1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <algorithm>
16 #include <functional>
17 #include <string>
18 #include <vector>
19
20 #include <gtest/gtest.h>
21
22 #include <openssl/bio.h>
23 #include <openssl/bytestring.h>
24 #include <openssl/crypto.h>
25 #include <openssl/curve25519.h>
26 #include <openssl/digest.h>
27 #include <openssl/err.h>
28 #include <openssl/pem.h>
29 #include <openssl/pool.h>
30 #include <openssl/x509.h>
31 #include <openssl/x509v3.h>
32
33 #include "../internal.h"
34 #include "../test/test_util.h"
35 #include "../x509v3/internal.h"
36
37
38 std::string GetTestData(const char *path);
39
40 static const char kCrossSigningRootPEM[] =
41 "-----BEGIN CERTIFICATE-----\n"
42 "MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE\n"
43 "ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v\n"
44 "dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE\n"
45 "ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v\n"
46 "dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp\n"
47 "ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5\n"
48 "EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP\n"
49 "RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud\n"
50 "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud\n"
51 "DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF\n"
52 "lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC\n"
53 "CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr\n"
54 "+3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3\n"
55 "YFXvkME=\n"
56 "-----END CERTIFICATE-----\n";
57
58 static const char kRootCAPEM[] =
59 "-----BEGIN CERTIFICATE-----\n"
60 "MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE\n"
61 "ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx\n"
62 "MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU\n"
63 "RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n"
64 "iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM\n"
65 "2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ\n"
66 "w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO\n"
67 "BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G\n"
68 "A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j\n"
69 "BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za\n"
70 "kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN\n"
71 "+9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2\n"
72 "kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==\n"
73 "-----END CERTIFICATE-----\n";
74
75 static const char kRootCrossSignedPEM[] =
76 "-----BEGIN CERTIFICATE-----\n"
77 "MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE\n"
78 "ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v\n"
79 "dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE\n"
80 "ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI\n"
81 "hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU\n"
82 "8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE\n"
83 "bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb\n"
84 "SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD\n"
85 "AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc\n"
86 "flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB\n"
87 "CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q\n"
88 "9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU\n"
89 "90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV\n"
90 "-----END CERTIFICATE-----\n";
91
92 static const char kIntermediatePEM[] =
93 "-----BEGIN CERTIFICATE-----\n"
94 "MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV\n"
95 "BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw\n"
96 "MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg\n"
97 "VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB\n"
98 "AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl\n"
99 "blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu\n"
100 "CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID\n"
101 "AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\n"
102 "AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy\n"
103 "BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB\n"
104 "gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY\n"
105 "ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB\n"
106 "aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==\n"
107 "-----END CERTIFICATE-----\n";
108
109 static const char kIntermediateSelfSignedPEM[] =
110 "-----BEGIN CERTIFICATE-----\n"
111 "MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV\n"
112 "BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew\n"
113 "IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv\n"
114 "cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ\n"
115 "KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX\n"
116 "jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS\n"
117 "JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N\n"
118 "WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF\n"
119 "BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2\n"
120 "211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3\n"
121 "DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT\n"
122 "6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI\n"
123 "E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH\n"
124 "-----END CERTIFICATE-----\n";
125
126 static const char kLeafPEM[] =
127 "-----BEGIN CERTIFICATE-----\n"
128 "MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE\n"
129 "ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg\n"
130 "Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y\n"
131 "aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3\n"
132 "DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c\n"
133 "oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j\n"
134 "5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh\n"
135 "TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\n"
136 "CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0\n"
137 "4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB\n"
138 "gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y\n"
139 "rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU\n"
140 "xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==\n"
141 "-----END CERTIFICATE-----\n";
142
143 static const char kLeafNoKeyUsagePEM[] =
144 "-----BEGIN CERTIFICATE-----\n"
145 "MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV\n"
146 "BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew\n"
147 "IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv\n"
148 "cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G\n"
149 "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp\n"
150 "ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk\n"
151 "j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ\n"
152 "YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1\n"
153 "27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN\n"
154 "AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe\n"
155 "6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D\n"
156 "uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=\n"
157 "-----END CERTIFICATE-----\n";
158
159 static const char kForgeryPEM[] =
160 "-----BEGIN CERTIFICATE-----\n"
161 "MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE\n"
162 "ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w\n"
163 "IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv\n"
164 "cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf\n"
165 "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy\n"
166 "xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm\n"
167 "0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3\n"
168 "OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI\n"
169 "KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM\n"
170 "8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG\n"
171 "9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf\n"
172 "DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4\n"
173 "4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==\n"
174 "-----END CERTIFICATE-----\n";
175
176 // kExamplePSSCert is an example RSA-PSS self-signed certificate, signed with
177 // the default hash functions.
178 static const char kExamplePSSCert[] =
179 "-----BEGIN CERTIFICATE-----\n"
180 "MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL\n"
181 "MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy\n"
182 "bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5\n"
183 "NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK\n"
184 "DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A\n"
185 "MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8\n"
186 "0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3\n"
187 "13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO\n"
188 "MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ\n"
189 "QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC\n"
190 "AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w\n"
191 "xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN\n"
192 "Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY=\n"
193 "-----END CERTIFICATE-----\n";
194
195 // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters.
196 static const char kBadPSSCertPEM[] =
197 "-----BEGIN CERTIFICATE-----\n"
198 "MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI\n"
199 "AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD\n"
200 "VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz\n"
201 "NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj\n"
202 "ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH\n"
203 "qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL\n"
204 "IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT\n"
205 "IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k\n"
206 "dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq\n"
207 "QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa\n"
208 "5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2\n"
209 "4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB\n"
210 "Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii\n"
211 "BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb\n"
212 "xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn\n"
213 "plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY\n"
214 "DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p\n"
215 "NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ\n"
216 "lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=\n"
217 "-----END CERTIFICATE-----\n";
218
219 static const char kRSAKey[] =
220 "-----BEGIN RSA PRIVATE KEY-----\n"
221 "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n"
222 "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n"
223 "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n"
224 "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n"
225 "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n"
226 "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n"
227 "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n"
228 "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n"
229 "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n"
230 "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n"
231 "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n"
232 "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n"
233 "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n"
234 "-----END RSA PRIVATE KEY-----\n";
235
236 // kCRLTestRoot is a test root certificate. It has private key:
237 //
238 // -----BEGIN RSA PRIVATE KEY-----
239 // MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
240 // lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
241 // 07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
242 // IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
243 // 9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
244 // ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
245 // DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
246 // Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
247 // aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
248 // GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
249 // 9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
250 // grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
251 // /zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
252 // 5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
253 // DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
254 // BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
255 // lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
256 // TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
257 // RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
258 // ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
259 // s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
260 // EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
261 // qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
262 // Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
263 // vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
264 // -----END RSA PRIVATE KEY-----
265 static const char kCRLTestRoot[] =
266 "-----BEGIN CERTIFICATE-----\n"
267 "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n"
268 "BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW\n"
269 "aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0\n"
270 "MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n"
271 "A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq\n"
272 "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B\n"
273 "S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+\n"
274 "5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp\n"
275 "uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n\n"
276 "8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL\n"
277 "P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw\n"
278 "TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3\n"
279 "N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n"
280 "AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz\n"
281 "EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN\n"
282 "XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B\n"
283 "3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5\n"
284 "24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw\n"
285 "amd8GKMZQvP0ufGnUn7D7uartA==\n"
286 "-----END CERTIFICATE-----\n";
287
288 static const char kCRLTestLeaf[] =
289 "-----BEGIN CERTIFICATE-----\n"
290 "MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx\n"
291 "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ\n"
292 "BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa\n"
293 "MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC\n"
294 "b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA\n"
295 "A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9\n"
296 "8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP\n"
297 "ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx\n"
298 "e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX\n"
299 "+saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu\n"
300 "OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC\n"
301 "MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl\n"
302 "MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3\n"
303 "lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw\n"
304 "XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ\n"
305 "ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh\n"
306 "lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql\n"
307 "ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC\n"
308 "5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG\n"
309 "tjJMFw==\n"
310 "-----END CERTIFICATE-----\n";
311
312 static const char kBasicCRL[] =
313 "-----BEGIN X509 CRL-----\n"
314 "MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
315 "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
316 "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV\n"
317 "HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN\n"
318 "ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo\n"
319 "eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os\n"
320 "dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv\n"
321 "diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho\n"
322 "/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==\n"
323 "-----END X509 CRL-----\n";
324
325 static const char kRevokedCRL[] =
326 "-----BEGIN X509 CRL-----\n"
327 "MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
328 "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
329 "Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX\n"
330 "DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB\n"
331 "AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d\n"
332 "sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH\n"
333 "NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5\n"
334 "OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp\n"
335 "Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO\n"
336 "xzfKY2TzxLiOmctG0hXFkH5J\n"
337 "-----END X509 CRL-----\n";
338
339 static const char kBadIssuerCRL[] =
340 "-----BEGIN X509 CRL-----\n"
341 "MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
342 "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN\n"
343 "Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC\n"
344 "AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF\n"
345 "AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP\n"
346 "t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB\n"
347 "cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL\n"
348 "TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q\n"
349 "L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g\n"
350 "Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==\n"
351 "-----END X509 CRL-----\n";
352
353 // kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point
354 // extension.
355 static const char kKnownCriticalCRL[] =
356 "-----BEGIN X509 CRL-----\n"
357 "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
358 "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
359 "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n"
360 "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n"
361 "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n"
362 "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n"
363 "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n"
364 "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n"
365 "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n"
366 "o/1TpfOMSGhMyMoyPrk=\n"
367 "-----END X509 CRL-----\n";
368
369 // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
370 static const char kUnknownCriticalCRL[] =
371 "-----BEGIN X509 CRL-----\n"
372 "MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
373 "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
374 "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV\n"
375 "HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA\n"
376 "GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib\n"
377 "Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC\n"
378 "yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ\n"
379 "+wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC\n"
380 "nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB\n"
381 "kwzzU2rL3G65CrZ7H0SZsQ==\n"
382 "-----END X509 CRL-----\n";
383
384 // kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
385 // point extension followed by an unknown critical extension
386 static const char kUnknownCriticalCRL2[] =
387 "-----BEGIN X509 CRL-----\n"
388 "MIIBzzCBuAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n"
389 "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n"
390 "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDYwNDAKBgNV\n"
391 "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wEwYMKoZIhvcSBAGEtwkAAQH/BAAw\n"
392 "DQYJKoZIhvcNAQELBQADggEBACTcpQC8jXL12JN5YzOcQ64ubQIe0XxRAd30p7qB\n"
393 "BTXGpgqBjrjxRfLms7EBYodEXB2oXMsDq3km0vT1MfYdsDD05S+SQ9CDsq/pUfaC\n"
394 "E2WNI5p8WircRnroYvbN2vkjlRbMd1+yNITohXYXCJwjEOAWOx3XIM10bwPYBv4R\n"
395 "rDobuLHoMgL3yHgMHmAkP7YpkBucNqeBV8cCdeAZLuhXFWi6yfr3r/X18yWbC/r2\n"
396 "2xXdkrSqXLFo7ToyP8YKTgiXpya4x6m53biEYwa2ULlas0igL6DK7wjYZX95Uy7H\n"
397 "GKljn9weIYiMPV/BzGymwfv2EW0preLwtyJNJPaxbdin6Jc=\n"
398 "-----END X509 CRL-----\n";
399
400 // kEd25519Cert is a self-signed Ed25519 certificate.
401 static const char kEd25519Cert[] =
402 "-----BEGIN CERTIFICATE-----\n"
403 "MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET\n"
404 "MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ\n"
405 "dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE\n"
406 "BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp\n"
407 "ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj\n"
408 "Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD\n"
409 "VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr\n"
410 "ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL\n"
411 "r+VHVKUhsrvcdCelnXRrrSD7xWAL\n"
412 "-----END CERTIFICATE-----\n";
413
414 // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in
415 // the signature algorithm.
416 static const char kEd25519CertNull[] =
417 "-----BEGIN CERTIFICATE-----\n"
418 "MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV\n"
419 "MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz\n"
420 "IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD\n"
421 "VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg\n"
422 "V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa\n"
423 "piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf\n"
424 "BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG\n"
425 "AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr\n"
426 "recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==\n"
427 "-----END CERTIFICATE-----\n";
428
429 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
430 // contains SANS for example.com, test@example.com, 127.0.0.1, and
431 // https://example.com/. (The latter is useless for now since crypto/x509
432 // doesn't deal with URI SANs directly.)
433 static const char kSANTypesLeaf[] =
434 "-----BEGIN CERTIFICATE-----\n"
435 "MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV\n"
436 "BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw\n"
437 "MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx\n"
438 "FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
439 "gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9\n"
440 "KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc\n"
441 "O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G\n"
442 "A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD\n"
443 "VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS\n"
444 "gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0\n"
445 "QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG\n"
446 "9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf\n"
447 "dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk\n"
448 "jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==\n"
449 "-----END CERTIFICATE-----\n";
450
451 // -----BEGIN RSA PRIVATE KEY-----
452 // MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+
453 // l3mYQPtPbRT9KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB
454 // 1NkrKyQjd1scO711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQAB
455 // AoGACwf7z0i1DxOI2zSwFimLghfyCSp8mgT3fbZ3Wj0SebYu6ZUffjceneM/AVrq
456 // gGYHYLOVHcWJqfkl7X3hPo9SDhzLx0mM545/q21ZWCwjhswH7WiCEqV2/zeDO9WU
457 // NIO1VU0VoLm0AQ7ZvwnyB+fpgF9kkkDtbBJW7XWrfNVtlnECQQD97YENpEJ3X1kj
458 // 3rrkrHWDkKAyoWWY1i8Fm7LnganC9Bv6AVwgn5ZlE/479aWHF8vbOFEA3pFPiNZJ
459 // t9FTCfpJAkEA3RCXjGI0Y6GALFLwEs+nL/XZAfJaIpJEZVLCVosYQOSaMS4SchfC
460 // GGYVquT7ZgKk9uvz89Fg87OtBMWS9lrkHwJADGkGLKeBhBoJ3kHtem2fVK3F1pOi
461 // xoR5SdnhNYVVyaxqjZ5xZTrHe+stOrr3uxGDqhQniVZXXb6/Ul0Egv1y2QJAVg/h
462 // kAujba4wIhFf2VLyOZ+yjil1ocPj0LZ5Zgvcs1bMGJ1hHP3W2HzVrqRaowoggui1
463 // HpTC891dXGA2qKYV7QJAFDmT2A7OVvh3y4AEgzVwHrDmCMwMHKjCIntS7fjxrJnF
464 // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w==
465 // -----END RSA PRIVATE KEY-----
466
467 static const char kSANTypesRoot[] =
468 "-----BEGIN CERTIFICATE-----\n"
469 "MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE\n"
470 "ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw\n"
471 "MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ\n"
472 "MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/\n"
473 "EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy\n"
474 "SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J\n"
475 "1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/\n"
476 "BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E\n"
477 "BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3\n"
478 "1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f\n"
479 "c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH\n"
480 "bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms\n"
481 "d5YVX0c90VMnUhF/dlrqS9U=\n"
482 "-----END CERTIFICATE-----\n";
483
484 // -----BEGIN RSA PRIVATE KEY-----
485 // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V
486 // Imi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2
487 // m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQAB
488 // AoGALEF5daZqc+aEsp8X1yky3nsoheyPL0kqSBWii33IFemZgKcSaRnAoqjPWWLS
489 // 8dHj0I/4rej2MW8iuezVSpDak9tK5boHORC3w4p/wifkizQkLt1DANxTVbzcKvrt
490 // aZ7LjVaKkhjRJbLddniowFHkkWVbUccjvzcUd7Y2VuLbAhECQQDq4FE88aHio8zg
491 // bxSd0PwjEFwLYQTR19u812SoR8PmR6ofIL+pDwOV+fVs+OGcAAOgkhIukOrksQ4A
492 // 1cKtnyhXAkEA/gRI+u3tZ7UE1twIkBfZ6IvCdRodkPqHAYIxMRLzL+MhyZt4MEGc
493 // Ngb/F6U9/WOBFnoR/PI7IwE3ejutzKcL+QJBAKh+6eilk7QKPETZi1m3/dmNt+p1
494 // 3EZJ65pqjwxmB3Rg/vs7vCMk4TarTdSyKu+F1xRPFfoP/mK3Xctdjj6NyhsCQAYF
495 // 7/0TOzfkUPMPUJyqFB6xgbDpJ55ScnUUsznoqx+NkTWInDb4t02IqO/UmT2y6FKy
496 // Hk8TJ1fTJY+ebqaVp3ECQApx9gQ+n0zIhx97FMUuiRse73xkcW4+pZ8nF+8DmeQL
497 // /JKuuFGmzkG+rUbXFmo/Zg2ozVplw71NnQJ4znPsf7A=
498 // -----END RSA PRIVATE KEY-----
499
500 // The following four certificates were generated with this Go program, varying
501 // |includeNetscapeExtension| and defining rootKeyPEM and rootCertPEM to be
502 // strings containing the kSANTypesRoot, above.
503
504 // package main
505
506 // import (
507 // "crypto/ecdsa"
508 // "crypto/elliptic"
509 // "crypto/rand"
510 // "crypto/x509"
511 // "crypto/x509/pkix"
512 // "encoding/asn1"
513 // "encoding/pem"
514 // "math/big"
515 // "os"
516 // "time"
517 // )
518
519 // const includeNetscapeExtension = true
520
521 // func main() {
522 // block, _ := pem.Decode([]byte(rootKeyPEM))
523 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
524 // block, _ = pem.Decode([]byte(rootCertPEM))
525 // root, _ := x509.ParseCertificate(block.Bytes)
526
527 // interTemplate := &x509.Certificate{
528 // SerialNumber: big.NewInt(2),
529 // Subject: pkix.Name{
530 // CommonName: "No Basic Constraints (Netscape)",
531 // },
532 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
533 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
534 // }
535
536 // if includeNetscapeExtension {
537 // interTemplate.ExtraExtensions = []pkix.Extension{
538 // pkix.Extension{
539 // Id: asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113730, 1, 1}),
540 // Value: []byte{0x03, 0x02, 2, 0x04},
541 // },
542 // }
543 // } else {
544 // interTemplate.KeyUsage = x509.KeyUsageCertSign
545 // }
546
547 // interKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
548
549 // interDER, err := x509.CreateCertificate(rand.Reader, interTemplate, root, &interKey.PublicKey, rootPriv)
550 // if err != nil {
551 // panic(err)
552 // }
553
554 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: interDER})
555
556 // inter, _ := x509.ParseCertificate(interDER)
557
558 // leafTemplate := &x509.Certificate{
559 // SerialNumber: big.NewInt(3),
560 // Subject: pkix.Name{
561 // CommonName: "Leaf from CA with no Basic Constraints",
562 // },
563 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
564 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
565 // BasicConstraintsValid: true,
566 // }
567 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
568
569 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, inter, &leafKey.PublicKey, interKey)
570 // if err != nil {
571 // panic(err)
572 // }
573
574 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
575 // }
576
577 // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains
578 // certSign in the keyUsage.
579 static const char kNoBasicConstraintsCertSignIntermediate[] =
580 "-----BEGIN CERTIFICATE-----\n"
581 "MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
582 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
583 "MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw\n"
584 "WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1\n"
585 "OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO\n"
586 "BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq\n"
587 "hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9\n"
588 "ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW\n"
589 "xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==\n"
590 "-----END CERTIFICATE-----\n";
591
592 static const char kNoBasicConstraintsCertSignLeaf[] =
593 "-----BEGIN CERTIFICATE-----\n"
594 "MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj\n"
595 "IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx\n"
596 "MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50\n"
597 "czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB\n"
598 "w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO\n"
599 "MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o\n"
600 "eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24\n"
601 "Djy3Zw==\n"
602 "-----END CERTIFICATE-----\n";
603
604 // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains
605 // a Netscape certificate-type extension that asserts a type of "SSL CA".
606 static const char kNoBasicConstraintsNetscapeCAIntermediate[] =
607 "-----BEGIN CERTIFICATE-----\n"
608 "MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
609 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
610 "MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg\n"
611 "KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi\n"
612 "PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH\n"
613 "1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4\n"
614 "QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju\n"
615 "tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF\n"
616 "G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M\n"
617 "P9p6HuyLrmn0c/F0\n"
618 "-----END CERTIFICATE-----\n";
619
620 static const char kNoBasicConstraintsNetscapeCALeaf[] =
621 "-----BEGIN CERTIFICATE-----\n"
622 "MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp\n"
623 "YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw\n"
624 "MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp\n"
625 "YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2\n"
626 "tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q\n"
627 "DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh\n"
628 "aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj\n"
629 "XyPwWPbymSTpzKhB4xB7qQ==\n"
630 "-----END CERTIFICATE-----\n";
631
632 static const char kSelfSignedMismatchAlgorithms[] =
633 "-----BEGIN CERTIFICATE-----\n"
634 "MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV\n"
635 "BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3\n"
636 "MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH\n"
637 "DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n"
638 "ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS\n"
639 "g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR\n"
640 "mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1\n"
641 "4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV\n"
642 "nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn\n"
643 "kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//\n"
644 "i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q\n"
645 "H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb\n"
646 "8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv\n"
647 "gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD\n"
648 "THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw\n"
649 "UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h\n"
650 "upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF\n"
651 "AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be\n"
652 "PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj\n"
653 "mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd\n"
654 "VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+\n"
655 "JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r\n"
656 "yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV\n"
657 "cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy\n"
658 "R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3\n"
659 "pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn\n"
660 "BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m\n"
661 "KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=\n"
662 "-----END CERTIFICATE-----\n";
663
664 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
665 // *.host1.test as the common name and a SAN list of *.host2.test and
666 // foo.host3.test.
667 static const char kCommonNameWithSANs[] =
668 "-----BEGIN CERTIFICATE-----\n"
669 "MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
670 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
671 "MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z\n"
672 "MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n"
673 "AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07\n"
674 "zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn\n"
675 "jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ\n"
676 "KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL\n"
677 "4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM\n"
678 "enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=\n"
679 "-----END CERTIFICATE-----\n";
680
681 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
682 // *.host1.test as the common name and no SAN list.
683 static const char kCommonNameWithoutSANs[] =
684 "-----BEGIN CERTIFICATE-----\n"
685 "MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
686 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
687 "MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT\n"
688 "QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB\n"
689 "BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE\n"
690 "0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+\n"
691 "VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5\n"
692 "4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2\n"
693 "+YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO\n"
694 "pFFXI2B5usgI\n"
695 "-----END CERTIFICATE-----\n";
696
697 // kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with
698 // *.host1.test as the common name and the email address test@host2.test in the
699 // SAN list.
700 static const char kCommonNameWithEmailSAN[] =
701 "-----BEGIN CERTIFICATE-----\n"
702 "MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
703 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
704 "MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI\n"
705 "zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs\n"
706 "8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/\n"
707 "BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl\n"
708 "c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2\n"
709 "HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv\n"
710 "NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ\n"
711 "aet/mER21Z/9ZsTUoJQPJw==\n"
712 "-----END CERTIFICATE-----\n";
713
714 // kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with
715 // *.host1.test as the common name and the IP address 127.0.0.1 in the
716 // SAN list.
717 static const char kCommonNameWithIPSAN[] =
718 "-----BEGIN CERTIFICATE-----\n"
719 "MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
720 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
721 "MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI\n"
722 "zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX\n"
723 "KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/\n"
724 "BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A\n"
725 "AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO\n"
726 "DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju\n"
727 "mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU\n"
728 "D0+O6KI=\n"
729 "-----END CERTIFICATE-----\n";
730
731 // kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with
732 // permitted DNS names of permitted1.test and foo.permitted2.test and an
733 // excluded DNS name of excluded.permitted1.test. Its private key is:
734 //
735 // -----BEGIN PRIVATE KEY-----
736 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTXUM4tJWM7OzATty
737 // JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4
738 // kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y
739 // -----END PRIVATE KEY-----
740 static const char kConstrainedIntermediate[] =
741 "-----BEGIN CERTIFICATE-----\n"
742 "MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
743 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
744 "MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl\n"
745 "cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X\n"
746 "NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK\n"
747 "LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc\n"
748 "flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv\n"
749 "by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw\n"
750 "DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI\n"
751 "9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6\n"
752 "cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz\n"
753 "UyM=\n"
754 "-----END CERTIFICATE-----\n";
755
756 // kCommonNamePermittedLeaf is a leaf certificate signed by
757 // kConstrainedIntermediate. Its common name is permitted by the name
758 // constraints.
759 static const char kCommonNamePermittedLeaf[] =
760 "-----BEGIN CERTIFICATE-----\n"
761 "MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n"
762 "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n"
763 "MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD\n"
764 "VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n"
765 "QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc\n"
766 "emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD\n"
767 "AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY\n"
768 "yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==\n"
769 "-----END CERTIFICATE-----\n";
770 static const char kCommonNamePermitted[] = "foo.permitted1.test";
771
772 // kCommonNameNotPermittedLeaf is a leaf certificate signed by
773 // kConstrainedIntermediate. Its common name is not permitted by the name
774 // constraints.
775 static const char kCommonNameNotPermittedLeaf[] =
776 "-----BEGIN CERTIFICATE-----\n"
777 "MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n"
778 "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n"
779 "MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb\n"
780 "MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n"
781 "AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM\n"
782 "HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO\n"
783 "PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN\n"
784 "5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==\n"
785 "-----END CERTIFICATE-----\n";
786 static const char kCommonNameNotPermitted[] = "not-permitted.test";
787
788 // kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by
789 // kConstrainedIntermediate. Its common name is not permitted by the name
790 // constraints but it has a SAN list.
791 static const char kCommonNameNotPermittedWithSANsLeaf[] =
792 "-----BEGIN CERTIFICATE-----\n"
793 "MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n"
794 "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n"
795 "MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3\n"
796 "aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49\n"
797 "AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR\n"
798 "93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC\n"
799 "MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl\n"
800 "ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl\n"
801 "4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+\n"
802 "-----END CERTIFICATE-----\n";
803 static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test";
804
805 // kCommonNameNotDNSLeaf is a leaf certificate signed by
806 // kConstrainedIntermediate. Its common name is not a DNS name.
807 static const char kCommonNameNotDNSLeaf[] =
808 "-----BEGIN CERTIFICATE-----\n"
809 "MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n"
810 "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n"
811 "MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE\n"
812 "AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc\n"
813 "Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ\n"
814 "Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC\n"
815 "IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH\n"
816 "RHNlAkTK2TnUaVn3fGSylaLiFS1r\n"
817 "-----END CERTIFICATE-----\n";
818 static const char kCommonNameNotDNS[] = "Not a DNS name";
819
820 // The following six certificates are issued by |kSANTypesRoot| and have
821 // different extended key usage values. They were created with the following
822 // Go program:
823 //
824 // func main() {
825 // block, _ := pem.Decode([]byte(rootKeyPEM))
826 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
827 // block, _ = pem.Decode([]byte(rootCertPEM))
828 // root, _ := x509.ParseCertificate(block.Bytes)
829 //
830 // leafTemplate := &x509.Certificate{
831 // SerialNumber: big.NewInt(3),
832 // Subject: pkix.Name{
833 // CommonName: "EKU msSGC",
834 // },
835 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
836 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
837 // BasicConstraintsValid: true,
838 // ExtKeyUsage: []x509.ExtKeyUsage{FILL IN HERE},
839 // }
840 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
841 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, root, &leafKey.PublicKey, rootPriv)
842 // if err != nil {
843 // panic(err)
844 // }
845 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
846 // }
847
848 static const char kMicrosoftSGCCert[] =
849 "-----BEGIN CERTIFICATE-----\n"
850 "MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
851 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
852 "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n"
853 "AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2\n"
854 "mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK\n"
855 "KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U\n"
856 "BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I\n"
857 "rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe\n"
858 "aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0\n"
859 "cC4l0r/6jik=\n"
860 "-----END CERTIFICATE-----\n";
861
862 static const char kNetscapeSGCCert[] =
863 "-----BEGIN CERTIFICATE-----\n"
864 "MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
865 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
866 "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n"
867 "AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x\n"
868 "kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ\n"
869 "YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE\n"
870 "J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc\n"
871 "8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W\n"
872 "dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M\n"
873 "RQHX6HQJJg==\n"
874 "-----END CERTIFICATE-----\n";
875
876 static const char kServerEKUCert[] =
877 "-----BEGIN CERTIFICATE-----\n"
878 "MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
879 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
880 "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n"
881 "AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ\n"
882 "SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI\n"
883 "KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn\n"
884 "jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL\n"
885 "iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I\n"
886 "6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP\n"
887 "2hoEMdz2\n"
888 "-----END CERTIFICATE-----\n";
889
890 static const char kServerEKUPlusMicrosoftSGCCert[] =
891 "-----BEGIN CERTIFICATE-----\n"
892 "MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
893 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
894 "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n"
895 "AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z\n"
896 "ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI\n"
897 "KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA\n"
898 "N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS\n"
899 "SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa\n"
900 "KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H\n"
901 "5V9oXd1bodEqVsOZ/mur24Ku\n"
902 "-----END CERTIFICATE-----\n";
903
904 static const char kAnyEKU[] =
905 "-----BEGIN CERTIFICATE-----\n"
906 "MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
907 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
908 "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n"
909 "AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu\n"
910 "1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE\n"
911 "VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw\n"
912 "DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq\n"
913 "uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3\n"
914 "/OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz\n"
915 "L6A=\n"
916 "-----END CERTIFICATE-----\n";
917
918 static const char kNoEKU[] =
919 "-----BEGIN CERTIFICATE-----\n"
920 "MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n"
921 "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n"
922 "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n"
923 "AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz\n"
924 "KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw\n"
925 "ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB\n"
926 "AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF\n"
927 "T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3\n"
928 "TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2\n"
929 "-----END CERTIFICATE-----\n";
930
931 // CertFromPEM parses the given, NUL-terminated pem block and returns an
932 // |X509*|.
CertFromPEM(const char * pem)933 static bssl::UniquePtr<X509> CertFromPEM(const char *pem) {
934 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
935 return bssl::UniquePtr<X509>(
936 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
937 }
938
939 // CRLFromPEM parses the given, NUL-terminated pem block and returns an
940 // |X509_CRL*|.
CRLFromPEM(const char * pem)941 static bssl::UniquePtr<X509_CRL> CRLFromPEM(const char *pem) {
942 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
943 return bssl::UniquePtr<X509_CRL>(
944 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
945 }
946
947 // PrivateKeyFromPEM parses the given, NUL-terminated pem block and returns an
948 // |EVP_PKEY*|.
PrivateKeyFromPEM(const char * pem)949 static bssl::UniquePtr<EVP_PKEY> PrivateKeyFromPEM(const char *pem) {
950 bssl::UniquePtr<BIO> bio(
951 BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
952 return bssl::UniquePtr<EVP_PKEY>(
953 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
954 }
955
956 // CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509),
957 // bumping the reference counts for each certificate in question.
CertsToStack(const std::vector<X509 * > & certs)958 static bssl::UniquePtr<STACK_OF(X509)> CertsToStack(
959 const std::vector<X509 *> &certs) {
960 bssl::UniquePtr<STACK_OF(X509)> stack(sk_X509_new_null());
961 if (!stack) {
962 return nullptr;
963 }
964 for (auto cert : certs) {
965 if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) {
966 return nullptr;
967 }
968 }
969
970 return stack;
971 }
972
973 // CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL
974 // STACK_OF(X509_CRL), bumping the reference counts for each CRL in question.
CRLsToStack(const std::vector<X509_CRL * > & crls)975 static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack(
976 const std::vector<X509_CRL *> &crls) {
977 bssl::UniquePtr<STACK_OF(X509_CRL)> stack(sk_X509_CRL_new_null());
978 if (!stack) {
979 return nullptr;
980 }
981 for (auto crl : crls) {
982 if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) {
983 return nullptr;
984 }
985 }
986
987 return stack;
988 }
989
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags,bool use_additional_untrusted,std::function<void (X509_VERIFY_PARAM *)> configure_callback,int (* verify_callback)(int,X509_STORE_CTX *)=nullptr)990 static int Verify(X509 *leaf, const std::vector<X509 *> &roots,
991 const std::vector<X509 *> &intermediates,
992 const std::vector<X509_CRL *> &crls, unsigned long flags,
993 bool use_additional_untrusted,
994 std::function<void(X509_VERIFY_PARAM *)> configure_callback,
995 int (*verify_callback)(int, X509_STORE_CTX *) = nullptr) {
996 bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots));
997 bssl::UniquePtr<STACK_OF(X509)> intermediates_stack(
998 CertsToStack(intermediates));
999 bssl::UniquePtr<STACK_OF(X509_CRL)> crls_stack(CRLsToStack(crls));
1000
1001 if (!roots_stack ||
1002 !intermediates_stack ||
1003 !crls_stack) {
1004 return X509_V_ERR_UNSPECIFIED;
1005 }
1006
1007 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
1008 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
1009 if (!ctx ||
1010 !store) {
1011 return X509_V_ERR_UNSPECIFIED;
1012 }
1013
1014 if (use_additional_untrusted) {
1015 X509_STORE_set0_additional_untrusted(store.get(),
1016 intermediates_stack.get());
1017 }
1018
1019 if (!X509_STORE_CTX_init(
1020 ctx.get(), store.get(), leaf,
1021 use_additional_untrusted ? nullptr : intermediates_stack.get())) {
1022 return X509_V_ERR_UNSPECIFIED;
1023 }
1024
1025 X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get());
1026 X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
1027
1028 X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
1029 if (param == nullptr) {
1030 return X509_V_ERR_UNSPECIFIED;
1031 }
1032 X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */);
1033 X509_VERIFY_PARAM_set_depth(param, 16);
1034 if (configure_callback) {
1035 configure_callback(param);
1036 }
1037 if (flags) {
1038 X509_VERIFY_PARAM_set_flags(param, flags);
1039 }
1040 X509_STORE_CTX_set0_param(ctx.get(), param);
1041
1042 ERR_clear_error();
1043 if (X509_verify_cert(ctx.get()) != 1) {
1044 return X509_STORE_CTX_get_error(ctx.get());
1045 }
1046
1047 return X509_V_OK;
1048 }
1049
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags=0)1050 static int Verify(X509 *leaf, const std::vector<X509 *> &roots,
1051 const std::vector<X509 *> &intermediates,
1052 const std::vector<X509_CRL *> &crls,
1053 unsigned long flags = 0) {
1054 const int r1 =
1055 Verify(leaf, roots, intermediates, crls, flags, false, nullptr);
1056 const int r2 =
1057 Verify(leaf, roots, intermediates, crls, flags, true, nullptr);
1058
1059 if (r1 != r2) {
1060 fprintf(stderr,
1061 "Verify with, and without, use_additional_untrusted gave different "
1062 "results: %d vs %d.\n",
1063 r1, r2);
1064 return false;
1065 }
1066
1067 return r1;
1068 }
1069
TEST(X509Test,TestVerify)1070 TEST(X509Test, TestVerify) {
1071 bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM));
1072 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1073 bssl::UniquePtr<X509> root_cross_signed(CertFromPEM(kRootCrossSignedPEM));
1074 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1075 bssl::UniquePtr<X509> intermediate_self_signed(
1076 CertFromPEM(kIntermediateSelfSignedPEM));
1077 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1078 bssl::UniquePtr<X509> leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM));
1079 bssl::UniquePtr<X509> forgery(CertFromPEM(kForgeryPEM));
1080
1081 ASSERT_TRUE(cross_signing_root);
1082 ASSERT_TRUE(root);
1083 ASSERT_TRUE(root_cross_signed);
1084 ASSERT_TRUE(intermediate);
1085 ASSERT_TRUE(intermediate_self_signed);
1086 ASSERT_TRUE(leaf);
1087 ASSERT_TRUE(forgery);
1088 ASSERT_TRUE(leaf_no_key_usage);
1089
1090 std::vector<X509*> empty;
1091 std::vector<X509_CRL*> empty_crls;
1092 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1093 Verify(leaf.get(), empty, empty, empty_crls));
1094 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1095 Verify(leaf.get(), empty, {intermediate.get()}, empty_crls));
1096
1097 ASSERT_EQ(X509_V_OK,
1098 Verify(leaf.get(), {root.get()}, {intermediate.get()}, empty_crls));
1099 ASSERT_EQ(X509_V_OK,
1100 Verify(leaf.get(), {cross_signing_root.get()},
1101 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1102 ASSERT_EQ(X509_V_OK,
1103 Verify(leaf.get(), {cross_signing_root.get(), root.get()},
1104 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1105
1106 /* This is the “altchains” test – we remove the cross-signing CA but include
1107 * the cross-sign in the intermediates. */
1108 ASSERT_EQ(X509_V_OK,
1109 Verify(leaf.get(), {root.get()},
1110 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1111 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1112 Verify(leaf.get(), {root.get()},
1113 {intermediate.get(), root_cross_signed.get()}, empty_crls,
1114 X509_V_FLAG_NO_ALT_CHAINS));
1115 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1116 Verify(forgery.get(), {intermediate_self_signed.get()},
1117 {leaf_no_key_usage.get()}, empty_crls));
1118
1119 /* Test that one cannot skip Basic Constraints checking with a contorted set
1120 * of roots and intermediates. This is a regression test for CVE-2015-1793. */
1121 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1122 Verify(forgery.get(),
1123 {intermediate_self_signed.get(), root_cross_signed.get()},
1124 {leaf_no_key_usage.get(), intermediate.get()}, empty_crls));
1125 }
1126
1127 static const char kHostname[] = "example.com";
1128 static const char kWrongHostname[] = "example2.com";
1129 static const char kEmail[] = "test@example.com";
1130 static const char kWrongEmail[] = "test2@example.com";
1131 static const uint8_t kIP[4] = {127, 0, 0, 1};
1132 static const uint8_t kWrongIP[4] = {127, 0, 0, 2};
1133 static const char kIPString[] = "127.0.0.1";
1134 static const char kWrongIPString[] = "127.0.0.2";
1135
TEST(X509Test,ZeroLengthsWithX509PARAM)1136 TEST(X509Test, ZeroLengthsWithX509PARAM) {
1137 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1138 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1139 ASSERT_TRUE(leaf);
1140 ASSERT_TRUE(root);
1141
1142 std::vector<X509_CRL *> empty_crls;
1143
1144 struct X509Test {
1145 const char *correct_value;
1146 size_t correct_value_len;
1147 const char *incorrect_value;
1148 size_t incorrect_value_len;
1149 int (*func)(X509_VERIFY_PARAM *, const char *, size_t);
1150 int mismatch_error;
1151 };
1152 const std::vector<X509Test> kTests = {
1153 {kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
1154 X509_VERIFY_PARAM_set1_host, X509_V_ERR_HOSTNAME_MISMATCH},
1155 {kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
1156 X509_VERIFY_PARAM_set1_email, X509_V_ERR_EMAIL_MISMATCH},
1157 };
1158
1159 for (size_t i = 0; i < kTests.size(); i++) {
1160 SCOPED_TRACE(i);
1161 const X509Test &test = kTests[i];
1162
1163 // The correct value should work.
1164 ASSERT_EQ(X509_V_OK,
1165 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1166 [&test](X509_VERIFY_PARAM *param) {
1167 ASSERT_TRUE(test.func(param, test.correct_value,
1168 test.correct_value_len));
1169 }));
1170
1171 // The wrong value should trigger a verification error.
1172 ASSERT_EQ(test.mismatch_error,
1173 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1174 [&test](X509_VERIFY_PARAM *param) {
1175 ASSERT_TRUE(test.func(param, test.incorrect_value,
1176 test.incorrect_value_len));
1177 }));
1178
1179 // Passing zero as the length, unlike OpenSSL, should trigger an error and
1180 // should cause verification to fail.
1181 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1182 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1183 [&test](X509_VERIFY_PARAM *param) {
1184 ASSERT_FALSE(test.func(param, test.correct_value, 0));
1185 }));
1186
1187 // Passing an empty value should be an error when setting and should cause
1188 // verification to fail.
1189 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1190 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1191 [&test](X509_VERIFY_PARAM *param) {
1192 ASSERT_FALSE(test.func(param, nullptr, 0));
1193 }));
1194
1195 // Passing a value with embedded NULs should also be an error and should
1196 // also cause verification to fail.
1197 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1198 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1199 [&test](X509_VERIFY_PARAM *param) {
1200 ASSERT_FALSE(test.func(param, "a", 2));
1201 }));
1202 }
1203
1204 // IP addresses work slightly differently:
1205
1206 // The correct value should still work.
1207 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1208 false, [](X509_VERIFY_PARAM *param) {
1209 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(
1210 param, kIP, sizeof(kIP)));
1211 }));
1212
1213 // Incorrect values should still fail.
1214 ASSERT_EQ(X509_V_ERR_IP_ADDRESS_MISMATCH,
1215 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1216 [](X509_VERIFY_PARAM *param) {
1217 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kWrongIP,
1218 sizeof(kWrongIP)));
1219 }));
1220
1221 // Zero length values should trigger an error when setting and cause
1222 // verification to always fail.
1223 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1224 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1225 [](X509_VERIFY_PARAM *param) {
1226 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, kIP, 0));
1227 }));
1228
1229 // ... and so should NULL values.
1230 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1231 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1232 [](X509_VERIFY_PARAM *param) {
1233 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, nullptr, 0));
1234 }));
1235
1236 // Zero bytes in an IP address are, of course, fine. This is tested above
1237 // because |kIP| contains zeros.
1238 }
1239
TEST(X509Test,ZeroLengthsWithCheckFunctions)1240 TEST(X509Test, ZeroLengthsWithCheckFunctions) {
1241 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1242
1243 EXPECT_EQ(
1244 1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
1245 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname,
1246 strlen(kWrongHostname), 0, nullptr));
1247
1248 EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
1249 EXPECT_NE(1,
1250 X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
1251
1252 EXPECT_EQ(1, X509_check_ip(leaf.get(), kIP, sizeof(kIP), 0));
1253 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, sizeof(kWrongIP), 0));
1254
1255 EXPECT_EQ(1, X509_check_ip_asc(leaf.get(), kIPString, 0));
1256 EXPECT_NE(1, X509_check_ip_asc(leaf.get(), kWrongIPString, 0));
1257
1258 // OpenSSL supports passing zero as the length for host and email. We do not
1259 // and it should always fail.
1260 EXPECT_NE(1, X509_check_host(leaf.get(), kHostname, 0, 0, nullptr));
1261 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname, 0, 0, nullptr));
1262
1263 EXPECT_NE(1, X509_check_email(leaf.get(), kEmail, 0, 0));
1264 EXPECT_NE(1, X509_check_email(leaf.get(), kWrongEmail, 0, 0));
1265
1266 EXPECT_NE(1, X509_check_ip(leaf.get(), kIP, 0, 0));
1267 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, 0, 0));
1268
1269 // Unlike all the other functions, |X509_check_ip_asc| doesn't take a length,
1270 // so it cannot be zero.
1271 }
1272
TEST(X509Test,TestCRL)1273 TEST(X509Test, TestCRL) {
1274 bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
1275 bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
1276 bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
1277 bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
1278 bssl::UniquePtr<X509_CRL> bad_issuer_crl(CRLFromPEM(kBadIssuerCRL));
1279 bssl::UniquePtr<X509_CRL> known_critical_crl(CRLFromPEM(kKnownCriticalCRL));
1280 bssl::UniquePtr<X509_CRL> unknown_critical_crl(
1281 CRLFromPEM(kUnknownCriticalCRL));
1282 bssl::UniquePtr<X509_CRL> unknown_critical_crl2(
1283 CRLFromPEM(kUnknownCriticalCRL2));
1284
1285 ASSERT_TRUE(root);
1286 ASSERT_TRUE(leaf);
1287 ASSERT_TRUE(basic_crl);
1288 ASSERT_TRUE(revoked_crl);
1289 ASSERT_TRUE(bad_issuer_crl);
1290 ASSERT_TRUE(known_critical_crl);
1291 ASSERT_TRUE(unknown_critical_crl);
1292 ASSERT_TRUE(unknown_critical_crl2);
1293
1294 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
1295 {basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
1296 ASSERT_EQ(
1297 X509_V_ERR_CERT_REVOKED,
1298 Verify(leaf.get(), {root.get()}, {root.get()},
1299 {basic_crl.get(), revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
1300
1301 std::vector<X509_CRL *> empty_crls;
1302 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1303 Verify(leaf.get(), {root.get()}, {root.get()}, empty_crls,
1304 X509_V_FLAG_CRL_CHECK));
1305 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1306 Verify(leaf.get(), {root.get()}, {root.get()},
1307 {bad_issuer_crl.get()}, X509_V_FLAG_CRL_CHECK));
1308 ASSERT_EQ(X509_V_OK,
1309 Verify(leaf.get(), {root.get()}, {root.get()},
1310 {known_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1311 ASSERT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1312 Verify(leaf.get(), {root.get()}, {root.get()},
1313 {unknown_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1314 ASSERT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1315 Verify(leaf.get(), {root.get()}, {root.get()},
1316 {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1317 }
1318
TEST(X509Test,ManyNamesAndConstraints)1319 TEST(X509Test, ManyNamesAndConstraints) {
1320 bssl::UniquePtr<X509> many_constraints(
1321 CertFromPEM(GetTestData("crypto/x509/many_constraints.pem").c_str()));
1322 ASSERT_TRUE(many_constraints);
1323 bssl::UniquePtr<X509> many_names1(
1324 CertFromPEM(GetTestData("crypto/x509/many_names1.pem").c_str()));
1325 ASSERT_TRUE(many_names1);
1326 bssl::UniquePtr<X509> many_names2(
1327 CertFromPEM(GetTestData("crypto/x509/many_names2.pem").c_str()));
1328 ASSERT_TRUE(many_names2);
1329 bssl::UniquePtr<X509> many_names3(
1330 CertFromPEM(GetTestData("crypto/x509/many_names3.pem").c_str()));
1331 ASSERT_TRUE(many_names3);
1332 bssl::UniquePtr<X509> some_names1(
1333 CertFromPEM(GetTestData("crypto/x509/some_names1.pem").c_str()));
1334 ASSERT_TRUE(some_names1);
1335 bssl::UniquePtr<X509> some_names2(
1336 CertFromPEM(GetTestData("crypto/x509/some_names2.pem").c_str()));
1337 ASSERT_TRUE(some_names2);
1338 bssl::UniquePtr<X509> some_names3(
1339 CertFromPEM(GetTestData("crypto/x509/some_names3.pem").c_str()));
1340 ASSERT_TRUE(some_names3);
1341
1342 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1343 Verify(many_names1.get(), {many_constraints.get()},
1344 {many_constraints.get()}, {}));
1345 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1346 Verify(many_names2.get(), {many_constraints.get()},
1347 {many_constraints.get()}, {}));
1348 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1349 Verify(many_names3.get(), {many_constraints.get()},
1350 {many_constraints.get()}, {}));
1351
1352 EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
1353 {many_constraints.get()}, {}));
1354 EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
1355 {many_constraints.get()}, {}));
1356 EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
1357 {many_constraints.get()}, {}));
1358 }
1359
TEST(X509Test,TestPSS)1360 TEST(X509Test, TestPSS) {
1361 bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
1362 ASSERT_TRUE(cert);
1363
1364 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1365 ASSERT_TRUE(pkey);
1366
1367 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1368 }
1369
TEST(X509Test,TestPSSBadParameters)1370 TEST(X509Test, TestPSSBadParameters) {
1371 bssl::UniquePtr<X509> cert(CertFromPEM(kBadPSSCertPEM));
1372 ASSERT_TRUE(cert);
1373
1374 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1375 ASSERT_TRUE(pkey);
1376
1377 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1378 ERR_clear_error();
1379 }
1380
TEST(X509Test,TestEd25519)1381 TEST(X509Test, TestEd25519) {
1382 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519Cert));
1383 ASSERT_TRUE(cert);
1384
1385 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1386 ASSERT_TRUE(pkey);
1387
1388 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1389 }
1390
TEST(X509Test,TestEd25519BadParameters)1391 TEST(X509Test, TestEd25519BadParameters) {
1392 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519CertNull));
1393 ASSERT_TRUE(cert);
1394
1395 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1396 ASSERT_TRUE(pkey);
1397
1398 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1399
1400 uint32_t err = ERR_get_error();
1401 ASSERT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
1402 ASSERT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
1403 ERR_clear_error();
1404 }
1405
SignatureRoundTrips(EVP_MD_CTX * md_ctx,EVP_PKEY * pkey)1406 static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {
1407 // Make a certificate like signed with |md_ctx|'s settings.'
1408 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
1409 if (!cert || !X509_sign_ctx(cert.get(), md_ctx)) {
1410 return false;
1411 }
1412
1413 // Ensure that |pkey| may still be used to verify the resulting signature. All
1414 // settings in |md_ctx| must have been serialized appropriately.
1415 return !!X509_verify(cert.get(), pkey);
1416 }
1417
TEST(X509Test,RSASign)1418 TEST(X509Test, RSASign) {
1419 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1420 ASSERT_TRUE(pkey);
1421 // Test PKCS#1 v1.5.
1422 bssl::ScopedEVP_MD_CTX md_ctx;
1423 ASSERT_TRUE(
1424 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
1425 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1426
1427 // Test RSA-PSS with custom parameters.
1428 md_ctx.Reset();
1429 EVP_PKEY_CTX *pkey_ctx;
1430 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1431 pkey.get()));
1432 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1433 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()));
1434 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1435 }
1436
TEST(X509Test,Ed25519Sign)1437 TEST(X509Test, Ed25519Sign) {
1438 uint8_t pub_bytes[32], priv_bytes[64];
1439 ED25519_keypair(pub_bytes, priv_bytes);
1440
1441 bssl::UniquePtr<EVP_PKEY> pub(
1442 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, pub_bytes, 32));
1443 ASSERT_TRUE(pub);
1444 bssl::UniquePtr<EVP_PKEY> priv(
1445 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, priv_bytes, 32));
1446 ASSERT_TRUE(priv);
1447
1448 bssl::ScopedEVP_MD_CTX md_ctx;
1449 ASSERT_TRUE(
1450 EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, priv.get()));
1451 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
1452 }
1453
PEMToDER(bssl::UniquePtr<uint8_t> * out,size_t * out_len,const char * pem)1454 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
1455 const char *pem) {
1456 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1457 if (!bio) {
1458 return false;
1459 }
1460
1461 char *name, *header;
1462 uint8_t *data;
1463 long data_len;
1464 if (!PEM_read_bio(bio.get(), &name, &header, &data, &data_len)) {
1465 fprintf(stderr, "failed to read PEM data.\n");
1466 return false;
1467 }
1468 OPENSSL_free(name);
1469 OPENSSL_free(header);
1470
1471 out->reset(data);
1472 *out_len = data_len;
1473
1474 return true;
1475 }
1476
TEST(X509Test,TestFromBuffer)1477 TEST(X509Test, TestFromBuffer) {
1478 size_t data_len;
1479 bssl::UniquePtr<uint8_t> data;
1480 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1481
1482 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1483 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1484 ASSERT_TRUE(buf);
1485 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1486 ASSERT_TRUE(root);
1487
1488 const uint8_t *enc_pointer = root->cert_info->enc.enc;
1489 const uint8_t *buf_pointer = CRYPTO_BUFFER_data(buf.get());
1490 ASSERT_GE(enc_pointer, buf_pointer);
1491 ASSERT_LT(enc_pointer, buf_pointer + CRYPTO_BUFFER_len(buf.get()));
1492 buf.reset();
1493
1494 /* This ensures the X509 took a reference to |buf|, otherwise this will be a
1495 * reference to free memory and ASAN should notice. */
1496 ASSERT_EQ(0x30, enc_pointer[0]);
1497 }
1498
TEST(X509Test,TestFromBufferWithTrailingData)1499 TEST(X509Test, TestFromBufferWithTrailingData) {
1500 size_t data_len;
1501 bssl::UniquePtr<uint8_t> data;
1502 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1503
1504 std::unique_ptr<uint8_t[]> trailing_data(new uint8_t[data_len + 1]);
1505 OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
1506
1507 bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
1508 CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
1509 ASSERT_TRUE(buf_trailing_data);
1510
1511 bssl::UniquePtr<X509> root_trailing_data(
1512 X509_parse_from_buffer(buf_trailing_data.get()));
1513 ASSERT_FALSE(root_trailing_data);
1514 }
1515
TEST(X509Test,TestFromBufferModified)1516 TEST(X509Test, TestFromBufferModified) {
1517 size_t data_len;
1518 bssl::UniquePtr<uint8_t> data;
1519 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1520
1521 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1522 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1523 ASSERT_TRUE(buf);
1524
1525 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1526 ASSERT_TRUE(root);
1527
1528 bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
1529 ASN1_INTEGER_set(fourty_two.get(), 42);
1530 X509_set_serialNumber(root.get(), fourty_two.get());
1531
1532 ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
1533
1534 X509_CINF_set_modified(root->cert_info);
1535
1536 ASSERT_NE(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
1537 }
1538
TEST(X509Test,TestFromBufferReused)1539 TEST(X509Test, TestFromBufferReused) {
1540 size_t data_len;
1541 bssl::UniquePtr<uint8_t> data;
1542 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1543
1544 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1545 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1546 ASSERT_TRUE(buf);
1547
1548 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1549 ASSERT_TRUE(root);
1550
1551 size_t data2_len;
1552 bssl::UniquePtr<uint8_t> data2;
1553 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
1554
1555 X509 *x509p = root.get();
1556 const uint8_t *inp = data2.get();
1557 X509 *ret = d2i_X509(&x509p, &inp, data2_len);
1558 ASSERT_EQ(root.get(), ret);
1559 ASSERT_EQ(nullptr, root->buf);
1560
1561 // Free |data2| and ensure that |root| took its own copy. Otherwise the
1562 // following will trigger a use-after-free.
1563 data2.reset();
1564
1565 uint8_t *i2d = nullptr;
1566 int i2d_len = i2d_X509(root.get(), &i2d);
1567 ASSERT_GE(i2d_len, 0);
1568 bssl::UniquePtr<uint8_t> i2d_storage(i2d);
1569
1570 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
1571
1572 ASSERT_EQ(static_cast<long>(data2_len), i2d_len);
1573 ASSERT_EQ(0, OPENSSL_memcmp(data2.get(), i2d, i2d_len));
1574 ASSERT_EQ(nullptr, root->buf);
1575 }
1576
TEST(X509Test,TestFailedParseFromBuffer)1577 TEST(X509Test, TestFailedParseFromBuffer) {
1578 static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
1579
1580 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1581 CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
1582 ASSERT_TRUE(buf);
1583
1584 bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
1585 ASSERT_FALSE(cert);
1586 ERR_clear_error();
1587
1588 // Test a buffer with trailing data.
1589 size_t data_len;
1590 bssl::UniquePtr<uint8_t> data;
1591 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1592
1593 std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]);
1594 OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
1595 data_with_trailing_byte[data_len] = 0;
1596
1597 bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
1598 CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
1599 ASSERT_TRUE(buf_with_trailing_byte);
1600
1601 bssl::UniquePtr<X509> root(
1602 X509_parse_from_buffer(buf_with_trailing_byte.get()));
1603 ASSERT_FALSE(root);
1604 ERR_clear_error();
1605 }
1606
TEST(X509Test,TestPrintUTCTIME)1607 TEST(X509Test, TestPrintUTCTIME) {
1608 static const struct {
1609 const char *val, *want;
1610 } asn1_utctime_tests[] = {
1611 {"", "Bad time value"},
1612
1613 // Correct RFC 5280 form. Test years < 2000 and > 2000.
1614 {"090303125425Z", "Mar 3 12:54:25 2009 GMT"},
1615 {"900303125425Z", "Mar 3 12:54:25 1990 GMT"},
1616 {"000303125425Z", "Mar 3 12:54:25 2000 GMT"},
1617
1618 // Correct form, bad values.
1619 {"000000000000Z", "Bad time value"},
1620 {"999999999999Z", "Bad time value"},
1621
1622 // Missing components. Not legal RFC 5280, but permitted.
1623 {"090303125425", "Mar 3 12:54:25 2009"},
1624 {"9003031254", "Mar 3 12:54:00 1990"},
1625 {"9003031254Z", "Mar 3 12:54:00 1990 GMT"},
1626
1627 // GENERALIZEDTIME confused for UTCTIME.
1628 {"20090303125425Z", "Bad time value"},
1629
1630 // Legal ASN.1, but not legal RFC 5280.
1631 {"9003031254+0800", "Bad time value"},
1632 {"9003031254-0800", "Bad time value"},
1633
1634 // Trailing garbage.
1635 {"9003031254Z ", "Bad time value"},
1636 };
1637
1638 for (auto t : asn1_utctime_tests) {
1639 SCOPED_TRACE(t.val);
1640 bssl::UniquePtr<ASN1_UTCTIME> tm(ASN1_UTCTIME_new());
1641 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
1642
1643 // Use this instead of ASN1_UTCTIME_set() because some callers get
1644 // type-confused and pass ASN1_GENERALIZEDTIME to ASN1_UTCTIME_print().
1645 // ASN1_UTCTIME_set_string() is stricter, and would reject the inputs in
1646 // question.
1647 ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
1648 const int ok = ASN1_UTCTIME_print(bio.get(), tm.get());
1649
1650 const uint8_t *contents;
1651 size_t len;
1652 ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len));
1653 EXPECT_EQ(ok, (strcmp(t.want, "Bad time value") != 0) ? 1 : 0);
1654 EXPECT_EQ(t.want,
1655 std::string(reinterpret_cast<const char *>(contents), len));
1656 }
1657 }
1658
TEST(X509Test,PrettyPrintIntegers)1659 TEST(X509Test, PrettyPrintIntegers) {
1660 static const char *kTests[] = {
1661 // Small numbers are pretty-printed in decimal.
1662 "0",
1663 "-1",
1664 "1",
1665 "42",
1666 "-42",
1667 "256",
1668 "-256",
1669 // Large numbers are pretty-printed in hex to avoid taking quadratic time.
1670 "0x0123456789",
1671 "-0x0123456789",
1672 };
1673 for (const char *in : kTests) {
1674 SCOPED_TRACE(in);
1675 BIGNUM *bn = nullptr;
1676 ASSERT_TRUE(BN_asc2bn(&bn, in));
1677 bssl::UniquePtr<BIGNUM> free_bn(bn);
1678
1679 {
1680 bssl::UniquePtr<ASN1_INTEGER> asn1(BN_to_ASN1_INTEGER(bn, nullptr));
1681 ASSERT_TRUE(asn1);
1682 bssl::UniquePtr<char> out(i2s_ASN1_INTEGER(nullptr, asn1.get()));
1683 ASSERT_TRUE(out.get());
1684 EXPECT_STREQ(in, out.get());
1685 }
1686
1687 {
1688 bssl::UniquePtr<ASN1_ENUMERATED> asn1(BN_to_ASN1_ENUMERATED(bn, nullptr));
1689 ASSERT_TRUE(asn1);
1690 bssl::UniquePtr<char> out(i2s_ASN1_ENUMERATED(nullptr, asn1.get()));
1691 ASSERT_TRUE(out.get());
1692 EXPECT_STREQ(in, out.get());
1693 }
1694 }
1695 }
1696
TEST(X509Test,X509NameSet)1697 TEST(X509Test, X509NameSet) {
1698 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1699 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1700 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("US"),
1701 -1, -1, 0));
1702 EXPECT_EQ(X509_NAME_entry_count(name.get()), 1);
1703 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1704 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("CA"),
1705 -1, -1, 0));
1706 EXPECT_EQ(X509_NAME_entry_count(name.get()), 2);
1707 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1708 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("UK"),
1709 -1, -1, 0));
1710 EXPECT_EQ(X509_NAME_entry_count(name.get()), 3);
1711 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1712 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("JP"),
1713 -1, 1, 0));
1714 EXPECT_EQ(X509_NAME_entry_count(name.get()), 4);
1715
1716 // Check that the correct entries get incremented when inserting new entry.
1717 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1);
1718 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2);
1719 }
1720
TEST(X509Test,StringDecoding)1721 TEST(X509Test, StringDecoding) {
1722 static const struct {
1723 std::vector<uint8_t> in;
1724 int type;
1725 const char *expected;
1726 } kTests[] = {
1727 // Non-minimal, two-byte UTF-8.
1728 {{0xc0, 0x81}, V_ASN1_UTF8STRING, nullptr},
1729 // Non-minimal, three-byte UTF-8.
1730 {{0xe0, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr},
1731 // Non-minimal, four-byte UTF-8.
1732 {{0xf0, 0x80, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr},
1733 // Truncated, four-byte UTF-8.
1734 {{0xf0, 0x80, 0x80}, V_ASN1_UTF8STRING, nullptr},
1735 // Low-surrogate value.
1736 {{0xed, 0xa0, 0x80}, V_ASN1_UTF8STRING, nullptr},
1737 // High-surrogate value.
1738 {{0xed, 0xb0, 0x81}, V_ASN1_UTF8STRING, nullptr},
1739 // Initial BOMs should be rejected from UCS-2 and UCS-4.
1740 {{0xfe, 0xff, 0, 88}, V_ASN1_BMPSTRING, nullptr},
1741 {{0, 0, 0xfe, 0xff, 0, 0, 0, 88}, V_ASN1_UNIVERSALSTRING, nullptr},
1742 // Otherwise, BOMs should pass through.
1743 {{0, 88, 0xfe, 0xff}, V_ASN1_BMPSTRING, "X\xef\xbb\xbf"},
1744 {{0, 0, 0, 88, 0, 0, 0xfe, 0xff}, V_ASN1_UNIVERSALSTRING,
1745 "X\xef\xbb\xbf"},
1746 // The maximum code-point should pass though.
1747 {{0, 16, 0xff, 0xfd}, V_ASN1_UNIVERSALSTRING, "\xf4\x8f\xbf\xbd"},
1748 // Values outside the Unicode space should not.
1749 {{0, 17, 0, 0}, V_ASN1_UNIVERSALSTRING, nullptr},
1750 // Non-characters should be rejected.
1751 {{0, 1, 0xff, 0xff}, V_ASN1_UNIVERSALSTRING, nullptr},
1752 {{0, 1, 0xff, 0xfe}, V_ASN1_UNIVERSALSTRING, nullptr},
1753 {{0, 0, 0xfd, 0xd5}, V_ASN1_UNIVERSALSTRING, nullptr},
1754 // BMPString is UCS-2, not UTF-16, so surrogate pairs are invalid.
1755 {{0xd8, 0, 0xdc, 1}, V_ASN1_BMPSTRING, nullptr},
1756 };
1757
1758 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTests); i++) {
1759 SCOPED_TRACE(i);
1760 const auto& test = kTests[i];
1761 ASN1_STRING s;
1762 s.type = test.type;
1763 s.data = const_cast<uint8_t*>(test.in.data());
1764 s.length = test.in.size();
1765
1766 uint8_t *utf8;
1767 const int utf8_len = ASN1_STRING_to_UTF8(&utf8, &s);
1768 EXPECT_EQ(utf8_len < 0, test.expected == nullptr);
1769 if (utf8_len >= 0) {
1770 if (test.expected != nullptr) {
1771 EXPECT_EQ(Bytes(test.expected), Bytes(utf8, utf8_len));
1772 }
1773 OPENSSL_free(utf8);
1774 } else {
1775 ERR_clear_error();
1776 }
1777 }
1778 }
1779
TEST(X509Test,NoBasicConstraintsCertSign)1780 TEST(X509Test, NoBasicConstraintsCertSign) {
1781 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1782 bssl::UniquePtr<X509> intermediate(
1783 CertFromPEM(kNoBasicConstraintsCertSignIntermediate));
1784 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf));
1785
1786 ASSERT_TRUE(root);
1787 ASSERT_TRUE(intermediate);
1788 ASSERT_TRUE(leaf);
1789
1790 // The intermediate has keyUsage certSign, but is not marked as a CA in the
1791 // basicConstraints.
1792 EXPECT_EQ(X509_V_ERR_INVALID_CA,
1793 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
1794 }
1795
TEST(X509Test,NoBasicConstraintsNetscapeCA)1796 TEST(X509Test, NoBasicConstraintsNetscapeCA) {
1797 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1798 bssl::UniquePtr<X509> intermediate(
1799 CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate));
1800 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf));
1801
1802 ASSERT_TRUE(root);
1803 ASSERT_TRUE(intermediate);
1804 ASSERT_TRUE(leaf);
1805
1806 // The intermediate has a Netscape certificate type of "SSL CA", but is not
1807 // marked as a CA in the basicConstraints.
1808 EXPECT_EQ(X509_V_ERR_INVALID_CA,
1809 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
1810 }
1811
TEST(X509Test,MismatchAlgorithms)1812 TEST(X509Test, MismatchAlgorithms) {
1813 bssl::UniquePtr<X509> cert(CertFromPEM(kSelfSignedMismatchAlgorithms));
1814 ASSERT_TRUE(cert);
1815
1816 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1817 ASSERT_TRUE(pkey);
1818
1819 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
1820 uint32_t err = ERR_get_error();
1821 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
1822 EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err));
1823 }
1824
TEST(X509Test,PEMX509Info)1825 TEST(X509Test, PEMX509Info) {
1826 std::string cert = kRootCAPEM;
1827 auto cert_obj = CertFromPEM(kRootCAPEM);
1828 ASSERT_TRUE(cert_obj);
1829
1830 std::string rsa = kRSAKey;
1831 auto rsa_obj = PrivateKeyFromPEM(kRSAKey);
1832 ASSERT_TRUE(rsa_obj);
1833
1834 std::string crl = kBasicCRL;
1835 auto crl_obj = CRLFromPEM(kBasicCRL);
1836 ASSERT_TRUE(crl_obj);
1837
1838 std::string unknown =
1839 "-----BEGIN UNKNOWN-----\n"
1840 "AAAA\n"
1841 "-----END UNKNOWN-----\n";
1842
1843 std::string invalid =
1844 "-----BEGIN CERTIFICATE-----\n"
1845 "AAAA\n"
1846 "-----END CERTIFICATE-----\n";
1847
1848 // Each X509_INFO contains at most one certificate, CRL, etc. The format
1849 // creates a new X509_INFO when a repeated type is seen.
1850 std::string pem =
1851 // The first few entries have one of everything in different orders.
1852 cert + rsa + crl +
1853 rsa + crl + cert +
1854 // Unknown types are ignored.
1855 crl + unknown + cert + rsa +
1856 // Seeing a new certificate starts a new entry, so now we have a bunch of
1857 // certificate-only entries.
1858 cert + cert + cert +
1859 // The key folds into the certificate's entry.
1860 cert + rsa +
1861 // Doubled keys also start new entries.
1862 rsa + rsa + rsa + rsa + crl +
1863 // As do CRLs.
1864 crl + crl;
1865
1866 const struct ExpectedInfo {
1867 const X509 *cert;
1868 const EVP_PKEY *key;
1869 const X509_CRL *crl;
1870 } kExpected[] = {
1871 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
1872 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
1873 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
1874 {cert_obj.get(), nullptr, nullptr},
1875 {cert_obj.get(), nullptr, nullptr},
1876 {cert_obj.get(), nullptr, nullptr},
1877 {cert_obj.get(), rsa_obj.get(), nullptr},
1878 {nullptr, rsa_obj.get(), nullptr},
1879 {nullptr, rsa_obj.get(), nullptr},
1880 {nullptr, rsa_obj.get(), nullptr},
1881 {nullptr, rsa_obj.get(), crl_obj.get()},
1882 {nullptr, nullptr, crl_obj.get()},
1883 {nullptr, nullptr, crl_obj.get()},
1884 };
1885
1886 auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) {
1887 if (expected->cert != nullptr) {
1888 EXPECT_EQ(0, X509_cmp(expected->cert, info->x509));
1889 } else {
1890 EXPECT_EQ(nullptr, info->x509);
1891 }
1892 if (expected->crl != nullptr) {
1893 EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl));
1894 } else {
1895 EXPECT_EQ(nullptr, info->crl);
1896 }
1897 if (expected->key != nullptr) {
1898 ASSERT_NE(nullptr, info->x_pkey);
1899 // EVP_PKEY_cmp returns one if the keys are equal.
1900 EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey));
1901 } else {
1902 EXPECT_EQ(nullptr, info->x_pkey);
1903 }
1904 };
1905
1906 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
1907 ASSERT_TRUE(bio);
1908 bssl::UniquePtr<STACK_OF(X509_INFO)> infos(
1909 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
1910 ASSERT_TRUE(infos);
1911 ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
1912 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
1913 SCOPED_TRACE(i);
1914 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
1915 }
1916
1917 // Passing an existing stack appends to it.
1918 bio.reset(BIO_new_mem_buf(pem.data(), pem.size()));
1919 ASSERT_TRUE(bio);
1920 ASSERT_EQ(infos.get(),
1921 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
1922 ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
1923 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
1924 SCOPED_TRACE(i);
1925 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
1926 check_info(
1927 &kExpected[i],
1928 sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected)));
1929 }
1930
1931 // Gracefully handle errors in both the append and fresh cases.
1932 std::string bad_pem = cert + cert + invalid;
1933
1934 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
1935 ASSERT_TRUE(bio);
1936 bssl::UniquePtr<STACK_OF(X509_INFO)> infos2(
1937 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
1938 EXPECT_FALSE(infos2);
1939
1940 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
1941 ASSERT_TRUE(bio);
1942 EXPECT_FALSE(
1943 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
1944 EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
1945 }
1946
TEST(X509Test,ReadBIOEmpty)1947 TEST(X509Test, ReadBIOEmpty) {
1948 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(nullptr, 0));
1949 ASSERT_TRUE(bio);
1950
1951 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
1952 // certificates.
1953 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
1954 EXPECT_FALSE(x509);
1955 uint32_t err = ERR_get_error();
1956 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
1957 EXPECT_EQ(ASN1_R_HEADER_TOO_LONG, ERR_GET_REASON(err));
1958 }
1959
TEST(X509Test,ReadBIOOneByte)1960 TEST(X509Test, ReadBIOOneByte) {
1961 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf("\x30", 1));
1962 ASSERT_TRUE(bio);
1963
1964 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
1965 // certificates. This EOF appeared after some data, however, so we do not wish
1966 // to signal EOF.
1967 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
1968 EXPECT_FALSE(x509);
1969 uint32_t err = ERR_get_error();
1970 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
1971 EXPECT_EQ(ASN1_R_NOT_ENOUGH_DATA, ERR_GET_REASON(err));
1972 }
1973
TEST(X509Test,PartialBIOReturn)1974 TEST(X509Test, PartialBIOReturn) {
1975 // Create a filter BIO that only reads and writes one byte at a time.
1976 bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr));
1977 ASSERT_TRUE(method);
1978 ASSERT_TRUE(BIO_meth_set_create(method.get(), [](BIO *b) -> int {
1979 BIO_set_init(b, 1);
1980 return 1;
1981 }));
1982 ASSERT_TRUE(
1983 BIO_meth_set_read(method.get(), [](BIO *b, char *out, int len) -> int {
1984 return BIO_read(BIO_next(b), out, std::min(len, 1));
1985 }));
1986 ASSERT_TRUE(BIO_meth_set_write(
1987 method.get(), [](BIO *b, const char *in, int len) -> int {
1988 return BIO_write(BIO_next(b), in, std::min(len, 1));
1989 }));
1990
1991 bssl::UniquePtr<BIO> bio(BIO_new(method.get()));
1992 ASSERT_TRUE(bio);
1993 BIO *mem_bio = BIO_new(BIO_s_mem());
1994 ASSERT_TRUE(mem_bio);
1995 BIO_push(bio.get(), mem_bio); // BIO_push takes ownership.
1996
1997 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
1998 ASSERT_TRUE(cert);
1999 uint8_t *der = nullptr;
2000 int der_len = i2d_X509(cert.get(), &der);
2001 ASSERT_GT(der_len, 0);
2002 bssl::UniquePtr<uint8_t> free_der(der);
2003
2004 // Write the certificate into the BIO. Though we only write one byte at a
2005 // time, the write should succeed.
2006 ASSERT_EQ(1, i2d_X509_bio(bio.get(), cert.get()));
2007 const uint8_t *der2;
2008 size_t der2_len;
2009 ASSERT_TRUE(BIO_mem_contents(mem_bio, &der2, &der2_len));
2010 EXPECT_EQ(Bytes(der, static_cast<size_t>(der_len)), Bytes(der2, der2_len));
2011
2012 // Read the certificate back out of the BIO. Though we only read one byte at a
2013 // time, the read should succeed.
2014 bssl::UniquePtr<X509> cert2(d2i_X509_bio(bio.get(), nullptr));
2015 ASSERT_TRUE(cert2);
2016 EXPECT_EQ(0, X509_cmp(cert.get(), cert2.get()));
2017 }
2018
TEST(X509Test,CommonNameFallback)2019 TEST(X509Test, CommonNameFallback) {
2020 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2021 ASSERT_TRUE(root);
2022 bssl::UniquePtr<X509> with_sans = CertFromPEM(kCommonNameWithSANs);
2023 ASSERT_TRUE(with_sans);
2024 bssl::UniquePtr<X509> without_sans = CertFromPEM(kCommonNameWithoutSANs);
2025 ASSERT_TRUE(without_sans);
2026 bssl::UniquePtr<X509> with_email = CertFromPEM(kCommonNameWithEmailSAN);
2027 ASSERT_TRUE(with_email);
2028 bssl::UniquePtr<X509> with_ip = CertFromPEM(kCommonNameWithIPSAN);
2029 ASSERT_TRUE(with_ip);
2030
2031 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2032 return Verify(
2033 leaf, {root.get()}, {}, {}, 0, false, [&](X509_VERIFY_PARAM *param) {
2034 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2035 X509_VERIFY_PARAM_set_hostflags(param, flags);
2036 });
2037 };
2038
2039 // By default, the common name is ignored if the SAN list is present but
2040 // otherwise is checked.
2041 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2042 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host1.test"));
2043 EXPECT_EQ(X509_V_OK,
2044 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host2.test"));
2045 EXPECT_EQ(X509_V_OK,
2046 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host3.test"));
2047 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(), 0 /* no flags */,
2048 "foo.host1.test"));
2049 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2050 verify_cert(with_email.get(), 0 /* no flags */, "foo.host1.test"));
2051 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2052 verify_cert(with_ip.get(), 0 /* no flags */, "foo.host1.test"));
2053
2054 // X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT is ignored.
2055 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2056 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2057 "foo.host1.test"));
2058 EXPECT_EQ(X509_V_OK,
2059 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2060 "foo.host2.test"));
2061 EXPECT_EQ(X509_V_OK,
2062 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2063 "foo.host3.test"));
2064 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(),
2065 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2066 "foo.host1.test"));
2067 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2068 verify_cert(with_email.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2069 "foo.host1.test"));
2070 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2071 verify_cert(with_ip.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2072 "foo.host1.test"));
2073
2074 // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT implements the correct behavior: the
2075 // common name is never checked.
2076 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2077 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2078 "foo.host1.test"));
2079 EXPECT_EQ(X509_V_OK,
2080 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2081 "foo.host2.test"));
2082 EXPECT_EQ(X509_V_OK,
2083 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2084 "foo.host3.test"));
2085 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2086 verify_cert(without_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2087 "foo.host1.test"));
2088 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2089 verify_cert(with_email.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2090 "foo.host1.test"));
2091 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2092 verify_cert(with_ip.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2093 "foo.host1.test"));
2094 }
2095
TEST(X509Test,LooksLikeDNSName)2096 TEST(X509Test, LooksLikeDNSName) {
2097 static const char *kValid[] = {
2098 "example.com",
2099 "eXample123-.com",
2100 "*.example.com",
2101 "exa_mple.com",
2102 "example.com.",
2103 "project-dev:us-central1:main",
2104 };
2105 static const char *kInvalid[] = {
2106 "-eXample123-.com",
2107 "",
2108 ".",
2109 "*",
2110 "*.",
2111 "example..com",
2112 ".example.com",
2113 "example.com..",
2114 "*foo.example.com",
2115 "foo.*.example.com",
2116 "foo,bar",
2117 };
2118
2119 for (const char *str : kValid) {
2120 SCOPED_TRACE(str);
2121 EXPECT_TRUE(x509v3_looks_like_dns_name(
2122 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2123 }
2124 for (const char *str : kInvalid) {
2125 SCOPED_TRACE(str);
2126 EXPECT_FALSE(x509v3_looks_like_dns_name(
2127 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2128 }
2129 }
2130
TEST(X509Test,CommonNameAndNameConstraints)2131 TEST(X509Test, CommonNameAndNameConstraints) {
2132 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2133 ASSERT_TRUE(root);
2134 bssl::UniquePtr<X509> intermediate = CertFromPEM(kConstrainedIntermediate);
2135 ASSERT_TRUE(intermediate);
2136 bssl::UniquePtr<X509> permitted = CertFromPEM(kCommonNamePermittedLeaf);
2137 ASSERT_TRUE(permitted);
2138 bssl::UniquePtr<X509> not_permitted =
2139 CertFromPEM(kCommonNameNotPermittedLeaf);
2140 ASSERT_TRUE(not_permitted);
2141 bssl::UniquePtr<X509> not_permitted_with_sans =
2142 CertFromPEM(kCommonNameNotPermittedWithSANsLeaf);
2143 ASSERT_TRUE(not_permitted_with_sans);
2144 bssl::UniquePtr<X509> not_dns = CertFromPEM(kCommonNameNotDNSLeaf);
2145 ASSERT_TRUE(not_dns);
2146
2147 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2148 return Verify(
2149 leaf, {root.get()}, {intermediate.get()}, {}, 0, false,
2150 [&](X509_VERIFY_PARAM *param) {
2151 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2152 X509_VERIFY_PARAM_set_hostflags(param, flags);
2153 });
2154 };
2155
2156 // Certificates which would otherwise trigger the common name fallback are
2157 // rejected whenever there are name constraints. We do this whether or not
2158 // the common name matches the constraints.
2159 EXPECT_EQ(
2160 X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2161 verify_cert(permitted.get(), 0 /* no flags */, kCommonNamePermitted));
2162 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2163 verify_cert(not_permitted.get(), 0 /* no flags */,
2164 kCommonNameNotPermitted));
2165
2166 // This occurs even if the built-in name checks aren't used. The caller may
2167 // separately call |X509_check_host|.
2168 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2169 Verify(not_permitted.get(), {root.get()}, {intermediate.get()}, {},
2170 0 /* no flags */, false, nullptr));
2171
2172 // If the leaf certificate has SANs, the common name fallback is always
2173 // disabled, so the name constraints do not apply.
2174 EXPECT_EQ(X509_V_OK, Verify(not_permitted_with_sans.get(), {root.get()},
2175 {intermediate.get()}, {}, 0, false, nullptr));
2176 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2177 verify_cert(not_permitted_with_sans.get(), 0 /* no flags */,
2178 kCommonNameNotPermittedWithSANs));
2179
2180 // If the common name does not look like a DNS name, we apply neither name
2181 // constraints nor common name fallback.
2182 EXPECT_EQ(X509_V_OK, Verify(not_dns.get(), {root.get()}, {intermediate.get()},
2183 {}, 0, false, nullptr));
2184 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2185 verify_cert(not_dns.get(), 0 /* no flags */, kCommonNameNotDNS));
2186 }
2187
TEST(X509Test,ServerGatedCryptoEKUs)2188 TEST(X509Test, ServerGatedCryptoEKUs) {
2189 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2190 ASSERT_TRUE(root);
2191 bssl::UniquePtr<X509> ms_sgc = CertFromPEM(kMicrosoftSGCCert);
2192 ASSERT_TRUE(ms_sgc);
2193 bssl::UniquePtr<X509> ns_sgc = CertFromPEM(kNetscapeSGCCert);
2194 ASSERT_TRUE(ns_sgc);
2195 bssl::UniquePtr<X509> server_eku = CertFromPEM(kServerEKUCert);
2196 ASSERT_TRUE(server_eku);
2197 bssl::UniquePtr<X509> server_eku_plus_ms_sgc =
2198 CertFromPEM(kServerEKUPlusMicrosoftSGCCert);
2199 ASSERT_TRUE(server_eku_plus_ms_sgc);
2200 bssl::UniquePtr<X509> any_eku = CertFromPEM(kAnyEKU);
2201 ASSERT_TRUE(any_eku);
2202 bssl::UniquePtr<X509> no_eku = CertFromPEM(kNoEKU);
2203 ASSERT_TRUE(no_eku);
2204
2205 auto verify_cert = [&root](X509 *leaf) {
2206 return Verify(leaf, {root.get()}, /*intermediates=*/{}, /*crls=*/{},
2207 /*flags=*/0, /*use_additional_untrusted=*/false,
2208 [&](X509_VERIFY_PARAM *param) {
2209 ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
2210 param, X509_PURPOSE_SSL_SERVER));
2211 });
2212 };
2213
2214 // Neither the Microsoft nor Netscape SGC EKU should be sufficient for
2215 // |X509_PURPOSE_SSL_SERVER|. The "any" EKU probably, technically, should be.
2216 // However, we've never accepted it and it's not acceptable in leaf
2217 // certificates by the Baseline, so perhaps we don't need this complexity.
2218 for (X509 *leaf : {ms_sgc.get(), ns_sgc.get(), any_eku.get()}) {
2219 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE, verify_cert(leaf));
2220 }
2221
2222 // The server-auth EKU is sufficient, and it doesn't matter if an SGC EKU is
2223 // also included. Lastly, not specifying an EKU is also valid.
2224 for (X509 *leaf : {server_eku.get(), server_eku_plus_ms_sgc.get(),
2225 no_eku.get()}) {
2226 EXPECT_EQ(X509_V_OK, verify_cert(leaf));
2227 }
2228 }
2229
TEST(X509Test,GeneralName)2230 TEST(X509Test, GeneralName) {
2231 const std::vector<uint8_t> kNames[] = {
2232 // [0] {
2233 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2234 // [0] {
2235 // SEQUENCE {}
2236 // }
2237 // }
2238 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2239 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00},
2240 // [0] {
2241 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2242 // [0] {
2243 // [APPLICATION 0] {}
2244 // }
2245 // }
2246 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2247 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00},
2248 // [0] {
2249 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2250 // [0] {
2251 // UTF8String { "a" }
2252 // }
2253 // }
2254 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2255 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61},
2256 // [0] {
2257 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
2258 // [0] {
2259 // UTF8String { "a" }
2260 // }
2261 // }
2262 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2263 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61},
2264 // [0] {
2265 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2266 // [0] {
2267 // UTF8String { "b" }
2268 // }
2269 // }
2270 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2271 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62},
2272 // [0] {
2273 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2274 // [0] {
2275 // BOOLEAN { TRUE }
2276 // }
2277 // }
2278 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2279 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff},
2280 // [0] {
2281 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2282 // [0] {
2283 // BOOLEAN { FALSE }
2284 // }
2285 // }
2286 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2287 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00},
2288 // [1 PRIMITIVE] { "a" }
2289 {0x81, 0x01, 0x61},
2290 // [1 PRIMITIVE] { "b" }
2291 {0x81, 0x01, 0x62},
2292 // [2 PRIMITIVE] { "a" }
2293 {0x82, 0x01, 0x61},
2294 // [2 PRIMITIVE] { "b" }
2295 {0x82, 0x01, 0x62},
2296 // [4] {
2297 // SEQUENCE {
2298 // SET {
2299 // SEQUENCE {
2300 // # commonName
2301 // OBJECT_IDENTIFIER { 2.5.4.3 }
2302 // UTF8String { "a" }
2303 // }
2304 // }
2305 // }
2306 // }
2307 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
2308 0x03, 0x0c, 0x01, 0x61},
2309 // [4] {
2310 // SEQUENCE {
2311 // SET {
2312 // SEQUENCE {
2313 // # commonName
2314 // OBJECT_IDENTIFIER { 2.5.4.3 }
2315 // UTF8String { "b" }
2316 // }
2317 // }
2318 // }
2319 // }
2320 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
2321 0x03, 0x0c, 0x01, 0x62},
2322 // [5] {
2323 // [1] {
2324 // UTF8String { "a" }
2325 // }
2326 // }
2327 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2328 // [5] {
2329 // [1] {
2330 // UTF8String { "b" }
2331 // }
2332 // }
2333 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62},
2334 // [5] {
2335 // [0] {
2336 // UTF8String {}
2337 // }
2338 // [1] {
2339 // UTF8String { "a" }
2340 // }
2341 // }
2342 {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2343 // [5] {
2344 // [0] {
2345 // UTF8String { "a" }
2346 // }
2347 // [1] {
2348 // UTF8String { "a" }
2349 // }
2350 // }
2351 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2352 // [5] {
2353 // [0] {
2354 // UTF8String { "b" }
2355 // }
2356 // [1] {
2357 // UTF8String { "a" }
2358 // }
2359 // }
2360 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2361 // [6 PRIMITIVE] { "a" }
2362 {0x86, 0x01, 0x61},
2363 // [6 PRIMITIVE] { "b" }
2364 {0x86, 0x01, 0x62},
2365 // [7 PRIMITIVE] { `11111111` }
2366 {0x87, 0x04, 0x11, 0x11, 0x11, 0x11},
2367 // [7 PRIMITIVE] { `22222222`}
2368 {0x87, 0x04, 0x22, 0x22, 0x22, 0x22},
2369 // [7 PRIMITIVE] { `11111111111111111111111111111111` }
2370 {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
2371 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
2372 // [7 PRIMITIVE] { `22222222222222222222222222222222` }
2373 {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
2374 0x22, 0x22, 0x22, 0x22, 0x22, 0x22},
2375 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 }
2376 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
2377 0x09, 0x02, 0x01},
2378 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 }
2379 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
2380 0x09, 0x02, 0x02},
2381 };
2382
2383 // Every name should be equal to itself and not equal to any others.
2384 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) {
2385 SCOPED_TRACE(Bytes(kNames[i]));
2386
2387 const uint8_t *ptr = kNames[i].data();
2388 bssl::UniquePtr<GENERAL_NAME> a(
2389 d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size()));
2390 ASSERT_TRUE(a);
2391
2392 for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) {
2393 SCOPED_TRACE(Bytes(kNames[j]));
2394
2395 ptr = kNames[j].data();
2396 bssl::UniquePtr<GENERAL_NAME> b(
2397 d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size()));
2398 ASSERT_TRUE(b);
2399
2400 if (i == j) {
2401 EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0);
2402 } else {
2403 EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0);
2404 }
2405 }
2406 }
2407 }
2408