From 28b38adb037719ba08691a4e8c6f59ea2e854760 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 21 Nov 2016 23:51:44 -0500 Subject: Better OCSP tests including online tests Tests touching network are gated by --run-online-tests flag. --- src/tests/test_ocsp.cpp | 96 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 91 insertions(+), 5 deletions(-) (limited to 'src/tests/test_ocsp.cpp') diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index 39bc9e77a..58fa46086 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -8,7 +8,9 @@ #if defined(BOTAN_HAS_OCSP) #include - #include + #include + #include + #include #endif namespace Botan_Tests { @@ -18,18 +20,18 @@ namespace Botan_Tests { class OCSP_Tests : public Test { private: - std::vector slurp_data_file(const std::string& path) + std::vector slurp_data_file(const std::string& path) { const std::string fsname = Test::data_file(path); std::ifstream file(fsname.c_str()); if(!file.good()) throw Test_Error("Error reading from " + fsname); - std::vector contents; + std::vector contents; while(file.good()) { - std::vector buf(4096); + std::vector buf(4096); file.read(reinterpret_cast(buf.data()), buf.size()); size_t got = file.gcount(); @@ -42,6 +44,16 @@ class OCSP_Tests : public Test return contents; } + std::shared_ptr load_test_X509_cert(const std::string& path) + { + return std::make_shared(Test::data_file(path)); + } + + std::shared_ptr load_test_OCSP_resp(const std::string& path) + { + return std::make_shared(slurp_data_file(path)); + } + Test::Result test_response_parsing() { Test::Result result("OCSP response parsing"); @@ -71,7 +83,7 @@ class OCSP_Tests : public Test Test::Result test_request_encoding() { - Test::Result result("OCSP encoding"); + Test::Result result("OCSP request encoding"); const Botan::X509_Certificate end_entity(Test::data_file("ocsp/gmail.pem")); const Botan::X509_Certificate issuer(Test::data_file("ocsp/google_g2.pem")); @@ -96,6 +108,76 @@ class OCSP_Tests : public Test return result; } + Test::Result test_response_verification() + { + Test::Result result("OCSP request check"); + + std::shared_ptr ee = load_test_X509_cert("ocsp/randombit.pem"); + std::shared_ptr ca = load_test_X509_cert("ocsp/letsencrypt.pem"); + std::shared_ptr trust_root = load_test_X509_cert("ocsp/geotrust.pem"); + + const std::vector> cert_path = { ee, ca, trust_root }; + + std::shared_ptr ocsp = load_test_OCSP_resp("ocsp/randombit_ocsp.der"); + + Botan::Certificate_Store_In_Memory certstore; + certstore.add_certificate(trust_root); + + // Some arbitrary time within the validity period of the test certs + const auto valid_time = Botan::calendar_point(2016,11,20,8,30,0).to_std_timepoint(); + + std::vector> ocsp_status = Botan::PKIX::check_ocsp( + cert_path, + { ocsp }, + { &certstore }, + valid_time); + + if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1)) + { + if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) + { + result.confirm("Status good", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); + } + } + + return result; + } + + Test::Result test_online_request() + { + Test::Result result("OCSP online check"); + + std::shared_ptr ee = load_test_X509_cert("ocsp/randombit.pem"); + std::shared_ptr ca = load_test_X509_cert("ocsp/letsencrypt.pem"); + std::shared_ptr trust_root = load_test_X509_cert("ocsp/identrust.pem"); + + const std::vector> cert_path = { ee, ca, trust_root }; + + Botan::Certificate_Store_In_Memory certstore; + certstore.add_certificate(trust_root); + + std::vector> ocsp_status = Botan::PKIX::check_ocsp_online( + cert_path, + { &certstore }, + std::chrono::system_clock::now(), + std::chrono::milliseconds(3000), + true); + + if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 2)) + { + if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) + { + result.confirm("Status good", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); + } + if(result.test_eq("Expected size of ocsp_status[1]", ocsp_status[1].size(), 1)) + { + result.confirm("Status good", ocsp_status[1].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); + } + } + + return result; + } + public: std::vector run() override { @@ -103,6 +185,10 @@ class OCSP_Tests : public Test results.push_back(test_request_encoding()); results.push_back(test_response_parsing()); + results.push_back(test_response_verification()); + + if(Test::run_online_tests()) + results.push_back(test_online_request()); return results; } -- cgit v1.2.3