| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/certificate_policies.h" | 5 #include "net/cert/internal/certificate_policies.h" |
| 6 | 6 |
| 7 #include "net/cert/internal/test_helpers.h" | 7 #include "net/cert/internal/test_helpers.h" |
| 8 #include "net/der/input.h" | 8 #include "net/der/input.h" |
| 9 #include "net/der/parser.h" | 9 #include "net/der/parser.h" |
| 10 #include "testing/gtest/include/gtest/gtest.h" | 10 #include "testing/gtest/include/gtest/gtest.h" |
| 11 | 11 |
| 12 namespace net { | 12 namespace net { |
| 13 namespace { | 13 namespace { |
| 14 | 14 |
| 15 ::testing::AssertionResult LoadTestData(const std::string& name, | 15 ::testing::AssertionResult LoadTestData(const std::string& name, |
| 16 std::string* result) { | 16 std::string* result) { |
| 17 std::string path = "net/data/certificate_policies_unittest/" + name; | 17 std::string path = "net/data/certificate_policies_unittest/" + name; |
| 18 | 18 |
| 19 const PemBlockMapping mappings[] = { | 19 const PemBlockMapping mappings[] = { |
| 20 {"CERTIFICATE POLICIES", result}, | 20 {"CERTIFICATE POLICIES", result}, |
| 21 }; | 21 }; |
| 22 | 22 |
| 23 return ReadTestDataFromPemFile(path, mappings); | 23 return ReadTestDataFromPemFile(path, mappings); |
| 24 } | 24 } |
| 25 | 25 |
| 26 const uint8_t policy_1_2_3_der[] = {0x2A, 0x03}; | 26 const uint8_t policy_1_2_3_der[] = {0x2A, 0x03}; |
| 27 const uint8_t policy_1_2_4_der[] = {0x2A, 0x04}; | 27 const uint8_t policy_1_2_4_der[] = {0x2A, 0x04}; |
| 28 | 28 |
| 29 } // namespace | 29 class ParseCertificatePoliciesExtensionTest |
| 30 : public testing::TestWithParam<bool> { |
| 31 protected: |
| 32 bool fail_parsing_unknown_qualifier_oids() const { return GetParam(); } |
| 33 }; |
| 30 | 34 |
| 31 TEST(ParseCertificatePoliciesTest, InvalidEmpty) { | 35 // Run the tests with all possible values for |
| 36 // |fail_parsing_unknown_qualifier_oids|. |
| 37 INSTANTIATE_TEST_CASE_P(, |
| 38 ParseCertificatePoliciesExtensionTest, |
| 39 testing::Bool()); |
| 40 |
| 41 TEST_P(ParseCertificatePoliciesExtensionTest, InvalidEmpty) { |
| 32 std::string der; | 42 std::string der; |
| 33 ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der)); | 43 ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der)); |
| 34 std::vector<der::Input> policies; | 44 std::vector<der::Input> policies; |
| 35 EXPECT_FALSE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 45 EXPECT_FALSE(ParseCertificatePoliciesExtension( |
| 46 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 36 } | 47 } |
| 37 | 48 |
| 38 TEST(ParseCertificatePoliciesTest, InvalidIdentifierNotOid) { | 49 TEST_P(ParseCertificatePoliciesExtensionTest, InvalidIdentifierNotOid) { |
| 39 std::string der; | 50 std::string der; |
| 40 ASSERT_TRUE(LoadTestData("invalid-policy_identifier_not_oid.pem", &der)); | 51 ASSERT_TRUE(LoadTestData("invalid-policy_identifier_not_oid.pem", &der)); |
| 41 std::vector<der::Input> policies; | 52 std::vector<der::Input> policies; |
| 42 EXPECT_FALSE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 53 EXPECT_FALSE(ParseCertificatePoliciesExtension( |
| 54 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 43 } | 55 } |
| 44 | 56 |
| 45 TEST(ParseCertificatePoliciesTest, AnyPolicy) { | 57 TEST_P(ParseCertificatePoliciesExtensionTest, AnyPolicy) { |
| 46 std::string der; | 58 std::string der; |
| 47 ASSERT_TRUE(LoadTestData("anypolicy.pem", &der)); | 59 ASSERT_TRUE(LoadTestData("anypolicy.pem", &der)); |
| 48 std::vector<der::Input> policies; | 60 std::vector<der::Input> policies; |
| 49 EXPECT_TRUE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 61 EXPECT_TRUE(ParseCertificatePoliciesExtension( |
| 62 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 50 ASSERT_EQ(1U, policies.size()); | 63 ASSERT_EQ(1U, policies.size()); |
| 51 EXPECT_EQ(AnyPolicy(), policies[0]); | 64 EXPECT_EQ(AnyPolicy(), policies[0]); |
| 52 } | 65 } |
| 53 | 66 |
| 54 TEST(ParseCertificatePoliciesTest, AnyPolicyWithQualifier) { | 67 TEST_P(ParseCertificatePoliciesExtensionTest, AnyPolicyWithQualifier) { |
| 55 std::string der; | 68 std::string der; |
| 56 ASSERT_TRUE(LoadTestData("anypolicy_with_qualifier.pem", &der)); | 69 ASSERT_TRUE(LoadTestData("anypolicy_with_qualifier.pem", &der)); |
| 57 std::vector<der::Input> policies; | 70 std::vector<der::Input> policies; |
| 58 EXPECT_TRUE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 71 EXPECT_TRUE(ParseCertificatePoliciesExtension( |
| 72 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 59 ASSERT_EQ(1U, policies.size()); | 73 ASSERT_EQ(1U, policies.size()); |
| 60 EXPECT_EQ(AnyPolicy(), policies[0]); | 74 EXPECT_EQ(AnyPolicy(), policies[0]); |
| 61 } | 75 } |
| 62 | 76 |
| 63 TEST(ParseCertificatePoliciesTest, InvalidAnyPolicyWithCustomQualifier) { | 77 TEST_P(ParseCertificatePoliciesExtensionTest, |
| 78 InvalidAnyPolicyWithCustomQualifier) { |
| 64 std::string der; | 79 std::string der; |
| 65 ASSERT_TRUE( | 80 ASSERT_TRUE( |
| 66 LoadTestData("invalid-anypolicy_with_custom_qualifier.pem", &der)); | 81 LoadTestData("invalid-anypolicy_with_custom_qualifier.pem", &der)); |
| 67 std::vector<der::Input> policies; | 82 std::vector<der::Input> policies; |
| 68 EXPECT_FALSE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 83 EXPECT_FALSE(ParseCertificatePoliciesExtension( |
| 84 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 69 } | 85 } |
| 70 | 86 |
| 71 TEST(ParseCertificatePoliciesTest, OnePolicy) { | 87 TEST_P(ParseCertificatePoliciesExtensionTest, OnePolicy) { |
| 72 std::string der; | 88 std::string der; |
| 73 ASSERT_TRUE(LoadTestData("policy_1_2_3.pem", &der)); | 89 ASSERT_TRUE(LoadTestData("policy_1_2_3.pem", &der)); |
| 74 std::vector<der::Input> policies; | 90 std::vector<der::Input> policies; |
| 75 EXPECT_TRUE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 91 EXPECT_TRUE(ParseCertificatePoliciesExtension( |
| 92 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 76 ASSERT_EQ(1U, policies.size()); | 93 ASSERT_EQ(1U, policies.size()); |
| 77 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); | 94 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); |
| 78 } | 95 } |
| 79 | 96 |
| 80 TEST(ParseCertificatePoliciesTest, OnePolicyWithQualifier) { | 97 TEST_P(ParseCertificatePoliciesExtensionTest, OnePolicyWithQualifier) { |
| 81 std::string der; | 98 std::string der; |
| 82 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_qualifier.pem", &der)); | 99 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_qualifier.pem", &der)); |
| 83 std::vector<der::Input> policies; | 100 std::vector<der::Input> policies; |
| 84 EXPECT_TRUE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 101 EXPECT_TRUE(ParseCertificatePoliciesExtension( |
| 102 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 85 ASSERT_EQ(1U, policies.size()); | 103 ASSERT_EQ(1U, policies.size()); |
| 86 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); | 104 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); |
| 87 } | 105 } |
| 88 | 106 |
| 89 TEST(ParseCertificatePoliciesTest, OnePolicyWithCustomQualifier) { | 107 TEST_P(ParseCertificatePoliciesExtensionTest, OnePolicyWithCustomQualifier) { |
| 90 std::string der; | 108 std::string der; |
| 91 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der)); | 109 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der)); |
| 92 std::vector<der::Input> policies; | 110 std::vector<der::Input> policies; |
| 93 EXPECT_TRUE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 111 bool result = ParseCertificatePoliciesExtension( |
| 94 ASSERT_EQ(1U, policies.size()); | 112 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies); |
| 95 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); | 113 |
| 114 if (fail_parsing_unknown_qualifier_oids()) { |
| 115 EXPECT_FALSE(result); |
| 116 } else { |
| 117 EXPECT_TRUE(result); |
| 118 ASSERT_EQ(1U, policies.size()); |
| 119 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); |
| 120 } |
| 96 } | 121 } |
| 97 | 122 |
| 98 TEST(ParseCertificatePoliciesTest, InvalidPolicyWithDuplicatePolicyOid) { | 123 TEST_P(ParseCertificatePoliciesExtensionTest, |
| 124 InvalidPolicyWithDuplicatePolicyOid) { |
| 99 std::string der; | 125 std::string der; |
| 100 ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der)); | 126 ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der)); |
| 101 std::vector<der::Input> policies; | 127 std::vector<der::Input> policies; |
| 102 EXPECT_FALSE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 128 EXPECT_FALSE(ParseCertificatePoliciesExtension( |
| 129 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 103 } | 130 } |
| 104 | 131 |
| 105 TEST(ParseCertificatePoliciesTest, InvalidPolicyWithEmptyQualifiersSequence) { | 132 TEST_P(ParseCertificatePoliciesExtensionTest, |
| 133 InvalidPolicyWithEmptyQualifiersSequence) { |
| 106 std::string der; | 134 std::string der; |
| 107 ASSERT_TRUE(LoadTestData( | 135 ASSERT_TRUE(LoadTestData( |
| 108 "invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem", &der)); | 136 "invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem", &der)); |
| 109 std::vector<der::Input> policies; | 137 std::vector<der::Input> policies; |
| 110 EXPECT_FALSE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 138 EXPECT_FALSE(ParseCertificatePoliciesExtension( |
| 139 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 111 } | 140 } |
| 112 | 141 |
| 113 TEST(ParseCertificatePoliciesTest, InvalidPolicyInformationHasUnconsumedData) { | 142 TEST_P(ParseCertificatePoliciesExtensionTest, |
| 143 InvalidPolicyInformationHasUnconsumedData) { |
| 114 std::string der; | 144 std::string der; |
| 115 ASSERT_TRUE(LoadTestData( | 145 ASSERT_TRUE(LoadTestData( |
| 116 "invalid-policy_1_2_3_policyinformation_unconsumed_data.pem", &der)); | 146 "invalid-policy_1_2_3_policyinformation_unconsumed_data.pem", &der)); |
| 117 std::vector<der::Input> policies; | 147 std::vector<der::Input> policies; |
| 118 EXPECT_FALSE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 148 EXPECT_FALSE(ParseCertificatePoliciesExtension( |
| 149 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 119 } | 150 } |
| 120 | 151 |
| 121 TEST(ParseCertificatePoliciesTest, | 152 TEST_P(ParseCertificatePoliciesExtensionTest, |
| 122 InvalidPolicyQualifierInfoHasUnconsumedData) { | 153 InvalidPolicyQualifierInfoHasUnconsumedData) { |
| 123 std::string der; | 154 std::string der; |
| 124 ASSERT_TRUE(LoadTestData( | 155 ASSERT_TRUE(LoadTestData( |
| 125 "invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem", &der)); | 156 "invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem", &der)); |
| 126 std::vector<der::Input> policies; | 157 std::vector<der::Input> policies; |
| 127 EXPECT_FALSE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 158 EXPECT_FALSE(ParseCertificatePoliciesExtension( |
| 159 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 128 } | 160 } |
| 129 | 161 |
| 130 TEST(ParseCertificatePoliciesTest, TwoPolicies) { | 162 TEST_P(ParseCertificatePoliciesExtensionTest, TwoPolicies) { |
| 131 std::string der; | 163 std::string der; |
| 132 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der)); | 164 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der)); |
| 133 std::vector<der::Input> policies; | 165 std::vector<der::Input> policies; |
| 134 EXPECT_TRUE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 166 EXPECT_TRUE(ParseCertificatePoliciesExtension( |
| 167 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 135 ASSERT_EQ(2U, policies.size()); | 168 ASSERT_EQ(2U, policies.size()); |
| 136 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); | 169 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); |
| 137 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]); | 170 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]); |
| 138 } | 171 } |
| 139 | 172 |
| 140 TEST(ParseCertificatePoliciesTest, TwoPoliciesWithQualifiers) { | 173 TEST_P(ParseCertificatePoliciesExtensionTest, TwoPoliciesWithQualifiers) { |
| 141 std::string der; | 174 std::string der; |
| 142 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der)); | 175 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der)); |
| 143 std::vector<der::Input> policies; | 176 std::vector<der::Input> policies; |
| 144 EXPECT_TRUE(ParseCertificatePoliciesExtension(der::Input(&der), &policies)); | 177 EXPECT_TRUE(ParseCertificatePoliciesExtension( |
| 178 der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies)); |
| 145 ASSERT_EQ(2U, policies.size()); | 179 ASSERT_EQ(2U, policies.size()); |
| 146 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); | 180 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]); |
| 147 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]); | 181 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]); |
| 148 } | 182 } |
| 149 | 183 |
| 150 // NOTE: The tests for ParseCertificatePolicies() are part of | 184 // NOTE: The tests for ParseCertificatePolicies() are part of |
| 151 // parsed_certificate_unittest.cc | 185 // parsed_certificate_unittest.cc |
| 152 | 186 |
| 153 // NOTE: The tests for ParseInhibitAnyPolicy() are part of | 187 // NOTE: The tests for ParseInhibitAnyPolicy() are part of |
| 154 // parsed_certificate_unittest.cc | 188 // parsed_certificate_unittest.cc |
| 155 | 189 |
| 190 } // namespace |
| 156 } // namespace net | 191 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2923903002:
Reject certificates that contain unknown policy qualifiers if the (Closed)
