security/ct/tests/gtest/CTObjectsExtractorTest.cpp

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #include "CTLogVerifier.h"
   8 #include "CTObjectsExtractor.h"
   9 #include "CTSerialization.h"
  10 #include "CTTestUtils.h"
  11 #include "gtest/gtest.h"
  12 #include "nss.h"
  13 #include "signature_cache_ffi.h"
  14
  15 namespace mozilla {
  16 namespace ct {
  17
  18 using namespace pkix;
  19
  20 class CTObjectsExtractorTest : public ::testing::Test {
  21  public:
  22   void SetUp() override {
  23     // Does nothing if NSS is already initialized.
  24     if (NSS_NoDB_Init(nullptr) != SECSuccess) {
  25       abort();
  26     }
  27
  28     mTestCert = GetDEREncodedX509Cert();
  29     mEmbeddedCert = GetDEREncodedTestEmbeddedCert();
  30     mCaCert = GetDEREncodedCACert();
  31     mCaCertSPKI = ExtractCertSPKI(mCaCert);
  32
  33     Buffer logPublicKey = GetTestPublicKey();
  34     ASSERT_EQ(Success, mLog.Init(InputForBuffer(logPublicKey)));
  35   }
  36
  37  protected:
  38   Buffer mTestCert;
  39   Buffer mEmbeddedCert;
  40   Buffer mCaCert;
  41   Buffer mCaCertSPKI;
  42   CTLogVerifier mLog = CTLogVerifier(-1, CTLogState::Admissible, 0);
  43 };
  44
  45 TEST_F(CTObjectsExtractorTest, ExtractPrecert) {
  46   LogEntry entry;
  47   ASSERT_EQ(Success, GetPrecertLogEntry(InputForBuffer(mEmbeddedCert),
  48                                         InputForBuffer(mCaCertSPKI), entry));
  49
  50   EXPECT_EQ(LogEntry::Type::Precert, entry.type);
  51   // Should have empty leaf cert for this log entry type.
  52   EXPECT_TRUE(entry.leafCertificate.empty());
  53   EXPECT_EQ(GetDefaultIssuerKeyHash(), entry.issuerKeyHash);
  54   EXPECT_EQ(GetDEREncodedTestTbsCert(), entry.tbsCertificate);
  55 }
  56
  57 TEST_F(CTObjectsExtractorTest, ExtractOrdinaryX509Cert) {
  58   LogEntry entry;
  59   GetX509LogEntry(InputForBuffer(mTestCert), entry);
  60
  61   EXPECT_EQ(LogEntry::Type::X509, entry.type);
  62   // Should have empty tbsCertificate / issuerKeyHash for this log entry type.
  63   EXPECT_TRUE(entry.tbsCertificate.empty());
  64   EXPECT_TRUE(entry.issuerKeyHash.empty());
  65   // Length of leafCertificate should be 718, see the CT Serialization tests.
  66   EXPECT_EQ(718U, entry.leafCertificate.size());
  67 }
  68
  69 // Test that an externally-provided SCT verifies over the LogEntry
  70 // of a regular X.509 Certificate
  71 TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies) {
  72   SignedCertificateTimestamp sct;
  73   GetX509CertSCT(sct);
  74
  75   LogEntry entry;
  76   GetX509LogEntry(InputForBuffer(mTestCert), entry);
  77   SignatureCache* signatureCache(signature_cache_new(1));
  78   EXPECT_EQ(Success, mLog.Verify(entry, sct, signatureCache));
  79   signature_cache_free(signatureCache);
  80 }
  81
  82 }  // namespace ct
  83 }  // namespace mozilla