aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-21 23:51:44 -0500
committerJack Lloyd <[email protected]>2016-11-23 08:31:09 -0500
commit28b38adb037719ba08691a4e8c6f59ea2e854760 (patch)
treee0761a1fe2dde2bd3b0fc2c42a9202da8cd171fd /src
parentb95652957cb12e890ac4a7f9000aa957edd70357 (diff)
Better OCSP tests including online tests
Tests touching network are gated by --run-online-tests flag.
Diffstat (limited to 'src')
-rw-r--r--src/lib/x509/cert_status.h6
-rw-r--r--src/lib/x509/x509path.cpp6
-rwxr-xr-xsrc/scripts/ci/travis/build.sh2
-rw-r--r--src/tests/data/ocsp/geotrust.pem21
-rw-r--r--src/tests/data/ocsp/identrust.pem20
-rw-r--r--src/tests/data/ocsp/letsencrypt.pem27
-rw-r--r--src/tests/data/ocsp/randombit.pem32
-rw-r--r--src/tests/data/ocsp/randombit_ocsp.derbin0 -> 527 bytes
-rw-r--r--src/tests/main.cpp6
-rw-r--r--src/tests/test_ocsp.cpp96
-rw-r--r--src/tests/tests.cpp9
-rw-r--r--src/tests/tests.h4
12 files changed, 218 insertions, 11 deletions
diff --git a/src/lib/x509/cert_status.h b/src/lib/x509/cert_status.h
index 921fd2b09..8f514c092 100644
--- a/src/lib/x509/cert_status.h
+++ b/src/lib/x509/cert_status.h
@@ -1,5 +1,5 @@
/*
-* Result enums
+* Path validation result enums
* (C) 2013 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
@@ -8,6 +8,8 @@
#ifndef BOTAN_X509_PATH_RESULT_H__
#define BOTAN_X509_PATH_RESULT_H__
+#include <botan/build.h>
+
namespace Botan {
/**
@@ -77,7 +79,7 @@ enum class Certificate_Status_Code {
* @param code the certifcate status
* @return string literal constant, or nullptr if code unknown
*/
-const char* to_string(Certificate_Status_Code code);
+BOTAN_DLL const char* to_string(Certificate_Status_Code code);
}
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
index 946539bab..c57985766 100644
--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
@@ -161,6 +161,9 @@ PKIX::check_ocsp(const std::vector<std::shared_ptr<const X509_Certificate>>& cer
}
}
+ while(cert_status.back().empty())
+ cert_status.pop_back();
+
return cert_status;
}
@@ -203,6 +206,9 @@ PKIX::check_crl(const std::vector<std::shared_ptr<const X509_Certificate>>& cert
}
}
+ while(cert_status.back().empty())
+ cert_status.pop_back();
+
return cert_status;
}
diff --git a/src/scripts/ci/travis/build.sh b/src/scripts/ci/travis/build.sh
index 0344fd892..516b391ce 100755
--- a/src/scripts/ci/travis/build.sh
+++ b/src/scripts/ci/travis/build.sh
@@ -54,7 +54,7 @@ elif [ "${BUILD_MODE:0:5}" != "cross" ]; then
if [ "$BUILD_MODE" = "coverage" ]; then
CFG_FLAGS+=(--with-tpm)
- TEST_FLAGS="--pkcs11-lib=/tmp/softhsm/lib/softhsm/libsofthsm2.so"
+ TEST_FLAGS="--run-online-tests --pkcs11-lib=/tmp/softhsm/lib/softhsm/libsofthsm2.so"
fi
# Avoid OpenSSL when using dynamic checkers...
diff --git a/src/tests/data/ocsp/geotrust.pem b/src/tests/data/ocsp/geotrust.pem
new file mode 100644
index 000000000..33cc0023e
--- /dev/null
+++ b/src/tests/data/ocsp/geotrust.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
+aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
+WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
+AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
+OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
+T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
+JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
+Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
+PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
+aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
+TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
+LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
+BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
+dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
+AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
+NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
+b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
+-----END CERTIFICATE-----
diff --git a/src/tests/data/ocsp/identrust.pem b/src/tests/data/ocsp/identrust.pem
new file mode 100644
index 000000000..b2e43c938
--- /dev/null
+++ b/src/tests/data/ocsp/identrust.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
diff --git a/src/tests/data/ocsp/letsencrypt.pem b/src/tests/data/ocsp/letsencrypt.pem
new file mode 100644
index 000000000..0002462ce
--- /dev/null
+++ b/src/tests/data/ocsp/letsencrypt.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
diff --git a/src/tests/data/ocsp/randombit.pem b/src/tests/data/ocsp/randombit.pem
new file mode 100644
index 000000000..d5986c21c
--- /dev/null
+++ b/src/tests/data/ocsp/randombit.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFkTCCBHmgAwIBAgISA+ie0HpCS3KjX60Wf0ik8lrSMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjExMTgxMTE2MDBaFw0x
+NzAyMTYxMTE2MDBaMBgxFjAUBgNVBAMTDXJhbmRvbWJpdC5uZXQwggGiMA0GCSqG
+SIb3DQEBAQUAA4IBjwAwggGKAoIBgQCxYsED7KF8RGFWcq1tQdvRExLdDjGJcw1j
+4uV6a/yt2v/wDSUPIXNak9Psm5V56AH2tV/nMuwiFAyqlZiPFcCD5clXoIkJBW2c
+hXYM1js6tNlX6iBA0Cl/ug0+sNYiJP7GZAZFGLy7itGYpLn5DtawQfWxt4ENoZ+x
+MQVAjRrb2oH/BNTBvvMjJNehxkf4RGo9BiwNHwxw/3SQHsObzLvYwnIe7pNCw5gu
+Ol4ekligjh481WIvOS6/dOu2FOuutKKsOFasxyaE8qArs2Nwb0fSS+LG3U7t7jP5
+MuBS+kfp1/jQ8qvV5dJpKcw6D2q4qjmOiAHSXOY/+1GoaKus6xB7NTXbiMsHR/VH
+hnupKYzsR3Fs4+agHXpM/8n6erVsXtwPdw6uFwrVlpAOvu56PiSgaBZLpex/Z4bk
+tqcCQ2EJcjKUU5Ht5TKUFaXv7v/WLkbGdbdVDHh9cEnOthGme8QgaDPZp+mND6Bs
+QyJQgpQ57hsS55l9XehXzNu5SOr/F58CAwEAAaOCAiEwggIdMA4GA1UdDwEB/wQE
+AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
+ADAdBgNVHQ4EFgQUpAkBML2UJvHr4dXnxC2gVnY5NAkwHwYDVR0jBBgwFoAUqEpq
+YwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNo
+dHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYj
+aHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wKwYDVR0RBCQwIoIN
+cmFuZG9tYml0Lm5ldIIRd3d3LnJhbmRvbWJpdC5uZXQwgf4GA1UdIASB9jCB8zAI
+BgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8v
+Y3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRp
+ZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGll
+cyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBv
+bGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5
+LzANBgkqhkiG9w0BAQsFAAOCAQEAXAh1j/hxsJMCMSfQWLSDMNQQirlWJafG2mao
+P5ZwjkGyPoM6q1E/G60TRFSbqwvI9b1SrMipuz5fqf6q7VTac2DZyC7hx5RXvDk3
+ZD93DYYlwOw1RMrfUZtk7F1maqxESxd3V7L8DQWaPx01KZj4kJkP/cwT3t0GWgF2
+DLdltmWqjuFdrxY+XYTdvsk+U85rhosm/4UGlJENdagRMAoRuco/y7MRuKSCWewN
+Vc57atZpfZahpqG10Bld8uf3ApP5eoNWKxbePFMhdWyj8o1N6p57pRn+Qp/mV+0B
+I6IbQv9+D/qEFgHkHDPClaoRjM0+bRI53+uTt5I70VcimVY+wg==
+-----END CERTIFICATE-----
diff --git a/src/tests/data/ocsp/randombit_ocsp.der b/src/tests/data/ocsp/randombit_ocsp.der
new file mode 100644
index 000000000..93d1c6287
--- /dev/null
+++ b/src/tests/data/ocsp/randombit_ocsp.der
Binary files differ
diff --git a/src/tests/main.cpp b/src/tests/main.cpp
index cf61ea0b0..3fa6ce4ab 100644
--- a/src/tests/main.cpp
+++ b/src/tests/main.cpp
@@ -35,7 +35,7 @@ namespace {
class Test_Runner : public Botan_CLI::Command
{
public:
- Test_Runner() : Command("test --threads=0 --soak=5 --drbg-seed= --data-dir= --pkcs11-lib= --log-success *suites") {}
+ Test_Runner() : Command("test --threads=0 --soak=5 --run-online-tests --drbg-seed= --data-dir= --pkcs11-lib= --log-success *suites") {}
std::string help_text() const override
{
@@ -76,6 +76,7 @@ class Test_Runner : public Botan_CLI::Command
const size_t soak_level = get_arg_sz("soak");
const std::string drbg_seed = get_arg("drbg-seed");
const bool log_success = flag_set("log-success");
+ const bool run_online_tests = flag_set("run-online-tests");
const std::string data_dir = get_arg_or("data-dir", "src/tests/data");
const std::string pkcs11_lib = get_arg("pkcs11-lib");
@@ -179,7 +180,8 @@ class Test_Runner : public Botan_CLI::Command
throw Botan_Tests::Test_Error("No usable RNG enabled in build, aborting tests");
}
- Botan_Tests::Test::setup_tests(soak_level, log_success, data_dir, pkcs11_lib, rng.get());
+ Botan_Tests::Test::setup_tests(soak_level, log_success, run_online_tests,
+ data_dir, pkcs11_lib, rng.get());
const size_t failed = run_tests(req, output(), threads);
diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp
index 39bc9e77a..58fa46086 100644
--- a/src/tests/test_ocsp.cpp
+++ b/src/tests/test_ocsp.cpp
@@ -8,7 +8,9 @@
#if defined(BOTAN_HAS_OCSP)
#include <botan/ocsp.h>
- #include <sstream>
+ #include <botan/x509path.h>
+ #include <botan/certstor.h>
+ #include <botan/calendar.h>
#endif
namespace Botan_Tests {
@@ -18,18 +20,18 @@ namespace Botan_Tests {
class OCSP_Tests : public Test
{
private:
- std::vector<byte> slurp_data_file(const std::string& path)
+ std::vector<uint8_t> slurp_data_file(const std::string& path)
{
const std::string fsname = Test::data_file(path);
std::ifstream file(fsname.c_str());
if(!file.good())
throw Test_Error("Error reading from " + fsname);
- std::vector<byte> contents;
+ std::vector<uint8_t> contents;
while(file.good())
{
- std::vector<byte> buf(4096);
+ std::vector<uint8_t> buf(4096);
file.read(reinterpret_cast<char*>(buf.data()), buf.size());
size_t got = file.gcount();
@@ -42,6 +44,16 @@ class OCSP_Tests : public Test
return contents;
}
+ std::shared_ptr<const Botan::X509_Certificate> load_test_X509_cert(const std::string& path)
+ {
+ return std::make_shared<const Botan::X509_Certificate>(Test::data_file(path));
+ }
+
+ std::shared_ptr<const Botan::OCSP::Response> load_test_OCSP_resp(const std::string& path)
+ {
+ return std::make_shared<const Botan::OCSP::Response>(slurp_data_file(path));
+ }
+
Test::Result test_response_parsing()
{
Test::Result result("OCSP response parsing");
@@ -71,7 +83,7 @@ class OCSP_Tests : public Test
Test::Result test_request_encoding()
{
- Test::Result result("OCSP encoding");
+ Test::Result result("OCSP request encoding");
const Botan::X509_Certificate end_entity(Test::data_file("ocsp/gmail.pem"));
const Botan::X509_Certificate issuer(Test::data_file("ocsp/google_g2.pem"));
@@ -96,6 +108,76 @@ class OCSP_Tests : public Test
return result;
}
+ Test::Result test_response_verification()
+ {
+ Test::Result result("OCSP request check");
+
+ std::shared_ptr<const Botan::X509_Certificate> ee = load_test_X509_cert("ocsp/randombit.pem");
+ std::shared_ptr<const Botan::X509_Certificate> ca = load_test_X509_cert("ocsp/letsencrypt.pem");
+ std::shared_ptr<const Botan::X509_Certificate> trust_root = load_test_X509_cert("ocsp/geotrust.pem");
+
+ const std::vector<std::shared_ptr<const Botan::X509_Certificate>> cert_path = { ee, ca, trust_root };
+
+ std::shared_ptr<const Botan::OCSP::Response> ocsp = load_test_OCSP_resp("ocsp/randombit_ocsp.der");
+
+ Botan::Certificate_Store_In_Memory certstore;
+ certstore.add_certificate(trust_root);
+
+ // Some arbitrary time within the validity period of the test certs
+ const auto valid_time = Botan::calendar_point(2016,11,20,8,30,0).to_std_timepoint();
+
+ std::vector<std::set<Botan::Certificate_Status_Code>> ocsp_status = Botan::PKIX::check_ocsp(
+ cert_path,
+ { ocsp },
+ { &certstore },
+ valid_time);
+
+ if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1))
+ {
+ if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1))
+ {
+ result.confirm("Status good", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD));
+ }
+ }
+
+ return result;
+ }
+
+ Test::Result test_online_request()
+ {
+ Test::Result result("OCSP online check");
+
+ std::shared_ptr<const Botan::X509_Certificate> ee = load_test_X509_cert("ocsp/randombit.pem");
+ std::shared_ptr<const Botan::X509_Certificate> ca = load_test_X509_cert("ocsp/letsencrypt.pem");
+ std::shared_ptr<const Botan::X509_Certificate> trust_root = load_test_X509_cert("ocsp/identrust.pem");
+
+ const std::vector<std::shared_ptr<const Botan::X509_Certificate>> cert_path = { ee, ca, trust_root };
+
+ Botan::Certificate_Store_In_Memory certstore;
+ certstore.add_certificate(trust_root);
+
+ std::vector<std::set<Botan::Certificate_Status_Code>> ocsp_status = Botan::PKIX::check_ocsp_online(
+ cert_path,
+ { &certstore },
+ std::chrono::system_clock::now(),
+ std::chrono::milliseconds(3000),
+ true);
+
+ if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 2))
+ {
+ if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1))
+ {
+ result.confirm("Status good", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD));
+ }
+ if(result.test_eq("Expected size of ocsp_status[1]", ocsp_status[1].size(), 1))
+ {
+ result.confirm("Status good", ocsp_status[1].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD));
+ }
+ }
+
+ return result;
+ }
+
public:
std::vector<Test::Result> run() override
{
@@ -103,6 +185,10 @@ class OCSP_Tests : public Test
results.push_back(test_request_encoding());
results.push_back(test_response_parsing());
+ results.push_back(test_response_verification());
+
+ if(Test::run_online_tests())
+ results.push_back(test_online_request());
return results;
}
diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp
index 13094f5dc..1fe41428e 100644
--- a/src/tests/tests.cpp
+++ b/src/tests/tests.cpp
@@ -467,11 +467,13 @@ Botan::RandomNumberGenerator* Test::m_test_rng = nullptr;
std::string Test::m_data_dir;
size_t Test::m_soak_level = 0;
bool Test::m_log_success = false;
+bool Test::m_run_online_tests = false;
std::string Test::m_pkcs11_lib;
//static
void Test::setup_tests(size_t soak,
bool log_success,
+ bool run_online,
const std::string& data_dir,
const std::string& pkcs11_lib,
Botan::RandomNumberGenerator* rng)
@@ -479,6 +481,7 @@ void Test::setup_tests(size_t soak,
m_data_dir = data_dir;
m_soak_level = soak;
m_log_success = log_success;
+ m_run_online_tests = run_online;
m_test_rng = rng;
m_pkcs11_lib = pkcs11_lib;
}
@@ -508,6 +511,12 @@ bool Test::log_success()
}
//static
+bool Test::run_online_tests()
+ {
+ return m_run_online_tests;
+ }
+
+//static
std::string Test::pkcs11_lib()
{
return m_pkcs11_lib;
diff --git a/src/tests/tests.h b/src/tests/tests.h
index 236a89d6f..7d168be72 100644
--- a/src/tests/tests.h
+++ b/src/tests/tests.h
@@ -358,12 +358,14 @@ class Test
static void setup_tests(size_t soak,
bool log_succcss,
+ bool run_online_tests,
const std::string& data_dir,
const std::string& pkcs11_lib,
Botan::RandomNumberGenerator* rng);
static size_t soak_level();
static bool log_success();
+ static bool run_online_tests();
static std::string pkcs11_lib();
static const std::string& data_dir();
@@ -376,7 +378,7 @@ class Test
static std::string m_data_dir;
static Botan::RandomNumberGenerator* m_test_rng;
static size_t m_soak_level;
- static bool m_log_success;
+ static bool m_log_success, m_run_online_tests;
static std::string m_pkcs11_lib;
};