diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/gtests/certdb_gtest | |
parent | Initial commit. (diff) | |
download | firefox-esr-upstream.tar.xz firefox-esr-upstream.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | security/nss/gtests/certdb_gtest/Makefile | 43 | ||||
-rw-r--r-- | security/nss/gtests/certdb_gtest/alg1485_unittest.cc | 112 | ||||
-rw-r--r-- | security/nss/gtests/certdb_gtest/cert_unittest.cc | 47 | ||||
-rw-r--r-- | security/nss/gtests/certdb_gtest/certdb_gtest.gyp | 32 | ||||
-rw-r--r-- | security/nss/gtests/certdb_gtest/decode_certs_unittest.cc | 41 | ||||
-rw-r--r-- | security/nss/gtests/certdb_gtest/manifest.mn | 24 |
6 files changed, 299 insertions, 0 deletions
diff --git a/security/nss/gtests/certdb_gtest/Makefile b/security/nss/gtests/certdb_gtest/Makefile new file mode 100644 index 0000000000..0d547e0803 --- /dev/null +++ b/security/nss/gtests/certdb_gtest/Makefile @@ -0,0 +1,43 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../common/gtest.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### diff --git a/security/nss/gtests/certdb_gtest/alg1485_unittest.cc b/security/nss/gtests/certdb_gtest/alg1485_unittest.cc new file mode 100644 index 0000000000..ac3a84c7cd --- /dev/null +++ b/security/nss/gtests/certdb_gtest/alg1485_unittest.cc @@ -0,0 +1,112 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <stdint.h> + +#include "gtest/gtest.h" + +#include "nss.h" +#include "nss_scoped_ptrs.h" +#include "prprf.h" + +namespace nss_test { + +typedef struct AVATestValuesStr { + std::string avaString; + bool expectedResult; +} AVATestValues; + +typedef struct AVACompareValuesStr { + std::string avaString1; + std::string avaString2; + SECComparison expectedResult; +} AVACompareValues; + +class Alg1485Test : public ::testing::Test {}; + +class Alg1485ParseTest : public Alg1485Test, + public ::testing::WithParamInterface<AVATestValues> {}; + +class Alg1485CompareTest + : public Alg1485Test, + public ::testing::WithParamInterface<AVACompareValues> {}; + +static const AVATestValues kAVATestStrings[] = { + {"CN=Marshall T. Rose, O=Dover Beach Consulting, L=Santa Clara, " + "ST=California, C=US", + true}, + {"C=HU,L=Budapest,O=Organization,CN=Example - Qualified Citizen " + "CA,2.5.4.97=VATHU-10", + true}, + {"C=HU,L=Budapest,O=Example,CN=Example - Qualified Citizen " + "CA,OID.2.5.4.97=VATHU-10", + true}, + {"CN=Somebody,L=Set,O=Up,C=US,1=The,2=Bomb", true}, + {"OID.2.5.4.6=😑", true}, + {"2.5.4.6=😑", true}, + {"OID.moocow=😑", false}, // OIDs must be numeric + {"3.2=bad", false}, // OIDs cannot be overly large; 3 is too big + {"256.257=bad", false}, // Still too big + {"YO=LO", false}, // Unknown Tag, 'YO' + {"CN=Tester,ZZ=Top", false}, // Unknown tag, 'ZZ' + // These tests are disabled pending Bug 1363416 + // { "01.02.03=Nope", false }, // Numbers not in minimal form + // { "000001.0000000001=👌", false }, + // { "CN=Somebody,L=Set,O=Up,C=US,01=The,02=Bomb", false }, +}; + +static const AVACompareValues kAVACompareStrings[] = { + {"CN=Max, O=Mozilla, ST=Berlin", "CN=Max, O=Mozilla, ST=Berlin, C=DE", + SECLessThan}, + {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin", + SECGreaterThan}, + {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin, C=DE", + SECEqual}, + {"CN=Max1, O=Mozilla, ST=Berlin, C=DE", + "CN=Max2, O=Mozilla, ST=Berlin, C=DE", SECLessThan}, + {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin, C=US", + SECLessThan}, +}; + +TEST_P(Alg1485ParseTest, TryParsingAVAStrings) { + const AVATestValues& param(GetParam()); + + ScopedCERTName certName(CERT_AsciiToName(param.avaString.c_str())); + ASSERT_EQ(certName != nullptr, param.expectedResult); +} + +TEST_P(Alg1485CompareTest, CompareAVAStrings) { + const AVACompareValues& param(GetParam()); + ScopedCERTName a(CERT_AsciiToName(param.avaString1.c_str())); + ScopedCERTName b(CERT_AsciiToName(param.avaString2.c_str())); + ASSERT_TRUE(a && b); + EXPECT_EQ(param.expectedResult, CERT_CompareName(a.get(), b.get())); +} + +INSTANTIATE_TEST_SUITE_P(ParseAVAStrings, Alg1485ParseTest, + ::testing::ValuesIn(kAVATestStrings)); +INSTANTIATE_TEST_SUITE_P(CompareAVAStrings, Alg1485CompareTest, + ::testing::ValuesIn(kAVACompareStrings)); + +TEST_F(Alg1485Test, ShortOIDTest) { + // This is not a valid OID (too short). CERT_GetOidString should return 0. + unsigned char data[] = {0x05}; + const SECItem oid = {siBuffer, data, sizeof(data)}; + char* result = CERT_GetOidString(&oid); + EXPECT_EQ(result, nullptr); +} + +TEST_F(Alg1485Test, BrokenOIDTest) { + // This is not a valid OID (first bit of last byte is not set). + // CERT_GetOidString should return 0. + unsigned char data[] = {0x81, 0x82, 0x83, 0x84}; + const SECItem oid = {siBuffer, data, sizeof(data)}; + char* result = CERT_GetOidString(&oid); + EXPECT_EQ(15U, strlen(result)); + EXPECT_EQ(0, strncmp("OID.UNSUPPORTED", result, 15)); + PR_smprintf_free(result); +} +} // namespace nss_test diff --git a/security/nss/gtests/certdb_gtest/cert_unittest.cc b/security/nss/gtests/certdb_gtest/cert_unittest.cc new file mode 100644 index 0000000000..2fb67bd286 --- /dev/null +++ b/security/nss/gtests/certdb_gtest/cert_unittest.cc @@ -0,0 +1,47 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" + +#include "nss.h" +#include "secerr.h" +#include "pk11pub.h" +#include "nss_scoped_ptrs.h" + +namespace nss_test { + +class CertTest : public ::testing::Test {}; + +// Tests CERT_GetCertificateDer for the certs we have. +TEST_F(CertTest, GetCertDer) { + // Listing all the certs should get us the default trust anchors. + ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr)); + ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list)); + + for (PRCList* cursor = PR_NEXT_LINK(&certs->list); cursor != &certs->list; + cursor = PR_NEXT_LINK(cursor)) { + CERTCertListNode* node = (CERTCertListNode*)cursor; + SECItem der; + ASSERT_EQ(SECSuccess, CERT_GetCertificateDer(node->cert, &der)); + ASSERT_EQ(0, SECITEM_CompareItem(&der, &node->cert->derCert)); + } +} + +TEST_F(CertTest, GetCertDerBad) { + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr)); + ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list)); + CERTCertListNode* node = (CERTCertListNode*)PR_NEXT_LINK(&certs->list); + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(node->cert, nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + SECItem der; + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, &der)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); +} +} // namespace nss_test diff --git a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp new file mode 100644 index 0000000000..7f5bb324b5 --- /dev/null +++ b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp @@ -0,0 +1,32 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi', + '../common/gtest.gypi', + ], + 'targets': [ + { + 'target_name': 'certdb_gtest', + 'type': 'executable', + 'sources': [ + 'alg1485_unittest.cc', + 'cert_unittest.cc', + 'decode_certs_unittest.cc', + '<(DEPTH)/gtests/common/gtests.cc' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + '<(DEPTH)/lib/util/util.gyp:nssutil3', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl3', + '<(DEPTH)/lib/nss/nss.gyp:nss3', + '<(DEPTH)/lib/smime/smime.gyp:smime3', + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc new file mode 100644 index 0000000000..3317ae8eed --- /dev/null +++ b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc @@ -0,0 +1,41 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" + +#include "cert.h" +#include "prerror.h" +#include "secerr.h" + +class DecodeCertsTest : public ::testing::Test {}; + +TEST_F(DecodeCertsTest, EmptyCertPackage) { + // This represents a PKCS#7 ContentInfo with a contentType of + // '2.16.840.1.113730.2.5' (Netscape data-type cert-sequence) and a content + // consisting of an empty SEQUENCE. This is valid ASN.1, but it contains no + // certificates, so CERT_DecodeCertFromPackage should just return a null + // pointer. + unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, + 0x05, 0xa0, 0x02, 0x30, 0x00}; + EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage( + reinterpret_cast<char*>(emptyCertPackage), + sizeof(emptyCertPackage))); + EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); +} + +TEST_F(DecodeCertsTest, EmptySignedData) { + // This represents a PKCS#7 ContentInfo of contentType + // 1.2.840.113549.1.7.2 (signedData) with missing content. + unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + 0x02, 0x00, 0x00, 0x05, 0x00}; + + EXPECT_EQ(nullptr, + CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData), + sizeof(emptySignedData))); + EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); +} diff --git a/security/nss/gtests/certdb_gtest/manifest.mn b/security/nss/gtests/certdb_gtest/manifest.mn new file mode 100644 index 0000000000..2edcf92615 --- /dev/null +++ b/security/nss/gtests/certdb_gtest/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. +DEPTH = ../.. +MODULE = nss + +CPPSRCS = \ + alg1485_unittest.cc \ + cert_unittest.cc \ + decode_certs_unittest.cc \ + $(NULL) + +INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ + -I$(CORE_DEPTH)/gtests/common \ + -I$(CORE_DEPTH)/cpputil + +REQUIRES = nspr nss libdbm gtest + +PROGRAM = certdb_gtest + +EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \ + $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) |