diff options
Diffstat (limited to 'chromium/net/cert/internal/parse_ocsp_unittest.cc')
-rw-r--r-- | chromium/net/cert/internal/parse_ocsp_unittest.cc | 141 |
1 files changed, 136 insertions, 5 deletions
diff --git a/chromium/net/cert/internal/parse_ocsp_unittest.cc b/chromium/net/cert/internal/parse_ocsp_unittest.cc index c0fc061b5e4..08e18db35e8 100644 --- a/chromium/net/cert/internal/parse_ocsp_unittest.cc +++ b/chromium/net/cert/internal/parse_ocsp_unittest.cc @@ -8,6 +8,7 @@ #include "base/logging.h" #include "net/cert/internal/test_helpers.h" #include "net/cert/x509_certificate.h" +#include "net/der/encode_values.h" #include "net/test/test_data_directory.h" #include "testing/gtest/include/gtest/gtest.h" @@ -15,6 +16,8 @@ namespace net { namespace { +const base::TimeDelta kOCSPAgeOneWeek = base::TimeDelta::FromDays(7); + std::string GetFilePath(const std::string& file_name) { return std::string("net/data/parse_ocsp_unittest/") + file_name; } @@ -56,10 +59,11 @@ OCSPFailure ParseOCSP(const std::string& file_name) { der::BitString cert_signature_value; if (!ParseCertificate(ca_input, &issuer_tbs_certificate_tlv, &issuer_signature_algorithm_tlv, - &issuer_signature_value)) + &issuer_signature_value, nullptr)) return PARSE_CERT; if (!ParseCertificate(cert_input, &cert_tbs_certificate_tlv, - &cert_signature_algorithm_tlv, &cert_signature_value)) + &cert_signature_algorithm_tlv, &cert_signature_value, + nullptr)) return PARSE_CERT; OCSPResponse parsed_ocsp; OCSPResponseData parsed_ocsp_data; @@ -77,11 +81,11 @@ OCSPFailure ParseOCSP(const std::string& file_name) { return PARSE_OCSP_SINGLE_RESPONSE; switch (status.status) { - case OCSPCertStatus::Status::GOOD: + case OCSPRevocationStatus::GOOD: return OCSP_SUCCESS; - case OCSPCertStatus::Status::REVOKED: + case OCSPRevocationStatus::REVOKED: return OCSP_SUCCESS_REVOKED; - case OCSPCertStatus::Status::UNKNOWN: + case OCSPRevocationStatus::UNKNOWN: return OCSP_SUCCESS_UNKNOWN; } @@ -182,4 +186,131 @@ TEST(ParseOCSPTest, OCSPMissingResponse) { ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); } +TEST(OCSPDateTest, Valid) { + OCSPSingleResponse response; + + base::Time now = base::Time::Now(); + base::Time this_update = now - base::TimeDelta::FromHours(1); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); + response.has_next_update = false; + EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); + + base::Time next_update = this_update + base::TimeDelta::FromDays(7); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); + response.has_next_update = true; + EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); +} + +TEST(OCSPDateTest, ThisUpdateInTheFuture) { + OCSPSingleResponse response; + + base::Time now = base::Time::Now(); + base::Time this_update = now + base::TimeDelta::FromHours(1); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); + response.has_next_update = false; + EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); + + base::Time next_update = this_update + base::TimeDelta::FromDays(7); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); + response.has_next_update = true; + EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); +} + +TEST(OCSPDateTest, NextUpdatePassed) { + OCSPSingleResponse response; + + base::Time now = base::Time::Now(); + base::Time this_update = now - base::TimeDelta::FromDays(6); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); + response.has_next_update = false; + EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); + + base::Time next_update = now - base::TimeDelta::FromHours(1); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); + response.has_next_update = true; + EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); +} + +TEST(OCSPDateTest, NextUpdateBeforeThisUpdate) { + OCSPSingleResponse response; + + base::Time now = base::Time::Now(); + base::Time this_update = now - base::TimeDelta::FromDays(1); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); + response.has_next_update = false; + EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); + + base::Time next_update = this_update - base::TimeDelta::FromDays(1); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); + response.has_next_update = true; + EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); +} + +TEST(OCSPDateTest, ThisUpdateOlderThanMaxAge) { + OCSPSingleResponse response; + + base::Time now = base::Time::Now(); + base::Time this_update = now - kOCSPAgeOneWeek; + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); + response.has_next_update = false; + EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); + + base::Time next_update = now + base::TimeDelta::FromHours(1); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); + response.has_next_update = true; + EXPECT_TRUE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); + + ASSERT_TRUE(der::EncodeTimeAsGeneralizedTime( + this_update - base::TimeDelta::FromSeconds(1), &response.this_update)); + response.has_next_update = false; + EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); + response.has_next_update = true; + EXPECT_FALSE(CheckOCSPDateValid(response, now, kOCSPAgeOneWeek)); +} + +TEST(OCSPDateTest, VerifyTimeFromBeforeWindowsEpoch) { + OCSPSingleResponse response; + base::Time windows_epoch; + base::Time verify_time = windows_epoch - base::TimeDelta::FromDays(1); + + base::Time now = base::Time::Now(); + base::Time this_update = now - base::TimeDelta::FromHours(1); + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); + response.has_next_update = false; + EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); + + base::Time next_update = this_update + kOCSPAgeOneWeek; + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(next_update, &response.next_update)); + response.has_next_update = true; + EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); +} + +TEST(OCSPDateTest, VerifyTimeMinusAgeFromBeforeWindowsEpoch) { + OCSPSingleResponse response; + base::Time windows_epoch; + base::Time verify_time = windows_epoch + base::TimeDelta::FromDays(1); + + base::Time this_update = windows_epoch; + ASSERT_TRUE( + der::EncodeTimeAsGeneralizedTime(this_update, &response.this_update)); + response.has_next_update = false; +#if defined(OS_WIN) + EXPECT_FALSE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); +#else + EXPECT_TRUE(CheckOCSPDateValid(response, verify_time, kOCSPAgeOneWeek)); +#endif +} + } // namespace net |