Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / net / cert / ct_log_verifier_unittest.cc
blob4f0fdcccc7e805dd5618b0456a3354097f20e861
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/ct_log_verifier.h"
7 #include <string>
9 #include "base/time/time.h"
10 #include "net/cert/signed_certificate_timestamp.h"
11 #include "net/cert/signed_tree_head.h"
12 #include "net/test/ct_test_util.h"
13 #include "testing/gtest/include/gtest/gtest.h"
15 namespace net {
17 class CTLogVerifierTest : public ::testing::Test {
18 public:
19 CTLogVerifierTest() {}
21 void SetUp() override {
22 log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog",
23 "https://ct.example.com").Pass();
25 ASSERT_TRUE(log_);
26 ASSERT_EQ(log_->key_id(), ct::GetTestPublicKeyId());
29 protected:
30 scoped_refptr<CTLogVerifier> log_;
33 TEST_F(CTLogVerifierTest, VerifiesCertSCT) {
34 ct::LogEntry cert_entry;
35 ct::GetX509CertLogEntry(&cert_entry);
37 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
38 ct::GetX509CertSCT(&cert_sct);
40 EXPECT_TRUE(log_->Verify(cert_entry, *cert_sct.get()));
43 TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) {
44 ct::LogEntry precert_entry;
45 ct::GetPrecertLogEntry(&precert_entry);
47 scoped_refptr<ct::SignedCertificateTimestamp> precert_sct;
48 ct::GetPrecertSCT(&precert_sct);
50 EXPECT_TRUE(log_->Verify(precert_entry, *precert_sct.get()));
53 TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) {
54 ct::LogEntry cert_entry;
55 ct::GetX509CertLogEntry(&cert_entry);
57 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
58 ct::GetX509CertSCT(&cert_sct);
60 // Mangle the timestamp, so that it should fail signature validation.
61 cert_sct->timestamp = base::Time::Now();
63 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get()));
66 TEST_F(CTLogVerifierTest, FailsInvalidLogID) {
67 ct::LogEntry cert_entry;
68 ct::GetX509CertLogEntry(&cert_entry);
70 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
71 ct::GetX509CertSCT(&cert_sct);
73 // Mangle the log ID, which should cause it to match a different log before
74 // attempting signature validation.
75 cert_sct->log_id.assign(cert_sct->log_id.size(), '\0');
77 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get()));
80 TEST_F(CTLogVerifierTest, SetsValidSTH) {
81 ct::SignedTreeHead sth;
82 ct::GetSampleSignedTreeHead(&sth);
83 ASSERT_TRUE(log_->VerifySignedTreeHead(sth));
86 TEST_F(CTLogVerifierTest, DoesNotSetInvalidSTH) {
87 ct::SignedTreeHead sth;
88 ct::GetSampleSignedTreeHead(&sth);
89 sth.sha256_root_hash[0] = '\x0';
90 ASSERT_FALSE(log_->VerifySignedTreeHead(sth));
93 // Test that excess data after the public key is rejected.
94 TEST_F(CTLogVerifierTest, ExcessDataInPublicKey) {
95 std::string key = ct::GetTestPublicKey();
96 key += "extra";
98 scoped_refptr<CTLogVerifier> log =
99 CTLogVerifier::Create(key, "testlog", "https://ct.example.com");
100 EXPECT_FALSE(log);
103 } // namespace net