| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_objects_extractor.h" | 5 #include "net/cert/ct_objects_extractor.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "net/cert/ct_log_verifier.h" | 8 #include "net/cert/ct_log_verifier.h" |
| 9 #include "net/cert/ct_serialization.h" | 9 #include "net/cert/ct_serialization.h" |
| 10 #include "net/cert/signed_certificate_timestamp.h" | 10 #include "net/cert/signed_certificate_timestamp.h" |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 65 EXPECT_EQ(sct->version, SignedCertificateTimestamp::V1); | 65 EXPECT_EQ(sct->version, SignedCertificateTimestamp::V1); |
| 66 EXPECT_EQ(ct::GetTestPublicKeyId(), sct->log_id); | 66 EXPECT_EQ(ct::GetTestPublicKeyId(), sct->log_id); |
| 67 | 67 |
| 68 base::Time expected_timestamp = | 68 base::Time expected_timestamp = |
| 69 base::Time::UnixEpoch() + | 69 base::Time::UnixEpoch() + |
| 70 base::TimeDelta::FromMilliseconds(1365181456275); | 70 base::TimeDelta::FromMilliseconds(1365181456275); |
| 71 EXPECT_EQ(expected_timestamp, sct->timestamp); | 71 EXPECT_EQ(expected_timestamp, sct->timestamp); |
| 72 } | 72 } |
| 73 | 73 |
| 74 TEST_F(CTObjectsExtractorTest, ExtractPrecert) { | 74 TEST_F(CTObjectsExtractorTest, ExtractPrecert) { |
| 75 LogEntry entry; | 75 SignedEntryData entry; |
| 76 ASSERT_TRUE(GetPrecertLogEntry(precert_chain_[0]->os_cert_handle(), | 76 ASSERT_TRUE(GetPrecertSignedEntry(precert_chain_[0]->os_cert_handle(), |
| 77 precert_chain_[1]->os_cert_handle(), | 77 precert_chain_[1]->os_cert_handle(), |
| 78 &entry)); | 78 &entry)); |
| 79 | 79 |
| 80 ASSERT_EQ(ct::LogEntry::LOG_ENTRY_TYPE_PRECERT, entry.type); | 80 ASSERT_EQ(ct::SignedEntryData::LOG_ENTRY_TYPE_PRECERT, entry.type); |
| 81 // Should have empty leaf cert for this log entry type. | 81 // Should have empty leaf cert for this log entry type. |
| 82 ASSERT_TRUE(entry.leaf_certificate.empty()); | 82 ASSERT_TRUE(entry.leaf_certificate.empty()); |
| 83 // Compare hash values of issuer spki. | 83 // Compare hash values of issuer spki. |
| 84 SHA256HashValue expected_issuer_key_hash; | 84 SHA256HashValue expected_issuer_key_hash; |
| 85 memcpy(expected_issuer_key_hash.data, GetDefaultIssuerKeyHash().data(), 32); | 85 memcpy(expected_issuer_key_hash.data, GetDefaultIssuerKeyHash().data(), 32); |
| 86 ASSERT_EQ(expected_issuer_key_hash, entry.issuer_key_hash); | 86 ASSERT_EQ(expected_issuer_key_hash, entry.issuer_key_hash); |
| 87 } | 87 } |
| 88 | 88 |
| 89 TEST_F(CTObjectsExtractorTest, ExtractOrdinaryX509Cert) { | 89 TEST_F(CTObjectsExtractorTest, ExtractOrdinaryX509Cert) { |
| 90 LogEntry entry; | 90 SignedEntryData entry; |
| 91 ASSERT_TRUE(GetX509LogEntry(test_cert_->os_cert_handle(), &entry)); | 91 ASSERT_TRUE(GetX509SignedEntry(test_cert_->os_cert_handle(), &entry)); |
| 92 | 92 |
| 93 ASSERT_EQ(ct::LogEntry::LOG_ENTRY_TYPE_X509, entry.type); | 93 ASSERT_EQ(ct::SignedEntryData::LOG_ENTRY_TYPE_X509, entry.type); |
| 94 // Should have empty tbs_certificate for this log entry type. | 94 // Should have empty tbs_certificate for this log entry type. |
| 95 ASSERT_TRUE(entry.tbs_certificate.empty()); | 95 ASSERT_TRUE(entry.tbs_certificate.empty()); |
| 96 // Length of leaf_certificate should be 718, see the CT Serialization tests. | 96 // Length of leaf_certificate should be 718, see the CT Serialization tests. |
| 97 ASSERT_EQ(718U, entry.leaf_certificate.size()); | 97 ASSERT_EQ(718U, entry.leaf_certificate.size()); |
| 98 } | 98 } |
| 99 | 99 |
| 100 // Test that the embedded SCT verifies | 100 // Test that the embedded SCT verifies |
| 101 TEST_F(CTObjectsExtractorTest, ExtractedSCTVerifies) { | 101 TEST_F(CTObjectsExtractorTest, ExtractedSCTVerifies) { |
| 102 scoped_refptr<ct::SignedCertificateTimestamp> sct( | 102 scoped_refptr<ct::SignedCertificateTimestamp> sct( |
| 103 new ct::SignedCertificateTimestamp()); | 103 new ct::SignedCertificateTimestamp()); |
| 104 ExtractEmbeddedSCT(precert_chain_[0], &sct); | 104 ExtractEmbeddedSCT(precert_chain_[0], &sct); |
| 105 | 105 |
| 106 LogEntry entry; | 106 SignedEntryData entry; |
| 107 ASSERT_TRUE(GetPrecertLogEntry(precert_chain_[0]->os_cert_handle(), | 107 ASSERT_TRUE(GetPrecertSignedEntry(precert_chain_[0]->os_cert_handle(), |
| 108 precert_chain_[1]->os_cert_handle(), | 108 precert_chain_[1]->os_cert_handle(), |
| 109 &entry)); | 109 &entry)); |
| 110 | 110 |
| 111 EXPECT_TRUE(log_->Verify(entry, *sct.get())); | 111 EXPECT_TRUE(log_->Verify(entry, *sct.get())); |
| 112 } | 112 } |
| 113 | 113 |
| 114 // Test that an externally-provided SCT verifies over the LogEntry | 114 // Test that an externally-provided SCT verifies over the SignedEntryData |
| 115 // of a regular X.509 Certificate | 115 // of a regular X.509 Certificate |
| 116 TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies) { | 116 TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies) { |
| 117 scoped_refptr<ct::SignedCertificateTimestamp> sct( | 117 scoped_refptr<ct::SignedCertificateTimestamp> sct( |
| 118 new ct::SignedCertificateTimestamp()); | 118 new ct::SignedCertificateTimestamp()); |
| 119 GetX509CertSCT(&sct); | 119 GetX509CertSCT(&sct); |
| 120 | 120 |
| 121 LogEntry entry; | 121 SignedEntryData entry; |
| 122 ASSERT_TRUE(GetX509LogEntry(test_cert_->os_cert_handle(), &entry)); | 122 ASSERT_TRUE(GetX509SignedEntry(test_cert_->os_cert_handle(), &entry)); |
| 123 | 123 |
| 124 EXPECT_TRUE(log_->Verify(entry, *sct.get())); | 124 EXPECT_TRUE(log_->Verify(entry, *sct.get())); |
| 125 } | 125 } |
| 126 | 126 |
| 127 // Test that the extractor can parse OCSP responses. | 127 // Test that the extractor can parse OCSP responses. |
| 128 TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponse) { | 128 TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponse) { |
| 129 std::string der_subject_cert(ct::GetDerEncodedFakeOCSPResponseCert()); | 129 std::string der_subject_cert(ct::GetDerEncodedFakeOCSPResponseCert()); |
| 130 scoped_refptr<X509Certificate> subject_cert = | 130 scoped_refptr<X509Certificate> subject_cert = |
| 131 X509Certificate::CreateFromBytes(der_subject_cert.data(), | 131 X509Certificate::CreateFromBytes(der_subject_cert.data(), |
| 132 der_subject_cert.length()); | 132 der_subject_cert.length()); |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 177 std::string extracted_sct_list; | 177 std::string extracted_sct_list; |
| 178 // Use test_cert_ for issuer - it is not the correct issuer of |subject_cert|. | 178 // Use test_cert_ for issuer - it is not the correct issuer of |subject_cert|. |
| 179 EXPECT_FALSE(ct::ExtractSCTListFromOCSPResponse( | 179 EXPECT_FALSE(ct::ExtractSCTListFromOCSPResponse( |
| 180 test_cert_->os_cert_handle(), subject_cert->serial_number(), | 180 test_cert_->os_cert_handle(), subject_cert->serial_number(), |
| 181 ocsp_response, &extracted_sct_list)); | 181 ocsp_response, &extracted_sct_list)); |
| 182 } | 182 } |
| 183 | 183 |
| 184 } // namespace ct | 184 } // namespace ct |
| 185 | 185 |
| 186 } // namespace net | 186 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2824983002:
Rename net::ct::LogEntry to SignedEntryData and clarify the comment. (Closed)
