Add a function for parsing RFC 5280's "Certificate".

net/cert/internal/parse_certificate_unittest.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/parse_certificate.h"
+
+#include "net/cert/internal/test_helpers.h"
+#include "net/der/input.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace {
+
+std::string GetFilePath(const std::string file_name) {
+  return std::string("net/data/parse_certificate_unittest/") + file_name;
+}
+
+// Loads certificate data and expectations from the PEM file |file_name|.
+// Verifies that parsing the Certificate succeeds, and each parsed field matches
+// the expectations.
+void EnsureParsingCertificateSucceds(const std::string& file_name) {
+  std::string data;
+  std::string expected_tbs_certificate;
+  std::string expected_signature_algorithm;
+  std::string expected_signature;
+
+  // Read the certificate data and test expectations from a single PEM file.
+  const PemBlockMapping mappings[] = {
+      {"CERTIFICATE", &data},
+      {"SIGNATURE", &expected_signature},
+      {"SIGNATURE ALGORITHM", &expected_signature_algorithm},
+      {"TBS CERTIFICATE", &expected_tbs_certificate},
+  };
+  ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings));
+
+  // Parsing the certificate should succeed.
+  ParsedCertificate parsed;
+  ASSERT_TRUE(ParseCertificate(InputFromString(&data), &parsed));
+
+  // Ensure that the ParsedCertificate matches expectations.
+  EXPECT_EQ(0, parsed.signature_value.unused_bits());
+  EXPECT_EQ(InputFromString(&expected_signature),
+            parsed.signature_value.bytes());
+  EXPECT_EQ(InputFromString(&expected_signature_algorithm),
+            parsed.signature_algorithm_tlv);
+  EXPECT_EQ(InputFromString(&expected_tbs_certificate),
+            parsed.tbs_certificate_tlv);
+}
+
+// Loads certificate data from the PEM file |file_name| and verifies that the
+// Certificate parsing fails.
+void EnsureParsingCertificateFails(const std::string& file_name) {
+  std::string data;
+
+  const PemBlockMapping mappings[] = {
+      {"CERTIFICATE", &data},
+  };
+
+  ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings));
+
+  // Parsing the Certificate should fail.
+  ParsedCertificate parsed;
+  ASSERT_FALSE(ParseCertificate(InputFromString(&data), &parsed));
+}
+
+// Tests parsing a Certificate.
+TEST(ParseCertificateTest, Version3) {
+  EnsureParsingCertificateSucceds("cert_version3.pem");
+}
+
+// Tests parsing a simplified Certificate-like structure (the sub-fields for
+// algorithm and tbsCertificate are not actually valid, but ParseCertificate()
+// doesn't check them)
+TEST(ParseCertificateTest, Skeleton) {
+  EnsureParsingCertificateSucceds("cert_skeleton.pem");
+}
+
+// Tests parsing a Certificate that is not a sequence fails.
+TEST(ParseCertificateTest, NotSequence) {
+  EnsureParsingCertificateFails("cert_not_sequence.pem");
+}
+
+// Tests that uncomsumed data is not allowed after the main SEQUENCE.
+TEST(ParseCertificateTest, DataAfterSignature) {
+  EnsureParsingCertificateFails("cert_data_after_signature.pem");
+}
+
+// Tests that parsing fails if the signature BIT STRING is missing.
+TEST(ParseCertificateTest, MissingSignature) {
+  EnsureParsingCertificateFails("cert_missing_signature.pem");
+}
+
+// Tests that parsing fails if the signature is present but not a BIT STRING.
+TEST(ParseCertificateTest, SignatureNotBitString) {
+  EnsureParsingCertificateFails("cert_signature_not_bit_string.pem");
+}
+
+// Tests that parsing fails if the main SEQUENCE is empty (missing all the
+// fields).
+TEST(ParseCertificateTest, EmptySequence) {
+  EnsureParsingCertificateFails("cert_empty_sequence.pem");
+}
+
+// Tests what happens when the signature algorithm is present, but has the wrong
+// tag.
+TEST(ParseCertificateTest, AlgorithmNotSequence) {
+  EnsureParsingCertificateFails("cert_algorithm_not_sequence.pem");
+}
+
+}  // namespace
+
+}  // namespace net