Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/parse_certificate_unittest.cc

Issue 1288193003: Add a function for parsing RFC 5280's "Certificate". (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test_helpers
Patch Set: rebase onto master Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/internal/parse_certificate.cc ('K') | « net/cert/internal/parse_certificate.cc ('k') | net/cert/internal/test_helpers.h » ('j') | net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/parse_certificate_unittest.cc
diff --git a/net/cert/internal/parse_certificate_unittest.cc b/net/cert/internal/parse_certificate_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d83d6a58a6b29abe78d8ce965f940c3c7db70cfa
--- /dev/null
+++ b/net/cert/internal/parse_certificate_unittest.cc
@@ -0,0 +1,113 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/internal/parse_certificate.h"
+
+#include "net/cert/internal/test_helpers.h"
+#include "net/der/input.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace {
+
+std::string GetFilePath(const std::string file_name) {
+ return std::string("net/data/parse_certificate_unittest/") + file_name;
+}
+
+// Loads certificate data and expectations from the PEM file |file_name|.
+// Verifies that parsing the Certificate succeeds, and each parsed field matches
+// the expectations.
+void EnsureParsingCertificateSucceds(const std::string& file_name) {
+ std::string data;
+ std::string expected_tbs_certificate;
+ std::string expected_signature_algorithm;
+ std::string expected_signature;
+
+ // Read the certificate data and test expectations from a single PEM file.
+ const PemBlockMapping mappings[] = {
+ {"CERTIFICATE", &data},
+ {"SIGNATURE", &expected_signature},
+ {"SIGNATURE ALGORITHM", &expected_signature_algorithm},
+ {"TBS CERTIFICATE", &expected_tbs_certificate},
+ };
+ ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings));
+
+ // Parsing the certificate should succeed.
+ ParsedCertificate parsed;
+ ASSERT_TRUE(ParseCertificate(InputFromString(&data), &parsed));
+
+ // Ensure that the ParsedCertificate matches expectations.
+ EXPECT_EQ(0, parsed.signature_value.unused_bits());
+ EXPECT_EQ(InputFromString(&expected_signature),
+ parsed.signature_value.bytes());
+ EXPECT_EQ(InputFromString(&expected_signature_algorithm),
+ parsed.signature_algorithm_tlv);
+ EXPECT_EQ(InputFromString(&expected_tbs_certificate),
+ parsed.tbs_certificate_tlv);
+}
+
+// Loads certificate data from the PEM file |file_name| and verifies that the
+// Certificate parsing fails.
+void EnsureParsingCertificateFails(const std::string& file_name) {
+ std::string data;
+
+ const PemBlockMapping mappings[] = {
+ {"CERTIFICATE", &data},
+ };
+
+ ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings));
+
+ // Parsing the Certificate should fail.
+ ParsedCertificate parsed;
+ ASSERT_FALSE(ParseCertificate(InputFromString(&data), &parsed));
+}
+
+// Tests parsing a Certificate.
+TEST(ParseCertificateTest, Version3) {
+ EnsureParsingCertificateSucceds("cert_version3.pem");
+}
+
+// Tests parsing a simplified Certificate-like structure (the sub-fields for
+// algorithm and tbsCertificate are not actually valid, but ParseCertificate()
+// doesn't check them)
+TEST(ParseCertificateTest, Skeleton) {
+ EnsureParsingCertificateSucceds("cert_skeleton.pem");
+}
+
+// Tests parsing a Certificate that is not a sequence fails.
+TEST(ParseCertificateTest, NotSequence) {
+ EnsureParsingCertificateFails("cert_not_sequence.pem");
+}
+
+// Tests that uncomsumed data is not allowed after the main SEQUENCE.
+TEST(ParseCertificateTest, DataAfterSignature) {
+ EnsureParsingCertificateFails("cert_data_after_signature.pem");
+}
+
+// Tests that parsing fails if the signature BIT STRING is missing.
+TEST(ParseCertificateTest, MissingSignature) {
+ EnsureParsingCertificateFails("cert_missing_signature.pem");
+}
+
+// Tests that parsing fails if the signature is present but not a BIT STRING.
+TEST(ParseCertificateTest, SignatureNotBitString) {
+ EnsureParsingCertificateFails("cert_signature_not_bit_string.pem");
+}
+
+// Tests that parsing fails if the main SEQUENCE is empty (missing all the
+// fields).
+TEST(ParseCertificateTest, EmptySequence) {
+ EnsureParsingCertificateFails("cert_empty_sequence.pem");
+}
+
+// Tests what happens when the signature algorithm is present, but has the wrong
+// tag.
+TEST(ParseCertificateTest, AlgorithmNotSequence) {
+ EnsureParsingCertificateFails("cert_algorithm_not_sequence.pem");
+}
+
+} // namespace
+
+} // namespace net
« net/cert/internal/parse_certificate.cc ('K') | « net/cert/internal/parse_certificate.cc ('k') | net/cert/internal/test_helpers.h » ('j') | net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem » ('J')

Powered by Google App Engine
This is Rietveld 408576698