nss-3.41/nss/gtests/mozpkix_gtest/pkixocsp_CreateEncodedOCSPRequest_tests.cpp - manifest_repos/nss - Git at Google

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This code is made available to you under your choice of the following sets
  * of licensing terms:
  */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  */
 /* Copyright 2013 Mozilla Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include "pkixgtest.h"

 #include "mozpkix/pkixder.h"

 using namespace mozilla::pkix;
 using namespace mozilla::pkix::test;

 class CreateEncodedOCSPRequestTrustDomain final
   : public EverythingFailsByDefaultTrustDomain
 {
 private:
   Result DigestBuf(Input item, DigestAlgorithm digestAlg,
                    /*out*/ uint8_t *digestBuf, size_t digestBufLen)
                    override
   {
     return TestDigestBuf(item, digestAlg, digestBuf, digestBufLen);
   }

   Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA, unsigned int)
                                             override
   {
     return Success;
   }
 };

 class pkixocsp_CreateEncodedOCSPRequest : public ::testing::Test
 {
 protected:
   void MakeIssuerCertIDComponents(const char* issuerASCII,
                                   /*out*/ ByteString& issuerDER,
                                   /*out*/ ByteString& issuerSPKI)
   {
     issuerDER = CNToDERName(issuerASCII);
     ASSERT_FALSE(ENCODING_FAILED(issuerDER));

     ScopedTestKeyPair keyPair(GenerateKeyPair());
     ASSERT_TRUE(keyPair.get());
     issuerSPKI = keyPair->subjectPublicKeyInfo;
   }

   CreateEncodedOCSPRequestTrustDomain trustDomain;
 };

 // Test that the large length of the child serial number causes
 // CreateEncodedOCSPRequest to fail.
 TEST_F(pkixocsp_CreateEncodedOCSPRequest, ChildCertLongSerialNumberTest)
 {
   static const uint8_t UNSUPPORTED_LEN = 128; // must be larger than 127

   ByteString serialNumberString;
   // tag + length + value is 1 + 2 + UNSUPPORTED_LEN
   // Encoding the length takes two bytes: one byte to indicate that a
   // second byte follows, and the second byte to indicate the length.
   serialNumberString.push_back(0x80 + 1);
   serialNumberString.push_back(UNSUPPORTED_LEN);
   // value is 0x010000...00
   serialNumberString.push_back(0x01);
   for (size_t i = 1; i < UNSUPPORTED_LEN; ++i) {
     serialNumberString.push_back(0x00);
   }

   ByteString issuerDER;
   ByteString issuerSPKI;
   ASSERT_NO_FATAL_FAILURE(MakeIssuerCertIDComponents("CA", issuerDER,
                                                      issuerSPKI));

   Input issuer;
   ASSERT_EQ(Success, issuer.Init(issuerDER.data(), issuerDER.length()));

   Input spki;
   ASSERT_EQ(Success, spki.Init(issuerSPKI.data(), issuerSPKI.length()));

   Input serialNumber;
   ASSERT_EQ(Success, serialNumber.Init(serialNumberString.data(),
                                        serialNumberString.length()));

   uint8_t ocspRequest[OCSP_REQUEST_MAX_LENGTH];
   size_t ocspRequestLength;
   ASSERT_EQ(Result::ERROR_BAD_DER,
             CreateEncodedOCSPRequest(trustDomain,
                                      CertID(issuer, spki, serialNumber),
                                      ocspRequest, ocspRequestLength));
 }

 // Test that CreateEncodedOCSPRequest handles the longest serial number that
 // it's required to support (i.e. 20 octets).
 TEST_F(pkixocsp_CreateEncodedOCSPRequest, LongestSupportedSerialNumberTest)
 {
   static const uint8_t LONGEST_REQUIRED_LEN = 20;

   ByteString serialNumberString;
   // tag + length + value is 1 + 1 + LONGEST_REQUIRED_LEN
   serialNumberString.push_back(der::INTEGER);
   serialNumberString.push_back(LONGEST_REQUIRED_LEN);
   serialNumberString.push_back(0x01);
   // value is 0x010000...00
   for (size_t i = 1; i < LONGEST_REQUIRED_LEN; ++i) {
     serialNumberString.push_back(0x00);
   }

   ByteString issuerDER;
   ByteString issuerSPKI;
   ASSERT_NO_FATAL_FAILURE(MakeIssuerCertIDComponents("CA", issuerDER,
                                                      issuerSPKI));

   Input issuer;
   ASSERT_EQ(Success, issuer.Init(issuerDER.data(), issuerDER.length()));

   Input spki;
   ASSERT_EQ(Success, spki.Init(issuerSPKI.data(), issuerSPKI.length()));

   Input serialNumber;
   ASSERT_EQ(Success, serialNumber.Init(serialNumberString.data(),
                                        serialNumberString.length()));

   uint8_t ocspRequest[OCSP_REQUEST_MAX_LENGTH];
   size_t ocspRequestLength;
   ASSERT_EQ(Success,
             CreateEncodedOCSPRequest(trustDomain,
                                      CertID(issuer, spki, serialNumber),
                                      ocspRequest, ocspRequestLength));
 }
	/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
	/* vim: set ts=8 sts=2 et sw=2 tw=80: */
	/* This code is made available to you under your choice of the following sets
	* of licensing terms:
	*/
	/* This Source Code Form is subject to the terms of the Mozilla Public
	* License, v. 2.0. If a copy of the MPL was not distributed with this
	* file, You can obtain one at http://mozilla.org/MPL/2.0/.
	*/
	/* Copyright 2013 Mozilla Contributors
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include "pkixgtest.h"

	#include "mozpkix/pkixder.h"

	using namespace mozilla::pkix;
	using namespace mozilla::pkix::test;

	class CreateEncodedOCSPRequestTrustDomain final
	: public EverythingFailsByDefaultTrustDomain
	{
	private:
	Result DigestBuf(Input item, DigestAlgorithm digestAlg,
	/out/ uint8_t *digestBuf, size_t digestBufLen)
	override
	{
	return TestDigestBuf(item, digestAlg, digestBuf, digestBufLen);
	}

	Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA, unsigned int)
	override
	{
	return Success;
	}
	};

	class pkixocsp_CreateEncodedOCSPRequest : public ::testing::Test
	{
	protected:
	void MakeIssuerCertIDComponents(const char* issuerASCII,
	/out/ ByteString& issuerDER,
	/out/ ByteString& issuerSPKI)
	{
	issuerDER = CNToDERName(issuerASCII);
	ASSERT_FALSE(ENCODING_FAILED(issuerDER));

	ScopedTestKeyPair keyPair(GenerateKeyPair());
	ASSERT_TRUE(keyPair.get());
	issuerSPKI = keyPair->subjectPublicKeyInfo;
	}

	CreateEncodedOCSPRequestTrustDomain trustDomain;
	};

	// Test that the large length of the child serial number causes
	// CreateEncodedOCSPRequest to fail.
	TEST_F(pkixocsp_CreateEncodedOCSPRequest, ChildCertLongSerialNumberTest)
	{
	static const uint8_t UNSUPPORTED_LEN = 128; // must be larger than 127

	ByteString serialNumberString;
	// tag + length + value is 1 + 2 + UNSUPPORTED_LEN
	// Encoding the length takes two bytes: one byte to indicate that a
	// second byte follows, and the second byte to indicate the length.
	serialNumberString.push_back(0x80 + 1);
	serialNumberString.push_back(UNSUPPORTED_LEN);
	// value is 0x010000...00
	serialNumberString.push_back(0x01);
	for (size_t i = 1; i < UNSUPPORTED_LEN; ++i) {
	serialNumberString.push_back(0x00);
	}

	ByteString issuerDER;
	ByteString issuerSPKI;
	ASSERT_NO_FATAL_FAILURE(MakeIssuerCertIDComponents("CA", issuerDER,
	issuerSPKI));

	Input issuer;
	ASSERT_EQ(Success, issuer.Init(issuerDER.data(), issuerDER.length()));

	Input spki;
	ASSERT_EQ(Success, spki.Init(issuerSPKI.data(), issuerSPKI.length()));

	Input serialNumber;
	ASSERT_EQ(Success, serialNumber.Init(serialNumberString.data(),
	serialNumberString.length()));

	uint8_t ocspRequest[OCSP_REQUEST_MAX_LENGTH];
	size_t ocspRequestLength;
	ASSERT_EQ(Result::ERROR_BAD_DER,
	CreateEncodedOCSPRequest(trustDomain,
	CertID(issuer, spki, serialNumber),
	ocspRequest, ocspRequestLength));
	}

	// Test that CreateEncodedOCSPRequest handles the longest serial number that
	// it's required to support (i.e. 20 octets).
	TEST_F(pkixocsp_CreateEncodedOCSPRequest, LongestSupportedSerialNumberTest)
	{
	static const uint8_t LONGEST_REQUIRED_LEN = 20;

	ByteString serialNumberString;
	// tag + length + value is 1 + 1 + LONGEST_REQUIRED_LEN
	serialNumberString.push_back(der::INTEGER);
	serialNumberString.push_back(LONGEST_REQUIRED_LEN);
	serialNumberString.push_back(0x01);
	// value is 0x010000...00
	for (size_t i = 1; i < LONGEST_REQUIRED_LEN; ++i) {
	serialNumberString.push_back(0x00);
	}

	ByteString issuerDER;
	ByteString issuerSPKI;
	ASSERT_NO_FATAL_FAILURE(MakeIssuerCertIDComponents("CA", issuerDER,
	issuerSPKI));

	Input issuer;
	ASSERT_EQ(Success, issuer.Init(issuerDER.data(), issuerDER.length()));

	Input spki;
	ASSERT_EQ(Success, spki.Init(issuerSPKI.data(), issuerSPKI.length()));

	Input serialNumber;
	ASSERT_EQ(Success, serialNumber.Init(serialNumberString.data(),
	serialNumberString.length()));

	uint8_t ocspRequest[OCSP_REQUEST_MAX_LENGTH];
	size_t ocspRequestLength;
	ASSERT_EQ(Success,
	CreateEncodedOCSPRequest(trustDomain,
	CertID(issuer, spki, serialNumber),
	ocspRequest, ocspRequestLength));
	}