1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/ct_log_verifier.h"
9 #include "base/time/time.h"
10 #include "net/cert/signed_certificate_timestamp.h"
11 #include "net/cert/signed_tree_head.h"
12 #include "net/test/ct_test_util.h"
13 #include "testing/gtest/include/gtest/gtest.h"
17 class CTLogVerifierTest
: public ::testing::Test
{
19 CTLogVerifierTest() {}
21 void SetUp() override
{
22 log_
= CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass();
25 ASSERT_EQ(log_
->key_id(), ct::GetTestPublicKeyId());
29 scoped_ptr
<CTLogVerifier
> log_
;
32 TEST_F(CTLogVerifierTest
, VerifiesCertSCT
) {
33 ct::LogEntry cert_entry
;
34 ct::GetX509CertLogEntry(&cert_entry
);
36 scoped_refptr
<ct::SignedCertificateTimestamp
> cert_sct
;
37 ct::GetX509CertSCT(&cert_sct
);
39 EXPECT_TRUE(log_
->Verify(cert_entry
, *cert_sct
.get()));
42 TEST_F(CTLogVerifierTest
, VerifiesPrecertSCT
) {
43 ct::LogEntry precert_entry
;
44 ct::GetPrecertLogEntry(&precert_entry
);
46 scoped_refptr
<ct::SignedCertificateTimestamp
> precert_sct
;
47 ct::GetPrecertSCT(&precert_sct
);
49 EXPECT_TRUE(log_
->Verify(precert_entry
, *precert_sct
.get()));
52 TEST_F(CTLogVerifierTest
, FailsInvalidTimestamp
) {
53 ct::LogEntry cert_entry
;
54 ct::GetX509CertLogEntry(&cert_entry
);
56 scoped_refptr
<ct::SignedCertificateTimestamp
> cert_sct
;
57 ct::GetX509CertSCT(&cert_sct
);
59 // Mangle the timestamp, so that it should fail signature validation.
60 cert_sct
->timestamp
= base::Time::Now();
62 EXPECT_FALSE(log_
->Verify(cert_entry
, *cert_sct
.get()));
65 TEST_F(CTLogVerifierTest
, FailsInvalidLogID
) {
66 ct::LogEntry cert_entry
;
67 ct::GetX509CertLogEntry(&cert_entry
);
69 scoped_refptr
<ct::SignedCertificateTimestamp
> cert_sct
;
70 ct::GetX509CertSCT(&cert_sct
);
72 // Mangle the log ID, which should cause it to match a different log before
73 // attempting signature validation.
74 cert_sct
->log_id
.assign(cert_sct
->log_id
.size(), '\0');
76 EXPECT_FALSE(log_
->Verify(cert_entry
, *cert_sct
.get()));
79 TEST_F(CTLogVerifierTest
, SetsValidSTH
) {
80 scoped_ptr
<ct::SignedTreeHead
> sth(new ct::SignedTreeHead());
81 ct::GetSignedTreeHead(sth
.get());
82 ASSERT_TRUE(log_
->SetSignedTreeHead(sth
.Pass()));
85 TEST_F(CTLogVerifierTest
, DoesNotSetInvalidSTH
) {
86 scoped_ptr
<ct::SignedTreeHead
> sth(new ct::SignedTreeHead());
87 ct::GetSignedTreeHead(sth
.get());
88 sth
->sha256_root_hash
[0] = '\x0';
89 ASSERT_FALSE(log_
->SetSignedTreeHead(sth
.Pass()));