Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(222)

Unified Diff: net/cert/x509_certificate_unittest.cc

Issue 2881023003: X509CertificateBytes: Allow invalid serial numbers for now. (Closed)
Patch Set: review changes 2 Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/x509_certificate_bytes.cc ('k') | net/data/parse_certificate_unittest/serial_37_bytes.pem » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_certificate_unittest.cc
diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
index 597513d71de2beaa5825e78693d8aeea4fb8ad47..91bdefc43b556f183372fcd69e69474c71927b30 100644
--- a/net/cert/x509_certificate_unittest.cc
+++ b/net/cert/x509_certificate_unittest.cc
@@ -362,25 +362,73 @@ TEST(X509CertificateTest, SerialNumbers) {
ASSERT_EQ(sizeof(google_serial), google_cert->serial_number().size());
EXPECT_TRUE(memcmp(google_cert->serial_number().data(), google_serial,
sizeof(google_serial)) == 0);
+}
+
+TEST(X509CertificateTest, SerialNumberZeroPadded) {
+ base::FilePath certs_dir =
+ GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
+ scoped_refptr<X509Certificate> cert =
+ ImportCertFromFile(certs_dir, "serial_zero_padded.pem");
+ ASSERT_TRUE(cert);
-// TODO(mattm): Creating the X509Certificate fails on some platforms due to the
-// null in the subject. Generate a new test cert specifically for this case
-// rather than reusing paypal_null_cert.
-#if !defined(OS_WIN) && !BUILDFLAG(USE_BYTE_CERTS)
// Check a serial number where the first byte is >= 0x80, the DER returned by
// serial() should contain the leading 0 padding byte.
- scoped_refptr<X509Certificate> paypal_null_cert(
- X509Certificate::CreateFromBytes(
- reinterpret_cast<const char*>(paypal_null_der),
- sizeof(paypal_null_der)));
- ASSERT_TRUE(paypal_null_cert);
-
- static const uint8_t paypal_null_serial[3] = {0x00, 0xf0, 0x9b};
- ASSERT_EQ(sizeof(paypal_null_serial),
- paypal_null_cert->serial_number().size());
- EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(),
- paypal_null_serial, sizeof(paypal_null_serial)) == 0);
-#endif // !defined(OS_WIN)
+ static const uint8_t expected_serial[3] = {0x00, 0x80, 0x01};
+ ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
+ EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
+ sizeof(expected_serial)) == 0);
+}
+
+TEST(X509CertificateTest, SerialNumberZeroPadded21BytesLong) {
+ base::FilePath certs_dir =
+ GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
+ scoped_refptr<X509Certificate> cert =
+ ImportCertFromFile(certs_dir, "serial_zero_padded_21_bytes.pem");
+ ASSERT_TRUE(cert);
+
+ // Check a serial number where the first byte is >= 0x80, causing the encoded
+ // length to be 21 bytes long. This should be an error, but serial number
+ // parsing is currently permissive.
+ static const uint8_t expected_serial[21] = {
+ 0x00, 0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13};
+ ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
+ EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
+ sizeof(expected_serial)) == 0);
+}
+
+TEST(X509CertificateTest, SerialNumberNegative) {
+ base::FilePath certs_dir =
+ GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
+ scoped_refptr<X509Certificate> cert =
+ ImportCertFromFile(certs_dir, "serial_negative.pem");
+ ASSERT_TRUE(cert);
+
+ // RFC 5280 does not allow serial numbers to be negative, but serial number
+ // parsing is currently permissive, so this does not cause an error.
+ static const uint8_t expected_serial[2] = {0x80, 0x01};
+ ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
+ EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
+ sizeof(expected_serial)) == 0);
+}
+
+TEST(X509CertificateTest, SerialNumber37BytesLong) {
+ base::FilePath certs_dir =
+ GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest");
+ scoped_refptr<X509Certificate> cert =
+ ImportCertFromFile(certs_dir, "serial_37_bytes.pem");
+ ASSERT_TRUE(cert);
+
+ // Check a serial number which is very long. This should be an error, but
+ // serial number parsing is currently permissive.
+ static const uint8_t expected_serial[37] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+ 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25};
+ ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size());
+ EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial,
+ sizeof(expected_serial)) == 0);
}
TEST(X509CertificateTest, SHA256FingerprintsCorrectly) {
« no previous file with comments | « net/cert/x509_certificate_bytes.cc ('k') | net/data/parse_certificate_unittest/serial_37_bytes.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698