diff options
| author | Patrick Schmidt <[email protected]> | 2019-05-24 10:45:13 +0200 |
|---|---|---|
| committer | Patrick Schmidt <[email protected]> | 2019-05-27 14:47:16 +0200 |
| commit | 2780d052b592e7ce0443a4bff9d1b649df80f800 (patch) | |
| tree | b74625bf1ebb1240467b2fb7828cca74ed3134bd /src/tests/test_ocsp.cpp | |
| parent | 4c4e9a6a1c410dfa63ce430965b71efc9526b62e (diff) | |
add optional max_age for ocsp checks
Diffstat (limited to 'src/tests/test_ocsp.cpp')
| -rw-r--r-- | src/tests/test_ocsp.cpp | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index 753e4455b..1e7676c48 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -154,6 +154,37 @@ class OCSP_Tests final : public Test return result; } + Test::Result test_response_verification_too_old() + { + Test::Result result("OCSP request check if too old"); + + std::shared_ptr<const Botan::X509_Certificate> ee = load_test_X509_cert("x509/ocsp/randombit.pem"); + std::shared_ptr<const Botan::X509_Certificate> ca = load_test_X509_cert("x509/ocsp/letsencrypt.pem"); + std::shared_ptr<const Botan::X509_Certificate> trust_root = load_test_X509_cert("x509/ocsp/geotrust.pem"); + + const std::vector<std::shared_ptr<const Botan::X509_Certificate>> cert_path = { ee, ca, trust_root }; + + std::shared_ptr<const Botan::OCSP::Response> ocsp = load_test_OCSP_resp("x509/ocsp/randombit_ocsp.der"); + + Botan::Certificate_Store_In_Memory certstore; + certstore.add_certificate(trust_root); + + // Some arbitrary time within the validity period of the test certs + const auto valid_time = Botan::calendar_point(2016, 11, 20, 8, 30, 0).to_std_timepoint(); + const auto max_age = std::chrono::hours(1); + const auto ocsp_status = Botan::PKIX::check_ocsp(cert_path, { ocsp }, { &certstore }, valid_time, max_age); + + if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1)) + { + if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) + { + result.confirm("Status good", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); + } + } + + return result; + } + Test::Result test_response_verification_softfail() { Test::Result result("OCSP request softfail check"); @@ -225,6 +256,7 @@ class OCSP_Tests final : public Test results.push_back(test_response_parsing()); results.push_back(test_response_certificate_access()); results.push_back(test_response_verification()); + results.push_back(test_response_verification_too_old()); results.push_back(test_response_verification_softfail()); #if defined(BOTAN_HAS_ONLINE_REVOCATION_CHECKS) |