Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(567)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/multi_log_ct_verifier_unittest.cc

Issue 422063004: Certificate Transparency: Require SCTs for EV certificates. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: datatype issues addressed. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/ct_verifier.h ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/net.gypi » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/multi_log_ct_verifier.h" 5 #include "net/cert/multi_log_ct_verifier.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/files/file_path.h" 9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h" 10 #include "base/files/file_util.h"
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
64 result.verified_scts[0]->log_description == kLogDescription; 64 result.verified_scts[0]->log_description == kLogDescription;
65 } 65 }
66 66
67 bool CheckForSCTOrigin( 67 bool CheckForSCTOrigin(
68 const ct::CTVerifyResult& result, 68 const ct::CTVerifyResult& result,
69 ct::SignedCertificateTimestamp::Origin origin) { 69 ct::SignedCertificateTimestamp::Origin origin) {
70 return (result.verified_scts.size() > 0) && 70 return (result.verified_scts.size() > 0) &&
71 (result.verified_scts[0]->origin == origin); 71 (result.verified_scts[0]->origin == origin);
72 } 72 }
73 73
74 bool CheckForEmbeddedSCTInNetLog(CapturingNetLog& net_log) { 74 bool CheckForEmbeddedSCTInNetLog(const CapturingNetLog& net_log) {
75 CapturingNetLog::CapturedEntryList entries; 75 CapturingNetLog::CapturedEntryList entries;
76 net_log.GetEntries(&entries); 76 net_log.GetEntries(&entries);
77 if (entries.size() != 2) 77 if (entries.size() != 2)
78 return false; 78 return false;
79 79
80 const CapturingNetLog::CapturedEntry& received = entries[0]; 80 const CapturingNetLog::CapturedEntry& received = entries[0];
81 std::string embedded_scts; 81 std::string embedded_scts;
82 if (!received.GetStringValue("embedded_scts", &embedded_scts)) 82 if (!received.GetStringValue("embedded_scts", &embedded_scts))
83 return false; 83 return false;
84 if (embedded_scts.empty()) 84 if (embedded_scts.empty())
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
181 int NumEmbeddedSCTsInHistogram() { 181 int NumEmbeddedSCTsInHistogram() {
182 return GetValueFromHistogram("Net.CertificateTransparency.SCTOrigin", 182 return GetValueFromHistogram("Net.CertificateTransparency.SCTOrigin",
183 ct::SignedCertificateTimestamp::SCT_EMBEDDED); 183 ct::SignedCertificateTimestamp::SCT_EMBEDDED);
184 } 184 }
185 185
186 int NumValidSCTsInStatusHistogram() { 186 int NumValidSCTsInStatusHistogram() {
187 return GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", 187 return GetValueFromHistogram("Net.CertificateTransparency.SCTStatus",
188 ct::SCT_STATUS_OK); 188 ct::SCT_STATUS_OK);
189 } 189 }
190 190
191 void FillResultWithSCTsOfOrigin(
192 ct::SignedCertificateTimestamp::Origin desired_origin,
193 int num_scts,
194 ct::CTVerifyResult* result) {
195 for (int i = 0; i < num_scts; ++i) {
196 scoped_refptr<ct::SignedCertificateTimestamp> sct(
197 new ct::SignedCertificateTimestamp());
198 sct->origin = desired_origin;
199 result->verified_scts.push_back(sct);
200 }
201 }
202
191 protected: 203 protected:
192 scoped_ptr<MultiLogCTVerifier> verifier_; 204 scoped_ptr<MultiLogCTVerifier> verifier_;
193 scoped_refptr<X509Certificate> chain_; 205 scoped_refptr<X509Certificate> chain_;
194 scoped_refptr<X509Certificate> embedded_sct_chain_; 206 scoped_refptr<X509Certificate> embedded_sct_chain_;
195 }; 207 };
196 208
197 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCT) { 209 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCT) {
198 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); 210 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_));
199 } 211 }
200 212
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after
294 TEST_F(MultiLogCTVerifierTest, CountsZeroSCTsCorrectly) { 306 TEST_F(MultiLogCTVerifierTest, CountsZeroSCTsCorrectly) {
295 int connections_without_scts = GetValueFromHistogram(kSCTCountHistogram, 0); 307 int connections_without_scts = GetValueFromHistogram(kSCTCountHistogram, 0);
296 EXPECT_FALSE(VerifySinglePrecertificateChain(chain_)); 308 EXPECT_FALSE(VerifySinglePrecertificateChain(chain_));
297 ASSERT_EQ(connections_without_scts + 1, 309 ASSERT_EQ(connections_without_scts + 1,
298 GetValueFromHistogram(kSCTCountHistogram, 0)); 310 GetValueFromHistogram(kSCTCountHistogram, 0));
299 } 311 }
300 312
301 } // namespace 313 } // namespace
302 314
303 } // namespace net 315 } // namespace net
OLDNEW
« net/cert/ct_verifier.h ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/net.gypi » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698