| Index: net/cert/ct_serialization_unittest.cc
|
| diff --git a/net/cert/ct_serialization_unittest.cc b/net/cert/ct_serialization_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..eeeaa3c876b8d83a7e458da7e0da0cb123fcb11d
|
| --- /dev/null
|
| +++ b/net/cert/ct_serialization_unittest.cc
|
| @@ -0,0 +1,170 @@
|
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "net/cert/ct_serialization.h"
|
| +
|
| +#include <string>
|
| +
|
| +#include "base/file_util.h"
|
| +#include "base/files/file_path.h"
|
| +#include "net/base/net_log.h"
|
| +#include "net/base/test_completion_callback.h"
|
| +#include "net/base/test_data_directory.h"
|
| +#include "net/cert/x509_certificate.h"
|
| +#include "net/test/cert_test_util.h"
|
| +#include "net/test/ct_test_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace net {
|
| +
|
| +class CtSerializationTest : public ::testing::Test {
|
| + public:
|
| + virtual void SetUp() OVERRIDE {
|
| + test_digitally_signed_ = ct::GetTestDigitallySigned();
|
| + }
|
| +
|
| + protected:
|
| + std::string test_digitally_signed_;
|
| +};
|
| +
|
| +TEST_F(CtSerializationTest, DecodesDigitallySigned) {
|
| + base::StringPiece digitally_signed(test_digitally_signed_);
|
| + ct::DigitallySigned parsed;
|
| +
|
| + ASSERT_TRUE(ct::DecodeDigitallySigned(&digitally_signed, &parsed));
|
| + EXPECT_EQ(
|
| + ct::DigitallySigned::HASH_ALGO_SHA256,
|
| + parsed.hash_algorithm);
|
| +
|
| + EXPECT_EQ(
|
| + ct::DigitallySigned::SIG_ALGO_ECDSA,
|
| + parsed.signature_algorithm);
|
| +
|
| + // The encoded data contains the signature itself from the 4th byte.
|
| + // The first bytes are:
|
| + // 1 byte of hash algorithm
|
| + // 1 byte of signature algorithm
|
| + // 2 bytes - prefix containing length of the signature data.
|
| + EXPECT_EQ(
|
| + test_digitally_signed_.substr(4),
|
| + parsed.signature_data);
|
| +}
|
| +
|
| +
|
| +TEST_F(CtSerializationTest, FailsToDecodePartialDigitallySigned) {
|
| + base::StringPiece digitally_signed(test_digitally_signed_);
|
| + base::StringPiece partial_digitally_signed(
|
| + digitally_signed.substr(0, test_digitally_signed_.size() - 5));
|
| + ct::DigitallySigned parsed;
|
| +
|
| + ASSERT_FALSE(ct::DecodeDigitallySigned(&partial_digitally_signed, &parsed));
|
| +}
|
| +
|
| +
|
| +TEST_F(CtSerializationTest, EncodesDigitallySigned) {
|
| + ct::DigitallySigned digitally_signed;
|
| + digitally_signed.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
|
| + digitally_signed.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
|
| + digitally_signed.signature_data = test_digitally_signed_.substr(4);
|
| +
|
| + std::string encoded;
|
| +
|
| + ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded));
|
| + EXPECT_EQ(test_digitally_signed_, encoded);
|
| +}
|
| +
|
| +
|
| +TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) {
|
| + ct::LogEntry entry;
|
| + GetX509CertLogEntry(&entry);
|
| +
|
| + std::string encoded;
|
| + ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded));
|
| + EXPECT_EQ((718U + 5U), encoded.size());
|
| + // First two bytes are log entry type. Next, length:
|
| + // Length is 718 which is 512 + 206, which is 0x2ce
|
| + std::string expected_prefix("\0\0\0\x2\xCE", 5);
|
| + // Note we use std::string comparison rather than ASSERT_STREQ due
|
| + // to null characters in the buffer.
|
| + EXPECT_EQ(expected_prefix, encoded.substr(0, 5));
|
| +}
|
| +
|
| +TEST_F(CtSerializationTest, EncodesV1SCTSignedData) {
|
| + base::Time timestamp = base::Time::UnixEpoch() +
|
| + base::TimeDelta::FromMilliseconds(1348589665525);
|
| + std::string dummy_entry("abc");
|
| + std::string empty_extensions("");
|
| + // For now, no known failure cases.
|
| + std::string encoded;
|
| + ASSERT_TRUE(ct::EncodeV1SCTSignedData(
|
| + timestamp,
|
| + dummy_entry,
|
| + empty_extensions,
|
| + &encoded));
|
| + EXPECT_EQ((size_t) 15, encoded.size());
|
| + // Byte 0 is version, byte 1 is signature type
|
| + // Bytes 2-10 are timestamp
|
| + // Bytes 11-14 are the log signature
|
| + // Byte 15 is the empty extension
|
| + //EXPECT_EQ(0, timestamp.ToTimeT());
|
| + std::string expected_buffer(
|
| + "\x0\x0\x0\x0\x1\x39\xFE\x35\x3C\xF5\x61\x62\x63\x0\x0", 15);
|
| + EXPECT_EQ(expected_buffer, encoded);
|
| +}
|
| +
|
| +TEST_F(CtSerializationTest, DecodesSCTList) {
|
| + // Two items in the list: "abc", "def"
|
| + base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x3\x64\x65\x66", 12);
|
| + std::vector<base::StringPiece> decoded;
|
| +
|
| + ASSERT_TRUE(ct::DecodeSCTList(&encoded, &decoded));
|
| + ASSERT_STREQ("abc", decoded[0].data());
|
| + ASSERT_STREQ("def", decoded[1].data());
|
| +}
|
| +
|
| +TEST_F(CtSerializationTest, FailsDecodingInvalidSCTList) {
|
| + // A list with one item that's too short
|
| + base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x5\x64\x65\x66", 12);
|
| + std::vector<base::StringPiece> decoded;
|
| +
|
| + ASSERT_FALSE(ct::DecodeSCTList(&encoded, &decoded));
|
| +}
|
| +
|
| +TEST_F(CtSerializationTest, DecodesSignedCertificateTimestamp) {
|
| + std::string encoded_test_sct(ct::GetTestSignedCertificateTimestamp());
|
| + base::StringPiece encoded_sct(encoded_test_sct);
|
| +
|
| + ct::SignedCertificateTimestamp sct;
|
| + ASSERT_TRUE(ct::DecodeSignedCertificateTimestamp(&encoded_sct, &sct));
|
| + EXPECT_EQ(0, sct.version);
|
| + std::string expected_log_key(
|
| + "\xdf\x1c\x2e\xc1\x15\x00\x94\x52\x47\xa9\x61\x68\x32\x5d\xdc\x5c\x79\x59"
|
| + "\xe8\xf7\xc6\xd3\x88\xfc\x00\x2e\x0b\xbd\x3f\x74\xd7\x64",
|
| + 32);
|
| + EXPECT_EQ(expected_log_key, sct.log_id);
|
| + base::Time expected_time = base::Time::UnixEpoch() +
|
| + base::TimeDelta::FromMilliseconds(1365181456089);
|
| + EXPECT_EQ(expected_time, sct.timestamp);
|
| + // Subtracting 4 bytes for signature data (hash & sig algs),
|
| + // actual signature data should be 71 bytes.
|
| + EXPECT_EQ((size_t) 71, sct.signature.signature_data.size());
|
| + EXPECT_EQ(std::string(""), sct.extensions);
|
| +}
|
| +
|
| +TEST_F(CtSerializationTest, FailsDecodingInvalidSignedCertificateTimestamp) {
|
| + // Invalid version
|
| + base::StringPiece invalid_version_sct("\x2\x0", 2);
|
| + ct::SignedCertificateTimestamp sct;
|
| +
|
| + ASSERT_FALSE(
|
| + ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct));
|
| +
|
| + // Valid version, invalid length (missing data)
|
| + base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4);
|
| + ASSERT_FALSE(
|
| + ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct));
|
| +}
|
| +
|
| +} // namespace net
|
| +
|
|
|
Chromium Code Reviews
Issue 37633002:
CT: First step towards supporting Certificate Transparency in Chrome. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master