Google Git
Sign in
boringssl / boringssl.git / 4b040e562e950b168d49c1a1dd453cf460ab81c9 / . / pki / certificate_policies_unittest.cc
blob: fcf10b85a28dc6a138dc26feeba1a78cbd901808 [file] [log] [blame]
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]1// Copyright 2015 The Chromium Authors
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "certificate_policies.h"
6
7#include "test_helpers.h"
8#include "input.h"
9#include "parser.h"
10#include <gtest/gtest.h>
11
12namespace bssl {
13namespace {
14
15::testing::AssertionResult LoadTestData(const std::string& name,
16 std::string* result) {
17 std::string path = "testdata/certificate_policies_unittest/" + name;
18
19 const PemBlockMapping mappings[] = {
20 {"CERTIFICATE POLICIES", result},
21 };
22
23 return ReadTestDataFromPemFile(path, mappings);
24}
25
26const uint8_t policy_1_2_3_der[] = {0x2A, 0x03};
27const uint8_t policy_1_2_4_der[] = {0x2A, 0x04};
28
29class ParseCertificatePoliciesExtensionOidsTest
30 : public testing::TestWithParam<bool> {
31 protected:
32 bool fail_parsing_unknown_qualifier_oids() const { return GetParam(); }
33};
34
35// Run the tests with all possible values for
36// |fail_parsing_unknown_qualifier_oids|.
37INSTANTIATE_TEST_SUITE_P(All,
38 ParseCertificatePoliciesExtensionOidsTest,
39 testing::Bool());
40
41TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidEmpty) {
42 std::string der;
43 ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der));
44 std::vector<der::Input> policies;
45 CertErrors errors;
46 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]47 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]48 &errors));
49}
50
51TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidIdentifierNotOid) {
52 std::string der;
53 ASSERT_TRUE(LoadTestData("invalid-policy_identifier_not_oid.pem", &der));
54 std::vector<der::Input> policies;
55 CertErrors errors;
56 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]57 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]58 &errors));
59}
60
61TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicy) {
62 std::string der;
63 ASSERT_TRUE(LoadTestData("anypolicy.pem", &der));
64 std::vector<der::Input> policies;
65 CertErrors errors;
66 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]67 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]68 &errors));
69 ASSERT_EQ(1U, policies.size());
70 EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]);
71}
72
73TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicyWithQualifier) {
74 std::string der;
75 ASSERT_TRUE(LoadTestData("anypolicy_with_qualifier.pem", &der));
76 std::vector<der::Input> policies;
77 CertErrors errors;
78 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]79 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]80 &errors));
81 ASSERT_EQ(1U, policies.size());
82 EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]);
83}
84
85TEST_P(ParseCertificatePoliciesExtensionOidsTest,
86 InvalidAnyPolicyWithCustomQualifier) {
87 std::string der;
88 ASSERT_TRUE(
89 LoadTestData("invalid-anypolicy_with_custom_qualifier.pem", &der));
90 std::vector<der::Input> policies;
91 CertErrors errors;
92 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]93 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]94 &errors));
95}
96
97TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicy) {
98 std::string der;
99 ASSERT_TRUE(LoadTestData("policy_1_2_3.pem", &der));
100 std::vector<der::Input> policies;
101 CertErrors errors;
102 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]103 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]104 &errors));
105 ASSERT_EQ(1U, policies.size());
106 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
107}
108
109TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicyWithQualifier) {
110 std::string der;
111 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_qualifier.pem", &der));
112 std::vector<der::Input> policies;
113 CertErrors errors;
114 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]115 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]116 &errors));
117 ASSERT_EQ(1U, policies.size());
118 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
119}
120
121TEST_P(ParseCertificatePoliciesExtensionOidsTest,
122 OnePolicyWithCustomQualifier) {
123 std::string der;
124 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der));
125 std::vector<der::Input> policies;
126 CertErrors errors;
127 bool result = ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]128 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]129 &errors);
130
131 if (fail_parsing_unknown_qualifier_oids()) {
132 EXPECT_FALSE(result);
133 } else {
134 EXPECT_TRUE(result);
135 ASSERT_EQ(1U, policies.size());
136 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
137 }
138}
139
140TEST_P(ParseCertificatePoliciesExtensionOidsTest,
141 InvalidPolicyWithDuplicatePolicyOid) {
142 std::string der;
143 ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der));
144 std::vector<der::Input> policies;
145 CertErrors errors;
146 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]147 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]148 &errors));
149}
150
151TEST_P(ParseCertificatePoliciesExtensionOidsTest,
152 InvalidPolicyWithEmptyQualifiersSequence) {
153 std::string der;
154 ASSERT_TRUE(LoadTestData(
155 "invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem", &der));
156 std::vector<der::Input> policies;
157 CertErrors errors;
158 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]159 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]160 &errors));
161}
162
163TEST_P(ParseCertificatePoliciesExtensionOidsTest,
164 InvalidPolicyInformationHasUnconsumedData) {
165 std::string der;
166 ASSERT_TRUE(LoadTestData(
167 "invalid-policy_1_2_3_policyinformation_unconsumed_data.pem", &der));
168 std::vector<der::Input> policies;
169 CertErrors errors;
170 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]171 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]172 &errors));
173}
174
175TEST_P(ParseCertificatePoliciesExtensionOidsTest,
176 InvalidPolicyQualifierInfoHasUnconsumedData) {
177 std::string der;
178 ASSERT_TRUE(LoadTestData(
179 "invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem", &der));
180 std::vector<der::Input> policies;
181 CertErrors errors;
182 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]183 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]184 &errors));
185}
186
187TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPolicies) {
188 std::string der;
189 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der));
190 std::vector<der::Input> policies;
191 CertErrors errors;
192 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]193 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]194 &errors));
195 ASSERT_EQ(2U, policies.size());
196 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
197 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]);
198}
199
200TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPoliciesWithQualifiers) {
201 std::string der;
202 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der));
203 std::vector<der::Input> policies;
204 CertErrors errors;
205 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]206 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]207 &errors));
208 ASSERT_EQ(2U, policies.size());
209 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
210 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]);
211}
212
213TEST(ParseCertificatePoliciesExtensionTest, InvalidEmpty) {
214 std::string der;
215 ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der));
216 std::vector<PolicyInformation> policies;
217 CertErrors errors;
218 EXPECT_FALSE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]219 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]220}
221
222TEST(ParseCertificatePoliciesExtensionTest,
223 InvalidPolicyWithDuplicatePolicyOid) {
224 std::string der;
225 ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der));
226 std::vector<PolicyInformation> policies;
227 CertErrors errors;
228 EXPECT_FALSE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]229 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]230}
231
232TEST(ParseCertificatePoliciesExtensionTest, OnePolicyWithCustomQualifier) {
233 std::string der;
234 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der));
235 std::vector<PolicyInformation> policies;
236 CertErrors errors;
237 EXPECT_TRUE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]238 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]239 ASSERT_EQ(1U, policies.size());
240 PolicyInformation& policy = policies[0];
241 EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
242
243 ASSERT_EQ(1U, policy.policy_qualifiers.size());
244 PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0];
245 // 1.2.3.4
246 const uint8_t kExpectedQualifierOid[] = {0x2a, 0x03, 0x04};
247 EXPECT_EQ(der::Input(kExpectedQualifierOid), qualifier.qualifier_oid);
248 // UTF8String { "hi" }
249 const uint8_t kExpectedQualifier[] = {0x0c, 0x02, 0x68, 0x69};
250 EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
251}
252
253TEST(ParseCertificatePoliciesExtensionTest, TwoPolicies) {
254 std::string der;
255 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der));
256 std::vector<PolicyInformation> policies;
257 CertErrors errors;
258 EXPECT_TRUE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]259 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]260 ASSERT_EQ(2U, policies.size());
261 {
262 PolicyInformation& policy = policies[0];
263 EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
264 EXPECT_EQ(0U, policy.policy_qualifiers.size());
265 }
266 {
267 PolicyInformation& policy = policies[1];
268 EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid);
269 EXPECT_EQ(0U, policy.policy_qualifiers.size());
270 }
271}
272
273TEST(ParseCertificatePoliciesExtensionTest, TwoPoliciesWithQualifiers) {
274 std::string der;
275 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der));
276 std::vector<PolicyInformation> policies;
277 CertErrors errors;
278 EXPECT_TRUE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]279 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]280 ASSERT_EQ(2U, policies.size());
281 {
282 PolicyInformation& policy = policies[0];
283 EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
284 ASSERT_EQ(1U, policy.policy_qualifiers.size());
285 PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0];
286 EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid);
287 // IA5String { "https://example.com/1_2_3" }
288 const uint8_t kExpectedQualifier[] = {
289 0x16, 0x19, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f,
290 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
291 0x63, 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x33};
292 EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
293 }
294 {
295 PolicyInformation& policy = policies[1];
296 EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid);
297 ASSERT_EQ(1U, policy.policy_qualifiers.size());
298 PolicyQualifierInfo& qualifier = policy.policy_qualifiers[0];
299 EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid);
300 // IA5String { "http://example.com/1_2_4" }
301 const uint8_t kExpectedQualifier[] = {
302 0x16, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
303 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
304 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x34};
305 EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
306 }
307}
308
309// NOTE: The tests for ParseInhibitAnyPolicy() are part of
310// parsed_certificate_unittest.cc
311
312} // namespace
313} // namespace net