net/cert/internal/parse_ocsp_unittest.cc - Issue 2144693002: Reland of Add CheckOCSPDateValid() to net/cert/internal

Side by Side Diff: net/cert/internal/parse_ocsp_unittest.cc

Issue 2144693002: Reland of Add CheckOCSPDateValid() to net/cert/internal (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add documentation, abort early. Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/parse_ocsp.h"	5 #include "net/cert/internal/parse_ocsp.h"

6	6

7 #include "base/files/file_path.h"	7 #include "base/files/file_path.h"

8 #include "base/logging.h"	8 #include "base/logging.h"

9 #include "net/cert/internal/test_helpers.h"	9 #include "net/cert/internal/test_helpers.h"

10 #include "net/cert/x509_certificate.h"	10 #include "net/cert/x509_certificate.h"

	11 #include "net/der/encode_values.h"

11 #include "net/test/test_data_directory.h"	12 #include "net/test/test_data_directory.h"

12 #include "testing/gtest/include/gtest/gtest.h"	13 #include "testing/gtest/include/gtest/gtest.h"

13	14

14 namespace net {	15 namespace net {

15	16

16 namespace {	17 namespace {

17	18

	19 const base::TimeDelta kOCSPAgeOneWeek = base::TimeDelta::FromDays(7);
	Lei Zhang 2016/07/14 10:39:50 Not 100% sure if this adds a static initializer, b Not 100% sure if this adds a static initializer, but since this is in a unit test and we don't check unit test binaries... shrug dadrian 2016/07/14 17:37:29 IIRC it does not, since TimeDelta::FromDays is con Show quoted text On 2016/07/14 10:39:50, Lei Zhang (Slow Thursday) wrote: > Not 100% sure if this adds a static initializer, but since this is in a unit > test and we don't check unit test binaries... shrug IIRC it does not, since TimeDelta::FromDays is constexpr.
	20

18 std::string GetFilePath(const std::string& file_name) {	21 std::string GetFilePath(const std::string& file_name) {

19 return std::string("net/data/parse_ocsp_unittest/") + file_name;	22 return std::string("net/data/parse_ocsp_unittest/") + file_name;

20 }	23 }

21	24

22 enum OCSPFailure {	25 enum OCSPFailure {

23 OCSP_SUCCESS,	26 OCSP_SUCCESS,

24 PARSE_CERT,	27 PARSE_CERT,

25 PARSE_OCSP,	28 PARSE_OCSP,

26 OCSP_NOT_SUCCESSFUL,	29 OCSP_NOT_SUCCESSFUL,

27 PARSE_OCSP_DATA,	30 PARSE_OCSP_DATA,

(...skipping 147 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
175 }	178 }

176	179

177 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) {	180 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) {

178 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem"));	181 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem"));

179 }	182 }

180	183

181 TEST(ParseOCSPTest, OCSPMissingResponse) {	184 TEST(ParseOCSPTest, OCSPMissingResponse) {

182 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem"));	185 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem"));

183 }	186 }

184	187

	188 TEST(OCSPDateTest, Valid) {

	189 OCSPSingleResponse response;

	190

	191 base::Time now = base::Time::Now();

	192 base::Time this_update = now - base::TimeDelta::FromHours(1);

	193 ASSERT_TRUE(

	194 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));

	195 response.has_next_update = false;

	196 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	197

	198 base::Time next_update = this_update + base::TimeDelta::FromDays(7);

	199 ASSERT_TRUE(

	200 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));

	201 response.has_next_update = true;

	202 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	203 }

	204

	205 TEST(OCSPDateTest, ThisUpdateInTheFuture) {

	206 OCSPSingleResponse response;

	207

	208 base::Time now = base::Time::Now();

	209 base::Time this_update = now + base::TimeDelta::FromHours(1);

	210 ASSERT_TRUE(

	211 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));

	212 response.has_next_update = false;

	213 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	214

	215 base::Time next_update = this_update + base::TimeDelta::FromDays(7);

	216 ASSERT_TRUE(

	217 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));

	218 response.has_next_update = true;

	219 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	220 }

	221

	222 TEST(OCSPDateTest, NextUpdatePassed) {

	223 OCSPSingleResponse response;

	224

	225 base::Time now = base::Time::Now();

	226 base::Time this_update = now - base::TimeDelta::FromDays(6);

	227 ASSERT_TRUE(

	228 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));

	229 response.has_next_update = false;

	230 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	231

	232 base::Time next_update = now - base::TimeDelta::FromHours(1);

	233 ASSERT_TRUE(

	234 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));

	235 response.has_next_update = true;

	236 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	237 }

	238

	239 TEST(OCSPDateTest, NextUpdateBeforeThisUpdate) {

	240 OCSPSingleResponse response;

	241

	242 base::Time now = base::Time::Now();

	243 base::Time this_update = now - base::TimeDelta::FromDays(1);

	244 ASSERT_TRUE(

	245 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));

	246 response.has_next_update = false;

	247 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	248

	249 base::Time next_update = this_update - base::TimeDelta::FromDays(1);

	250 ASSERT_TRUE(

	251 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));

	252 response.has_next_update = true;

	253 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	254 }

	255

	256 TEST(OCSPDateTest, ThisUpdateOlderThanMaxAge) {

	257 OCSPSingleResponse response;

	258

	259 base::Time now = base::Time::Now();

	260 base::Time this_update = now - kOCSPAgeOneWeek;

	261 ASSERT_TRUE(

	262 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));

	263 response.has_next_update = false;

	264 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	265

	266 base::Time next_update = now + base::TimeDelta::FromHours(1);

	267 ASSERT_TRUE(

	268 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));

	269 response.has_next_update = true;

	270 EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	271

	272 ASSERT_TRUE(der::EncodeTimeAsGeneralizedTime(

	273 this_update - base::TimeDelta::FromSeconds(1), &response.this_update));

	274 response.has_next_update = false;

	275 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	276 response.has_next_update = true;

	277 EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek));

	278 }

	279

	280 TEST(OCSPDateTest, VerifyTimeFromBeforeWindowsEpoch) {

	281 OCSPSingleResponse response;

	282 base::Time windows_epoch;

	283 base::Time verify_time = windows_epoch - base::TimeDelta::FromDays(1);

	284

	285 base::Time now = base::Time::Now();

	286 base::Time this_update = now - base::TimeDelta::FromHours(1);

	287 ASSERT_TRUE(

	288 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));

	289 response.has_next_update = false;

	290 EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));

	291

	292 base::Time next_update = this_update + kOCSPAgeOneWeek;

	293 ASSERT_TRUE(

	294 der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update));

	295 response.has_next_update = true;

	296 EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));

	297 }

	298

	299 TEST(OCSPDateTest, VerifyTimeMinusAgeFromBeforeWindowsEpoch) {

	300 OCSPSingleResponse response;

	301 base::Time windows_epoch;

	302 base::Time verify_time = windows_epoch + base::TimeDelta::FromDays(1);

	303

	304 base::Time this_update = windows_epoch;

	305 ASSERT_TRUE(

	306 der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update));

	307 response.has_next_update = false;

	308 #ifdef OS_WIN
	Lei Zhang 2016/07/14 10:39:50 #if defined(OS_WIN) #if defined(OS_WIN) dadrian 2016/07/14 17:37:29 Done. Show quoted text On 2016/07/14 10:39:50, Lei Zhang (Slow Thursday) wrote: > #if defined(OS_WIN) Done.
	309 EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));

	310 #else

	311 EXPECT_TRUE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek));

	312 #endif

	313 }

	314

185 } // namespace net	315 } // namespace net

OLD	NEW

« net/cert/internal/parse_ocsp.h ('K') | « net/cert/internal/parse_ocsp.cc ('k') | net/der/encode_values.h » ('j') | net/der/encode_values.h » ('J')