Add tests for certificate status message

Currently untested by TLS crosstalk tests because it is not supported on the server side. Exposes the rest of TLS message types to application.
author: Jack Lloyd <[email protected]> 2017-01-04 15:57:30 -0500
committer: Jack Lloyd <[email protected]> 2017-01-04 15:57:30 -0500
commit: 8285fe04ae8a5c41ae2606bd08aed9aa1bd3126f (patch)
tree: d9ded2b0899d0270d0f747c8ef1032c567c92b85 /src/tests
parent: 51b83c2f3807cfd36744b94dfe337a6d31f00847 (diff)
3 files changed, 54 insertions, 5 deletions
diff --git a/src/tests/data/tls/cert_status.vec b/src/tests/data/tls/cert_status.vec
new file mode 100644
index 000000000..d93f800ab
--- /dev/null
+++ b/src/tests/data/tls/cert_status.vec
@@ -0,0 +1,17 @@
+
+[cert_status]
+Buffer = 00
+Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small
+
+Buffer = 01
+Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small
+
+Buffer = 01000000
+Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small
+
+Buffer = 010FFFF000
+Exception = Invalid argument Decoding error: Invalid Certificate_Status: invalid length field
+
+Buffer = 0100020F3082020B0A0100A08202043082020006092B0601050507300101048201F1308201ED3081D6A14C304A310B300906035504061302555331163014060355040A130D4C6574277320456E6372797074312330210603550403131A4C6574277320456E637279707420417574686F72697479205833180F32303136313131383132313630305A30753073304B300906052B0E03021A050004147EE66AE7729AB3FCF8A220646C16A12D6071085D0414A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1021203E89ED07A424B72A35FAD167F48A4F25AD28000180F32303136313131383132303030305AA011180F32303136313132353132303030305A300D06092A864886F70D01010B050003820101007CB8774D813E6E0FBFA816BE53F5F3131EF9DED7B0928BBE50AC628C90C811DBBFE0E43A98BF3FB608CC230EFE31FE98BE99016D98DE73028F6C1AE8C34B0F20DD7E688604322538E721EF9D0D353EADE8818BFB63DA8078A7E2BF9E637282DE6C79B2289F0C13807A9D3B7532970FF0AA77CE06A06299B02274ED6C62DFC672485405C1859FEBDFC3B5B2D81A0A45382FFABBF75D6EAC1AD1AF12701DCDF87F0EFEB41933AED08EF78B35F48362A792E55027F00B3EE4571F30212A3EB7BE4B934F67685A4AF2BBF428280BC20D1A42E75DBE42C459541B4E1EE5BB99E0CCA166C2E9C2E6054F147F2FDF33F104E9076061640EDDB12B62BEAA82E0D60ED128
+Name = Let's Encrypt Authority X3
+Exception =
diff --git a/src/tests/data/tls/cert_verify.vec b/src/tests/data/tls/cert_verify.vec
index f812d1c6a..7f09002ce 100644
--- a/src/tests/data/tls/cert_verify.vec
+++ b/src/tests/data/tls/cert_verify.vec
@@ -37,4 +37,4 @@ Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected
 
 Buffer = 000200
 Protocol = 0301
-Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
-\ No newline at end of file
+Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
diff --git a/src/tests/test_tls_messages.cpp b/src/tests/test_tls_messages.cpp
index d4a9a27fd..d04bea8a0 100644
--- a/src/tests/test_tls_messages.cpp
+++ b/src/tests/test_tls_messages.cpp
@@ -47,7 +47,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
    {
    public:
       TLS_Message_Parsing_Test() :
-         Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Exception")
+         Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Name,Exception")
          {}
 
       Test::Result run_one_test(const std::string& algo, const VarMap& vars) override
@@ -56,6 +56,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
          const std::vector<uint8_t> protocol    = get_opt_bin(vars, "Protocol");
          const std::vector<uint8_t> ciphersuite = get_opt_bin(vars, "Ciphersuite");
          const std::string exception            = get_req_str(vars, "Exception");
+         const std::string expected_name        = get_opt_str(vars, "Name", "");
          const bool is_positive_test            = exception.empty();
          
          Test::Result result(algo + " parsing");
@@ -69,7 +70,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]);
                   Botan::TLS::Certificate_Verify message(buffer, pv);
                   }
-               if(algo == "client_hello")
+               else if(algo == "client_hello")
                   {
                   const std::string extensions = get_req_str(vars, "AdditionalData");
                   Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]);
@@ -96,7 +97,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   {
                   Botan::TLS::New_Session_Ticket message(buffer);
                   }
-               if(algo == "server_hello")
+               else if(algo == "server_hello")
                   {
                   const std::string extensions = get_req_str(vars, "AdditionalData");
                   Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]);
@@ -120,6 +121,26 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   result.test_lt("Alert type vectors result to UNKNOWN_CA or ACCESS_DENIED, which is shorter than 15", 
                           message.type_string().size(), 15);
                   }
+               else if(algo == "cert_status")
+                  {
+                  Botan::TLS::Certificate_Status message(buffer);
+                  std::shared_ptr<const Botan::OCSP::Response> resp = message.response();
+
+                  if(result.confirm("Decoded response", resp != nullptr))
+                     {
+                     const std::vector<std::string> CNs = resp->signer_name().get_attribute("CN");
+
+                     // This is not requird by OCSP protocol, we are just using it as a test here
+                     if(result.test_eq("OCSP response has signer name", CNs.size(), 1))
+                        {
+                        result.test_eq("Expected name", CNs[0], expected_name);
+                        }
+                     }
+                  }
+               else
+                  {
+                  throw Test_Error("Unknown message type " + algo + " in TLS parsing tests");
+                  }
                result.test_success("Correct parsing"); 
                }
             catch(std::exception& e)
@@ -158,6 +179,13 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   Botan::TLS::Hello_Request message(buffer);
                   });
                }
+            else if(algo == "cert_status")
+               {
+               result.test_throws("invalid cert_status input", exception, [&buffer]()
+                  {
+                  Botan::TLS::Certificate_Status message(buffer);
+                  });
+               }
             else if(algo == "new_session_ticket")
                {
                result.test_throws("invalid new_session_ticket input", exception, [&buffer]()
@@ -180,11 +208,15 @@ class TLS_Message_Parsing_Test : public Text_Based_Test
                   Botan::TLS::Alert message(sb);
                   });
                }
+            else
+               {
+               throw Test_Error("Unknown message type " + algo + " in TLS parsing tests");
+               }
             }
 
          return result;
          }
-      
+
       std::vector<Test::Result> run_final_tests() override
          {
          std::vector<Test::Result> results;
author	Jack Lloyd <[email protected]>	2017-01-04 15:57:30 -0500
committer	Jack Lloyd <[email protected]>	2017-01-04 15:57:30 -0500
commit	8285fe04ae8a5c41ae2606bd08aed9aa1bd3126f (patch)
tree	d9ded2b0899d0270d0f747c8ef1032c567c92b85 /src/tests
parent	51b83c2f3807cfd36744b94dfe337a6d31f00847 (diff)