summaryrefslogtreecommitdiff
path: root/chromium/net/cert/pki/certificate_policies_unittest.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/cert/pki/certificate_policies_unittest.cc')
-rw-r--r--chromium/net/cert/pki/certificate_policies_unittest.cc313
1 files changed, 313 insertions, 0 deletions
diff --git a/chromium/net/cert/pki/certificate_policies_unittest.cc b/chromium/net/cert/pki/certificate_policies_unittest.cc
new file mode 100644
index 00000000000..b38aff49a73
--- /dev/null
+++ b/chromium/net/cert/pki/certificate_policies_unittest.cc
@@ -0,0 +1,313 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/pki/certificate_policies.h"
+
+#include "net/cert/pki/test_helpers.h"
+#include "net/der/input.h"
+#include "net/der/parser.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+namespace {
+
+::testing::AssertionResult LoadTestData(const std::string& name,
+ std::string* result) {
+ std::string path = "net/data/certificate_policies_unittest/" + name;
+
+ const PemBlockMapping mappings[] = {
+ {"CERTIFICATE POLICIES", result},
+ };
+
+ return ReadTestDataFromPemFile(path, mappings);
+}
+
+const uint8_t policy_1_2_3_der[] = {0x2A, 0x03};
+const uint8_t policy_1_2_4_der[] = {0x2A, 0x04};
+
+class ParseCertificatePoliciesExtensionOidsTest
+ : public testing::TestWithParam<bool> {
+ protected:
+ bool fail_parsing_unknown_qualifier_oids() const { return GetParam(); }
+};
+
+// Run the tests with all possible values for
+// |fail_parsing_unknown_qualifier_oids|.
+INSTANTIATE_TEST_SUITE_P(All,
+ ParseCertificatePoliciesExtensionOidsTest,
+ testing::Bool());
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidEmpty) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidIdentifierNotOid) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("invalid-policy_identifier_not_oid.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicy) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("anypolicy.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+ ASSERT_EQ(1U, policies.size());
+ EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]);
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicyWithQualifier) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("anypolicy_with_qualifier.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+ ASSERT_EQ(1U, policies.size());
+ EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]);
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest,
+ InvalidAnyPolicyWithCustomQualifier) {
+ std::string der;
+ ASSERT_TRUE(
+ LoadTestData("invalid-anypolicy_with_custom_qualifier.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicy) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+ ASSERT_EQ(1U, policies.size());
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicyWithQualifier) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3_with_qualifier.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+ ASSERT_EQ(1U, policies.size());
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest,
+ OnePolicyWithCustomQualifier) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ bool result = ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors);
+
+ if (fail_parsing_unknown_qualifier_oids()) {
+ EXPECT_FALSE(result);
+ } else {
+ EXPECT_TRUE(result);
+ ASSERT_EQ(1U, policies.size());
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
+ }
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest,
+ InvalidPolicyWithDuplicatePolicyOid) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest,
+ InvalidPolicyWithEmptyQualifiersSequence) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData(
+ "invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest,
+ InvalidPolicyInformationHasUnconsumedData) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData(
+ "invalid-policy_1_2_3_policyinformation_unconsumed_data.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest,
+ InvalidPolicyQualifierInfoHasUnconsumedData) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData(
+ "invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPolicies) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+ ASSERT_EQ(2U, policies.size());
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
+ EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]);
+}
+
+TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPoliciesWithQualifiers) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der));
+ std::vector<der::Input> policies;
+ CertErrors errors;
+ EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
+ der::Input(&der), fail_parsing_unknown_qualifier_oids(), &policies,
+ &errors));
+ ASSERT_EQ(2U, policies.size());
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
+ EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]);
+}
+
+TEST(ParseCertificatePoliciesExtensionTest, InvalidEmpty) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der));
+ std::vector<PolicyInformation> policies;
+ CertErrors errors;
+ EXPECT_FALSE(
+ ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors));
+}
+
+TEST(ParseCertificatePoliciesExtensionTest,
+ InvalidPolicyWithDuplicatePolicyOid) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der));
+ std::vector<PolicyInformation> policies;
+ CertErrors errors;
+ EXPECT_FALSE(
+ ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors));
+}
+
+TEST(ParseCertificatePoliciesExtensionTest, OnePolicyWithCustomQualifier) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der));
+ std::vector<PolicyInformation> policies;
+ CertErrors errors;
+ EXPECT_TRUE(
+ ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors));
+ ASSERT_EQ(1U, policies.size());
+ PolicyInformation& policy = policies[0];
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
+
+ ASSERT_EQ(1U, policy.policy_qualifiers.size());
+ PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0];
+ // 1.2.3.4
+ const uint8_t kExpectedQualifierOid[] = {0x2a, 0x03, 0x04};
+ EXPECT_EQ(der::Input(kExpectedQualifierOid), qualifier.qualifier_oid);
+ // UTF8String { "hi" }
+ const uint8_t kExpectedQualifier[] = {0x0c, 0x02, 0x68, 0x69};
+ EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
+}
+
+TEST(ParseCertificatePoliciesExtensionTest, TwoPolicies) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der));
+ std::vector<PolicyInformation> policies;
+ CertErrors errors;
+ EXPECT_TRUE(
+ ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors));
+ ASSERT_EQ(2U, policies.size());
+ {
+ PolicyInformation& policy = policies[0];
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
+ EXPECT_EQ(0U, policy.policy_qualifiers.size());
+ }
+ {
+ PolicyInformation& policy = policies[1];
+ EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid);
+ EXPECT_EQ(0U, policy.policy_qualifiers.size());
+ }
+}
+
+TEST(ParseCertificatePoliciesExtensionTest, TwoPoliciesWithQualifiers) {
+ std::string der;
+ ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der));
+ std::vector<PolicyInformation> policies;
+ CertErrors errors;
+ EXPECT_TRUE(
+ ParseCertificatePoliciesExtension(der::Input(&der), &policies, &errors));
+ ASSERT_EQ(2U, policies.size());
+ {
+ PolicyInformation& policy = policies[0];
+ EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
+ ASSERT_EQ(1U, policy.policy_qualifiers.size());
+ PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0];
+ EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid);
+ // IA5String { "https://example.com/1_2_3" }
+ const uint8_t kExpectedQualifier[] = {
+ 0x16, 0x19, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f,
+ 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
+ 0x63, 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x33};
+ EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
+ }
+ {
+ PolicyInformation& policy = policies[1];
+ EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid);
+ ASSERT_EQ(1U, policy.policy_qualifiers.size());
+ PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0];
+ EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid);
+ // IA5String { "http://example.com/1_2_4" }
+ const uint8_t kExpectedQualifier[] = {
+ 0x16, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
+ 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
+ 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x34};
+ EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
+ }
+}
+
+// NOTE: The tests for ParseInhibitAnyPolicy() are part of
+// parsed_certificate_unittest.cc
+
+} // namespace
+} // namespace net
View Lorry Controller Status