Chromium Code Reviews Chromium Code Reviews
Issue 2337373003:
Add error details to ParseCertificate test data. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/parse_certificate.h" | 5 #include "net/cert/internal/parse_certificate.h" |
| 6 | 6 |
| 7 #include "base/strings/stringprintf.h" | 7 #include "base/strings/stringprintf.h" |
| 8 #include "net/cert/internal/cert_errors.h" | 8 #include "net/cert/internal/cert_errors.h" |
| 9 #include "net/cert/internal/test_helpers.h" | 9 #include "net/cert/internal/test_helpers.h" |
| 10 #include "net/der/input.h" | 10 #include "net/der/input.h" |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 21 return base::StringPrintf( | 21 return base::StringPrintf( |
| 22 "year=%d, month=%d, day=%d, hours=%d, minutes=%d, seconds=%d", time.year, | 22 "year=%d, month=%d, day=%d, hours=%d, minutes=%d, seconds=%d", time.year, |
| 23 time.month, time.day, time.hours, time.minutes, time.seconds); | 23 time.month, time.day, time.hours, time.minutes, time.seconds); |
| 24 } | 24 } |
| 25 | 25 |
| 26 std::string GetFilePath(const std::string& file_name) { | 26 std::string GetFilePath(const std::string& file_name) { |
| 27 return std::string("net/data/parse_certificate_unittest/") + file_name; | 27 return std::string("net/data/parse_certificate_unittest/") + file_name; |
| 28 } | 28 } |
| 29 | 29 |
| 30 // Loads certificate data and expectations from the PEM file |file_name|. | 30 // Loads certificate data and expectations from the PEM file |file_name|. |
| 31 // Verifies that parsing the Certificate succeeds, and each parsed field matches | 31 // Verifies that parsing the Certificate matches expectations: |
| 32 // the expectations. | 32 // * If expected to fail, emits the expected errors |
| 33 void EnsureParsingCertificateSucceeds(const std::string& file_name) { | 33 // * If expected to succeeds, the parsed fields match expectations |
| 34 void RunCertificateTest(const std::string& file_name) { | |
| 34 std::string data; | 35 std::string data; |
| 35 std::string expected_tbs_certificate; | 36 std::string expected_tbs_certificate; |
| 36 std::string expected_signature_algorithm; | 37 std::string expected_signature_algorithm; |
| 37 std::string expected_signature; | 38 std::string expected_signature; |
| 39 std::string expected_errors; | |
|
mattm
2016/09/15 01:49:07
nit, but order these the same as in mappings?
eroman
2016/09/16 01:24:56
Done.
| |
| 38 | 40 |
| 39 // Read the certificate data and test expectations from a single PEM file. | 41 // Read the certificate data and test expectations from a single PEM file. |
| 40 const PemBlockMapping mappings[] = { | 42 const PemBlockMapping mappings[] = { |
| 41 {"CERTIFICATE", &data}, | 43 {"CERTIFICATE", &data}, |
| 42 {"SIGNATURE", &expected_signature}, | 44 {"ERRORS", &expected_errors, true}, |
|
mattm
2016/09/15 01:49:07
Add /* optional */ comment to these trues
eroman
2016/09/16 01:24:56
Done.
| |
| 43 {"SIGNATURE ALGORITHM", &expected_signature_algorithm}, | 45 {"SIGNATURE", &expected_signature, true}, |
| 44 {"TBS CERTIFICATE", &expected_tbs_certificate}, | 46 {"SIGNATURE ALGORITHM", &expected_signature_algorithm, true}, |
| 47 {"TBS CERTIFICATE", &expected_tbs_certificate, true}, | |
| 45 }; | 48 }; |
| 46 ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings)); | 49 std::string test_file_path = GetFilePath(file_name); |
| 50 ASSERT_TRUE(ReadTestDataFromPemFile(test_file_path, mappings)); | |
| 47 | 51 |
| 48 // Parsing the certificate should succeed. | 52 // Note that empty expected_errors doesn't necessarily mean success. |
| 49 der::Input tbs_certificate_tlv; | 53 bool expected_result = !expected_tbs_certificate.empty(); |
| 50 der::Input signature_algorithm_tlv; | |
| 51 der::BitString signature_value; | |
| 52 ASSERT_TRUE(ParseCertificate(der::Input(&data), &tbs_certificate_tlv, | |
| 53 &signature_algorithm_tlv, &signature_value, | |
| 54 nullptr)); | |
| 55 | 54 |
| 56 // Ensure that the parsed certificate matches expectations. | 55 // Parsing the certificate. |
| 57 EXPECT_EQ(0, signature_value.unused_bits()); | |
| 58 EXPECT_EQ(der::Input(&expected_signature), signature_value.bytes()); | |
| 59 EXPECT_EQ(der::Input(&expected_signature_algorithm), signature_algorithm_tlv); | |
| 60 EXPECT_EQ(der::Input(&expected_tbs_certificate), tbs_certificate_tlv); | |
| 61 } | |
| 62 | |
| 63 // Loads certificate data from the PEM file |file_name| and verifies that the | |
| 64 // Certificate parsing fails. | |
| 65 void EnsureParsingCertificateFails(const std::string& file_name) { | |
| 66 std::string data; | |
| 67 | |
| 68 const PemBlockMapping mappings[] = { | |
| 69 {"CERTIFICATE", &data}, | |
| 70 }; | |
| 71 | |
| 72 ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings)); | |
| 73 | |
| 74 // Parsing the Certificate should fail. | |
| 75 der::Input tbs_certificate_tlv; | 56 der::Input tbs_certificate_tlv; |
| 76 der::Input signature_algorithm_tlv; | 57 der::Input signature_algorithm_tlv; |
| 77 der::BitString signature_value; | 58 der::BitString signature_value; |
| 78 CertErrors errors; | 59 CertErrors errors; |
| 79 ASSERT_FALSE(ParseCertificate(der::Input(&data), &tbs_certificate_tlv, | 60 bool actual_result = |
| 80 &signature_algorithm_tlv, &signature_value, | 61 ParseCertificate(der::Input(&data), &tbs_certificate_tlv, |
| 81 &errors)); | 62 &signature_algorithm_tlv, &signature_value, &errors); |
| 82 // TODO(crbug.com/634443): Verify |errors| to make sure it failed for the | 63 |
| 83 // expected reason. | 64 EXPECT_EQ(expected_result, actual_result); |
| 65 EXPECT_EQ(expected_errors, errors.ToDebugString()) << "Test file: " | |
| 66 << test_file_path; | |
| 67 | |
| 68 // Ensure that the parsed certificate matches expectations. | |
| 69 if (expected_result && actual_result) { | |
| 70 EXPECT_EQ(0, signature_value.unused_bits()); | |
| 71 EXPECT_EQ(der::Input(&expected_signature), signature_value.bytes()); | |
| 72 EXPECT_EQ(der::Input(&expected_signature_algorithm), | |
| 73 signature_algorithm_tlv); | |
| 74 EXPECT_EQ(der::Input(&expected_tbs_certificate), tbs_certificate_tlv); | |
| 75 } | |
| 84 } | 76 } |
| 85 | 77 |
| 86 // Tests parsing a Certificate. | 78 // Tests parsing a Certificate. |
| 87 TEST(ParseCertificateTest, Version3) { | 79 TEST(ParseCertificateTest, Version3) { |
| 88 EnsureParsingCertificateSucceeds("cert_version3.pem"); | 80 RunCertificateTest("cert_version3.pem"); |
| 89 } | 81 } |
| 90 | 82 |
| 91 // Tests parsing a simplified Certificate-like structure (the sub-fields for | 83 // Tests parsing a simplified Certificate-like structure (the sub-fields for |
| 92 // algorithm and tbsCertificate are not actually valid, but ParseCertificate() | 84 // algorithm and tbsCertificate are not actually valid, but ParseCertificate() |
| 93 // doesn't check them) | 85 // doesn't check them) |
| 94 TEST(ParseCertificateTest, Skeleton) { | 86 TEST(ParseCertificateTest, Skeleton) { |
| 95 EnsureParsingCertificateSucceeds("cert_skeleton.pem"); | 87 RunCertificateTest("cert_skeleton.pem"); |
| 96 } | 88 } |
| 97 | 89 |
| 98 // Tests parsing a Certificate that is not a sequence fails. | 90 // Tests parsing a Certificate that is not a sequence fails. |
| 99 TEST(ParseCertificateTest, NotSequence) { | 91 TEST(ParseCertificateTest, NotSequence) { |
| 100 EnsureParsingCertificateFails("cert_not_sequence.pem"); | 92 RunCertificateTest("cert_not_sequence.pem"); |
| 101 } | 93 } |
| 102 | 94 |
| 103 // Tests that uncomsumed data is not allowed after the main SEQUENCE. | 95 // Tests that uncomsumed data is not allowed after the main SEQUENCE. |
| 104 TEST(ParseCertificateTest, DataAfterSignature) { | 96 TEST(ParseCertificateTest, DataAfterSignature) { |
| 105 EnsureParsingCertificateFails("cert_data_after_signature.pem"); | 97 RunCertificateTest("cert_data_after_signature.pem"); |
| 106 } | 98 } |
| 107 | 99 |
| 108 // Tests that parsing fails if the signature BIT STRING is missing. | 100 // Tests that parsing fails if the signature BIT STRING is missing. |
| 109 TEST(ParseCertificateTest, MissingSignature) { | 101 TEST(ParseCertificateTest, MissingSignature) { |
| 110 EnsureParsingCertificateFails("cert_missing_signature.pem"); | 102 RunCertificateTest("cert_missing_signature.pem"); |
| 111 } | 103 } |
| 112 | 104 |
| 113 // Tests that parsing fails if the signature is present but not a BIT STRING. | 105 // Tests that parsing fails if the signature is present but not a BIT STRING. |
| 114 TEST(ParseCertificateTest, SignatureNotBitString) { | 106 TEST(ParseCertificateTest, SignatureNotBitString) { |
| 115 EnsureParsingCertificateFails("cert_signature_not_bit_string.pem"); | 107 RunCertificateTest("cert_signature_not_bit_string.pem"); |
| 116 } | 108 } |
| 117 | 109 |
| 118 // Tests that parsing fails if the main SEQUENCE is empty (missing all the | 110 // Tests that parsing fails if the main SEQUENCE is empty (missing all the |
| 119 // fields). | 111 // fields). |
| 120 TEST(ParseCertificateTest, EmptySequence) { | 112 TEST(ParseCertificateTest, EmptySequence) { |
| 121 EnsureParsingCertificateFails("cert_empty_sequence.pem"); | 113 RunCertificateTest("cert_empty_sequence.pem"); |
| 122 } | 114 } |
| 123 | 115 |
| 124 // Tests what happens when the signature algorithm is present, but has the wrong | 116 // Tests what happens when the signature algorithm is present, but has the wrong |
| 125 // tag. | 117 // tag. |
| 126 TEST(ParseCertificateTest, AlgorithmNotSequence) { | 118 TEST(ParseCertificateTest, AlgorithmNotSequence) { |
| 127 EnsureParsingCertificateFails("cert_algorithm_not_sequence.pem"); | 119 RunCertificateTest("cert_algorithm_not_sequence.pem"); |
| 128 } | 120 } |
| 129 | 121 |
| 130 // Loads tbsCertificate data and expectations from the PEM file |file_name|. | 122 // Loads tbsCertificate data and expectations from the PEM file |file_name|. |
| 131 // Verifies that parsing the TBSCertificate succeeds, and each parsed field | 123 // Verifies that parsing the TBSCertificate succeeds, and each parsed field |
| 132 // matches the expectations. | 124 // matches the expectations. |
| 133 void EnsureParsingTbsSucceeds(const std::string& file_name, | 125 void EnsureParsingTbsSucceeds(const std::string& file_name, |
| 134 CertificateVersion expected_version) { | 126 CertificateVersion expected_version) { |
| 135 std::string data; | 127 std::string data; |
| 136 std::string expected_serial_number; | 128 std::string expected_serial_number; |
| 137 std::string expected_signature_algorithm; | 129 std::string expected_signature_algorithm; |
| (...skipping 654 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 792 0x00, // Number of unused bits | 784 0x00, // Number of unused bits |
| 793 }; | 785 }; |
| 794 | 786 |
| 795 der::BitString key_usage; | 787 der::BitString key_usage; |
| 796 ASSERT_FALSE(ParseKeyUsage(der::Input(der), &key_usage)); | 788 ASSERT_FALSE(ParseKeyUsage(der::Input(der), &key_usage)); |
| 797 } | 789 } |
| 798 | 790 |
| 799 } // namespace | 791 } // namespace |
| 800 | 792 |
| 801 } // namespace net | 793 } // namespace net |
| OLD | NEW |
