OLD | NEW |
| (Empty) |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/cert/internal/parse_ocsp.h" | |
6 | |
7 #include "base/files/file_path.h" | |
8 #include "base/logging.h" | |
9 #include "net/base/test_data_directory.h" | |
10 #include "net/cert/internal/test_helpers.h" | |
11 #include "net/cert/x509_certificate.h" | |
12 #include "testing/gtest/include/gtest/gtest.h" | |
13 | |
14 namespace net { | |
15 | |
16 namespace { | |
17 | |
18 std::string GetFilePath(const std::string& file_name) { | |
19 return std::string("net/data/parse_ocsp_unittest/") + file_name; | |
20 } | |
21 | |
22 enum OCSPFailure { | |
23 OCSP_SUCCESS, | |
24 PARSE_CERT, | |
25 PARSE_OCSP, | |
26 OCSP_NOT_SUCCESSFUL, | |
27 PARSE_OCSP_DATA, | |
28 PARSE_OCSP_SINGLE_RESPONSE, | |
29 VERIFY_OCSP, | |
30 OCSP_SUCCESS_REVOKED, | |
31 OCSP_SUCCESS_UNKNOWN, | |
32 }; | |
33 | |
34 OCSPFailure ParseOCSP(const std::string& file_name) { | |
35 std::string ocsp_data; | |
36 std::string ca_data; | |
37 std::string cert_data; | |
38 const PemBlockMapping mappings[] = { | |
39 {"OCSP RESPONSE", &ocsp_data}, | |
40 {"CA CERTIFICATE", &ca_data}, | |
41 {"CERTIFICATE", &cert_data}, | |
42 }; | |
43 | |
44 if (!ReadTestDataFromPemFile(GetFilePath(file_name), mappings)) | |
45 return PARSE_CERT; | |
46 | |
47 der::Input ocsp_input(&ocsp_data); | |
48 der::Input ca_input(&ca_data); | |
49 der::Input cert_input(&cert_data); | |
50 | |
51 ParsedCertificate issuer; | |
52 ParsedCertificate cert; | |
53 if (!ParseCertificate(ca_input, &issuer)) | |
54 return PARSE_CERT; | |
55 if (!ParseCertificate(cert_input, &cert)) | |
56 return PARSE_CERT; | |
57 OCSPResponse parsed_ocsp; | |
58 OCSPResponseData parsed_ocsp_data; | |
59 if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp)) | |
60 return PARSE_OCSP; | |
61 if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL) | |
62 return OCSP_NOT_SUCCESSFUL; | |
63 if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) | |
64 return PARSE_OCSP_DATA; | |
65 | |
66 OCSPCertStatus status; | |
67 | |
68 if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status)) | |
69 return PARSE_OCSP_SINGLE_RESPONSE; | |
70 | |
71 switch (status.status) { | |
72 case OCSPCertStatus::Status::GOOD: | |
73 return OCSP_SUCCESS; | |
74 case OCSPCertStatus::Status::REVOKED: | |
75 return OCSP_SUCCESS_REVOKED; | |
76 case OCSPCertStatus::Status::UNKNOWN: | |
77 return OCSP_SUCCESS_UNKNOWN; | |
78 } | |
79 | |
80 return OCSP_SUCCESS_UNKNOWN; | |
81 } | |
82 | |
83 } // namespace | |
84 | |
85 TEST(ParseOCSPTest, OCSPGoodResponse) { | |
86 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response.pem")); | |
87 } | |
88 | |
89 TEST(ParseOCSPTest, OCSPNoResponse) { | |
90 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("no_response.pem")); | |
91 } | |
92 | |
93 TEST(ParseOCSPTest, OCSPMalformedStatus) { | |
94 ASSERT_EQ(OCSP_NOT_SUCCESSFUL, ParseOCSP("malformed_status.pem")); | |
95 } | |
96 | |
97 TEST(ParseOCSPTest, OCSPBadStatus) { | |
98 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); | |
99 } | |
100 | |
101 TEST(ParseOCSPTest, OCSPInvalidOCSPOid) { | |
102 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); | |
103 } | |
104 | |
105 TEST(ParseOCSPTest, OCSPBadSignature) { | |
106 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("bad_signature.pem")); | |
107 } | |
108 | |
109 TEST(ParseOCSPTest, OCSPDirectSignature) { | |
110 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); | |
111 } | |
112 | |
113 TEST(ParseOCSPTest, OCSPIndirectSignature) { | |
114 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); | |
115 } | |
116 | |
117 TEST(ParseOCSPTest, OCSPMissingIndirectSignature) { | |
118 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect_missing.pem")); | |
119 } | |
120 | |
121 TEST(ParseOCSPTest, OCSPInvalidSignature) { | |
122 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_bad_indirect.pem")); | |
123 } | |
124 | |
125 TEST(ParseOCSPTest, OCSPExtraCerts) { | |
126 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); | |
127 } | |
128 | |
129 TEST(ParseOCSPTest, OCSPIncludesVersion) { | |
130 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); | |
131 } | |
132 | |
133 TEST(ParseOCSPTest, OCSPResponderName) { | |
134 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_name.pem")); | |
135 } | |
136 | |
137 TEST(ParseOCSPTest, OCSPResponderKeyHash) { | |
138 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_id.pem")); | |
139 } | |
140 | |
141 TEST(ParseOCSPTest, OCSPOCSPExtension) { | |
142 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_extension.pem")); | |
143 } | |
144 | |
145 TEST(ParseOCSPTest, OCSPIncludeNextUpdate) { | |
146 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response_next_update.pem")); | |
147 } | |
148 | |
149 TEST(ParseOCSPTest, OCSPRevokedResponse) { | |
150 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response.pem")); | |
151 } | |
152 | |
153 TEST(ParseOCSPTest, OCSPRevokedResponseWithReason) { | |
154 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response_reason.pem")); | |
155 } | |
156 | |
157 TEST(ParseOCSPTest, OCSPUnknownCertStatus) { | |
158 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("unknown_response.pem")); | |
159 } | |
160 | |
161 TEST(ParseOCSPTest, OCSPMultipleCertStatus) { | |
162 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("multiple_response.pem")); | |
163 } | |
164 | |
165 TEST(ParseOCSPTest, OCSPWrongCertResponse) { | |
166 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("other_response.pem")); | |
167 } | |
168 | |
169 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { | |
170 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); | |
171 } | |
172 | |
173 TEST(ParseOCSPTest, OCSPMissingResponse) { | |
174 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); | |
175 } | |
176 | |
177 } // namespace net | |
OLD | NEW |