OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ | 5 #ifndef NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ |
6 #define NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ | 6 #define NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ |
7 | 7 |
8 #include <set> | 8 #include <set> |
9 | 9 |
10 #include "net/cert/internal/test_helpers.h" | 10 #include "net/cert/internal/test_helpers.h" |
11 #include "net/der/parse_values.h" | 11 #include "net/der/parse_values.h" |
12 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
13 | 13 |
14 namespace net { | 14 namespace net { |
15 | 15 |
16 // Describes the inputs and outputs (other than the certificates) for | 16 // Describes the inputs and outputs (other than the certificates) for |
17 // the PKITS tests. | 17 // the PKITS tests. |
18 struct PkitsTestInfo { | 18 struct PkitsTestInfo { |
19 // Default construction results in the "default settings". | 19 // Default construction results in the "default settings". |
20 PkitsTestInfo(); | 20 PkitsTestInfo(); |
| 21 PkitsTestInfo(const PkitsTestInfo& other); |
21 ~PkitsTestInfo(); | 22 ~PkitsTestInfo(); |
22 | 23 |
23 // Sets |initial_policy_set| to the specified policies. The | 24 // Sets |initial_policy_set| to the specified policies. The |
24 // policies are described as comma-separated symbolic strings like | 25 // policies are described as comma-separated symbolic strings like |
25 // "anyPolicy" and "NIST-test-policy-1". | 26 // "anyPolicy" and "NIST-test-policy-1". |
26 // | 27 // |
27 // If this isn't called, the default is "anyPolicy". | 28 // If this isn't called, the default is "anyPolicy". |
28 void SetInitialPolicySet(const char* const policy_names); | 29 void SetInitialPolicySet(const char* const policy_names); |
29 | 30 |
30 // Sets |user_constrained_policy_set| to the specified policies. The | 31 // Sets |user_constrained_policy_set| to the specified policies. The |
31 // policies are described as comma-separated symbolic strings like | 32 // policies are described as comma-separated symbolic strings like |
32 // "anyPolicy" and "NIST-test-policy-1". | 33 // "anyPolicy" and "NIST-test-policy-1". |
33 // | 34 // |
34 // If this isn't called, the default is "NIST-test-policy-1". | 35 // If this isn't called, the default is "NIST-test-policy-1". |
35 void SetUserConstrainedPolicySet(const char* const policy_names); | 36 void SetUserConstrainedPolicySet(const char* const policy_names); |
36 | 37 |
37 void SetInitialExplicitPolicy(bool b); | 38 void SetInitialExplicitPolicy(bool b); |
38 void SetInitialPolicyMappingInhibit(bool b); | 39 void SetInitialPolicyMappingInhibit(bool b); |
39 void SetInitialInhibitAnyPolicy(bool b); | 40 void SetInitialInhibitAnyPolicy(bool b); |
40 | 41 |
41 // ---------------- | 42 // ---------------- |
| 43 // Info |
| 44 // ---------------- |
| 45 |
| 46 // The PKITS test number. For example, "4.1.1". |
| 47 const char* test_number = nullptr; |
| 48 |
| 49 // ---------------- |
42 // Inputs | 50 // Inputs |
43 // ---------------- | 51 // ---------------- |
44 | 52 |
45 // A set of policy OIDs to use for "initial-policy-set". | 53 // A set of policy OIDs to use for "initial-policy-set". |
46 std::set<der::Input> initial_policy_set; | 54 std::set<der::Input> initial_policy_set; |
47 | 55 |
48 // The value of "initial-explicit-policy". | 56 // The value of "initial-explicit-policy". |
49 InitialExplicitPolicy initial_explicit_policy = InitialExplicitPolicy::kFalse; | 57 InitialExplicitPolicy initial_explicit_policy = InitialExplicitPolicy::kFalse; |
50 | 58 |
51 // The value of "initial-policy-mapping-inhibit". | 59 // The value of "initial-policy-mapping-inhibit". |
(...skipping 29 matching lines...) Expand all Loading... |
81 const char* const (&crl_names)[num_crls], | 89 const char* const (&crl_names)[num_crls], |
82 const PkitsTestInfo& info) { | 90 const PkitsTestInfo& info) { |
83 std::vector<std::string> cert_ders; | 91 std::vector<std::string> cert_ders; |
84 for (const std::string& s : cert_names) | 92 for (const std::string& s : cert_names) |
85 cert_ders.push_back(net::ReadTestFileToString( | 93 cert_ders.push_back(net::ReadTestFileToString( |
86 "net/third_party/nist-pkits/certs/" + s + ".crt")); | 94 "net/third_party/nist-pkits/certs/" + s + ".crt")); |
87 std::vector<std::string> crl_ders; | 95 std::vector<std::string> crl_ders; |
88 for (const std::string& s : crl_names) | 96 for (const std::string& s : crl_names) |
89 crl_ders.push_back(net::ReadTestFileToString( | 97 crl_ders.push_back(net::ReadTestFileToString( |
90 "net/third_party/nist-pkits/crls/" + s + ".crl")); | 98 "net/third_party/nist-pkits/crls/" + s + ".crl")); |
91 PkitsTestDelegate::RunTest(cert_ders, crl_ders, info); | 99 |
| 100 base::StringPiece test_number = info.test_number; |
| 101 |
| 102 // Some of the PKITS tests are intentionally given different expectations |
| 103 // from PKITS.pdf. |
| 104 // |
| 105 // Expected to fail because DSA signatures are not supported: |
| 106 // |
| 107 // 4.1.4 - Valid DSA Signatures Test4 |
| 108 // 4.1.5 - Valid DSA Parameter Inheritance Test5 |
| 109 // |
| 110 // Expected to fail because Name constraints on rfc822Names are not |
| 111 // supported: |
| 112 // |
| 113 // 4.13.21 - Valid RFC822 nameConstraints Test21 |
| 114 // 4.13.23 - Valid RFC822 nameConstraints Test23 |
| 115 // 4.13.25 - Valid RFC822 nameConstraints Test25 |
| 116 // 4.13.27 - Valid DN and RFC822 nameConstraints Test27 |
| 117 // |
| 118 // Expected to fail because Name constraints on |
| 119 // uniformResourceIdentifiers are not supported: |
| 120 // |
| 121 // 4.13.34 - Valid URI nameConstraints Test34 |
| 122 // 4.13.36 - Valid URI nameConstraints Test36 |
| 123 if (test_number == "4.1.4" || test_number == "4.1.4" || |
| 124 test_number == "4.1.5" || test_number == "4.13.21" || |
| 125 test_number == "4.13.23" || test_number == "4.13.25" || |
| 126 test_number == "4.13.27" || test_number == "4.13.34" || |
| 127 test_number == "4.13.36") { |
| 128 PkitsTestInfo modified_info = info; |
| 129 modified_info.should_validate = false; |
| 130 PkitsTestDelegate::RunTest(cert_ders, crl_ders, modified_info); |
| 131 } else { |
| 132 PkitsTestDelegate::RunTest(cert_ders, crl_ders, info); |
| 133 } |
92 } | 134 } |
93 }; | 135 }; |
94 | 136 |
95 // Inline the generated test code: | 137 // Inline the generated test code: |
96 #include "net/third_party/nist-pkits/pkits_testcases-inl.h" | 138 #include "net/third_party/nist-pkits/pkits_testcases-inl.h" |
97 | 139 |
98 } // namespace net | 140 } // namespace net |
99 | 141 |
100 #endif // NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ | 142 #endif // NET_CERT_INTERNAL_NIST_PKITS_UNITTEST_H_ |
OLD | NEW |