...

Source file src/github.com/google/certificate-transparency-go/submission/proxy_test.go

Documentation: github.com/google/certificate-transparency-go/submission 

     1  // Copyright 2019 Google LLC. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package submission
    16  
    17  import (
    18  	"bytes"
    19  	"context"
    20  	"encoding/hex"
    21  	"fmt"
    22  	"os"
    23  	"strings"
    24  	"testing"
    25  	"time"
    26  
    27  	ct "github.com/google/certificate-transparency-go"
    28  	"github.com/google/certificate-transparency-go/client"
    29  	"github.com/google/certificate-transparency-go/loglist3"
    30  	"github.com/google/certificate-transparency-go/testdata"
    31  	"github.com/google/certificate-transparency-go/tls"
    32  	"github.com/google/trillian/monitoring"
    33  )
    34  
    35  // stubLogListRefresher produces error on each Refresh call.
    36  type stubLogListRefresher struct {
    37  }
    38  
    39  func (llr stubLogListRefresher) Refresh() (*LogListData, error) {
    40  	return nil, fmt.Errorf("stub Log List Refresher produces no Log List")
    41  }
    42  func (llr stubLogListRefresher) LastJSON() []byte {
    43  	return nil
    44  }
    45  func (llr stubLogListRefresher) Source() string {
    46  	return "stub"
    47  }
    48  
    49  func stubLogListManager() *LogListManager {
    50  	return NewLogListManager(stubLogListRefresher{}, nil)
    51  }
    52  
    53  var imf monitoring.InertMetricFactory
    54  
    55  func TestProxyRefreshLLErr(t *testing.T) {
    56  	p := NewProxy(stubLogListManager(), GetDistributorBuilder(ChromeCTPolicy, NewStubLogClient, imf), imf)
    57  
    58  	_, err := p.llWatcher.RefreshLogList(context.Background())
    59  	if err == nil {
    60  		t.Errorf("p.RefreshLogList() on stubLogListRefresher expected to get error, got none")
    61  	}
    62  }
    63  
    64  func TestProxyBrokenDistributor(t *testing.T) {
    65  	p := NewProxy(stubLogListManager(), GetDistributorBuilder(ChromeCTPolicy, newNoLogClient, imf), imf)
    66  
    67  	_, err := p.llWatcher.RefreshLogList(context.Background())
    68  	if err == nil {
    69  		t.Errorf("p.RefreshLogList() on brokenDistributorFactory expected to get error, got none")
    70  	}
    71  }
    72  
    73  // Stub for AddLogCLient interface
    74  type stubNoRootsLogClient struct {
    75  	logURL string
    76  }
    77  
    78  func (m stubNoRootsLogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error) {
    79  	return nil, fmt.Errorf("log %q has no roots", m.logURL)
    80  }
    81  
    82  func (m stubNoRootsLogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error) {
    83  	return nil, fmt.Errorf("log %q has no roots", m.logURL)
    84  }
    85  
    86  func (m stubNoRootsLogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error) {
    87  	return nil, fmt.Errorf("stubNoRootsLogClient cannot provide roots")
    88  }
    89  
    90  func buildStubNoRootsLogClient(log *loglist3.Log) (client.AddLogClient, error) {
    91  	return stubNoRootsLogClient{logURL: log.URL}, nil
    92  }
    93  
    94  func TestProxyInitState(t *testing.T) {
    95  	f, err := createTempFile(testdata.SampleLogList3)
    96  	if err != nil {
    97  		t.Fatalf("createTempFile(%q) = (_, %q), want (_, nil)", testdata.SampleLogList3, err)
    98  	}
    99  	defer os.Remove(f)
   100  
   101  	llr := NewLogListRefresher(f)
   102  	p := NewProxy(NewLogListManager(llr, nil), GetDistributorBuilder(ChromeCTPolicy, buildStubNoRootsLogClient, imf), imf)
   103  	p.Run(context.Background(), 100*time.Millisecond, time.Hour)
   104  
   105  	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
   106  	defer cancel()
   107  
   108  Init:
   109  	for {
   110  		select {
   111  		case <-ctx.Done():
   112  			t.Fatalf("p.Run() expected to send init signal, got none")
   113  		case b, ok := <-p.Init:
   114  			if !ok {
   115  				t.Fatalf("p.Run() expected to send 'true' init signal via Init channel, but channel is closed")
   116  			}
   117  			if b != true {
   118  				t.Fatalf("p.Run() expected to send 'true' init signal, got false")
   119  			}
   120  			break Init
   121  		}
   122  	}
   123  
   124  	sampleLogListUpdate := strings.Replace(testdata.SampleLogList3, "ct.googleapis.com/racketeer/", "ct.googleapis.com/racketeer/v2/", 1)
   125  	if err := os.WriteFile(f, []byte(sampleLogListUpdate), 0644); err != nil {
   126  		t.Fatalf("unable to update Log-list data file: %q", err)
   127  	}
   128  	ctx, cancel = context.WithTimeout(context.Background(), time.Second)
   129  	defer cancel()
   130  	for {
   131  		select {
   132  		case <-ctx.Done():
   133  			return
   134  		case _, ok := <-p.Init:
   135  			if ok {
   136  				t.Fatalf("p.Refresh() after initial p.Run() sent signal into Init-channel, expected none")
   137  			}
   138  		}
   139  	}
   140  }
   141  
   142  // Helper func building slice of N AssignedSCTs.
   143  func buildAssignedSCTs(t *testing.T, n int) []*AssignedSCT {
   144  	rawSCT := testdata.TestCertProof
   145  	var sct ct.SignedCertificateTimestamp
   146  	_, err := tls.Unmarshal(rawSCT, &sct)
   147  	if err != nil {
   148  		t.Fatalf("failed to tls-unmarshal test certificate proof: %s", err)
   149  	}
   150  	sampleLogURL := "ct.googleapis.com/racketeer/"
   151  	assignedSCT := AssignedSCT{LogURL: sampleLogURL, SCT: &sct}
   152  	assignedSCTs := make([]*AssignedSCT, n)
   153  	for i := 0; i < n; i++ {
   154  		assignedSCTs[i] = &assignedSCT
   155  	}
   156  	return assignedSCTs
   157  }
   158  
   159  // Helper func building slice of 1 AssignedSCTs containing one nil.
   160  func buildNilAssignedSCT() []*AssignedSCT {
   161  	sampleLogURL := "ct.googleapis.com/racketeer/"
   162  	assignedNilSCT := AssignedSCT{LogURL: sampleLogURL, SCT: nil}
   163  	assignedSCTs := []*AssignedSCT{&assignedNilSCT}
   164  	return assignedSCTs
   165  }
   166  
   167  func decodeValidHex(t *testing.T, s string) []byte {
   168  	b, err := hex.DecodeString(s)
   169  	if err != nil {
   170  		t.Fatalf("Unable to hex-Decode %s", s)
   171  		return nil
   172  	}
   173  	return b
   174  }
   175  
   176  func TestASN1MarshalSCT(t *testing.T) {
   177  	tests := []struct {
   178  		name    string
   179  		scts    []*AssignedSCT
   180  		want    []byte
   181  		wantErr bool
   182  	}{
   183  		{
   184  			name:    "OneSCT",
   185  			scts:    buildAssignedSCTs(t, 1),
   186  			want:    decodeValidHex(t, "047a0078007600df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013ddb27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5"),
   187  			wantErr: false,
   188  		},
   189  		{
   190  			name:    "NoSCT",
   191  			scts:    buildAssignedSCTs(t, 0),
   192  			want:    nil,
   193  			wantErr: true,
   194  		},
   195  		{
   196  			name:    "TwoSCTs",
   197  			scts:    buildAssignedSCTs(t, 2),
   198  			want:    decodeValidHex(t, "0481f200f0007600df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013ddb27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5007600df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013ddb27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5"),
   199  			wantErr: false,
   200  		},
   201  		{
   202  			name:    "NilSCT",
   203  			scts:    buildNilAssignedSCT(),
   204  			want:    nil,
   205  			wantErr: true,
   206  		},
   207  	}
   208  
   209  	for _, test := range tests {
   210  		t.Run(test.name, func(t *testing.T) {
   211  			got, err := ASN1MarshalSCTs(test.scts)
   212  			if (err != nil) && !test.wantErr {
   213  				t.Fatalf("ASN1MarshalSCT() returned error %v", err)
   214  			}
   215  			if (err == nil) && test.wantErr {
   216  				t.Fatalf("ASN1MarshalSCT() expected to return error, got none")
   217  			}
   218  			if !(bytes.Equal(got, test.want)) {
   219  				t.Fatalf("ASN1MarshalSCT() returned unexpected output: \n got: %x\nwant: %x", got, test.want)
   220  			}
   221  		})
   222  	}
   223  }
   224  

View as plain text