| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ | 5 #ifndef NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ |
| 6 #define NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ | 6 #define NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ |
| 7 | 7 |
| 8 #include <set> | 8 #include <set> |
| 9 | 9 |
| 10 #include "net/cert/internal/test_helpers.h" | 10 #include "net/cert/internal/test_helpers.h" |
| 11 #include "net/der/parse_values.h" | 11 #include "net/der/parse_values.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
| 13 | 13 |
| 14 namespace net { | 14 namespace net { |
| 15 | 15 |
| 16 // Describes the inputs and outputs (other than the certificates) for | 16 // Describes the inputs and outputs (other than the certificates) for |
| 17 // the PKITS tests. | 17 // the PKITS tests. |
| 18 struct PkitsTestInfo { | 18 struct PkitsTestInfo { |
| 19 // Default construction results in the "default settings". | 19 // Default construction results in the "default settings". |
| 20 PkitsTestInfo(); | 20 PkitsTestInfo(); |
| 21 PkitsTestInfo(const PkitsTestInfo& other); |
| 21 ~PkitsTestInfo(); | 22 ~PkitsTestInfo(); |
| 22 | 23 |
| 23 // Sets |initial_policy_set| to the specified policies. The | 24 // Sets |initial_policy_set| to the specified policies. The |
| 24 // policies are described as comma-separated symbolic strings like | 25 // policies are described as comma-separated symbolic strings like |
| 25 // "anyPolicy" and "NIST-test-policy-1". | 26 // "anyPolicy" and "NIST-test-policy-1". |
| 26 // | 27 // |
| 27 // If this isn't called, the default is "anyPolicy". | 28 // If this isn't called, the default is "anyPolicy". |
| 28 void SetInitialPolicySet(const char* const policy_names); | 29 void SetInitialPolicySet(const char* const policy_names); |
| 29 | 30 |
| 30 // Sets |user_constrained_policy_set| to the specified policies. The | 31 // Sets |user_constrained_policy_set| to the specified policies. The |
| 31 // policies are described as comma-separated symbolic strings like | 32 // policies are described as comma-separated symbolic strings like |
| 32 // "anyPolicy" and "NIST-test-policy-1". | 33 // "anyPolicy" and "NIST-test-policy-1". |
| 33 // | 34 // |
| 34 // If this isn't called, the default is "NIST-test-policy-1". | 35 // If this isn't called, the default is "NIST-test-policy-1". |
| 35 void SetUserConstrainedPolicySet(const char* const policy_names); | 36 void SetUserConstrainedPolicySet(const char* const policy_names); |
| 36 | 37 |
| 37 void SetInitialExplicitPolicy(bool b); | 38 void SetInitialExplicitPolicy(bool b); |
| 38 void SetInitialPolicyMappingInhibit(bool b); | 39 void SetInitialPolicyMappingInhibit(bool b); |
| 39 void SetInitialInhibitAnyPolicy(bool b); | 40 void SetInitialInhibitAnyPolicy(bool b); |
| 40 | 41 |
| 41 // ---------------- | 42 // ---------------- |
| 43 // Info |
| 44 // ---------------- |
| 45 |
| 46 // The PKITS test number. For example, "4.1.1". |
| 47 const char* test_number = nullptr; |
| 48 |
| 49 // ---------------- |
| 42 // Inputs | 50 // Inputs |
| 43 // ---------------- | 51 // ---------------- |
| 44 | 52 |
| 45 // A set of policy OIDs to use for "initial-policy-set". | 53 // A set of policy OIDs to use for "initial-policy-set". |
| 46 std::set<der::Input> initial_policy_set; | 54 std::set<der::Input> initial_policy_set; |
| 47 | 55 |
| 48 // The value of "initial-explicit-policy". | 56 // The value of "initial-explicit-policy". |
| 49 InitialExplicitPolicy initial_explicit_policy = InitialExplicitPolicy::kFalse; | 57 InitialExplicitPolicy initial_explicit_policy = InitialExplicitPolicy::kFalse; |
| 50 | 58 |
| 51 // The value of "initial-policy-mapping-inhibit". | 59 // The value of "initial-policy-mapping-inhibit". |
| (...skipping 29 matching lines...) Expand all Loading... |
| 81 const char* const (&crl_names)[num_crls], | 89 const char* const (&crl_names)[num_crls], |
| 82 const PkitsTestInfo& info) { | 90 const PkitsTestInfo& info) { |
| 83 std::vector<std::string> cert_ders; | 91 std::vector<std::string> cert_ders; |
| 84 for (const std::string& s : cert_names) | 92 for (const std::string& s : cert_names) |
| 85 cert_ders.push_back(net::ReadTestFileToString( | 93 cert_ders.push_back(net::ReadTestFileToString( |
| 86 "net/third_party/nist-pkits/certs/" + s + ".crt")); | 94 "net/third_party/nist-pkits/certs/" + s + ".crt")); |
| 87 std::vector<std::string> crl_ders; | 95 std::vector<std::string> crl_ders; |
| 88 for (const std::string& s : crl_names) | 96 for (const std::string& s : crl_names) |
| 89 crl_ders.push_back(net::ReadTestFileToString( | 97 crl_ders.push_back(net::ReadTestFileToString( |
| 90 "net/third_party/nist-pkits/crls/" + s + ".crl")); | 98 "net/third_party/nist-pkits/crls/" + s + ".crl")); |
| 91 PkitsTestDelegate::RunTest(cert_ders, crl_ders, info); | 99 |
| 100 base::StringPiece test_number = info.test_number; |
| 101 |
| 102 // Some of the PKITS tests are intentionally given different expectations |
| 103 // from PKITS.pdf. |
| 104 // |
| 105 // Expected to fail because DSA signatures are not supported: |
| 106 // |
| 107 // 4.1.4 - Valid DSA Signatures Test4 |
| 108 // 4.1.5 - Valid DSA Parameter Inheritance Test5 |
| 109 // |
| 110 // Expected to fail because Name constraints on rfc822Names are not |
| 111 // supported: |
| 112 // |
| 113 // 4.13.21 - Valid RFC822 nameConstraints Test21 |
| 114 // 4.13.23 - Valid RFC822 nameConstraints Test23 |
| 115 // 4.13.25 - Valid RFC822 nameConstraints Test25 |
| 116 // 4.13.27 - Valid DN and RFC822 nameConstraints Test27 |
| 117 // |
| 118 // Expected to fail because Name constraints on |
| 119 // uniformResourceIdentifiers are not supported: |
| 120 // |
| 121 // 4.13.34 - Valid URI nameConstraints Test34 |
| 122 // 4.13.36 - Valid URI nameConstraints Test36 |
| 123 if (test_number == "4.1.4" || test_number == "4.1.4" || |
| 124 test_number == "4.1.5" || test_number == "4.13.21" || |
| 125 test_number == "4.13.23" || test_number == "4.13.25" || |
| 126 test_number == "4.13.27" || test_number == "4.13.34" || |
| 127 test_number == "4.13.36") { |
| 128 PkitsTestInfo modified_info = info; |
| 129 modified_info.should_validate = false; |
| 130 PkitsTestDelegate::RunTest(cert_ders, crl_ders, modified_info); |
| 131 } else { |
| 132 PkitsTestDelegate::RunTest(cert_ders, crl_ders, info); |
| 133 } |
| 92 } | 134 } |
| 93 }; | 135 }; |
| 94 | 136 |
| 95 // Inline the generated test code: | 137 // Inline the generated test code: |
| 96 #include "net/third_party/nist-pkits/pkits_testcases-inl.h" | 138 #include "net/third_party/nist-pkits/pkits_testcases-inl.h" |
| 97 | 139 |
| 98 } // namespace net | 140 } // namespace net |
| 99 | 141 |
| 100 #endif // NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ | 142 #endif // NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2918913002:
Add path validation error expectations for PKITS tests. (Closed)
