Home | History | Annotate | Download | only in cert 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/cert/ct_log_verifier.h"
      6 
      7 #include <string>
      8 
      9 #include "base/time/time.h"
     10 #include "net/cert/signed_certificate_timestamp.h"
     11 #include "net/test/ct_test_util.h"
     12 #include "testing/gtest/include/gtest/gtest.h"
     13 
     14 namespace net {
     15 
     16 class CTLogVerifierTest : public ::testing::Test {
     17  public:
     18   CTLogVerifierTest() {}
     19 
     20   virtual void SetUp() OVERRIDE {
     21     log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass();
     22 
     23     ASSERT_TRUE(log_);
     24     ASSERT_EQ(log_->key_id(), ct::GetTestPublicKeyId());
     25   }
     26 
     27  protected:
     28   scoped_ptr<CTLogVerifier> log_;
     29 };
     30 
     31 TEST_F(CTLogVerifierTest, VerifiesCertSCT) {
     32   ct::LogEntry cert_entry;
     33   ct::GetX509CertLogEntry(&cert_entry);
     34 
     35   scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
     36   ct::GetX509CertSCT(&cert_sct);
     37 
     38   EXPECT_TRUE(log_->Verify(cert_entry, *cert_sct));
     39 }
     40 
     41 TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) {
     42   ct::LogEntry precert_entry;
     43   ct::GetPrecertLogEntry(&precert_entry);
     44 
     45   scoped_refptr<ct::SignedCertificateTimestamp> precert_sct;
     46   ct::GetPrecertSCT(&precert_sct);
     47 
     48   EXPECT_TRUE(log_->Verify(precert_entry, *precert_sct));
     49 }
     50 
     51 TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) {
     52   ct::LogEntry cert_entry;
     53   ct::GetX509CertLogEntry(&cert_entry);
     54 
     55   scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
     56   ct::GetX509CertSCT(&cert_sct);
     57 
     58   // Mangle the timestamp, so that it should fail signature validation.
     59   cert_sct->timestamp = base::Time::Now();
     60 
     61   EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct));
     62 }
     63 
     64 TEST_F(CTLogVerifierTest, FailsInvalidLogID) {
     65   ct::LogEntry cert_entry;
     66   ct::GetX509CertLogEntry(&cert_entry);
     67 
     68   scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
     69   ct::GetX509CertSCT(&cert_sct);
     70 
     71   // Mangle the log ID, which should cause it to match a different log before
     72   // attempting signature validation.
     73   cert_sct->log_id.assign(cert_sct->log_id.size(), '\0');
     74 
     75   EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct));
     76 }
     77 
     78 }  // namespace net
     79