OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/cast_certificate/cast_cert_validator.h" | 5 #include "components/cast_certificate/cast_cert_validator.h" |
6 | 6 |
7 #include "components/cast_certificate/cast_cert_validator_test_helpers.h" | 7 #include "components/cast_certificate/cast_cert_validator_test_helpers.h" |
8 #include "net/cert/internal/cert_errors.h" | 8 #include "net/cert/internal/cert_errors.h" |
9 #include "net/cert/internal/parsed_certificate.h" | 9 #include "net/cert/internal/parsed_certificate.h" |
10 #include "net/cert/internal/trust_store_in_memory.h" | 10 #include "net/cert/internal/trust_store_in_memory.h" |
(...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
409 "certificates/violates_root_pathlen_constraint.pem", AprilFirst2016(), | 409 "certificates/violates_root_pathlen_constraint.pem", AprilFirst2016(), |
410 TRUST_STORE_FROM_TEST_FILE_UNCONSTRAINED, ""); | 410 TRUST_STORE_FROM_TEST_FILE_UNCONSTRAINED, ""); |
411 | 411 |
412 // Now do the real test and verify validation fails when using a TrustAncho | 412 // Now do the real test and verify validation fails when using a TrustAncho |
413 // with pathlen constraint. | 413 // with pathlen constraint. |
414 RunTest(RESULT_FAIL, "Target", CastDeviceCertPolicy::NONE, | 414 RunTest(RESULT_FAIL, "Target", CastDeviceCertPolicy::NONE, |
415 "certificates/violates_root_pathlen_constraint.pem", AprilFirst2016(), | 415 "certificates/violates_root_pathlen_constraint.pem", AprilFirst2016(), |
416 TRUST_STORE_FROM_TEST_FILE, ""); | 416 TRUST_STORE_FROM_TEST_FILE, ""); |
417 } | 417 } |
418 | 418 |
| 419 // Tests verifying a certificate chain with the policies: |
| 420 // |
| 421 // Root: policies={} |
| 422 // Intermediate: policies={anyPolicy} |
| 423 // Leaf: policies={anyPolicy} |
| 424 TEST(VerifyCastDeviceCertTest, PoliciesIcaAnypolicyLeafAnypolicy) { |
| 425 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::NONE, |
| 426 "certificates/policies_ica_anypolicy_leaf_anypolicy.pem", |
| 427 AprilFirst2016(), TRUST_STORE_FROM_TEST_FILE, ""); |
| 428 } |
| 429 |
| 430 // Test verifying a certificate chain with the policies: |
| 431 // |
| 432 // Root: policies={} |
| 433 // Intermediate: policies={anyPolicy} |
| 434 // Leaf: policies={audioOnly} |
| 435 TEST(VerifyCastDeviceCertTest, PoliciesIcaAnypolicyLeafAudioonly) { |
| 436 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::AUDIO_ONLY, |
| 437 "certificates/policies_ica_anypolicy_leaf_audioonly.pem", |
| 438 AprilFirst2016(), TRUST_STORE_FROM_TEST_FILE, ""); |
| 439 } |
| 440 |
| 441 // Test verifying a certificate chain with the policies: |
| 442 // |
| 443 // Root: policies={} |
| 444 // Intermediate: policies={anyPolicy} |
| 445 // Leaf: policies={foo} |
| 446 TEST(VerifyCastDeviceCertTest, PoliciesIcaAnypolicyLeafFoo) { |
| 447 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::NONE, |
| 448 "certificates/policies_ica_anypolicy_leaf_foo.pem", AprilFirst2016(), |
| 449 TRUST_STORE_FROM_TEST_FILE, ""); |
| 450 } |
| 451 |
| 452 // Test verifying a certificate chain with the policies: |
| 453 // |
| 454 // Root: policies={} |
| 455 // Intermediate: policies={anyPolicy} |
| 456 // Leaf: policies={} |
| 457 TEST(VerifyCastDeviceCertTest, PoliciesIcaAnypolicyLeafNone) { |
| 458 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::NONE, |
| 459 "certificates/policies_ica_anypolicy_leaf_none.pem", AprilFirst2016(), |
| 460 TRUST_STORE_FROM_TEST_FILE, ""); |
| 461 } |
| 462 |
| 463 // Test verifying a certificate chain with the policies: |
| 464 // |
| 465 // Root: policies={} |
| 466 // Intermediate: policies={audioOnly} |
| 467 // Leaf: policies={anyPolicy} |
| 468 TEST(VerifyCastDeviceCertTest, PoliciesIcaAudioonlyLeafAnypolicy) { |
| 469 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::AUDIO_ONLY, |
| 470 "certificates/policies_ica_audioonly_leaf_anypolicy.pem", |
| 471 AprilFirst2016(), TRUST_STORE_FROM_TEST_FILE, ""); |
| 472 } |
| 473 |
| 474 // Test verifying a certificate chain with the policies: |
| 475 // |
| 476 // Root: policies={} |
| 477 // Intermediate: policies={audioOnly} |
| 478 // Leaf: policies={audioOnly} |
| 479 TEST(VerifyCastDeviceCertTest, PoliciesIcaAudioonlyLeafAudioonly) { |
| 480 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::AUDIO_ONLY, |
| 481 "certificates/policies_ica_audioonly_leaf_audioonly.pem", |
| 482 AprilFirst2016(), TRUST_STORE_FROM_TEST_FILE, ""); |
| 483 } |
| 484 |
| 485 // Test verifying a certificate chain with the policies: |
| 486 // |
| 487 // Root: policies={} |
| 488 // Intermediate: policies={audioOnly} |
| 489 // Leaf: policies={foo} |
| 490 TEST(VerifyCastDeviceCertTest, PoliciesIcaAudioonlyLeafFoo) { |
| 491 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::AUDIO_ONLY, |
| 492 "certificates/policies_ica_audioonly_leaf_foo.pem", AprilFirst2016(), |
| 493 TRUST_STORE_FROM_TEST_FILE, ""); |
| 494 } |
| 495 |
| 496 // Test verifying a certificate chain with the policies: |
| 497 // |
| 498 // Root: policies={} |
| 499 // Intermediate: policies={audioOnly} |
| 500 // Leaf: policies={} |
| 501 TEST(VerifyCastDeviceCertTest, PoliciesIcaAudioonlyLeafNone) { |
| 502 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::AUDIO_ONLY, |
| 503 "certificates/policies_ica_audioonly_leaf_none.pem", AprilFirst2016(), |
| 504 TRUST_STORE_FROM_TEST_FILE, ""); |
| 505 } |
| 506 |
| 507 // Test verifying a certificate chain with the policies: |
| 508 // |
| 509 // Root: policies={} |
| 510 // Intermediate: policies={} |
| 511 // Leaf: policies={anyPolicy} |
| 512 TEST(VerifyCastDeviceCertTest, PoliciesIcaNoneLeafAnypolicy) { |
| 513 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::NONE, |
| 514 "certificates/policies_ica_none_leaf_anypolicy.pem", AprilFirst2016(), |
| 515 TRUST_STORE_FROM_TEST_FILE, ""); |
| 516 } |
| 517 |
| 518 // Test verifying a certificate chain with the policies: |
| 519 // |
| 520 // Root: policies={} |
| 521 // Intermediate: policies={} |
| 522 // Leaf: policies={audioOnly} |
| 523 TEST(VerifyCastDeviceCertTest, PoliciesIcaNoneLeafAudioonly) { |
| 524 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::AUDIO_ONLY, |
| 525 "certificates/policies_ica_none_leaf_audioonly.pem", AprilFirst2016(), |
| 526 TRUST_STORE_FROM_TEST_FILE, ""); |
| 527 } |
| 528 |
| 529 // Test verifying a certificate chain with the policies: |
| 530 // |
| 531 // Root: policies={} |
| 532 // Intermediate: policies={} |
| 533 // Leaf: policies={foo} |
| 534 TEST(VerifyCastDeviceCertTest, PoliciesIcaNoneLeafFoo) { |
| 535 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::NONE, |
| 536 "certificates/policies_ica_none_leaf_foo.pem", AprilFirst2016(), |
| 537 TRUST_STORE_FROM_TEST_FILE, ""); |
| 538 } |
| 539 |
| 540 // Test verifying a certificate chain with the policies: |
| 541 // |
| 542 // Root: policies={} |
| 543 // Intermediate: policies={} |
| 544 // Leaf: policies={} |
| 545 TEST(VerifyCastDeviceCertTest, PoliciesIcaNoneLeafNone) { |
| 546 RunTest(RESULT_SUCCESS, "Leaf", CastDeviceCertPolicy::NONE, |
| 547 "certificates/policies_ica_none_leaf_none.pem", AprilFirst2016(), |
| 548 TRUST_STORE_FROM_TEST_FILE, ""); |
| 549 } |
| 550 |
419 // ------------------------------------------------------ | 551 // ------------------------------------------------------ |
420 // Valid signature using 1024-bit RSA key | 552 // Valid signature using 1024-bit RSA key |
421 // ------------------------------------------------------ | 553 // ------------------------------------------------------ |
422 | 554 |
423 // This test vector comes from the NIST test vectors (pkcs1v15sign-vectors.txt), | 555 // This test vector comes from the NIST test vectors (pkcs1v15sign-vectors.txt), |
424 // PKCS#1 v1.5 Signature Example 1.2. | 556 // PKCS#1 v1.5 Signature Example 1.2. |
425 // | 557 // |
426 // It is a valid signature using a 1024 bit key and SHA-1. | 558 // It is a valid signature using a 1024 bit key and SHA-1. |
427 | 559 |
428 const uint8_t kEx1Message[] = { | 560 const uint8_t kEx1Message[] = { |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
544 auto context = | 676 auto context = |
545 CertVerificationContextImplForTest(CreateString(kEx2PublicKeySpki)); | 677 CertVerificationContextImplForTest(CreateString(kEx2PublicKeySpki)); |
546 | 678 |
547 EXPECT_TRUE(context->VerifySignatureOverData(CreateString(kEx2Signature), | 679 EXPECT_TRUE(context->VerifySignatureOverData(CreateString(kEx2Signature), |
548 CreateString(kEx2Message))); | 680 CreateString(kEx2Message))); |
549 } | 681 } |
550 | 682 |
551 } // namespace | 683 } // namespace |
552 | 684 |
553 } // namespace cast_certificate | 685 } // namespace cast_certificate |
OLD | NEW |