/src/mozilla-central/security/certverifier/tests/gtest/CTObjectsExtractorTest.cpp

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "CTLogVerifier.h"
#include "CTObjectsExtractor.h"
#include "CTSerialization.h"
#include "CTTestUtils.h"
#include "gtest/gtest.h"
#include "nss.h"

namespace mozilla { namespace ct {

using namespace pkix;

class CTObjectsExtractorTest : public ::testing::Test
{
public:
  void SetUp() override
  {
    // Does nothing if NSS is already initialized.
    MOZ_RELEASE_ASSERT(NSS_NoDB_Init(nullptr) == SECSuccess);

    mTestCert = GetDEREncodedX509Cert();
    mEmbeddedCert = GetDEREncodedTestEmbeddedCert();
    mCaCert = GetDEREncodedCACert();
    mCaCertSPKI = ExtractCertSPKI(mCaCert);

    Buffer logPublicKey = GetTestPublicKey();
    ASSERT_EQ(Success, mLog.Init(InputForBuffer(logPublicKey),
                                 -1 /*operator id*/,
                                 CTLogStatus::Included,
                                 0 /*disqualification time*/));
  }

protected:
  Buffer mTestCert;
  Buffer mEmbeddedCert;
  Buffer mCaCert;
  Buffer mCaCertSPKI;
  CTLogVerifier mLog;
};

TEST_F(CTObjectsExtractorTest, ExtractPrecert)
{
  LogEntry entry;
  ASSERT_EQ(Success,
            GetPrecertLogEntry(InputForBuffer(mEmbeddedCert),
                               InputForBuffer(mCaCertSPKI),
                               entry));

  EXPECT_EQ(LogEntry::Type::Precert, entry.type);
  // Should have empty leaf cert for this log entry type.
  EXPECT_TRUE(entry.leafCertificate.empty());
  EXPECT_EQ(GetDefaultIssuerKeyHash(), entry.issuerKeyHash);
  EXPECT_EQ(GetDEREncodedTestTbsCert(), entry.tbsCertificate);
}

TEST_F(CTObjectsExtractorTest, ExtractOrdinaryX509Cert)
{
  LogEntry entry;
  ASSERT_EQ(Success, GetX509LogEntry(InputForBuffer(mTestCert), entry));

  EXPECT_EQ(LogEntry::Type::X509, entry.type);
  // Should have empty tbsCertificate / issuerKeyHash for this log entry type.
  EXPECT_TRUE(entry.tbsCertificate.empty());
  EXPECT_TRUE(entry.issuerKeyHash.empty());
  // Length of leafCertificate should be 718, see the CT Serialization tests.
  EXPECT_EQ(718U, entry.leafCertificate.length());
}

// Test that an externally-provided SCT verifies over the LogEntry
// of a regular X.509 Certificate
TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies)
{
  SignedCertificateTimestamp sct;
  GetX509CertSCT(sct);

  LogEntry entry;
  ASSERT_EQ(Success, GetX509LogEntry(InputForBuffer(mTestCert), entry));
  EXPECT_EQ(Success, mLog.Verify(entry, sct));
}

} }  // namespace mozilla::ct

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#include "CTLogVerifier.h"
8		#include "CTObjectsExtractor.h"
9		#include "CTSerialization.h"
10		#include "CTTestUtils.h"
11		#include "gtest/gtest.h"
12		#include "nss.h"
13
14		namespace mozilla { namespace ct {
15
16		using namespace pkix;
17
18		class CTObjectsExtractorTest : public ::testing::Test
19		{
20		public:
21		void SetUp() override
22	0	{
23	0	// Does nothing if NSS is already initialized.
24	0	MOZ_RELEASE_ASSERT(NSS_NoDB_Init(nullptr) == SECSuccess);
25	0
26	0	mTestCert = GetDEREncodedX509Cert();
27	0	mEmbeddedCert = GetDEREncodedTestEmbeddedCert();
28	0	mCaCert = GetDEREncodedCACert();
29	0	mCaCertSPKI = ExtractCertSPKI(mCaCert);
30	0
31	0	Buffer logPublicKey = GetTestPublicKey();
32	0	ASSERT_EQ(Success, mLog.Init(InputForBuffer(logPublicKey),
33	0	-1 /operator id/,
34	0	CTLogStatus::Included,
35	0	0 /disqualification time/));
36	0	}
37
38		protected:
39		Buffer mTestCert;
40		Buffer mEmbeddedCert;
41		Buffer mCaCert;
42		Buffer mCaCertSPKI;
43		CTLogVerifier mLog;
44		};
45
46		TEST_F(CTObjectsExtractorTest, ExtractPrecert)
47	0	{
48	0	LogEntry entry;
49	0	ASSERT_EQ(Success,
50	0	GetPrecertLogEntry(InputForBuffer(mEmbeddedCert),
51	0	InputForBuffer(mCaCertSPKI),
52	0	entry));
53	0
54	0	EXPECT_EQ(LogEntry::Type::Precert, entry.type);
55	0	// Should have empty leaf cert for this log entry type.
56	0	EXPECT_TRUE(entry.leafCertificate.empty());
57	0	EXPECT_EQ(GetDefaultIssuerKeyHash(), entry.issuerKeyHash);
58	0	EXPECT_EQ(GetDEREncodedTestTbsCert(), entry.tbsCertificate);
59	0	}
60
61		TEST_F(CTObjectsExtractorTest, ExtractOrdinaryX509Cert)
62	0	{
63	0	LogEntry entry;
64	0	ASSERT_EQ(Success, GetX509LogEntry(InputForBuffer(mTestCert), entry));
65	0
66	0	EXPECT_EQ(LogEntry::Type::X509, entry.type);
67	0	// Should have empty tbsCertificate / issuerKeyHash for this log entry type.
68	0	EXPECT_TRUE(entry.tbsCertificate.empty());
69	0	EXPECT_TRUE(entry.issuerKeyHash.empty());
70	0	// Length of leafCertificate should be 718, see the CT Serialization tests.
71	0	EXPECT_EQ(718U, entry.leafCertificate.length());
72	0	}
73
74		// Test that an externally-provided SCT verifies over the LogEntry
75		// of a regular X.509 Certificate
76		TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies)
77	0	{
78	0	SignedCertificateTimestamp sct;
79	0	GetX509CertSCT(sct);
80	0
81	0	LogEntry entry;
82	0	ASSERT_EQ(Success, GetX509LogEntry(InputForBuffer(mTestCert), entry));
83	0	EXPECT_EQ(Success, mLog.Verify(entry, sct));
84	0	}
85
86		} } // namespace mozilla::ct

Coverage Report

Created: 2018-09-25 14:53