Home | History | Annotate | Download | only in cert 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/cert/ev_root_ca_metadata.h"
      6 
      7 #include "net/cert/x509_cert_types.h"
      8 #include "net/test/cert_test_util.h"
      9 #include "testing/gtest/include/gtest/gtest.h"
     10 
     11 #if defined(USE_NSS)
     12 #include "crypto/scoped_nss_types.h"
     13 #endif
     14 
     15 namespace net {
     16 
     17 namespace {
     18 
     19 #if defined(USE_NSS) || defined(OS_WIN)
     20 const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6";
     21 const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1";
     22 const char kFakePolicy[] = "2.16.840.1.42";
     23 const SHA1HashValue kVerisignFingerprint =
     24     { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45,
     25         0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } };
     26 const SHA1HashValue kFakeFingerprint =
     27     { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
     28         0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } };
     29 
     30 class EVOidData {
     31  public:
     32   EVOidData();
     33   bool Init();
     34 
     35   EVRootCAMetadata::PolicyOID verisign_policy;
     36   EVRootCAMetadata::PolicyOID thawte_policy;
     37   EVRootCAMetadata::PolicyOID fake_policy;
     38 };
     39 
     40 #endif  // defined(USE_NSS) || defined(OS_WIN)
     41 
     42 #if defined(USE_NSS)
     43 
     44 SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) {
     45   SECOidData oid_data;
     46   memset(&oid_data, 0, sizeof(oid_data));
     47   oid_data.offset = SEC_OID_UNKNOWN;
     48   oid_data.desc = oid_string;
     49   oid_data.mechanism = CKM_INVALID_MECHANISM;
     50   oid_data.supportedExtension = INVALID_CERT_EXTENSION;
     51 
     52   SECStatus rv = SEC_StringToOID(arena, &oid_data.oid, oid_string, 0);
     53   if (rv != SECSuccess)
     54     return SEC_OID_UNKNOWN;
     55 
     56   return SECOID_AddEntry(&oid_data);
     57 }
     58 
     59 EVOidData::EVOidData()
     60     : verisign_policy(SEC_OID_UNKNOWN),
     61       thawte_policy(SEC_OID_UNKNOWN),
     62       fake_policy(SEC_OID_UNKNOWN) {
     63 }
     64 
     65 bool EVOidData::Init() {
     66   crypto::ScopedPLArenaPool pool(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
     67   if (!pool.get())
     68     return false;
     69 
     70   verisign_policy = RegisterOID(pool.get(), kVerisignPolicy);
     71   thawte_policy = RegisterOID(pool.get(), kThawtePolicy);
     72   fake_policy = RegisterOID(pool.get(), kFakePolicy);
     73 
     74   return verisign_policy != SEC_OID_UNKNOWN &&
     75          thawte_policy != SEC_OID_UNKNOWN &&
     76          fake_policy != SEC_OID_UNKNOWN;
     77 }
     78 
     79 #elif defined(OS_WIN)
     80 
     81 EVOidData::EVOidData()
     82     : verisign_policy(kVerisignPolicy),
     83       thawte_policy(kThawtePolicy),
     84       fake_policy(kFakePolicy) {
     85 }
     86 
     87 bool EVOidData::Init() {
     88   return true;
     89 }
     90 
     91 #endif
     92 
     93 #if defined(USE_NSS) || defined(OS_WIN)
     94 
     95 class EVRootCAMetadataTest : public testing::Test {
     96  protected:
     97   virtual void SetUp() OVERRIDE {
     98     ASSERT_TRUE(ev_oid_data.Init());
     99   }
    100 
    101   EVOidData ev_oid_data;
    102 };
    103 
    104 TEST_F(EVRootCAMetadataTest, Basic) {
    105   EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
    106 
    107   EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.verisign_policy));
    108   EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
    109   EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
    110                                           ev_oid_data.verisign_policy));
    111   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
    112                                            ev_oid_data.verisign_policy));
    113   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
    114                                            ev_oid_data.fake_policy));
    115   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
    116                                            ev_oid_data.thawte_policy));
    117 }
    118 
    119 TEST_F(EVRootCAMetadataTest, AddRemove) {
    120   EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
    121 
    122   EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
    123   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
    124                                            ev_oid_data.fake_policy));
    125 
    126   {
    127     ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint,
    128                                       kFakePolicy);
    129 
    130     EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
    131     EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
    132                                             ev_oid_data.fake_policy));
    133   }
    134 
    135   EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
    136   EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
    137                                            ev_oid_data.fake_policy));
    138 }
    139 
    140 #endif  // defined(USE_NSS) || defined(OS_WIN)
    141 
    142 }  // namespace
    143 
    144 }  // namespace net
    145