net/cert/multi_log_ct_verifier_unittest.cc - Issue 86503002: Certificate Transparency: Logging SCTs to the NetLog.

Side by Side Diff: net/cert/multi_log_ct_verifier_unittest.cc

Issue 86503002: Certificate Transparency: Logging SCTs to the NetLog. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Preparing for review Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/multi_log_ct_verifier.h"	5 #include "net/cert/multi_log_ct_verifier.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/file_util.h"	9 #include "base/file_util.h"

10 #include "base/files/file_path.h"	10 #include "base/files/file_path.h"

11 #include "net/base/net_errors.h"	11 #include "net/base/net_errors.h"

	12 #include "net/base/net_log.h"

12 #include "net/base/test_data_directory.h"	13 #include "net/base/test_data_directory.h"

13 #include "net/cert/ct_log_verifier.h"	14 #include "net/cert/ct_log_verifier.h"

14 #include "net/cert/ct_serialization.h"	15 #include "net/cert/ct_serialization.h"

15 #include "net/cert/ct_verify_result.h"	16 #include "net/cert/ct_verify_result.h"

16 #include "net/cert/pem_tokenizer.h"	17 #include "net/cert/pem_tokenizer.h"

17 #include "net/cert/signed_certificate_timestamp.h"	18 #include "net/cert/signed_certificate_timestamp.h"

18 #include "net/cert/x509_certificate.h"	19 #include "net/cert/x509_certificate.h"

19 #include "net/test/cert_test_util.h"	20 #include "net/test/cert_test_util.h"

20 #include "net/test/ct_test_util.h"	21 #include "net/test/ct_test_util.h"

21 #include "testing/gtest/include/gtest/gtest.h"	22 #include "testing/gtest/include/gtest/gtest.h"

(...skipping 26 matching lines...) Expand all Loading...
48	49

49 bool CheckForSCTOrigin(	50 bool CheckForSCTOrigin(

50 const ct::CTVerifyResult& result,	51 const ct::CTVerifyResult& result,

51 ct::SignedCertificateTimestamp::Origin origin) {	52 ct::SignedCertificateTimestamp::Origin origin) {

52 return (result.verified_scts.size() > 0) &&	53 return (result.verified_scts.size() > 0) &&

53 (result.verified_scts[0]->origin == origin);	54 (result.verified_scts[0]->origin == origin);

54 }	55 }

55	56

56 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) {	57 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) {

57 ct::CTVerifyResult result;	58 ct::CTVerifyResult result;

58 return (verifier_->Verify(chain, "", "", &result) == OK) &&	59 return (verifier_->Verify(chain, "", "", &result, BoundNetLog()) == OK) &&

59 CheckForSingleVerifiedSCTInResult(result) &&	60 CheckForSingleVerifiedSCTInResult(result) &&

60 CheckForSCTOrigin(	61 CheckForSCTOrigin(

61 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED);	62 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED);

62 }	63 }

63	64

64 protected:	65 protected:

65 scoped_ptr<MultiLogCTVerifier> verifier_;	66 scoped_ptr<MultiLogCTVerifier> verifier_;

66 scoped_refptr<X509Certificate> chain_;	67 scoped_refptr<X509Certificate> chain_;

67 };	68 };

68	69

(...skipping 35 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
104 }	105 }

105	106

106 TEST_F(MultiLogCTVerifierTest,	107 TEST_F(MultiLogCTVerifierTest,

107 VerifiesSCTOverX509Cert) {	108 VerifiesSCTOverX509Cert) {

108 std::string sct(ct::GetTestSignedCertificateTimestamp());	109 std::string sct(ct::GetTestSignedCertificateTimestamp());

109	110

110 std::string sct_list;	111 std::string sct_list;

111 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));	112 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));

112	113

113 ct::CTVerifyResult result;	114 ct::CTVerifyResult result;

114 EXPECT_EQ(OK, verifier_->Verify(chain_, "", sct_list, &result));	115 EXPECT_EQ(OK,

	116 verifier_->Verify(chain_, "", sct_list, &result, BoundNetLog()));

115 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));	117 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));

116 ASSERT_TRUE(CheckForSCTOrigin(	118 ASSERT_TRUE(CheckForSCTOrigin(

117 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));	119 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));

118 }	120 }

119	121

120 TEST_F(MultiLogCTVerifierTest,	122 TEST_F(MultiLogCTVerifierTest,

121 IdentifiesSCTFromUnknownLog) {	123 IdentifiesSCTFromUnknownLog) {

122 std::string sct(ct::GetTestSignedCertificateTimestamp());	124 std::string sct(ct::GetTestSignedCertificateTimestamp());

123	125

124 // Change a byte inside the Log ID part of the SCT so it does	126 // Change a byte inside the Log ID part of the SCT so it does

125 // not match the log used in the tests	127 // not match the log used in the tests

126 sct[15] = 't';	128 sct[15] = 't';

127	129

128 std::string sct_list;	130 std::string sct_list;

129 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));	131 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));

130	132

131 ct::CTVerifyResult result;	133 ct::CTVerifyResult result;

132 EXPECT_NE(OK, verifier_->Verify(chain_, sct_list, "", &result));	134 EXPECT_NE(OK,

	135 verifier_->Verify(chain_, sct_list, "", &result, BoundNetLog()));

133 EXPECT_EQ(1U, result.unknown_logs_scts.size());	136 EXPECT_EQ(1U, result.unknown_logs_scts.size());

134 }	137 }

135	138

136 } // namespace	139 } // namespace

137	140

138 } // namespace net	141 } // namespace net

OLD	NEW

« net/cert/ct_signed_certificate_timestamp_log_param.cc ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/net.gyp » ('j') | no next file with comments »