diff options
author | Jack Lloyd <[email protected]> | 2017-01-05 18:41:29 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-01-05 18:41:29 -0500 |
commit | 194bf02ec1c1a5abb9f5767d26d898810658ec34 (patch) | |
tree | 35f276be44f40f4adeedf6623ef107d8dae816c2 /src/tests | |
parent | 67eb36c351b7b9a5c136927c16b772e4014cacd3 (diff) | |
parent | 8285fe04ae8a5c41ae2606bd08aed9aa1bd3126f (diff) |
Merge GH #806 Add tests for TLS certificate static message
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/data/tls/cert_status.vec | 17 | ||||
-rw-r--r-- | src/tests/data/tls/cert_verify.vec | 2 | ||||
-rw-r--r-- | src/tests/test_tls_messages.cpp | 40 |
3 files changed, 54 insertions, 5 deletions
diff --git a/src/tests/data/tls/cert_status.vec b/src/tests/data/tls/cert_status.vec new file mode 100644 index 000000000..d93f800ab --- /dev/null +++ b/src/tests/data/tls/cert_status.vec @@ -0,0 +1,17 @@ + +[cert_status] +Buffer = 00 +Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small + +Buffer = 01 +Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small + +Buffer = 01000000 +Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small + +Buffer = 010FFFF000 +Exception = Invalid argument Decoding error: Invalid Certificate_Status: invalid length field + +Buffer = 0100020F3082020B0A0100A08202043082020006092B0601050507300101048201F1308201ED3081D6A14C304A310B300906035504061302555331163014060355040A130D4C6574277320456E6372797074312330210603550403131A4C6574277320456E637279707420417574686F72697479205833180F32303136313131383132313630305A30753073304B300906052B0E03021A050004147EE66AE7729AB3FCF8A220646C16A12D6071085D0414A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1021203E89ED07A424B72A35FAD167F48A4F25AD28000180F32303136313131383132303030305AA011180F32303136313132353132303030305A300D06092A864886F70D01010B050003820101007CB8774D813E6E0FBFA816BE53F5F3131EF9DED7B0928BBE50AC628C90C811DBBFE0E43A98BF3FB608CC230EFE31FE98BE99016D98DE73028F6C1AE8C34B0F20DD7E688604322538E721EF9D0D353EADE8818BFB63DA8078A7E2BF9E637282DE6C79B2289F0C13807A9D3B7532970FF0AA77CE06A06299B02274ED6C62DFC672485405C1859FEBDFC3B5B2D81A0A45382FFABBF75D6EAC1AD1AF12701DCDF87F0EFEB41933AED08EF78B35F48362A792E55027F00B3EE4571F30212A3EB7BE4B934F67685A4AF2BBF428280BC20D1A42E75DBE42C459541B4E1EE5BB99E0CCA166C2E9C2E6054F147F2FDF33F104E9076061640EDDB12B62BEAA82E0D60ED128 +Name = Let's Encrypt Authority X3 +Exception = diff --git a/src/tests/data/tls/cert_verify.vec b/src/tests/data/tls/cert_verify.vec index f812d1c6a..7f09002ce 100644 --- a/src/tests/data/tls/cert_verify.vec +++ b/src/tests/data/tls/cert_verify.vec @@ -37,4 +37,4 @@ Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected Buffer = 000200 Protocol = 0301 -Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
\ No newline at end of file +Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left diff --git a/src/tests/test_tls_messages.cpp b/src/tests/test_tls_messages.cpp index d4a9a27fd..d04bea8a0 100644 --- a/src/tests/test_tls_messages.cpp +++ b/src/tests/test_tls_messages.cpp @@ -47,7 +47,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test { public: TLS_Message_Parsing_Test() : - Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Exception") + Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Name,Exception") {} Test::Result run_one_test(const std::string& algo, const VarMap& vars) override @@ -56,6 +56,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test const std::vector<uint8_t> protocol = get_opt_bin(vars, "Protocol"); const std::vector<uint8_t> ciphersuite = get_opt_bin(vars, "Ciphersuite"); const std::string exception = get_req_str(vars, "Exception"); + const std::string expected_name = get_opt_str(vars, "Name", ""); const bool is_positive_test = exception.empty(); Test::Result result(algo + " parsing"); @@ -69,7 +70,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]); Botan::TLS::Certificate_Verify message(buffer, pv); } - if(algo == "client_hello") + else if(algo == "client_hello") { const std::string extensions = get_req_str(vars, "AdditionalData"); Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]); @@ -96,7 +97,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test { Botan::TLS::New_Session_Ticket message(buffer); } - if(algo == "server_hello") + else if(algo == "server_hello") { const std::string extensions = get_req_str(vars, "AdditionalData"); Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]); @@ -120,6 +121,26 @@ class TLS_Message_Parsing_Test : public Text_Based_Test result.test_lt("Alert type vectors result to UNKNOWN_CA or ACCESS_DENIED, which is shorter than 15", message.type_string().size(), 15); } + else if(algo == "cert_status") + { + Botan::TLS::Certificate_Status message(buffer); + std::shared_ptr<const Botan::OCSP::Response> resp = message.response(); + + if(result.confirm("Decoded response", resp != nullptr)) + { + const std::vector<std::string> CNs = resp->signer_name().get_attribute("CN"); + + // This is not requird by OCSP protocol, we are just using it as a test here + if(result.test_eq("OCSP response has signer name", CNs.size(), 1)) + { + result.test_eq("Expected name", CNs[0], expected_name); + } + } + } + else + { + throw Test_Error("Unknown message type " + algo + " in TLS parsing tests"); + } result.test_success("Correct parsing"); } catch(std::exception& e) @@ -158,6 +179,13 @@ class TLS_Message_Parsing_Test : public Text_Based_Test Botan::TLS::Hello_Request message(buffer); }); } + else if(algo == "cert_status") + { + result.test_throws("invalid cert_status input", exception, [&buffer]() + { + Botan::TLS::Certificate_Status message(buffer); + }); + } else if(algo == "new_session_ticket") { result.test_throws("invalid new_session_ticket input", exception, [&buffer]() @@ -180,11 +208,15 @@ class TLS_Message_Parsing_Test : public Text_Based_Test Botan::TLS::Alert message(sb); }); } + else + { + throw Test_Error("Unknown message type " + algo + " in TLS parsing tests"); + } } return result; } - + std::vector<Test::Result> run_final_tests() override { std::vector<Test::Result> results; |