// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "parse_certificate.h" #include <gtest/gtest.h> #include <openssl/pool.h> #include "cert_errors.h" #include "general_names.h" #include "input.h" #include "parsed_certificate.h" #include "test_helpers.h" BSSL_NAMESPACE_BEGIN namespace { // Pretty-prints a GeneralizedTime as a human-readable string for use in test // expectations (it is more readable to specify the expected results as a // string). std::string ToString(const der::GeneralizedTime &time) { … } std::string GetFilePath(const std::string &file_name) { … } // Loads certificate data and expectations from the PEM file |file_name|. // Verifies that parsing the Certificate matches expectations: // * If expected to fail, emits the expected errors // * If expected to succeeds, the parsed fields match expectations void RunCertificateTest(const std::string &file_name) { … } // Tests parsing a Certificate. TEST(ParseCertificateTest, Version3) { … } // Tests parsing a simplified Certificate-like structure (the sub-fields for // algorithm and tbsCertificate are not actually valid, but ParseCertificate() // doesn't check them) TEST(ParseCertificateTest, Skeleton) { … } // Tests parsing a Certificate that is not a sequence fails. TEST(ParseCertificateTest, NotSequence) { … } // Tests that uncomsumed data is not allowed after the main SEQUENCE. TEST(ParseCertificateTest, DataAfterSignature) { … } // Tests that parsing fails if the signature BIT STRING is missing. TEST(ParseCertificateTest, MissingSignature) { … } // Tests that parsing fails if the signature is present but not a BIT STRING. TEST(ParseCertificateTest, SignatureNotBitString) { … } // Tests that parsing fails if the main SEQUENCE is empty (missing all the // fields). TEST(ParseCertificateTest, EmptySequence) { … } // Tests what happens when the signature algorithm is present, but has the wrong // tag. TEST(ParseCertificateTest, AlgorithmNotSequence) { … } // Loads tbsCertificate data and expectations from the PEM file |file_name|. // Verifies that parsing the TBSCertificate succeeds, and each parsed field // matches the expectations. // // TODO(eroman): Get rid of the |expected_version| parameter -- this should be // encoded in the test expectations file. void RunTbsCertificateTestGivenVersion(const std::string &file_name, CertificateVersion expected_version) { … } void RunTbsCertificateTest(const std::string &file_name) { … } // Tests parsing a TBSCertificate for v3 that contains no optional fields. TEST(ParseTbsCertificateTest, Version3NoOptionals) { … } // Tests parsing a TBSCertificate for v3 that contains extensions. TEST(ParseTbsCertificateTest, Version3WithExtensions) { … } // Tests parsing a TBSCertificate which lacks a version number (causing it to // default to v1). TEST(ParseTbsCertificateTest, Version1) { … } // The version was set to v1 explicitly rather than omitting the version field. TEST(ParseTbsCertificateTest, ExplicitVersion1) { … } // Extensions are not defined in version 1. TEST(ParseTbsCertificateTest, Version1WithExtensions) { … } // Extensions are not defined in version 2. TEST(ParseTbsCertificateTest, Version2WithExtensions) { … } // A boring version 2 certificate with none of the optional fields. TEST(ParseTbsCertificateTest, Version2NoOptionals) { … } // A version 2 certificate with an issuer unique ID field. TEST(ParseTbsCertificateTest, Version2IssuerUniqueId) { … } // A version 2 certificate with both a issuer and subject unique ID field. TEST(ParseTbsCertificateTest, Version2IssuerAndSubjectUniqueId) { … } // A version 3 certificate with all of the optional fields (issuer unique id, // subject unique id, and extensions). TEST(ParseTbsCertificateTest, Version3AllOptionals) { … } // The version was set to v4, which is unrecognized. TEST(ParseTbsCertificateTest, Version4) { … } // Tests that extraneous data after extensions in a v3 is rejected. TEST(ParseTbsCertificateTest, Version3DataAfterExtensions) { … } // Tests using a real-world certificate (whereas the other tests are fabricated // (and in fact invalid) data. TEST(ParseTbsCertificateTest, Version3Real) { … } // Parses a TBSCertificate whose "validity" field expresses both notBefore // and notAfter using UTCTime. TEST(ParseTbsCertificateTest, ValidityBothUtcTime) { … } // Parses a TBSCertificate whose "validity" field expresses both notBefore // and notAfter using GeneralizedTime. TEST(ParseTbsCertificateTest, ValidityBothGeneralizedTime) { … } // Parses a TBSCertificate whose "validity" field expresses notBefore using // UTCTime and notAfter using GeneralizedTime. TEST(ParseTbsCertificateTest, ValidityUTCTimeAndGeneralizedTime) { … } // Parses a TBSCertificate whose validity" field expresses notBefore using // GeneralizedTime and notAfter using UTCTime. Also of interest, notBefore > // notAfter. Parsing will succeed, however no time can satisfy this constraint. TEST(ParseTbsCertificateTest, ValidityGeneralizedTimeAndUTCTime) { … } // Parses a TBSCertificate whose "validity" field does not strictly follow // the DER rules (and fails to be parsed). TEST(ParseTbsCertificateTest, ValidityRelaxed) { … } // Parses a KeyUsage with a single 0 bit. TEST(ParseKeyUsageTest, OneBitAllZeros) { … } // Parses a KeyUsage with 32 bits that are all 0. TEST(ParseKeyUsageTest, 32BitsAllZeros) { … } // Parses a KeyUsage with 32 bits, one of which is 1 (but not in recognized // set). TEST(ParseKeyUsageTest, 32BitsOneSet) { … } // Parses a KeyUsage containing bit string 101. TEST(ParseKeyUsageTest, ThreeBits) { … } // Parses a KeyUsage containing DECIPHER_ONLY, which is the // only bit that doesn't fit in the first byte. TEST(ParseKeyUsageTest, DecipherOnly) { … } // Parses an empty KeyUsage. TEST(ParseKeyUsageTest, Empty) { … } TEST(ParseAuthorityInfoAccess, BasicTests) { … } TEST(ParseAuthorityInfoAccess, NoOcspOrCaIssuersURIs) { … } TEST(ParseAuthorityInfoAccess, IncompleteAccessDescription) { … } TEST(ParseAuthorityInfoAccess, ExtraDataInAccessDescription) { … } TEST(ParseAuthorityInfoAccess, EmptySequence) { … } // Test fixture for testing ParseCrlDistributionPoints. // // Test data is encoded in certificate files. This fixture is responsible for // reading and parsing the certificates to get at the extension under test. class ParseCrlDistributionPointsTest : public ::testing::Test { … }; TEST_F(ParseCrlDistributionPointsTest, OneUriNoIssuer) { … } TEST_F(ParseCrlDistributionPointsTest, ThreeUrisNoIssuer) { … } TEST_F(ParseCrlDistributionPointsTest, CrlIssuerAsDirname) { … } TEST_F(ParseCrlDistributionPointsTest, FullnameAsDirname) { … } TEST_F(ParseCrlDistributionPointsTest, RelativeNameAndReasonsAndMultipleDPs) { … } TEST_F(ParseCrlDistributionPointsTest, NoDistributionPointName) { … } TEST_F(ParseCrlDistributionPointsTest, OnlyReasons) { … } TEST_F(ParseCrlDistributionPointsTest, EmptyDistributionPoint) { … } TEST_F(ParseCrlDistributionPointsTest, EmptyDistributionPoints) { … } bool ParseAuthorityKeyIdentifierTestData( const char *file_name, std::string *backing_bytes, ParsedAuthorityKeyIdentifier *authority_key_identifier) { … } TEST(ParseAuthorityKeyIdentifierTest, EmptyInput) { … } TEST(ParseAuthorityKeyIdentifierTest, EmptySequence) { … } TEST(ParseAuthorityKeyIdentifierTest, KeyIdentifier) { … } TEST(ParseAuthorityKeyIdentifierTest, IssuerAndSerial) { … } TEST(ParseAuthorityKeyIdentifierTest, KeyIdentifierAndIssuerAndSerial) { … } TEST(ParseAuthorityKeyIdentifierTest, IssuerOnly) { … } TEST(ParseAuthorityKeyIdentifierTest, SerialOnly) { … } TEST(ParseAuthorityKeyIdentifierTest, InvalidContents) { … } TEST(ParseAuthorityKeyIdentifierTest, InvalidKeyIdentifier) { … } TEST(ParseAuthorityKeyIdentifierTest, InvalidIssuer) { … } TEST(ParseAuthorityKeyIdentifierTest, InvalidSerial) { … } TEST(ParseAuthorityKeyIdentifierTest, ExtraContentsAfterIssuerAndSerial) { … } TEST(ParseAuthorityKeyIdentifierTest, ExtraContentsAfterExtensionSequence) { … } TEST(ParseSubjectKeyIdentifierTest, EmptyInput) { … } TEST(ParseSubjectKeyIdentifierTest, Valid) { … } TEST(ParseSubjectKeyIdentifierTest, ExtraData) { … } } // namespace BSSL_NAMESPACE_END
Codebase Browser
chromium