |
110 const auto& stapled_responses = report->stapled_responses(); | |
111 ASSERT_EQ(2u, stapled_responses.size()); | |
112 for (const auto& staple : stapled_responses) { | |
113 EXPECT_TRUE(staple.is_date_valid); | |
114 EXPECT_TRUE(staple.is_correct_certificate); | |
115 } | |
116 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
117 EXPECT_EQ(OCSPCertStatus::Status::UNKNOWN, stapled_responses[1].status); | |
118 }; | |
119 | |
120 TEST_F(ExpectStapleReportTest, RevokeResponse) { | |
121 OCSPTest ocsp; | |
122 ASSERT_TRUE(LoadOCSPFromFile("revoke_response.pem", &ocsp)); | |
123 auto report = MakeReport(ocsp); | |
124 ASSERT_TRUE(report); | |
125 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
126 report->staple_error()); | |
127 EXPECT_EQ(verify_time_, report->verify_time()); | |
128 const auto& stapled_responses = report->stapled_responses(); | |
129 ASSERT_EQ(1u, stapled_responses.size()); | |
130 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
131 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
132 EXPECT_EQ(OCSPCertStatus::Status::REVOKED, stapled_responses[0].status); | |
133 }; | |
134 | |
135 } // namespace | |
OLD | NEW |