OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ct_log_verifier.h" | 5 #include "net/cert/ct_log_verifier.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/time/time.h" | 9 #include "base/time/time.h" |
10 #include "net/cert/signed_certificate_timestamp.h" | 10 #include "net/cert/signed_certificate_timestamp.h" |
(...skipping 18 matching lines...) Expand all Loading... |
29 scoped_ptr<CTLogVerifier> log_; | 29 scoped_ptr<CTLogVerifier> log_; |
30 }; | 30 }; |
31 | 31 |
32 TEST_F(CTLogVerifierTest, VerifiesCertSCT) { | 32 TEST_F(CTLogVerifierTest, VerifiesCertSCT) { |
33 ct::LogEntry cert_entry; | 33 ct::LogEntry cert_entry; |
34 ct::GetX509CertLogEntry(&cert_entry); | 34 ct::GetX509CertLogEntry(&cert_entry); |
35 | 35 |
36 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; | 36 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; |
37 ct::GetX509CertSCT(&cert_sct); | 37 ct::GetX509CertSCT(&cert_sct); |
38 | 38 |
39 EXPECT_TRUE(log_->Verify(cert_entry, *cert_sct)); | 39 EXPECT_TRUE(log_->Verify(cert_entry, *cert_sct.get())); |
40 } | 40 } |
41 | 41 |
42 TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) { | 42 TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) { |
43 ct::LogEntry precert_entry; | 43 ct::LogEntry precert_entry; |
44 ct::GetPrecertLogEntry(&precert_entry); | 44 ct::GetPrecertLogEntry(&precert_entry); |
45 | 45 |
46 scoped_refptr<ct::SignedCertificateTimestamp> precert_sct; | 46 scoped_refptr<ct::SignedCertificateTimestamp> precert_sct; |
47 ct::GetPrecertSCT(&precert_sct); | 47 ct::GetPrecertSCT(&precert_sct); |
48 | 48 |
49 EXPECT_TRUE(log_->Verify(precert_entry, *precert_sct)); | 49 EXPECT_TRUE(log_->Verify(precert_entry, *precert_sct.get())); |
50 } | 50 } |
51 | 51 |
52 TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) { | 52 TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) { |
53 ct::LogEntry cert_entry; | 53 ct::LogEntry cert_entry; |
54 ct::GetX509CertLogEntry(&cert_entry); | 54 ct::GetX509CertLogEntry(&cert_entry); |
55 | 55 |
56 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; | 56 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; |
57 ct::GetX509CertSCT(&cert_sct); | 57 ct::GetX509CertSCT(&cert_sct); |
58 | 58 |
59 // Mangle the timestamp, so that it should fail signature validation. | 59 // Mangle the timestamp, so that it should fail signature validation. |
60 cert_sct->timestamp = base::Time::Now(); | 60 cert_sct->timestamp = base::Time::Now(); |
61 | 61 |
62 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct)); | 62 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get())); |
63 } | 63 } |
64 | 64 |
65 TEST_F(CTLogVerifierTest, FailsInvalidLogID) { | 65 TEST_F(CTLogVerifierTest, FailsInvalidLogID) { |
66 ct::LogEntry cert_entry; | 66 ct::LogEntry cert_entry; |
67 ct::GetX509CertLogEntry(&cert_entry); | 67 ct::GetX509CertLogEntry(&cert_entry); |
68 | 68 |
69 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; | 69 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; |
70 ct::GetX509CertSCT(&cert_sct); | 70 ct::GetX509CertSCT(&cert_sct); |
71 | 71 |
72 // Mangle the log ID, which should cause it to match a different log before | 72 // Mangle the log ID, which should cause it to match a different log before |
73 // attempting signature validation. | 73 // attempting signature validation. |
74 cert_sct->log_id.assign(cert_sct->log_id.size(), '\0'); | 74 cert_sct->log_id.assign(cert_sct->log_id.size(), '\0'); |
75 | 75 |
76 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct)); | 76 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get())); |
77 } | 77 } |
78 | 78 |
79 TEST_F(CTLogVerifierTest, SetsValidSTH) { | 79 TEST_F(CTLogVerifierTest, SetsValidSTH) { |
80 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead()); | 80 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead()); |
81 ct::GetSignedTreeHead(sth.get()); | 81 ct::GetSignedTreeHead(sth.get()); |
82 ASSERT_TRUE(log_->SetSignedTreeHead(sth.Pass())); | 82 ASSERT_TRUE(log_->SetSignedTreeHead(sth.Pass())); |
83 } | 83 } |
84 | 84 |
85 TEST_F(CTLogVerifierTest, DoesNotSetInvalidSTH) { | 85 TEST_F(CTLogVerifierTest, DoesNotSetInvalidSTH) { |
86 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead()); | 86 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead()); |
87 ct::GetSignedTreeHead(sth.get()); | 87 ct::GetSignedTreeHead(sth.get()); |
88 sth->sha256_root_hash[0] = '\x0'; | 88 sth->sha256_root_hash[0] = '\x0'; |
89 ASSERT_FALSE(log_->SetSignedTreeHead(sth.Pass())); | 89 ASSERT_FALSE(log_->SetSignedTreeHead(sth.Pass())); |
90 } | 90 } |
91 | 91 |
92 } // namespace net | 92 } // namespace net |
OLD | NEW |