Remove CT tests
These tests rely on non-public API of conscrypt.
Test: presubmit
Bug: 365712510
Change-Id: I24e87ebcd5033c0a7d78ee203a318c398c4d85c5
Merged-In: Icfbf073079e69137f681ec481acce53d27837bb4
diff --git a/common/src/test/java/org/conscrypt/ct/CTVerifierTest.java b/common/src/test/java/org/conscrypt/ct/CTVerifierTest.java
deleted file mode 100644
index 9aaf8db..0000000
--- a/common/src/test/java/org/conscrypt/ct/CTVerifierTest.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.conscrypt.ct;
-
-import static org.conscrypt.TestUtils.openTestFile;
-import static org.conscrypt.TestUtils.readTestFile;
-import static org.junit.Assert.assertEquals;
-
-import java.security.PublicKey;
-import java.util.Arrays;
-import org.conscrypt.OpenSSLX509Certificate;
-import org.conscrypt.TestUtils;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
-
-@RunWith(JUnit4.class)
-public class CTVerifierTest {
- private OpenSSLX509Certificate ca;
- private OpenSSLX509Certificate cert;
- private OpenSSLX509Certificate certEmbedded;
- private CTVerifier ctVerifier;
-
- @Before
- public void setUp() throws Exception {
- ca = OpenSSLX509Certificate.fromX509PemInputStream(openTestFile("ca-cert.pem"));
- cert = OpenSSLX509Certificate.fromX509PemInputStream(openTestFile("cert.pem"));
- certEmbedded = OpenSSLX509Certificate.fromX509PemInputStream(
- openTestFile("cert-ct-embedded.pem"));
-
- PublicKey key = TestUtils.readPublicKeyPemFile("ct-server-key-public.pem");
-
- final CTLogInfo log = new CTLogInfo(key, "Test Log", "foo");
- CTLogStore store = new CTLogStore() {
- @Override
- public CTLogInfo getKnownLog(byte[] logId) {
- if (Arrays.equals(logId, log.getID())) {
- return log;
- } else {
- return null;
- }
- }
- };
-
- ctVerifier = new CTVerifier(store);
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withOCSPResponse() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] ocspResponse = readTestFile("ocsp-response.der");
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, ocspResponse);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withTLSExtension() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list");
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withEmbeddedExtension() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { certEmbedded, ca };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, null);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withoutTimestamp() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withInvalidSignature() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list-invalid");
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(1, result.getInvalidSCTs().size());
- assertEquals(VerifiedSCT.Status.INVALID_SIGNATURE,
- result.getInvalidSCTs().get(0).status);
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withUnknownLog() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list-unknown");
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(1, result.getInvalidSCTs().size());
- assertEquals(VerifiedSCT.Status.UNKNOWN_LOG,
- result.getInvalidSCTs().get(0).status);
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withInvalidEncoding() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- // Just some garbage data which will fail to deserialize
- byte[] tlsExtension = new byte[] { 1, 2, 3, 4 };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withInvalidOCSPResponse() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- // Just some garbage data which will fail to deserialize
- byte[] ocspResponse = new byte[] { 1, 2, 3, 4 };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, ocspResponse);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withMultipleTimestamps() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list-invalid");
- byte[] ocspResponse = readTestFile("ocsp-response.der");
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, ocspResponse);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(1, result.getInvalidSCTs().size());
- assertEquals(SignedCertificateTimestamp.Origin.OCSP_RESPONSE,
- result.getValidSCTs().get(0).sct.getOrigin());
- assertEquals(SignedCertificateTimestamp.Origin.TLS_EXTENSION,
- result.getInvalidSCTs().get(0).sct.getOrigin());
- }
-}
-
diff --git a/platform/src/test/java/org/conscrypt/ct/CTLogStoreImplTest.java b/platform/src/test/java/org/conscrypt/ct/CTLogStoreImplTest.java
deleted file mode 100644
index f95a3e6..0000000
--- a/platform/src/test/java/org/conscrypt/ct/CTLogStoreImplTest.java
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.conscrypt.ct;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-
-import java.io.BufferedWriter;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.PrintWriter;
-import java.nio.charset.StandardCharsets;
-import java.security.PublicKey;
-import junit.framework.TestCase;
-import org.conscrypt.InternalUtil;
-
-public class CTLogStoreImplTest extends TestCase {
- private static final String[] LOG_KEYS = new String[] {
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3U" +
- "yEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErEULmlBnX9L/+AK20hLYzPMFozYx" +
- "pP0Wm1ylqGkPEwuDKn9DSpNSOym49SN77BLGuAXu9twOW/qT+ddIYVBEIw==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP6PGcXmjlyCBz2ZFUuUjrgbZLaEF" +
- "gfLUkt2cEqlSbb4vTuB6WWmgC9h0L6PN6JF0CPcajpBKGlTI15242a8d4g==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER3qB0NADsP1szXxe4EagrD/ryPVh" +
- "Y/azWbKyXcK12zhXnO8WH2U4QROVUMctFXLflIzw0EivdRN9t7UH1Od30w==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY0ww9JqeJvzVtKNTPVb3JZa7s0ZV" +
- "duH3PpshpMS5XVoPRSjSQCph6f3HjUcM3c4N2hpa8OFbrFFy37ttUrgD+A=="
- };
- private static final String[] LOG_FILENAMES = new String[] {
- "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764",
- "84f8ae3f613b13407a75fa2893b93ab03b18d86c455fe7c241ae020033216446",
- "89baa01a445100009d8f9a238947115b30702275aafee675a7d94b6b09287619",
- "57456bffe268e49a190dce4318456034c2b4958f3c0201bed5a366737d1e74ca",
- "896c898ced4b8e6547fa351266caae4ca304f1c1ec2b623c2ee259c5452147b0"
- };
-
- private static final CTLogInfo[] LOGS;
- private static final String[] LOGS_SERIALIZED;
-
- static {
- try {
- int logCount = LOG_KEYS.length;
- LOGS = new CTLogInfo[logCount];
- LOGS_SERIALIZED = new String[logCount];
- for (int i = 0; i < logCount; i++) {
- PublicKey key = InternalUtil.readPublicKeyPem(new ByteArrayInputStream(
- ("-----BEGIN PUBLIC KEY-----\n" +
- LOG_KEYS[i] + "\n" +
- "-----END PUBLIC KEY-----\n").getBytes(StandardCharsets.US_ASCII)));
- String description = String.format("Test Log %d", i);
- String url = String.format("log%d.example.com", i);
- LOGS[i] = new CTLogInfo(key, description, url);
- LOGS_SERIALIZED[i] = String.format("description:%s\nurl:%s\nkey:%s",
- description, url, LOG_KEYS[i]);
- }
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- /* CTLogStoreImpl loads the list of logs lazily when they are first needed
- * to avoid any overhead when CT is disabled.
- * This test simply forces the logs to be loaded to make sure it doesn't
- * fail, as all of the other tests use a different log store.
- */
- public void test_getDefaultFallbackLogs() {
- CTLogInfo[] knownLogs = CTLogStoreImpl.getDefaultFallbackLogs();
- assertEquals(KnownLogs.LOG_COUNT, knownLogs.length);
- }
-
- public void test_loadLog() throws Exception {
- CTLogInfo log = CTLogStoreImpl.loadLog(
- new ByteArrayInputStream(LOGS_SERIALIZED[0].getBytes(StandardCharsets.US_ASCII)));
- assertEquals(LOGS[0], log);
-
- File testFile = writeFile(LOGS_SERIALIZED[0]);
- log = CTLogStoreImpl.loadLog(testFile);
- assertEquals(LOGS[0], log);
-
- // Empty log file, used to mask fallback logs
- assertEquals(null, CTLogStoreImpl.loadLog(new ByteArrayInputStream(new byte[0])));
- try {
- CTLogStoreImpl.loadLog(new ByteArrayInputStream(
- "randomgarbage".getBytes(StandardCharsets.US_ASCII)));
- fail("InvalidLogFileException not thrown");
- } catch (CTLogStoreImpl.InvalidLogFileException e) {}
-
- try {
- CTLogStoreImpl.loadLog(new File("/nonexistent"));
- fail("FileNotFoundException not thrown");
- } catch (FileNotFoundException e) {}
- }
-
- public void test_getKnownLog() throws Exception {
- File userDir = createTempDirectory();
- userDir.deleteOnExit();
-
- File systemDir = createTempDirectory();
- systemDir.deleteOnExit();
-
- CTLogInfo[] fallback = new CTLogInfo[] { LOGS[2], LOGS[3] };
-
- CTLogStore store = new CTLogStoreImpl(userDir, systemDir, fallback);
-
- /* Add logs 0 and 1 to the user and system directories respectively
- * Log 2 & 3 are part of the fallbacks
- * But mask log 3 with an empty file in the user directory.
- * Log 4 is not in the store
- */
- File log0File = new File(userDir, LOG_FILENAMES[0]);
- File log1File = new File(systemDir, LOG_FILENAMES[1]);
- File log3File = new File(userDir, LOG_FILENAMES[3]);
- File log4File = new File(userDir, LOG_FILENAMES[4]);
-
- writeFile(log0File, LOGS_SERIALIZED[0]);
- writeFile(log1File, LOGS_SERIALIZED[1]);
- writeFile(log3File, "");
-
- // Logs 01 are present, log 2 is in the fallback and unused, log 3 is present but masked,
- // log 4 is missing
- assertEquals(LOGS[0], store.getKnownLog(LOGS[0].getID()));
- assertEquals(LOGS[1], store.getKnownLog(LOGS[1].getID()));
- // Fallback logs are not used if the userDir is present.
- assertEquals(null, store.getKnownLog(LOGS[2].getID()));
- assertEquals(null, store.getKnownLog(LOGS[3].getID()));
- assertEquals(null, store.getKnownLog(LOGS[4].getID()));
-
- /* Test whether CTLogStoreImpl caches properly
- * Modify the files on the disk, the result of the store should not change
- * Delete log 0, mask log 1, add log 4
- */
- log0File.delete();
- writeFile(log1File, "");
- writeFile(log4File, LOGS_SERIALIZED[4]);
-
- assertEquals(LOGS[0], store.getKnownLog(LOGS[0].getID()));
- assertEquals(LOGS[1], store.getKnownLog(LOGS[1].getID()));
- assertEquals(null, store.getKnownLog(LOGS[4].getID()));
-
- // Test that fallback logs are used when the userDir doesn't exist.
- File doesntExist = new File("/doesnt/exist/");
- store = new CTLogStoreImpl(doesntExist, doesntExist, fallback);
- assertEquals(LOGS[2], store.getKnownLog(LOGS[2].getID()));
- assertEquals(LOGS[3], store.getKnownLog(LOGS[3].getID()));
- }
-
- /**
- * Create a temporary file and write to it.
- * The file will be deleted on exit.
- * @param contents The data to be written to the file
- * @return A reference to the temporary file
- */
- private File writeFile(String contents) throws IOException {
- File file = File.createTempFile("test", null);
- file.deleteOnExit();
- writeFile(file, contents);
- return file;
- }
-
- private static void writeFile(File file, String contents) throws FileNotFoundException {
- PrintWriter writer = new PrintWriter(
- new BufferedWriter(new OutputStreamWriter(new FileOutputStream(file), UTF_8)),
- false);
- try {
- writer.write(contents);
- } finally {
- writer.close();
- }
- }
-
- /*
- * This is NOT safe, as another process could create a file between delete() and mkdir()
- * It should be fine for tests though
- */
- private static File createTempDirectory() throws IOException {
- File folder = File.createTempFile("test", "");
- folder.delete();
- folder.mkdir();
- return folder;
- }
-}
-
diff --git a/repackaged/common/src/test/java/com/android/org/conscrypt/ct/CTVerifierTest.java b/repackaged/common/src/test/java/com/android/org/conscrypt/ct/CTVerifierTest.java
deleted file mode 100644
index d0d4265..0000000
--- a/repackaged/common/src/test/java/com/android/org/conscrypt/ct/CTVerifierTest.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/* GENERATED SOURCE. DO NOT MODIFY. */
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.org.conscrypt.ct;
-
-import static com.android.org.conscrypt.TestUtils.openTestFile;
-import static com.android.org.conscrypt.TestUtils.readTestFile;
-import static org.junit.Assert.assertEquals;
-
-import java.security.PublicKey;
-import java.util.Arrays;
-import com.android.org.conscrypt.OpenSSLX509Certificate;
-import com.android.org.conscrypt.TestUtils;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
-
-/**
- * @hide This class is not part of the Android public SDK API
- */
-@RunWith(JUnit4.class)
-public class CTVerifierTest {
- private OpenSSLX509Certificate ca;
- private OpenSSLX509Certificate cert;
- private OpenSSLX509Certificate certEmbedded;
- private CTVerifier ctVerifier;
-
- @Before
- public void setUp() throws Exception {
- ca = OpenSSLX509Certificate.fromX509PemInputStream(openTestFile("ca-cert.pem"));
- cert = OpenSSLX509Certificate.fromX509PemInputStream(openTestFile("cert.pem"));
- certEmbedded = OpenSSLX509Certificate.fromX509PemInputStream(
- openTestFile("cert-ct-embedded.pem"));
-
- PublicKey key = TestUtils.readPublicKeyPemFile("ct-server-key-public.pem");
-
- final CTLogInfo log = new CTLogInfo(key, "Test Log", "foo");
- CTLogStore store = new CTLogStore() {
- @Override
- public CTLogInfo getKnownLog(byte[] logId) {
- if (Arrays.equals(logId, log.getID())) {
- return log;
- } else {
- return null;
- }
- }
- };
-
- ctVerifier = new CTVerifier(store);
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withOCSPResponse() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] ocspResponse = readTestFile("ocsp-response.der");
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, ocspResponse);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withTLSExtension() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list");
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withEmbeddedExtension() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { certEmbedded, ca };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, null);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withoutTimestamp() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withInvalidSignature() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list-invalid");
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(1, result.getInvalidSCTs().size());
- assertEquals(VerifiedSCT.Status.INVALID_SIGNATURE,
- result.getInvalidSCTs().get(0).status);
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withUnknownLog() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list-unknown");
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(1, result.getInvalidSCTs().size());
- assertEquals(VerifiedSCT.Status.UNKNOWN_LOG,
- result.getInvalidSCTs().get(0).status);
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withInvalidEncoding() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- // Just some garbage data which will fail to deserialize
- byte[] tlsExtension = new byte[] { 1, 2, 3, 4 };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, null);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withInvalidOCSPResponse() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- // Just some garbage data which will fail to deserialize
- byte[] ocspResponse = new byte[] { 1, 2, 3, 4 };
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, null, ocspResponse);
- assertEquals(0, result.getValidSCTs().size());
- assertEquals(0, result.getInvalidSCTs().size());
- }
-
- @Test
- public void test_verifySignedCertificateTimestamps_withMultipleTimestamps() throws Exception {
- OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] { cert, ca };
-
- byte[] tlsExtension = readTestFile("ct-signed-timestamp-list-invalid");
- byte[] ocspResponse = readTestFile("ocsp-response.der");
-
- CTVerificationResult result =
- ctVerifier.verifySignedCertificateTimestamps(chain, tlsExtension, ocspResponse);
- assertEquals(1, result.getValidSCTs().size());
- assertEquals(1, result.getInvalidSCTs().size());
- assertEquals(SignedCertificateTimestamp.Origin.OCSP_RESPONSE,
- result.getValidSCTs().get(0).sct.getOrigin());
- assertEquals(SignedCertificateTimestamp.Origin.TLS_EXTENSION,
- result.getInvalidSCTs().get(0).sct.getOrigin());
- }
-}
-
diff --git a/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/CTLogStoreImplTest.java b/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/CTLogStoreImplTest.java
deleted file mode 100644
index c7e6efa..0000000
--- a/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/CTLogStoreImplTest.java
+++ /dev/null
@@ -1,208 +0,0 @@
-/* GENERATED SOURCE. DO NOT MODIFY. */
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.org.conscrypt.ct;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-
-import com.android.org.conscrypt.InternalUtil;
-import java.io.BufferedWriter;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.PrintWriter;
-import java.nio.charset.StandardCharsets;
-import java.security.PublicKey;
-import junit.framework.TestCase;
-
-/**
- * @hide This class is not part of the Android public SDK API
- */
-public class CTLogStoreImplTest extends TestCase {
- private static final String[] LOG_KEYS = new String[] {
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3U" +
- "yEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErEULmlBnX9L/+AK20hLYzPMFozYx" +
- "pP0Wm1ylqGkPEwuDKn9DSpNSOym49SN77BLGuAXu9twOW/qT+ddIYVBEIw==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP6PGcXmjlyCBz2ZFUuUjrgbZLaEF" +
- "gfLUkt2cEqlSbb4vTuB6WWmgC9h0L6PN6JF0CPcajpBKGlTI15242a8d4g==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER3qB0NADsP1szXxe4EagrD/ryPVh" +
- "Y/azWbKyXcK12zhXnO8WH2U4QROVUMctFXLflIzw0EivdRN9t7UH1Od30w==",
-
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY0ww9JqeJvzVtKNTPVb3JZa7s0ZV" +
- "duH3PpshpMS5XVoPRSjSQCph6f3HjUcM3c4N2hpa8OFbrFFy37ttUrgD+A=="
- };
- private static final String[] LOG_FILENAMES = new String[] {
- "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764",
- "84f8ae3f613b13407a75fa2893b93ab03b18d86c455fe7c241ae020033216446",
- "89baa01a445100009d8f9a238947115b30702275aafee675a7d94b6b09287619",
- "57456bffe268e49a190dce4318456034c2b4958f3c0201bed5a366737d1e74ca",
- "896c898ced4b8e6547fa351266caae4ca304f1c1ec2b623c2ee259c5452147b0"
- };
-
- private static final CTLogInfo[] LOGS;
- private static final String[] LOGS_SERIALIZED;
-
- static {
- try {
- int logCount = LOG_KEYS.length;
- LOGS = new CTLogInfo[logCount];
- LOGS_SERIALIZED = new String[logCount];
- for (int i = 0; i < logCount; i++) {
- PublicKey key = InternalUtil.readPublicKeyPem(new ByteArrayInputStream(
- ("-----BEGIN PUBLIC KEY-----\n" + LOG_KEYS[i] + "\n"
- + "-----END PUBLIC KEY-----\n")
- .getBytes(StandardCharsets.US_ASCII)));
- String description = String.format("Test Log %d", i);
- String url = String.format("log%d.example.com", i);
- LOGS[i] = new CTLogInfo(key, description, url);
- LOGS_SERIALIZED[i] = String.format("description:%s\nurl:%s\nkey:%s",
- description, url, LOG_KEYS[i]);
- }
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- /* CTLogStoreImpl loads the list of logs lazily when they are first needed
- * to avoid any overhead when CT is disabled.
- * This test simply forces the logs to be loaded to make sure it doesn't
- * fail, as all of the other tests use a different log store.
- */
- public void test_getDefaultFallbackLogs() {
- CTLogInfo[] knownLogs = CTLogStoreImpl.getDefaultFallbackLogs();
- assertEquals(KnownLogs.LOG_COUNT, knownLogs.length);
- }
-
- public void test_loadLog() throws Exception {
- CTLogInfo log = CTLogStoreImpl.loadLog(
- new ByteArrayInputStream(LOGS_SERIALIZED[0].getBytes(StandardCharsets.US_ASCII)));
- assertEquals(LOGS[0], log);
-
- File testFile = writeFile(LOGS_SERIALIZED[0]);
- log = CTLogStoreImpl.loadLog(testFile);
- assertEquals(LOGS[0], log);
-
- // Empty log file, used to mask fallback logs
- assertEquals(null, CTLogStoreImpl.loadLog(new ByteArrayInputStream(new byte[0])));
- try {
- CTLogStoreImpl.loadLog(
- new ByteArrayInputStream("randomgarbage".getBytes(StandardCharsets.US_ASCII)));
- fail("InvalidLogFileException not thrown");
- } catch (CTLogStoreImpl.InvalidLogFileException e) {}
-
- try {
- CTLogStoreImpl.loadLog(new File("/nonexistent"));
- fail("FileNotFoundException not thrown");
- } catch (FileNotFoundException e) {}
- }
-
- public void test_getKnownLog() throws Exception {
- File userDir = createTempDirectory();
- userDir.deleteOnExit();
-
- File systemDir = createTempDirectory();
- systemDir.deleteOnExit();
-
- CTLogInfo[] fallback = new CTLogInfo[] { LOGS[2], LOGS[3] };
-
- CTLogStore store = new CTLogStoreImpl(userDir, systemDir, fallback);
-
- /* Add logs 0 and 1 to the user and system directories respectively
- * Log 2 & 3 are part of the fallbacks
- * But mask log 3 with an empty file in the user directory.
- * Log 4 is not in the store
- */
- File log0File = new File(userDir, LOG_FILENAMES[0]);
- File log1File = new File(systemDir, LOG_FILENAMES[1]);
- File log3File = new File(userDir, LOG_FILENAMES[3]);
- File log4File = new File(userDir, LOG_FILENAMES[4]);
-
- writeFile(log0File, LOGS_SERIALIZED[0]);
- writeFile(log1File, LOGS_SERIALIZED[1]);
- writeFile(log3File, "");
-
- // Logs 01 are present, log 2 is in the fallback and unused, log 3 is present but masked,
- // log 4 is missing
- assertEquals(LOGS[0], store.getKnownLog(LOGS[0].getID()));
- assertEquals(LOGS[1], store.getKnownLog(LOGS[1].getID()));
- // Fallback logs are not used if the userDir is present.
- assertEquals(null, store.getKnownLog(LOGS[2].getID()));
- assertEquals(null, store.getKnownLog(LOGS[3].getID()));
- assertEquals(null, store.getKnownLog(LOGS[4].getID()));
-
- /* Test whether CTLogStoreImpl caches properly
- * Modify the files on the disk, the result of the store should not change
- * Delete log 0, mask log 1, add log 4
- */
- log0File.delete();
- writeFile(log1File, "");
- writeFile(log4File, LOGS_SERIALIZED[4]);
-
- assertEquals(LOGS[0], store.getKnownLog(LOGS[0].getID()));
- assertEquals(LOGS[1], store.getKnownLog(LOGS[1].getID()));
- assertEquals(null, store.getKnownLog(LOGS[4].getID()));
-
- // Test that fallback logs are used when the userDir doesn't exist.
- File doesntExist = new File("/doesnt/exist/");
- store = new CTLogStoreImpl(doesntExist, doesntExist, fallback);
- assertEquals(LOGS[2], store.getKnownLog(LOGS[2].getID()));
- assertEquals(LOGS[3], store.getKnownLog(LOGS[3].getID()));
- }
-
- /**
- * Create a temporary file and write to it.
- * The file will be deleted on exit.
- * @param contents The data to be written to the file
- * @return A reference to the temporary file
- */
- private File writeFile(String contents) throws IOException {
- File file = File.createTempFile("test", null);
- file.deleteOnExit();
- writeFile(file, contents);
- return file;
- }
-
- private static void writeFile(File file, String contents) throws FileNotFoundException {
- PrintWriter writer = new PrintWriter(
- new BufferedWriter(new OutputStreamWriter(new FileOutputStream(file), UTF_8)),
- false);
- try {
- writer.write(contents);
- } finally {
- writer.close();
- }
- }
-
- /*
- * This is NOT safe, as another process could create a file between delete() and mkdir()
- * It should be fine for tests though
- */
- private static File createTempDirectory() throws IOException {
- File folder = File.createTempFile("test", "");
- folder.delete();
- folder.mkdir();
- return folder;
- }
-}
-