...

Source file src/github.com/google/certificate-transparency-go/ctpolicy/chromepolicy_test.go

Documentation: github.com/google/certificate-transparency-go/ctpolicy 

     1  // Copyright 2018 Google LLC. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //	http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  package ctpolicy
    15  
    16  import (
    17  	"testing"
    18  
    19  	"github.com/google/certificate-transparency-go/x509"
    20  
    21  	"github.com/kylelemons/godebug/pretty"
    22  )
    23  
    24  func wantedGroups(goog int, nonGoog int, base int, minusBob bool) LogPolicyData {
    25  	gi := LogPolicyData{
    26  		"Google-operated": {
    27  			Name: "Google-operated",
    28  			LogURLs: map[string]bool{
    29  				"https://ct.googleapis.com/logs/argon2020/": true,
    30  				"https://ct.googleapis.com/aviator/":        true,
    31  				"https://ct.googleapis.com/icarus/":         true,
    32  				"https://ct.googleapis.com/rocketeer/":      true,
    33  				"https://ct.googleapis.com/racketeer/":      true,
    34  			},
    35  			MinInclusions: goog,
    36  			IsBase:        false,
    37  			LogWeights: map[string]float32{
    38  				"https://ct.googleapis.com/logs/argon2020/": 1.0,
    39  				"https://ct.googleapis.com/aviator/":        1.0,
    40  				"https://ct.googleapis.com/icarus/":         1.0,
    41  				"https://ct.googleapis.com/rocketeer/":      1.0,
    42  				"https://ct.googleapis.com/racketeer/":      1.0,
    43  			},
    44  		},
    45  		"Non-Google-operated": {
    46  			Name: "Non-Google-operated",
    47  			LogURLs: map[string]bool{
    48  				"https://log.bob.io": true,
    49  			},
    50  			MinInclusions: nonGoog,
    51  			IsBase:        false,
    52  			LogWeights: map[string]float32{
    53  				"https://log.bob.io": 1.0,
    54  			},
    55  		},
    56  		BaseName: {
    57  			Name: BaseName,
    58  			LogURLs: map[string]bool{
    59  				"https://ct.googleapis.com/logs/argon2020/": true,
    60  				"https://ct.googleapis.com/aviator/":        true,
    61  				"https://ct.googleapis.com/icarus/":         true,
    62  				"https://ct.googleapis.com/rocketeer/":      true,
    63  				"https://ct.googleapis.com/racketeer/":      true,
    64  				"https://log.bob.io":                        true,
    65  			},
    66  			MinInclusions: base,
    67  			IsBase:        true,
    68  			LogWeights: map[string]float32{
    69  				"https://ct.googleapis.com/logs/argon2020/": 1.0,
    70  				"https://ct.googleapis.com/aviator/":        1.0,
    71  				"https://ct.googleapis.com/icarus/":         1.0,
    72  				"https://ct.googleapis.com/rocketeer/":      1.0,
    73  				"https://ct.googleapis.com/racketeer/":      1.0,
    74  				"https://log.bob.io":                        1.0,
    75  			},
    76  		},
    77  	}
    78  	if minusBob {
    79  		delete(gi[BaseName].LogURLs, "https://log.bob.io")
    80  		delete(gi[BaseName].LogWeights, "https://log.bob.io")
    81  		delete(gi["Non-Google-operated"].LogURLs, "https://log.bob.io")
    82  		delete(gi["Non-Google-operated"].LogWeights, "https://log.bob.io")
    83  	}
    84  	return gi
    85  }
    86  func TestCheckChromePolicy(t *testing.T) {
    87  	tests := []struct {
    88  		name string
    89  		cert *x509.Certificate
    90  		want LogPolicyData
    91  	}{
    92  		{
    93  			name: "Short",
    94  			cert: getTestCertPEMShort(),
    95  			want: wantedGroups(1, 1, 2, false),
    96  		},
    97  		{
    98  			name: "2-year",
    99  			cert: getTestCertPEM2Years(),
   100  			want: wantedGroups(1, 1, 3, false),
   101  		},
   102  		{
   103  			name: "3-year",
   104  			cert: getTestCertPEM3Years(),
   105  			want: wantedGroups(1, 1, 4, false),
   106  		},
   107  		{
   108  			name: "Long",
   109  			cert: getTestCertPEMLongOriginal(),
   110  			want: wantedGroups(1, 1, 5, false),
   111  		},
   112  	}
   113  
   114  	var policy ChromeCTPolicy
   115  	sampleLogList := sampleLogList(t)
   116  	for _, test := range tests {
   117  		t.Run(test.name, func(t *testing.T) {
   118  			got, err := policy.LogsByGroup(test.cert, sampleLogList)
   119  			if diff := pretty.Compare(test.want, got); diff != "" {
   120  				t.Errorf("LogsByGroup: (-want +got)\n%s", diff)
   121  			}
   122  			if err != nil {
   123  				t.Errorf("LogsByGroup returned an error when not expected: %v", err)
   124  			}
   125  		})
   126  	}
   127  }
   128  
   129  func TestCheckChromePolicyWarnings(t *testing.T) {
   130  	tests := []struct {
   131  		name    string
   132  		cert    *x509.Certificate
   133  		want    LogPolicyData
   134  		warning string
   135  	}{
   136  		{
   137  			name:    "Short",
   138  			cert:    getTestCertPEMShort(),
   139  			want:    LogPolicyData{},
   140  			warning: "trying to assign 1 minimal inclusion number while only 0 logs are part of group \"Non-Google-operated\"",
   141  		},
   142  		{
   143  			name:    "2-year",
   144  			cert:    getTestCertPEM2Years(),
   145  			want:    LogPolicyData{},
   146  			warning: "trying to assign 1 minimal inclusion number while only 0 logs are part of group \"Non-Google-operated\"",
   147  		},
   148  		{
   149  			name:    "3-year",
   150  			cert:    getTestCertPEM3Years(),
   151  			want:    LogPolicyData{},
   152  			warning: "trying to assign 1 minimal inclusion number while only 0 logs are part of group \"Non-Google-operated\"",
   153  		},
   154  		{
   155  			name:    "Long",
   156  			cert:    getTestCertPEMLongOriginal(),
   157  			want:    LogPolicyData{},
   158  			warning: "trying to assign 1 minimal inclusion number while only 0 logs are part of group \"Non-Google-operated\"",
   159  		},
   160  	}
   161  
   162  	var policy ChromeCTPolicy
   163  	sampleLogList := sampleLogList(t)
   164  	// Removing Bob-log.
   165  	sampleLogList.Operators = sampleLogList.Operators[:1]
   166  
   167  	for _, test := range tests {
   168  		t.Run(test.name, func(t *testing.T) {
   169  
   170  			got, err := policy.LogsByGroup(test.cert, sampleLogList)
   171  			if diff := pretty.Compare(test.want, got); diff != "" {
   172  				t.Errorf("LogsByGroup: (-want +got)\n%s", diff)
   173  			}
   174  			if err == nil && len(test.warning) > 0 {
   175  				t.Errorf("LogsByGroup returned no error when expected")
   176  			} else if err != nil {
   177  				if err.Error() != test.warning {
   178  					t.Errorf("LogsByGroup returned error message %q while expected %q", err.Error(), test.warning)
   179  				}
   180  			}
   181  		})
   182  	}
   183  }
   184  

View as plain text