OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
6 | 6 |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "net/cert/internal/cert_issuer_source_static.h" | 8 #include "net/cert/internal/cert_issuer_source_static.h" |
9 #include "net/cert/internal/parse_certificate.h" | 9 #include "net/cert/internal/parse_certificate.h" |
10 #include "net/cert/internal/parsed_certificate.h" | 10 #include "net/cert/internal/parsed_certificate.h" |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
45 | 45 |
46 #include "net/cert/internal/nist_pkits_unittest.h" | 46 #include "net/cert/internal/nist_pkits_unittest.h" |
47 | 47 |
48 namespace net { | 48 namespace net { |
49 | 49 |
50 namespace { | 50 namespace { |
51 | 51 |
52 class PathBuilderPkitsTestDelegate { | 52 class PathBuilderPkitsTestDelegate { |
53 public: | 53 public: |
54 static bool Verify(std::vector<std::string> cert_ders, | 54 static bool Verify(std::vector<std::string> cert_ders, |
55 std::vector<std::string> crl_ders) { | 55 std::vector<std::string> crl_ders, |
| 56 const PkitsTestSettings& settings) { |
56 if (cert_ders.empty()) { | 57 if (cert_ders.empty()) { |
57 ADD_FAILURE() << "cert_ders is empty"; | 58 ADD_FAILURE() << "cert_ders is empty"; |
58 return false; | 59 return false; |
59 } | 60 } |
60 ParsedCertificateList certs; | 61 ParsedCertificateList certs; |
61 for (const std::string& der : cert_ders) { | 62 for (const std::string& der : cert_ders) { |
62 CertErrors errors; | 63 CertErrors errors; |
63 if (!ParsedCertificate::CreateAndAddToVector( | 64 if (!ParsedCertificate::CreateAndAddToVector( |
64 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( | 65 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( |
65 reinterpret_cast<const uint8_t*>(der.data()), der.size(), | 66 reinterpret_cast<const uint8_t*>(der.data()), der.size(), |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
105 class PkitsTest01SignatureVerificationCustomPathBuilderFoo | 106 class PkitsTest01SignatureVerificationCustomPathBuilderFoo |
106 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; | 107 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; |
107 | 108 |
108 // Modified version of 4.1.4 Valid DSA Signatures Test4 | 109 // Modified version of 4.1.4 Valid DSA Signatures Test4 |
109 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, | 110 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, |
110 Section1ValidDSASignaturesTest4Custom) { | 111 Section1ValidDSASignaturesTest4Custom) { |
111 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", | 112 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", |
112 "ValidDSASignaturesTest4EE"}; | 113 "ValidDSASignaturesTest4EE"}; |
113 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"}; | 114 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"}; |
114 // DSA signatures are intentionally unsupported. | 115 // DSA signatures are intentionally unsupported. |
115 ASSERT_FALSE(this->Verify(certs, crls)); | 116 ASSERT_FALSE(this->Verify(certs, crls, {})); |
116 } | 117 } |
117 | 118 |
118 // Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5 | 119 // Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5 |
119 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, | 120 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, |
120 Section1ValidDSAParameterInheritanceTest5Custom) { | 121 Section1ValidDSAParameterInheritanceTest5Custom) { |
121 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", | 122 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", |
122 "DSAParametersInheritedCACert", | 123 "DSAParametersInheritedCACert", |
123 "ValidDSAParameterInheritanceTest5EE"}; | 124 "ValidDSAParameterInheritanceTest5EE"}; |
124 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL", | 125 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL", |
125 "DSAParametersInheritedCACRL"}; | 126 "DSAParametersInheritedCACRL"}; |
126 // DSA signatures are intentionally unsupported. | 127 // DSA signatures are intentionally unsupported. |
127 ASSERT_FALSE(this->Verify(certs, crls)); | 128 ASSERT_FALSE(this->Verify(certs, crls, {})); |
128 } | 129 } |
129 | 130 |
130 class PkitsTest13SignatureVerificationCustomPathBuilderFoo | 131 class PkitsTest13SignatureVerificationCustomPathBuilderFoo |
131 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; | 132 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; |
132 | 133 |
133 // Modified version of 4.13.21 Valid RFC822 nameConstraints Test21 | 134 // Modified version of 4.13.21 Valid RFC822 nameConstraints Test21 |
134 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | 135 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, |
135 Section13ValidRFC822nameConstraintsTest21Custom) { | 136 Section13ValidRFC822nameConstraintsTest21Custom) { |
136 const char* const certs[] = {"TrustAnchorRootCertificate", | 137 const char* const certs[] = {"TrustAnchorRootCertificate", |
137 "nameConstraintsRFC822CA1Cert", | 138 "nameConstraintsRFC822CA1Cert", |
138 "ValidRFC822nameConstraintsTest21EE"}; | 139 "ValidRFC822nameConstraintsTest21EE"}; |
139 const char* const crls[] = {"TrustAnchorRootCRL", | 140 const char* const crls[] = {"TrustAnchorRootCRL", |
140 "nameConstraintsRFC822CA1CRL"}; | 141 "nameConstraintsRFC822CA1CRL"}; |
141 // Name constraints on rfc822Names are not supported. | 142 // Name constraints on rfc822Names are not supported. |
142 ASSERT_FALSE(this->Verify(certs, crls)); | 143 ASSERT_FALSE(this->Verify(certs, crls, {})); |
143 } | 144 } |
144 | 145 |
145 // Modified version of 4.13.23 Valid RFC822 nameConstraints Test23 | 146 // Modified version of 4.13.23 Valid RFC822 nameConstraints Test23 |
146 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | 147 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, |
147 Section13ValidRFC822nameConstraintsTest23Custom) { | 148 Section13ValidRFC822nameConstraintsTest23Custom) { |
148 const char* const certs[] = {"TrustAnchorRootCertificate", | 149 const char* const certs[] = {"TrustAnchorRootCertificate", |
149 "nameConstraintsRFC822CA2Cert", | 150 "nameConstraintsRFC822CA2Cert", |
150 "ValidRFC822nameConstraintsTest23EE"}; | 151 "ValidRFC822nameConstraintsTest23EE"}; |
151 const char* const crls[] = {"TrustAnchorRootCRL", | 152 const char* const crls[] = {"TrustAnchorRootCRL", |
152 "nameConstraintsRFC822CA2CRL"}; | 153 "nameConstraintsRFC822CA2CRL"}; |
153 // Name constraints on rfc822Names are not supported. | 154 // Name constraints on rfc822Names are not supported. |
154 ASSERT_FALSE(this->Verify(certs, crls)); | 155 ASSERT_FALSE(this->Verify(certs, crls, {})); |
155 } | 156 } |
156 | 157 |
157 // Modified version of 4.13.25 Valid RFC822 nameConstraints Test25 | 158 // Modified version of 4.13.25 Valid RFC822 nameConstraints Test25 |
158 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | 159 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, |
159 Section13ValidRFC822nameConstraintsTest25Custom) { | 160 Section13ValidRFC822nameConstraintsTest25Custom) { |
160 const char* const certs[] = {"TrustAnchorRootCertificate", | 161 const char* const certs[] = {"TrustAnchorRootCertificate", |
161 "nameConstraintsRFC822CA3Cert", | 162 "nameConstraintsRFC822CA3Cert", |
162 "ValidRFC822nameConstraintsTest25EE"}; | 163 "ValidRFC822nameConstraintsTest25EE"}; |
163 const char* const crls[] = {"TrustAnchorRootCRL", | 164 const char* const crls[] = {"TrustAnchorRootCRL", |
164 "nameConstraintsRFC822CA3CRL"}; | 165 "nameConstraintsRFC822CA3CRL"}; |
165 // Name constraints on rfc822Names are not supported. | 166 // Name constraints on rfc822Names are not supported. |
166 ASSERT_FALSE(this->Verify(certs, crls)); | 167 ASSERT_FALSE(this->Verify(certs, crls, {})); |
167 } | 168 } |
168 | 169 |
169 // Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27 | 170 // Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27 |
170 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | 171 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, |
171 Section13ValidDNandRFC822nameConstraintsTest27Custom) { | 172 Section13ValidDNandRFC822nameConstraintsTest27Custom) { |
172 const char* const certs[] = {"TrustAnchorRootCertificate", | 173 const char* const certs[] = {"TrustAnchorRootCertificate", |
173 "nameConstraintsDN1CACert", | 174 "nameConstraintsDN1CACert", |
174 "nameConstraintsDN1subCA3Cert", | 175 "nameConstraintsDN1subCA3Cert", |
175 "ValidDNandRFC822nameConstraintsTest27EE"}; | 176 "ValidDNandRFC822nameConstraintsTest27EE"}; |
176 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", | 177 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", |
177 "nameConstraintsDN1subCA3CRL"}; | 178 "nameConstraintsDN1subCA3CRL"}; |
178 // Name constraints on rfc822Names are not supported. | 179 // Name constraints on rfc822Names are not supported. |
179 ASSERT_FALSE(this->Verify(certs, crls)); | 180 ASSERT_FALSE(this->Verify(certs, crls, {})); |
180 } | 181 } |
181 | 182 |
182 // Modified version of 4.13.34 Valid URI nameConstraints Test34 | 183 // Modified version of 4.13.34 Valid URI nameConstraints Test34 |
183 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | 184 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, |
184 Section13ValidURInameConstraintsTest34Custom) { | 185 Section13ValidURInameConstraintsTest34Custom) { |
185 const char* const certs[] = {"TrustAnchorRootCertificate", | 186 const char* const certs[] = {"TrustAnchorRootCertificate", |
186 "nameConstraintsURI1CACert", | 187 "nameConstraintsURI1CACert", |
187 "ValidURInameConstraintsTest34EE"}; | 188 "ValidURInameConstraintsTest34EE"}; |
188 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"}; | 189 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"}; |
189 // Name constraints on uniformResourceIdentifiers are not supported. | 190 // Name constraints on uniformResourceIdentifiers are not supported. |
190 ASSERT_FALSE(this->Verify(certs, crls)); | 191 ASSERT_FALSE(this->Verify(certs, crls, {})); |
191 } | 192 } |
192 | 193 |
193 // Modified version of 4.13.36 Valid URI nameConstraints Test36 | 194 // Modified version of 4.13.36 Valid URI nameConstraints Test36 |
194 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | 195 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, |
195 Section13ValidURInameConstraintsTest36Custom) { | 196 Section13ValidURInameConstraintsTest36Custom) { |
196 const char* const certs[] = {"TrustAnchorRootCertificate", | 197 const char* const certs[] = {"TrustAnchorRootCertificate", |
197 "nameConstraintsURI2CACert", | 198 "nameConstraintsURI2CACert", |
198 "ValidURInameConstraintsTest36EE"}; | 199 "ValidURInameConstraintsTest36EE"}; |
199 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"}; | 200 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"}; |
200 // Name constraints on uniformResourceIdentifiers are not supported. | 201 // Name constraints on uniformResourceIdentifiers are not supported. |
201 ASSERT_FALSE(this->Verify(certs, crls)); | 202 ASSERT_FALSE(this->Verify(certs, crls, {})); |
202 } | 203 } |
203 | 204 |
204 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, | 205 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, |
205 PkitsTest01SignatureVerification, | 206 PkitsTest01SignatureVerification, |
206 PathBuilderPkitsTestDelegate); | 207 PathBuilderPkitsTestDelegate); |
207 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, | 208 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, |
208 PkitsTest02ValidityPeriods, | 209 PkitsTest02ValidityPeriods, |
209 PathBuilderPkitsTestDelegate); | 210 PathBuilderPkitsTestDelegate); |
210 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, | 211 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, |
211 PkitsTest03VerifyingNameChaining, | 212 PkitsTest03VerifyingNameChaining, |
(...skipping 13 matching lines...) Expand all Loading... |
225 | 226 |
226 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, | 227 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, |
227 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, | 228 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, |
228 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs | 229 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs |
229 | 230 |
230 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, | 231 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, |
231 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, | 232 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, |
232 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy | 233 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy |
233 | 234 |
234 } // namespace net | 235 } // namespace net |
OLD | NEW |