Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(597)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/multi_log_ct_verifier_unittest.cc

Issue 92443002: Extract Certificate Transparency SCTs from stapled OCSP responses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts
Patch Set: fix format errors Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/ct_objects_extractor_nss.cc ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/socket/ssl_client_socket.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/multi_log_ct_verifier.h" 5 #include "net/cert/multi_log_ct_verifier.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/file_util.h" 9 #include "base/file_util.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 //a string, add more checks here. 76 //a string, add more checks here.
77 77
78 return true; 78 return true;
79 } 79 }
80 80
81 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { 81 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) {
82 ct::CTVerifyResult result; 82 ct::CTVerifyResult result;
83 CapturingNetLog net_log; 83 CapturingNetLog net_log;
84 BoundNetLog bound_net_log = 84 BoundNetLog bound_net_log =
85 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); 85 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB);
86 return (verifier_->Verify(chain, "", "", &result, bound_net_log) == OK) && 86 return (verifier_->Verify(chain, std::string(), std::string(), &result,
87 bound_net_log) == OK) &&
87 CheckForSingleVerifiedSCTInResult(result) && 88 CheckForSingleVerifiedSCTInResult(result) &&
88 CheckForSCTOrigin( 89 CheckForSCTOrigin(
89 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && 90 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) &&
90 CheckForEmbeddedSCTInNetLog(net_log); 91 CheckForEmbeddedSCTInNetLog(net_log);
91 } 92 }
92 93
93 protected: 94 protected:
94 scoped_ptr<MultiLogCTVerifier> verifier_; 95 scoped_ptr<MultiLogCTVerifier> verifier_;
95 scoped_refptr<X509Certificate> chain_; 96 scoped_refptr<X509Certificate> chain_;
96 }; 97 };
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
134 135
135 TEST_F(MultiLogCTVerifierTest, 136 TEST_F(MultiLogCTVerifierTest,
136 VerifiesSCTOverX509Cert) { 137 VerifiesSCTOverX509Cert) {
137 std::string sct(ct::GetTestSignedCertificateTimestamp()); 138 std::string sct(ct::GetTestSignedCertificateTimestamp());
138 139
139 std::string sct_list; 140 std::string sct_list;
140 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); 141 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
141 142
142 ct::CTVerifyResult result; 143 ct::CTVerifyResult result;
143 EXPECT_EQ(OK, 144 EXPECT_EQ(OK,
144 verifier_->Verify(chain_, "", sct_list, &result, BoundNetLog())); 145 verifier_->Verify(chain_, std::string(), sct_list, &result,
146 BoundNetLog()));
145 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result)); 147 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));
146 ASSERT_TRUE(CheckForSCTOrigin( 148 ASSERT_TRUE(CheckForSCTOrigin(
147 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); 149 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));
148 } 150 }
149 151
150 TEST_F(MultiLogCTVerifierTest, 152 TEST_F(MultiLogCTVerifierTest,
151 IdentifiesSCTFromUnknownLog) { 153 IdentifiesSCTFromUnknownLog) {
152 std::string sct(ct::GetTestSignedCertificateTimestamp()); 154 std::string sct(ct::GetTestSignedCertificateTimestamp());
153 155
154 // Change a byte inside the Log ID part of the SCT so it does 156 // Change a byte inside the Log ID part of the SCT so it does
155 // not match the log used in the tests 157 // not match the log used in the tests
156 sct[15] = 't'; 158 sct[15] = 't';
157 159
158 std::string sct_list; 160 std::string sct_list;
159 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); 161 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
160 162
161 ct::CTVerifyResult result; 163 ct::CTVerifyResult result;
162 EXPECT_NE(OK, 164 EXPECT_NE(OK,
163 verifier_->Verify(chain_, sct_list, "", &result, BoundNetLog())); 165 verifier_->Verify(chain_, std::string(), sct_list, &result,
166 BoundNetLog()));
164 EXPECT_EQ(1U, result.unknown_logs_scts.size()); 167 EXPECT_EQ(1U, result.unknown_logs_scts.size());
165 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description); 168 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description);
166 } 169 }
167 170
168 } // namespace 171 } // namespace
169 172
170 } // namespace net 173 } // namespace net
OLDNEW
« net/cert/ct_objects_extractor_nss.cc ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/socket/ssl_client_socket.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698