Skip to content

GitLab

T
tangled
Commit d372eb96 authored by eranm's avatar eranm Committed by Commit bot
Browse files
Options

Revert "Revert of CT Verify test utilities change - Moved the following common... 

Revert "Revert of CT Verify test utilities change - Moved the following common functions (patchset #1 id:1 of https://codereview.chromium.org/1498983004/ )"

This reverts commit 13cb74df.

BUG=568282

Review URL: https://codereview.chromium.org/1639483002

Cr-Commit-Position: refs/heads/master@{#371334}
parent ed9a4eaa
Hide whitespace changes
Inline Side-by-side
Showing with 67 additions and 74 deletions
net/cert/multi_log_ct_verifier_unittest.cc
View file @ d372eb96
......@@ -70,20 +70,6 @@ class MultiLogCTVerifierTest : public ::testing::Test {
ASSERT_TRUE(embedded_sct_chain_.get());
}
bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result) {
return (result.verified_scts.size() == 1U) &&
result.invalid_scts.empty() &&
result.unknown_logs_scts.empty() &&
result.verified_scts[0]->log_description == kLogDescription;
}
bool CheckForSCTOrigin(
const ct::CTVerifyResult& result,
ct::SignedCertificateTimestamp::Origin origin) {
return (result.verified_scts.size() > 0) &&
(result.verified_scts[0]->origin == origin);
}
bool CheckForEmbeddedSCTInNetLog(TestNetLog& net_log) {
TestNetLogEntry::List entries;
net_log.GetEntries(&entries);
......@@ -128,18 +114,6 @@ class MultiLogCTVerifierTest : public ::testing::Test {
return true;
}
std::string GetSCTListWithInvalidSCT() {
std::string sct(ct::GetTestSignedCertificateTimestamp());
// Change a byte inside the Log ID part of the SCT so it does
// not match the log used in the tests
sct[15] = 't';
std::string sct_list;
ct::EncodeSCTListForTesting(sct, &sct_list);
return sct_list;
}
bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain,
const BoundNetLog& bound_net_log,
ct::CTVerifyResult* result) {
......@@ -169,9 +143,9 @@ class MultiLogCTVerifierTest : public ::testing::Test {
BoundNetLog bound_net_log =
BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB);
return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) &&
CheckForSingleVerifiedSCTInResult(result) &&
CheckForSCTOrigin(result,
ct::SignedCertificateTimestamp::SCT_EMBEDDED) &&
ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) &&
ct::CheckForSCTOrigin(
result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) &&
CheckForEmbeddedSCTInNetLog(net_log));
}
......@@ -241,25 +215,20 @@ TEST_F(MultiLogCTVerifierTest,
ASSERT_TRUE(CheckPrecertificateVerification(chain));
}
TEST_F(MultiLogCTVerifierTest,
VerifiesSCTOverX509Cert) {
std::string sct(ct::GetTestSignedCertificateTimestamp());
std::string sct_list;
ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list));
TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) {
std::string sct_list = ct::GetSCTListForTesting();
ct::CTVerifyResult result;
EXPECT_EQ(OK,
verifier_->Verify(
chain_.get(), std::string(), sct_list, &result, BoundNetLog()));
ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result));
ASSERT_TRUE(CheckForSCTOrigin(
ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription));
ASSERT_TRUE(ct::CheckForSCTOrigin(
result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));
}
TEST_F(MultiLogCTVerifierTest,
IdentifiesSCTFromUnknownLog) {
std::string sct_list = GetSCTListWithInvalidSCT();
TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) {
std::string sct_list = ct::GetSCTListWithInvalidSCT();
ct::CTVerifyResult result;
EXPECT_NE(OK,
......@@ -278,7 +247,7 @@ TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) {
}
TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) {
std::string sct_list = GetSCTListWithInvalidSCT();
std::string sct_list = ct::GetSCTListWithInvalidSCT();
ct::CTVerifyResult result;
int num_valid_scts = NumValidSCTsInStatusHistogram();
int num_invalid_scts = GetValueFromHistogram(
......
net/quic/crypto/proof_verifier_chromium_test.cc
View file @ d372eb96
......@@ -183,41 +183,15 @@ class ProofVerifierChromiumTest : public ::testing::Test {
certs->push_back(der_bytes);
}
std::string GetSCTListForTesting() {
const std::string sct = ct::GetTestSignedCertificateTimestamp();
std::string sct_list;
ct::EncodeSCTListForTesting(sct, &sct_list);
return sct_list;
}
std::string GetCorruptSCTListForTesting() {
std::string sct = ct::GetTestSignedCertificateTimestamp();
sct[15] = 't'; // Corrupt a byte inside SCT.
std::string sct_list;
ct::EncodeSCTListForTesting(sct, &sct_list);
return sct_list;
}
bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result) {
return (result.verified_scts.size() == 1U) && result.invalid_scts.empty() &&
result.unknown_logs_scts.empty() &&
result.verified_scts[0]->log_description == kLogDescription;
}
bool CheckForSCTOrigin(const ct::CTVerifyResult& result,
ct::SignedCertificateTimestamp::Origin origin) {
return (result.verified_scts.size() > 0) &&
(result.verified_scts[0]->origin == origin);
}
void CheckSCT(bool sct_expected_ok) {
ProofVerifyDetailsChromium* proof_details =
reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get());
const ct::CTVerifyResult& ct_verify_result =
proof_details->ct_verify_result;
if (sct_expected_ok) {
ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(ct_verify_result));
ASSERT_TRUE(CheckForSCTOrigin(
ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(ct_verify_result,
kLogDescription));
ASSERT_TRUE(ct::CheckForSCTOrigin(
ct_verify_result,
ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION));
} else {
......@@ -261,7 +235,7 @@ TEST_F(ProofVerifierChromiumTest, ValidSCTList) {
scoped_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
QuicAsyncStatus status = proof_verifier.VerifyProof(
kTestHostname, kTestConfig, certs_, GetSCTListForTesting(), "",
kTestHostname, kTestConfig, certs_, ct::GetSCTListForTesting(), "",
verify_context_.get(), &error_details_, &details_, callback.get());
ASSERT_EQ(QUIC_FAILURE, status);
CheckSCT(/*sct_expected_ok=*/true);
......@@ -279,7 +253,7 @@ TEST_F(ProofVerifierChromiumTest, InvalidSCTList) {
scoped_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
QuicAsyncStatus status = proof_verifier.VerifyProof(
kTestHostname, kTestConfig, certs_, GetCorruptSCTListForTesting(), "",
kTestHostname, kTestConfig, certs_, ct::GetSCTListWithInvalidSCT(), "",
verify_context_.get(), &error_details_, &details_, callback.get());
ASSERT_EQ(QUIC_FAILURE, status);
CheckSCT(/*sct_expected_ok=*/false);
......
net/test/ct_test_util.cc
View file @ d372eb96
......@@ -14,7 +14,7 @@
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
#include "net/cert/ct_serialization.h"
#include "net/cert/signed_certificate_timestamp.h"
#include "net/cert/ct_verify_result.h"
#include "net/cert/signed_tree_head.h"
#include "net/cert/x509_certificate.h"
......@@ -360,6 +360,38 @@ std::string CreateConsistencyProofJsonString(
return consistency_proof_json;
}
std::string GetSCTListForTesting() {
const std::string sct = ct::GetTestSignedCertificateTimestamp();
std::string sct_list;
ct::EncodeSCTListForTesting(sct, &sct_list);
return sct_list;
}
std::string GetSCTListWithInvalidSCT() {
std::string sct(ct::GetTestSignedCertificateTimestamp());
// Change a byte inside the Log ID part of the SCT so it does not match the
// log used in the tests.
sct[15] = 't';
std::string sct_list;
ct::EncodeSCTListForTesting(sct, &sct_list);
return sct_list;
}
bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result,
const std::string& log_description) {
return (result.verified_scts.size() == 1U) && result.invalid_scts.empty() &&
result.unknown_logs_scts.empty() &&
result.verified_scts[0]->log_description == log_description;
}
bool CheckForSCTOrigin(const ct::CTVerifyResult& result,
ct::SignedCertificateTimestamp::Origin origin) {
return (result.verified_scts.size() > 0) &&
(result.verified_scts[0]->origin == origin);
}
} // namespace ct
} // namespace net
net/test/ct_test_util.h
View file @ d372eb96
......@@ -12,14 +12,15 @@
#include <vector>
#include "base/memory/ref_counted.h"
#include "net/cert/signed_certificate_timestamp.h"
namespace net {
namespace ct {
struct CTVerifyResult;
struct DigitallySigned;
struct LogEntry;
struct SignedCertificateTimestamp;
struct SignedTreeHead;
// Note: unless specified otherwise, all test data is taken from Certificate
......@@ -102,6 +103,23 @@ std::string CreateSignedTreeHeadJsonString(size_t tree_size,
// the provided raw nodes (i.e. the raw nodes will be base64-encoded).
std::string CreateConsistencyProofJsonString(
const std::vector<std::string>& raw_nodes);
// Returns SCTList for testing.
std::string GetSCTListForTesting();
// Returns a corrupted SCTList. This is done by changing a byte inside the
// Log ID part of the SCT so it does not match the log used in the tests.
std::string GetSCTListWithInvalidSCT();
// Returns true if |log_description| is in the |result|'s |verified_scts| and
// number of |verified_scts| in |result| is equal to 1.
bool CheckForSingleVerifiedSCTInResult(const CTVerifyResult& result,
const std::string& log_description);
// Returns true if |origin| is in the |result|'s |verified_scts|.
bool CheckForSCTOrigin(const CTVerifyResult& result,
SignedCertificateTimestamp::Origin origin);
} // namespace ct
} // namespace net
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment