1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This code is made available to you under your choice of the following sets
* of licensing terms:
*/
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/* Copyright 2014 Mozilla Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef mozilla_pkix_pkixgtest_h
#define mozilla_pkix_pkixgtest_h
#include <ostream>
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated"
#pragma clang diagnostic ignored "-Wmissing-noreturn"
#pragma clang diagnostic ignored "-Wshift-sign-overflow"
#pragma clang diagnostic ignored "-Wsign-conversion"
#pragma clang diagnostic ignored "-Wundef"
#elif defined(__GNUC__)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wextra"
#elif defined(_MSC_VER)
#pragma warning(push, 3)
// C4224: Nonstandard extension used: formal parameter 'X' was previously
// defined as a type.
#pragma warning(disable : 4224)
// C4826: Conversion from 'type1 ' to 'type_2' is sign - extended. This may
// cause unexpected runtime behavior.
#pragma warning(disable : 4826)
#endif
#include "gtest/gtest.h"
#if defined(__clang__)
#pragma clang diagnostic pop
#elif defined(__GNUC__)
#pragma GCC diagnostic pop
#elif defined(_MSC_VER)
#pragma warning(pop)
#endif
#include "mozpkix/pkix.h"
#include "mozpkix/pkixder.h"
#include "mozpkix/test/pkixtestutil.h"
// PrintTo must be in the same namespace as the type we're overloading it for.
namespace mozilla {
namespace pkix {
inline void PrintTo(const Result& result, ::std::ostream* os) {
const char* stringified = MapResultToName(result);
if (stringified) {
*os << stringified;
} else {
*os << "mozilla::pkix::Result(" << static_cast<unsigned int>(result) << ")";
}
}
} // namespace pkix
} // namespace mozilla
namespace mozilla {
namespace pkix {
namespace test {
extern const std::time_t oneDayBeforeNow;
extern const std::time_t oneDayAfterNow;
extern const std::time_t twoDaysBeforeNow;
extern const std::time_t twoDaysAfterNow;
extern const std::time_t tenDaysBeforeNow;
extern const std::time_t tenDaysAfterNow;
class EverythingFailsByDefaultTrustDomain : public TrustDomain {
public:
Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input,
/*out*/ TrustLevel&) override {
ADD_FAILURE();
return NotReached("GetCertTrust should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result FindIssuer(Input, IssuerChecker&, Time) override {
ADD_FAILURE();
return NotReached("FindIssuer should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
/*optional*/ const Input*,
/*optional*/ const Input*,
/*optional*/ const Input*) override {
ADD_FAILURE();
return NotReached("CheckRevocation should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override {
ADD_FAILURE();
return NotReached("IsChainValid should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result DigestBuf(Input, DigestAlgorithm, /*out*/ uint8_t*, size_t) override {
ADD_FAILURE();
return NotReached("DigestBuf should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result CheckSignatureDigestAlgorithm(DigestAlgorithm, EndEntityOrCA,
Time) override {
ADD_FAILURE();
return NotReached("CheckSignatureDigestAlgorithm should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result CheckECDSACurveIsAcceptable(EndEntityOrCA, NamedCurve) override {
ADD_FAILURE();
return NotReached("CheckECDSACurveIsAcceptable should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result VerifyECDSASignedData(Input, DigestAlgorithm, Input, Input) override {
ADD_FAILURE();
return NotReached("VerifyECDSASignedData should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA,
unsigned int) override {
ADD_FAILURE();
return NotReached("CheckRSAPublicKeyModulusSizeInBits should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result VerifyRSAPKCS1SignedData(Input, DigestAlgorithm, Input,
Input) override {
ADD_FAILURE();
return NotReached("VerifyRSAPKCS1SignedData should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result VerifyRSAPSSSignedData(Input, DigestAlgorithm, Input, Input) override {
ADD_FAILURE();
return NotReached("VerifyRSAPSSSignedData should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA,
KeyPurposeId) override {
ADD_FAILURE();
return NotReached("CheckValidityIsAcceptable should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
Result NetscapeStepUpMatchesServerAuth(Time, bool&) override {
ADD_FAILURE();
return NotReached("NetscapeStepUpMatchesServerAuth should not be called",
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
virtual void NoteAuxiliaryExtension(AuxiliaryExtension, Input) override {
ADD_FAILURE();
}
};
class DefaultCryptoTrustDomain : public EverythingFailsByDefaultTrustDomain {
Result DigestBuf(Input item, DigestAlgorithm digestAlg,
/*out*/ uint8_t* digestBuf, size_t digestBufLen) override {
return TestDigestBuf(item, digestAlg, digestBuf, digestBufLen);
}
Result CheckSignatureDigestAlgorithm(DigestAlgorithm, EndEntityOrCA,
Time) override {
return Success;
}
Result CheckECDSACurveIsAcceptable(EndEntityOrCA, NamedCurve) override {
return Success;
}
Result VerifyECDSASignedData(Input data, DigestAlgorithm digestAlgorithm,
Input signature,
Input subjectPublicKeyInfo) override {
return TestVerifyECDSASignedData(data, digestAlgorithm, signature,
subjectPublicKeyInfo);
}
Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA,
unsigned int) override {
return Success;
}
Result VerifyRSAPKCS1SignedData(Input data, DigestAlgorithm digestAlgorithm,
Input signature,
Input subjectPublicKeyInfo) override {
return TestVerifyRSAPKCS1SignedData(data, digestAlgorithm, signature,
subjectPublicKeyInfo);
}
Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA,
KeyPurposeId) override {
return Success;
}
Result NetscapeStepUpMatchesServerAuth(Time, /*out*/ bool& matches) override {
matches = true;
return Success;
}
void NoteAuxiliaryExtension(AuxiliaryExtension, Input) override {}
};
class DefaultNameMatchingPolicy : public NameMatchingPolicy {
public:
virtual Result FallBackToCommonName(
Time,
/*out*/ FallBackToSearchWithinSubject& fallBackToCommonName) override {
fallBackToCommonName = FallBackToSearchWithinSubject::Yes;
return Success;
}
virtual HandleInvalidSubjectAlternativeNamesBy
HandleInvalidSubjectAlternativeNames() override {
return HandleInvalidSubjectAlternativeNamesBy::Halting;
}
};
// python DottedOIDToCode.py --tlv id-kp-clientAuth 1.3.6.1.5.5.7.3.2
const uint8_t tlv_id_kp_clientAuth[] = {0x06, 0x08, 0x2b, 0x06, 0x01,
0x05, 0x05, 0x07, 0x03, 0x02};
// python DottedOIDToCode.py --tlv id-kp-codeSigning 1.3.6.1.5.5.7.3.3
const uint8_t tlv_id_kp_codeSigning[] = {0x06, 0x08, 0x2b, 0x06, 0x01,
0x05, 0x05, 0x07, 0x03, 0x03};
// python DottedOIDToCode.py --tlv id-ce-extKeyUsage 2.5.29.37
const uint8_t tlv_id_ce_extKeyUsage[] = {0x06, 0x03, 0x55, 0x1d, 0x25};
inline ByteString CreateEKUExtension(ByteString ekuOIDs) {
return TLV(der::SEQUENCE,
BytesToByteString(tlv_id_ce_extKeyUsage) +
TLV(der::OCTET_STRING, TLV(der::SEQUENCE, ekuOIDs)));
}
} // namespace test
} // namespace pkix
} // namespace mozilla
#endif // mozilla_pkix_pkixgtest_h
|