Chromium Code Reviews Chromium Code Reviews
Issue 2091103002:
Add CheckOCSPDateValid() to net/cert/internal (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/parse_ocsp.h" | 5 #include "net/cert/internal/parse_ocsp.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "net/cert/internal/test_helpers.h" | 9 #include "net/cert/internal/test_helpers.h" |
| 10 #include "net/cert/x509_certificate.h" | 10 #include "net/cert/x509_certificate.h" |
| 11 #include "net/der/encode_values.h" | |
| 11 #include "net/test/test_data_directory.h" | 12 #include "net/test/test_data_directory.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 13 | 14 |
| 14 namespace net { | 15 namespace net { |
| 15 | 16 |
| 16 namespace { | 17 namespace { |
| 17 | 18 |
| 19 const base::TimeDelta kOCSPAgeOneWeek = base::TimeDelta::FromDays(7); | |
| 20 | |
| 21 const base::Time kWindowsEpoch; | |
|
Ryan Sleevi
2016/07/08 23:37:27
Style guide: Class-level statics aren't allowed -
dadrian
2016/07/09 00:13:51
Done.
| |
| 22 | |
| 18 std::string GetFilePath(const std::string& file_name) { | 23 std::string GetFilePath(const std::string& file_name) { |
| 19 return std::string("net/data/parse_ocsp_unittest/") + file_name; | 24 return std::string("net/data/parse_ocsp_unittest/") + file_name; |
| 20 } | 25 } |
| 21 | 26 |
| 22 enum OCSPFailure { | 27 enum OCSPFailure { |
| 23 OCSP_SUCCESS, | 28 OCSP_SUCCESS, |
| 24 PARSE_CERT, | 29 PARSE_CERT, |
| 25 PARSE_OCSP, | 30 PARSE_OCSP, |
| 26 OCSP_NOT_SUCCESSFUL, | 31 OCSP_NOT_SUCCESSFUL, |
| 27 PARSE_OCSP_DATA, | 32 PARSE_OCSP_DATA, |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 175 } | 180 } |
| 176 | 181 |
| 177 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { | 182 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { |
| 178 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); | 183 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); |
| 179 } | 184 } |
| 180 | 185 |
| 181 TEST(ParseOCSPTest, OCSPMissingResponse) { | 186 TEST(ParseOCSPTest, OCSPMissingResponse) { |
| 182 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); | 187 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); |
| 183 } | 188 } |
| 184 | 189 |
| 190 TEST(OCSPDateTest, Valid) { | |
| 191 OCSPSingleResponse response; | |
| 192 | |
| 193 base::Time now = base::Time::Now(); | |
| 194 base::Time this_update = now - base::TimeDelta::FromHours(1); | |
| 195 ASSERT_TRUE( | |
| 196 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); | |
| 197 response.has_next_update = false; | |
| 198 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 199 | |
| 200 base::Time next_update = this_update + base::TimeDelta::FromDays(7); | |
| 201 ASSERT_TRUE( | |
| 202 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); | |
| 203 response.has_next_update = true; | |
| 204 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 205 } | |
| 206 | |
| 207 TEST(OCSPDateTest, ThisUpdateInTheFuture) { | |
| 208 OCSPSingleResponse response; | |
| 209 | |
| 210 base::Time now = base::Time::Now(); | |
| 211 base::Time this_update = now + base::TimeDelta::FromHours(1); | |
| 212 ASSERT_TRUE( | |
| 213 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); | |
| 214 response.has_next_update = false; | |
| 215 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 216 | |
| 217 base::Time next_update = this_update + base::TimeDelta::FromDays(7); | |
| 218 ASSERT_TRUE( | |
| 219 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); | |
| 220 response.has_next_update = true; | |
| 221 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 222 } | |
| 223 | |
| 224 TEST(OCSPDateTest, NextUpdatePassed) { | |
| 225 OCSPSingleResponse response; | |
| 226 | |
| 227 base::Time now = base::Time::Now(); | |
| 228 base::Time this_update = now - base::TimeDelta::FromDays(6); | |
| 229 ASSERT_TRUE( | |
| 230 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); | |
| 231 response.has_next_update = false; | |
| 232 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 233 | |
| 234 base::Time next_update = now - base::TimeDelta::FromHours(1); | |
| 235 ASSERT_TRUE( | |
| 236 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); | |
| 237 response.has_next_update = true; | |
| 238 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 239 } | |
| 240 | |
| 241 TEST(OCSPDateTest, NextUpdateBeforeThisUpdate) { | |
| 242 OCSPSingleResponse response; | |
| 243 | |
| 244 base::Time now = base::Time::Now(); | |
| 245 base::Time this_update = now - base::TimeDelta::FromDays(1); | |
| 246 ASSERT_TRUE( | |
| 247 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); | |
| 248 response.has_next_update = false; | |
| 249 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 250 | |
| 251 base::Time next_update = this_update - base::TimeDelta::FromDays(1); | |
| 252 ASSERT_TRUE( | |
| 253 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); | |
| 254 response.has_next_update = true; | |
| 255 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 256 } | |
| 257 | |
| 258 TEST(OCSPDateTest, ThisUpdateOlderThanMaxAge) { | |
| 259 OCSPSingleResponse response; | |
| 260 | |
| 261 base::Time now = base::Time::Now(); | |
| 262 base::Time this_update = now - kOCSPAgeOneWeek; | |
| 263 ASSERT_TRUE( | |
| 264 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); | |
| 265 response.has_next_update = false; | |
| 266 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 267 | |
| 268 base::Time next_update = now + base::TimeDelta::FromHours(1); | |
| 269 ASSERT_TRUE( | |
| 270 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); | |
| 271 response.has_next_update = true; | |
| 272 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 273 | |
| 274 ASSERT_TRUE(der::EncodeTimeAsGeneralizedTime( | |
| 275 this_update - base::TimeDelta::FromSeconds(1), &response.this_update)); | |
| 276 response.has_next_update = false; | |
| 277 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 278 response.has_next_update = true; | |
| 279 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); | |
| 280 } | |
| 281 | |
| 282 TEST(OCSPDateTest, VerifyTimeFromBeforeWindowsEpoch) { | |
| 283 OCSPSingleResponse response; | |
| 284 base::Time verify_time = kWindowsEpoch - base::TimeDelta::FromDays(1); | |
| 285 | |
| 286 base::Time now = base::Time::Now(); | |
| 287 base::Time this_update = now - base::TimeDelta::FromHours(1); | |
| 288 ASSERT_TRUE( | |
| 289 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); | |
| 290 response.has_next_update = false; | |
| 291 EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); | |
| 292 | |
| 293 base::Time next_update = this_update + kOCSPAgeOneWeek; | |
| 294 ASSERT_TRUE( | |
| 295 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); | |
| 296 response.has_next_update = true; | |
| 297 EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); | |
| 298 } | |
| 299 | |
| 300 TEST(OCSPDateTest, VerifyTimeMinusAgeFromBeforeWindowsEpoch) { | |
| 301 OCSPSingleResponse response; | |
| 302 base::Time verify_time = kWindowsEpoch + base::TimeDelta::FromDays(1); | |
| 303 | |
| 304 base::Time this_update = kWindowsEpoch; | |
| 305 ASSERT_TRUE( | |
| 306 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); | |
| 307 response.has_next_update = false; | |
| 308 #ifdef OS_WIN | |
| 309 EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); | |
| 310 #else | |
| 311 EXPECT_TRUE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); | |
| 312 #endif | |
| 313 } | |
| 314 | |
| 185 } // namespace net | 315 } // namespace net |
| OLD | NEW |
