OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 #include "net/cert/ocsp_staple.h" | |
estark
2016/06/14 02:10:28
missing newline above
dadrian
2016/06/14 18:40:01
Done.
| |
5 | |
6 #include "net/base/host_port_pair.h" | |
7 #include "net/cert/internal/test_helpers.h" | |
8 | |
9 namespace net { | |
10 | |
11 namespace { | |
12 | |
13 const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; | |
14 | |
15 const base::TimeDelta kAgeTenYears = base::TimeDelta::FromDays(3650); | |
16 | |
17 struct OCSPTest { | |
18 std::string response; | |
19 scoped_refptr<X509Certificate> certificate; | |
20 }; | |
21 | |
22 bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { | |
23 std::string ca_data; | |
24 std::string cert_data; | |
25 const PemBlockMapping mappings[] = { | |
26 {"OCSP RESPONSE", &ocsp->response}, | |
27 {"CA CERTIFICATE", &ca_data}, | |
28 {"CERTIFICATE", &cert_data}, | |
29 }; | |
30 std::string full_path = std::string(kOCSPPathPrefix) + file_name; | |
31 if (!ReadTestDataFromPemFile(full_path, mappings)) | |
32 return false; | |
33 | |
34 // Parse the server certificate | |
35 CertificateList server_cert_list = | |
36 X509Certificate::CreateCertificateListFromBytes( | |
37 cert_data.data(), cert_data.size(), | |
38 X509Certificate::FORMAT_SINGLE_CERTIFICATE); | |
39 ocsp->certificate = server_cert_list[0]; | |
40 return true; | |
41 } | |
42 | |
43 } // namespace | |
44 | |
45 class ExpectStapleReportTest : public testing::Test { | |
46 protected: | |
47 base::Time verify_time_; | |
48 | |
49 void SetUp() override { verify_time_ = base::Time::Now(); } | |
50 | |
51 std::unique_ptr<ExpectStapleReport> MakeReport(const OCSPTest& ocsp) { | |
52 std::unique_ptr<ExpectStapleReport> report = | |
53 ExpectStapleReport::FromRawOCSPResponse( | |
54 ocsp.response, verify_time_, kAgeTenYears, *ocsp.certificate); | |
55 return report; | |
56 } | |
57 }; | |
58 | |
59 TEST_F(ExpectStapleReportTest, Valid) { | |
60 OCSPTest ocsp; | |
61 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); | |
62 auto report = MakeReport(ocsp); | |
63 ASSERT_TRUE(report); | |
64 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
65 EXPECT_EQ(verify_time_, report->verify_time()); | |
66 const auto& stapled_responses = report->stapled_responses(); | |
67 ASSERT_EQ(1u, stapled_responses.size()); | |
68 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
69 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
70 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
71 }; | |
72 | |
73 TEST_F(ExpectStapleReportTest, ValidWithExtension) { | |
74 OCSPTest ocsp; | |
75 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); | |
76 auto report = MakeReport(ocsp); | |
77 ASSERT_TRUE(report); | |
78 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
79 EXPECT_EQ(verify_time_, report->verify_time()); | |
80 }; | |
81 | |
82 TEST_F(ExpectStapleReportTest, MissingSingleResponse) { | |
83 OCSPTest ocsp; | |
84 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); | |
85 auto report = MakeReport(ocsp); | |
86 ASSERT_TRUE(report); | |
87 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
88 report->staple_error()); | |
89 EXPECT_EQ(verify_time_, report->verify_time()); | |
90 const auto& stapled_responses = report->stapled_responses(); | |
91 EXPECT_EQ(0u, stapled_responses.size()); | |
92 }; | |
93 | |
94 TEST_F(ExpectStapleReportTest, MultipleResponse) { | |
95 OCSPTest ocsp; | |
96 ASSERT_TRUE(LoadOCSPFromFile("multiple_response.pem", &ocsp)); | |
97 auto report = MakeReport(ocsp); | |
98 ASSERT_TRUE(report); | |
99 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); | |
100 EXPECT_EQ(verify_time_, report->verify_time()); | |
101 const auto& stapled_responses = report->stapled_responses(); | |
102 ASSERT_EQ(2u, stapled_responses.size()); | |
103 for (const auto& staple : stapled_responses) { | |
104 EXPECT_TRUE(staple.is_date_valid); | |
105 EXPECT_TRUE(staple.is_correct_certificate); | |
106 } | |
107 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); | |
108 EXPECT_EQ(OCSPCertStatus::Status::UNKNOWN, stapled_responses[1].status); | |
109 }; | |
110 | |
111 TEST_F(ExpectStapleReportTest, RevokeResponse) { | |
112 OCSPTest ocsp; | |
113 ASSERT_TRUE(LoadOCSPFromFile("revoke_response.pem", &ocsp)); | |
114 auto report = MakeReport(ocsp); | |
115 ASSERT_TRUE(report); | |
116 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, | |
117 report->staple_error()); | |
118 EXPECT_EQ(verify_time_, report->verify_time()); | |
119 const auto& stapled_responses = report->stapled_responses(); | |
120 ASSERT_EQ(1u, stapled_responses.size()); | |
121 EXPECT_TRUE(stapled_responses[0].is_date_valid); | |
122 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); | |
123 EXPECT_EQ(OCSPCertStatus::Status::REVOKED, stapled_responses[0].status); | |
124 }; | |
125 | |
126 } // namespace | |
OLD | NEW |