Certificate Transparency: Logging SCTs to the NetLog.

net/cert/multi_log_ct_verifier_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/multi_log_ct_verifier.h"
 
 #include <string>
 
 #include "base/file_util.h"
 #include "base/files/file_path.h"
 #include "net/base/net_errors.h"
+#include "net/base/net_log.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/ct_log_verifier.h"
 #include "net/cert/ct_serialization.h"
 #include "net/cert/ct_verify_result.h"
 #include "net/cert/pem_tokenizer.h"
 #include "net/cert/signed_certificate_timestamp.h"
 #include "net/cert/x509_certificate.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/ct_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ skipping 26 matching lines @@
 
   bool CheckForSCTOrigin(
       const ct::CTVerifyResult& result,
       ct::SignedCertificateTimestamp::Origin origin) {
     return (result.verified_scts.size() > 0) &&
         (result.verified_scts[0]->origin == origin);
   }
 
   bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) {
     ct::CTVerifyResult result;
-    return (verifier_->Verify(chain, "", "", &result) == OK) &&
+    return (verifier_->Verify(chain, "", "", &result, BoundNetLog()) == OK) &&
         CheckForSingleVerifiedSCTInResult(result) &&
         CheckForSCTOrigin(
             result, ct::SignedCertificateTimestamp::SCT_EMBEDDED);
   }
 
  protected:
   scoped_ptr<MultiLogCTVerifier> verifier_;
   scoped_refptr<X509Certificate> chain_;
 };
 
@@ skipping 35 matching lines @@
 }
 
 TEST_F(MultiLogCTVerifierTest,
        VerifiesSCTOverX509Cert) {
   std::string sct(ct::GetTestSignedCertificateTimestamp());
 
   std::string sct_list;
   ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
 
   ct::CTVerifyResult result;
-  EXPECT_EQ(OK, verifier_->Verify(chain_, "", sct_list, &result));
+  EXPECT_EQ(OK,
+      verifier_->Verify(chain_, "", sct_list, &result, BoundNetLog()));
   ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));
   ASSERT_TRUE(CheckForSCTOrigin(
       result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));
 }
 
 TEST_F(MultiLogCTVerifierTest,
        IdentifiesSCTFromUnknownLog) {
   std::string sct(ct::GetTestSignedCertificateTimestamp());
 
   // Change a byte inside the Log ID part of the SCT so it does
   // not match the log used in the tests
   sct[15] = 't';
 
   std::string sct_list;
   ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
 
   ct::CTVerifyResult result;
-  EXPECT_NE(OK, verifier_->Verify(chain_, sct_list, "", &result));
+  EXPECT_NE(OK,
+      verifier_->Verify(chain_, sct_list, "", &result, BoundNetLog()));

[eroman, 2013/11/27 22:33:46]

For extra credit, add a unittest which passes a CapturingBoundNetLog and then
verify the logged events.

[Eran M. (Google), 2013/11/29 11:14:44]

Done - the CapturedEntry is lacking methods to query the underlying params for
dictionary values, so I could only verify one of the logged events, not the
other. Will add the necessary methods next week.

   EXPECT_EQ(1U, result.unknown_logs_scts.size());
 }
 
 }  // namespace
 
 }  // namespace net