OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ct_objects_extractor.h" | 5 #include "net/cert/ct_objects_extractor.h" |
6 | 6 |
7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
8 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
9 #include "net/cert/ct_log_verifier.h" | 9 #include "net/cert/ct_log_verifier.h" |
10 #include "net/cert/ct_serialization.h" | 10 #include "net/cert/ct_serialization.h" |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
116 scoped_refptr<ct::SignedCertificateTimestamp> sct( | 116 scoped_refptr<ct::SignedCertificateTimestamp> sct( |
117 new ct::SignedCertificateTimestamp()); | 117 new ct::SignedCertificateTimestamp()); |
118 GetX509CertSCT(&sct); | 118 GetX509CertSCT(&sct); |
119 | 119 |
120 LogEntry entry; | 120 LogEntry entry; |
121 ASSERT_TRUE(GetX509LogEntry(test_cert_->os_cert_handle(), &entry)); | 121 ASSERT_TRUE(GetX509LogEntry(test_cert_->os_cert_handle(), &entry)); |
122 | 122 |
123 EXPECT_TRUE(log_->Verify(entry, *sct)); | 123 EXPECT_TRUE(log_->Verify(entry, *sct)); |
124 } | 124 } |
125 | 125 |
126 // Test that the extractor can parse OCSP responses. | |
127 TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponse) { | |
128 std::string der_subject_cert(ct::GetDerEncodedFakeOCSPResponseCert()); | |
129 scoped_refptr<X509Certificate> subject_cert = | |
130 X509Certificate::CreateFromBytes(der_subject_cert.data(), | |
131 der_subject_cert.length()); | |
132 std::string der_issuer_cert(ct::GetDerEncodedFakeOCSPResponseIssuerCert()); | |
133 scoped_refptr<X509Certificate> issuer_cert = | |
134 X509Certificate::CreateFromBytes(der_issuer_cert.data(), | |
135 der_issuer_cert.length()); | |
136 | |
137 std::string fake_sct_list = ct::GetFakeOCSPExtensionValue(); | |
138 ASSERT_FALSE(fake_sct_list.empty()); | |
139 std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); | |
140 | |
141 std::string extracted_sct_list; | |
142 EXPECT_TRUE(ct::ExtractSCTListFromOCSPResponse( | |
143 issuer_cert->os_cert_handle(), subject_cert->serial_number(), | |
144 ocsp_response, &extracted_sct_list)); | |
145 EXPECT_EQ(extracted_sct_list, fake_sct_list); | |
146 } | |
147 | |
148 // Test that the extractor honours serial number. | |
149 TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponseMatchesSerial) { | |
150 std::string der_subject_cert(ct::GetDerEncodedFakeOCSPResponseCert()); | |
151 scoped_refptr<X509Certificate> subject_cert = | |
152 X509Certificate::CreateFromBytes(der_subject_cert.data(), | |
153 der_subject_cert.length()); | |
154 std::string der_issuer_cert(ct::GetDerEncodedFakeOCSPResponseIssuerCert()); | |
155 scoped_refptr<X509Certificate> issuer_cert = | |
156 X509Certificate::CreateFromBytes(der_issuer_cert.data(), | |
157 der_issuer_cert.length()); | |
158 | |
159 std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); | |
160 | |
161 std::string extracted_sct_list; | |
162 EXPECT_FALSE(ct::ExtractSCTListFromOCSPResponse( | |
163 issuer_cert->os_cert_handle(), subject_cert->serial_number(), | |
wtc
2013/12/10 14:32:43
You cannot use subject_cert->serial_number() in th
ekasper
2013/12/10 14:45:20
Thanks, I uploaded too early but the test was fail
| |
164 ocsp_response, &extracted_sct_list)); | |
165 } | |
166 | |
167 // Test that the extractor honours issuer ID. | |
168 TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponseMatchesIssuer) { | |
169 std::string der_subject_cert(ct::GetDerEncodedFakeOCSPResponseCert()); | |
170 scoped_refptr<X509Certificate> subject_cert = | |
171 X509Certificate::CreateFromBytes(der_subject_cert.data(), | |
172 der_subject_cert.length()); | |
173 | |
174 std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); | |
175 | |
176 std::string extracted_sct_list; | |
177 // Use test_cert_ for issuer - it is not the correct issuer of |subject_cert|. | |
178 EXPECT_FALSE(ct::ExtractSCTListFromOCSPResponse( | |
179 test_cert_->os_cert_handle(), subject_cert->serial_number(), | |
180 ocsp_response, &extracted_sct_list)); | |
181 } | |
182 | |
126 } // namespace ct | 183 } // namespace ct |
127 | 184 |
128 } // namespace net | 185 } // namespace net |
OLD | NEW |