1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/cert/ev_root_ca_metadata.h"
6
7#include "net/cert/x509_cert_types.h"
8#include "net/test/cert_test_util.h"
9#include "testing/gtest/include/gtest/gtest.h"
10
11#if defined(USE_NSS)
12#include "crypto/scoped_nss_types.h"
13#endif
14
15namespace net {
16
17namespace {
18
19#if defined(USE_NSS) || defined(OS_WIN)
20const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6";
21const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1";
22const char kFakePolicy[] = "2.16.840.1.42";
23const SHA1HashValue kVerisignFingerprint =
24    { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45,
25        0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } };
26const SHA1HashValue kFakeFingerprint =
27    { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
28        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } };
29
30class EVOidData {
31 public:
32  EVOidData();
33  bool Init();
34
35  EVRootCAMetadata::PolicyOID verisign_policy;
36  EVRootCAMetadata::PolicyOID thawte_policy;
37  EVRootCAMetadata::PolicyOID fake_policy;
38};
39
40#endif  // defined(USE_NSS) || defined(OS_WIN)
41
42#if defined(USE_NSS)
43
44SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) {
45  SECOidData oid_data;
46  memset(&oid_data, 0, sizeof(oid_data));
47  oid_data.offset = SEC_OID_UNKNOWN;
48  oid_data.desc = oid_string;
49  oid_data.mechanism = CKM_INVALID_MECHANISM;
50  oid_data.supportedExtension = INVALID_CERT_EXTENSION;
51
52  SECStatus rv = SEC_StringToOID(arena, &oid_data.oid, oid_string, 0);
53  if (rv != SECSuccess)
54    return SEC_OID_UNKNOWN;
55
56  return SECOID_AddEntry(&oid_data);
57}
58
59EVOidData::EVOidData()
60    : verisign_policy(SEC_OID_UNKNOWN),
61      thawte_policy(SEC_OID_UNKNOWN),
62      fake_policy(SEC_OID_UNKNOWN) {
63}
64
65bool EVOidData::Init() {
66  crypto::ScopedPLArenaPool pool(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
67  if (!pool.get())
68    return false;
69
70  verisign_policy = RegisterOID(pool.get(), kVerisignPolicy);
71  thawte_policy = RegisterOID(pool.get(), kThawtePolicy);
72  fake_policy = RegisterOID(pool.get(), kFakePolicy);
73
74  return verisign_policy != SEC_OID_UNKNOWN &&
75         thawte_policy != SEC_OID_UNKNOWN &&
76         fake_policy != SEC_OID_UNKNOWN;
77}
78
79#elif defined(OS_WIN)
80
81EVOidData::EVOidData()
82    : verisign_policy(kVerisignPolicy),
83      thawte_policy(kThawtePolicy),
84      fake_policy(kFakePolicy) {
85}
86
87bool EVOidData::Init() {
88  return true;
89}
90
91#endif
92
93#if defined(USE_NSS) || defined(OS_WIN)
94
95class EVRootCAMetadataTest : public testing::Test {
96 protected:
97  virtual void SetUp() OVERRIDE {
98    ASSERT_TRUE(ev_oid_data.Init());
99  }
100
101  EVOidData ev_oid_data;
102};
103
104TEST_F(EVRootCAMetadataTest, Basic) {
105  EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
106
107  EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.verisign_policy));
108  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
109  EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
110                                          ev_oid_data.verisign_policy));
111  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
112                                           ev_oid_data.verisign_policy));
113  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
114                                           ev_oid_data.fake_policy));
115  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
116                                           ev_oid_data.thawte_policy));
117}
118
119TEST_F(EVRootCAMetadataTest, AddRemove) {
120  EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
121
122  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
123  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
124                                           ev_oid_data.fake_policy));
125
126  {
127    ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint,
128                                      kFakePolicy);
129
130    EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
131    EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
132                                            ev_oid_data.fake_policy));
133  }
134
135  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
136  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
137                                           ev_oid_data.fake_policy));
138}
139
140#endif  // defined(USE_NSS) || defined(OS_WIN)
141
142}  // namespace
143
144}  // namespace net
145