summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/certdb_gtest
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /security/nss/gtests/certdb_gtest
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/gtests/certdb_gtest')
-rw-r--r--security/nss/gtests/certdb_gtest/Makefile43
-rw-r--r--security/nss/gtests/certdb_gtest/alg1485_unittest.cc112
-rw-r--r--security/nss/gtests/certdb_gtest/cert_unittest.cc47
-rw-r--r--security/nss/gtests/certdb_gtest/certdb_gtest.gyp32
-rw-r--r--security/nss/gtests/certdb_gtest/decode_certs_unittest.cc41
-rw-r--r--security/nss/gtests/certdb_gtest/manifest.mn24
6 files changed, 299 insertions, 0 deletions
diff --git a/security/nss/gtests/certdb_gtest/Makefile b/security/nss/gtests/certdb_gtest/Makefile
new file mode 100644
index 0000000000..0d547e0803
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
diff --git a/security/nss/gtests/certdb_gtest/alg1485_unittest.cc b/security/nss/gtests/certdb_gtest/alg1485_unittest.cc
new file mode 100644
index 0000000000..ac3a84c7cd
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/alg1485_unittest.cc
@@ -0,0 +1,112 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdint.h>
+
+#include "gtest/gtest.h"
+
+#include "nss.h"
+#include "nss_scoped_ptrs.h"
+#include "prprf.h"
+
+namespace nss_test {
+
+typedef struct AVATestValuesStr {
+ std::string avaString;
+ bool expectedResult;
+} AVATestValues;
+
+typedef struct AVACompareValuesStr {
+ std::string avaString1;
+ std::string avaString2;
+ SECComparison expectedResult;
+} AVACompareValues;
+
+class Alg1485Test : public ::testing::Test {};
+
+class Alg1485ParseTest : public Alg1485Test,
+ public ::testing::WithParamInterface<AVATestValues> {};
+
+class Alg1485CompareTest
+ : public Alg1485Test,
+ public ::testing::WithParamInterface<AVACompareValues> {};
+
+static const AVATestValues kAVATestStrings[] = {
+ {"CN=Marshall T. Rose, O=Dover Beach Consulting, L=Santa Clara, "
+ "ST=California, C=US",
+ true},
+ {"C=HU,L=Budapest,O=Organization,CN=Example - Qualified Citizen "
+ "CA,2.5.4.97=VATHU-10",
+ true},
+ {"C=HU,L=Budapest,O=Example,CN=Example - Qualified Citizen "
+ "CA,OID.2.5.4.97=VATHU-10",
+ true},
+ {"CN=Somebody,L=Set,O=Up,C=US,1=The,2=Bomb", true},
+ {"OID.2.5.4.6=😑", true},
+ {"2.5.4.6=😑", true},
+ {"OID.moocow=😑", false}, // OIDs must be numeric
+ {"3.2=bad", false}, // OIDs cannot be overly large; 3 is too big
+ {"256.257=bad", false}, // Still too big
+ {"YO=LO", false}, // Unknown Tag, 'YO'
+ {"CN=Tester,ZZ=Top", false}, // Unknown tag, 'ZZ'
+ // These tests are disabled pending Bug 1363416
+ // { "01.02.03=Nope", false }, // Numbers not in minimal form
+ // { "000001.0000000001=👌", false },
+ // { "CN=Somebody,L=Set,O=Up,C=US,01=The,02=Bomb", false },
+};
+
+static const AVACompareValues kAVACompareStrings[] = {
+ {"CN=Max, O=Mozilla, ST=Berlin", "CN=Max, O=Mozilla, ST=Berlin, C=DE",
+ SECLessThan},
+ {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin",
+ SECGreaterThan},
+ {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin, C=DE",
+ SECEqual},
+ {"CN=Max1, O=Mozilla, ST=Berlin, C=DE",
+ "CN=Max2, O=Mozilla, ST=Berlin, C=DE", SECLessThan},
+ {"CN=Max, O=Mozilla, ST=Berlin, C=DE", "CN=Max, O=Mozilla, ST=Berlin, C=US",
+ SECLessThan},
+};
+
+TEST_P(Alg1485ParseTest, TryParsingAVAStrings) {
+ const AVATestValues& param(GetParam());
+
+ ScopedCERTName certName(CERT_AsciiToName(param.avaString.c_str()));
+ ASSERT_EQ(certName != nullptr, param.expectedResult);
+}
+
+TEST_P(Alg1485CompareTest, CompareAVAStrings) {
+ const AVACompareValues& param(GetParam());
+ ScopedCERTName a(CERT_AsciiToName(param.avaString1.c_str()));
+ ScopedCERTName b(CERT_AsciiToName(param.avaString2.c_str()));
+ ASSERT_TRUE(a && b);
+ EXPECT_EQ(param.expectedResult, CERT_CompareName(a.get(), b.get()));
+}
+
+INSTANTIATE_TEST_SUITE_P(ParseAVAStrings, Alg1485ParseTest,
+ ::testing::ValuesIn(kAVATestStrings));
+INSTANTIATE_TEST_SUITE_P(CompareAVAStrings, Alg1485CompareTest,
+ ::testing::ValuesIn(kAVACompareStrings));
+
+TEST_F(Alg1485Test, ShortOIDTest) {
+ // This is not a valid OID (too short). CERT_GetOidString should return 0.
+ unsigned char data[] = {0x05};
+ const SECItem oid = {siBuffer, data, sizeof(data)};
+ char* result = CERT_GetOidString(&oid);
+ EXPECT_EQ(result, nullptr);
+}
+
+TEST_F(Alg1485Test, BrokenOIDTest) {
+ // This is not a valid OID (first bit of last byte is not set).
+ // CERT_GetOidString should return 0.
+ unsigned char data[] = {0x81, 0x82, 0x83, 0x84};
+ const SECItem oid = {siBuffer, data, sizeof(data)};
+ char* result = CERT_GetOidString(&oid);
+ EXPECT_EQ(15U, strlen(result));
+ EXPECT_EQ(0, strncmp("OID.UNSUPPORTED", result, 15));
+ PR_smprintf_free(result);
+}
+} // namespace nss_test
diff --git a/security/nss/gtests/certdb_gtest/cert_unittest.cc b/security/nss/gtests/certdb_gtest/cert_unittest.cc
new file mode 100644
index 0000000000..2fb67bd286
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/cert_unittest.cc
@@ -0,0 +1,47 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "nss.h"
+#include "secerr.h"
+#include "pk11pub.h"
+#include "nss_scoped_ptrs.h"
+
+namespace nss_test {
+
+class CertTest : public ::testing::Test {};
+
+// Tests CERT_GetCertificateDer for the certs we have.
+TEST_F(CertTest, GetCertDer) {
+ // Listing all the certs should get us the default trust anchors.
+ ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr));
+ ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list));
+
+ for (PRCList* cursor = PR_NEXT_LINK(&certs->list); cursor != &certs->list;
+ cursor = PR_NEXT_LINK(cursor)) {
+ CERTCertListNode* node = (CERTCertListNode*)cursor;
+ SECItem der;
+ ASSERT_EQ(SECSuccess, CERT_GetCertificateDer(node->cert, &der));
+ ASSERT_EQ(0, SECITEM_CompareItem(&der, &node->cert->derCert));
+ }
+}
+
+TEST_F(CertTest, GetCertDerBad) {
+ EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr));
+ ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list));
+ CERTCertListNode* node = (CERTCertListNode*)PR_NEXT_LINK(&certs->list);
+ EXPECT_EQ(SECFailure, CERT_GetCertificateDer(node->cert, nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ SECItem der;
+ EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, &der));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+}
+} // namespace nss_test
diff --git a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp
new file mode 100644
index 0000000000..7f5bb324b5
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../coreconf/config.gypi',
+ '../common/gtest.gypi',
+ ],
+ 'targets': [
+ {
+ 'target_name': 'certdb_gtest',
+ 'type': 'executable',
+ 'sources': [
+ 'alg1485_unittest.cc',
+ 'cert_unittest.cc',
+ 'decode_certs_unittest.cc',
+ '<(DEPTH)/gtests/common/gtests.cc'
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports',
+ '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+ '<(DEPTH)/lib/util/util.gyp:nssutil3',
+ '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
+ '<(DEPTH)/lib/nss/nss.gyp:nss3',
+ '<(DEPTH)/lib/smime/smime.gyp:smime3',
+ ]
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+}
diff --git a/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc
new file mode 100644
index 0000000000..3317ae8eed
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "cert.h"
+#include "prerror.h"
+#include "secerr.h"
+
+class DecodeCertsTest : public ::testing::Test {};
+
+TEST_F(DecodeCertsTest, EmptyCertPackage) {
+ // This represents a PKCS#7 ContentInfo with a contentType of
+ // '2.16.840.1.113730.2.5' (Netscape data-type cert-sequence) and a content
+ // consisting of an empty SEQUENCE. This is valid ASN.1, but it contains no
+ // certificates, so CERT_DecodeCertFromPackage should just return a null
+ // pointer.
+ unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+ 0x05, 0xa0, 0x02, 0x30, 0x00};
+ EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage(
+ reinterpret_cast<char*>(emptyCertPackage),
+ sizeof(emptyCertPackage)));
+ EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
+
+TEST_F(DecodeCertsTest, EmptySignedData) {
+ // This represents a PKCS#7 ContentInfo of contentType
+ // 1.2.840.113549.1.7.2 (signedData) with missing content.
+ unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
+ 0x02, 0x00, 0x00, 0x05, 0x00};
+
+ EXPECT_EQ(nullptr,
+ CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData),
+ sizeof(emptySignedData)));
+ EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
diff --git a/security/nss/gtests/certdb_gtest/manifest.mn b/security/nss/gtests/certdb_gtest/manifest.mn
new file mode 100644
index 0000000000..2edcf92615
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/manifest.mn
@@ -0,0 +1,24 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+MODULE = nss
+
+CPPSRCS = \
+ alg1485_unittest.cc \
+ cert_unittest.cc \
+ decode_certs_unittest.cc \
+ $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/gtests/common \
+ -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = certdb_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+ $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)