Add some simple OCSP tests

Nothing much but better than nothing.

Also add a useful arg check to OCSP::Request constructor.

7 files changed, 168 insertions, 0 deletions

diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp
index fd82393e7..fb7b718b6 100644
--- a/src/lib/x509/ocsp.cpp
+++ b/src/lib/x509/ocsp.cpp
@@ -56,6 +56,8 @@ Request::Request(const X509_Certificate& issuer_cert,
    m_subject(subject_cert),
    m_certid(m_issuer, m_subject)
    {
+   if(subject_cert.issuer_dn() != issuer_cert.subject_dn())
+      throw Invalid_Argument("Invalid cert pair to OCSP::Request (mismatched issuer,subject args?)");
    }
 
 std::vector<byte> Request::BER_encode() const
diff --git a/src/tests/data/ocsp/gmail.pem b/src/tests/data/ocsp/gmail.pem
new file mode 100644
index 000000000..f96928a64
--- /dev/null
+++ b/src/tests/data/ocsp/gmail.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnTCCA4WgAwIBAgIIQkg+DF+RYMYwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
+BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
+cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYxMTEwMTUzMDAwWhcNMTcwMjAyMTUzMDAw
+WjBjMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
+TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzESMBAGA1UEAwwJZ21h
+aWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw15ghutT7Ne
+eTd1u+TXCoyDK0/XwotRrrfP3+HU6f611WbUi+Eb4mpZ7ZnjBUBOWizRqr7XwURV
+7LpwC/Xxn2OlK+yFFeTZYRyZqKhtY3UQsbztAlc8s7LmBTU2bC2wR942SfTpEufB
+j+Qloc8WnyVVGqU3IhV1vLPZiNwUtRMKSZiuUDOH0M10icmXDyAl3zNw119ax6bf
+P4fROHmLydGP6xcAXEQ9MnJ8cec5V3R505UaxVMROF/TZ2PricWyoz53Tu8AGHXT
+81AH/Gq51ettup+CeYFdpxC4lEvZZwxeHo0kHkFv4od8g3HDYkjKfYkOi4vfFg1Z
+hMJG02d17QIDAQABo4IBbTCCAWkwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+BwMCMDsGA1UdEQQ0MDKCCWdtYWlsLmNvbYILKi5nbWFpbC5jb22CGHBvbGljeS5t
+dGEtc3RzLmdtYWlsLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0
+dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6
+Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFOssHSlSYSvxTr/l
+pRnYGdp+QKZoMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWB
+trtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgGBmeBDAECAjAwBgNV
+HR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0G
+CSqGSIb3DQEBCwUAA4IBAQArrTNbfuMTZTUrfImB3oS0ffMhbymSV8wCPvuC8+LO
+yj/1rclI+0NRI32oUgwyjk9xOkPY/uUBk3KXl2b39R4tr67acyUPtuVGY5Nam3Jk
+c/7oqREBJr+M/Qr7nYQqTMzh4LXekl/Nh+ZHRnRzYP+q0DE9f8AkiIs9ESziym1d
+UY7u/IgelaCyh8CNZoYqui7I4DPfegz/De39rtbCPunC9VQtlMDas4FIOjQrSTIz
+tV/xNJMR9ka57B4YLfzoTHq7w7zw+fqeebpyKa4MqOzK9kgrfASYe1YpWEy0SBBT
+4zfVLXqyr5eDeaJJjpRJEcSopc0nIN9qBCLc2K7GI54v
+-----END CERTIFICATE-----
diff --git a/src/tests/data/ocsp/google_g2.pem b/src/tests/data/ocsp/google_g2.pem
new file mode 100644
index 000000000..b663266fc
--- /dev/null
+++ b/src/tests/data/ocsp/google_g2.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8DCCAtigAwIBAgIDAjqSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMTUwNDAxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBJMQswCQYDVQQG
+EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
+bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
+VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
+h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
+ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
+EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
+DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7
+qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD
+VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov
+L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig
+JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ
+MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEACE4Ep4B/EBZDXgKt
+10KA9LCO0q6z6xF9kIQYfeeQFftJf6iZBZG7esnWPDcYCZq2x5IgBzUzCeQoY3IN
+tOAynIeYxBt2iWfBUFiwE6oTGhsypb7qEZVMSGNJ6ZldIDfM/ippURaVS6neSYLA
+EHD0LPPsvCQk0E6spdleHm2SwaesSDWB+eXknGVpzYekQVA/LlelkVESWA6MCaGs
+eqQSpSfzmhCXfVUDBvdmWF9fZOGrXW2lOUh1mEwpWjqN0yvKnFUEv/TmFNWArCbt
+F4mmk2xcpMy48GaOZON9muIAs0nH5Aqq3VuDx3CQRk6+0NtZlmwu9RY23nHMAcIS
+wSHGFg==
+-----END CERTIFICATE-----
diff --git a/src/tests/data/ocsp/resp1.der b/src/tests/data/ocsp/resp1.der
new file mode 100644
index 000000000..dd5420378
--- /dev/null
+++ b/src/tests/data/ocsp/resp1.der
diff --git a/src/tests/data/ocsp/resp2.der b/src/tests/data/ocsp/resp2.der
new file mode 100644
index 000000000..ea993bf5d
--- /dev/null
+++ b/src/tests/data/ocsp/resp2.der
diff --git a/src/tests/data/ocsp/resp3.der b/src/tests/data/ocsp/resp3.der
new file mode 100644
index 000000000..416678cae
--- /dev/null
+++ b/src/tests/data/ocsp/resp3.der
diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp
new file mode 100644
index 000000000..39bc9e77a
--- /dev/null
+++ b/src/tests/test_ocsp.cpp
@@ -0,0 +1,115 @@
+/*
+* (C) 2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_OCSP)
+  #include <botan/ocsp.h>
+  #include <sstream>
+#endif
+
+namespace Botan_Tests {
+
+#if defined(BOTAN_HAS_OCSP)
+
+class OCSP_Tests : public Test
+   {
+   private:
+      std::vector<byte> slurp_data_file(const std::string& path)
+         {
+         const std::string fsname = Test::data_file(path);
+         std::ifstream file(fsname.c_str());
+         if(!file.good())
+            throw Test_Error("Error reading from " + fsname);
+
+         std::vector<byte> contents;
+
+         while(file.good())
+            {
+            std::vector<byte> buf(4096);
+            file.read(reinterpret_cast<char*>(buf.data()), buf.size());
+            size_t got = file.gcount();
+
+            if(got == 0 && file.eof())
+               break;
+
+            contents.insert(contents.end(), buf.data(), buf.data() + got);
+            }
+
+         return contents;
+         }
+
+      Test::Result test_response_parsing()
+         {
+         Test::Result result("OCSP response parsing");
+
+         // Simple parsing tests
+         const std::vector<std::string> ocsp_input_paths = {
+            "ocsp/resp1.der",
+            "ocsp/resp2.der",
+            "ocsp/resp3.der"
+         };
+
+         for(std::string ocsp_input_path : ocsp_input_paths)
+            {
+            try
+               {
+               Botan::OCSP::Response resp(slurp_data_file(ocsp_input_path));
+               result.test_success("Parsed input " + ocsp_input_path);
+               }
+            catch(Botan::Exception& e)
+               {
+               result.test_failure("Parsing failed", e.what());
+               }
+            }
+
+         return result;
+         }
+
+      Test::Result test_request_encoding()
+         {
+         Test::Result result("OCSP encoding");
+
+         const Botan::X509_Certificate end_entity(Test::data_file("ocsp/gmail.pem"));
+         const Botan::X509_Certificate issuer(Test::data_file("ocsp/google_g2.pem"));
+
+         try
+            {
+            const Botan::OCSP::Request bogus(end_entity, issuer);
+            result.test_failure("Bad arguments (swapped end entity, issuer) accepted");
+            }
+         catch(Botan::Invalid_Argument&)
+            {
+            result.test_success("Bad arguments rejected");
+            }
+
+         const Botan::OCSP::Request req(issuer, end_entity);
+         const std::string expected_request = "ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFPLgavmFih2NcJtJGSN6qbUaKH5kBBRK3QYWG7z2aLV29YG2u2IaulqBLwIIQkg+DF+RYMY=";
+
+         result.test_eq("Encoded OCSP request",
+                        req.base64_encode(),
+                        expected_request);
+
+         return result;
+         }
+
+   public:
+      std::vector<Test::Result> run() override
+         {
+         std::vector<Test::Result> results;
+
+         results.push_back(test_request_encoding());
+         results.push_back(test_response_parsing());
+
+         return results;
+         }
+   };
+
+BOTAN_REGISTER_TEST("ocsp", OCSP_Tests);
+
+#endif
+
+}