// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "cast/sender/channel/cast_auth_util.h" #include <openssl/x509.h> #include <memory> #include <string> #include <utility> #include "cast/common/certificate/cast_cert_validator.h" #include "cast/common/certificate/cast_crl.h" #include "cast/common/certificate/date_time.h" #include "cast/common/certificate/proto/test_suite.pb.h" #include "cast/common/certificate/testing/test_helpers.h" #include "cast/common/channel/proto/cast_channel.pb.h" #include "cast/common/public/trust_store.h" #include "gtest/gtest.h" #include "platform/api/time.h" #include "platform/test/paths.h" #include "util/crypto/pem_helpers.h" #include "util/osp_logging.h" #include "util/read_file.h" #include "util/span_util.h" namespace openscreen::cast { namespace { AuthResponse; std::unique_ptr<ParsedCertificate> ParseX509Der(const std::string& der) { … } bool ConvertTimeSeconds(const DateTime& time, uint64_t* seconds) { … } const std::string& GetSpecificTestDataPath() { … } class CastAuthUtilTest : public ::testing::Test { … }; // Note on expiration: VerifyCredentials() depends on the system clock. In // practice this shouldn't be a problem though since the certificate chain // being verified doesn't expire until 2032. TEST_F(CastAuthUtilTest, VerifySuccess) { … } TEST_F(CastAuthUtilTest, VerifyBadCA) { … } TEST_F(CastAuthUtilTest, VerifyBadClientAuthCert) { … } TEST_F(CastAuthUtilTest, VerifyBadSignature) { … } TEST_F(CastAuthUtilTest, VerifyEmptySignature) { … } TEST_F(CastAuthUtilTest, VerifyUnsupportedDigest) { … } TEST_F(CastAuthUtilTest, VerifyBackwardsCompatibleDigest) { … } TEST_F(CastAuthUtilTest, VerifyBadPeerCert) { … } TEST_F(CastAuthUtilTest, VerifySenderNonceMatch) { … } TEST_F(CastAuthUtilTest, VerifySenderNonceMismatch) { … } TEST_F(CastAuthUtilTest, VerifySenderNonceMissing) { … } TEST_F(CastAuthUtilTest, VerifyTLSCertificateSuccess) { … } TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooEarly) { … } TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooLate) { … } // Indicates the expected result of test step's verification. enum TestStepResult { … }; // Verifies that the certificate chain provided is not revoked according to // the provided Cast CRL at |verification_time|. // The provided CRL is verified at |verification_time|. // If |crl_required| is set, then a valid Cast CRL must be provided. // Otherwise, a missing CRL is be ignored. ErrorOr<CastDeviceCertPolicy> TestVerifyRevocation( const std::vector<std::string>& certificate_chain, const std::string& crl_bundle, const DateTime& verification_time, bool crl_required, TrustStore* cast_trust_store, TrustStore* crl_trust_store) { … } // Runs a single test case. bool RunTest(const proto::DeviceCertTest& test_case) { … } // Parses the provided test suite provided in wire-format proto. // Each test contains the inputs and the expected output. // To see the description of the test, execute the test. // These tests are generated by a test generator in google3. void RunTestSuite(const std::string& test_suite_file_name) { … } TEST_F(CastAuthUtilTest, CRLTestSuite) { … } } // namespace } // namespace openscreen::cast
Codebase Browser
chromium