Index: net/http/transport_security_state_unittest.cc |
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc |
index 7731ee56128d668c804eaa006c852669e9fdeb59..36ed497df1498fc87ebbb37b292fc29d0afcec6b 100644 |
--- a/net/http/transport_security_state_unittest.cc |
+++ b/net/http/transport_security_state_unittest.cc |
@@ -25,6 +25,7 @@ |
#include "net/cert/cert_verifier.h" |
#include "net/cert/cert_verify_result.h" |
#include "net/cert/ct_policy_status.h" |
+#include "net/cert/internal/test_helpers.h" |
#include "net/cert/test_root_certs.h" |
#include "net/cert/x509_cert_types.h" |
#include "net/cert/x509_certificate.h" |
@@ -78,7 +79,9 @@ const char* const kBadPath[] = { |
nullptr, |
}; |
-// A mock ReportSenderInterface that just remembers the latest report |
+const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; |
+ |
+// A mock ReportSender that just remembers the latest report |
// URI and report to be sent. |
class MockCertificateReportSender |
: public TransportSecurityState::ReportSenderInterface { |
@@ -1883,4 +1886,123 @@ TEST_F(TransportSecurityStateTest, ExpectCTReporter) { |
EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); |
} |
+class MockExpectStapleReportSender : public MockCertificateReportSender { |
+ public: |
+ bool ReportSent() { return !latest_report().empty(); } |
+}; |
+ |
+class ExpectStapleTest : public TransportSecurityStateTest { |
+ public: |
+ ExpectStapleTest() : verify_time_(base::Time::Now()) { |
+ TransportSecurityStateTest::SetUp(); |
+ security_state_.SetReportSender(&report_sender_); |
+ EnableStaticExpectStaple(&security_state_); |
+ } |
+ |
+ struct OCSPTest { |
+ std::string response; |
+ scoped_refptr<X509Certificate> certificate; |
+ }; |
+ |
+ static bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { |
+ std::string ca_data; |
+ std::string cert_data; |
+ const PemBlockMapping mappings[] = { |
+ {"OCSP RESPONSE", &ocsp->response}, |
+ {"CA CERTIFICATE", &ca_data}, |
+ {"CERTIFICATE", &cert_data}, |
+ }; |
+ std::string full_path = std::string(kOCSPPathPrefix) + file_name; |
+ if (!ReadTestDataFromPemFile(full_path, mappings)) |
+ return false; |
+ |
+ // Parse the server certificate |
+ CertificateList server_cert_list = |
+ X509Certificate::CreateCertificateListFromBytes( |
+ cert_data.data(), cert_data.size(), |
+ X509Certificate::FORMAT_SINGLE_CERTIFICATE); |
+ ocsp->certificate = server_cert_list[0]; |
+ return true; |
+ } |
+ |
+ static void CheckExpectStapleReport( |
+ const std::string& serialized_report, |
+ const HostPortPair& host_port, |
+ const X509Certificate& served_certificate_chain, |
+ bool is_issued_by_known_root, |
+ const OCSPVerifyResult& ocsp_verify_result) { |
+ std::unique_ptr<base::Value> value( |
+ base::JSONReader::Read(serialized_report)); |
+ ASSERT_TRUE(value); |
+ ASSERT_TRUE(value->IsType(base::Value::TYPE_DICTIONARY)); |
+ |
+ base::DictionaryValue* report_dict; |
+ ASSERT_TRUE(value->GetAsDictionary(&report_dict)); |
+ std::string report_hostname; |
+ EXPECT_TRUE(report_dict->GetString("hostname", &report_hostname)); |
+ EXPECT_EQ(host_port.host(), report_hostname); |
+ int report_port; |
+ EXPECT_TRUE(report_dict->GetInteger("port", &report_port)); |
+ EXPECT_EQ(host_port.port(), report_port); |
+ |
+ // Check certificate chain. |
+ const base::ListValue* report_served_certificate_chain = nullptr; |
+ if (is_issued_by_known_root) { |
+ ASSERT_TRUE(report_dict->GetList("served-certificate-chain", |
+ &report_served_certificate_chain)); |
+ std::vector<std::string> pem_encoded_chain; |
+ served_certificate_chain.GetPEMEncodedChain(&pem_encoded_chain); |
+ ASSERT_EQ(pem_encoded_chain.size(), |
+ report_served_certificate_chain->GetSize()); |
+ for (size_t i = 0; i < pem_encoded_chain.size(); i++) { |
+ std::string cert_pem; |
+ ASSERT_TRUE(report_served_certificate_chain->GetString(i, &cert_pem)); |
+ EXPECT_EQ(pem_encoded_chain[i], cert_pem); |
+ } |
+ } else { |
+ EXPECT_FALSE(report_dict->GetList("served-certificate-chain", |
+ &report_served_certificate_chain)); |
+ } |
+ |
+ // Check stapled responses. |
+ const base::ListValue* report_ocsp_responses = nullptr; |
+ ASSERT_TRUE(report_dict->GetList("ocsp-responses", &report_ocsp_responses)); |
+ const auto& ocsp_responses = ocsp_verify_result.stapled_responses; |
+ ASSERT_EQ(ocsp_responses.size(), report_ocsp_responses->GetSize()); |
+ for (size_t i = 0; i < ocsp_responses.size(); i++) { |
+ const base::DictionaryValue* report_ocsp_response = nullptr; |
+ report_ocsp_responses->GetDictionary(i, &report_ocsp_response); |
+ bool is_date_valid; |
+ ASSERT_TRUE( |
+ report_ocsp_response->GetBoolean("is-date-valid", &is_date_valid)); |
+ EXPECT_EQ(ocsp_responses[i].is_date_valid, is_date_valid); |
+ bool is_correct_certificate; |
+ ASSERT_TRUE(report_ocsp_response->GetBoolean("is-correct-certificate", |
+ &is_correct_certificate)); |
+ EXPECT_EQ(ocsp_responses[i].is_correct_certificate, |
+ is_correct_certificate); |
+ } |
+ } |
+ |
+ protected: |
+ static bool SerializeExpectStapleReport( |
+ const HostPortPair& host_port_pair, |
+ const X509Certificate& unverified_certificate, |
+ bool is_issued_by_known_root, |
+ const OCSPVerifyResult& ocsp_verify_result, |
+ std::string* serialized_report) { |
+ return TransportSecurityState::SerializeExpectStapleReport( |
+ host_port_pair, unverified_certificate, is_issued_by_known_root, |
+ ocsp_verify_result, serialized_report); |
+ } |
+ |
+ TransportSecurityState security_state_; |
+ MockExpectStapleReportSender report_sender_; |
+ base::Time verify_time_; |
+}; |
+ |
+TEST_F(ExpectStapleTest, TestSerialization){ |
+ // TODO(dadrian) |
+}; |
+ |
} // namespace net |