Google Git
Sign in
boringssl / boringssl.git / a792f8804773f9c6c8fa55a8d9a502d56bd79b2b / . / pki / certificate_policies_unittest.cc
blob: 9458659d8e00bdefa1d74cb53bb6f1eb64cf08dc [file] [log] [blame]
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]1// Copyright 2015 The Chromium Authors
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "certificate_policies.h"
6
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]7#include <gtest/gtest.h>
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]8#include "input.h"
9#include "parser.h"
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]10#include "test_helpers.h"
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]11
12namespace bssl {
13namespace {
14
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]15::testing::AssertionResult LoadTestData(const std::string &name,
16 std::string *result) {
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]17 std::string path = "testdata/certificate_policies_unittest/" + name;
18
19 const PemBlockMapping mappings[] = {
20 {"CERTIFICATE POLICIES", result},
21 };
22
23 return ReadTestDataFromPemFile(path, mappings);
24}
25
26const uint8_t policy_1_2_3_der[] = {0x2A, 0x03};
27const uint8_t policy_1_2_4_der[] = {0x2A, 0x04};
28
29class ParseCertificatePoliciesExtensionOidsTest
30 : public testing::TestWithParam<bool> {
31 protected:
32 bool fail_parsing_unknown_qualifier_oids() const { return GetParam(); }
33};
34
35// Run the tests with all possible values for
36// |fail_parsing_unknown_qualifier_oids|.
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]37INSTANTIATE_TEST_SUITE_P(All, ParseCertificatePoliciesExtensionOidsTest,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]38 testing::Bool());
39
40TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidEmpty) {
41 std::string der;
42 ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der));
43 std::vector<der::Input> policies;
44 CertErrors errors;
45 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]46 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]47 &errors));
48}
49
50TEST_P(ParseCertificatePoliciesExtensionOidsTest, InvalidIdentifierNotOid) {
51 std::string der;
52 ASSERT_TRUE(LoadTestData("invalid-policy_identifier_not_oid.pem", &der));
53 std::vector<der::Input> policies;
54 CertErrors errors;
55 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]56 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]57 &errors));
58}
59
60TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicy) {
61 std::string der;
62 ASSERT_TRUE(LoadTestData("anypolicy.pem", &der));
63 std::vector<der::Input> policies;
64 CertErrors errors;
65 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]66 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]67 &errors));
68 ASSERT_EQ(1U, policies.size());
69 EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]);
70}
71
72TEST_P(ParseCertificatePoliciesExtensionOidsTest, AnyPolicyWithQualifier) {
73 std::string der;
74 ASSERT_TRUE(LoadTestData("anypolicy_with_qualifier.pem", &der));
75 std::vector<der::Input> policies;
76 CertErrors errors;
77 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]78 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]79 &errors));
80 ASSERT_EQ(1U, policies.size());
81 EXPECT_EQ(der::Input(kAnyPolicyOid), policies[0]);
82}
83
84TEST_P(ParseCertificatePoliciesExtensionOidsTest,
85 InvalidAnyPolicyWithCustomQualifier) {
86 std::string der;
87 ASSERT_TRUE(
88 LoadTestData("invalid-anypolicy_with_custom_qualifier.pem", &der));
89 std::vector<der::Input> policies;
90 CertErrors errors;
91 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]92 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]93 &errors));
94}
95
96TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicy) {
97 std::string der;
98 ASSERT_TRUE(LoadTestData("policy_1_2_3.pem", &der));
99 std::vector<der::Input> policies;
100 CertErrors errors;
101 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]102 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]103 &errors));
104 ASSERT_EQ(1U, policies.size());
105 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
106}
107
108TEST_P(ParseCertificatePoliciesExtensionOidsTest, OnePolicyWithQualifier) {
109 std::string der;
110 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_qualifier.pem", &der));
111 std::vector<der::Input> policies;
112 CertErrors errors;
113 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]114 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]115 &errors));
116 ASSERT_EQ(1U, policies.size());
117 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
118}
119
120TEST_P(ParseCertificatePoliciesExtensionOidsTest,
121 OnePolicyWithCustomQualifier) {
122 std::string der;
123 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der));
124 std::vector<der::Input> policies;
125 CertErrors errors;
126 bool result = ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]127 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]128 &errors);
129
130 if (fail_parsing_unknown_qualifier_oids()) {
131 EXPECT_FALSE(result);
132 } else {
133 EXPECT_TRUE(result);
134 ASSERT_EQ(1U, policies.size());
135 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
136 }
137}
138
139TEST_P(ParseCertificatePoliciesExtensionOidsTest,
140 InvalidPolicyWithDuplicatePolicyOid) {
141 std::string der;
142 ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der));
143 std::vector<der::Input> policies;
144 CertErrors errors;
145 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]146 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]147 &errors));
148}
149
150TEST_P(ParseCertificatePoliciesExtensionOidsTest,
151 InvalidPolicyWithEmptyQualifiersSequence) {
152 std::string der;
153 ASSERT_TRUE(LoadTestData(
154 "invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem", &der));
155 std::vector<der::Input> policies;
156 CertErrors errors;
157 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]158 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]159 &errors));
160}
161
162TEST_P(ParseCertificatePoliciesExtensionOidsTest,
163 InvalidPolicyInformationHasUnconsumedData) {
164 std::string der;
165 ASSERT_TRUE(LoadTestData(
166 "invalid-policy_1_2_3_policyinformation_unconsumed_data.pem", &der));
167 std::vector<der::Input> policies;
168 CertErrors errors;
169 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]170 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]171 &errors));
172}
173
174TEST_P(ParseCertificatePoliciesExtensionOidsTest,
175 InvalidPolicyQualifierInfoHasUnconsumedData) {
176 std::string der;
177 ASSERT_TRUE(LoadTestData(
178 "invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem", &der));
179 std::vector<der::Input> policies;
180 CertErrors errors;
181 EXPECT_FALSE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]182 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]183 &errors));
184}
185
186TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPolicies) {
187 std::string der;
188 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der));
189 std::vector<der::Input> policies;
190 CertErrors errors;
191 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]192 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]193 &errors));
194 ASSERT_EQ(2U, policies.size());
195 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
196 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]);
197}
198
199TEST_P(ParseCertificatePoliciesExtensionOidsTest, TwoPoliciesWithQualifiers) {
200 std::string der;
201 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der));
202 std::vector<der::Input> policies;
203 CertErrors errors;
204 EXPECT_TRUE(ParseCertificatePoliciesExtensionOids(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]205 der::Input(der), fail_parsing_unknown_qualifier_oids(), &policies,
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]206 &errors));
207 ASSERT_EQ(2U, policies.size());
208 EXPECT_EQ(der::Input(policy_1_2_3_der), policies[0]);
209 EXPECT_EQ(der::Input(policy_1_2_4_der), policies[1]);
210}
211
212TEST(ParseCertificatePoliciesExtensionTest, InvalidEmpty) {
213 std::string der;
214 ASSERT_TRUE(LoadTestData("invalid-empty.pem", &der));
215 std::vector<PolicyInformation> policies;
216 CertErrors errors;
217 EXPECT_FALSE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]218 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]219}
220
221TEST(ParseCertificatePoliciesExtensionTest,
222 InvalidPolicyWithDuplicatePolicyOid) {
223 std::string der;
224 ASSERT_TRUE(LoadTestData("invalid-policy_1_2_3_dupe.pem", &der));
225 std::vector<PolicyInformation> policies;
226 CertErrors errors;
227 EXPECT_FALSE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]228 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]229}
230
231TEST(ParseCertificatePoliciesExtensionTest, OnePolicyWithCustomQualifier) {
232 std::string der;
233 ASSERT_TRUE(LoadTestData("policy_1_2_3_with_custom_qualifier.pem", &der));
234 std::vector<PolicyInformation> policies;
235 CertErrors errors;
236 EXPECT_TRUE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]237 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]238 ASSERT_EQ(1U, policies.size());
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]239 PolicyInformation &policy = policies[0];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]240 EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
241
242 ASSERT_EQ(1U, policy.policy_qualifiers.size());
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]243 PolicyQualifierInfo &qualifier = policy.policy_qualifiers[0];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]244 // 1.2.3.4
245 const uint8_t kExpectedQualifierOid[] = {0x2a, 0x03, 0x04};
246 EXPECT_EQ(der::Input(kExpectedQualifierOid), qualifier.qualifier_oid);
247 // UTF8String { "hi" }
248 const uint8_t kExpectedQualifier[] = {0x0c, 0x02, 0x68, 0x69};
249 EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
250}
251
252TEST(ParseCertificatePoliciesExtensionTest, TwoPolicies) {
253 std::string der;
254 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4.pem", &der));
255 std::vector<PolicyInformation> policies;
256 CertErrors errors;
257 EXPECT_TRUE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]258 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]259 ASSERT_EQ(2U, policies.size());
260 {
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]261 PolicyInformation &policy = policies[0];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]262 EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
263 EXPECT_EQ(0U, policy.policy_qualifiers.size());
264 }
265 {
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]266 PolicyInformation &policy = policies[1];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]267 EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid);
268 EXPECT_EQ(0U, policy.policy_qualifiers.size());
269 }
270}
271
272TEST(ParseCertificatePoliciesExtensionTest, TwoPoliciesWithQualifiers) {
273 std::string der;
274 ASSERT_TRUE(LoadTestData("policy_1_2_3_and_1_2_4_with_qualifiers.pem", &der));
275 std::vector<PolicyInformation> policies;
276 CertErrors errors;
277 EXPECT_TRUE(
Bob Beck2e119172023-08-14 11:06:38 -0600[diff] [blame]278 ParseCertificatePoliciesExtension(der::Input(der), &policies, &errors));
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]279 ASSERT_EQ(2U, policies.size());
280 {
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]281 PolicyInformation &policy = policies[0];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]282 EXPECT_EQ(der::Input(policy_1_2_3_der), policy.policy_oid);
283 ASSERT_EQ(1U, policy.policy_qualifiers.size());
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]284 PolicyQualifierInfo &qualifier = policy.policy_qualifiers[0];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]285 EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid);
286 // IA5String { "https://example.com/1_2_3" }
287 const uint8_t kExpectedQualifier[] = {
288 0x16, 0x19, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f,
289 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
290 0x63, 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x33};
291 EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
292 }
293 {
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]294 PolicyInformation &policy = policies[1];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]295 EXPECT_EQ(der::Input(policy_1_2_4_der), policy.policy_oid);
296 ASSERT_EQ(1U, policy.policy_qualifiers.size());
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]297 PolicyQualifierInfo &qualifier = policy.policy_qualifiers[0];
Bob Beckbc97b7a2023-04-18 08:35:15 -0600[diff] [blame]298 EXPECT_EQ(der::Input(kCpsPointerId), qualifier.qualifier_oid);
299 // IA5String { "http://example.com/1_2_4" }
300 const uint8_t kExpectedQualifier[] = {
301 0x16, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
302 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
303 0x6f, 0x6d, 0x2f, 0x31, 0x5f, 0x32, 0x5f, 0x34};
304 EXPECT_EQ(der::Input(kExpectedQualifier), qualifier.qualifier);
305 }
306}
307
308// NOTE: The tests for ParseInhibitAnyPolicy() are part of
309// parsed_certificate_unittest.cc
310
311} // namespace
Bob Beck5c7a2a02023-11-20 17:28:21 -0700[diff] [blame]312} // namespace bssl