blob: 9020535060baf69eb517db22df47cf56fc48b85b [file] [log] [blame]
/* Copyright (c) 2023, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include "trust_store_in_memory.h"
#include <gtest/gtest.h>
#include "test_helpers.h"
BSSL_NAMESPACE_BEGIN
namespace {
class TrustStoreInMemoryTest : public testing::Test {
public:
void SetUp() override {
ParsedCertificateList chain;
ASSERT_TRUE(ReadCertChainFromFile(
"testdata/verify_certificate_chain_unittest/key-rollover/oldchain.pem",
&chain));
ASSERT_EQ(3U, chain.size());
target_ = chain[0];
oldintermediate_ = chain[1];
oldroot_ = chain[2];
ASSERT_TRUE(target_);
ASSERT_TRUE(oldintermediate_);
ASSERT_TRUE(oldroot_);
ASSERT_TRUE(
ReadCertChainFromFile("testdata/verify_certificate_chain_unittest/"
"key-rollover/longrolloverchain.pem",
&chain));
ASSERT_EQ(5U, chain.size());
newintermediate_ = chain[1];
newroot_ = chain[2];
newrootrollover_ = chain[3];
ASSERT_TRUE(newintermediate_);
ASSERT_TRUE(newroot_);
ASSERT_TRUE(newrootrollover_);
}
protected:
std::shared_ptr<const ParsedCertificate> oldroot_;
std::shared_ptr<const ParsedCertificate> newroot_;
std::shared_ptr<const ParsedCertificate> newrootrollover_;
std::shared_ptr<const ParsedCertificate> target_;
std::shared_ptr<const ParsedCertificate> oldintermediate_;
std::shared_ptr<const ParsedCertificate> newintermediate_;
};
TEST_F(TrustStoreInMemoryTest, OneRootTrusted) {
TrustStoreInMemory in_memory;
in_memory.AddTrustAnchor(newroot_);
// newroot_ is trusted.
CertificateTrust trust = in_memory.GetTrust(newroot_.get());
EXPECT_EQ(CertificateTrust::ForTrustAnchor().ToDebugString(),
trust.ToDebugString());
// oldroot_ is not.
trust = in_memory.GetTrust(oldroot_.get());
EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(),
trust.ToDebugString());
}
TEST_F(TrustStoreInMemoryTest, DistrustBySPKI) {
TrustStoreInMemory in_memory;
in_memory.AddDistrustedCertificateBySPKI(
std::string(BytesAsStringView(newroot_->tbs().spki_tlv)));
// newroot_ is distrusted.
CertificateTrust trust = in_memory.GetTrust(newroot_.get());
EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(),
trust.ToDebugString());
// oldroot_ is unspecified.
trust = in_memory.GetTrust(oldroot_.get());
EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(),
trust.ToDebugString());
// newrootrollover_ is also distrusted because it has the same key.
trust = in_memory.GetTrust(newrootrollover_.get());
EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(),
trust.ToDebugString());
}
TEST_F(TrustStoreInMemoryTest, DistrustBySPKIOverridesTrust) {
TrustStoreInMemory in_memory;
in_memory.AddTrustAnchor(newroot_);
in_memory.AddDistrustedCertificateBySPKI(
std::string(BytesAsStringView(newroot_->tbs().spki_tlv)));
// newroot_ is distrusted.
CertificateTrust trust = in_memory.GetTrust(newroot_.get());
EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(),
trust.ToDebugString());
}
} // namespace
BSSL_NAMESPACE_END