Chromium Code Reviews Chromium Code Reviews
Issue 2359003003:
Convert tests that parse a BasicConstraints value to instead (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/parse_certificate.h" | 5 #include "net/cert/internal/parse_certificate.h" |
| 6 | 6 |
| 7 #include "base/strings/stringprintf.h" | 7 #include "base/strings/stringprintf.h" |
| 8 #include "net/cert/internal/cert_errors.h" | 8 #include "net/cert/internal/cert_errors.h" |
| 9 // TODO(eroman): These tests should be moved into | |
| 10 // parsed_certificate_unittest.cc; this include dependency should | |
| 11 // go. | |
| 12 #include "net/cert/internal/parsed_certificate.h" | |
| 9 #include "net/cert/internal/test_helpers.h" | 13 #include "net/cert/internal/test_helpers.h" |
| 10 #include "net/der/input.h" | 14 #include "net/der/input.h" |
| 11 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
| 12 | 16 |
| 13 namespace net { | 17 namespace net { |
| 14 | 18 |
| 15 namespace { | 19 namespace { |
| 16 | 20 |
| 17 // Pretty-prints a GeneralizedTime as a human-readable string for use in test | 21 // Pretty-prints a GeneralizedTime as a human-readable string for use in test |
| 18 // expectations (it is more readable to specify the expected results as a | 22 // expectations (it is more readable to specify the expected results as a |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 68 // Ensure that the parsed certificate matches expectations. | 72 // Ensure that the parsed certificate matches expectations. |
| 69 if (expected_result && actual_result) { | 73 if (expected_result && actual_result) { |
| 70 EXPECT_EQ(0, signature_value.unused_bits()); | 74 EXPECT_EQ(0, signature_value.unused_bits()); |
| 71 EXPECT_EQ(der::Input(&expected_signature), signature_value.bytes()); | 75 EXPECT_EQ(der::Input(&expected_signature), signature_value.bytes()); |
| 72 EXPECT_EQ(der::Input(&expected_signature_algorithm), | 76 EXPECT_EQ(der::Input(&expected_signature_algorithm), |
| 73 signature_algorithm_tlv); | 77 signature_algorithm_tlv); |
| 74 EXPECT_EQ(der::Input(&expected_tbs_certificate), tbs_certificate_tlv); | 78 EXPECT_EQ(der::Input(&expected_tbs_certificate), tbs_certificate_tlv); |
| 75 } | 79 } |
| 76 } | 80 } |
| 77 | 81 |
| 82 // Reads and parses a certificate from the PEM file |file_name|. | |
| 83 // | |
| 84 // Returns nullptr if the certificate parsing failed, and verifies that any | |
| 85 // errors match the ERRORS block in the .pem file. | |
| 86 scoped_refptr<ParsedCertificate> ParseCertificateFromFile( | |
| 87 const std::string& file_name) { | |
| 88 std::string data; | |
| 89 std::string expected_errors; | |
| 90 | |
| 91 // Read the certificate data and error expectations from a single PEM file. | |
| 92 const PemBlockMapping mappings[] = { | |
| 93 {"CERTIFICATE", &data}, {"ERRORS", &expected_errors, true /*optional*/}, | |
| 94 }; | |
| 95 std::string test_file_path = GetFilePath(file_name); | |
| 96 EXPECT_TRUE(ReadTestDataFromPemFile(test_file_path, mappings)); | |
| 97 | |
| 98 CertErrors errors; | |
| 99 scoped_refptr<ParsedCertificate> cert = | |
| 100 ParsedCertificate::Create(data, {}, &errors); | |
| 101 | |
| 102 EXPECT_EQ(expected_errors, errors.ToDebugString()) << "Test file: " | |
| 103 << test_file_path; | |
| 104 | |
| 105 // TODO(crbug.com/634443): Every parse failue being tested should emit error | |
|
mattm
2016/09/22 22:30:57
failure
eroman
2016/09/22 22:45:16
Done.
| |
| 106 // information. | |
| 107 // if (!cert) | |
| 108 // EXPECT_FALSE(errors.empty()); | |
| 109 | |
| 110 return cert; | |
| 111 } | |
| 112 | |
| 78 // Tests parsing a Certificate. | 113 // Tests parsing a Certificate. |
| 79 TEST(ParseCertificateTest, Version3) { | 114 TEST(ParseCertificateTest, Version3) { |
| 80 RunCertificateTest("cert_version3.pem"); | 115 RunCertificateTest("cert_version3.pem"); |
| 81 } | 116 } |
| 82 | 117 |
| 83 // Tests parsing a simplified Certificate-like structure (the sub-fields for | 118 // Tests parsing a simplified Certificate-like structure (the sub-fields for |
| 84 // algorithm and tbsCertificate are not actually valid, but ParseCertificate() | 119 // algorithm and tbsCertificate are not actually valid, but ParseCertificate() |
| 85 // doesn't check them) | 120 // doesn't check them) |
| 86 TEST(ParseCertificateTest, Skeleton) { | 121 TEST(ParseCertificateTest, Skeleton) { |
| 87 RunCertificateTest("cert_skeleton.pem"); | 122 RunCertificateTest("cert_skeleton.pem"); |
| (...skipping 487 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 575 EXPECT_EQ(8u, iter->second.value.Length()); | 610 EXPECT_EQ(8u, iter->second.value.Length()); |
| 576 | 611 |
| 577 iter = extensions.find(CertificatePoliciesOid()); | 612 iter = extensions.find(CertificatePoliciesOid()); |
| 578 ASSERT_TRUE(iter != extensions.end()); | 613 ASSERT_TRUE(iter != extensions.end()); |
| 579 EXPECT_FALSE(iter->second.critical); | 614 EXPECT_FALSE(iter->second.critical); |
| 580 EXPECT_EQ(16u, iter->second.value.Length()); | 615 EXPECT_EQ(16u, iter->second.value.Length()); |
| 581 | 616 |
| 582 // TODO(eroman): Verify the other 4 extensions' values. | 617 // TODO(eroman): Verify the other 4 extensions' values. |
| 583 } | 618 } |
| 584 | 619 |
| 585 // Reads a PEM file containing a block "BASIC CONSTRAINTS". This input will | 620 // Parses a BasicConstraints with no CA or pathlen. |
| 586 // be passed to ParseExtension, and the results filled in |out|. | 621 TEST(ParseCertificateTest, BasicConstraintsNotCa) { |
| 587 bool ParseBasicConstraintsFromFile(const std::string& file_name, | 622 scoped_refptr<ParsedCertificate> cert = |
| 588 ParsedBasicConstraints* out) { | 623 ParseCertificateFromFile("basic_constraints_not_ca.pem"); |
| 589 std::string data; | 624 ASSERT_TRUE(cert); |
| 590 const PemBlockMapping mappings[] = { | |
| 591 {"BASIC CONSTRAINTS", &data}, | |
| 592 }; | |
| 593 | 625 |
| 594 EXPECT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings)); | 626 EXPECT_TRUE(cert->has_basic_constraints()); |
| 595 return ParseBasicConstraints(der::Input(&data), out); | 627 EXPECT_FALSE(cert->basic_constraints().is_ca); |
| 596 } | 628 EXPECT_FALSE(cert->basic_constraints().has_path_len); |
| 597 | |
| 598 // Parses a BasicConstraints with no CA or pathlen. | |
| 599 TEST(ParseBasicConstraintsTest, NotCa) { | |
| 600 ParsedBasicConstraints constraints; | |
| 601 ASSERT_TRUE(ParseBasicConstraintsFromFile("basic_constraints_not_ca.pem", | |
| 602 &constraints)); | |
| 603 EXPECT_FALSE(constraints.is_ca); | |
| 604 EXPECT_FALSE(constraints.has_path_len); | |
| 605 } | 629 } |
| 606 | 630 |
| 607 // Parses a BasicConstraints with CA but no pathlen. | 631 // Parses a BasicConstraints with CA but no pathlen. |
| 608 TEST(ParseBasicConstraintsTest, CaNoPath) { | 632 TEST(ParseCertificateTest, BasicConstraintsCaNoPath) { |
| 609 ParsedBasicConstraints constraints; | 633 scoped_refptr<ParsedCertificate> cert = |
| 610 ASSERT_TRUE(ParseBasicConstraintsFromFile("basic_constraints_ca_no_path.pem", | 634 ParseCertificateFromFile("basic_constraints_ca_no_path.pem"); |
| 611 &constraints)); | 635 ASSERT_TRUE(cert); |
| 612 EXPECT_TRUE(constraints.is_ca); | 636 |
| 613 EXPECT_FALSE(constraints.has_path_len); | 637 EXPECT_TRUE(cert->has_basic_constraints()); |
| 638 EXPECT_TRUE(cert->basic_constraints().is_ca); | |
| 639 EXPECT_FALSE(cert->basic_constraints().has_path_len); | |
| 614 } | 640 } |
| 615 | 641 |
| 616 // Parses a BasicConstraints with CA and pathlen of 9. | 642 // Parses a BasicConstraints with CA and pathlen of 9. |
| 617 TEST(ParseBasicConstraintsTest, CaPath9) { | 643 TEST(ParseCertificateTest, BasicConstraintsCaPath9) { |
| 618 ParsedBasicConstraints constraints; | 644 scoped_refptr<ParsedCertificate> cert = |
| 619 ASSERT_TRUE(ParseBasicConstraintsFromFile("basic_constraints_ca_path_9.pem", | 645 ParseCertificateFromFile("basic_constraints_ca_path_9.pem"); |
| 620 &constraints)); | 646 ASSERT_TRUE(cert); |
| 621 EXPECT_TRUE(constraints.is_ca); | 647 |
| 622 EXPECT_TRUE(constraints.has_path_len); | 648 EXPECT_TRUE(cert->has_basic_constraints()); |
| 623 EXPECT_EQ(9u, constraints.path_len); | 649 EXPECT_TRUE(cert->basic_constraints().is_ca); |
| 650 EXPECT_TRUE(cert->basic_constraints().has_path_len); | |
| 651 EXPECT_EQ(9u, cert->basic_constraints().path_len); | |
| 624 } | 652 } |
| 625 | 653 |
| 626 // Parses a BasicConstraints with CA and pathlen of 255 (largest allowed size). | 654 // Parses a BasicConstraints with CA and pathlen of 255 (largest allowed size). |
| 627 TEST(ParseBasicConstraintsTest, Pathlen255) { | 655 TEST(ParseCertificateTest, BasicConstraintsPathlen255) { |
| 628 ParsedBasicConstraints constraints; | 656 scoped_refptr<ParsedCertificate> cert = |
| 629 ASSERT_TRUE(ParseBasicConstraintsFromFile("basic_constraints_pathlen_255.pem", | 657 ParseCertificateFromFile("basic_constraints_pathlen_255.pem"); |
| 630 &constraints)); | 658 ASSERT_TRUE(cert); |
| 631 EXPECT_TRUE(constraints.is_ca); | 659 |
| 632 EXPECT_TRUE(constraints.has_path_len); | 660 EXPECT_TRUE(cert->has_basic_constraints()); |
| 633 EXPECT_EQ(255, constraints.path_len); | 661 EXPECT_TRUE(cert->basic_constraints().is_ca); |
| 662 EXPECT_TRUE(cert->basic_constraints().has_path_len); | |
| 663 EXPECT_EQ(255, cert->basic_constraints().path_len); | |
| 634 } | 664 } |
| 635 | 665 |
| 636 // Parses a BasicConstraints with CA and pathlen of 256 (too large). | 666 // Parses a BasicConstraints with CA and pathlen of 256 (too large). |
| 637 TEST(ParseBasicConstraintsTest, Pathlen256) { | 667 TEST(ParseCertificateTest, BasicConstraintsPathlen256) { |
| 638 ParsedBasicConstraints constraints; | 668 ASSERT_FALSE(ParseCertificateFromFile("basic_constraints_pathlen_256.pem")); |
| 639 ASSERT_FALSE(ParseBasicConstraintsFromFile( | |
| 640 "basic_constraints_pathlen_256.pem", &constraints)); | |
| 641 } | 669 } |
| 642 | 670 |
| 643 // Parses a BasicConstraints with CA and a negative pathlen. | 671 // Parses a BasicConstraints with CA and a negative pathlen. |
| 644 TEST(ParseBasicConstraintsTest, NegativePath) { | 672 TEST(ParseCertificateTest, BasicConstraintsNegativePath) { |
| 645 ParsedBasicConstraints constraints; | 673 ASSERT_FALSE(ParseCertificateFromFile("basic_constraints_negative_path.pem")); |
| 646 ASSERT_FALSE(ParseBasicConstraintsFromFile( | |
| 647 "basic_constraints_negative_path.pem", &constraints)); | |
| 648 } | 674 } |
| 649 | 675 |
| 650 // Parses a BasicConstraints with CA and pathlen that is very large (and | 676 // Parses a BasicConstraints with CA and pathlen that is very large (and |
| 651 // couldn't fit in a 64-bit integer). | 677 // couldn't fit in a 64-bit integer). |
| 652 TEST(ParseBasicConstraintsTest, PathTooLarge) { | 678 TEST(ParseCertificateTest, BasicConstraintsPathTooLarge) { |
| 653 ParsedBasicConstraints constraints; | 679 ASSERT_FALSE( |
| 654 ASSERT_FALSE(ParseBasicConstraintsFromFile( | 680 ParseCertificateFromFile("basic_constraints_path_too_large.pem")); |
| 655 "basic_constraints_path_too_large.pem", &constraints)); | |
| 656 } | 681 } |
| 657 | 682 |
| 658 // Parses a BasicConstraints with CA explicitly set to false. This violates | 683 // Parses a BasicConstraints with CA explicitly set to false. This violates |
| 659 // DER-encoding rules, however is commonly used, so it is accepted. | 684 // DER-encoding rules, however is commonly used, so it is accepted. |
| 660 TEST(ParseBasicConstraintsTest, CaFalse) { | 685 TEST(ParseCertificateTest, BasicConstraintsCaFalse) { |
| 661 ParsedBasicConstraints constraints; | 686 scoped_refptr<ParsedCertificate> cert = |
| 662 ASSERT_TRUE(ParseBasicConstraintsFromFile("basic_constraints_ca_false.pem", | 687 ParseCertificateFromFile("basic_constraints_ca_false.pem"); |
| 663 &constraints)); | 688 ASSERT_TRUE(cert); |
| 664 EXPECT_FALSE(constraints.is_ca); | 689 |
| 665 EXPECT_FALSE(constraints.has_path_len); | 690 EXPECT_TRUE(cert->has_basic_constraints()); |
| 691 EXPECT_FALSE(cert->basic_constraints().is_ca); | |
| 692 EXPECT_FALSE(cert->basic_constraints().has_path_len); | |
| 666 } | 693 } |
| 667 | 694 |
| 668 // Parses a BasicConstraints with CA set to true and an unexpected NULL at | 695 // Parses a BasicConstraints with CA set to true and an unexpected NULL at |
| 669 // the end. | 696 // the end. |
| 670 TEST(ParseBasicConstraintsTest, UnconsumedData) { | 697 TEST(ParseCertificateTest, BasicConstraintsUnconsumedData) { |
| 671 ParsedBasicConstraints constraints; | 698 ASSERT_FALSE( |
| 672 ASSERT_FALSE(ParseBasicConstraintsFromFile( | 699 ParseCertificateFromFile("basic_constraints_unconsumed_data.pem")); |
| 673 "basic_constraints_unconsumed_data.pem", &constraints)); | |
| 674 } | 700 } |
| 675 | 701 |
| 676 // Parses a BasicConstraints with CA omitted (false), but with a pathlen of 1. | 702 // Parses a BasicConstraints with CA omitted (false), but with a pathlen of 1. |
| 677 // This is valid DER for the ASN.1, however is not valid when interpreting the | 703 // This is valid DER for the ASN.1, however is not valid when interpreting the |
| 678 // BasicConstraints at a higher level. | 704 // BasicConstraints at a higher level. |
| 679 TEST(ParseBasicConstraintsTest, PathLenButNotCa) { | 705 TEST(ParseCertificateTest, BasicConstraintsPathLenButNotCa) { |
| 680 ParsedBasicConstraints constraints; | 706 scoped_refptr<ParsedCertificate> cert = |
| 681 ASSERT_TRUE(ParseBasicConstraintsFromFile( | 707 ParseCertificateFromFile("basic_constraints_pathlen_not_ca.pem"); |
| 682 "basic_constraints_pathlen_not_ca.pem", &constraints)); | 708 ASSERT_TRUE(cert); |
| 683 EXPECT_FALSE(constraints.is_ca); | 709 |
| 684 EXPECT_TRUE(constraints.has_path_len); | 710 EXPECT_TRUE(cert->has_basic_constraints()); |
| 685 EXPECT_EQ(1u, constraints.path_len); | 711 EXPECT_FALSE(cert->basic_constraints().is_ca); |
| 712 EXPECT_TRUE(cert->basic_constraints().has_path_len); | |
| 713 EXPECT_EQ(1u, cert->basic_constraints().path_len); | |
| 686 } | 714 } |
| 687 | 715 |
| 688 // Parses a KeyUsage with a single 0 bit. | 716 // Parses a KeyUsage with a single 0 bit. |
| 689 TEST(ParseKeyUsageTest, OneBitAllZeros) { | 717 TEST(ParseKeyUsageTest, OneBitAllZeros) { |
| 690 const uint8_t der[] = { | 718 const uint8_t der[] = { |
| 691 0x03, 0x02, // BIT STRING | 719 0x03, 0x02, // BIT STRING |
| 692 0x07, // Number of unused bits | 720 0x07, // Number of unused bits |
| 693 0x00, // bits | 721 0x00, // bits |
| 694 }; | 722 }; |
| 695 | 723 |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 784 0x00, // Number of unused bits | 812 0x00, // Number of unused bits |
| 785 }; | 813 }; |
| 786 | 814 |
| 787 der::BitString key_usage; | 815 der::BitString key_usage; |
| 788 ASSERT_FALSE(ParseKeyUsage(der::Input(der), &key_usage)); | 816 ASSERT_FALSE(ParseKeyUsage(der::Input(der), &key_usage)); |
| 789 } | 817 } |
| 790 | 818 |
| 791 } // namespace | 819 } // namespace |
| 792 | 820 |
| 793 } // namespace net | 821 } // namespace net |
| OLD | NEW |
