| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/cert/ct_log_verifier.h" | |
| 6 | |
| 7 #include <string> | |
| 8 | |
| 9 #include "base/time/time.h" | |
| 10 #include "net/cert/signed_certificate_timestamp.h" | |
| 11 #include "net/cert/signed_tree_head.h" | |
| 12 #include "net/test/ct_test_util.h" | |
| 13 #include "testing/gtest/include/gtest/gtest.h" | |
| 14 | |
| 15 namespace net { | |
| 16 | |
| 17 class CTLogVerifierTest : public ::testing::Test { | |
| 18 public: | |
| 19 CTLogVerifierTest() {} | |
| 20 | |
| 21 void SetUp() override { | |
| 22 log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass(); | |
| 23 | |
| 24 ASSERT_TRUE(log_); | |
| 25 ASSERT_EQ(log_->key_id(), ct::GetTestPublicKeyId()); | |
| 26 } | |
| 27 | |
| 28 protected: | |
| 29 scoped_ptr<CTLogVerifier> log_; | |
| 30 }; | |
| 31 | |
| 32 TEST_F(CTLogVerifierTest, VerifiesCertSCT) { | |
| 33 ct::LogEntry cert_entry; | |
| 34 ct::GetX509CertLogEntry(&cert_entry); | |
| 35 | |
| 36 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; | |
| 37 ct::GetX509CertSCT(&cert_sct); | |
| 38 | |
| 39 EXPECT_TRUE(log_->Verify(cert_entry, *cert_sct.get())); | |
| 40 } | |
| 41 | |
| 42 TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) { | |
| 43 ct::LogEntry precert_entry; | |
| 44 ct::GetPrecertLogEntry(&precert_entry); | |
| 45 | |
| 46 scoped_refptr<ct::SignedCertificateTimestamp> precert_sct; | |
| 47 ct::GetPrecertSCT(&precert_sct); | |
| 48 | |
| 49 EXPECT_TRUE(log_->Verify(precert_entry, *precert_sct.get())); | |
| 50 } | |
| 51 | |
| 52 TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) { | |
| 53 ct::LogEntry cert_entry; | |
| 54 ct::GetX509CertLogEntry(&cert_entry); | |
| 55 | |
| 56 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; | |
| 57 ct::GetX509CertSCT(&cert_sct); | |
| 58 | |
| 59 // Mangle the timestamp, so that it should fail signature validation. | |
| 60 cert_sct->timestamp = base::Time::Now(); | |
| 61 | |
| 62 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get())); | |
| 63 } | |
| 64 | |
| 65 TEST_F(CTLogVerifierTest, FailsInvalidLogID) { | |
| 66 ct::LogEntry cert_entry; | |
| 67 ct::GetX509CertLogEntry(&cert_entry); | |
| 68 | |
| 69 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct; | |
| 70 ct::GetX509CertSCT(&cert_sct); | |
| 71 | |
| 72 // Mangle the log ID, which should cause it to match a different log before | |
| 73 // attempting signature validation. | |
| 74 cert_sct->log_id.assign(cert_sct->log_id.size(), '\0'); | |
| 75 | |
| 76 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get())); | |
| 77 } | |
| 78 | |
| 79 TEST_F(CTLogVerifierTest, SetsValidSTH) { | |
| 80 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead()); | |
| 81 ct::GetSignedTreeHead(sth.get()); | |
| 82 ASSERT_TRUE(log_->SetSignedTreeHead(sth.Pass())); | |
| 83 } | |
| 84 | |
| 85 TEST_F(CTLogVerifierTest, DoesNotSetInvalidSTH) { | |
| 86 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead()); | |
| 87 ct::GetSignedTreeHead(sth.get()); | |
| 88 sth->sha256_root_hash[0] = '\x0'; | |
| 89 ASSERT_FALSE(log_->SetSignedTreeHead(sth.Pass())); | |
| 90 } | |
| 91 | |
| 92 // Test that excess data after the public key is rejected. | |
| 93 TEST_F(CTLogVerifierTest, ExcessDataInPublicKey) { | |
| 94 std::string key = ct::GetTestPublicKey(); | |
| 95 key += "extra"; | |
| 96 | |
| 97 scoped_ptr<CTLogVerifier> log = CTLogVerifier::Create(key, "testlog"); | |
| 98 EXPECT_FALSE(log); | |
| 99 } | |
| 100 | |
| 101 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master