Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/multi_log_ct_verifier_unittest.cc

Issue 67513008: Certificate Transparency: Add the high-level interface for verifying SCTs over multiple logs (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Merging with master Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/cert/multi_log_ct_verifier.cc ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/cert/signed_certificate_timestamp.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/multi_log_ct_verifier.h"
6
7 #include <string>
8
9 #include "base/file_util.h"
10 #include "base/files/file_path.h"
11 #include "net/base/net_errors.h"
12 #include "net/base/test_data_directory.h"
13 #include "net/cert/ct_log_verifier.h"
14 #include "net/cert/ct_serialization.h"
15 #include "net/cert/ct_verify_result.h"
16 #include "net/cert/pem_tokenizer.h"
17 #include "net/cert/signed_certificate_timestamp.h"
18 #include "net/cert/x509_certificate.h"
19 #include "net/test/cert_test_util.h"
20 #include "net/test/ct_test_util.h"
21 #include "testing/gtest/include/gtest/gtest.h"
22
23 namespace net {
24
25 namespace {
26
27 class MultiLogCTVerifierTest : public ::testing::Test {
28 public:
29 virtual void SetUp() OVERRIDE {
30 scoped_ptr<CTLogVerifier> log(
31 CTLogVerifier::Create(ct::GetTestPublicKey(), ""));
32 ASSERT_TRUE(log);
33
34 verifier_.reset(new MultiLogCTVerifier());
35 verifier_->AddLog(log.Pass());
36 std::string der_test_cert(ct::GetDerEncodedX509Cert());
37 chain_ = X509Certificate::CreateFromBytes(
38 der_test_cert.data(),
39 der_test_cert.length());
40 ASSERT_TRUE(chain_);
41 }
42
43 bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result) {
44 return (result.verified_scts.size() == 1U) &&
45 result.unverified_scts.empty() &&
46 result.unknown_logs_scts.empty();
47 }
48
49 bool CheckForSCTOrigin(
50 const ct::CTVerifyResult& result,
51 ct::SignedCertificateTimestamp::Origin origin) {
52 return (result.verified_scts.size() > 0) &&
53 (result.verified_scts[0]->origin == origin);
54 }
55
56 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) {
57 ct::CTVerifyResult result;
58 return (verifier_->Verify(chain, "", "", &result) == OK) &&
59 CheckForSingleVerifiedSCTInResult(result) &&
60 CheckForSCTOrigin(
61 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED);
62 }
63
64 protected:
65 scoped_ptr<MultiLogCTVerifier> verifier_;
66 scoped_refptr<X509Certificate> chain_;
67 };
68
69 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCT) {
70 scoped_refptr<X509Certificate> chain(
71 CreateCertificateChainFromFile(GetTestCertsDirectory(),
72 "ct-test-embedded-cert.pem",
73 X509Certificate::FORMAT_AUTO));
74 ASSERT_TRUE(chain);
75 ASSERT_TRUE(CheckPrecertificateVerification(chain));
76 }
77
78 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCTWithPreCA) {
79 scoped_refptr<X509Certificate> chain(
80 CreateCertificateChainFromFile(GetTestCertsDirectory(),
81 "ct-test-embedded-with-preca-chain.pem",
82 X509Certificate::FORMAT_AUTO));
83 ASSERT_TRUE(chain);
84 ASSERT_TRUE(CheckPrecertificateVerification(chain));
85 }
86
87 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCTWithIntermediate) {
88 scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile(
89 GetTestCertsDirectory(),
90 "ct-test-embedded-with-intermediate-chain.pem",
91 X509Certificate::FORMAT_AUTO));
92 ASSERT_TRUE(chain);
93 ASSERT_TRUE(CheckPrecertificateVerification(chain));
94 }
95
96 TEST_F(MultiLogCTVerifierTest,
97 VerifiesEmbeddedSCTWithIntermediateAndPreCA) {
98 scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile(
99 GetTestCertsDirectory(),
100 "ct-test-embedded-with-intermediate-preca-chain.pem",
101 X509Certificate::FORMAT_AUTO));
102 ASSERT_TRUE(chain);
103 ASSERT_TRUE(CheckPrecertificateVerification(chain));
104 }
105
106 TEST_F(MultiLogCTVerifierTest,
107 VerifiesSCTOverX509Cert) {
108 std::string sct(ct::GetTestSignedCertificateTimestamp());
109
110 std::string sct_list;
111 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
112
113 ct::CTVerifyResult result;
114 EXPECT_EQ(OK, verifier_->Verify(chain_, "", sct_list, &result));
115 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));
116 ASSERT_TRUE(CheckForSCTOrigin(
117 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));
118 }
119
120 TEST_F(MultiLogCTVerifierTest,
121 IdentifiesSCTFromUnknownLog) {
122 std::string sct(ct::GetTestSignedCertificateTimestamp());
123
124 // Change a byte inside the Log ID part of the SCT so it does
125 // not match the log used in the tests
126 sct[15] = 't';
127
128 std::string sct_list;
129 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
130
131 ct::CTVerifyResult result;
132 EXPECT_NE(OK, verifier_->Verify(chain_, sct_list, "", &result));
133 EXPECT_EQ(1U, result.unknown_logs_scts.size());
134 }
135
136 } // namespace
137
138 } // namespace net
OLDNEW
« net/cert/multi_log_ct_verifier.cc ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/cert/signed_certificate_timestamp.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698