| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 | 10 |
| (...skipping 344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 355 ASSERT_TRUE(google_cert); | 355 ASSERT_TRUE(google_cert); |
| 356 | 356 |
| 357 static const uint8_t google_serial[16] = { | 357 static const uint8_t google_serial[16] = { |
| 358 0x01,0x2a,0x39,0x76,0x0d,0x3f,0x4f,0xc9, | 358 0x01,0x2a,0x39,0x76,0x0d,0x3f,0x4f,0xc9, |
| 359 0x0b,0xe7,0xbd,0x2b,0xcf,0x95,0x2e,0x7a, | 359 0x0b,0xe7,0xbd,0x2b,0xcf,0x95,0x2e,0x7a, |
| 360 }; | 360 }; |
| 361 | 361 |
| 362 ASSERT_EQ(sizeof(google_serial), google_cert->serial_number().size()); | 362 ASSERT_EQ(sizeof(google_serial), google_cert->serial_number().size()); |
| 363 EXPECT_TRUE(memcmp(google_cert->serial_number().data(), google_serial, | 363 EXPECT_TRUE(memcmp(google_cert->serial_number().data(), google_serial, |
| 364 sizeof(google_serial)) == 0); | 364 sizeof(google_serial)) == 0); |
| 365 } |
| 365 | 366 |
| 366 // TODO(mattm): Creating the X509Certificate fails on some platforms due to the | 367 TEST(X509CertificateTest, SerialNumberZeroPadded) { |
| 367 // null in the subject. Generate a new test cert specifically for this case | 368 base::FilePath certs_dir = |
| 368 // rather than reusing paypal_null_cert. | 369 GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); |
| 369 #if !defined(OS_WIN) && !BUILDFLAG(USE_BYTE_CERTS) | 370 scoped_refptr<X509Certificate> cert = |
| 371 ImportCertFromFile(certs_dir, "serial_zero_padded.pem"); |
| 372 ASSERT_TRUE(cert); |
| 373 |
| 370 // Check a serial number where the first byte is >= 0x80, the DER returned by | 374 // Check a serial number where the first byte is >= 0x80, the DER returned by |
| 371 // serial() should contain the leading 0 padding byte. | 375 // serial() should contain the leading 0 padding byte. |
| 372 scoped_refptr<X509Certificate> paypal_null_cert( | 376 static const uint8_t expected_serial[3] = {0x00, 0x80, 0x01}; |
| 373 X509Certificate::CreateFromBytes( | 377 ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); |
| 374 reinterpret_cast<const char*>(paypal_null_der), | 378 EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, |
| 375 sizeof(paypal_null_der))); | 379 sizeof(expected_serial)) == 0); |
| 376 ASSERT_TRUE(paypal_null_cert); | 380 } |
| 377 | 381 |
| 378 static const uint8_t paypal_null_serial[3] = {0x00, 0xf0, 0x9b}; | 382 TEST(X509CertificateTest, SerialNumberZeroPadded21BytesLong) { |
| 379 ASSERT_EQ(sizeof(paypal_null_serial), | 383 base::FilePath certs_dir = |
| 380 paypal_null_cert->serial_number().size()); | 384 GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); |
| 381 EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(), | 385 scoped_refptr<X509Certificate> cert = |
| 382 paypal_null_serial, sizeof(paypal_null_serial)) == 0); | 386 ImportCertFromFile(certs_dir, "serial_zero_padded_21_bytes.pem"); |
| 383 #endif // !defined(OS_WIN) | 387 ASSERT_TRUE(cert); |
| 388 |
| 389 // Check a serial number where the first byte is >= 0x80, causing the encoded |
| 390 // length to be 21 bytes long. This should be an error, but serial number |
| 391 // parsing is currently permissive. |
| 392 static const uint8_t expected_serial[21] = { |
| 393 0x00, 0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, |
| 394 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13}; |
| 395 ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); |
| 396 EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, |
| 397 sizeof(expected_serial)) == 0); |
| 398 } |
| 399 |
| 400 TEST(X509CertificateTest, SerialNumberNegative) { |
| 401 base::FilePath certs_dir = |
| 402 GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); |
| 403 scoped_refptr<X509Certificate> cert = |
| 404 ImportCertFromFile(certs_dir, "serial_negative.pem"); |
| 405 ASSERT_TRUE(cert); |
| 406 |
| 407 // RFC 5280 does not allow serial numbers to be negative, but serial number |
| 408 // parsing is currently permissive, so this does not cause an error. |
| 409 static const uint8_t expected_serial[2] = {0x80, 0x01}; |
| 410 ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); |
| 411 EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, |
| 412 sizeof(expected_serial)) == 0); |
| 413 } |
| 414 |
| 415 TEST(X509CertificateTest, SerialNumber37BytesLong) { |
| 416 base::FilePath certs_dir = |
| 417 GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); |
| 418 scoped_refptr<X509Certificate> cert = |
| 419 ImportCertFromFile(certs_dir, "serial_37_bytes.pem"); |
| 420 ASSERT_TRUE(cert); |
| 421 |
| 422 // Check a serial number which is very long. This should be an error, but |
| 423 // serial number parsing is currently permissive. |
| 424 static const uint8_t expected_serial[37] = { |
| 425 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, |
| 426 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, |
| 427 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, |
| 428 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25}; |
| 429 ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); |
| 430 EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, |
| 431 sizeof(expected_serial)) == 0); |
| 384 } | 432 } |
| 385 | 433 |
| 386 TEST(X509CertificateTest, SHA256FingerprintsCorrectly) { | 434 TEST(X509CertificateTest, SHA256FingerprintsCorrectly) { |
| 387 scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes( | 435 scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes( |
| 388 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | 436 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 389 ASSERT_TRUE(google_cert); | 437 ASSERT_TRUE(google_cert); |
| 390 | 438 |
| 391 const SHA256HashValue google_sha256_fingerprint = { | 439 const SHA256HashValue google_sha256_fingerprint = { |
| 392 {0x21, 0xaf, 0x58, 0x74, 0xea, 0x6b, 0xad, 0xbd, 0xe4, 0xb3, 0xb1, | 440 {0x21, 0xaf, 0x58, 0x74, 0xea, 0x6b, 0xad, 0xbd, 0xe4, 0xb3, 0xb1, |
| 393 0xaa, 0x53, 0x32, 0x80, 0x8f, 0xbf, 0x8a, 0x24, 0x7d, 0x98, 0xec, | 441 0xaa, 0x53, 0x32, 0x80, 0x8f, 0xbf, 0x8a, 0x24, 0x7d, 0x98, 0xec, |
| (...skipping 923 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1317 &actual_type); | 1365 &actual_type); |
| 1318 | 1366 |
| 1319 EXPECT_EQ(data.expected_bits, actual_bits); | 1367 EXPECT_EQ(data.expected_bits, actual_bits); |
| 1320 EXPECT_EQ(data.expected_type, actual_type); | 1368 EXPECT_EQ(data.expected_type, actual_type); |
| 1321 } | 1369 } |
| 1322 | 1370 |
| 1323 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, | 1371 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, |
| 1324 testing::ValuesIn(kPublicKeyInfoTestData)); | 1372 testing::ValuesIn(kPublicKeyInfoTestData)); |
| 1325 | 1373 |
| 1326 } // namespace net | 1374 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2881023003:
X509CertificateBytes: Allow invalid serial numbers for now. (Closed)
