Chromium Code Reviews Chromium Code Reviews
Issue 2040513003:
Implement Expect-Staple (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 #include "net/cert/ocsp_staple.h" | |
|
estark
2016/06/14 02:10:28
missing newline above
dadrian
2016/06/14 18:40:01
Done.
| |
| 5 | |
| 6 #include "net/base/host_port_pair.h" | |
| 7 #include "net/cert/internal/test_helpers.h" | |
| 8 | |
| 9 namespace net { | |
| 10 | |
| 11 namespace { | |
| 12 | |
| 13 const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; | |
| 14 | |
| 15 const base::TimeDelta kAgeTenYears = base::TimeDelta::FromDays(3650); | |
| 16 | |
| 17 struct OCSPTest { | |
| 18 std::string response; | |
| 19 scoped_refptr<X509Certificate> certificate; | |
| 20 }; | |
| 21 | |
| 22 bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { | |
| 23 std::string ca_data; | |
| 24 std::string cert_data; | |
| 25 const PemBlockMapping mappings[] = { | |
| 26 {"OCSP RESPONSE", &ocsp->response}, | |
| 27 {"CA CERTIFICATE", &ca_data}, | |
| 28 {"CERTIFICATE", &cert_data}, | |
| 29 }; | |
| 30 std::string full_path = std::string(kOCSPPathPrefix) + file_name; | |
| 31 if (!ReadTestDataFromPemFile(full_path, mappings)) | |
| 32 return false; | |
| 33 | |
| 34 // Parse the server certificate | |
| 35 CertificateList server_cert_list = | |
| 36 X509Certificate::CreateCertificateListFromBytes( | |
| 37 cert_data.data(), cert_data.size(), | |
| 38 X509Certificate::FORMAT_SINGLE_CERTIFICATE); | |
| 39 ocsp->certificate = server_cert_list[0]; | |
| 40 return true; | |
| 41 } | |
| 42 | |
| 43 } // namespace | |
| 44 | |
| 45 class ExpectStapleReportTest : public testing::Test { | |
| 46 protected: | |
| 47 base::Time verify_time_; | |
| 48 | |
| 49 void SetUp() override { verify_time_ = base::Time::Now(); } | |
| 50 | |
| 51 std::unique_ptr<ExpectStapleReport> MakeReport(const OCSPTest& ocsp) { | |
| 52 std::unique_ptr<ExpectStapleReport> report = | |
| 53 ExpectStapleReport::FromRawOCSPResponse( | |
| 54 ocsp.response, verify_time_, kAgeTenYears, *ocsp.certificate); | |
| 55 return report; | |
| 56 } | |
| 57 }; | |
| 58 | |
| 59 TEST_F(ExpectStapleReportTest, Valid) { | |
| 60 OCSPTest ocsp; | |
| 61 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); | |
| 62 auto report = MakeReport(ocsp); | |
| 63 ASSERT_TRUE(report); | |
| 64 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
| 65 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 66 const auto& stapled_responses = report->stapled_responses(); | |
| 67 ASSERT_EQ(1u, stapled_responses.size()); | |
| 68 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
| 69 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
| 70 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
| 71 }; | |
| 72 | |
| 73 TEST_F(ExpectStapleReportTest, ValidWithExtension) { | |
| 74 OCSPTest ocsp; | |
| 75 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); | |
| 76 auto report = MakeReport(ocsp); | |
| 77 ASSERT_TRUE(report); | |
| 78 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
| 79 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 80 }; | |
| 81 | |
| 82 TEST_F(ExpectStapleReportTest, MissingSingleResponse) { | |
| 83 OCSPTest ocsp; | |
| 84 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); | |
| 85 auto report = MakeReport(ocsp); | |
| 86 ASSERT_TRUE(report); | |
| 87 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
| 88 report->staple_error()); | |
| 89 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 90 const auto& stapled_responses = report->stapled_responses(); | |
| 91 EXPECT_EQ(0u, stapled_responses.size()); | |
| 92 }; | |
| 93 | |
| 94 TEST_F(ExpectStapleReportTest, MultipleResponse) { | |
| 95 OCSPTest ocsp; | |
| 96 ASSERT_TRUE(LoadOCSPFromFile("multiple_response.pem", &ocsp)); | |
| 97 auto report = MakeReport(ocsp); | |
| 98 ASSERT_TRUE(report); | |
| 99 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
| 100 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 101 const auto& stapled_responses = report->stapled_responses(); | |
| 102 ASSERT_EQ(2u, stapled_responses.size()); | |
| 103 for (const auto& staple : stapled_responses) { | |
| 104 EXPECT_TRUE(staple.is_date_valid); | |
| 105 EXPECT_TRUE(staple.is_correct_certificate); | |
| 106 } | |
| 107 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
| 108 EXPECT_EQ(OCSPCertStatus::Status::UNKNOWN, stapled_responses[1].status); | |
| 109 }; | |
| 110 | |
| 111 TEST_F(ExpectStapleReportTest, RevokeResponse) { | |
| 112 OCSPTest ocsp; | |
| 113 ASSERT_TRUE(LoadOCSPFromFile("revoke_response.pem", &ocsp)); | |
| 114 auto report = MakeReport(ocsp); | |
| 115 ASSERT_TRUE(report); | |
| 116 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
| 117 report->staple_error()); | |
| 118 EXPECT_EQ(verify_time_, report->verify_time()); | |
| 119 const auto& stapled_responses = report->stapled_responses(); | |
| 120 ASSERT_EQ(1u, stapled_responses.size()); | |
| 121 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
| 122 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
| 123 EXPECT_EQ(OCSPCertStatus::Status::REVOKED, stapled_responses[0].status); | |
| 124 }; | |
| 125 | |
| 126 } // namespace | |
| OLD | NEW |
