Source file src/crypto/x509/parser_test.go

     1  // Copyright 2021 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package x509
     6  
     7  import (
     8  	"encoding/asn1"
     9  	"encoding/pem"
    10  	"os"
    11  	"testing"
    12  
    13  	cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
    14  )
    15  
    16  func TestParseASN1String(t *testing.T) {
    17  	tests := []struct {
    18  		name        string
    19  		tag         cryptobyte_asn1.Tag
    20  		value       []byte
    21  		expected    string
    22  		expectedErr string
    23  	}{
    24  		{
    25  			name:     "T61String",
    26  			tag:      cryptobyte_asn1.T61String,
    27  			value:    []byte{80, 81, 82},
    28  			expected: string("PQR"),
    29  		},
    30  		{
    31  			name:     "PrintableString",
    32  			tag:      cryptobyte_asn1.PrintableString,
    33  			value:    []byte{80, 81, 82},
    34  			expected: string("PQR"),
    35  		},
    36  		{
    37  			name:        "PrintableString (invalid)",
    38  			tag:         cryptobyte_asn1.PrintableString,
    39  			value:       []byte{1, 2, 3},
    40  			expectedErr: "invalid PrintableString",
    41  		},
    42  		{
    43  			name:     "UTF8String",
    44  			tag:      cryptobyte_asn1.UTF8String,
    45  			value:    []byte{80, 81, 82},
    46  			expected: string("PQR"),
    47  		},
    48  		{
    49  			name:        "UTF8String (invalid)",
    50  			tag:         cryptobyte_asn1.UTF8String,
    51  			value:       []byte{255},
    52  			expectedErr: "invalid UTF-8 string",
    53  		},
    54  		{
    55  			name:     "BMPString",
    56  			tag:      cryptobyte_asn1.Tag(asn1.TagBMPString),
    57  			value:    []byte{80, 81},
    58  			expected: string("偑"),
    59  		},
    60  		{
    61  			name:        "BMPString (invalid length)",
    62  			tag:         cryptobyte_asn1.Tag(asn1.TagBMPString),
    63  			value:       []byte{255},
    64  			expectedErr: "invalid BMPString",
    65  		},
    66  		{
    67  			name:     "IA5String",
    68  			tag:      cryptobyte_asn1.IA5String,
    69  			value:    []byte{80, 81},
    70  			expected: string("PQ"),
    71  		},
    72  		{
    73  			name:        "IA5String (invalid)",
    74  			tag:         cryptobyte_asn1.IA5String,
    75  			value:       []byte{255},
    76  			expectedErr: "invalid IA5String",
    77  		},
    78  		{
    79  			name:     "NumericString",
    80  			tag:      cryptobyte_asn1.Tag(asn1.TagNumericString),
    81  			value:    []byte{49, 50},
    82  			expected: string("12"),
    83  		},
    84  		{
    85  			name:        "NumericString (invalid)",
    86  			tag:         cryptobyte_asn1.Tag(asn1.TagNumericString),
    87  			value:       []byte{80},
    88  			expectedErr: "invalid NumericString",
    89  		},
    90  	}
    91  
    92  	for _, tc := range tests {
    93  		t.Run(tc.name, func(t *testing.T) {
    94  			out, err := parseASN1String(tc.tag, tc.value)
    95  			if err != nil && err.Error() != tc.expectedErr {
    96  				t.Fatalf("parseASN1String returned unexpected error: got %q, want %q", err, tc.expectedErr)
    97  			} else if err == nil && tc.expectedErr != "" {
    98  				t.Fatalf("parseASN1String didn't fail, expected: %s", tc.expectedErr)
    99  			}
   100  			if out != tc.expected {
   101  				t.Fatalf("parseASN1String returned unexpected value: got %q, want %q", out, tc.expected)
   102  			}
   103  		})
   104  	}
   105  }
   106  
   107  const policyPEM = `-----BEGIN CERTIFICATE-----
   108  MIIGeDCCBWCgAwIBAgIUED9KQBi0ScBDoufB2mgAJ63G5uIwDQYJKoZIhvcNAQEL
   109  BQAwVTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG
   110  A1UECxMERlBLSTEdMBsGA1UEAxMURmVkZXJhbCBCcmlkZ2UgQ0EgRzQwHhcNMjAx
   111  MDIyMTcwNDE5WhcNMjMxMDIyMTcwNDE5WjCBgTELMAkGA1UEBhMCVVMxHTAbBgNV
   112  BAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVz
   113  dCBOZXR3b3JrMTIwMAYDVQQDEylTeW1hbnRlYyBDbGFzcyAzIFNTUCBJbnRlcm1l
   114  ZGlhdGUgQ0EgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2p
   115  75cMpx86sS2aH4r+0o8r+m/KTrPrknWP0RA9Kp6sewAzkNa7BVwg0jOhyamiv1iP
   116  Cns10usoH93nxYbXLWF54vOLRdYU/53KEPNmgkj2ipMaTLuaReBghNibikWSnAmy
   117  S8RItaDMs8tdF2goKPI4xWiamNwqe92VC+pic2tq0Nva3Y4kvMDJjtyje3uduTtL
   118  oyoaaHkrX7i7gE67psnMKj1THUtre1JV1ohl9+oOuyot4p3eSxVlrMWiiwb11bnk
   119  CakecOz/mP2DHMGg6pZ/BeJ+ThaLUylAXECARIqHc9UwRPKC9BfLaCX4edIoeYiB
   120  loRs4KdqLdg/I9eTwKkCAwEAAaOCAxEwggMNMB0GA1UdDgQWBBQ1Jn1QleGhwb0F
   121  1cOdd0LHDBOWjDAfBgNVHSMEGDAWgBR58ABJ6393wl1BAmU0ipAjmx4HbzAOBgNV
   122  HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBiAYDVR0gBIGAMH4wDAYKYIZI
   123  AWUDAgEDAzAMBgpghkgBZQMCAQMMMAwGCmCGSAFlAwIBAw4wDAYKYIZIAWUDAgED
   124  DzAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxMwDAYKYIZIAWUDAgEDFDAMBgpg
   125  hkgBZQMCAQMlMAwGCmCGSAFlAwIBAyYwggESBgNVHSEEggEJMIIBBTAbBgpghkgB
   126  ZQMCAQMDBg1ghkgBhvhFAQcXAwEGMBsGCmCGSAFlAwIBAwwGDWCGSAGG+EUBBxcD
   127  AQcwGwYKYIZIAWUDAgEDDgYNYIZIAYb4RQEHFwMBDjAbBgpghkgBZQMCAQMPBg1g
   128  hkgBhvhFAQcXAwEPMBsGCmCGSAFlAwIBAxIGDWCGSAGG+EUBBxcDARIwGwYKYIZI
   129  AWUDAgEDEwYNYIZIAYb4RQEHFwMBETAbBgpghkgBZQMCAQMUBg1ghkgBhvhFAQcX
   130  AwEUMBsGCmCGSAFlAwIBAyUGDWCGSAGG+EUBBxcDAQgwGwYKYIZIAWUDAgEDJgYN
   131  YIZIAYb4RQEHFwMBJDBgBggrBgEFBQcBCwRUMFIwUAYIKwYBBQUHMAWGRGh0dHA6
   132  Ly9zc3Atc2lhLnN5bWF1dGguY29tL1NUTlNTUC9DZXJ0c19Jc3N1ZWRfYnlfQ2xh
   133  c3MzU1NQQ0EtRzMucDdjMA8GA1UdJAQIMAaAAQCBAQAwCgYDVR02BAMCAQAwUQYI
   134  KwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVwby5mcGtpLmdvdi9i
   135  cmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYWc0LnA3YzA3BgNVHR8EMDAuMCygKqAo
   136  hiZodHRwOi8vcmVwby5mcGtpLmdvdi9icmlkZ2UvZmJjYWc0LmNybDANBgkqhkiG
   137  9w0BAQsFAAOCAQEAA751TycC1f/WTkHmedF9ZWxP58Jstmwvkyo8bKueJ0eF7LTG
   138  BgQlzE2B9vke4sFhd4V+BdgOPGE1dsGzllYKCWg0BhkCBs5kIJ7F6Ay6G1TBuGU1
   139  Ie8247GL+P9pcC5TVvXHC/62R2w3DuD/vAPLbYEbSQjobXlsqt8Kmtd6yK/jVuDV
   140  BTZMdZmvoNtjemqmgcBXHsf0ctVm0m6tH5uYqyVxu8tfyUis6Cf303PHj+spWP1k
   141  gc5PYnVF0ot7qAmNFENIpbKg3BdusBkF9rGxLaDSUBvSc7+s9iQz9d/iRuAebrYu
   142  +eqUlJ2lsjS1U8qyPmlH+spfPNbAEQEsuP32Aw==
   143  -----END CERTIFICATE-----
   144  `
   145  
   146  func TestPolicyParse(t *testing.T) {
   147  	b, _ := pem.Decode([]byte(policyPEM))
   148  	c, err := ParseCertificate(b.Bytes)
   149  	if err != nil {
   150  		t.Fatal(err)
   151  	}
   152  	if len(c.Policies) != 9 {
   153  		t.Errorf("unexpected number of policies: got %d, want %d", len(c.Policies), 9)
   154  	}
   155  	if len(c.PolicyMappings) != 9 {
   156  		t.Errorf("unexpected number of policy mappings: got %d, want %d", len(c.PolicyMappings), 9)
   157  	}
   158  	if !c.RequireExplicitPolicyZero {
   159  		t.Error("expected RequireExplicitPolicyZero to be set")
   160  	}
   161  	if !c.InhibitPolicyMappingZero {
   162  		t.Error("expected InhibitPolicyMappingZero to be set")
   163  	}
   164  	if !c.InhibitAnyPolicyZero {
   165  		t.Error("expected InhibitAnyPolicyZero to be set")
   166  	}
   167  }
   168  
   169  func TestParsePolicies(t *testing.T) {
   170  	for _, tc := range []string{
   171  		"testdata/policy_leaf_duplicate.pem",
   172  		"testdata/policy_leaf_invalid.pem",
   173  	} {
   174  		t.Run(tc, func(t *testing.T) {
   175  			b, err := os.ReadFile(tc)
   176  			if err != nil {
   177  				t.Fatal(err)
   178  			}
   179  			p, _ := pem.Decode(b)
   180  			_, err = ParseCertificate(p.Bytes)
   181  			if err == nil {
   182  				t.Error("parsing should've failed")
   183  			}
   184  		})
   185  	}
   186  }
   187  

View as plain text