net/cert/ct_log_verifier_unittest.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/cert/ct_log_verifier.h"
   6
   7 #include <string>
   8
   9 #include "base/time/time.h"
  10 #include "net/cert/signed_certificate_timestamp.h"
  11 #include "net/cert/signed_tree_head.h"
  12 #include "net/test/ct_test_util.h"
  13 #include "testing/gtest/include/gtest/gtest.h"
  14
  15 namespace net {
  16
  17 class CTLogVerifierTest : public ::testing::Test {
  18  public:
  19   CTLogVerifierTest() {}
  20
  21   virtual void SetUp() override {
  22     log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass();
  23
  24     ASSERT_TRUE(log_);
  25     ASSERT_EQ(log_->key_id(), ct::GetTestPublicKeyId());
  26   }
  27
  28  protected:
  29   scoped_ptr<CTLogVerifier> log_;
  30 };
  31
  32 TEST_F(CTLogVerifierTest, VerifiesCertSCT) {
  33   ct::LogEntry cert_entry;
  34   ct::GetX509CertLogEntry(&cert_entry);
  35
  36   scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
  37   ct::GetX509CertSCT(&cert_sct);
  38
  39   EXPECT_TRUE(log_->Verify(cert_entry, *cert_sct.get()));
  40 }
  41
  42 TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) {
  43   ct::LogEntry precert_entry;
  44   ct::GetPrecertLogEntry(&precert_entry);
  45
  46   scoped_refptr<ct::SignedCertificateTimestamp> precert_sct;
  47   ct::GetPrecertSCT(&precert_sct);
  48
  49   EXPECT_TRUE(log_->Verify(precert_entry, *precert_sct.get()));
  50 }
  51
  52 TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) {
  53   ct::LogEntry cert_entry;
  54   ct::GetX509CertLogEntry(&cert_entry);
  55
  56   scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
  57   ct::GetX509CertSCT(&cert_sct);
  58
  59   // Mangle the timestamp, so that it should fail signature validation.
  60   cert_sct->timestamp = base::Time::Now();
  61
  62   EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get()));
  63 }
  64
  65 TEST_F(CTLogVerifierTest, FailsInvalidLogID) {
  66   ct::LogEntry cert_entry;
  67   ct::GetX509CertLogEntry(&cert_entry);
  68
  69   scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
  70   ct::GetX509CertSCT(&cert_sct);
  71
  72   // Mangle the log ID, which should cause it to match a different log before
  73   // attempting signature validation.
  74   cert_sct->log_id.assign(cert_sct->log_id.size(), '\0');
  75
  76   EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get()));
  77 }
  78
  79 TEST_F(CTLogVerifierTest, SetsValidSTH) {
  80   scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead());
  81   ct::GetSignedTreeHead(sth.get());
  82   ASSERT_TRUE(log_->SetSignedTreeHead(sth.Pass()));
  83 }
  84
  85 TEST_F(CTLogVerifierTest, DoesNotSetInvalidSTH) {
  86   scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead());
  87   ct::GetSignedTreeHead(sth.get());
  88   sth->sha256_root_hash[0] = '\x0';
  89   ASSERT_FALSE(log_->SetSignedTreeHead(sth.Pass()));
  90 }
  91
  92 }  // namespace net