Add tests for certificate status message

Currently untested by TLS crosstalk tests because it is not
supported on the server side.

Exposes the rest of TLS message types to application.

4 files changed, 62 insertions, 13 deletions

diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 8e08b6e87..5a1f03a06 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -394,7 +394,7 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message
 /**
 * Client Key Exchange Message
 */
-class Client_Key_Exchange final : public Handshake_Message
+class BOTAN_DLL Client_Key_Exchange final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return CLIENT_KEX; }
@@ -428,7 +428,7 @@ class Client_Key_Exchange final : public Handshake_Message
 /**
 * Certificate Message
 */
-class Certificate final : public Handshake_Message
+class BOTAN_DLL Certificate final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return CERTIFICATE; }
@@ -451,7 +451,7 @@ class Certificate final : public Handshake_Message
 /**
 * Certificate Status (RFC 6066)
 */
-class Certificate_Status final : public Handshake_Message
+class BOTAN_DLL Certificate_Status final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return CERTIFICATE_STATUS; }
@@ -472,7 +472,7 @@ class Certificate_Status final : public Handshake_Message
 /**
 * Certificate Request Message
 */
-class Certificate_Req final : public Handshake_Message
+class BOTAN_DLL Certificate_Req final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
@@ -539,7 +539,7 @@ class BOTAN_DLL Certificate_Verify final : public Handshake_Message
 /**
 * Finished Message
 */
-class Finished final : public Handshake_Message
+class BOTAN_DLL Finished final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return FINISHED; }
@@ -578,7 +578,7 @@ class BOTAN_DLL Hello_Request final : public Handshake_Message
 /**
 * Server Key Exchange Message
 */
-class Server_Key_Exchange final : public Handshake_Message
+class BOTAN_DLL Server_Key_Exchange final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return SERVER_KEX; }
@@ -646,7 +646,7 @@ class Server_Key_Exchange final : public Handshake_Message
 /**
 * Server Hello Done Message
 */
-class Server_Hello_Done final : public Handshake_Message
+class BOTAN_DLL Server_Hello_Done final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return SERVER_HELLO_DONE; }
@@ -687,7 +687,7 @@ class BOTAN_DLL New_Session_Ticket final : public Handshake_Message
 /**
 * Change Cipher Spec
 */
-class Change_Cipher_Spec final : public Handshake_Message
+class BOTAN_DLL Change_Cipher_Spec final : public Handshake_Message
    {
    public:
       Handshake_Type type() const override { return HANDSHAKE_CCS; }
diff --git a/src/tests/data/tls/cert_status.vec b/src/tests/data/tls/cert_status.vec
new file mode 100644
index 000000000..d93f800ab
--- /dev/null
+++ b/src/tests/data/tls/cert_status.vec
@@ -0,0 +1,17 @@
+
+[cert_status]
+Buffer = 00
+Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small
+
+Buffer = 01
+Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small
+
+Buffer = 01000000
+Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small
+
+Buffer = 010FFFF000
+Exception = Invalid argument Decoding error: Invalid Certificate_Status: invalid length field
+
+Buffer = 0100020F3082020B0A0100A08202043082020006092B0601050507300101048201F1308201ED3081D6A14C304A310B300906035504061302555331163014060355040A130D4C6574277320456E6372797074312330210603550403131A4C6574277320456E637279707420417574686F72697479205833180F32303136313131383132313630305A30753073304B300906052B0E03021A050004147EE66AE7729AB3FCF8A220646C16A12D6071085D0414A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1021203E89ED07A424B72A35FAD167F48A4F25AD28000180F32303136313131383132303030305AA011180F32303136313132353132303030305A300D06092A864886F70D01010B050003820101007CB8774D813E6E0FBFA816BE53F5F3131EF9DED7B0928BBE50AC628C90C811DBBFE0E43A98BF3FB608CC230EFE31FE98BE99016D98DE73028F6C1AE8C34B0F20DD7E688604322538E721EF9D0D353EADE8818BFB63DA8078A7E2BF9E637282DE6C79B2289F0C13807A9D3B7532970FF0AA77CE06A06299B02274ED6C62DFC672485405C1859FEBDFC3B5B2D81A0A45382FFABBF75D6EAC1AD1AF12701DCDF87F0EFEB41933AED08EF78B35F48362A792E55027F00B3EE4571F30212A3EB7BE4B934F67685A4AF2BBF428280BC20D1A42E75DBE42C459541B4E1EE5BB99E0CCA166C2E9C2E6054F147F2FDF33F104E9076061640EDDB12B62BEAA82E0D60ED128
+Name = Let's Encrypt Authority X3
+Exception =
diff --git a/src/tests/data/tls/cert_verify.vec b/src/tests/data/tls/cert_verify.vec
index f812d1c6a..7f09002ce 100644
--- a/src/tests/data/tls/cert_verify.vec
+++ b/src/tests/data/tls/cert_verify.vec
@@ -37,4 +37,4 @@ Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected
 
 Buffer = 000200
 Protocol = 0301
-Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
\ No newline at end of file
+Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
diff --git a/src/tests/test_tls_messages.cpp b/src/tests/test_tls_messages.cpp
index d4a9a27fd..d04bea8a0 100644
--- a/src/tests/test_tls_messages.cpp
+++ b/src/tests/test_tls_messages.cpp
@@ -47,7 +47,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
    {
    public:
       TLS_Message_Parsing_Test() :
-         Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Exception")
+         Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Name,Exception")
          {}
 
       Test::Result run_one_test(const std::string& algo, const VarMap& vars) override
@@ -56,6 +56,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
          const std::vector<uint8_t> protocol    = get_opt_bin(vars, "Protocol");
          const std::vector<uint8_t> ciphersuite = get_opt_bin(vars, "Ciphersuite");
          const std::string exception            = get_req_str(vars, "Exception");
+         const std::string expected_name        = get_opt_str(vars, "Name", "");
          const bool is_positive_test            = exception.empty();
          
          Test::Result result(algo + " parsing");
@@ -69,7 +70,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]);
                   Botan::TLS::Certificate_Verify message(buffer, pv);
                   }
-               if(algo == "client_hello")
+               else if(algo == "client_hello")
                   {
                   const std::string extensions = get_req_str(vars, "AdditionalData");
                   Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]);
@@ -96,7 +97,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   {
                   Botan::TLS::New_Session_Ticket message(buffer);
                   }
-               if(algo == "server_hello")
+               else if(algo == "server_hello")
                   {
                   const std::string extensions = get_req_str(vars, "AdditionalData");
                   Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]);
@@ -120,6 +121,26 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   result.test_lt("Alert type vectors result to UNKNOWN_CA or ACCESS_DENIED, which is shorter than 15", 
                           message.type_string().size(), 15);
                   }
+               else if(algo == "cert_status")
+                  {
+                  Botan::TLS::Certificate_Status message(buffer);
+                  std::shared_ptr<const Botan::OCSP::Response> resp = message.response();
+
+                  if(result.confirm("Decoded response", resp != nullptr))
+                     {
+                     const std::vector<std::string> CNs = resp->signer_name().get_attribute("CN");
+
+                     // This is not requird by OCSP protocol, we are just using it as a test here
+                     if(result.test_eq("OCSP response has signer name", CNs.size(), 1))
+                        {
+                        result.test_eq("Expected name", CNs[0], expected_name);
+                        }
+                     }
+                  }
+               else
+                  {
+                  throw Test_Error("Unknown message type " + algo + " in TLS parsing tests");
+                  }
                result.test_success("Correct parsing"); 
                }
             catch(std::exception& e)
@@ -158,6 +179,13 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   Botan::TLS::Hello_Request message(buffer);
                   });
                }
+            else if(algo == "cert_status")
+               {
+               result.test_throws("invalid cert_status input", exception, [&buffer]()
+                  {
+                  Botan::TLS::Certificate_Status message(buffer);
+                  });
+               }
             else if(algo == "new_session_ticket")
                {
                result.test_throws("invalid new_session_ticket input", exception, [&buffer]()
@@ -180,11 +208,15 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   Botan::TLS::Alert message(sb);
                   });
                }
+            else
+               {
+               throw Test_Error("Unknown message type " + algo + " in TLS parsing tests");
+               }
             }
 
          return result;
          }
-      
+
       std::vector<Test::Result> run_final_tests() override
          {
          std::vector<Test::Result> results;