1 /* Copyright (c) 2023, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include "trust_store_in_memory.h"
16
17 #include <gtest/gtest.h>
18 #include "test_helpers.h"
19
20 namespace bssl {
21 namespace {
22
23 class TrustStoreInMemoryTest : public testing::Test {
24 public:
SetUp()25 void SetUp() override {
26 ParsedCertificateList chain;
27 ASSERT_TRUE(ReadCertChainFromFile(
28 "testdata/verify_certificate_chain_unittest/key-rollover/oldchain.pem",
29 &chain));
30
31 ASSERT_EQ(3U, chain.size());
32 target_ = chain[0];
33 oldintermediate_ = chain[1];
34 oldroot_ = chain[2];
35 ASSERT_TRUE(target_);
36 ASSERT_TRUE(oldintermediate_);
37 ASSERT_TRUE(oldroot_);
38
39 ASSERT_TRUE(
40 ReadCertChainFromFile("testdata/verify_certificate_chain_unittest/"
41 "key-rollover/longrolloverchain.pem",
42 &chain));
43
44 ASSERT_EQ(5U, chain.size());
45 newintermediate_ = chain[1];
46 newroot_ = chain[2];
47 newrootrollover_ = chain[3];
48 ASSERT_TRUE(newintermediate_);
49 ASSERT_TRUE(newroot_);
50 ASSERT_TRUE(newrootrollover_);
51 }
52
53 protected:
54 std::shared_ptr<const ParsedCertificate> oldroot_;
55 std::shared_ptr<const ParsedCertificate> newroot_;
56 std::shared_ptr<const ParsedCertificate> newrootrollover_;
57
58 std::shared_ptr<const ParsedCertificate> target_;
59 std::shared_ptr<const ParsedCertificate> oldintermediate_;
60 std::shared_ptr<const ParsedCertificate> newintermediate_;
61 };
62
TEST_F(TrustStoreInMemoryTest,OneRootTrusted)63 TEST_F(TrustStoreInMemoryTest, OneRootTrusted) {
64 TrustStoreInMemory in_memory;
65 in_memory.AddTrustAnchor(newroot_);
66
67 // newroot_ is trusted.
68 CertificateTrust trust = in_memory.GetTrust(newroot_.get());
69 EXPECT_EQ(CertificateTrust::ForTrustAnchor().ToDebugString(),
70 trust.ToDebugString());
71
72 // oldroot_ is not.
73 trust = in_memory.GetTrust(oldroot_.get());
74 EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(),
75 trust.ToDebugString());
76 }
77
TEST_F(TrustStoreInMemoryTest,DistrustBySPKI)78 TEST_F(TrustStoreInMemoryTest, DistrustBySPKI) {
79 TrustStoreInMemory in_memory;
80 in_memory.AddDistrustedCertificateBySPKI(
81 std::string(BytesAsStringView(newroot_->tbs().spki_tlv)));
82
83 // newroot_ is distrusted.
84 CertificateTrust trust = in_memory.GetTrust(newroot_.get());
85 EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(),
86 trust.ToDebugString());
87
88 // oldroot_ is unspecified.
89 trust = in_memory.GetTrust(oldroot_.get());
90 EXPECT_EQ(CertificateTrust::ForUnspecified().ToDebugString(),
91 trust.ToDebugString());
92
93 // newrootrollover_ is also distrusted because it has the same key.
94 trust = in_memory.GetTrust(newrootrollover_.get());
95 EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(),
96 trust.ToDebugString());
97 }
98
TEST_F(TrustStoreInMemoryTest,DistrustBySPKIOverridesTrust)99 TEST_F(TrustStoreInMemoryTest, DistrustBySPKIOverridesTrust) {
100 TrustStoreInMemory in_memory;
101 in_memory.AddTrustAnchor(newroot_);
102 in_memory.AddDistrustedCertificateBySPKI(
103 std::string(BytesAsStringView(newroot_->tbs().spki_tlv)));
104
105 // newroot_ is distrusted.
106 CertificateTrust trust = in_memory.GetTrust(newroot_.get());
107 EXPECT_EQ(CertificateTrust::ForDistrusted().ToDebugString(),
108 trust.ToDebugString());
109 }
110
111 } // namespace
112 } // namespace bssl
113