| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ | 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ |
| 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ | 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ |
| 7 | 7 |
| 8 #include "base/base_paths.h" | |
| 9 #include "base/files/file_util.h" | |
| 10 #include "base/path_service.h" | |
| 11 #include "net/cert/internal/parsed_certificate.h" | 8 #include "net/cert/internal/parsed_certificate.h" |
| 12 #include "net/cert/internal/test_helpers.h" | 9 #include "net/cert/internal/test_helpers.h" |
| 13 #include "net/cert/pem_tokenizer.h" | |
| 14 #include "net/der/input.h" | 10 #include "net/der/input.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" | 11 #include "testing/gtest/include/gtest/gtest.h" |
| 16 | 12 |
| 17 namespace net { | 13 namespace net { |
| 18 | 14 |
| 19 template <typename TestDelegate> | 15 template <typename TestDelegate> |
| 20 class VerifyCertificateChainTest : public ::testing::Test { | 16 class VerifyCertificateChainTest : public ::testing::Test { |
| 21 public: | 17 public: |
| 22 void RunTest(const char* file_name) { | 18 void RunTest(const char* file_name) { |
| 23 ParsedCertificateList chain; | 19 ParsedCertificateList chain; |
| 24 ParsedCertificateList roots; | 20 ParsedCertificateList roots; |
| 25 der::GeneralizedTime time; | 21 der::GeneralizedTime time; |
| 26 bool expected_result; | 22 bool expected_result; |
| 27 | 23 |
| 28 ReadTestFromFile(file_name, &chain, &roots, &time, &expected_result); | 24 ReadCertChainTestFromFile( |
| 25 std::string("net/data/verify_certificate_chain_unittest/") + file_name, |
| 26 &chain, &roots, &time, &expected_result); |
| 29 | 27 |
| 30 TestDelegate::Verify(chain, roots, time, expected_result); | 28 TestDelegate::Verify(chain, roots, time, expected_result); |
| 31 } | 29 } |
| 32 | |
| 33 private: | |
| 34 // Reads a data file from the unit-test data. | |
| 35 std::string ReadTestFileToString(const std::string& file_name) { | |
| 36 // Compute the full path, relative to the src/ directory. | |
| 37 base::FilePath src_root; | |
| 38 PathService::Get(base::DIR_SOURCE_ROOT, &src_root); | |
| 39 base::FilePath filepath = src_root.AppendASCII( | |
| 40 std::string("net/data/verify_certificate_chain_unittest/") + file_name); | |
| 41 | |
| 42 // Read the full contents of the file. | |
| 43 std::string file_data; | |
| 44 if (!base::ReadFileToString(filepath, &file_data)) { | |
| 45 ADD_FAILURE() << "Couldn't read file: " << filepath.value(); | |
| 46 return std::string(); | |
| 47 } | |
| 48 | |
| 49 return file_data; | |
| 50 } | |
| 51 | |
| 52 // Reads a test case from |file_name|. Test cases are comprised of a | |
| 53 // certificate chain, trust store, a timestamp to validate at, and the | |
| 54 // expected result of verification. | |
| 55 void ReadTestFromFile(const std::string& file_name, | |
| 56 ParsedCertificateList* chain, | |
| 57 ParsedCertificateList* roots, | |
| 58 der::GeneralizedTime* time, | |
| 59 bool* verify_result) { | |
| 60 chain->clear(); | |
| 61 roots->clear(); | |
| 62 | |
| 63 std::string file_data = ReadTestFileToString(file_name); | |
| 64 | |
| 65 std::vector<std::string> pem_headers; | |
| 66 | |
| 67 const char kCertificateHeader[] = "CERTIFICATE"; | |
| 68 const char kTrustedCertificateHeader[] = "TRUSTED_CERTIFICATE"; | |
| 69 const char kTimeHeader[] = "TIME"; | |
| 70 const char kResultHeader[] = "VERIFY_RESULT"; | |
| 71 | |
| 72 pem_headers.push_back(kCertificateHeader); | |
| 73 pem_headers.push_back(kTrustedCertificateHeader); | |
| 74 pem_headers.push_back(kTimeHeader); | |
| 75 pem_headers.push_back(kResultHeader); | |
| 76 | |
| 77 bool has_time = false; | |
| 78 bool has_result = false; | |
| 79 | |
| 80 PEMTokenizer pem_tokenizer(file_data, pem_headers); | |
| 81 while (pem_tokenizer.GetNext()) { | |
| 82 const std::string& block_type = pem_tokenizer.block_type(); | |
| 83 const std::string& block_data = pem_tokenizer.data(); | |
| 84 | |
| 85 if (block_type == kCertificateHeader) { | |
| 86 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( | |
| 87 reinterpret_cast<const uint8_t*>(block_data.data()), | |
| 88 block_data.size(), | |
| 89 net::ParsedCertificate::DataSource::INTERNAL_COPY, {}, chain)); | |
| 90 } else if (block_type == kTrustedCertificateHeader) { | |
| 91 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( | |
| 92 reinterpret_cast<const uint8_t*>(block_data.data()), | |
| 93 block_data.size(), | |
| 94 net::ParsedCertificate::DataSource::INTERNAL_COPY, {}, roots)); | |
| 95 } else if (block_type == kTimeHeader) { | |
| 96 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; | |
| 97 has_time = true; | |
| 98 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); | |
| 99 } else if (block_type == kResultHeader) { | |
| 100 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; | |
| 101 ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") | |
| 102 << "Unrecognized result: " << block_data; | |
| 103 has_result = true; | |
| 104 *verify_result = block_data == "SUCCESS"; | |
| 105 } | |
| 106 } | |
| 107 | |
| 108 ASSERT_TRUE(has_time); | |
| 109 ASSERT_TRUE(has_result); | |
| 110 } | |
| 111 }; | 30 }; |
| 112 | 31 |
| 113 // Tests that have only one root. These can be tested without requiring any | 32 // Tests that have only one root. These can be tested without requiring any |
| 114 // path-building ability. | 33 // path-building ability. |
| 115 template <typename TestDelegate> | 34 template <typename TestDelegate> |
| 116 class VerifyCertificateChainSingleRootTest | 35 class VerifyCertificateChainSingleRootTest |
| 117 : public VerifyCertificateChainTest<TestDelegate> {}; | 36 : public VerifyCertificateChainTest<TestDelegate> {}; |
| 118 | 37 |
| 119 TYPED_TEST_CASE_P(VerifyCertificateChainSingleRootTest); | 38 TYPED_TEST_CASE_P(VerifyCertificateChainSingleRootTest); |
| 120 | 39 |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 296 TYPED_TEST_P(VerifyCertificateChainNonSingleRootTest, UnknownRoot) { | 215 TYPED_TEST_P(VerifyCertificateChainNonSingleRootTest, UnknownRoot) { |
| 297 this->RunTest("unknown-root.pem"); | 216 this->RunTest("unknown-root.pem"); |
| 298 } | 217 } |
| 299 | 218 |
| 300 REGISTER_TYPED_TEST_CASE_P(VerifyCertificateChainNonSingleRootTest, | 219 REGISTER_TYPED_TEST_CASE_P(VerifyCertificateChainNonSingleRootTest, |
| 301 UnknownRoot); | 220 UnknownRoot); |
| 302 | 221 |
| 303 } // namespace net | 222 } // namespace net |
| 304 | 223 |
| 305 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ | 224 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_TYPED_UNITTEST_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2126803004:
WIP: NSS trust store integration for path builder. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert-command-line-path-builder-add_certpathbuilder