1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/cert/ev_root_ca_metadata.h" 6 7#include "net/cert/x509_cert_types.h" 8#include "net/test/cert_test_util.h" 9#include "testing/gtest/include/gtest/gtest.h" 10 11#if defined(USE_NSS) 12#include "crypto/scoped_nss_types.h" 13#endif 14 15namespace net { 16 17namespace { 18 19#if defined(USE_NSS) || defined(OS_WIN) 20const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6"; 21const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1"; 22const char kFakePolicy[] = "2.16.840.1.42"; 23const SHA1HashValue kVerisignFingerprint = 24 { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45, 25 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } }; 26const SHA1HashValue kFakeFingerprint = 27 { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 28 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } }; 29 30class EVOidData { 31 public: 32 EVOidData(); 33 bool Init(); 34 35 EVRootCAMetadata::PolicyOID verisign_policy; 36 EVRootCAMetadata::PolicyOID thawte_policy; 37 EVRootCAMetadata::PolicyOID fake_policy; 38}; 39 40#endif // defined(USE_NSS) || defined(OS_WIN) 41 42#if defined(USE_NSS) 43 44SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) { 45 SECOidData oid_data; 46 memset(&oid_data, 0, sizeof(oid_data)); 47 oid_data.offset = SEC_OID_UNKNOWN; 48 oid_data.desc = oid_string; 49 oid_data.mechanism = CKM_INVALID_MECHANISM; 50 oid_data.supportedExtension = INVALID_CERT_EXTENSION; 51 52 SECStatus rv = SEC_StringToOID(arena, &oid_data.oid, oid_string, 0); 53 if (rv != SECSuccess) 54 return SEC_OID_UNKNOWN; 55 56 return SECOID_AddEntry(&oid_data); 57} 58 59EVOidData::EVOidData() 60 : verisign_policy(SEC_OID_UNKNOWN), 61 thawte_policy(SEC_OID_UNKNOWN), 62 fake_policy(SEC_OID_UNKNOWN) { 63} 64 65bool EVOidData::Init() { 66 crypto::ScopedPLArenaPool pool(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 67 if (!pool.get()) 68 return false; 69 70 verisign_policy = RegisterOID(pool.get(), kVerisignPolicy); 71 thawte_policy = RegisterOID(pool.get(), kThawtePolicy); 72 fake_policy = RegisterOID(pool.get(), kFakePolicy); 73 74 return verisign_policy != SEC_OID_UNKNOWN && 75 thawte_policy != SEC_OID_UNKNOWN && 76 fake_policy != SEC_OID_UNKNOWN; 77} 78 79#elif defined(OS_WIN) 80 81EVOidData::EVOidData() 82 : verisign_policy(kVerisignPolicy), 83 thawte_policy(kThawtePolicy), 84 fake_policy(kFakePolicy) { 85} 86 87bool EVOidData::Init() { 88 return true; 89} 90 91#endif 92 93#if defined(USE_NSS) || defined(OS_WIN) 94 95class EVRootCAMetadataTest : public testing::Test { 96 protected: 97 virtual void SetUp() OVERRIDE { 98 ASSERT_TRUE(ev_oid_data.Init()); 99 } 100 101 EVOidData ev_oid_data; 102}; 103 104TEST_F(EVRootCAMetadataTest, Basic) { 105 EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance()); 106 107 EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.verisign_policy)); 108 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); 109 EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint, 110 ev_oid_data.verisign_policy)); 111 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, 112 ev_oid_data.verisign_policy)); 113 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint, 114 ev_oid_data.fake_policy)); 115 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint, 116 ev_oid_data.thawte_policy)); 117} 118 119TEST_F(EVRootCAMetadataTest, AddRemove) { 120 EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance()); 121 122 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); 123 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, 124 ev_oid_data.fake_policy)); 125 126 { 127 ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint, 128 kFakePolicy); 129 130 EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); 131 EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, 132 ev_oid_data.fake_policy)); 133 } 134 135 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); 136 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, 137 ev_oid_data.fake_policy)); 138} 139 140#endif // defined(USE_NSS) || defined(OS_WIN) 141 142} // namespace 143 144} // namespace net 145