| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_CERT_INTERNAL_CERT_ISSUER_SOURCE_SYNC_UNITTEST_H_ |
| 6 #define NET_CERT_INTERNAL_CERT_ISSUER_SOURCE_SYNC_UNITTEST_H_ |
| 7 |
| 8 #include "net/cert/internal/cert_errors.h" |
| 9 #include "net/cert/internal/cert_issuer_source.h" |
| 10 #include "net/cert/internal/test_helpers.h" |
| 11 #include "testing/gtest/include/gtest/gtest.h" |
| 12 |
| 13 namespace net { |
| 14 |
| 15 namespace { |
| 16 |
| 17 ::testing::AssertionResult ReadTestPem(const std::string& file_name, |
| 18 const std::string& block_name, |
| 19 std::string* result) { |
| 20 const PemBlockMapping mappings[] = { |
| 21 {block_name.c_str(), result}, |
| 22 }; |
| 23 |
| 24 return ReadTestDataFromPemFile(file_name, mappings); |
| 25 } |
| 26 |
| 27 ::testing::AssertionResult ReadTestCert( |
| 28 const std::string& file_name, |
| 29 scoped_refptr<ParsedCertificate>* result) { |
| 30 std::string der; |
| 31 ::testing::AssertionResult r = |
| 32 ReadTestPem("net/data/cert_issuer_source_static_unittest/" + file_name, |
| 33 "CERTIFICATE", &der); |
| 34 if (!r) |
| 35 return r; |
| 36 CertErrors errors; |
| 37 *result = ParsedCertificate::Create(der, {}, &errors); |
| 38 if (!*result) { |
| 39 return ::testing::AssertionFailure() |
| 40 << "ParsedCertificate::Create() failed:\n" |
| 41 << errors.ToDebugString(); |
| 42 } |
| 43 return ::testing::AssertionSuccess(); |
| 44 } |
| 45 |
| 46 } // namespace |
| 47 |
| 48 template <typename TestDelegate> |
| 49 class CertIssuerSourceSyncTest : public ::testing::Test { |
| 50 public: |
| 51 void SetUp() override { |
| 52 ASSERT_TRUE(ReadTestCert("root.pem", &root_)); |
| 53 ASSERT_TRUE(ReadTestCert("i1_1.pem", &i1_1_)); |
| 54 ASSERT_TRUE(ReadTestCert("i1_2.pem", &i1_2_)); |
| 55 ASSERT_TRUE(ReadTestCert("i2.pem", &i2_)); |
| 56 ASSERT_TRUE(ReadTestCert("i3_1.pem", &i3_1_)); |
| 57 ASSERT_TRUE(ReadTestCert("i3_2.pem", &i3_2_)); |
| 58 ASSERT_TRUE(ReadTestCert("c1.pem", &c1_)); |
| 59 ASSERT_TRUE(ReadTestCert("c2.pem", &c2_)); |
| 60 ASSERT_TRUE(ReadTestCert("d.pem", &d_)); |
| 61 ASSERT_TRUE(ReadTestCert("e1.pem", &e1_)); |
| 62 ASSERT_TRUE(ReadTestCert("e2.pem", &e2_)); |
| 63 } |
| 64 |
| 65 void AddCert(scoped_refptr<ParsedCertificate> cert) { |
| 66 delegate_.AddCert(std::move(cert)); |
| 67 } |
| 68 |
| 69 void AddAllCerts() { |
| 70 AddCert(root_); |
| 71 AddCert(i1_1_); |
| 72 AddCert(i1_2_); |
| 73 AddCert(i2_); |
| 74 AddCert(i3_1_); |
| 75 AddCert(i3_2_); |
| 76 AddCert(c1_); |
| 77 AddCert(c2_); |
| 78 AddCert(d_); |
| 79 AddCert(e1_); |
| 80 AddCert(e2_); |
| 81 } |
| 82 |
| 83 CertIssuerSource& source() { return delegate_.source(); } |
| 84 |
| 85 protected: |
| 86 bool IssuersMatch(scoped_refptr<ParsedCertificate> cert, |
| 87 ParsedCertificateList expected_matches) { |
| 88 ParsedCertificateList matches; |
| 89 source().SyncGetIssuersOf(cert.get(), &matches); |
| 90 |
| 91 std::vector<der::Input> der_result_matches; |
| 92 for (const auto& it : matches) |
| 93 der_result_matches.push_back(it->der_cert()); |
| 94 std::sort(der_result_matches.begin(), der_result_matches.end()); |
| 95 |
| 96 std::vector<der::Input> der_expected_matches; |
| 97 for (const auto& it : expected_matches) |
| 98 der_expected_matches.push_back(it->der_cert()); |
| 99 std::sort(der_expected_matches.begin(), der_expected_matches.end()); |
| 100 |
| 101 if (der_expected_matches == der_result_matches) |
| 102 return true; |
| 103 |
| 104 // Print some extra information for debugging. |
| 105 EXPECT_EQ(der_expected_matches, der_result_matches); |
| 106 return false; |
| 107 } |
| 108 |
| 109 TestDelegate delegate_; |
| 110 scoped_refptr<ParsedCertificate> root_; |
| 111 scoped_refptr<ParsedCertificate> i1_1_; |
| 112 scoped_refptr<ParsedCertificate> i1_2_; |
| 113 scoped_refptr<ParsedCertificate> i2_; |
| 114 scoped_refptr<ParsedCertificate> i3_1_; |
| 115 scoped_refptr<ParsedCertificate> i3_2_; |
| 116 scoped_refptr<ParsedCertificate> c1_; |
| 117 scoped_refptr<ParsedCertificate> c2_; |
| 118 scoped_refptr<ParsedCertificate> d_; |
| 119 scoped_refptr<ParsedCertificate> e1_; |
| 120 scoped_refptr<ParsedCertificate> e2_; |
| 121 }; |
| 122 |
| 123 TYPED_TEST_CASE_P(CertIssuerSourceSyncTest); |
| 124 |
| 125 TYPED_TEST_P(CertIssuerSourceSyncTest, NoMatch) { |
| 126 this->AddCert(this->root_); |
| 127 |
| 128 EXPECT_TRUE(this->IssuersMatch(this->c1_, ParsedCertificateList())); |
| 129 } |
| 130 |
| 131 TYPED_TEST_P(CertIssuerSourceSyncTest, OneMatch) { |
| 132 this->AddAllCerts(); |
| 133 |
| 134 EXPECT_TRUE(this->IssuersMatch(this->i1_1_, {this->root_})); |
| 135 EXPECT_TRUE(this->IssuersMatch(this->d_, {this->i2_})); |
| 136 } |
| 137 |
| 138 TYPED_TEST_P(CertIssuerSourceSyncTest, MultipleMatches) { |
| 139 this->AddAllCerts(); |
| 140 |
| 141 EXPECT_TRUE(this->IssuersMatch(this->e1_, {this->i3_1_, this->i3_2_})); |
| 142 EXPECT_TRUE(this->IssuersMatch(this->e2_, {this->i3_1_, this->i3_2_})); |
| 143 } |
| 144 |
| 145 // Searching for the issuer of a self-issued cert returns the same cert if it |
| 146 // happens to be in the CertIssuerSourceStatic. |
| 147 // Conceptually this makes sense, though probably not very useful in practice. |
| 148 // Doesn't hurt anything though. |
| 149 TYPED_TEST_P(CertIssuerSourceSyncTest, SelfIssued) { |
| 150 this->AddAllCerts(); |
| 151 |
| 152 EXPECT_TRUE(this->IssuersMatch(this->root_, {this->root_})); |
| 153 } |
| 154 |
| 155 // CertIssuerSourceStatic never returns results asynchronously. |
| 156 TYPED_TEST_P(CertIssuerSourceSyncTest, IsNotAsync) { |
| 157 this->AddCert(this->i1_1_); |
| 158 std::unique_ptr<CertIssuerSource::Request> request; |
| 159 this->source().AsyncGetIssuersOf(this->c1_.get(), &request); |
| 160 EXPECT_EQ(nullptr, request); |
| 161 } |
| 162 |
| 163 // These are all the tests that should have the same result with or without |
| 164 // normalization. |
| 165 REGISTER_TYPED_TEST_CASE_P(CertIssuerSourceSyncTest, |
| 166 NoMatch, |
| 167 OneMatch, |
| 168 MultipleMatches, |
| 169 SelfIssued, |
| 170 IsNotAsync); |
| 171 |
| 172 template <typename TestDelegate> |
| 173 class CertIssuerSourceSyncNormalizationTest |
| 174 : public CertIssuerSourceSyncTest<TestDelegate> {}; |
| 175 TYPED_TEST_CASE_P(CertIssuerSourceSyncNormalizationTest); |
| 176 |
| 177 TYPED_TEST_P(CertIssuerSourceSyncNormalizationTest, |
| 178 MultipleMatchesAfterNormalization) { |
| 179 this->AddAllCerts(); |
| 180 |
| 181 EXPECT_TRUE(this->IssuersMatch(this->c1_, {this->i1_1_, this->i1_2_})); |
| 182 EXPECT_TRUE(this->IssuersMatch(this->c2_, {this->i1_1_, this->i1_2_})); |
| 183 } |
| 184 |
| 185 // These tests require (utf8) normalization. |
| 186 REGISTER_TYPED_TEST_CASE_P(CertIssuerSourceSyncNormalizationTest, |
| 187 MultipleMatchesAfterNormalization); |
| 188 |
| 189 template <typename TestDelegate> |
| 190 class CertIssuerSourceSyncNotNormalizedTest |
| 191 : public CertIssuerSourceSyncTest<TestDelegate> {}; |
| 192 TYPED_TEST_CASE_P(CertIssuerSourceSyncNotNormalizedTest); |
| 193 |
| 194 TYPED_TEST_P(CertIssuerSourceSyncNotNormalizedTest, |
| 195 OneMatchWithoutNormalization) { |
| 196 this->AddAllCerts(); |
| 197 |
| 198 // Without normalization c1 and c2 should at least be able to find their |
| 199 // exact matching issuer. (c1 should match i1_1, and c2 should match i1_2.) |
| 200 EXPECT_TRUE(this->IssuersMatch(this->c1_, {this->i1_1_})); |
| 201 EXPECT_TRUE(this->IssuersMatch(this->c2_, {this->i1_2_})); |
| 202 } |
| 203 |
| 204 // These tests are for implementations which do not do utf8 normalization. |
| 205 REGISTER_TYPED_TEST_CASE_P(CertIssuerSourceSyncNotNormalizedTest, |
| 206 OneMatchWithoutNormalization); |
| 207 |
| 208 } // namespace net |
| 209 |
| 210 #endif // NET_CERT_INTERNAL_CERT_ISSUER_SOURCE_SYNC_UNITTEST_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2535733003:
pki library: Add CertIssuerSourceNSS that retrieves intermediate certs from NSS. (Closed)
