| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/parse_certificate.h" | 5 #include "net/cert/internal/parse_certificate.h" |
| 6 | 6 |
| 7 #include "base/strings/stringprintf.h" |
| 7 #include "net/cert/internal/test_helpers.h" | 8 #include "net/cert/internal/test_helpers.h" |
| 8 #include "net/der/input.h" | 9 #include "net/der/input.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 10 #include "testing/gtest/include/gtest/gtest.h" |
| 10 | 11 |
| 11 namespace net { | 12 namespace net { |
| 12 | 13 |
| 13 namespace { | 14 namespace { |
| 14 | 15 |
| 16 // Pretty-prints a GeneralizedTime as a human-readable string for use in test |
| 17 // expectations (it is more readable to specify the expected results as a |
| 18 // string). |
| 19 std::string ToString(const der::GeneralizedTime& time) { |
| 20 return base::StringPrintf( |
| 21 "year=%d, month=%d, day=%d, hours=%d, minutes=%d, seconds=%d", time.year, |
| 22 time.month, time.day, time.hours, time.minutes, time.seconds); |
| 23 } |
| 24 |
| 15 std::string GetFilePath(const std::string file_name) { | 25 std::string GetFilePath(const std::string file_name) { |
| 16 return std::string("net/data/parse_certificate_unittest/") + file_name; | 26 return std::string("net/data/parse_certificate_unittest/") + file_name; |
| 17 } | 27 } |
| 18 | 28 |
| 19 // Loads certificate data and expectations from the PEM file |file_name|. | 29 // Loads certificate data and expectations from the PEM file |file_name|. |
| 20 // Verifies that parsing the Certificate succeeds, and each parsed field matches | 30 // Verifies that parsing the Certificate succeeds, and each parsed field matches |
| 21 // the expectations. | 31 // the expectations. |
| 22 void EnsureParsingCertificateSucceeds(const std::string& file_name) { | 32 void EnsureParsingCertificateSucceeds(const std::string& file_name) { |
| 23 std::string data; | 33 std::string data; |
| 24 std::string expected_tbs_certificate; | 34 std::string expected_tbs_certificate; |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 110 | 120 |
| 111 // Loads tbsCertificate data and expectations from the PEM file |file_name|. | 121 // Loads tbsCertificate data and expectations from the PEM file |file_name|. |
| 112 // Verifies that parsing the TBSCertificate succeeds, and each parsed field | 122 // Verifies that parsing the TBSCertificate succeeds, and each parsed field |
| 113 // matches the expectations. | 123 // matches the expectations. |
| 114 void EnsureParsingTbsSucceeds(const std::string& file_name, | 124 void EnsureParsingTbsSucceeds(const std::string& file_name, |
| 115 CertificateVersion expected_version) { | 125 CertificateVersion expected_version) { |
| 116 std::string data; | 126 std::string data; |
| 117 std::string expected_serial_number; | 127 std::string expected_serial_number; |
| 118 std::string expected_signature_algorithm; | 128 std::string expected_signature_algorithm; |
| 119 std::string expected_issuer; | 129 std::string expected_issuer; |
| 120 std::string expected_validity; | 130 std::string expected_validity_not_before; |
| 131 std::string expected_validity_not_after; |
| 121 std::string expected_subject; | 132 std::string expected_subject; |
| 122 std::string expected_spki; | 133 std::string expected_spki; |
| 123 std::string expected_issuer_unique_id; | 134 std::string expected_issuer_unique_id; |
| 124 std::string expected_subject_unique_id; | 135 std::string expected_subject_unique_id; |
| 125 std::string expected_extensions; | 136 std::string expected_extensions; |
| 126 | 137 |
| 127 // Read the certificate data and test expectations from a single PEM file. | 138 // Read the certificate data and test expectations from a single PEM file. |
| 128 const PemBlockMapping mappings[] = { | 139 const PemBlockMapping mappings[] = { |
| 129 {"TBS CERTIFICATE", &data}, | 140 {"TBS CERTIFICATE", &data}, |
| 130 {"SIGNATURE ALGORITHM", &expected_signature_algorithm}, | 141 {"SIGNATURE ALGORITHM", &expected_signature_algorithm}, |
| 131 {"SERIAL NUMBER", &expected_serial_number}, | 142 {"SERIAL NUMBER", &expected_serial_number}, |
| 132 {"ISSUER", &expected_issuer}, | 143 {"ISSUER", &expected_issuer}, |
| 133 {"VALIDITY", &expected_validity}, | 144 {"VALIDITY NOTBEFORE", &expected_validity_not_before}, |
| 145 {"VALIDITY NOTAFTER", &expected_validity_not_after}, |
| 134 {"SUBJECT", &expected_subject}, | 146 {"SUBJECT", &expected_subject}, |
| 135 {"SPKI", &expected_spki}, | 147 {"SPKI", &expected_spki}, |
| 136 {"ISSUER UNIQUE ID", &expected_issuer_unique_id, true}, | 148 {"ISSUER UNIQUE ID", &expected_issuer_unique_id, true}, |
| 137 {"SUBJECT UNIQUE ID", &expected_subject_unique_id, true}, | 149 {"SUBJECT UNIQUE ID", &expected_subject_unique_id, true}, |
| 138 {"EXTENSIONS", &expected_extensions, true}, | 150 {"EXTENSIONS", &expected_extensions, true}, |
| 139 }; | 151 }; |
| 140 ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings)); | 152 ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings)); |
| 141 | 153 |
| 142 // Parsing the TBSCertificate should succeed. | 154 // Parsing the TBSCertificate should succeed. |
| 143 ParsedTbsCertificate parsed; | 155 ParsedTbsCertificate parsed; |
| 144 ASSERT_TRUE(ParseTbsCertificate(InputFromString(&data), &parsed)); | 156 ASSERT_TRUE(ParseTbsCertificate(InputFromString(&data), &parsed)); |
| 145 | 157 |
| 146 // Ensure that the ParsedTbsCertificate matches expectations. | 158 // Ensure that the ParsedTbsCertificate matches expectations. |
| 147 EXPECT_EQ(expected_version, parsed.version); | 159 EXPECT_EQ(expected_version, parsed.version); |
| 148 | 160 |
| 149 EXPECT_EQ(InputFromString(&expected_serial_number), parsed.serial_number); | 161 EXPECT_EQ(InputFromString(&expected_serial_number), parsed.serial_number); |
| 150 EXPECT_EQ(InputFromString(&expected_signature_algorithm), | 162 EXPECT_EQ(InputFromString(&expected_signature_algorithm), |
| 151 parsed.signature_algorithm_tlv); | 163 parsed.signature_algorithm_tlv); |
| 152 | 164 |
| 153 EXPECT_EQ(InputFromString(&expected_issuer), parsed.issuer_tlv); | 165 EXPECT_EQ(InputFromString(&expected_issuer), parsed.issuer_tlv); |
| 154 EXPECT_EQ(InputFromString(&expected_validity), parsed.validity_tlv); | 166 |
| 167 // In the test expectations PEM file, validity is described as a |
| 168 // textual string of the parsed value (rather than as DER). |
| 169 EXPECT_EQ(expected_validity_not_before, ToString(parsed.validity_not_before)); |
| 170 EXPECT_EQ(expected_validity_not_after, ToString(parsed.validity_not_after)); |
| 171 |
| 155 EXPECT_EQ(InputFromString(&expected_subject), parsed.subject_tlv); | 172 EXPECT_EQ(InputFromString(&expected_subject), parsed.subject_tlv); |
| 156 EXPECT_EQ(InputFromString(&expected_spki), parsed.spki_tlv); | 173 EXPECT_EQ(InputFromString(&expected_spki), parsed.spki_tlv); |
| 157 | 174 |
| 158 EXPECT_EQ(InputFromString(&expected_issuer_unique_id), | 175 EXPECT_EQ(InputFromString(&expected_issuer_unique_id), |
| 159 parsed.issuer_unique_id.bytes()); | 176 parsed.issuer_unique_id.bytes()); |
| 160 EXPECT_EQ(!expected_issuer_unique_id.empty(), parsed.has_issuer_unique_id); | 177 EXPECT_EQ(!expected_issuer_unique_id.empty(), parsed.has_issuer_unique_id); |
| 161 EXPECT_EQ(InputFromString(&expected_subject_unique_id), | 178 EXPECT_EQ(InputFromString(&expected_subject_unique_id), |
| 162 parsed.subject_unique_id.bytes()); | 179 parsed.subject_unique_id.bytes()); |
| 163 EXPECT_EQ(!expected_subject_unique_id.empty(), parsed.has_subject_unique_id); | 180 EXPECT_EQ(!expected_subject_unique_id.empty(), parsed.has_subject_unique_id); |
| 164 | 181 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 267 TEST(ParseTbsCertificateTest, Version3DataAfterExtensions) { | 284 TEST(ParseTbsCertificateTest, Version3DataAfterExtensions) { |
| 268 EnsureParsingTbsFails("tbs_v3_data_after_extensions.pem"); | 285 EnsureParsingTbsFails("tbs_v3_data_after_extensions.pem"); |
| 269 } | 286 } |
| 270 | 287 |
| 271 // Tests using a real-world certificate (whereas the other tests are fabricated | 288 // Tests using a real-world certificate (whereas the other tests are fabricated |
| 272 // (and in fact invalid) data. | 289 // (and in fact invalid) data. |
| 273 TEST(ParseTbsCertificateTest, Version3Real) { | 290 TEST(ParseTbsCertificateTest, Version3Real) { |
| 274 EnsureParsingTbsSucceeds("tbs_v3_real.pem", CertificateVersion::V3); | 291 EnsureParsingTbsSucceeds("tbs_v3_real.pem", CertificateVersion::V3); |
| 275 } | 292 } |
| 276 | 293 |
| 294 // Parses a TBSCertificate whose "validity" field expresses both notBefore |
| 295 // and notAfter using UTCTime. |
| 296 TEST(ParseTbsCertificateTest, ValidityBothUtcTime) { |
| 297 EnsureParsingTbsSucceeds("tbs_validity_both_utc_time.pem", |
| 298 CertificateVersion::V3); |
| 299 } |
| 300 |
| 301 // Parses a TBSCertificate whose "validity" field expresses both notBefore |
| 302 // and notAfter using GeneralizedTime. |
| 303 TEST(ParseTbsCertificateTest, ValidityBothGeneralizedTime) { |
| 304 EnsureParsingTbsSucceeds("tbs_validity_both_generalized_time.pem", |
| 305 CertificateVersion::V3); |
| 306 } |
| 307 |
| 308 // Parses a TBSCertificate whose "validity" field expresses notBefore using |
| 309 // UTCTime and notAfter using GeneralizedTime. |
| 310 TEST(ParseTbsCertificateTest, ValidityUTCTimeAndGeneralizedTime) { |
| 311 EnsureParsingTbsSucceeds("tbs_validity_utc_time_and_generalized_time.pem", |
| 312 CertificateVersion::V3); |
| 313 } |
| 314 |
| 315 // Parses a TBSCertificate whose validity" field expresses notBefore using |
| 316 // GeneralizedTime and notAfter using UTCTime. Also of interest, notBefore > |
| 317 // notAfter. Parsing will succeed, however no time can satisfy this constraint. |
| 318 TEST(ParseTbsCertificateTest, ValidityGeneralizedTimeAndUTCTime) { |
| 319 EnsureParsingTbsSucceeds("tbs_validity_generalized_time_and_utc_time.pem", |
| 320 CertificateVersion::V3); |
| 321 } |
| 322 |
| 323 // Parses a TBSCertificate whose "validity" field does not strictly follow |
| 324 // the DER rules (and fails to be parsed). |
| 325 TEST(ParseTbsCertificateTest, ValidityRelaxed) { |
| 326 EnsureParsingTbsFails("tbs_validity_relaxed.pem"); |
| 327 } |
| 328 |
| 277 } // namespace | 329 } // namespace |
| 278 | 330 |
| 279 } // namespace net | 331 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1285593003:
Add parsing code for TBSCertificate's "validity" field. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_parsing