Chromium Code Reviews Chromium Code Reviews
Issue 1849773002:
Adding OCSP Verification
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/internal/ocsp_unittest.cc |
| diff --git a/net/cert/internal/parse_ocsp_unittest.cc b/net/cert/internal/ocsp_unittest.cc |
| similarity index 72% |
| rename from net/cert/internal/parse_ocsp_unittest.cc |
| rename to net/cert/internal/ocsp_unittest.cc |
| index 12657e626952b1fb2b38ef93c0f72a6e06e93d75..8642a9e440e93b0e201ab38818143c26182a223f 100644 |
| --- a/net/cert/internal/parse_ocsp_unittest.cc |
| +++ b/net/cert/internal/ocsp_unittest.cc |
| @@ -2,7 +2,7 @@ |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| -#include "net/cert/internal/parse_ocsp.h" |
| +#include "net/cert/internal/ocsp.h" |
| #include "base/files/file_path.h" |
| #include "base/logging.h" |
| @@ -16,7 +16,7 @@ namespace net { |
| namespace { |
| std::string GetFilePath(const std::string& file_name) { |
| - return std::string("net/data/parse_ocsp_unittest/") + file_name; |
| + return std::string("net/data/ocsp_unittest/") + file_name; |
| } |
| enum OCSPFailure { |
| @@ -62,6 +62,9 @@ OCSPFailure ParseOCSP(const std::string& file_name) { |
| return OCSP_NOT_SUCCESSFUL; |
| if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) |
| return PARSE_OCSP_DATA; |
| + const SimpleSignaturePolicy policy(1024); |
|
eroman
2016/05/31 19:12:47
Do we need to allow 1024-bit RSA keys in these tes
|
| + if (!VerifyOCSPResponse(parsed_ocsp, issuer, policy)) |
| + return VERIFY_OCSP; |
| OCSPCertStatus status; |
| @@ -82,95 +85,95 @@ OCSPFailure ParseOCSP(const std::string& file_name) { |
| } // namespace |
| -TEST(ParseOCSPTest, OCSPGoodResponse) { |
| +TEST(OCSPTest, OCSPGoodResponse) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPNoResponse) { |
| +TEST(OCSPTest, OCSPNoResponse) { |
| ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("no_response.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPMalformedStatus) { |
| +TEST(OCSPTest, OCSPMalformedStatus) { |
| ASSERT_EQ(OCSP_NOT_SUCCESSFUL, ParseOCSP("malformed_status.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPBadStatus) { |
| +TEST(OCSPTest, OCSPBadStatus) { |
| ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPInvalidOCSPOid) { |
| +TEST(OCSPTest, OCSPInvalidOCSPOid) { |
| ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPBadSignature) { |
| - ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("bad_signature.pem")); |
| +TEST(OCSPTest, OCSPBadSignature) { |
| + ASSERT_EQ(VERIFY_OCSP, ParseOCSP("bad_signature.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPDirectSignature) { |
| +TEST(OCSPTest, OCSPDirectSignature) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPIndirectSignature) { |
| +TEST(OCSPTest, OCSPIndirectSignature) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPMissingIndirectSignature) { |
| - ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect_missing.pem")); |
| +TEST(OCSPTest, OCSPMissingIndirectSignature) { |
| + ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_indirect_missing.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPInvalidSignature) { |
| - ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_bad_indirect.pem")); |
| +TEST(OCSPTest, OCSPInvalidSignature) { |
| + ASSERT_EQ(VERIFY_OCSP, ParseOCSP("ocsp_sign_bad_indirect.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPExtraCerts) { |
| +TEST(OCSPTest, OCSPExtraCerts) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPIncludesVersion) { |
| +TEST(OCSPTest, OCSPIncludesVersion) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPResponderName) { |
| +TEST(OCSPTest, OCSPResponderName) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_name.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPResponderKeyHash) { |
| +TEST(OCSPTest, OCSPResponderKeyHash) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_id.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPOCSPExtension) { |
| +TEST(OCSPTest, OCSPOCSPExtension) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_extension.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPIncludeNextUpdate) { |
| +TEST(OCSPTest, OCSPIncludeNextUpdate) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response_next_update.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPRevokedResponse) { |
| +TEST(OCSPTest, OCSPRevokedResponse) { |
| ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPRevokedResponseWithReason) { |
| +TEST(OCSPTest, OCSPRevokedResponseWithReason) { |
| ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response_reason.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPUnknownCertStatus) { |
| +TEST(OCSPTest, OCSPUnknownCertStatus) { |
| ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("unknown_response.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPMultipleCertStatus) { |
| +TEST(OCSPTest, OCSPMultipleCertStatus) { |
| ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("multiple_response.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPWrongCertResponse) { |
| +TEST(OCSPTest, OCSPWrongCertResponse) { |
| ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("other_response.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { |
| +TEST(OCSPTest, OCSPOCSPSingleExtension) { |
| ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); |
| } |
| -TEST(ParseOCSPTest, OCSPMissingResponse) { |
| +TEST(OCSPTest, OCSPMissingResponse) { |
| ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); |
| } |
