Convert tests that parse an Extension value to instead

parse an entire Certificate. (Part of a series of changes for simplifying the parsing tests to be in terms of just certificates for consistent entry point and expectations) BUG=634443 Review-Url: https://codereview.chromium.org/2359783003 Cr-Commit-Position: refs/heads/master@{#420669}

Convert tests that parse an Extension value to instead
parse an entire Certificate. (Part of a series of changes for simplifying the parsing tests to be in terms of just certificates for consistent entry point and expectations) BUG=634443 Review-Url: https://codereview.chromium.org/2359783003 Cr-Commit-Position: refs/heads/master@{#420669}
00d1ed46 · eroman · Commit bot · 24dfd18e · 00d1ed46 · 00d1ed46
Commit 00d1ed46 authored Sep 23, 2016 by eroman Committed by Commit bot Sep 23, 2016
7 changed files
--- a/net/cert/internal/parse_certificate_unittest.cc
+++ b/net/cert/internal/parse_certificate_unittest.cc
@@ -362,69 +362,60 @@ TEST(ParseTbsCertificateTest, ValidityRelaxed) {
  RunTbsCertificateTest("tbs_validity_relaxed.pem");
 }
-// Reads a PEM file containing a block "EXTENSION". This input will be
+der::Input DavidBenOid() {
-// passed to ParseExtension, and the results filled in |out|.
+  // This OID corresponds with
-bool ParseExtensionFromFile(const std::string& file_name,
+  // 1.2.840.113554.4.1.72585.0 (https://davidben.net/oid)
-                            ParsedExtension* out,
+  static const uint8_t kOid[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
-                            std::string* data) {
+                                 0x04, 0x01, 0x84, 0xb7, 0x09, 0x00};
-  const PemBlockMapping mappings[] = {
+  return der::Input(kOid);
-      {"EXTENSION", data},
-  };
-  EXPECT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings));
-  return ParseExtension(der::Input(data), out);
 }
 // Parses an Extension whose critical field is true (255).
-TEST(ParseExtensionTest, Critical) {
+TEST(ParseCertificateTest, ExtensionCritical) {
-  std::string data;
+  scoped_refptr<ParsedCertificate> cert =
-  ParsedExtension extension;
+      ParseCertificateFromFile("extension_critical.pem");
-  ASSERT_TRUE(
+  ASSERT_TRUE(cert);
-      ParseExtensionFromFile("extension_critical.pem", &extension, &data));
-  EXPECT_TRUE(extension.critical);
+  const uint8_t kExpectedValue[] = {0x30, 0x00};
-  const uint8_t kExpectedOid[] = {0x55, 0x1d, 0x13};
+  auto it = cert->unparsed_extensions().find(DavidBenOid());
-  EXPECT_EQ(der::Input(kExpectedOid), extension.oid);
+  ASSERT_NE(cert->unparsed_extensions().end(), it);
+  const auto& extension = it->second;
-  const uint8_t kExpectedValue[] = {0x30, 0x00};
+  EXPECT_TRUE(extension.critical);
+  EXPECT_EQ(DavidBenOid(), extension.oid);
  EXPECT_EQ(der::Input(kExpectedValue), extension.value);
 }
 // Parses an Extension whose critical field is false (omitted).
-TEST(ParseExtensionTest, NotCritical) {
+TEST(ParseCertificateTest, ExtensionNotCritical) {
-  std::string data;
+  scoped_refptr<ParsedCertificate> cert =
-  ParsedExtension extension;
+      ParseCertificateFromFile("extension_not_critical.pem");
-  ASSERT_TRUE(
+  ASSERT_TRUE(cert);
-      ParseExtensionFromFile("extension_not_critical.pem", &extension, &data));
-  EXPECT_FALSE(extension.critical);
+  const uint8_t kExpectedValue[] = {0x30, 0x00};
-  const uint8_t kExpectedOid[] = {0x55, 0x1d, 0x13};
+  auto it = cert->unparsed_extensions().find(DavidBenOid());
-  EXPECT_EQ(der::Input(kExpectedOid), extension.oid);
+  ASSERT_NE(cert->unparsed_extensions().end(), it);
+  const auto& extension = it->second;
-  const uint8_t kExpectedValue[] = {0x30, 0x00};
+  EXPECT_FALSE(extension.critical);
+  EXPECT_EQ(DavidBenOid(), extension.oid);
  EXPECT_EQ(der::Input(kExpectedValue), extension.value);
 }
 // Parses an Extension whose critical field is 0. This is in one sense FALSE,
 // however because critical has DEFAULT of false this is in fact invalid
 // DER-encoding.
-TEST(ParseExtensionTest, Critical0) {
+TEST(ParseCertificateTest, ExtensionCritical0) {
-  std::string data;
+  ASSERT_FALSE(ParseCertificateFromFile("extension_critical_0.pem"));
-  ParsedExtension extension;
-  ASSERT_FALSE(
-      ParseExtensionFromFile("extension_critical_0.pem", &extension, &data));
 }
 // Parses an Extension whose critical field is 3. Under DER-encoding BOOLEAN
 // values must an octet of either all zero bits, or all 1 bits, so this is not
 // valid.
-TEST(ParseExtensionTest, Critical3) {
+TEST(ParseCertificateTest, ExtensionCritical3) {
-  std::string data;
+  ASSERT_FALSE(ParseCertificateFromFile("extension_critical_3.pem"));
-  ParsedExtension extension;
-  ASSERT_FALSE(
-      ParseExtensionFromFile("extension_critical_3.pem", &extension, &data));
 }
 // Runs a test for extensions parsing. The input file is a PEM file which
@@ -485,12 +476,7 @@ TEST(ParseExtensionsTest, UnknownCritical) {
                                  &extensions, &data);
  ASSERT_EQ(1u, extensions.size());
-  // This OID corresponds with
+  auto iter = extensions.find(DavidBenOid());
-  // 1.2.840.113554.4.1.72585.0 (https://davidben.net/oid)
-  const uint8_t oid[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
-                         0x04, 0x01, 0x84, 0xb7, 0x09, 0x00};
-  auto iter = extensions.find(der::Input(oid));
  ASSERT_TRUE(iter != extensions.end());
  EXPECT_TRUE(iter->second.critical);
  EXPECT_EQ(4u, iter->second.value.Length());
@@ -504,12 +490,7 @@ TEST(ParseExtensionsTest, UnknownNonCritical) {
                                  &extensions, &data);
  ASSERT_EQ(1u, extensions.size());
-  // This OID corresponds with
+  auto iter = extensions.find(DavidBenOid());
-  // 1.2.840.113554.4.1.72585.0 (https://davidben.net/oid)
-  const uint8_t oid[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
-                         0x04, 0x01, 0x84, 0xb7, 0x09, 0x00};
-  auto iter = extensions.find(der::Input(oid));
  ASSERT_TRUE(iter != extensions.end());
  EXPECT_FALSE(iter->second.critical);
  EXPECT_EQ(4u, iter->second.value.Length());

--- a/net/cert/internal/parsed_certificate.cc
+++ b/net/cert/internal/parsed_certificate.cc
@@ -79,6 +79,7 @@ scoped_refptr<ParsedCertificate> ParsedCertificate::CreateInternal(
    DataSource source,
    const ParseCertificateOptions& options,
    CertErrors* errors) {
+  // TODO(crbug.com/634443): Add errors
  scoped_refptr<ParsedCertificate> result(new ParsedCertificate);
  switch (source) {

--- a/net/data/parse_certificate_unittest/extension_critical.pem
+++ b/net/data/parse_certificate_unittest/extension_critical.pem
-This is a basic constraints extension, which is marked as critical.
+This is an unknown extension, which is marked as critical.
+#-----BEGIN EXTENSION-----
+SEQUENCE {
+  # https://davidben.net/oid
+  OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 }
+  BOOLEAN { `ff` }
+  OCTET_STRING {
+    SEQUENCE {}
+  }
+}
+#-----END EXTENSION-----
-$ openssl asn1parse -i < [EXTENSION]
-    0:d=0  hl=2 l=  12 cons: SEQUENCE          
+-----BEGIN CERTIFICATE-----
-    2:d=1  hl=2 l=   3 prim:  OBJECT            :X509v3 Basic Constraints
+MIICbzCCAdigAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2cwZTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAVBgwqhkiG9xIEAYS3CQABAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm
-    7:d=1  hl=2 l=   1 prim:  BOOLEAN           :255
+-----END CERTIFICATE-----
-   10:d=1  hl=2 l=   2 prim:  OCTET STRING      [HEX DUMP]:3000
-----BEGIN EXTENSION-----
-MAwGA1UdEwEB/wQCMAA=
-----END EXTENSION-----
--- a/net/data/parse_certificate_unittest/extension_critical_0.pem
+++ b/net/data/parse_certificate_unittest/extension_critical_0.pem
-This is a basic constraints extension, where the critical field (BOOLEAN) is 0.
+This is an unknown extension, where the critical field (BOOLEAN) is 0.
 This is not valid because the critical field has a default of FALSE, so under
 DER-encoding it should be omitted.
+#-----BEGIN EXTENSION-----
+SEQUENCE {
+  # https://davidben.net/oid
+  OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 }
+  BOOLEAN { `00` }
+  OCTET_STRING {
+    SEQUENCE {}
+  }
+}
+#-----END EXTENSION-----
-$ openssl asn1parse -i < [EXTENSION]
-    0:d=0  hl=2 l=  12 cons: SEQUENCE          
+-----BEGIN CERTIFICATE-----
-    2:d=1  hl=2 l=   3 prim:  OBJECT            :X509v3 Basic Constraints
+MIICbzCCAdigAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2cwZTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAVBgwqhkiG9xIEAYS3CQABAQAEAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm
-    7:d=1  hl=2 l=   1 prim:  BOOLEAN           :0
+-----END CERTIFICATE-----
-   10:d=1  hl=2 l=   2 prim:  OCTET STRING      [HEX DUMP]:3000
-----BEGIN EXTENSION-----
-MAwGA1UdEwEBAAQCMAA=
-----END EXTENSION-----
--- a/net/data/parse_certificate_unittest/extension_critical_3.pem
+++ b/net/data/parse_certificate_unittest/extension_critical_3.pem
-This is a basic constraints extension, where the critical field (BOOLEAN) is 3.
+This is an unknown extension, where the critical field (BOOLEAN) is 3.
 This is not valid because BOOLEANs in DER-encoding should use an octet of
 either all 0 bits or all 1 bits.
+#-----BEGIN EXTENSION-----
+SEQUENCE {
+  # https://davidben.net/oid
+  OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 }
+  BOOLEAN { `03` }
+  OCTET_STRING {
+    SEQUENCE {}
+  }
+}
+#-----END EXTENSION-----
-$ openssl asn1parse -i < [EXTENSION]
-    0:d=0  hl=2 l=  12 cons: SEQUENCE          
+-----BEGIN CERTIFICATE-----
-    2:d=1  hl=2 l=   3 prim:  OBJECT            :X509v3 Basic Constraints
+MIICbzCCAdigAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2cwZTAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zAVBgwqhkiG9xIEAYS3CQABAQMEAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm
-    7:d=1  hl=2 l=   1 prim:  BOOLEAN           :3
+-----END CERTIFICATE-----
-   10:d=1  hl=2 l=   2 prim:  OCTET STRING      [HEX DUMP]:3000
-----BEGIN EXTENSION-----
-MAwGA1UdEwEBAwQCMAA=
-----END EXTENSION-----
--- a/net/data/parse_certificate_unittest/extension_not_critical.pem
+++ b/net/data/parse_certificate_unittest/extension_not_critical.pem
-This is a modified basic constraints extension, where the critical field was
+This is an unknown extension, where the critical field is absent (in other
-removed (in other words, FALSE).
+words, FALSE).
+#-----BEGIN EXTENSION-----
+SEQUENCE {
+  # https://davidben.net/oid
+  OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.0 }
+  OCTET_STRING {
+    SEQUENCE {}
+  }
+}
+#-----END EXTENSION-----
-$ openssl asn1parse -i < [EXTENSION]
-    0:d=0  hl=2 l=   9 cons: SEQUENCE          
+-----BEGIN CERTIFICATE-----
-    2:d=1  hl=2 l=   3 prim:  OBJECT            :X509v3 Basic Constraints
+MIICbDCCAdWgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo2QwYjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zASBgwqhkiG9xIEAYS3CQAEAjAAMA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm
-    7:d=1  hl=2 l=   2 prim:  OCTET STRING      [HEX DUMP]:3000
+-----END CERTIFICATE-----
-----BEGIN EXTENSION-----
-MAkGA1UdEwQCMAA=
-----END EXTENSION-----
--- a/net/data/parse_certificate_unittest/v3_certificate_template.txt
+++ b/net/data/parse_certificate_unittest/v3_certificate_template.txt
@@ -110,6 +110,9 @@ SEQUENCE {
 #-----END BASIC_CONSTRAINTS-----
          }
        }
+#-----BEGIN EXTENSION-----
+# (For adding in another extension at the end of the list)
+#-----END EXTENSION-----
      }
    }
  }