Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(280)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/path_builder_pkits_unittest.cc

Issue 2903633005: Add generated PKITS tests relating to certificate policies. (Closed)
Patch Set: Update comments Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/nist_pkits_unittest.cc ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/path_builder.h" 5 #include "net/cert/internal/path_builder.h"
6 6
7 #include "net/base/net_errors.h" 7 #include "net/base/net_errors.h"
8 #include "net/cert/internal/cert_issuer_source_static.h" 8 #include "net/cert/internal/cert_issuer_source_static.h"
9 #include "net/cert/internal/parse_certificate.h" 9 #include "net/cert/internal/parse_certificate.h"
10 #include "net/cert/internal/parsed_certificate.h" 10 #include "net/cert/internal/parsed_certificate.h"
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 45
46 #include "net/cert/internal/nist_pkits_unittest.h" 46 #include "net/cert/internal/nist_pkits_unittest.h"
47 47
48 namespace net { 48 namespace net {
49 49
50 namespace { 50 namespace {
51 51
52 class PathBuilderPkitsTestDelegate { 52 class PathBuilderPkitsTestDelegate {
53 public: 53 public:
54 static bool Verify(std::vector<std::string> cert_ders, 54 static bool Verify(std::vector<std::string> cert_ders,
55 std::vector<std::string> crl_ders) { 55 std::vector<std::string> crl_ders,
56 const PkitsTestSettings& settings) {
56 if (cert_ders.empty()) { 57 if (cert_ders.empty()) {
57 ADD_FAILURE() << "cert_ders is empty"; 58 ADD_FAILURE() << "cert_ders is empty";
58 return false; 59 return false;
59 } 60 }
60 ParsedCertificateList certs; 61 ParsedCertificateList certs;
61 for (const std::string& der : cert_ders) { 62 for (const std::string& der : cert_ders) {
62 CertErrors errors; 63 CertErrors errors;
63 if (!ParsedCertificate::CreateAndAddToVector( 64 if (!ParsedCertificate::CreateAndAddToVector(
64 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( 65 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new(
65 reinterpret_cast<const uint8_t*>(der.data()), der.size(), 66 reinterpret_cast<const uint8_t*>(der.data()), der.size(),
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
105 class PkitsTest01SignatureVerificationCustomPathBuilderFoo 106 class PkitsTest01SignatureVerificationCustomPathBuilderFoo
106 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; 107 : public PkitsTest<PathBuilderPkitsTestDelegate> {};
107 108
108 // Modified version of 4.1.4 Valid DSA Signatures Test4 109 // Modified version of 4.1.4 Valid DSA Signatures Test4
109 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, 110 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo,
110 Section1ValidDSASignaturesTest4Custom) { 111 Section1ValidDSASignaturesTest4Custom) {
111 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", 112 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert",
112 "ValidDSASignaturesTest4EE"}; 113 "ValidDSASignaturesTest4EE"};
113 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"}; 114 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"};
114 // DSA signatures are intentionally unsupported. 115 // DSA signatures are intentionally unsupported.
115 ASSERT_FALSE(this->Verify(certs, crls)); 116 ASSERT_FALSE(this->Verify(certs, crls, {}));
116 } 117 }
117 118
118 // Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5 119 // Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5
119 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, 120 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo,
120 Section1ValidDSAParameterInheritanceTest5Custom) { 121 Section1ValidDSAParameterInheritanceTest5Custom) {
121 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", 122 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert",
122 "DSAParametersInheritedCACert", 123 "DSAParametersInheritedCACert",
123 "ValidDSAParameterInheritanceTest5EE"}; 124 "ValidDSAParameterInheritanceTest5EE"};
124 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL", 125 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL",
125 "DSAParametersInheritedCACRL"}; 126 "DSAParametersInheritedCACRL"};
126 // DSA signatures are intentionally unsupported. 127 // DSA signatures are intentionally unsupported.
127 ASSERT_FALSE(this->Verify(certs, crls)); 128 ASSERT_FALSE(this->Verify(certs, crls, {}));
128 } 129 }
129 130
130 class PkitsTest13SignatureVerificationCustomPathBuilderFoo 131 class PkitsTest13SignatureVerificationCustomPathBuilderFoo
131 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; 132 : public PkitsTest<PathBuilderPkitsTestDelegate> {};
132 133
133 // Modified version of 4.13.21 Valid RFC822 nameConstraints Test21 134 // Modified version of 4.13.21 Valid RFC822 nameConstraints Test21
134 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, 135 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
135 Section13ValidRFC822nameConstraintsTest21Custom) { 136 Section13ValidRFC822nameConstraintsTest21Custom) {
136 const char* const certs[] = {"TrustAnchorRootCertificate", 137 const char* const certs[] = {"TrustAnchorRootCertificate",
137 "nameConstraintsRFC822CA1Cert", 138 "nameConstraintsRFC822CA1Cert",
138 "ValidRFC822nameConstraintsTest21EE"}; 139 "ValidRFC822nameConstraintsTest21EE"};
139 const char* const crls[] = {"TrustAnchorRootCRL", 140 const char* const crls[] = {"TrustAnchorRootCRL",
140 "nameConstraintsRFC822CA1CRL"}; 141 "nameConstraintsRFC822CA1CRL"};
141 // Name constraints on rfc822Names are not supported. 142 // Name constraints on rfc822Names are not supported.
142 ASSERT_FALSE(this->Verify(certs, crls)); 143 ASSERT_FALSE(this->Verify(certs, crls, {}));
143 } 144 }
144 145
145 // Modified version of 4.13.23 Valid RFC822 nameConstraints Test23 146 // Modified version of 4.13.23 Valid RFC822 nameConstraints Test23
146 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, 147 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
147 Section13ValidRFC822nameConstraintsTest23Custom) { 148 Section13ValidRFC822nameConstraintsTest23Custom) {
148 const char* const certs[] = {"TrustAnchorRootCertificate", 149 const char* const certs[] = {"TrustAnchorRootCertificate",
149 "nameConstraintsRFC822CA2Cert", 150 "nameConstraintsRFC822CA2Cert",
150 "ValidRFC822nameConstraintsTest23EE"}; 151 "ValidRFC822nameConstraintsTest23EE"};
151 const char* const crls[] = {"TrustAnchorRootCRL", 152 const char* const crls[] = {"TrustAnchorRootCRL",
152 "nameConstraintsRFC822CA2CRL"}; 153 "nameConstraintsRFC822CA2CRL"};
153 // Name constraints on rfc822Names are not supported. 154 // Name constraints on rfc822Names are not supported.
154 ASSERT_FALSE(this->Verify(certs, crls)); 155 ASSERT_FALSE(this->Verify(certs, crls, {}));
155 } 156 }
156 157
157 // Modified version of 4.13.25 Valid RFC822 nameConstraints Test25 158 // Modified version of 4.13.25 Valid RFC822 nameConstraints Test25
158 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, 159 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
159 Section13ValidRFC822nameConstraintsTest25Custom) { 160 Section13ValidRFC822nameConstraintsTest25Custom) {
160 const char* const certs[] = {"TrustAnchorRootCertificate", 161 const char* const certs[] = {"TrustAnchorRootCertificate",
161 "nameConstraintsRFC822CA3Cert", 162 "nameConstraintsRFC822CA3Cert",
162 "ValidRFC822nameConstraintsTest25EE"}; 163 "ValidRFC822nameConstraintsTest25EE"};
163 const char* const crls[] = {"TrustAnchorRootCRL", 164 const char* const crls[] = {"TrustAnchorRootCRL",
164 "nameConstraintsRFC822CA3CRL"}; 165 "nameConstraintsRFC822CA3CRL"};
165 // Name constraints on rfc822Names are not supported. 166 // Name constraints on rfc822Names are not supported.
166 ASSERT_FALSE(this->Verify(certs, crls)); 167 ASSERT_FALSE(this->Verify(certs, crls, {}));
167 } 168 }
168 169
169 // Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27 170 // Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27
170 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, 171 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
171 Section13ValidDNandRFC822nameConstraintsTest27Custom) { 172 Section13ValidDNandRFC822nameConstraintsTest27Custom) {
172 const char* const certs[] = {"TrustAnchorRootCertificate", 173 const char* const certs[] = {"TrustAnchorRootCertificate",
173 "nameConstraintsDN1CACert", 174 "nameConstraintsDN1CACert",
174 "nameConstraintsDN1subCA3Cert", 175 "nameConstraintsDN1subCA3Cert",
175 "ValidDNandRFC822nameConstraintsTest27EE"}; 176 "ValidDNandRFC822nameConstraintsTest27EE"};
176 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", 177 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL",
177 "nameConstraintsDN1subCA3CRL"}; 178 "nameConstraintsDN1subCA3CRL"};
178 // Name constraints on rfc822Names are not supported. 179 // Name constraints on rfc822Names are not supported.
179 ASSERT_FALSE(this->Verify(certs, crls)); 180 ASSERT_FALSE(this->Verify(certs, crls, {}));
180 } 181 }
181 182
182 // Modified version of 4.13.34 Valid URI nameConstraints Test34 183 // Modified version of 4.13.34 Valid URI nameConstraints Test34
183 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, 184 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
184 Section13ValidURInameConstraintsTest34Custom) { 185 Section13ValidURInameConstraintsTest34Custom) {
185 const char* const certs[] = {"TrustAnchorRootCertificate", 186 const char* const certs[] = {"TrustAnchorRootCertificate",
186 "nameConstraintsURI1CACert", 187 "nameConstraintsURI1CACert",
187 "ValidURInameConstraintsTest34EE"}; 188 "ValidURInameConstraintsTest34EE"};
188 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"}; 189 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"};
189 // Name constraints on uniformResourceIdentifiers are not supported. 190 // Name constraints on uniformResourceIdentifiers are not supported.
190 ASSERT_FALSE(this->Verify(certs, crls)); 191 ASSERT_FALSE(this->Verify(certs, crls, {}));
191 } 192 }
192 193
193 // Modified version of 4.13.36 Valid URI nameConstraints Test36 194 // Modified version of 4.13.36 Valid URI nameConstraints Test36
194 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, 195 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
195 Section13ValidURInameConstraintsTest36Custom) { 196 Section13ValidURInameConstraintsTest36Custom) {
196 const char* const certs[] = {"TrustAnchorRootCertificate", 197 const char* const certs[] = {"TrustAnchorRootCertificate",
197 "nameConstraintsURI2CACert", 198 "nameConstraintsURI2CACert",
198 "ValidURInameConstraintsTest36EE"}; 199 "ValidURInameConstraintsTest36EE"};
199 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"}; 200 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"};
200 // Name constraints on uniformResourceIdentifiers are not supported. 201 // Name constraints on uniformResourceIdentifiers are not supported.
201 ASSERT_FALSE(this->Verify(certs, crls)); 202 ASSERT_FALSE(this->Verify(certs, crls, {}));
202 } 203 }
203 204
204 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, 205 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
205 PkitsTest01SignatureVerification, 206 PkitsTest01SignatureVerification,
206 PathBuilderPkitsTestDelegate); 207 PathBuilderPkitsTestDelegate);
207 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, 208 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
208 PkitsTest02ValidityPeriods, 209 PkitsTest02ValidityPeriods,
209 PathBuilderPkitsTestDelegate); 210 PathBuilderPkitsTestDelegate);
210 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, 211 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
211 PkitsTest03VerifyingNameChaining, 212 PkitsTest03VerifyingNameChaining,
(...skipping 13 matching lines...) Expand all
225 226
226 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, 227 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,
227 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, 228 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,
228 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs 229 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
229 230
230 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, 231 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
231 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, 232 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
232 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy 233 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
233 234
234 } // namespace net 235 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/nist_pkits_unittest.cc ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698