OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
6 | 6 |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "net/cert/internal/cert_issuer_source_static.h" | 8 #include "net/cert/internal/cert_issuer_source_static.h" |
9 #include "net/cert/internal/parse_certificate.h" | 9 #include "net/cert/internal/parse_certificate.h" |
10 #include "net/cert/internal/parsed_certificate.h" | 10 #include "net/cert/internal/parsed_certificate.h" |
11 #include "net/cert/internal/signature_policy.h" | 11 #include "net/cert/internal/signature_policy.h" |
12 #include "net/cert/internal/trust_store_in_memory.h" | 12 #include "net/cert/internal/trust_store_in_memory.h" |
13 #include "net/cert/internal/verify_certificate_chain.h" | 13 #include "net/cert/internal/verify_certificate_chain.h" |
14 #include "net/der/input.h" | 14 #include "net/der/input.h" |
15 #include "third_party/boringssl/src/include/openssl/pool.h" | 15 #include "third_party/boringssl/src/include/openssl/pool.h" |
16 | 16 |
17 // Disable tests that require DSA signatures (DSA signatures are intentionally | |
18 // unsupported). Custom versions of the DSA tests are defined below which expect | |
19 // verification to fail. | |
20 #define Section1ValidDSASignaturesTest4 DISABLED_Section1ValidDSASignaturesTest4 | |
21 #define Section1ValidDSAParameterInheritanceTest5 \ | |
22 DISABLED_Section1ValidDSAParameterInheritanceTest5 | |
23 | |
24 // Disable tests that require name constraints with name types that are | |
25 // intentionally unsupported. Custom versions of the tests are defined below | |
26 // which expect verification to fail. | |
27 #define Section13ValidRFC822nameConstraintsTest21 \ | |
28 DISABLED_Section13ValidRFC822nameConstraintsTest21 | |
29 #define Section13ValidRFC822nameConstraintsTest23 \ | |
30 DISABLED_Section13ValidRFC822nameConstraintsTest23 | |
31 #define Section13ValidRFC822nameConstraintsTest25 \ | |
32 DISABLED_Section13ValidRFC822nameConstraintsTest25 | |
33 #define Section13ValidDNandRFC822nameConstraintsTest27 \ | |
34 DISABLED_Section13ValidDNandRFC822nameConstraintsTest27 | |
35 #define Section13ValidURInameConstraintsTest34 \ | |
36 DISABLED_Section13ValidURInameConstraintsTest34 | |
37 #define Section13ValidURInameConstraintsTest36 \ | |
38 DISABLED_Section13ValidURInameConstraintsTest36 | |
39 | 17 |
40 // TODO(mattm): these require CRL support: | 18 // TODO(mattm): these require CRL support: |
41 #define Section7InvalidkeyUsageCriticalcRLSignFalseTest4 \ | 19 #define Section7InvalidkeyUsageCriticalcRLSignFalseTest4 \ |
42 DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4 | 20 DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4 |
43 #define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \ | 21 #define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \ |
44 DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 | 22 DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 |
45 | 23 |
46 #include "net/cert/internal/nist_pkits_unittest.h" | 24 #include "net/cert/internal/nist_pkits_unittest.h" |
47 | 25 |
48 namespace net { | 26 namespace net { |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 | 72 |
95 if (result.HasValidPath()) { | 73 if (result.HasValidPath()) { |
96 EXPECT_EQ(info.user_constrained_policy_set, | 74 EXPECT_EQ(info.user_constrained_policy_set, |
97 result.GetBestValidPath()->user_constrained_policy_set); | 75 result.GetBestValidPath()->user_constrained_policy_set); |
98 } | 76 } |
99 } | 77 } |
100 }; | 78 }; |
101 | 79 |
102 } // namespace | 80 } // namespace |
103 | 81 |
104 class PkitsTest01SignatureVerificationCustomPathBuilderFoo | |
105 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; | |
106 | |
107 // Modified version of 4.1.4 Valid DSA Signatures Test4 | |
108 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, | |
109 Section1ValidDSASignaturesTest4Custom) { | |
110 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", | |
111 "ValidDSASignaturesTest4EE"}; | |
112 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"}; | |
113 // DSA signatures are intentionally unsupported. | |
114 PkitsTestInfo info; | |
115 info.should_validate = false; | |
116 | |
117 this->RunTest(certs, crls, info); | |
118 } | |
119 | |
120 // Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5 | |
121 TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo, | |
122 Section1ValidDSAParameterInheritanceTest5Custom) { | |
123 const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert", | |
124 "DSAParametersInheritedCACert", | |
125 "ValidDSAParameterInheritanceTest5EE"}; | |
126 const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL", | |
127 "DSAParametersInheritedCACRL"}; | |
128 // DSA signatures are intentionally unsupported. | |
129 PkitsTestInfo info; | |
130 info.should_validate = false; | |
131 | |
132 this->RunTest(certs, crls, info); | |
133 } | |
134 | |
135 class PkitsTest13SignatureVerificationCustomPathBuilderFoo | |
136 : public PkitsTest<PathBuilderPkitsTestDelegate> {}; | |
137 | |
138 // Modified version of 4.13.21 Valid RFC822 nameConstraints Test21 | |
139 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | |
140 Section13ValidRFC822nameConstraintsTest21Custom) { | |
141 const char* const certs[] = {"TrustAnchorRootCertificate", | |
142 "nameConstraintsRFC822CA1Cert", | |
143 "ValidRFC822nameConstraintsTest21EE"}; | |
144 const char* const crls[] = {"TrustAnchorRootCRL", | |
145 "nameConstraintsRFC822CA1CRL"}; | |
146 // Name constraints on rfc822Names are not supported. | |
147 PkitsTestInfo info; | |
148 info.should_validate = false; | |
149 | |
150 this->RunTest(certs, crls, info); | |
151 } | |
152 | |
153 // Modified version of 4.13.23 Valid RFC822 nameConstraints Test23 | |
154 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | |
155 Section13ValidRFC822nameConstraintsTest23Custom) { | |
156 const char* const certs[] = {"TrustAnchorRootCertificate", | |
157 "nameConstraintsRFC822CA2Cert", | |
158 "ValidRFC822nameConstraintsTest23EE"}; | |
159 const char* const crls[] = {"TrustAnchorRootCRL", | |
160 "nameConstraintsRFC822CA2CRL"}; | |
161 // Name constraints on rfc822Names are not supported. | |
162 PkitsTestInfo info; | |
163 info.should_validate = false; | |
164 | |
165 this->RunTest(certs, crls, info); | |
166 } | |
167 | |
168 // Modified version of 4.13.25 Valid RFC822 nameConstraints Test25 | |
169 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | |
170 Section13ValidRFC822nameConstraintsTest25Custom) { | |
171 const char* const certs[] = {"TrustAnchorRootCertificate", | |
172 "nameConstraintsRFC822CA3Cert", | |
173 "ValidRFC822nameConstraintsTest25EE"}; | |
174 const char* const crls[] = {"TrustAnchorRootCRL", | |
175 "nameConstraintsRFC822CA3CRL"}; | |
176 // Name constraints on rfc822Names are not supported. | |
177 PkitsTestInfo info; | |
178 info.should_validate = false; | |
179 | |
180 this->RunTest(certs, crls, info); | |
181 } | |
182 | |
183 // Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27 | |
184 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | |
185 Section13ValidDNandRFC822nameConstraintsTest27Custom) { | |
186 const char* const certs[] = {"TrustAnchorRootCertificate", | |
187 "nameConstraintsDN1CACert", | |
188 "nameConstraintsDN1subCA3Cert", | |
189 "ValidDNandRFC822nameConstraintsTest27EE"}; | |
190 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL", | |
191 "nameConstraintsDN1subCA3CRL"}; | |
192 // Name constraints on rfc822Names are not supported. | |
193 PkitsTestInfo info; | |
194 info.should_validate = false; | |
195 | |
196 this->RunTest(certs, crls, info); | |
197 } | |
198 | |
199 // Modified version of 4.13.34 Valid URI nameConstraints Test34 | |
200 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | |
201 Section13ValidURInameConstraintsTest34Custom) { | |
202 const char* const certs[] = {"TrustAnchorRootCertificate", | |
203 "nameConstraintsURI1CACert", | |
204 "ValidURInameConstraintsTest34EE"}; | |
205 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"}; | |
206 // Name constraints on uniformResourceIdentifiers are not supported. | |
207 PkitsTestInfo info; | |
208 info.should_validate = false; | |
209 | |
210 this->RunTest(certs, crls, info); | |
211 } | |
212 | |
213 // Modified version of 4.13.36 Valid URI nameConstraints Test36 | |
214 TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo, | |
215 Section13ValidURInameConstraintsTest36Custom) { | |
216 const char* const certs[] = {"TrustAnchorRootCertificate", | |
217 "nameConstraintsURI2CACert", | |
218 "ValidURInameConstraintsTest36EE"}; | |
219 const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"}; | |
220 // Name constraints on uniformResourceIdentifiers are not supported. | |
221 PkitsTestInfo info; | |
222 info.should_validate = false; | |
223 | |
224 this->RunTest(certs, crls, info); | |
225 } | |
226 | 82 |
227 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, | 83 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, |
228 PkitsTest01SignatureVerification, | 84 PkitsTest01SignatureVerification, |
229 PathBuilderPkitsTestDelegate); | 85 PathBuilderPkitsTestDelegate); |
230 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, | 86 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, |
231 PkitsTest02ValidityPeriods, | 87 PkitsTest02ValidityPeriods, |
232 PathBuilderPkitsTestDelegate); | 88 PathBuilderPkitsTestDelegate); |
233 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, | 89 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, |
234 PkitsTest03VerifyingNameChaining, | 90 PkitsTest03VerifyingNameChaining, |
235 PathBuilderPkitsTestDelegate); | 91 PathBuilderPkitsTestDelegate); |
(...skipping 23 matching lines...) Expand all Loading... |
259 PathBuilderPkitsTestDelegate); | 115 PathBuilderPkitsTestDelegate); |
260 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, | 116 INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder, |
261 PkitsTest16PrivateCertificateExtensions, | 117 PkitsTest16PrivateCertificateExtensions, |
262 PathBuilderPkitsTestDelegate); | 118 PathBuilderPkitsTestDelegate); |
263 | 119 |
264 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, | 120 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, |
265 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, | 121 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, |
266 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs | 122 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs |
267 | 123 |
268 } // namespace net | 124 } // namespace net |
OLD | NEW |