1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/ct_log_verifier.h"
6
7 #include <string>
8
9 #include "base/time/time.h"
10 #include "net/cert/signed_certificate_timestamp.h"
11 #include "net/cert/signed_tree_head.h"
12 #include "net/test/ct_test_util.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14
15 namespace net {
16
17 class CTLogVerifierTest : public ::testing::Test {
18 public:
CTLogVerifierTest()19 CTLogVerifierTest() {}
20
SetUp()21 virtual void SetUp() OVERRIDE {
22 log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog").Pass();
23
24 ASSERT_TRUE(log_);
25 ASSERT_EQ(log_->key_id(), ct::GetTestPublicKeyId());
26 }
27
28 protected:
29 scoped_ptr<CTLogVerifier> log_;
30 };
31
TEST_F(CTLogVerifierTest,VerifiesCertSCT)32 TEST_F(CTLogVerifierTest, VerifiesCertSCT) {
33 ct::LogEntry cert_entry;
34 ct::GetX509CertLogEntry(&cert_entry);
35
36 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
37 ct::GetX509CertSCT(&cert_sct);
38
39 EXPECT_TRUE(log_->Verify(cert_entry, *cert_sct.get()));
40 }
41
TEST_F(CTLogVerifierTest,VerifiesPrecertSCT)42 TEST_F(CTLogVerifierTest, VerifiesPrecertSCT) {
43 ct::LogEntry precert_entry;
44 ct::GetPrecertLogEntry(&precert_entry);
45
46 scoped_refptr<ct::SignedCertificateTimestamp> precert_sct;
47 ct::GetPrecertSCT(&precert_sct);
48
49 EXPECT_TRUE(log_->Verify(precert_entry, *precert_sct.get()));
50 }
51
TEST_F(CTLogVerifierTest,FailsInvalidTimestamp)52 TEST_F(CTLogVerifierTest, FailsInvalidTimestamp) {
53 ct::LogEntry cert_entry;
54 ct::GetX509CertLogEntry(&cert_entry);
55
56 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
57 ct::GetX509CertSCT(&cert_sct);
58
59 // Mangle the timestamp, so that it should fail signature validation.
60 cert_sct->timestamp = base::Time::Now();
61
62 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get()));
63 }
64
TEST_F(CTLogVerifierTest,FailsInvalidLogID)65 TEST_F(CTLogVerifierTest, FailsInvalidLogID) {
66 ct::LogEntry cert_entry;
67 ct::GetX509CertLogEntry(&cert_entry);
68
69 scoped_refptr<ct::SignedCertificateTimestamp> cert_sct;
70 ct::GetX509CertSCT(&cert_sct);
71
72 // Mangle the log ID, which should cause it to match a different log before
73 // attempting signature validation.
74 cert_sct->log_id.assign(cert_sct->log_id.size(), '\0');
75
76 EXPECT_FALSE(log_->Verify(cert_entry, *cert_sct.get()));
77 }
78
TEST_F(CTLogVerifierTest,SetsValidSTH)79 TEST_F(CTLogVerifierTest, SetsValidSTH) {
80 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead());
81 ct::GetSignedTreeHead(sth.get());
82 ASSERT_TRUE(log_->SetSignedTreeHead(sth.Pass()));
83 }
84
TEST_F(CTLogVerifierTest,DoesNotSetInvalidSTH)85 TEST_F(CTLogVerifierTest, DoesNotSetInvalidSTH) {
86 scoped_ptr<ct::SignedTreeHead> sth(new ct::SignedTreeHead());
87 ct::GetSignedTreeHead(sth.get());
88 sth->sha256_root_hash[0] = '\x0';
89 ASSERT_FALSE(log_->SetSignedTreeHead(sth.Pass()));
90 }
91
92 } // namespace net
93