Source file
src/crypto/x509/parser_test.go
1
2
3
4
5 package x509
6
7 import (
8 "encoding/asn1"
9 "encoding/pem"
10 "os"
11 "testing"
12
13 cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
14 )
15
16 func TestParseASN1String(t *testing.T) {
17 tests := []struct {
18 name string
19 tag cryptobyte_asn1.Tag
20 value []byte
21 expected string
22 expectedErr string
23 }{
24 {
25 name: "T61String",
26 tag: cryptobyte_asn1.T61String,
27 value: []byte{80, 81, 82},
28 expected: string("PQR"),
29 },
30 {
31 name: "PrintableString",
32 tag: cryptobyte_asn1.PrintableString,
33 value: []byte{80, 81, 82},
34 expected: string("PQR"),
35 },
36 {
37 name: "PrintableString (invalid)",
38 tag: cryptobyte_asn1.PrintableString,
39 value: []byte{1, 2, 3},
40 expectedErr: "invalid PrintableString",
41 },
42 {
43 name: "UTF8String",
44 tag: cryptobyte_asn1.UTF8String,
45 value: []byte{80, 81, 82},
46 expected: string("PQR"),
47 },
48 {
49 name: "UTF8String (invalid)",
50 tag: cryptobyte_asn1.UTF8String,
51 value: []byte{255},
52 expectedErr: "invalid UTF-8 string",
53 },
54 {
55 name: "BMPString",
56 tag: cryptobyte_asn1.Tag(asn1.TagBMPString),
57 value: []byte{80, 81},
58 expected: string("偑"),
59 },
60 {
61 name: "BMPString (invalid length)",
62 tag: cryptobyte_asn1.Tag(asn1.TagBMPString),
63 value: []byte{255},
64 expectedErr: "invalid BMPString",
65 },
66 {
67 name: "IA5String",
68 tag: cryptobyte_asn1.IA5String,
69 value: []byte{80, 81},
70 expected: string("PQ"),
71 },
72 {
73 name: "IA5String (invalid)",
74 tag: cryptobyte_asn1.IA5String,
75 value: []byte{255},
76 expectedErr: "invalid IA5String",
77 },
78 {
79 name: "NumericString",
80 tag: cryptobyte_asn1.Tag(asn1.TagNumericString),
81 value: []byte{49, 50},
82 expected: string("12"),
83 },
84 {
85 name: "NumericString (invalid)",
86 tag: cryptobyte_asn1.Tag(asn1.TagNumericString),
87 value: []byte{80},
88 expectedErr: "invalid NumericString",
89 },
90 }
91
92 for _, tc := range tests {
93 t.Run(tc.name, func(t *testing.T) {
94 out, err := parseASN1String(tc.tag, tc.value)
95 if err != nil && err.Error() != tc.expectedErr {
96 t.Fatalf("parseASN1String returned unexpected error: got %q, want %q", err, tc.expectedErr)
97 } else if err == nil && tc.expectedErr != "" {
98 t.Fatalf("parseASN1String didn't fail, expected: %s", tc.expectedErr)
99 }
100 if out != tc.expected {
101 t.Fatalf("parseASN1String returned unexpected value: got %q, want %q", out, tc.expected)
102 }
103 })
104 }
105 }
106
107 const policyPEM = `-----BEGIN CERTIFICATE-----
108 MIIGeDCCBWCgAwIBAgIUED9KQBi0ScBDoufB2mgAJ63G5uIwDQYJKoZIhvcNAQEL
109 BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG
110 A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjAx
111 MDIyMTcwNDE5WhcNMjMxMDIyMTcwNDE5WjCBgTELMAkGA1UEBhMCVVMxHTAbBgNV
112 BAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVz
113 dCBOZXR3b3JrMTIwMAYDVQQDEylTeW1hbnRlYyBDbGFzcyAzIFNTUCBJbnRlcm1l
114 ZGlhdGUgQ0EgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2p
115 75cMpx86sS2aH4r+0o8r+m/KTrPrknWP0RA9Kp6sewAzkNa7BVwg0jOhyamiv1iP
116 Cns10usoH93nxYbXLWF54vOLRdYU/53KEPNmgkj2ipMaTLuaReBghNibikWSnAmy
117 S8RItaDMs8tdF2goKPI4xWiamNwqe92VC+pic2tq0Nva3Y4kvMDJjtyje3uduTtL
118 oyoaaHkrX7i7gE67psnMKj1THUtre1JV1ohl9+oOuyot4p3eSxVlrMWiiwb11bnk
119 CakecOz/mP2DHMGg6pZ/BeJ+ThaLUylAXECARIqHc9UwRPKC9BfLaCX4edIoeYiB
120 loRs4KdqLdg/I9eTwKkCAwEAAaOCAxEwggMNMB0GA1UdDgQWBBQ1Jn1QleGhwb0F
121 1cOdd0LHDBOWjDAfBgNVHSMEGDAWgBR58ABJ6393wl1BAmU0ipAjmx4HbzAOBgNV
122 HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBiAYDVR0gBIGAMH4wDAYKYIZI
123 AWUDAgEDAzAMBgpghkgBZQMCAQMMMAwGCmCGSAFlAwIBAw4wDAYKYIZIAWUDAgED
124 DzAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxMwDAYKYIZIAWUDAgEDFDAMBgpg
125 hkgBZQMCAQMlMAwGCmCGSAFlAwIBAyYwggESBgNVHSEEggEJMIIBBTAbBgpghkgB
126 ZQMCAQMDBg1ghkgBhvhFAQcXAwEGMBsGCmCGSAFlAwIBAwwGDWCGSAGG+EUBBxcD
127 AQcwGwYKYIZIAWUDAgEDDgYNYIZIAYb4RQEHFwMBDjAbBgpghkgBZQMCAQMPBg1g
128 hkgBhvhFAQcXAwEPMBsGCmCGSAFlAwIBAxIGDWCGSAGG+EUBBxcDARIwGwYKYIZI
129 AWUDAgEDEwYNYIZIAYb4RQEHFwMBETAbBgpghkgBZQMCAQMUBg1ghkgBhvhFAQcX
130 AwEUMBsGCmCGSAFlAwIBAyUGDWCGSAGG+EUBBxcDAQgwGwYKYIZIAWUDAgEDJgYN
131 YIZIAYb4RQEHFwMBJDBgBggrBgEFBQcBCwRUMFIwUAYIKwYBBQUHMAWGRGh0dHA6
132 Ly9zc3Atc2lhLnN5bWF1dGguY29tL1NUTlNTUC9DZXJ0c19Jc3N1ZWRfYnlfQ2xh
133 c3MzU1NQQ0EtRzMucDdjMA8GA1UdJAQIMAaAAQCBAQAwCgYDVR02BAMCAQAwUQYI
134 KwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVwby5mcGtpLmdvdi9i
135 cmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYWc0LnA3YzA3BgNVHR8EMDAuMCygKqAo
136 hiZodHRwOi8vcmVwby5mcGtpLmdvdi9icmlkZ2UvZmJjYWc0LmNybDANBgkqhkiG
137 9w0BAQsFAAOCAQEAA751TycC1f/WTkHmedF9ZWxP58Jstmwvkyo8bKueJ0eF7LTG
138 BgQlzE2B9vke4sFhd4V+BdgOPGE1dsGzllYKCWg0BhkCBs5kIJ7F6Ay6G1TBuGU1
139 Ie8247GL+P9pcC5TVvXHC/62R2w3DuD/vAPLbYEbSQjobXlsqt8Kmtd6yK/jVuDV
140 BTZMdZmvoNtjemqmgcBXHsf0ctVm0m6tH5uYqyVxu8tfyUis6Cf303PHj+spWP1k
141 gc5PYnVF0ot7qAmNFENIpbKg3BdusBkF9rGxLaDSUBvSc7+s9iQz9d/iRuAebrYu
142 +eqUlJ2lsjS1U8qyPmlH+spfPNbAEQEsuP32Aw==
143 -----END CERTIFICATE-----
144 `
145
146 func TestPolicyParse(t *testing.T) {
147 b, _ := pem.Decode([]byte(policyPEM))
148 c, err := ParseCertificate(b.Bytes)
149 if err != nil {
150 t.Fatal(err)
151 }
152 if len(c.Policies) != 9 {
153 t.Errorf("unexpected number of policies: got %d, want %d", len(c.Policies), 9)
154 }
155 if len(c.PolicyMappings) != 9 {
156 t.Errorf("unexpected number of policy mappings: got %d, want %d", len(c.PolicyMappings), 9)
157 }
158 if !c.RequireExplicitPolicyZero {
159 t.Error("expected RequireExplicitPolicyZero to be set")
160 }
161 if !c.InhibitPolicyMappingZero {
162 t.Error("expected InhibitPolicyMappingZero to be set")
163 }
164 if !c.InhibitAnyPolicyZero {
165 t.Error("expected InhibitAnyPolicyZero to be set")
166 }
167 }
168
169 func TestParsePolicies(t *testing.T) {
170 for _, tc := range []string{
171 "testdata/policy_leaf_duplicate.pem",
172 "testdata/policy_leaf_invalid.pem",
173 } {
174 t.Run(tc, func(t *testing.T) {
175 b, err := os.ReadFile(tc)
176 if err != nil {
177 t.Fatal(err)
178 }
179 p, _ := pem.Decode(b)
180 _, err = ParseCertificate(p.Bytes)
181 if err == nil {
182 t.Error("parsing should've failed")
183 }
184 })
185 }
186 }
187
View as plain text