| Index: net/cert/x509_certificate_unittest.cc
|
| diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
|
| index 597513d71de2beaa5825e78693d8aeea4fb8ad47..91bdefc43b556f183372fcd69e69474c71927b30 100644
|
| --- a/net/cert/x509_certificate_unittest.cc
|
| +++ b/net/cert/x509_certificate_unittest.cc
|
| @@ -362,25 +362,73 @@ TEST(X509CertificateTest, SerialNumbers) {
|
| ASSERT_EQ(sizeof(google_serial), google_cert->serial_number().size());
|
| EXPECT_TRUE(memcmp(google_cert->serial_number().data(), google_serial,
|
| sizeof(google_serial)) == 0);
|
| +}
|
| +
|
| +TEST(X509CertificateTest, SerialNumberZeroPadded) {
|
| + base::FilePath certs_dir =
|
| + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
|
| + scoped_refptr<X509Certificate> cert =
|
| + ImportCertFromFile(certs_dir, "serial_zero_padded.pem");
|
| + ASSERT_TRUE(cert);
|
|
|
| -// TODO(mattm): Creating the X509Certificate fails on some platforms due to the
|
| -// null in the subject. Generate a new test cert specifically for this case
|
| -// rather than reusing paypal_null_cert.
|
| -#if !defined(OS_WIN) && !BUILDFLAG(USE_BYTE_CERTS)
|
| // Check a serial number where the first byte is >= 0x80, the DER returned by
|
| // serial() should contain the leading 0 padding byte.
|
| - scoped_refptr<X509Certificate> paypal_null_cert(
|
| - X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(paypal_null_der),
|
| - sizeof(paypal_null_der)));
|
| - ASSERT_TRUE(paypal_null_cert);
|
| -
|
| - static const uint8_t paypal_null_serial[3] = {0x00, 0xf0, 0x9b};
|
| - ASSERT_EQ(sizeof(paypal_null_serial),
|
| - paypal_null_cert->serial_number().size());
|
| - EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(),
|
| - paypal_null_serial, sizeof(paypal_null_serial)) == 0);
|
| -#endif // !defined(OS_WIN)
|
| + static const uint8_t expected_serial[3] = {0x00, 0x80, 0x01};
|
| + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
|
| + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
|
| + sizeof(expected_serial)) == 0);
|
| +}
|
| +
|
| +TEST(X509CertificateTest, SerialNumberZeroPadded21BytesLong) {
|
| + base::FilePath certs_dir =
|
| + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
|
| + scoped_refptr<X509Certificate> cert =
|
| + ImportCertFromFile(certs_dir, "serial_zero_padded_21_bytes.pem");
|
| + ASSERT_TRUE(cert);
|
| +
|
| + // Check a serial number where the first byte is >= 0x80, causing the encoded
|
| + // length to be 21 bytes long. This should be an error, but serial number
|
| + // parsing is currently permissive.
|
| + static const uint8_t expected_serial[21] = {
|
| + 0x00, 0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
|
| + 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13};
|
| + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
|
| + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
|
| + sizeof(expected_serial)) == 0);
|
| +}
|
| +
|
| +TEST(X509CertificateTest, SerialNumberNegative) {
|
| + base::FilePath certs_dir =
|
| + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
|
| + scoped_refptr<X509Certificate> cert =
|
| + ImportCertFromFile(certs_dir, "serial_negative.pem");
|
| + ASSERT_TRUE(cert);
|
| +
|
| + // RFC 5280 does not allow serial numbers to be negative, but serial number
|
| + // parsing is currently permissive, so this does not cause an error.
|
| + static const uint8_t expected_serial[2] = {0x80, 0x01};
|
| + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
|
| + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
|
| + sizeof(expected_serial)) == 0);
|
| +}
|
| +
|
| +TEST(X509CertificateTest, SerialNumber37BytesLong) {
|
| + base::FilePath certs_dir =
|
| + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
|
| + scoped_refptr<X509Certificate> cert =
|
| + ImportCertFromFile(certs_dir, "serial_37_bytes.pem");
|
| + ASSERT_TRUE(cert);
|
| +
|
| + // Check a serial number which is very long. This should be an error, but
|
| + // serial number parsing is currently permissive.
|
| + static const uint8_t expected_serial[37] = {
|
| + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
|
| + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
|
| + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
|
| + 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25};
|
| + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
|
| + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
|
| + sizeof(expected_serial)) == 0);
|
| }
|
|
|
| TEST(X509CertificateTest, SHA256FingerprintsCorrectly) {
|
|
|
Chromium Code Reviews
Issue 2881023003:
X509CertificateBytes: Allow invalid serial numbers for now. (Closed)
