net/cert/internal/parse_ocsp_unittest.cc - Issue 1849773002: Adding OCSP Verification

Side by Side Diff: net/cert/internal/parse_ocsp_unittest.cc

Issue 1849773002: Adding OCSP Verification Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix scoped_ptr. Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/cert/internal/parse_ocsp.h"

6

7 #include "base/files/file_path.h"

8 #include "base/logging.h"

9 #include "net/base/test_data_directory.h"

10 #include "net/cert/internal/test_helpers.h"

11 #include "net/cert/x509_certificate.h"

12 #include "testing/gtest/include/gtest/gtest.h"

13

14 namespace net {

15

16 namespace {

17

18 std::string GetFilePath(const std::string& file_name) {

19 return std::string("net/data/parse_ocsp_unittest/") + file_name;

20 }

21

22 enum OCSPFailure {

23 OCSP_SUCCESS,

24 PARSE_CERT,

25 PARSE_OCSP,

26 OCSP_NOT_SUCCESSFUL,

27 PARSE_OCSP_DATA,

28 PARSE_OCSP_SINGLE_RESPONSE,

29 VERIFY_OCSP,

30 OCSP_SUCCESS_REVOKED,

31 OCSP_SUCCESS_UNKNOWN,

32 };

33

34 OCSPFailure ParseOCSP(const std::string& file_name) {

35 std::string ocsp_data;

36 std::string ca_data;

37 std::string cert_data;

38 const PemBlockMapping mappings[] = {

39 {"OCSP RESPONSE", &ocsp_data},

40 {"CA CERTIFICATE", &ca_data},

41 {"CERTIFICATE", &cert_data},

42 };

43

44 if (!ReadTestDataFromPemFile(GetFilePath(file_name), mappings))

45 return PARSE_CERT;

46

47 der::Input ocsp_input(&ocsp_data);

48 der::Input ca_input(&ca_data);

49 der::Input cert_input(&cert_data);

50

51 ParsedCertificate issuer;

52 ParsedCertificate cert;

53 if (!ParseCertificate(ca_input, &issuer))

54 return PARSE_CERT;

55 if (!ParseCertificate(cert_input, &cert))

56 return PARSE_CERT;

57 OCSPResponse parsed_ocsp;

58 OCSPResponseData parsed_ocsp_data;

59 if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp))

60 return PARSE_OCSP;

61 if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL)

62 return OCSP_NOT_SUCCESSFUL;

63 if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data))

64 return PARSE_OCSP_DATA;

65

66 OCSPCertStatus status;

67

68 if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status))

69 return PARSE_OCSP_SINGLE_RESPONSE;

70

71 switch (status.status) {

72 case OCSPCertStatus::Status::GOOD:

73 return OCSP_SUCCESS;

74 case OCSPCertStatus::Status::REVOKED:

75 return OCSP_SUCCESS_REVOKED;

76 case OCSPCertStatus::Status::UNKNOWN:

77 return OCSP_SUCCESS_UNKNOWN;

78 }

79

80 return OCSP_SUCCESS_UNKNOWN;

81 }

82

83 } // namespace

84

85 TEST(ParseOCSPTest, OCSPGoodResponse) {

86 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response.pem"));

87 }

88

89 TEST(ParseOCSPTest, OCSPNoResponse) {

90 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("no_response.pem"));

91 }

92

93 TEST(ParseOCSPTest, OCSPMalformedStatus) {

94 ASSERT_EQ(OCSP_NOT_SUCCESSFUL, ParseOCSP("malformed_status.pem"));

95 }

96

97 TEST(ParseOCSPTest, OCSPBadStatus) {

98 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem"));

99 }

100

101 TEST(ParseOCSPTest, OCSPInvalidOCSPOid) {

102 ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem"));

103 }

104

105 TEST(ParseOCSPTest, OCSPBadSignature) {

106 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("bad_signature.pem"));

107 }

108

109 TEST(ParseOCSPTest, OCSPDirectSignature) {

110 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem"));

111 }

112

113 TEST(ParseOCSPTest, OCSPIndirectSignature) {

114 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem"));

115 }

116

117 TEST(ParseOCSPTest, OCSPMissingIndirectSignature) {

118 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect_missing.pem"));

119 }

120

121 TEST(ParseOCSPTest, OCSPInvalidSignature) {

122 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_bad_indirect.pem"));

123 }

124

125 TEST(ParseOCSPTest, OCSPExtraCerts) {

126 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem"));

127 }

128

129 TEST(ParseOCSPTest, OCSPIncludesVersion) {

130 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem"));

131 }

132

133 TEST(ParseOCSPTest, OCSPResponderName) {

134 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_name.pem"));

135 }

136

137 TEST(ParseOCSPTest, OCSPResponderKeyHash) {

138 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_id.pem"));

139 }

140

141 TEST(ParseOCSPTest, OCSPOCSPExtension) {

142 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_extension.pem"));

143 }

144

145 TEST(ParseOCSPTest, OCSPIncludeNextUpdate) {

146 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response_next_update.pem"));

147 }

148

149 TEST(ParseOCSPTest, OCSPRevokedResponse) {

150 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response.pem"));

151 }

152

153 TEST(ParseOCSPTest, OCSPRevokedResponseWithReason) {

154 ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response_reason.pem"));

155 }

156

157 TEST(ParseOCSPTest, OCSPUnknownCertStatus) {

158 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("unknown_response.pem"));

159 }

160

161 TEST(ParseOCSPTest, OCSPMultipleCertStatus) {

162 ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("multiple_response.pem"));

163 }

164

165 TEST(ParseOCSPTest, OCSPWrongCertResponse) {

166 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("other_response.pem"));

167 }

168

169 TEST(ParseOCSPTest, OCSPOCSPSingleExtension) {

170 ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem"));

171 }

172

173 TEST(ParseOCSPTest, OCSPMissingResponse) {

174 ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem"));

175 }

176

177 } // namespace net

OLD	NEW

« net/cert/internal/ocsp_unittest.cc ('K') | « net/cert/internal/parse_ocsp.cc ('k') | net/data/ocsp_unittest/annotate_test_data.py » ('j') | no next file with comments »