diff options
-rw-r--r-- | src/lib/x509/cert_status.h | 6 | ||||
-rw-r--r-- | src/lib/x509/x509path.cpp | 6 | ||||
-rwxr-xr-x | src/scripts/ci/travis/build.sh | 2 | ||||
-rw-r--r-- | src/tests/data/ocsp/geotrust.pem | 21 | ||||
-rw-r--r-- | src/tests/data/ocsp/identrust.pem | 20 | ||||
-rw-r--r-- | src/tests/data/ocsp/letsencrypt.pem | 27 | ||||
-rw-r--r-- | src/tests/data/ocsp/randombit.pem | 32 | ||||
-rw-r--r-- | src/tests/data/ocsp/randombit_ocsp.der | bin | 0 -> 527 bytes | |||
-rw-r--r-- | src/tests/main.cpp | 6 | ||||
-rw-r--r-- | src/tests/test_ocsp.cpp | 96 | ||||
-rw-r--r-- | src/tests/tests.cpp | 9 | ||||
-rw-r--r-- | src/tests/tests.h | 4 |
12 files changed, 218 insertions, 11 deletions
diff --git a/src/lib/x509/cert_status.h b/src/lib/x509/cert_status.h index 921fd2b09..8f514c092 100644 --- a/src/lib/x509/cert_status.h +++ b/src/lib/x509/cert_status.h @@ -1,5 +1,5 @@ /* -* Result enums +* Path validation result enums * (C) 2013 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) @@ -8,6 +8,8 @@ #ifndef BOTAN_X509_PATH_RESULT_H__ #define BOTAN_X509_PATH_RESULT_H__ +#include <botan/build.h> + namespace Botan { /** @@ -77,7 +79,7 @@ enum class Certificate_Status_Code { * @param code the certifcate status * @return string literal constant, or nullptr if code unknown */ -const char* to_string(Certificate_Status_Code code); +BOTAN_DLL const char* to_string(Certificate_Status_Code code); } diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 946539bab..c57985766 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -161,6 +161,9 @@ PKIX::check_ocsp(const std::vector<std::shared_ptr<const X509_Certificate>>& cer } } + while(cert_status.back().empty()) + cert_status.pop_back(); + return cert_status; } @@ -203,6 +206,9 @@ PKIX::check_crl(const std::vector<std::shared_ptr<const X509_Certificate>>& cert } } + while(cert_status.back().empty()) + cert_status.pop_back(); + return cert_status; } diff --git a/src/scripts/ci/travis/build.sh b/src/scripts/ci/travis/build.sh index 0344fd892..516b391ce 100755 --- a/src/scripts/ci/travis/build.sh +++ b/src/scripts/ci/travis/build.sh @@ -54,7 +54,7 @@ elif [ "${BUILD_MODE:0:5}" != "cross" ]; then if [ "$BUILD_MODE" = "coverage" ]; then CFG_FLAGS+=(--with-tpm) - TEST_FLAGS="--pkcs11-lib=/tmp/softhsm/lib/softhsm/libsofthsm2.so" + TEST_FLAGS="--run-online-tests --pkcs11-lib=/tmp/softhsm/lib/softhsm/libsofthsm2.so" fi # Avoid OpenSSL when using dynamic checkers... diff --git a/src/tests/data/ocsp/geotrust.pem b/src/tests/data/ocsp/geotrust.pem new file mode 100644 index 000000000..33cc0023e --- /dev/null +++ b/src/tests/data/ocsp/geotrust.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT +MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 +aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw +WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE +AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m +OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu +T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c +JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR +Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz +PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm +aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM +TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g +LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO +BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv +dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB +AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL +NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W +b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S +-----END CERTIFICATE----- diff --git a/src/tests/data/ocsp/identrust.pem b/src/tests/data/ocsp/identrust.pem new file mode 100644 index 000000000..b2e43c938 --- /dev/null +++ b/src/tests/data/ocsp/identrust.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- diff --git a/src/tests/data/ocsp/letsencrypt.pem b/src/tests/data/ocsp/letsencrypt.pem new file mode 100644 index 000000000..0002462ce --- /dev/null +++ b/src/tests/data/ocsp/letsencrypt.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow +SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT +GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF +q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 +SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 +Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA +a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj +/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T +AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG +CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv +bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k +c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw +VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC +ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz +MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu +Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF +AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo +uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ +wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu +X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG +PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 +KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== +-----END CERTIFICATE----- diff --git a/src/tests/data/ocsp/randombit.pem b/src/tests/data/ocsp/randombit.pem new file mode 100644 index 000000000..d5986c21c --- /dev/null +++ b/src/tests/data/ocsp/randombit.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFkTCCBHmgAwIBAgISA+ie0HpCS3KjX60Wf0ik8lrSMA0GCSqGSIb3DQEBCwUA +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjExMTgxMTE2MDBaFw0x +NzAyMTYxMTE2MDBaMBgxFjAUBgNVBAMTDXJhbmRvbWJpdC5uZXQwggGiMA0GCSqG +SIb3DQEBAQUAA4IBjwAwggGKAoIBgQCxYsED7KF8RGFWcq1tQdvRExLdDjGJcw1j +4uV6a/yt2v/wDSUPIXNak9Psm5V56AH2tV/nMuwiFAyqlZiPFcCD5clXoIkJBW2c +hXYM1js6tNlX6iBA0Cl/ug0+sNYiJP7GZAZFGLy7itGYpLn5DtawQfWxt4ENoZ+x +MQVAjRrb2oH/BNTBvvMjJNehxkf4RGo9BiwNHwxw/3SQHsObzLvYwnIe7pNCw5gu +Ol4ekligjh481WIvOS6/dOu2FOuutKKsOFasxyaE8qArs2Nwb0fSS+LG3U7t7jP5 +MuBS+kfp1/jQ8qvV5dJpKcw6D2q4qjmOiAHSXOY/+1GoaKus6xB7NTXbiMsHR/VH +hnupKYzsR3Fs4+agHXpM/8n6erVsXtwPdw6uFwrVlpAOvu56PiSgaBZLpex/Z4bk +tqcCQ2EJcjKUU5Ht5TKUFaXv7v/WLkbGdbdVDHh9cEnOthGme8QgaDPZp+mND6Bs +QyJQgpQ57hsS55l9XehXzNu5SOr/F58CAwEAAaOCAiEwggIdMA4GA1UdDwEB/wQE +AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw +ADAdBgNVHQ4EFgQUpAkBML2UJvHr4dXnxC2gVnY5NAkwHwYDVR0jBBgwFoAUqEpq +YwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNo +dHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYj +aHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wKwYDVR0RBCQwIoIN +cmFuZG9tYml0Lm5ldIIRd3d3LnJhbmRvbWJpdC5uZXQwgf4GA1UdIASB9jCB8zAI +BgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8v +Y3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRp +ZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGll +cyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBv +bGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5 +LzANBgkqhkiG9w0BAQsFAAOCAQEAXAh1j/hxsJMCMSfQWLSDMNQQirlWJafG2mao +P5ZwjkGyPoM6q1E/G60TRFSbqwvI9b1SrMipuz5fqf6q7VTac2DZyC7hx5RXvDk3 +ZD93DYYlwOw1RMrfUZtk7F1maqxESxd3V7L8DQWaPx01KZj4kJkP/cwT3t0GWgF2 +DLdltmWqjuFdrxY+XYTdvsk+U85rhosm/4UGlJENdagRMAoRuco/y7MRuKSCWewN +Vc57atZpfZahpqG10Bld8uf3ApP5eoNWKxbePFMhdWyj8o1N6p57pRn+Qp/mV+0B +I6IbQv9+D/qEFgHkHDPClaoRjM0+bRI53+uTt5I70VcimVY+wg== +-----END CERTIFICATE----- diff --git a/src/tests/data/ocsp/randombit_ocsp.der b/src/tests/data/ocsp/randombit_ocsp.der Binary files differnew file mode 100644 index 000000000..93d1c6287 --- /dev/null +++ b/src/tests/data/ocsp/randombit_ocsp.der diff --git a/src/tests/main.cpp b/src/tests/main.cpp index cf61ea0b0..3fa6ce4ab 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -35,7 +35,7 @@ namespace { class Test_Runner : public Botan_CLI::Command { public: - Test_Runner() : Command("test --threads=0 --soak=5 --drbg-seed= --data-dir= --pkcs11-lib= --log-success *suites") {} + Test_Runner() : Command("test --threads=0 --soak=5 --run-online-tests --drbg-seed= --data-dir= --pkcs11-lib= --log-success *suites") {} std::string help_text() const override { @@ -76,6 +76,7 @@ class Test_Runner : public Botan_CLI::Command const size_t soak_level = get_arg_sz("soak"); const std::string drbg_seed = get_arg("drbg-seed"); const bool log_success = flag_set("log-success"); + const bool run_online_tests = flag_set("run-online-tests"); const std::string data_dir = get_arg_or("data-dir", "src/tests/data"); const std::string pkcs11_lib = get_arg("pkcs11-lib"); @@ -179,7 +180,8 @@ class Test_Runner : public Botan_CLI::Command throw Botan_Tests::Test_Error("No usable RNG enabled in build, aborting tests"); } - Botan_Tests::Test::setup_tests(soak_level, log_success, data_dir, pkcs11_lib, rng.get()); + Botan_Tests::Test::setup_tests(soak_level, log_success, run_online_tests, + data_dir, pkcs11_lib, rng.get()); const size_t failed = run_tests(req, output(), threads); diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index 39bc9e77a..58fa46086 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -8,7 +8,9 @@ #if defined(BOTAN_HAS_OCSP) #include <botan/ocsp.h> - #include <sstream> + #include <botan/x509path.h> + #include <botan/certstor.h> + #include <botan/calendar.h> #endif namespace Botan_Tests { @@ -18,18 +20,18 @@ namespace Botan_Tests { class OCSP_Tests : public Test { private: - std::vector<byte> slurp_data_file(const std::string& path) + std::vector<uint8_t> slurp_data_file(const std::string& path) { const std::string fsname = Test::data_file(path); std::ifstream file(fsname.c_str()); if(!file.good()) throw Test_Error("Error reading from " + fsname); - std::vector<byte> contents; + std::vector<uint8_t> contents; while(file.good()) { - std::vector<byte> buf(4096); + std::vector<uint8_t> buf(4096); file.read(reinterpret_cast<char*>(buf.data()), buf.size()); size_t got = file.gcount(); @@ -42,6 +44,16 @@ class OCSP_Tests : public Test return contents; } + std::shared_ptr<const Botan::X509_Certificate> load_test_X509_cert(const std::string& path) + { + return std::make_shared<const Botan::X509_Certificate>(Test::data_file(path)); + } + + std::shared_ptr<const Botan::OCSP::Response> load_test_OCSP_resp(const std::string& path) + { + return std::make_shared<const Botan::OCSP::Response>(slurp_data_file(path)); + } + Test::Result test_response_parsing() { Test::Result result("OCSP response parsing"); @@ -71,7 +83,7 @@ class OCSP_Tests : public Test Test::Result test_request_encoding() { - Test::Result result("OCSP encoding"); + Test::Result result("OCSP request encoding"); const Botan::X509_Certificate end_entity(Test::data_file("ocsp/gmail.pem")); const Botan::X509_Certificate issuer(Test::data_file("ocsp/google_g2.pem")); @@ -96,6 +108,76 @@ class OCSP_Tests : public Test return result; } + Test::Result test_response_verification() + { + Test::Result result("OCSP request check"); + + std::shared_ptr<const Botan::X509_Certificate> ee = load_test_X509_cert("ocsp/randombit.pem"); + std::shared_ptr<const Botan::X509_Certificate> ca = load_test_X509_cert("ocsp/letsencrypt.pem"); + std::shared_ptr<const Botan::X509_Certificate> trust_root = load_test_X509_cert("ocsp/geotrust.pem"); + + const std::vector<std::shared_ptr<const Botan::X509_Certificate>> cert_path = { ee, ca, trust_root }; + + std::shared_ptr<const Botan::OCSP::Response> ocsp = load_test_OCSP_resp("ocsp/randombit_ocsp.der"); + + Botan::Certificate_Store_In_Memory certstore; + certstore.add_certificate(trust_root); + + // Some arbitrary time within the validity period of the test certs + const auto valid_time = Botan::calendar_point(2016,11,20,8,30,0).to_std_timepoint(); + + std::vector<std::set<Botan::Certificate_Status_Code>> ocsp_status = Botan::PKIX::check_ocsp( + cert_path, + { ocsp }, + { &certstore }, + valid_time); + + if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1)) + { + if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) + { + result.confirm("Status good", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); + } + } + + return result; + } + + Test::Result test_online_request() + { + Test::Result result("OCSP online check"); + + std::shared_ptr<const Botan::X509_Certificate> ee = load_test_X509_cert("ocsp/randombit.pem"); + std::shared_ptr<const Botan::X509_Certificate> ca = load_test_X509_cert("ocsp/letsencrypt.pem"); + std::shared_ptr<const Botan::X509_Certificate> trust_root = load_test_X509_cert("ocsp/identrust.pem"); + + const std::vector<std::shared_ptr<const Botan::X509_Certificate>> cert_path = { ee, ca, trust_root }; + + Botan::Certificate_Store_In_Memory certstore; + certstore.add_certificate(trust_root); + + std::vector<std::set<Botan::Certificate_Status_Code>> ocsp_status = Botan::PKIX::check_ocsp_online( + cert_path, + { &certstore }, + std::chrono::system_clock::now(), + std::chrono::milliseconds(3000), + true); + + if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 2)) + { + if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) + { + result.confirm("Status good", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); + } + if(result.test_eq("Expected size of ocsp_status[1]", ocsp_status[1].size(), 1)) + { + result.confirm("Status good", ocsp_status[1].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); + } + } + + return result; + } + public: std::vector<Test::Result> run() override { @@ -103,6 +185,10 @@ class OCSP_Tests : public Test results.push_back(test_request_encoding()); results.push_back(test_response_parsing()); + results.push_back(test_response_verification()); + + if(Test::run_online_tests()) + results.push_back(test_online_request()); return results; } diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index 13094f5dc..1fe41428e 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -467,11 +467,13 @@ Botan::RandomNumberGenerator* Test::m_test_rng = nullptr; std::string Test::m_data_dir; size_t Test::m_soak_level = 0; bool Test::m_log_success = false; +bool Test::m_run_online_tests = false; std::string Test::m_pkcs11_lib; //static void Test::setup_tests(size_t soak, bool log_success, + bool run_online, const std::string& data_dir, const std::string& pkcs11_lib, Botan::RandomNumberGenerator* rng) @@ -479,6 +481,7 @@ void Test::setup_tests(size_t soak, m_data_dir = data_dir; m_soak_level = soak; m_log_success = log_success; + m_run_online_tests = run_online; m_test_rng = rng; m_pkcs11_lib = pkcs11_lib; } @@ -508,6 +511,12 @@ bool Test::log_success() } //static +bool Test::run_online_tests() + { + return m_run_online_tests; + } + +//static std::string Test::pkcs11_lib() { return m_pkcs11_lib; diff --git a/src/tests/tests.h b/src/tests/tests.h index 236a89d6f..7d168be72 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -358,12 +358,14 @@ class Test static void setup_tests(size_t soak, bool log_succcss, + bool run_online_tests, const std::string& data_dir, const std::string& pkcs11_lib, Botan::RandomNumberGenerator* rng); static size_t soak_level(); static bool log_success(); + static bool run_online_tests(); static std::string pkcs11_lib(); static const std::string& data_dir(); @@ -376,7 +378,7 @@ class Test static std::string m_data_dir; static Botan::RandomNumberGenerator* m_test_rng; static size_t m_soak_level; - static bool m_log_success; + static bool m_log_success, m_run_online_tests; static std::string m_pkcs11_lib; }; |