net/cert/ev_root_ca_metadata_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/cert/ev_root_ca_metadata.h"
   6
   7 #include "net/cert/x509_cert_types.h"
   8 #include "net/test/cert_test_util.h"
   9 #include "testing/gtest/include/gtest/gtest.h"
  10
  11 #if defined(USE_NSS_CERTS)
  12 #include "crypto/nss_util.h"
  13 #include "crypto/scoped_nss_types.h"
  14 #endif
  15
  16 namespace net {
  17
  18 namespace {
  19
  20 #if defined(USE_NSS_CERTS) || defined(OS_WIN)
  21 const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6";
  22 const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1";
  23 const char kFakePolicy[] = "2.16.840.1.42";
  24 const SHA1HashValue kVerisignFingerprint =
  25     { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45,
  26         0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } };
  27 const SHA1HashValue kFakeFingerprint =
  28     { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
  29         0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } };
  30
  31 class EVOidData {
  32  public:
  33   EVOidData();
  34   bool Init();
  35
  36   EVRootCAMetadata::PolicyOID verisign_policy;
  37   EVRootCAMetadata::PolicyOID thawte_policy;
  38   EVRootCAMetadata::PolicyOID fake_policy;
  39 };
  40
  41 #endif  // defined(USE_NSS_CERTS) || defined(OS_WIN)
  42
  43 #if defined(USE_NSS_CERTS)
  44
  45 SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) {
  46   SECOidData oid_data;
  47   memset(&oid_data, 0, sizeof(oid_data));
  48   oid_data.offset = SEC_OID_UNKNOWN;
  49   oid_data.desc = oid_string;
  50   oid_data.mechanism = CKM_INVALID_MECHANISM;
  51   oid_data.supportedExtension = INVALID_CERT_EXTENSION;
  52
  53   SECStatus rv = SEC_StringToOID(arena, &oid_data.oid, oid_string, 0);
  54   if (rv != SECSuccess)
  55     return SEC_OID_UNKNOWN;
  56
  57   return SECOID_AddEntry(&oid_data);
  58 }
  59
  60 EVOidData::EVOidData()
  61     : verisign_policy(SEC_OID_UNKNOWN),
  62       thawte_policy(SEC_OID_UNKNOWN),
  63       fake_policy(SEC_OID_UNKNOWN) {
  64 }
  65
  66 bool EVOidData::Init() {
  67   crypto::EnsureNSSInit();
  68   crypto::ScopedPLArenaPool pool(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
  69   if (!pool.get())
  70     return false;
  71
  72   verisign_policy = RegisterOID(pool.get(), kVerisignPolicy);
  73   thawte_policy = RegisterOID(pool.get(), kThawtePolicy);
  74   fake_policy = RegisterOID(pool.get(), kFakePolicy);
  75
  76   return verisign_policy != SEC_OID_UNKNOWN &&
  77          thawte_policy != SEC_OID_UNKNOWN &&
  78          fake_policy != SEC_OID_UNKNOWN;
  79 }
  80
  81 #elif defined(OS_WIN)
  82
  83 EVOidData::EVOidData()
  84     : verisign_policy(kVerisignPolicy),
  85       thawte_policy(kThawtePolicy),
  86       fake_policy(kFakePolicy) {
  87 }
  88
  89 bool EVOidData::Init() {
  90   return true;
  91 }
  92
  93 #endif
  94
  95 #if defined(USE_NSS_CERTS) || defined(OS_WIN)
  96
  97 class EVRootCAMetadataTest : public testing::Test {
  98  protected:
  99   void SetUp() override { ASSERT_TRUE(ev_oid_data.Init()); }
 100
 101   EVOidData ev_oid_data;
 102 };
 103
 104 TEST_F(EVRootCAMetadataTest, Basic) {
 105   EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
 106
 107   EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.verisign_policy));
 108   EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
 109   EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
 110                                           ev_oid_data.verisign_policy));
 111   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
 112                                            ev_oid_data.verisign_policy));
 113   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
 114                                            ev_oid_data.fake_policy));
 115   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
 116                                            ev_oid_data.thawte_policy));
 117 }
 118
 119 TEST_F(EVRootCAMetadataTest, AddRemove) {
 120   EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
 121
 122   EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
 123   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
 124                                            ev_oid_data.fake_policy));
 125
 126   {
 127     ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint,
 128                                       kFakePolicy);
 129
 130     EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
 131     EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
 132                                             ev_oid_data.fake_policy));
 133   }
 134
 135   EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
 136   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
 137                                            ev_oid_data.fake_policy));
 138 }
 139
 140 #endif  // defined(USE_NSS_CERTS) || defined(OS_WIN)
 141
 142 }  // namespace
 143
 144 }  // namespace net