| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/cert/expect_staple_report.h" |
| 6 |
| 7 #include "net/base/host_port_pair.h" |
| 8 #include "net/cert/internal/test_helpers.h" |
| 9 |
| 10 namespace net { |
| 11 |
| 12 namespace { |
| 13 |
| 14 const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; |
| 15 |
| 16 const base::TimeDelta kAgeTenYears = base::TimeDelta::FromDays(3650); |
| 17 |
| 18 struct OCSPTest { |
| 19 std::string response; |
| 20 scoped_refptr<X509Certificate> certificate; |
| 21 }; |
| 22 |
| 23 bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { |
| 24 std::string ca_data; |
| 25 std::string cert_data; |
| 26 const PemBlockMapping mappings[] = { |
| 27 {"OCSP RESPONSE", &ocsp->response}, |
| 28 {"CA CERTIFICATE", &ca_data}, |
| 29 {"CERTIFICATE", &cert_data}, |
| 30 }; |
| 31 std::string full_path = std::string(kOCSPPathPrefix) + file_name; |
| 32 if (!ReadTestDataFromPemFile(full_path, mappings)) |
| 33 return false; |
| 34 |
| 35 // Parse the server certificate |
| 36 CertificateList server_cert_list = |
| 37 X509Certificate::CreateCertificateListFromBytes( |
| 38 cert_data.data(), cert_data.size(), |
| 39 X509Certificate::FORMAT_SINGLE_CERTIFICATE); |
| 40 ocsp->certificate = server_cert_list[0]; |
| 41 return true; |
| 42 } |
| 43 |
| 44 } // namespace |
| 45 |
| 46 class ExpectStapleReportTest : public testing::Test { |
| 47 protected: |
| 48 base::Time verify_time_; |
| 49 |
| 50 void SetUp() override { verify_time_ = base::Time::Now(); } |
| 51 |
| 52 std::unique_ptr<ExpectStapleReport> MakeReport(const OCSPTest& ocsp) { |
| 53 std::unique_ptr<ExpectStapleReport> report = |
| 54 ExpectStapleReport::FromRawOCSPResponse( |
| 55 ocsp.response, verify_time_, kAgeTenYears, *ocsp.certificate); |
| 56 return report; |
| 57 } |
| 58 }; |
| 59 |
| 60 TEST_F(ExpectStapleReportTest, Valid) { |
| 61 OCSPTest ocsp; |
| 62 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); |
| 63 auto report = MakeReport(ocsp); |
| 64 ASSERT_TRUE(report); |
| 65 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); |
| 66 EXPECT_EQ(verify_time_, report->verify_time()); |
| 67 const auto& stapled_responses = report->stapled_responses(); |
| 68 ASSERT_EQ(1u, stapled_responses.size()); |
| 69 EXPECT_TRUE(stapled_responses[0].is_date_valid); |
| 70 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); |
| 71 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); |
| 72 }; |
| 73 |
| 74 TEST_F(ExpectStapleReportTest, ValidWithExtension) { |
| 75 OCSPTest ocsp; |
| 76 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); |
| 77 auto report = MakeReport(ocsp); |
| 78 ASSERT_TRUE(report); |
| 79 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); |
| 80 EXPECT_EQ(verify_time_, report->verify_time()); |
| 81 }; |
| 82 |
| 83 TEST_F(ExpectStapleReportTest, MissingSingleResponse) { |
| 84 OCSPTest ocsp; |
| 85 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); |
| 86 auto report = MakeReport(ocsp); |
| 87 ASSERT_TRUE(report); |
| 88 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, |
| 89 report->staple_error()); |
| 90 EXPECT_EQ(verify_time_, report->verify_time()); |
| 91 const auto& stapled_responses = report->stapled_responses(); |
| 92 EXPECT_EQ(0u, stapled_responses.size()); |
| 93 }; |
| 94 |
| 95 TEST_F(ExpectStapleReportTest, MultipleResponse) { |
| 96 OCSPTest ocsp; |
| 97 ASSERT_TRUE(LoadOCSPFromFile("multiple_response.pem", &ocsp)); |
| 98 auto report = MakeReport(ocsp); |
| 99 ASSERT_TRUE(report); |
| 100 EXPECT_EQ(ExpectStapleReport::StapleError::OK, report->staple_error()); |
| 101 EXPECT_EQ(verify_time_, report->verify_time()); |
| 102 const auto& stapled_responses = report->stapled_responses(); |
| 103 ASSERT_EQ(2u, stapled_responses.size()); |
| 104 for (const auto& staple : stapled_responses) { |
| 105 EXPECT_TRUE(staple.is_date_valid); |
| 106 EXPECT_TRUE(staple.is_correct_certificate); |
| 107 } |
| 108 EXPECT_EQ(OCSPCertStatus::Status::GOOD, stapled_responses[0].status); |
| 109 EXPECT_EQ(OCSPCertStatus::Status::UNKNOWN, stapled_responses[1].status); |
| 110 }; |
| 111 |
| 112 TEST_F(ExpectStapleReportTest, RevokeResponse) { |
| 113 OCSPTest ocsp; |
| 114 ASSERT_TRUE(LoadOCSPFromFile("revoke_response.pem", &ocsp)); |
| 115 auto report = MakeReport(ocsp); |
| 116 ASSERT_TRUE(report); |
| 117 EXPECT_EQ(ExpectStapleReport::StapleError::NO_MATCHING_RESPONSE, |
| 118 report->staple_error()); |
| 119 EXPECT_EQ(verify_time_, report->verify_time()); |
| 120 const auto& stapled_responses = report->stapled_responses(); |
| 121 ASSERT_EQ(1u, stapled_responses.size()); |
| 122 EXPECT_TRUE(stapled_responses[0].is_date_valid); |
| 123 EXPECT_TRUE(stapled_responses[0].is_correct_certificate); |
| 124 EXPECT_EQ(OCSPCertStatus::Status::REVOKED, stapled_responses[0].status); |
| 125 }; |
| 126 |
| 127 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2040513003:
Implement Expect-Staple (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master