Add a test for to_string(Certificate_Status_Code)

2 files changed, 69 insertions, 5 deletions

diff --git a/src/lib/x509/cert_status.cpp b/src/lib/x509/cert_status.cpp
index e08e8efcc..76a102aef 100644
--- a/src/lib/x509/cert_status.cpp
+++ b/src/lib/x509/cert_status.cpp
@@ -27,7 +27,7 @@ const char* to_string(Certificate_Status_Code code)
       case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK:
          return "Signature method too weak";
       case Certificate_Status_Code::UNTRUSTED_HASH:
-         return "Untrusted hash";
+         return "Hash function used is considered too weak for security";
 
       case Certificate_Status_Code::CERT_NOT_YET_VALID:
          return "Certificate is not yet valid";
@@ -36,9 +36,9 @@ const char* to_string(Certificate_Status_Code code)
       case Certificate_Status_Code::OCSP_NOT_YET_VALID:
          return "OCSP is not yet valid";
       case Certificate_Status_Code::OCSP_HAS_EXPIRED:
-         return "OCSP has expired";
+         return "OCSP response has expired";
       case Certificate_Status_Code::CRL_NOT_YET_VALID:
-         return "CRL is not yet valid";
+         return "CRL response is not yet valid";
       case Certificate_Status_Code::CRL_HAS_EXPIRED:
          return "CRL has expired";
 
@@ -54,9 +54,9 @@ const char* to_string(Certificate_Status_Code code)
          return "Certificate issuer does not match subject of issuing cert";
 
       case Certificate_Status_Code::POLICY_ERROR:
-         return "Policy error";
+         return "Certificate policy error";
       case Certificate_Status_Code::INVALID_USAGE:
-         return "Invalid usage";
+         return "Certificate does not allow the requested usage";
       case Certificate_Status_Code::CERT_CHAIN_TOO_LONG:
          return "Certificate chain too long";
       case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER:
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index ae860067c..7a22033a8 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -98,6 +98,69 @@ std::unique_ptr<Botan::Private_Key> make_a_private_key(const std::string& algo)
    }
 
 
+Test::Result test_cert_status_strings()
+   {
+   Test::Result result("Certificate_Status_Code to_string");
+
+   std::set<std::string> seen;
+
+   result.test_eq("Same string",
+                  Botan::to_string(Botan::Certificate_Status_Code::OK),
+                  Botan::to_string(Botan::Certificate_Status_Code::VERIFIED));
+
+   const std::vector<Botan::Certificate_Status_Code> codes = {
+      Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD,
+      Botan::Certificate_Status_Code::OCSP_SIGNATURE_OK,
+      Botan::Certificate_Status_Code::VALID_CRL_CHECKED,
+      Botan::Certificate_Status_Code::OCSP_NO_HTTP,
+
+      Botan::Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK,
+      Botan::Certificate_Status_Code::UNTRUSTED_HASH,
+      Botan::Certificate_Status_Code::NO_REVOCATION_DATA,
+      Botan::Certificate_Status_Code::CERT_NOT_YET_VALID,
+      Botan::Certificate_Status_Code::CERT_HAS_EXPIRED,
+      Botan::Certificate_Status_Code::OCSP_NOT_YET_VALID,
+      Botan::Certificate_Status_Code::OCSP_HAS_EXPIRED,
+      Botan::Certificate_Status_Code::CRL_NOT_YET_VALID,
+      Botan::Certificate_Status_Code::CRL_HAS_EXPIRED,
+      Botan::Certificate_Status_Code::CERT_ISSUER_NOT_FOUND,
+      Botan::Certificate_Status_Code::CANNOT_ESTABLISH_TRUST,
+      Botan::Certificate_Status_Code::CERT_CHAIN_LOOP,
+      Botan::Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT,
+      Botan::Certificate_Status_Code::CHAIN_NAME_MISMATCH,
+      Botan::Certificate_Status_Code::POLICY_ERROR,
+      Botan::Certificate_Status_Code::INVALID_USAGE,
+      Botan::Certificate_Status_Code::CERT_CHAIN_TOO_LONG,
+      Botan::Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER,
+      Botan::Certificate_Status_Code::NAME_CONSTRAINT_ERROR,
+      Botan::Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER,
+      Botan::Certificate_Status_Code::OCSP_CERT_NOT_LISTED,
+      Botan::Certificate_Status_Code::OCSP_BAD_STATUS,
+      Botan::Certificate_Status_Code::CERT_NAME_NOMATCH,
+      Botan::Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION,
+      Botan::Certificate_Status_Code::OCSP_SIGNATURE_ERROR,
+      Botan::Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND,
+      Botan::Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE,
+      Botan::Certificate_Status_Code::OCSP_RESPONSE_INVALID,
+      Botan::Certificate_Status_Code::CERT_IS_REVOKED,
+      Botan::Certificate_Status_Code::CRL_BAD_SIGNATURE,
+      Botan::Certificate_Status_Code::SIGNATURE_ERROR,
+      Botan::Certificate_Status_Code::CERT_PUBKEY_INVALID,
+   };
+
+   for(auto code : codes)
+      {
+      std::string s = Botan::to_string(code);
+      result.confirm("String is long enough to be informative", s.size() > 12);
+      result.test_eq("No duplicates", seen.count(s), 0);
+      seen.insert(s);
+      }
+
+   return result;
+
+   }
+
+
 Test::Result test_x509_dates()
    {
    Test::Result result("X509_Time");
@@ -702,6 +765,7 @@ class X509_Cert_Unit_Tests : public Test
 
          results.push_back(valid_constraints_result);
          results.push_back(test_x509_dates());
+         results.push_back(test_cert_status_strings());
 
          return results;
          }