CT: Adding preliminary Certificate Transparency support to Chromium.

net/cert/single_log_ct_verifier_unittest.cc

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/single_log_ct_verifier.h"
+
+#include <string>
+
+#include "base/file_util.h"
+#include "base/files/file_path.h"
+#include "net/base/net_log.h"
+#include "net/base/test_completion_callback.h"
+#include "net/base/test_data_directory.h"
+#include "net/cert/ct_log_verifier.h"
+#include "net/cert/ct_verify_result.h"
+#include "net/cert/pem_tokenizer.h"
+#include "net/cert/x509_certificate.h"
+#include "net/test/cert_test_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace {
+
+class SingleLogCTVerifierTest : public ::testing::Test {
+ public:
+  virtual void SetUp() OVERRIDE {
+    std::string ct_public_key_pem;
+    // Extract log's public key which is in PEM format.
+    ASSERT_TRUE(base::ReadFileToString(
+        GetTestCertsDirectory().AppendASCII("ct-public-key.pem"),
+        &ct_public_key_pem));
+    std::vector<std::string> pem_headers;
+    pem_headers.push_back("PUBLIC KEY");
+    PEMTokenizer pem_tok(ct_public_key_pem, pem_headers);
+    ASSERT_TRUE(pem_tok.GetNext());
+
+    std::string decoded(pem_tok.data());
+    scoped_ptr<CTLogVerifier> log(CTLogVerifier::Create(decoded, ""));
+    ASSERT_TRUE(log);
+
+    verifier_.reset(new SingleLogCTVerifier(log.Pass()));
+  }
+
+ protected:
+  scoped_ptr<SingleLogCTVerifier> verifier_;
+};
+
+TEST_F(SingleLogCTVerifierTest, VerifiesEmbeddedProof) {
+  scoped_refptr<X509Certificate> chain(
+      CreateCertificateChainFromFile(GetTestCertsDirectory(),
+                                     "ct-test-embedded-chain.pem",
+                                     X509Certificate::FORMAT_AUTO));
+  ASSERT_TRUE(chain);
+
+  ct::CTVerifyResult result;
+  TestCompletionCallback cb;
+  EXPECT_EQ(
+      OK,
+      verifier_->Verify(chain, chain, &result, cb.callback(), BoundNetLog()));
+}
+
+TEST_F(SingleLogCTVerifierTest, VerifiesEmbeddedProofWithPreCA) {
+  scoped_refptr<X509Certificate> chain(
+      CreateCertificateChainFromFile(GetTestCertsDirectory(),
+                                     "ct-test-embedded-with-preca-chain.pem",
+                                     X509Certificate::FORMAT_AUTO));
+  ASSERT_TRUE(chain);
+
+  ct::CTVerifyResult result;
+  TestCompletionCallback cb;
+  EXPECT_EQ(
+      OK,
+      verifier_->Verify(chain, chain, &result, cb.callback(), BoundNetLog()));
+}
+
+TEST_F(SingleLogCTVerifierTest, VerifiesEmbeddedProofWithIntermediate) {
+  scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile(
+      GetTestCertsDirectory(),
+      "ct-test-embedded-with-intermediate-chain.pem",
+      X509Certificate::FORMAT_AUTO));
+  ASSERT_TRUE(chain);
+
+  ct::CTVerifyResult result;
+  TestCompletionCallback cb;
+  EXPECT_EQ(
+      OK,
+      verifier_->Verify(chain, chain, &result, cb.callback(), BoundNetLog()));
+}
+
+TEST_F(SingleLogCTVerifierTest,
+       VerifiesEmbeddedProofWithIntermediateAndPreCA) {
+  scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile(
+      GetTestCertsDirectory(),
+      "ct-test-embedded-with-intermediate-preca-chain.pem",
+      X509Certificate::FORMAT_AUTO));
+  ASSERT_TRUE(chain);
+
+  ct::CTVerifyResult result;
+  TestCompletionCallback cb;
+  EXPECT_EQ(
+      OK,
+      verifier_->Verify(chain, chain, &result, cb.callback(), BoundNetLog()));
+}
+
+}  // namespace
+
+}  // namespace net