Index: net/cert/ct_log_verifier_unittest.cc |
diff --git a/net/cert/ct_log_verifier_unittest.cc b/net/cert/ct_log_verifier_unittest.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..10010360e668a84d85943042269dd9f7c2649358 |
--- /dev/null |
+++ b/net/cert/ct_log_verifier_unittest.cc |
@@ -0,0 +1,78 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "net/cert/ct_log_verifier.h" |
+ |
+#include <string> |
+ |
+#include "base/time/time.h" |
+#include "net/cert/signed_certificate_timestamp.h" |
+#include "net/test/ct_test_util.h" |
+#include "testing/gtest/include/gtest/gtest.h" |
+ |
+namespace net { |
+ |
+class CTLogVerifierTest : public ::testing::Test { |
+ public: |
+ CTLogVerifierTest() {} |
+ |
+ virtual void SetUp() OVERRIDE { |
+ log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass(); |
+ |
+ ASSERT_TRUE(log_); |
+ ASSERT_EQ(log_->key_id(), ct::GetTestPublicKeyId()); |
+ } |
+ |
+ protected: |
+ scoped_ptr<CTLogVerifier> log_; |
+}; |
+ |
+TEST_F(CTLogVerifierTest, VerifiesCertSCT) { |
+ ct::LogEntry cert_entry; |
+ ct::GetX509CertLogEntry(&cert_entry); |
+ |
+ ct::SignedCertificateTimestamp cert_sct; |
+ ct::GetX509CertSCT(&cert_sct); |
+ |
+ EXPECT_TRUE(log_->Verify(cert_entry, cert_sct)); |
+} |
+ |
+TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) { |
+ ct::LogEntry precert_entry; |
+ ct::GetPrecertLogEntry(&precert_entry); |
+ |
+ ct::SignedCertificateTimestamp precert_sct; |
+ ct::GetPrecertSCT(&precert_sct); |
+ |
+ EXPECT_TRUE(log_->Verify(precert_entry, precert_sct)); |
+} |
+ |
+TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) { |
+ ct::LogEntry cert_entry; |
+ ct::GetX509CertLogEntry(&cert_entry); |
+ |
+ ct::SignedCertificateTimestamp cert_sct; |
+ ct::GetX509CertSCT(&cert_sct); |
+ |
+ // Mangle the timestamp, so that it should fail signature validation. |
+ cert_sct.timestamp = base::Time::Now(); |
+ |
+ EXPECT_FALSE(log_->Verify(cert_entry, cert_sct)); |
+} |
+ |
+TEST_F(CTLogVerifierTest, FailsInvalidLogID) { |
+ ct::LogEntry cert_entry; |
+ ct::GetX509CertLogEntry(&cert_entry); |
+ |
+ ct::SignedCertificateTimestamp cert_sct; |
+ ct::GetX509CertSCT(&cert_sct); |
+ |
+ // Mangle the log ID, which should cause it to match a different log before |
+ // attempting signature validation. |
+ cert_sct.log_id.assign(cert_sct.log_id.size(), '\0'); |
+ |
+ EXPECT_FALSE(log_->Verify(cert_entry, cert_sct)); |
+} |
+ |
+} // namespace net |