tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

CTObjectsExtractorTest.cpp (2745B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include "CTLogVerifier.h"
      8 #include "CTObjectsExtractor.h"
      9 #include "CTSerialization.h"
     10 #include "CTTestUtils.h"
     11 #include "gtest/gtest.h"
     12 #include "nss.h"
     13 #include "signature_cache_ffi.h"
     14 
     15 namespace mozilla {
     16 namespace ct {
     17 
     18 using namespace pkix;
     19 
     20 class CTObjectsExtractorTest : public ::testing::Test {
     21 public:
     22  void SetUp() override {
     23    // Does nothing if NSS is already initialized.
     24    if (NSS_NoDB_Init(nullptr) != SECSuccess) {
     25      abort();
     26    }
     27 
     28    mTestCert = GetDEREncodedX509Cert();
     29    mEmbeddedCert = GetDEREncodedTestEmbeddedCert();
     30    mCaCert = GetDEREncodedCACert();
     31    mCaCertSPKI = ExtractCertSPKI(mCaCert);
     32 
     33    Buffer logPublicKey = GetTestPublicKey();
     34    ASSERT_EQ(Success, mLog.Init(InputForBuffer(logPublicKey)));
     35  }
     36 
     37 protected:
     38  Buffer mTestCert;
     39  Buffer mEmbeddedCert;
     40  Buffer mCaCert;
     41  Buffer mCaCertSPKI;
     42  CTLogVerifier mLog =
     43      CTLogVerifier(-1, CTLogState::Admissible, CTLogFormat::RFC6962, 0);
     44 };
     45 
     46 TEST_F(CTObjectsExtractorTest, ExtractPrecert) {
     47  LogEntry entry;
     48  ASSERT_EQ(Success, GetPrecertLogEntry(InputForBuffer(mEmbeddedCert),
     49                                        InputForBuffer(mCaCertSPKI), entry));
     50 
     51  EXPECT_EQ(LogEntry::Type::Precert, entry.type);
     52  // Should have empty leaf cert for this log entry type.
     53  EXPECT_TRUE(entry.leafCertificate.empty());
     54  EXPECT_EQ(GetDefaultIssuerKeyHash(), entry.issuerKeyHash);
     55  EXPECT_EQ(GetDEREncodedTestTbsCert(), entry.tbsCertificate);
     56 }
     57 
     58 TEST_F(CTObjectsExtractorTest, ExtractOrdinaryX509Cert) {
     59  LogEntry entry;
     60  GetX509LogEntry(InputForBuffer(mTestCert), entry);
     61 
     62  EXPECT_EQ(LogEntry::Type::X509, entry.type);
     63  // Should have empty tbsCertificate / issuerKeyHash for this log entry type.
     64  EXPECT_TRUE(entry.tbsCertificate.empty());
     65  EXPECT_TRUE(entry.issuerKeyHash.empty());
     66  // Length of leafCertificate should be 718, see the CT Serialization tests.
     67  EXPECT_EQ(718U, entry.leafCertificate.size());
     68 }
     69 
     70 // Test that an externally-provided SCT verifies over the LogEntry
     71 // of a regular X.509 Certificate
     72 TEST_F(CTObjectsExtractorTest, ComplementarySCTVerifies) {
     73  SignedCertificateTimestamp sct;
     74  GetX509CertSCT(sct);
     75 
     76  LogEntry entry;
     77  GetX509LogEntry(InputForBuffer(mTestCert), entry);
     78  SignatureCache* signatureCache(signature_cache_new(1));
     79  EXPECT_EQ(Success, mLog.Verify(entry, sct, signatureCache));
     80  signature_cache_free(signatureCache);
     81 }
     82 
     83 }  // namespace ct
     84 }  // namespace mozilla