| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_objects_extractor.h" | 5 #include "net/cert/ct_objects_extractor.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
| 9 #include "net/cert/ct_log_verifier.h" | 9 #include "net/cert/ct_log_verifier.h" |
| 10 #include "net/cert/ct_serialization.h" | 10 #include "net/cert/ct_serialization.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 | 29 |
| 30 std::string der_test_cert(ct::GetDerEncodedX509Cert()); | 30 std::string der_test_cert(ct::GetDerEncodedX509Cert()); |
| 31 test_cert_ = X509Certificate::CreateFromBytes(der_test_cert.data(), | 31 test_cert_ = X509Certificate::CreateFromBytes(der_test_cert.data(), |
| 32 der_test_cert.length()); | 32 der_test_cert.length()); |
| 33 | 33 |
| 34 log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass(); | 34 log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass(); |
| 35 ASSERT_TRUE(log_); | 35 ASSERT_TRUE(log_); |
| 36 } | 36 } |
| 37 | 37 |
| 38 void ExtractEmbeddedSCT(scoped_refptr<X509Certificate> cert, | 38 void ExtractEmbeddedSCT(scoped_refptr<X509Certificate> cert, |
| 39 SignedCertificateTimestamp* sct) { | 39 scoped_refptr<SignedCertificateTimestamp>* sct) { |
| 40 std::string sct_list; | 40 std::string sct_list; |
| 41 EXPECT_TRUE(ExtractEmbeddedSCTList(cert->os_cert_handle(), &sct_list)); | 41 EXPECT_TRUE(ExtractEmbeddedSCTList(cert->os_cert_handle(), &sct_list)); |
| 42 | 42 |
| 43 std::vector<base::StringPiece> parsed_scts; | 43 std::vector<base::StringPiece> parsed_scts; |
| 44 base::StringPiece sct_list_sp(sct_list); | 44 base::StringPiece sct_list_sp(sct_list); |
| 45 // Make sure the SCT list can be decoded properly | 45 // Make sure the SCT list can be decoded properly |
| 46 EXPECT_TRUE(DecodeSCTList(&sct_list_sp, &parsed_scts)); | 46 EXPECT_TRUE(DecodeSCTList(&sct_list_sp, &parsed_scts)); |
| 47 | 47 |
| 48 EXPECT_TRUE(DecodeSignedCertificateTimestamp(&parsed_scts[0], sct)); | 48 EXPECT_TRUE(DecodeSignedCertificateTimestamp(&parsed_scts[0], sct)); |
| 49 } | 49 } |
| 50 | 50 |
| 51 protected: | 51 protected: |
| 52 CertificateList precert_chain_; | 52 CertificateList precert_chain_; |
| 53 scoped_refptr<X509Certificate> test_cert_; | 53 scoped_refptr<X509Certificate> test_cert_; |
| 54 scoped_ptr<CTLogVerifier> log_; | 54 scoped_ptr<CTLogVerifier> log_; |
| 55 }; | 55 }; |
| 56 | 56 |
| 57 // Test that an SCT can be extracted and the extracted SCT contains the | 57 // Test that an SCT can be extracted and the extracted SCT contains the |
| 58 // expected data. | 58 // expected data. |
| 59 TEST_F(CTObjectsExtractorTest, ExtractEmbeddedSCT) { | 59 TEST_F(CTObjectsExtractorTest, ExtractEmbeddedSCT) { |
| 60 ct::SignedCertificateTimestamp sct; | 60 scoped_refptr<ct::SignedCertificateTimestamp> sct( |
| 61 new ct::SignedCertificateTimestamp()); |
| 61 ExtractEmbeddedSCT(precert_chain_[0], &sct); | 62 ExtractEmbeddedSCT(precert_chain_[0], &sct); |
| 62 | 63 |
| 63 EXPECT_EQ(sct.version, SignedCertificateTimestamp::SCT_VERSION_1); | 64 EXPECT_EQ(sct->version, SignedCertificateTimestamp::SCT_VERSION_1); |
| 64 EXPECT_EQ(ct::GetTestPublicKeyId(), sct.log_id); | 65 EXPECT_EQ(ct::GetTestPublicKeyId(), sct->log_id); |
| 65 | 66 |
| 66 base::Time expected_timestamp = | 67 base::Time expected_timestamp = |
| 67 base::Time::UnixEpoch() + | 68 base::Time::UnixEpoch() + |
| 68 base::TimeDelta::FromMilliseconds(1365181456275); | 69 base::TimeDelta::FromMilliseconds(1365181456275); |
| 69 EXPECT_EQ(expected_timestamp, sct.timestamp); | 70 EXPECT_EQ(expected_timestamp, sct->timestamp); |
| 70 } | 71 } |
| 71 | 72 |
| 72 TEST_F(CTObjectsExtractorTest, ExtractPrecert) { | 73 TEST_F(CTObjectsExtractorTest, ExtractPrecert) { |
| 73 LogEntry entry; | 74 LogEntry entry; |
| 74 ASSERT_TRUE(GetPrecertLogEntry(precert_chain_[0]->os_cert_handle(), | 75 ASSERT_TRUE(GetPrecertLogEntry(precert_chain_[0]->os_cert_handle(), |
| 75 precert_chain_[1]->os_cert_handle(), | 76 precert_chain_[1]->os_cert_handle(), |
| 76 &entry)); | 77 &entry)); |
| 77 | 78 |
| 78 ASSERT_EQ(ct::LogEntry::LOG_ENTRY_TYPE_PRECERT, entry.type); | 79 ASSERT_EQ(ct::LogEntry::LOG_ENTRY_TYPE_PRECERT, entry.type); |
| 79 // Should have empty leaf cert for this log entry type. | 80 // Should have empty leaf cert for this log entry type. |
| (...skipping 10 matching lines...) Expand all Loading... |
| 90 | 91 |
| 91 ASSERT_EQ(ct::LogEntry::LOG_ENTRY_TYPE_X509, entry.type); | 92 ASSERT_EQ(ct::LogEntry::LOG_ENTRY_TYPE_X509, entry.type); |
| 92 // Should have empty tbs_certificate for this log entry type. | 93 // Should have empty tbs_certificate for this log entry type. |
| 93 ASSERT_TRUE(entry.tbs_certificate.empty()); | 94 ASSERT_TRUE(entry.tbs_certificate.empty()); |
| 94 // Length of leaf_certificate should be 718, see the CT Serialization tests. | 95 // Length of leaf_certificate should be 718, see the CT Serialization tests. |
| 95 ASSERT_EQ(718U, entry.leaf_certificate.size()); | 96 ASSERT_EQ(718U, entry.leaf_certificate.size()); |
| 96 } | 97 } |
| 97 | 98 |
| 98 // Test that the embedded SCT verifies | 99 // Test that the embedded SCT verifies |
| 99 TEST_F(CTObjectsExtractorTest, ExtractedSCTVerifies) { | 100 TEST_F(CTObjectsExtractorTest, ExtractedSCTVerifies) { |
| 100 ct::SignedCertificateTimestamp sct; | 101 scoped_refptr<ct::SignedCertificateTimestamp> sct( |
| 102 new ct::SignedCertificateTimestamp()); |
| 101 ExtractEmbeddedSCT(precert_chain_[0], &sct); | 103 ExtractEmbeddedSCT(precert_chain_[0], &sct); |
| 102 | 104 |
| 103 LogEntry entry; | 105 LogEntry entry; |
| 104 ASSERT_TRUE(GetPrecertLogEntry(precert_chain_[0]->os_cert_handle(), | 106 ASSERT_TRUE(GetPrecertLogEntry(precert_chain_[0]->os_cert_handle(), |
| 105 precert_chain_[1]->os_cert_handle(), | 107 precert_chain_[1]->os_cert_handle(), |
| 106 &entry)); | 108 &entry)); |
| 107 | 109 |
| 108 EXPECT_TRUE(log_->Verify(entry, sct)); | 110 EXPECT_TRUE(log_->Verify(entry, *sct)); |
| 109 } | 111 } |
| 110 | 112 |
| 111 // Test that an externally-provided SCT verifies over the LogEntry | 113 // Test that an externally-provided SCT verifies over the LogEntry |
| 112 // of a regular X.509 Certificate | 114 // of a regular X.509 Certificate |
| 113 TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies) { | 115 TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies) { |
| 114 ct::SignedCertificateTimestamp sct; | 116 scoped_refptr<ct::SignedCertificateTimestamp> sct( |
| 117 new ct::SignedCertificateTimestamp()); |
| 115 GetX509CertSCT(&sct); | 118 GetX509CertSCT(&sct); |
| 116 | 119 |
| 117 LogEntry entry; | 120 LogEntry entry; |
| 118 ASSERT_TRUE(GetX509LogEntry(test_cert_->os_cert_handle(), &entry)); | 121 ASSERT_TRUE(GetX509LogEntry(test_cert_->os_cert_handle(), &entry)); |
| 119 | 122 |
| 120 EXPECT_TRUE(log_->Verify(entry, sct)); | 123 EXPECT_TRUE(log_->Verify(entry, *sct)); |
| 121 } | 124 } |
| 122 | 125 |
| 123 } // namespace ct | 126 } // namespace ct |
| 124 | 127 |
| 125 } // namespace net | 128 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 72333007:
Add an SignedCertificateTimetampStore, making SignedCertificateTimestamp be refcounted to aid. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@piecewise