Index: net/cert/ct_objects_extractor_unittest.cc |
diff --git a/net/cert/ct_objects_extractor_unittest.cc b/net/cert/ct_objects_extractor_unittest.cc |
index b5609662bebce27a59e09dc78d4121eeae5bb529..01a9980094d1aa2ca121cb429be9eb4ecf6f351d 100644 |
--- a/net/cert/ct_objects_extractor_unittest.cc |
+++ b/net/cert/ct_objects_extractor_unittest.cc |
@@ -123,6 +123,62 @@ TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies) { |
EXPECT_TRUE(log_->Verify(entry, *sct)); |
} |
+// Test that the extractor can parse OCSP responses. |
+TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponse) { |
+ std::string der_test_cert(ct::GetDerEncodedFakeOCSPResponseCert()); |
+ scoped_refptr<X509Certificate> test_cert = |
+ X509Certificate::CreateFromBytes(der_test_cert.data(), |
+ der_test_cert.length()); |
+ std::string der_issuer_cert(ct::GetDerEncodedFakeOCSPResponseIssuerCert()); |
+ scoped_refptr<X509Certificate> issuer_cert = |
+ X509Certificate::CreateFromBytes(der_issuer_cert.data(), |
+ der_issuer_cert.length()); |
+ |
+ std::string fake_sct_list = ct::GetFakeOCSPExtensionValue(); |
+ ASSERT_FALSE(fake_sct_list.empty()); |
+ std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); |
+ |
+ std::string extracted_sct_list; |
+ EXPECT_TRUE(ct::ExtractSCTListFromOCSPResponse( |
+ issuer_cert->os_cert_handle(), test_cert->serial_number(), |
+ ocsp_response, &extracted_sct_list)); |
+ EXPECT_EQ(extracted_sct_list, fake_sct_list); |
+} |
+ |
+// Test that the extractor honours serial number. |
+TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponseMatchesSerial) { |
+ std::string der_test_cert(ct::GetDerEncodedFakeOCSPResponseCert()); |
+ scoped_refptr<X509Certificate> test_cert = |
+ X509Certificate::CreateFromBytes(der_test_cert.data(), |
+ der_test_cert.length()); |
+ std::string der_issuer_cert(ct::GetDerEncodedFakeOCSPResponseIssuerCert()); |
+ scoped_refptr<X509Certificate> issuer_cert = |
+ X509Certificate::CreateFromBytes(der_issuer_cert.data(), |
+ der_issuer_cert.length()); |
+ |
+ std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); |
+ |
+ std::string extracted_sct_list; |
+ EXPECT_FALSE(ct::ExtractSCTListFromOCSPResponse( |
+ issuer_cert->os_cert_handle(), test_cert_->serial_number(), |
+ ocsp_response, &extracted_sct_list)); |
wtc
2013/12/10 04:23:17
I don't understand why this is expected to return
ekasper
2013/12/10 14:45:20
I've done test_cert -> subject_cert and added a co
|
+} |
+ |
+// Test that the extractor honours issuer ID. |
+TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponseMatchesIssuer) { |
+ std::string der_test_cert(ct::GetDerEncodedFakeOCSPResponseCert()); |
+ scoped_refptr<X509Certificate> test_cert = |
+ X509Certificate::CreateFromBytes(der_test_cert.data(), |
+ der_test_cert.length()); |
+ |
+ std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); |
+ |
+ std::string extracted_sct_list; |
+ EXPECT_FALSE(ct::ExtractSCTListFromOCSPResponse( |
+ test_cert_->os_cert_handle(), test_cert->serial_number(), |
+ ocsp_response, &extracted_sct_list)); |
+} |
+ |
} // namespace ct |
} // namespace net |