1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <algorithm>
16 #include <functional>
17 #include <string>
18 #include <vector>
19
20 #include <gtest/gtest.h>
21
22 #include <openssl/asn1.h>
23 #include <openssl/bio.h>
24 #include <openssl/bytestring.h>
25 #include <openssl/crypto.h>
26 #include <openssl/curve25519.h>
27 #include <openssl/digest.h>
28 #include <openssl/err.h>
29 #include <openssl/nid.h>
30 #include <openssl/pem.h>
31 #include <openssl/pool.h>
32 #include <openssl/x509.h>
33 #include <openssl/x509v3.h>
34
35 #include "internal.h"
36 #include "../internal.h"
37 #include "../test/test_util.h"
38 #include "../x509v3/internal.h"
39
40
41 std::string GetTestData(const char *path);
42
43 static const char kCrossSigningRootPEM[] = R"(
44 -----BEGIN CERTIFICATE-----
45 MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
46 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
47 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE
48 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
49 dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp
50 ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5
51 EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP
52 RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud
53 JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud
54 DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF
55 lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC
56 CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr
57 +3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3
58 YFXvkME=
59 -----END CERTIFICATE-----
60 )";
61
62 static const char kRootCAPEM[] = R"(
63 -----BEGIN CERTIFICATE-----
64 MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE
65 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx
66 MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU
67 RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
68 iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM
69 2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ
70 w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO
71 BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G
72 A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j
73 BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za
74 kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN
75 +9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2
76 kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==
77 -----END CERTIFICATE-----
78 )";
79
80 static const char kRootCrossSignedPEM[] = R"(
81 -----BEGIN CERTIFICATE-----
82 MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
83 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
84 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE
85 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI
86 hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU
87 8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE
88 bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb
89 SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
90 AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc
91 flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB
92 CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q
93 9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU
94 90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV
95 -----END CERTIFICATE-----
96 )";
97
98 static const char kIntermediatePEM[] = R"(
99 -----BEGIN CERTIFICATE-----
100 MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV
101 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw
102 MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg
103 VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB
104 AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl
105 blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu
106 CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID
107 AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
108 AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy
109 BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB
110 gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY
111 ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB
112 aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==
113 -----END CERTIFICATE-----
114 )";
115
116 static const char kIntermediateSelfSignedPEM[] = R"(
117 -----BEGIN CERTIFICATE-----
118 MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
119 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
120 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv
121 cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ
122 KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX
123 jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS
124 JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N
125 WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF
126 BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2
127 211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
128 DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT
129 6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI
130 E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH
131 -----END CERTIFICATE-----
132 )";
133
134 static const char kLeafPEM[] = R"(
135 -----BEGIN CERTIFICATE-----
136 MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE
137 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg
138 Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y
139 aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3
140 DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c
141 oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j
142 5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh
143 TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
144 CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0
145 4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB
146 gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y
147 rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU
148 xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==
149 -----END CERTIFICATE-----
150 )";
151
152 static const char kLeafNoKeyUsagePEM[] = R"(
153 -----BEGIN CERTIFICATE-----
154 MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
155 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
156 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv
157 cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G
158 CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp
159 ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk
160 j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ
161 YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1
162 27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN
163 AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe
164 6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D
165 uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=
166 -----END CERTIFICATE-----
167 )";
168
169 static const char kForgeryPEM[] = R"(
170 -----BEGIN CERTIFICATE-----
171 MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE
172 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w
173 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv
174 cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf
175 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy
176 xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm
177 0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3
178 OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
179 KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM
180 8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG
181 9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf
182 DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4
183 4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==
184 -----END CERTIFICATE-----
185 )";
186
187 // kExamplePSSCert is an example RSA-PSS self-signed certificate, signed with
188 // the default hash functions.
189 static const char kExamplePSSCert[] = R"(
190 -----BEGIN CERTIFICATE-----
191 MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL
192 MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy
193 bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5
194 NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK
195 DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
196 MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8
197 0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3
198 13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO
199 MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ
200 QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC
201 AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w
202 xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN
203 Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY=
204 -----END CERTIFICATE-----
205 )";
206
207 // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters.
208 static const char kBadPSSCertPEM[] = R"(
209 -----BEGIN CERTIFICATE-----
210 MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
211 AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
212 VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
213 NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
214 ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
215 qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
216 IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
217 IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
218 dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
219 QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
220 5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
221 4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
222 Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
223 BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
224 xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
225 plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
226 DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
227 NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
228 lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
229 -----END CERTIFICATE-----
230 )";
231
232 static const char kRSAKey[] = R"(
233 -----BEGIN RSA PRIVATE KEY-----
234 MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92
235 kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF
236 KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB
237 AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe
238 i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+
239 WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ
240 m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj
241 QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk
242 aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj
243 LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk
244 104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/
245 tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd
246 moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==
247 -----END RSA PRIVATE KEY-----
248 )";
249
250 static const char kP256Key[] = R"(
251 -----BEGIN PRIVATE KEY-----
252 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ
253 TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N
254 Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB
255 -----END PRIVATE KEY-----
256 )";
257
258 // kCRLTestRoot is a test root certificate. It has private key:
259 //
260 // -----BEGIN RSA PRIVATE KEY-----
261 // MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
262 // lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
263 // 07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
264 // IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
265 // 9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
266 // ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
267 // DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
268 // Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
269 // aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
270 // GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
271 // 9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
272 // grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
273 // /zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
274 // 5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
275 // DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
276 // BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
277 // lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
278 // TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
279 // RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
280 // ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
281 // s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
282 // EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
283 // qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
284 // Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
285 // vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
286 // -----END RSA PRIVATE KEY-----
287 static const char kCRLTestRoot[] = R"(
288 -----BEGIN CERTIFICATE-----
289 MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
290 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
291 aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0
292 MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
293 A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq
294 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B
295 S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+
296 5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp
297 uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n
298 8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL
299 P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw
300 TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3
301 N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
302 AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz
303 EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN
304 XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B
305 3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5
306 24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw
307 amd8GKMZQvP0ufGnUn7D7uartA==
308 -----END CERTIFICATE-----
309 )";
310
311 static const char kCRLTestLeaf[] = R"(
312 -----BEGIN CERTIFICATE-----
313 MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx
314 EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ
315 BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa
316 MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC
317 b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA
318 A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9
319 8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP
320 ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx
321 e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX
322 +saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu
323 OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC
324 MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
325 MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3
326 lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw
327 XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ
328 ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh
329 lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql
330 ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC
331 5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG
332 tjJMFw==
333 -----END CERTIFICATE-----
334 )";
335
336 static const char kBasicCRL[] = R"(
337 -----BEGIN X509 CRL-----
338 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
339 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
340 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
341 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
342 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
343 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
344 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
345 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
346 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
347 -----END X509 CRL-----
348 )";
349
350 static const char kRevokedCRL[] = R"(
351 -----BEGIN X509 CRL-----
352 MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
353 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
354 Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX
355 DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB
356 AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d
357 sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH
358 NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5
359 OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp
360 Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO
361 xzfKY2TzxLiOmctG0hXFkH5J
362 -----END X509 CRL-----
363 )";
364
365 static const char kBadIssuerCRL[] = R"(
366 -----BEGIN X509 CRL-----
367 MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE
368 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN
369 Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC
370 AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF
371 AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP
372 t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB
373 cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL
374 TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q
375 L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g
376 Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==
377 -----END X509 CRL-----
378 )";
379
380 // kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point
381 // extension.
382 static const char kKnownCriticalCRL[] = R"(
383 -----BEGIN X509 CRL-----
384 MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
385 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
386 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV
387 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq
388 3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs
389 kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs
390 fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN
391 xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h
392 6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP
393 9dMWxqhQlv23osLp
394 -----END X509 CRL-----
395 )";
396
397 // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
398 static const char kUnknownCriticalCRL[] = R"(
399 -----BEGIN X509 CRL-----
400 MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
401 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
402 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV
403 HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA
404 GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib
405 Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC
406 yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ
407 +wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC
408 nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB
409 kwzzU2rL3G65CrZ7H0SZsQ==
410 -----END X509 CRL-----
411 )";
412
413 // kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
414 // point extension followed by an unknown critical extension
415 static const char kUnknownCriticalCRL2[] = R"(
416 -----BEGIN X509 CRL-----
417 MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
418 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
419 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV
420 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G
421 CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO
422 myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq
423 5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4
424 tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN
425 KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne
426 YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi
427 -----END X509 CRL-----
428 )";
429
430 // kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing
431 // distribution point extension.
432 static const char kBadExtensionCRL[] = R"(
433 -----BEGIN X509 CRL-----
434 MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
435 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
436 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV
437 HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3
438 i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q
439 mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ
440 NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A
441 3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+
442 7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp
443 o/1TpfOMSGhMyMoyPrk=
444 -----END X509 CRL-----
445 )";
446
447 // kAlgorithmMismatchCRL is kBasicCRL but with mismatched AlgorithmIdentifiers
448 // in the outer structure and signed portion. The signature reflects the signed
449 // portion.
450 static const char kAlgorithmMismatchCRL[] = R"(
451 -----BEGIN X509 CRL-----
452 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
453 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
454 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
455 HRQEAwIBATANBgkqhkiG9w0BAQwFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
456 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
457 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
458 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
459 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
460 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
461 -----END X509 CRL-----
462 )";
463
464 // kAlgorithmMismatchCRL2 is kBasicCRL but with mismatched AlgorithmIdentifiers
465 // in the outer structure and signed portion. The signature reflects the outer
466 // structure.
467 static const char kAlgorithmMismatchCRL2[] = R"(
468 -----BEGIN X509 CRL-----
469 MIIBpzCBkAIBATANBgkqhkiG9w0BAQwFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
470 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
471 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
472 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAjCWtU7AK8nQ5TCFfzvbU04MWNuLp
473 iZfqapRSRyMta4pyRomK773rEmJmYOc/ZNeIphVOlupMgGC2wyv5Z/SD1mxccJbv
474 SlUWciwjskjgvyyU9KnJ5xPgf3e3Fl3G0u9yJEFd4mg6fRavs5pEDX56b0f+SkG+
475 Vl1FZU94Uylm2kCqk9fRpTxualPGP6dksj3Aitt4x2Vdni4sUfg9vIEEOx2jnisq
476 iLqpT94IdETCWAciE0dgbogdOOsNzMqSASfHM/XPigYLXpYgfaR8fca6OKDwFsVH
477 SrkFz8Se3F6mCHnbDzYElbmA46iKU2J12LTrso3Ewq/qHq0mebfp2z0y6g==
478 -----END X509 CRL-----
479 )";
480
481 // kEd25519Cert is a self-signed Ed25519 certificate.
482 static const char kEd25519Cert[] = R"(
483 -----BEGIN CERTIFICATE-----
484 MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET
485 MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
486 dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE
487 BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
488 ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj
489 Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD
490 VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr
491 ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL
492 r+VHVKUhsrvcdCelnXRrrSD7xWAL
493 -----END CERTIFICATE-----
494 )";
495
496 // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in
497 // the signature algorithm.
498 static const char kEd25519CertNull[] = R"(
499 -----BEGIN CERTIFICATE-----
500 MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV
501 MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
502 IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD
503 VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
504 V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa
505 piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf
506 BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG
507 AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr
508 recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==
509 -----END CERTIFICATE-----
510 )";
511
512 // kX25519 is the example X25519 certificate from
513 // https://tools.ietf.org/html/rfc8410#section-10.2
514 static const char kX25519Cert[] = R"(
515 -----BEGIN CERTIFICATE-----
516 MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
517 N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
518 DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
519 ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
520 BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
521 /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
522 w1AH9efZBw==
523 -----END CERTIFICATE-----
524 )";
525
526 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
527 // contains SANS for example.com, test@example.com, 127.0.0.1, and
528 // https://example.com/. (The latter is useless for now since crypto/x509
529 // doesn't deal with URI SANs directly.)
530 static const char kSANTypesLeaf[] = R"(
531 -----BEGIN CERTIFICATE-----
532 MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV
533 BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw
534 MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx
535 FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
536 gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9
537 KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc
538 O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G
539 A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
540 VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS
541 gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0
542 QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG
543 9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf
544 dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk
545 jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==
546 -----END CERTIFICATE-----
547 )";
548
549 // -----BEGIN RSA PRIVATE KEY-----
550 // MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+
551 // l3mYQPtPbRT9KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB
552 // 1NkrKyQjd1scO711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQAB
553 // AoGACwf7z0i1DxOI2zSwFimLghfyCSp8mgT3fbZ3Wj0SebYu6ZUffjceneM/AVrq
554 // gGYHYLOVHcWJqfkl7X3hPo9SDhzLx0mM545/q21ZWCwjhswH7WiCEqV2/zeDO9WU
555 // NIO1VU0VoLm0AQ7ZvwnyB+fpgF9kkkDtbBJW7XWrfNVtlnECQQD97YENpEJ3X1kj
556 // 3rrkrHWDkKAyoWWY1i8Fm7LnganC9Bv6AVwgn5ZlE/479aWHF8vbOFEA3pFPiNZJ
557 // t9FTCfpJAkEA3RCXjGI0Y6GALFLwEs+nL/XZAfJaIpJEZVLCVosYQOSaMS4SchfC
558 // GGYVquT7ZgKk9uvz89Fg87OtBMWS9lrkHwJADGkGLKeBhBoJ3kHtem2fVK3F1pOi
559 // xoR5SdnhNYVVyaxqjZ5xZTrHe+stOrr3uxGDqhQniVZXXb6/Ul0Egv1y2QJAVg/h
560 // kAujba4wIhFf2VLyOZ+yjil1ocPj0LZ5Zgvcs1bMGJ1hHP3W2HzVrqRaowoggui1
561 // HpTC891dXGA2qKYV7QJAFDmT2A7OVvh3y4AEgzVwHrDmCMwMHKjCIntS7fjxrJnF
562 // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w==
563 // -----END RSA PRIVATE KEY-----
564
565 static const char kSANTypesRoot[] = R"(
566 -----BEGIN CERTIFICATE-----
567 MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE
568 ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw
569 MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ
570 MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/
571 EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy
572 SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J
573 1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/
574 BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E
575 BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3
576 1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f
577 c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH
578 bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms
579 d5YVX0c90VMnUhF/dlrqS9U=
580 -----END CERTIFICATE-----
581 )";
582
583 // -----BEGIN RSA PRIVATE KEY-----
584 // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V
585 // Imi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2
586 // m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQAB
587 // AoGALEF5daZqc+aEsp8X1yky3nsoheyPL0kqSBWii33IFemZgKcSaRnAoqjPWWLS
588 // 8dHj0I/4rej2MW8iuezVSpDak9tK5boHORC3w4p/wifkizQkLt1DANxTVbzcKvrt
589 // aZ7LjVaKkhjRJbLddniowFHkkWVbUccjvzcUd7Y2VuLbAhECQQDq4FE88aHio8zg
590 // bxSd0PwjEFwLYQTR19u812SoR8PmR6ofIL+pDwOV+fVs+OGcAAOgkhIukOrksQ4A
591 // 1cKtnyhXAkEA/gRI+u3tZ7UE1twIkBfZ6IvCdRodkPqHAYIxMRLzL+MhyZt4MEGc
592 // Ngb/F6U9/WOBFnoR/PI7IwE3ejutzKcL+QJBAKh+6eilk7QKPETZi1m3/dmNt+p1
593 // 3EZJ65pqjwxmB3Rg/vs7vCMk4TarTdSyKu+F1xRPFfoP/mK3Xctdjj6NyhsCQAYF
594 // 7/0TOzfkUPMPUJyqFB6xgbDpJ55ScnUUsznoqx+NkTWInDb4t02IqO/UmT2y6FKy
595 // Hk8TJ1fTJY+ebqaVp3ECQApx9gQ+n0zIhx97FMUuiRse73xkcW4+pZ8nF+8DmeQL
596 // /JKuuFGmzkG+rUbXFmo/Zg2ozVplw71NnQJ4znPsf7A=
597 // -----END RSA PRIVATE KEY-----
598
599 // The following four certificates were generated with this Go program, varying
600 // |includeNetscapeExtension| and defining rootKeyPEM and rootCertPEM to be
601 // strings containing the kSANTypesRoot, above.
602
603 // package main
604
605 // import (
606 // "crypto/ecdsa"
607 // "crypto/elliptic"
608 // "crypto/rand"
609 // "crypto/x509"
610 // "crypto/x509/pkix"
611 // "encoding/asn1"
612 // "encoding/pem"
613 // "math/big"
614 // "os"
615 // "time"
616 // )
617
618 // const includeNetscapeExtension = true
619
620 // func main() {
621 // block, _ := pem.Decode([]byte(rootKeyPEM))
622 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
623 // block, _ = pem.Decode([]byte(rootCertPEM))
624 // root, _ := x509.ParseCertificate(block.Bytes)
625
626 // interTemplate := &x509.Certificate{
627 // SerialNumber: big.NewInt(2),
628 // Subject: pkix.Name{
629 // CommonName: "No Basic Constraints (Netscape)",
630 // },
631 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
632 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
633 // }
634
635 // if includeNetscapeExtension {
636 // interTemplate.ExtraExtensions = []pkix.Extension{
637 // pkix.Extension{
638 // Id: asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113730, 1, 1}),
639 // Value: []byte{0x03, 0x02, 2, 0x04},
640 // },
641 // }
642 // } else {
643 // interTemplate.KeyUsage = x509.KeyUsageCertSign
644 // }
645
646 // interKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
647
648 // interDER, err := x509.CreateCertificate(rand.Reader, interTemplate, root, &interKey.PublicKey, rootPriv)
649 // if err != nil {
650 // panic(err)
651 // }
652
653 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: interDER})
654
655 // inter, _ := x509.ParseCertificate(interDER)
656
657 // leafTemplate := &x509.Certificate{
658 // SerialNumber: big.NewInt(3),
659 // Subject: pkix.Name{
660 // CommonName: "Leaf from CA with no Basic Constraints",
661 // },
662 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
663 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
664 // BasicConstraintsValid: true,
665 // }
666 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
667
668 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, inter, &leafKey.PublicKey, interKey)
669 // if err != nil {
670 // panic(err)
671 // }
672
673 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
674 // }
675
676 // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains
677 // certSign in the keyUsage.
678 static const char kNoBasicConstraintsCertSignIntermediate[] = R"(
679 -----BEGIN CERTIFICATE-----
680 MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
681 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
682 MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw
683 WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1
684 OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO
685 BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq
686 hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9
687 ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW
688 xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==
689 -----END CERTIFICATE-----
690 )";
691
692 static const char kNoBasicConstraintsCertSignLeaf[] = R"(
693 -----BEGIN CERTIFICATE-----
694 MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj
695 IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx
696 MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50
697 czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB
698 w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO
699 MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o
700 eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24
701 Djy3Zw==
702 -----END CERTIFICATE-----
703 )";
704
705 // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains
706 // a Netscape certificate-type extension that asserts a type of "SSL CA".
707 static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"(
708 -----BEGIN CERTIFICATE-----
709 MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
710 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
711 MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg
712 KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi
713 PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH
714 1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4
715 QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju
716 tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF
717 G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M
718 P9p6HuyLrmn0c/F0
719 -----END CERTIFICATE-----
720 )";
721
722 static const char kNoBasicConstraintsNetscapeCALeaf[] = R"(
723 -----BEGIN CERTIFICATE-----
724 MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp
725 YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw
726 MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp
727 YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2
728 tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q
729 DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh
730 aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj
731 XyPwWPbymSTpzKhB4xB7qQ==
732 -----END CERTIFICATE-----
733 )";
734
735 static const char kSelfSignedMismatchAlgorithms[] = R"(
736 -----BEGIN CERTIFICATE-----
737 MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV
738 BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3
739 MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH
740 DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
741 ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS
742 g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR
743 mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1
744 4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV
745 nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn
746 kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//
747 i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q
748 H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb
749 8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv
750 gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD
751 THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw
752 UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h
753 upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
754 AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be
755 PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj
756 mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd
757 VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+
758 JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r
759 yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV
760 cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy
761 R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3
762 pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn
763 BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m
764 KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=
765 -----END CERTIFICATE-----
766 )";
767
768 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
769 // *.host1.test as the common name and a SAN list of *.host2.test and
770 // foo.host3.test.
771 static const char kCommonNameWithSANs[] = R"(
772 -----BEGIN CERTIFICATE-----
773 MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
774 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
775 MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z
776 MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
777 AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07
778 zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
779 jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ
780 KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL
781 4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM
782 enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=
783 -----END CERTIFICATE-----
784 )";
785
786 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
787 // *.host1.test as the common name and no SAN list.
788 static const char kCommonNameWithoutSANs[] = R"(
789 -----BEGIN CERTIFICATE-----
790 MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
791 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
792 MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT
793 QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB
794 BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE
795 0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+
796 VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5
797 4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2
798 +YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO
799 pFFXI2B5usgI
800 -----END CERTIFICATE-----
801 )";
802
803 // kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with
804 // *.host1.test as the common name and the email address test@host2.test in the
805 // SAN list.
806 static const char kCommonNameWithEmailSAN[] = R"(
807 -----BEGIN CERTIFICATE-----
808 MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
809 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
810 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
811 zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs
812 8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/
813 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl
814 c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2
815 HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv
816 NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ
817 aet/mER21Z/9ZsTUoJQPJw==
818 -----END CERTIFICATE-----
819 )";
820
821 // kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with
822 // *.host1.test as the common name and the IP address 127.0.0.1 in the
823 // SAN list.
824 static const char kCommonNameWithIPSAN[] = R"(
825 -----BEGIN CERTIFICATE-----
826 MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
827 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
828 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
829 zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX
830 KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/
831 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A
832 AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO
833 DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju
834 mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU
835 D0+O6KI=
836 -----END CERTIFICATE-----
837 )";
838
839 // kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with
840 // permitted DNS names of permitted1.test and foo.permitted2.test and an
841 // excluded DNS name of excluded.permitted1.test. Its private key is:
842 //
843 // -----BEGIN PRIVATE KEY-----
844 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTXUM4tJWM7OzATty
845 // JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4
846 // kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y
847 // -----END PRIVATE KEY-----
848 static const char kConstrainedIntermediate[] = R"(
849 -----BEGIN CERTIFICATE-----
850 MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
851 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
852 MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl
853 cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X
854 NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK
855 LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc
856 flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv
857 by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw
858 DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI
859 9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6
860 cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz
861 UyM=
862 -----END CERTIFICATE-----
863 )";
864
865 // kCommonNamePermittedLeaf is a leaf certificate signed by
866 // kConstrainedIntermediate. Its common name is permitted by the name
867 // constraints.
868 static const char kCommonNamePermittedLeaf[] = R"(
869 -----BEGIN CERTIFICATE-----
870 MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
871 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
872 MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD
873 VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
874 QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc
875 emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD
876 AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY
877 yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==
878 -----END CERTIFICATE-----
879 )";
880 static const char kCommonNamePermitted[] = "foo.permitted1.test";
881
882 // kCommonNameNotPermittedLeaf is a leaf certificate signed by
883 // kConstrainedIntermediate. Its common name is not permitted by the name
884 // constraints.
885 static const char kCommonNameNotPermittedLeaf[] = R"(
886 -----BEGIN CERTIFICATE-----
887 MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
888 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
889 MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb
890 MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
891 AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM
892 HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO
893 PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN
894 5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==
895 -----END CERTIFICATE-----
896 )";
897 static const char kCommonNameNotPermitted[] = "not-permitted.test";
898
899 // kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by
900 // kConstrainedIntermediate. Its common name is not permitted by the name
901 // constraints but it has a SAN list.
902 static const char kCommonNameNotPermittedWithSANsLeaf[] = R"(
903 -----BEGIN CERTIFICATE-----
904 MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
905 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
906 MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3
907 aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49
908 AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR
909 93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC
910 MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl
911 ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl
912 4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+
913 -----END CERTIFICATE-----
914 )";
915 static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test";
916
917 // kCommonNameNotDNSLeaf is a leaf certificate signed by
918 // kConstrainedIntermediate. Its common name is not a DNS name.
919 static const char kCommonNameNotDNSLeaf[] = R"(
920 -----BEGIN CERTIFICATE-----
921 MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
922 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
923 MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE
924 AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc
925 Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ
926 Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC
927 IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH
928 RHNlAkTK2TnUaVn3fGSylaLiFS1r
929 -----END CERTIFICATE-----
930 )";
931 static const char kCommonNameNotDNS[] = "Not a DNS name";
932
933 // The following six certificates are issued by |kSANTypesRoot| and have
934 // different extended key usage values. They were created with the following
935 // Go program:
936 //
937 // func main() {
938 // block, _ := pem.Decode([]byte(rootKeyPEM))
939 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
940 // block, _ = pem.Decode([]byte(rootCertPEM))
941 // root, _ := x509.ParseCertificate(block.Bytes)
942 //
943 // leafTemplate := &x509.Certificate{
944 // SerialNumber: big.NewInt(3),
945 // Subject: pkix.Name{
946 // CommonName: "EKU msSGC",
947 // },
948 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
949 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
950 // BasicConstraintsValid: true,
951 // ExtKeyUsage: []x509.ExtKeyUsage{FILL IN HERE},
952 // }
953 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
954 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, root, &leafKey.PublicKey, rootPriv)
955 // if err != nil {
956 // panic(err)
957 // }
958 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
959 // }
960
961 static const char kMicrosoftSGCCert[] = R"(
962 -----BEGIN CERTIFICATE-----
963 MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
964 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
965 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
966 AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2
967 mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK
968 KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U
969 BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I
970 rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe
971 aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0
972 cC4l0r/6jik=
973 -----END CERTIFICATE-----
974 )";
975
976 static const char kNetscapeSGCCert[] = R"(
977 -----BEGIN CERTIFICATE-----
978 MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
979 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
980 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
981 AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x
982 kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ
983 YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE
984 J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc
985 8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W
986 dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M
987 RQHX6HQJJg==
988 -----END CERTIFICATE-----
989 )";
990
991 static const char kServerEKUCert[] = R"(
992 -----BEGIN CERTIFICATE-----
993 MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
994 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
995 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
996 AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ
997 SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI
998 KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
999 jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL
1000 iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I
1001 6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP
1002 2hoEMdz2
1003 -----END CERTIFICATE-----
1004 )";
1005
1006 static const char kServerEKUPlusMicrosoftSGCCert[] = R"(
1007 -----BEGIN CERTIFICATE-----
1008 MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1009 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1010 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1011 AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z
1012 ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI
1013 KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA
1014 N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS
1015 SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa
1016 KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H
1017 5V9oXd1bodEqVsOZ/mur24Ku
1018 -----END CERTIFICATE-----
1019 )";
1020
1021 static const char kAnyEKU[] = R"(
1022 -----BEGIN CERTIFICATE-----
1023 MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1024 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1025 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1026 AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu
1027 1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE
1028 VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw
1029 DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq
1030 uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3
1031 /OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz
1032 L6A=
1033 -----END CERTIFICATE-----
1034 )";
1035
1036 static const char kNoEKU[] = R"(
1037 -----BEGIN CERTIFICATE-----
1038 MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1039 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1040 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1041 AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz
1042 KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw
1043 ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB
1044 AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF
1045 T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3
1046 TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2
1047 -----END CERTIFICATE-----
1048 )";
1049
1050 // CertFromPEM parses the given, NUL-terminated PEM block and returns an
1051 // |X509*|.
CertFromPEM(const char * pem)1052 static bssl::UniquePtr<X509> CertFromPEM(const char *pem) {
1053 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1054 return bssl::UniquePtr<X509>(
1055 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1056 }
1057
1058 // CRLFromPEM parses the given, NUL-terminated PEM block and returns an
1059 // |X509_CRL*|.
CRLFromPEM(const char * pem)1060 static bssl::UniquePtr<X509_CRL> CRLFromPEM(const char *pem) {
1061 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1062 return bssl::UniquePtr<X509_CRL>(
1063 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
1064 }
1065
1066 // CSRFromPEM parses the given, NUL-terminated PEM block and returns an
1067 // |X509_REQ*|.
CSRFromPEM(const char * pem)1068 static bssl::UniquePtr<X509_REQ> CSRFromPEM(const char *pem) {
1069 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1070 return bssl::UniquePtr<X509_REQ>(
1071 PEM_read_bio_X509_REQ(bio.get(), nullptr, nullptr, nullptr));
1072 }
1073
1074 // PrivateKeyFromPEM parses the given, NUL-terminated PEM block and returns an
1075 // |EVP_PKEY*|.
PrivateKeyFromPEM(const char * pem)1076 static bssl::UniquePtr<EVP_PKEY> PrivateKeyFromPEM(const char *pem) {
1077 bssl::UniquePtr<BIO> bio(
1078 BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
1079 return bssl::UniquePtr<EVP_PKEY>(
1080 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1081 }
1082
1083 // CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509),
1084 // bumping the reference counts for each certificate in question.
CertsToStack(const std::vector<X509 * > & certs)1085 static bssl::UniquePtr<STACK_OF(X509)> CertsToStack(
1086 const std::vector<X509 *> &certs) {
1087 bssl::UniquePtr<STACK_OF(X509)> stack(sk_X509_new_null());
1088 if (!stack) {
1089 return nullptr;
1090 }
1091 for (auto cert : certs) {
1092 if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) {
1093 return nullptr;
1094 }
1095 }
1096
1097 return stack;
1098 }
1099
1100 // CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL
1101 // STACK_OF(X509_CRL), bumping the reference counts for each CRL in question.
CRLsToStack(const std::vector<X509_CRL * > & crls)1102 static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack(
1103 const std::vector<X509_CRL *> &crls) {
1104 bssl::UniquePtr<STACK_OF(X509_CRL)> stack(sk_X509_CRL_new_null());
1105 if (!stack) {
1106 return nullptr;
1107 }
1108 for (auto crl : crls) {
1109 if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) {
1110 return nullptr;
1111 }
1112 }
1113
1114 return stack;
1115 }
1116
1117 static const time_t kReferenceTime = 1474934400 /* Sep 27th, 2016 */;
1118
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags=0,std::function<void (X509_VERIFY_PARAM *)> configure_callback=nullptr,int (* verify_callback)(int,X509_STORE_CTX *)=nullptr)1119 static int Verify(
1120 X509 *leaf, const std::vector<X509 *> &roots,
1121 const std::vector<X509 *> &intermediates,
1122 const std::vector<X509_CRL *> &crls, unsigned long flags = 0,
1123 std::function<void(X509_VERIFY_PARAM *)> configure_callback = nullptr,
1124 int (*verify_callback)(int, X509_STORE_CTX *) = nullptr) {
1125 bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots));
1126 bssl::UniquePtr<STACK_OF(X509)> intermediates_stack(
1127 CertsToStack(intermediates));
1128 bssl::UniquePtr<STACK_OF(X509_CRL)> crls_stack(CRLsToStack(crls));
1129
1130 if (!roots_stack ||
1131 !intermediates_stack ||
1132 !crls_stack) {
1133 return X509_V_ERR_UNSPECIFIED;
1134 }
1135
1136 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
1137 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
1138 if (!ctx ||
1139 !store) {
1140 return X509_V_ERR_UNSPECIFIED;
1141 }
1142
1143 if (!X509_STORE_CTX_init(ctx.get(), store.get(), leaf,
1144 intermediates_stack.get())) {
1145 return X509_V_ERR_UNSPECIFIED;
1146 }
1147
1148 X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get());
1149 X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
1150
1151 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get());
1152 X509_VERIFY_PARAM_set_time(param, kReferenceTime);
1153 if (configure_callback) {
1154 configure_callback(param);
1155 }
1156 if (flags) {
1157 X509_VERIFY_PARAM_set_flags(param, flags);
1158 }
1159
1160 ERR_clear_error();
1161 if (X509_verify_cert(ctx.get()) != 1) {
1162 return X509_STORE_CTX_get_error(ctx.get());
1163 }
1164
1165 return X509_V_OK;
1166 }
1167
TEST(X509Test,TestVerify)1168 TEST(X509Test, TestVerify) {
1169 // cross_signing_root
1170 // |
1171 // root_cross_signed root
1172 // \ /
1173 // intermediate
1174 // | |
1175 // leaf leaf_no_key_usage
1176 // |
1177 // forgery
1178 bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM));
1179 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1180 bssl::UniquePtr<X509> root_cross_signed(CertFromPEM(kRootCrossSignedPEM));
1181 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1182 bssl::UniquePtr<X509> intermediate_self_signed(
1183 CertFromPEM(kIntermediateSelfSignedPEM));
1184 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1185 bssl::UniquePtr<X509> leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM));
1186 bssl::UniquePtr<X509> forgery(CertFromPEM(kForgeryPEM));
1187
1188 ASSERT_TRUE(cross_signing_root);
1189 ASSERT_TRUE(root);
1190 ASSERT_TRUE(root_cross_signed);
1191 ASSERT_TRUE(intermediate);
1192 ASSERT_TRUE(intermediate_self_signed);
1193 ASSERT_TRUE(leaf);
1194 ASSERT_TRUE(forgery);
1195 ASSERT_TRUE(leaf_no_key_usage);
1196
1197 // Most of these tests work with or without |X509_V_FLAG_TRUSTED_FIRST|,
1198 // though in different ways.
1199 for (bool trusted_first : {true, false}) {
1200 SCOPED_TRACE(trusted_first);
1201 std::function<void(X509_VERIFY_PARAM *)> configure_callback;
1202 if (!trusted_first) {
1203 // Note we need the callback to clear the flag. Setting |flags| to zero
1204 // only skips setting new flags.
1205 configure_callback = [&](X509_VERIFY_PARAM *param) {
1206 X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
1207 };
1208 }
1209
1210 // No trust anchors configured.
1211 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1212 Verify(leaf.get(), /*roots=*/{}, /*intermediates=*/{},
1213 /*crls=*/{}, /*flags=*/0, configure_callback));
1214 ASSERT_EQ(
1215 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1216 Verify(leaf.get(), /*roots=*/{}, {intermediate.get()}, /*crls=*/{},
1217 /*flags=*/0, configure_callback));
1218
1219 // Each chain works individually.
1220 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
1221 /*crls=*/{}, /*flags=*/0, configure_callback));
1222 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {cross_signing_root.get()},
1223 {intermediate.get(), root_cross_signed.get()},
1224 /*crls=*/{}, /*flags=*/0, configure_callback));
1225
1226 // When both roots are available, we pick one or the other.
1227 ASSERT_EQ(X509_V_OK,
1228 Verify(leaf.get(), {cross_signing_root.get(), root.get()},
1229 {intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
1230 /*flags=*/0, configure_callback));
1231
1232 // This is the “altchains” test – we remove the cross-signing CA but include
1233 // the cross-sign in the intermediates. With |trusted_first|, we
1234 // preferentially stop path-building at |intermediate|. Without
1235 // |trusted_first|, the "altchains" logic repairs it.
1236 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()},
1237 {intermediate.get(), root_cross_signed.get()},
1238 /*crls=*/{}, /*flags=*/0, configure_callback));
1239
1240 // If |X509_V_FLAG_NO_ALT_CHAINS| is set and |trusted_first| is disabled, we
1241 // get stuck on |root_cross_signed|. If either feature is enabled, we can
1242 // build the path.
1243 //
1244 // This test exists to confirm our current behavior, but these modes are
1245 // just workarounds for not having an actual path-building verifier. If we
1246 // fix it, this test can be removed.
1247 ASSERT_EQ(trusted_first ? X509_V_OK
1248 : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1249 Verify(leaf.get(), {root.get()},
1250 {intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
1251 /*flags=*/X509_V_FLAG_NO_ALT_CHAINS, configure_callback));
1252
1253 // |forgery| is signed by |leaf_no_key_usage|, but is rejected because the
1254 // leaf is not a CA.
1255 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1256 Verify(forgery.get(), {intermediate_self_signed.get()},
1257 {leaf_no_key_usage.get()}, /*crls=*/{}, /*flags=*/0,
1258 configure_callback));
1259
1260 // Test that one cannot skip Basic Constraints checking with a contorted set
1261 // of roots and intermediates. This is a regression test for CVE-2015-1793.
1262 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1263 Verify(forgery.get(),
1264 {intermediate_self_signed.get(), root_cross_signed.get()},
1265 {leaf_no_key_usage.get(), intermediate.get()}, /*crls=*/{},
1266 /*flags=*/0, configure_callback));
1267 }
1268 }
1269
1270 static const char kHostname[] = "example.com";
1271 static const char kWrongHostname[] = "example2.com";
1272 static const char kEmail[] = "test@example.com";
1273 static const char kWrongEmail[] = "test2@example.com";
1274 static const uint8_t kIP[4] = {127, 0, 0, 1};
1275 static const uint8_t kWrongIP[4] = {127, 0, 0, 2};
1276 static const char kIPString[] = "127.0.0.1";
1277 static const char kWrongIPString[] = "127.0.0.2";
1278
TEST(X509Test,ZeroLengthsWithX509PARAM)1279 TEST(X509Test, ZeroLengthsWithX509PARAM) {
1280 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1281 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1282 ASSERT_TRUE(leaf);
1283 ASSERT_TRUE(root);
1284
1285 std::vector<X509_CRL *> empty_crls;
1286
1287 struct X509Test {
1288 const char *correct_value;
1289 size_t correct_value_len;
1290 const char *incorrect_value;
1291 size_t incorrect_value_len;
1292 int (*func)(X509_VERIFY_PARAM *, const char *, size_t);
1293 int mismatch_error;
1294 };
1295 const std::vector<X509Test> kTests = {
1296 {kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
1297 X509_VERIFY_PARAM_set1_host, X509_V_ERR_HOSTNAME_MISMATCH},
1298 {kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
1299 X509_VERIFY_PARAM_set1_email, X509_V_ERR_EMAIL_MISMATCH},
1300 };
1301
1302 for (size_t i = 0; i < kTests.size(); i++) {
1303 SCOPED_TRACE(i);
1304 const X509Test &test = kTests[i];
1305
1306 // The correct value should work.
1307 ASSERT_EQ(X509_V_OK,
1308 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1309 [&test](X509_VERIFY_PARAM *param) {
1310 ASSERT_TRUE(test.func(param, test.correct_value,
1311 test.correct_value_len));
1312 }));
1313
1314 // The wrong value should trigger a verification error.
1315 ASSERT_EQ(test.mismatch_error,
1316 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1317 [&test](X509_VERIFY_PARAM *param) {
1318 ASSERT_TRUE(test.func(param, test.incorrect_value,
1319 test.incorrect_value_len));
1320 }));
1321
1322 // Passing zero as the length, unlike OpenSSL, should trigger an error and
1323 // should cause verification to fail.
1324 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1325 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1326 [&test](X509_VERIFY_PARAM *param) {
1327 ASSERT_FALSE(test.func(param, test.correct_value, 0));
1328 }));
1329
1330 // Passing an empty value should be an error when setting and should cause
1331 // verification to fail.
1332 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1333 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1334 [&test](X509_VERIFY_PARAM *param) {
1335 ASSERT_FALSE(test.func(param, nullptr, 0));
1336 }));
1337
1338 // Passing a value with embedded NULs should also be an error and should
1339 // also cause verification to fail.
1340 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1341 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1342 [&test](X509_VERIFY_PARAM *param) {
1343 ASSERT_FALSE(test.func(param, "a", 2));
1344 }));
1345 }
1346
1347 // IP addresses work slightly differently:
1348
1349 // The correct value should still work.
1350 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1351 [](X509_VERIFY_PARAM *param) {
1352 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(
1353 param, kIP, sizeof(kIP)));
1354 }));
1355
1356 // Incorrect values should still fail.
1357 ASSERT_EQ(X509_V_ERR_IP_ADDRESS_MISMATCH,
1358 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1359 [](X509_VERIFY_PARAM *param) {
1360 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kWrongIP,
1361 sizeof(kWrongIP)));
1362 }));
1363
1364 // Zero length values should trigger an error when setting and cause
1365 // verification to always fail.
1366 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1367 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1368 [](X509_VERIFY_PARAM *param) {
1369 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, kIP, 0));
1370 }));
1371
1372 // ... and so should NULL values.
1373 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1374 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1375 [](X509_VERIFY_PARAM *param) {
1376 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, nullptr, 0));
1377 }));
1378
1379 // Zero bytes in an IP address are, of course, fine. This is tested above
1380 // because |kIP| contains zeros.
1381 }
1382
TEST(X509Test,ZeroLengthsWithCheckFunctions)1383 TEST(X509Test, ZeroLengthsWithCheckFunctions) {
1384 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1385
1386 EXPECT_EQ(
1387 1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
1388 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname,
1389 strlen(kWrongHostname), 0, nullptr));
1390
1391 EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
1392 EXPECT_NE(1,
1393 X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
1394
1395 EXPECT_EQ(1, X509_check_ip(leaf.get(), kIP, sizeof(kIP), 0));
1396 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, sizeof(kWrongIP), 0));
1397
1398 EXPECT_EQ(1, X509_check_ip_asc(leaf.get(), kIPString, 0));
1399 EXPECT_NE(1, X509_check_ip_asc(leaf.get(), kWrongIPString, 0));
1400
1401 // OpenSSL supports passing zero as the length for host and email. We do not
1402 // and it should always fail.
1403 EXPECT_NE(1, X509_check_host(leaf.get(), kHostname, 0, 0, nullptr));
1404 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname, 0, 0, nullptr));
1405
1406 EXPECT_NE(1, X509_check_email(leaf.get(), kEmail, 0, 0));
1407 EXPECT_NE(1, X509_check_email(leaf.get(), kWrongEmail, 0, 0));
1408
1409 EXPECT_NE(1, X509_check_ip(leaf.get(), kIP, 0, 0));
1410 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, 0, 0));
1411
1412 // Unlike all the other functions, |X509_check_ip_asc| doesn't take a length,
1413 // so it cannot be zero.
1414 }
1415
TEST(X509Test,TestCRL)1416 TEST(X509Test, TestCRL) {
1417 bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
1418 bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
1419 bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
1420 bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
1421 bssl::UniquePtr<X509_CRL> bad_issuer_crl(CRLFromPEM(kBadIssuerCRL));
1422 bssl::UniquePtr<X509_CRL> known_critical_crl(CRLFromPEM(kKnownCriticalCRL));
1423 bssl::UniquePtr<X509_CRL> unknown_critical_crl(
1424 CRLFromPEM(kUnknownCriticalCRL));
1425 bssl::UniquePtr<X509_CRL> unknown_critical_crl2(
1426 CRLFromPEM(kUnknownCriticalCRL2));
1427 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl(
1428 CRLFromPEM(kAlgorithmMismatchCRL));
1429 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl2(
1430 CRLFromPEM(kAlgorithmMismatchCRL2));
1431
1432 ASSERT_TRUE(root);
1433 ASSERT_TRUE(leaf);
1434 ASSERT_TRUE(basic_crl);
1435 ASSERT_TRUE(revoked_crl);
1436 ASSERT_TRUE(bad_issuer_crl);
1437 ASSERT_TRUE(known_critical_crl);
1438 ASSERT_TRUE(unknown_critical_crl);
1439 ASSERT_TRUE(unknown_critical_crl2);
1440 ASSERT_TRUE(algorithm_mismatch_crl);
1441 ASSERT_TRUE(algorithm_mismatch_crl2);
1442
1443 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
1444 {basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
1445 EXPECT_EQ(
1446 X509_V_ERR_CERT_REVOKED,
1447 Verify(leaf.get(), {root.get()}, {root.get()},
1448 {basic_crl.get(), revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
1449
1450 std::vector<X509_CRL *> empty_crls;
1451 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1452 Verify(leaf.get(), {root.get()}, {root.get()}, empty_crls,
1453 X509_V_FLAG_CRL_CHECK));
1454 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1455 Verify(leaf.get(), {root.get()}, {root.get()},
1456 {bad_issuer_crl.get()}, X509_V_FLAG_CRL_CHECK));
1457 EXPECT_EQ(X509_V_OK,
1458 Verify(leaf.get(), {root.get()}, {root.get()},
1459 {known_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1460 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1461 Verify(leaf.get(), {root.get()}, {root.get()},
1462 {unknown_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1463 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1464 Verify(leaf.get(), {root.get()}, {root.get()},
1465 {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1466 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1467 Verify(leaf.get(), {root.get()}, {root.get()},
1468 {algorithm_mismatch_crl.get()}, X509_V_FLAG_CRL_CHECK));
1469 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1470 Verify(leaf.get(), {root.get()}, {root.get()},
1471 {algorithm_mismatch_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1472
1473 // Parsing kBadExtensionCRL should fail.
1474 EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
1475 }
1476
TEST(X509Test,ManyNamesAndConstraints)1477 TEST(X509Test, ManyNamesAndConstraints) {
1478 bssl::UniquePtr<X509> many_constraints(CertFromPEM(
1479 GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
1480 ASSERT_TRUE(many_constraints);
1481 bssl::UniquePtr<X509> many_names1(
1482 CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str()));
1483 ASSERT_TRUE(many_names1);
1484 bssl::UniquePtr<X509> many_names2(
1485 CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str()));
1486 ASSERT_TRUE(many_names2);
1487 bssl::UniquePtr<X509> many_names3(
1488 CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str()));
1489 ASSERT_TRUE(many_names3);
1490 bssl::UniquePtr<X509> some_names1(
1491 CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str()));
1492 ASSERT_TRUE(some_names1);
1493 bssl::UniquePtr<X509> some_names2(
1494 CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str()));
1495 ASSERT_TRUE(some_names2);
1496 bssl::UniquePtr<X509> some_names3(
1497 CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str()));
1498 ASSERT_TRUE(some_names3);
1499
1500 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1501 Verify(many_names1.get(), {many_constraints.get()},
1502 {many_constraints.get()}, {}));
1503 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1504 Verify(many_names2.get(), {many_constraints.get()},
1505 {many_constraints.get()}, {}));
1506 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1507 Verify(many_names3.get(), {many_constraints.get()},
1508 {many_constraints.get()}, {}));
1509
1510 EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
1511 {many_constraints.get()}, {}));
1512 EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
1513 {many_constraints.get()}, {}));
1514 EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
1515 {many_constraints.get()}, {}));
1516 }
1517
MakeGeneralName(int type,const std::string & value)1518 static bssl::UniquePtr<GENERAL_NAME> MakeGeneralName(int type,
1519 const std::string &value) {
1520 if (type != GEN_EMAIL && type != GEN_DNS && type != GEN_URI) {
1521 // This function only supports the IA5String types.
1522 return nullptr;
1523 }
1524 bssl::UniquePtr<ASN1_IA5STRING> str(ASN1_IA5STRING_new());
1525 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
1526 if (!str || !name ||
1527 !ASN1_STRING_set(str.get(), value.data(), value.size())) {
1528 return nullptr;
1529 }
1530
1531 name->type = type;
1532 name->d.ia5 = str.release();
1533 return name;
1534 }
1535
MakeTestCert(const char * issuer,const char * subject,EVP_PKEY * key,bool is_ca)1536 static bssl::UniquePtr<X509> MakeTestCert(const char *issuer,
1537 const char *subject, EVP_PKEY *key,
1538 bool is_ca) {
1539 bssl::UniquePtr<X509> cert(X509_new());
1540 if (!cert || //
1541 !X509_set_version(cert.get(), X509_VERSION_3) ||
1542 !X509_NAME_add_entry_by_txt(
1543 X509_get_issuer_name(cert.get()), "CN", MBSTRING_UTF8,
1544 reinterpret_cast<const uint8_t *>(issuer), -1, -1, 0) ||
1545 !X509_NAME_add_entry_by_txt(
1546 X509_get_subject_name(cert.get()), "CN", MBSTRING_UTF8,
1547 reinterpret_cast<const uint8_t *>(subject), -1, -1, 0) ||
1548 !X509_set_pubkey(cert.get(), key) ||
1549 !ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime, -1, 0) ||
1550 !ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime, 1, 0)) {
1551 return nullptr;
1552 }
1553 bssl::UniquePtr<BASIC_CONSTRAINTS> bc(BASIC_CONSTRAINTS_new());
1554 if (!bc) {
1555 return nullptr;
1556 }
1557 bc->ca = is_ca ? 0xff : 0x00;
1558 if (!X509_add1_ext_i2d(cert.get(), NID_basic_constraints, bc.get(),
1559 /*crit=*/1, /*flags=*/0)) {
1560 return nullptr;
1561 }
1562 return cert;
1563 }
1564
TEST(X509Test,NameConstraints)1565 TEST(X509Test, NameConstraints) {
1566 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
1567 ASSERT_TRUE(key);
1568
1569 const struct {
1570 int type;
1571 std::string name;
1572 std::string constraint;
1573 int result;
1574 } kTests[] = {
1575 // Empty string matches everything.
1576 {GEN_DNS, "foo.example.com", "", X509_V_OK},
1577 // Name constraints match the entire subtree.
1578 {GEN_DNS, "foo.example.com", "example.com", X509_V_OK},
1579 {GEN_DNS, "foo.example.com", "EXAMPLE.COM", X509_V_OK},
1580 {GEN_DNS, "foo.example.com", "xample.com",
1581 X509_V_ERR_PERMITTED_VIOLATION},
1582 {GEN_DNS, "foo.example.com", "unrelated.much.longer.name.example",
1583 X509_V_ERR_PERMITTED_VIOLATION},
1584 // A leading dot means at least one component must be added.
1585 {GEN_DNS, "foo.example.com", ".example.com", X509_V_OK},
1586 {GEN_DNS, "foo.example.com", "foo.example.com", X509_V_OK},
1587 {GEN_DNS, "foo.example.com", ".foo.example.com",
1588 X509_V_ERR_PERMITTED_VIOLATION},
1589 {GEN_DNS, "foo.example.com", ".xample.com",
1590 X509_V_ERR_PERMITTED_VIOLATION},
1591 {GEN_DNS, "foo.example.com", ".unrelated.much.longer.name.example",
1592 X509_V_ERR_PERMITTED_VIOLATION},
1593 // NUL bytes, if not rejected, should not confuse the matching logic.
1594 {GEN_DNS, std::string({'a', '\0', 'a'}), std::string({'a', '\0', 'b'}),
1595 X509_V_ERR_PERMITTED_VIOLATION},
1596
1597 // Names must be emails.
1598 {GEN_EMAIL, "not-an-email.example", "not-an-email.example",
1599 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1600 // A leading dot matches all local names and all subdomains
1601 {GEN_EMAIL, "foo@bar.example.com", ".example.com", X509_V_OK},
1602 {GEN_EMAIL, "foo@bar.example.com", ".EXAMPLE.COM", X509_V_OK},
1603 {GEN_EMAIL, "foo@bar.example.com", ".bar.example.com",
1604 X509_V_ERR_PERMITTED_VIOLATION},
1605 // Without a leading dot, the host must match exactly.
1606 {GEN_EMAIL, "foo@example.com", "example.com", X509_V_OK},
1607 {GEN_EMAIL, "foo@example.com", "EXAMPLE.COM", X509_V_OK},
1608 {GEN_EMAIL, "foo@bar.example.com", "example.com",
1609 X509_V_ERR_PERMITTED_VIOLATION},
1610 // If the constraint specifies a mailbox, it specifies the whole thing.
1611 // The halves are compared insensitively.
1612 {GEN_EMAIL, "foo@example.com", "foo@example.com", X509_V_OK},
1613 {GEN_EMAIL, "foo@example.com", "foo@EXAMPLE.COM", X509_V_OK},
1614 {GEN_EMAIL, "foo@example.com", "FOO@example.com",
1615 X509_V_ERR_PERMITTED_VIOLATION},
1616 {GEN_EMAIL, "foo@example.com", "bar@example.com",
1617 X509_V_ERR_PERMITTED_VIOLATION},
1618 // OpenSSL ignores a stray leading @.
1619 {GEN_EMAIL, "foo@example.com", "@example.com", X509_V_OK},
1620 {GEN_EMAIL, "foo@example.com", "@EXAMPLE.COM", X509_V_OK},
1621 {GEN_EMAIL, "foo@bar.example.com", "@example.com",
1622 X509_V_ERR_PERMITTED_VIOLATION},
1623
1624 // Basic syntax check.
1625 {GEN_URI, "not-a-url", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1626 {GEN_URI, "foo:not-a-url", "not-a-url",
1627 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1628 {GEN_URI, "foo:/not-a-url", "not-a-url",
1629 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1630 {GEN_URI, "foo:///not-a-url", "not-a-url",
1631 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1632 {GEN_URI, "foo://:not-a-url", "not-a-url",
1633 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1634 {GEN_URI, "foo://", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1635 // Hosts are an exact match.
1636 {GEN_URI, "foo://example.com", "example.com", X509_V_OK},
1637 {GEN_URI, "foo://example.com:443", "example.com", X509_V_OK},
1638 {GEN_URI, "foo://example.com/whatever", "example.com", X509_V_OK},
1639 {GEN_URI, "foo://bar.example.com", "example.com",
1640 X509_V_ERR_PERMITTED_VIOLATION},
1641 {GEN_URI, "foo://bar.example.com:443", "example.com",
1642 X509_V_ERR_PERMITTED_VIOLATION},
1643 {GEN_URI, "foo://bar.example.com/whatever", "example.com",
1644 X509_V_ERR_PERMITTED_VIOLATION},
1645 {GEN_URI, "foo://bar.example.com", "xample.com",
1646 X509_V_ERR_PERMITTED_VIOLATION},
1647 {GEN_URI, "foo://bar.example.com:443", "xample.com",
1648 X509_V_ERR_PERMITTED_VIOLATION},
1649 {GEN_URI, "foo://bar.example.com/whatever", "xample.com",
1650 X509_V_ERR_PERMITTED_VIOLATION},
1651 {GEN_URI, "foo://example.com", "some-other-name.example",
1652 X509_V_ERR_PERMITTED_VIOLATION},
1653 {GEN_URI, "foo://example.com:443", "some-other-name.example",
1654 X509_V_ERR_PERMITTED_VIOLATION},
1655 {GEN_URI, "foo://example.com/whatever", "some-other-name.example",
1656 X509_V_ERR_PERMITTED_VIOLATION},
1657 // A leading dot allows components to be added.
1658 {GEN_URI, "foo://example.com", ".example.com",
1659 X509_V_ERR_PERMITTED_VIOLATION},
1660 {GEN_URI, "foo://example.com:443", ".example.com",
1661 X509_V_ERR_PERMITTED_VIOLATION},
1662 {GEN_URI, "foo://example.com/whatever", ".example.com",
1663 X509_V_ERR_PERMITTED_VIOLATION},
1664 {GEN_URI, "foo://bar.example.com", ".example.com", X509_V_OK},
1665 {GEN_URI, "foo://bar.example.com:443", ".example.com", X509_V_OK},
1666 {GEN_URI, "foo://bar.example.com/whatever", ".example.com", X509_V_OK},
1667 {GEN_URI, "foo://example.com", ".some-other-name.example",
1668 X509_V_ERR_PERMITTED_VIOLATION},
1669 {GEN_URI, "foo://example.com:443", ".some-other-name.example",
1670 X509_V_ERR_PERMITTED_VIOLATION},
1671 {GEN_URI, "foo://example.com/whatever", ".some-other-name.example",
1672 X509_V_ERR_PERMITTED_VIOLATION},
1673 {GEN_URI, "foo://example.com", ".xample.com",
1674 X509_V_ERR_PERMITTED_VIOLATION},
1675 {GEN_URI, "foo://example.com:443", ".xample.com",
1676 X509_V_ERR_PERMITTED_VIOLATION},
1677 {GEN_URI, "foo://example.com/whatever", ".xample.com",
1678 X509_V_ERR_PERMITTED_VIOLATION},
1679 };
1680 for (const auto &t : kTests) {
1681 SCOPED_TRACE(t.type);
1682 SCOPED_TRACE(t.name);
1683 SCOPED_TRACE(t.constraint);
1684
1685 bssl::UniquePtr<GENERAL_NAME> name = MakeGeneralName(t.type, t.name);
1686 ASSERT_TRUE(name);
1687 bssl::UniquePtr<GENERAL_NAMES> names(GENERAL_NAMES_new());
1688 ASSERT_TRUE(names);
1689 ASSERT_TRUE(bssl::PushToStack(names.get(), std::move(name)));
1690
1691 bssl::UniquePtr<NAME_CONSTRAINTS> nc(NAME_CONSTRAINTS_new());
1692 ASSERT_TRUE(nc);
1693 nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null();
1694 ASSERT_TRUE(nc->permittedSubtrees);
1695 bssl::UniquePtr<GENERAL_SUBTREE> subtree(GENERAL_SUBTREE_new());
1696 ASSERT_TRUE(subtree);
1697 GENERAL_NAME_free(subtree->base);
1698 subtree->base = MakeGeneralName(t.type, t.constraint).release();
1699 ASSERT_TRUE(subtree->base);
1700 ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree)));
1701
1702 bssl::UniquePtr<X509> root =
1703 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
1704 ASSERT_TRUE(root);
1705 ASSERT_TRUE(X509_add1_ext_i2d(root.get(), NID_name_constraints, nc.get(),
1706 /*crit=*/1, /*flags=*/0));
1707 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
1708
1709 bssl::UniquePtr<X509> leaf =
1710 MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
1711 ASSERT_TRUE(leaf);
1712 ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_subject_alt_name, names.get(),
1713 /*crit=*/0, /*flags=*/0));
1714 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
1715
1716 int ret = Verify(leaf.get(), {root.get()}, {}, {}, 0);
1717 EXPECT_EQ(t.result, ret) << X509_verify_cert_error_string(ret);
1718 }
1719 }
1720
TEST(X509Test,PrintGeneralName)1721 TEST(X509Test, PrintGeneralName) {
1722 // TODO(https://crbug.com/boringssl/430): Add more tests. Also fix the
1723 // external projects that use this to extract the SAN list and unexport.
1724 bssl::UniquePtr<GENERAL_NAME> gen = MakeGeneralName(GEN_DNS, "example.com");
1725 ASSERT_TRUE(gen);
1726 bssl::UniquePtr<STACK_OF(CONF_VALUE)> values(
1727 i2v_GENERAL_NAME(nullptr, gen.get(), nullptr));
1728 ASSERT_TRUE(values);
1729 ASSERT_EQ(1u, sk_CONF_VALUE_num(values.get()));
1730 const CONF_VALUE *value = sk_CONF_VALUE_value(values.get(), 0);
1731 EXPECT_STREQ(value->name, "DNS");
1732 EXPECT_STREQ(value->value, "example.com");
1733 }
1734
TEST(X509Test,TestPSS)1735 TEST(X509Test, TestPSS) {
1736 bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
1737 ASSERT_TRUE(cert);
1738
1739 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1740 ASSERT_TRUE(pkey);
1741
1742 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1743 }
1744
TEST(X509Test,TestPSSBadParameters)1745 TEST(X509Test, TestPSSBadParameters) {
1746 bssl::UniquePtr<X509> cert(CertFromPEM(kBadPSSCertPEM));
1747 ASSERT_TRUE(cert);
1748
1749 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1750 ASSERT_TRUE(pkey);
1751
1752 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1753 ERR_clear_error();
1754 }
1755
TEST(X509Test,TestEd25519)1756 TEST(X509Test, TestEd25519) {
1757 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519Cert));
1758 ASSERT_TRUE(cert);
1759
1760 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1761 ASSERT_TRUE(pkey);
1762
1763 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1764 }
1765
TEST(X509Test,TestEd25519BadParameters)1766 TEST(X509Test, TestEd25519BadParameters) {
1767 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519CertNull));
1768 ASSERT_TRUE(cert);
1769
1770 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1771 ASSERT_TRUE(pkey);
1772
1773 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1774
1775 uint32_t err = ERR_get_error();
1776 ASSERT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
1777 ASSERT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
1778 ERR_clear_error();
1779 }
1780
TEST(X509Test,TestX25519)1781 TEST(X509Test, TestX25519) {
1782 bssl::UniquePtr<X509> cert(CertFromPEM(kX25519Cert));
1783 ASSERT_TRUE(cert);
1784
1785 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1786 ASSERT_TRUE(pkey);
1787
1788 EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_X25519);
1789
1790 constexpr uint8_t kExpectedPublicValue[] = {
1791 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
1792 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
1793 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a,
1794 };
1795 uint8_t public_value[sizeof(kExpectedPublicValue)];
1796 size_t public_value_size = sizeof(public_value);
1797 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pkey.get(), public_value,
1798 &public_value_size));
1799 EXPECT_EQ(Bytes(kExpectedPublicValue),
1800 Bytes(public_value, public_value_size));
1801 }
1802
ReencodeCertificate(X509 * cert)1803 static bssl::UniquePtr<X509> ReencodeCertificate(X509 *cert) {
1804 uint8_t *der = nullptr;
1805 int len = i2d_X509(cert, &der);
1806 bssl::UniquePtr<uint8_t> free_der(der);
1807 if (len <= 0) {
1808 return nullptr;
1809 }
1810
1811 const uint8_t *inp = der;
1812 return bssl::UniquePtr<X509>(d2i_X509(nullptr, &inp, len));
1813 }
1814
SignatureRoundTrips(EVP_MD_CTX * md_ctx,EVP_PKEY * pkey)1815 static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {
1816 // Make a certificate like signed with |md_ctx|'s settings.'
1817 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
1818 if (!cert || !X509_sign_ctx(cert.get(), md_ctx)) {
1819 return false;
1820 }
1821
1822 // Ensure that |pkey| may still be used to verify the resulting signature. All
1823 // settings in |md_ctx| must have been serialized appropriately.
1824 if (!X509_verify(cert.get(), pkey)) {
1825 return false;
1826 }
1827
1828 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
1829 // encoding and |X509_sign_ctx| should have refreshed that cache.
1830 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
1831 return copy && X509_verify(copy.get(), pkey);
1832 }
1833
TEST(X509Test,RSASign)1834 TEST(X509Test, RSASign) {
1835 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1836 ASSERT_TRUE(pkey);
1837 // Test PKCS#1 v1.5.
1838 bssl::ScopedEVP_MD_CTX md_ctx;
1839 ASSERT_TRUE(
1840 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
1841 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1842
1843 // Test RSA-PSS with custom parameters.
1844 md_ctx.Reset();
1845 EVP_PKEY_CTX *pkey_ctx;
1846 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1847 pkey.get()));
1848 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1849 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()));
1850 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1851
1852 // RSA-PSS with salt length matching hash length should work when passing in
1853 // -1 or the value explicitly.
1854 md_ctx.Reset();
1855 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1856 pkey.get()));
1857 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1858 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
1859 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1860
1861 md_ctx.Reset();
1862 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1863 pkey.get()));
1864 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1865 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 32));
1866 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1867 }
1868
1869 // Test the APIs for manually signing a certificate.
TEST(X509Test,RSASignManual)1870 TEST(X509Test, RSASignManual) {
1871 const int kSignatureNID = NID_sha384WithRSAEncryption;
1872 const EVP_MD *kSignatureHash = EVP_sha384();
1873
1874 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1875 ASSERT_TRUE(pkey);
1876 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
1877 ASSERT_TRUE(algor);
1878 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
1879 V_ASN1_NULL, nullptr));
1880
1881 // Test certificates made both from other certificates and |X509_new|, in case
1882 // there are bugs in filling in fields from different states. (Parsed
1883 // certificate contain a TBSCertificate cache, and |X509_new| initializes
1884 // fields based on complex ASN.1 template logic.)
1885 for (bool new_cert : {true, false}) {
1886 SCOPED_TRACE(new_cert);
1887
1888 bssl::UniquePtr<X509> cert;
1889 if (new_cert) {
1890 cert.reset(X509_new());
1891 // Fill in some fields for the certificate arbitrarily.
1892 EXPECT_TRUE(X509_set_version(cert.get(), X509_VERSION_3));
1893 EXPECT_TRUE(ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1));
1894 EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
1895 EXPECT_TRUE(
1896 X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
1897 X509_NAME *subject = X509_get_subject_name(cert.get());
1898 X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
1899 reinterpret_cast<const uint8_t *>("Test"), -1,
1900 -1, 0);
1901 EXPECT_TRUE(X509_set_issuer_name(cert.get(), subject));
1902 EXPECT_TRUE(X509_set_pubkey(cert.get(), pkey.get()));
1903 } else {
1904 // Extract fields from a parsed certificate.
1905 cert = CertFromPEM(kLeafPEM);
1906 ASSERT_TRUE(cert);
1907
1908 // We should test with a different algorithm from what is already in the
1909 // certificate.
1910 EXPECT_NE(kSignatureNID, X509_get_signature_nid(cert.get()));
1911 }
1912
1913 // Fill in the signature algorithm.
1914 ASSERT_TRUE(X509_set1_signature_algo(cert.get(), algor.get()));
1915
1916 // Extract the TBSCertificiate.
1917 uint8_t *tbs_cert = nullptr;
1918 int tbs_cert_len = i2d_re_X509_tbs(cert.get(), &tbs_cert);
1919 bssl::UniquePtr<uint8_t> free_tbs_cert(tbs_cert);
1920 ASSERT_GT(tbs_cert_len, 0);
1921
1922 // Generate a signature externally and fill it in.
1923 bssl::ScopedEVP_MD_CTX md_ctx;
1924 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
1925 nullptr, pkey.get()));
1926 size_t sig_len;
1927 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs_cert,
1928 tbs_cert_len));
1929 std::vector<uint8_t> sig(sig_len);
1930 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs_cert,
1931 tbs_cert_len));
1932 sig.resize(sig_len);
1933 ASSERT_TRUE(X509_set1_signature_value(cert.get(), sig.data(), sig.size()));
1934
1935 // Check the signature.
1936 EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
1937
1938 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
1939 // encoding and |i2d_re_X509_tbs| should have refreshed that cache.
1940 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
1941 ASSERT_TRUE(copy);
1942 EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
1943 }
1944 }
1945
TEST(X509Test,Ed25519Sign)1946 TEST(X509Test, Ed25519Sign) {
1947 uint8_t pub_bytes[32], priv_bytes[64];
1948 ED25519_keypair(pub_bytes, priv_bytes);
1949
1950 bssl::UniquePtr<EVP_PKEY> pub(
1951 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, pub_bytes, 32));
1952 ASSERT_TRUE(pub);
1953 bssl::UniquePtr<EVP_PKEY> priv(
1954 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, priv_bytes, 32));
1955 ASSERT_TRUE(priv);
1956
1957 bssl::ScopedEVP_MD_CTX md_ctx;
1958 ASSERT_TRUE(
1959 EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, priv.get()));
1960 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
1961 }
1962
PEMToDER(bssl::UniquePtr<uint8_t> * out,size_t * out_len,const char * pem)1963 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
1964 const char *pem) {
1965 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1966 if (!bio) {
1967 return false;
1968 }
1969
1970 char *name, *header;
1971 uint8_t *data;
1972 long data_len;
1973 if (!PEM_read_bio(bio.get(), &name, &header, &data, &data_len)) {
1974 fprintf(stderr, "failed to read PEM data.\n");
1975 return false;
1976 }
1977 OPENSSL_free(name);
1978 OPENSSL_free(header);
1979
1980 out->reset(data);
1981 *out_len = data_len;
1982
1983 return true;
1984 }
1985
TEST(X509Test,TestFromBuffer)1986 TEST(X509Test, TestFromBuffer) {
1987 size_t data_len;
1988 bssl::UniquePtr<uint8_t> data;
1989 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1990
1991 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1992 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1993 ASSERT_TRUE(buf);
1994 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1995 ASSERT_TRUE(root);
1996
1997 const uint8_t *enc_pointer = root->cert_info->enc.enc;
1998 const uint8_t *buf_pointer = CRYPTO_BUFFER_data(buf.get());
1999 ASSERT_GE(enc_pointer, buf_pointer);
2000 ASSERT_LT(enc_pointer, buf_pointer + CRYPTO_BUFFER_len(buf.get()));
2001 buf.reset();
2002
2003 /* This ensures the X509 took a reference to |buf|, otherwise this will be a
2004 * reference to free memory and ASAN should notice. */
2005 ASSERT_EQ(0x30, enc_pointer[0]);
2006 }
2007
TEST(X509Test,TestFromBufferWithTrailingData)2008 TEST(X509Test, TestFromBufferWithTrailingData) {
2009 size_t data_len;
2010 bssl::UniquePtr<uint8_t> data;
2011 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2012
2013 std::unique_ptr<uint8_t[]> trailing_data(new uint8_t[data_len + 1]);
2014 OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
2015
2016 bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
2017 CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
2018 ASSERT_TRUE(buf_trailing_data);
2019
2020 bssl::UniquePtr<X509> root_trailing_data(
2021 X509_parse_from_buffer(buf_trailing_data.get()));
2022 ASSERT_FALSE(root_trailing_data);
2023 }
2024
TEST(X509Test,TestFromBufferModified)2025 TEST(X509Test, TestFromBufferModified) {
2026 size_t data_len;
2027 bssl::UniquePtr<uint8_t> data;
2028 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2029
2030 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2031 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2032 ASSERT_TRUE(buf);
2033
2034 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2035 ASSERT_TRUE(root);
2036
2037 bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
2038 ASN1_INTEGER_set(fourty_two.get(), 42);
2039 X509_set_serialNumber(root.get(), fourty_two.get());
2040
2041 ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2042
2043 // Re-encode the TBSCertificate.
2044 i2d_re_X509_tbs(root.get(), nullptr);
2045
2046 ASSERT_NE(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2047 }
2048
TEST(X509Test,TestFromBufferReused)2049 TEST(X509Test, TestFromBufferReused) {
2050 size_t data_len;
2051 bssl::UniquePtr<uint8_t> data;
2052 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2053
2054 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2055 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2056 ASSERT_TRUE(buf);
2057
2058 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2059 ASSERT_TRUE(root);
2060
2061 size_t data2_len;
2062 bssl::UniquePtr<uint8_t> data2;
2063 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2064
2065 X509 *x509p = root.get();
2066 const uint8_t *inp = data2.get();
2067 X509 *ret = d2i_X509(&x509p, &inp, data2_len);
2068 ASSERT_EQ(root.get(), ret);
2069 ASSERT_EQ(nullptr, root->buf);
2070
2071 // Free |data2| and ensure that |root| took its own copy. Otherwise the
2072 // following will trigger a use-after-free.
2073 data2.reset();
2074
2075 uint8_t *i2d = nullptr;
2076 int i2d_len = i2d_X509(root.get(), &i2d);
2077 ASSERT_GE(i2d_len, 0);
2078 bssl::UniquePtr<uint8_t> i2d_storage(i2d);
2079
2080 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2081
2082 ASSERT_EQ(static_cast<long>(data2_len), i2d_len);
2083 ASSERT_EQ(0, OPENSSL_memcmp(data2.get(), i2d, i2d_len));
2084 ASSERT_EQ(nullptr, root->buf);
2085 }
2086
TEST(X509Test,TestFailedParseFromBuffer)2087 TEST(X509Test, TestFailedParseFromBuffer) {
2088 static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
2089
2090 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2091 CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
2092 ASSERT_TRUE(buf);
2093
2094 bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
2095 ASSERT_FALSE(cert);
2096 ERR_clear_error();
2097
2098 // Test a buffer with trailing data.
2099 size_t data_len;
2100 bssl::UniquePtr<uint8_t> data;
2101 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2102
2103 std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]);
2104 OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
2105 data_with_trailing_byte[data_len] = 0;
2106
2107 bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
2108 CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
2109 ASSERT_TRUE(buf_with_trailing_byte);
2110
2111 bssl::UniquePtr<X509> root(
2112 X509_parse_from_buffer(buf_with_trailing_byte.get()));
2113 ASSERT_FALSE(root);
2114 ERR_clear_error();
2115 }
2116
TEST(X509Test,TestPrintUTCTIME)2117 TEST(X509Test, TestPrintUTCTIME) {
2118 static const struct {
2119 const char *val, *want;
2120 } asn1_utctime_tests[] = {
2121 {"", "Bad time value"},
2122
2123 // Correct RFC 5280 form. Test years < 2000 and > 2000.
2124 {"090303125425Z", "Mar 3 12:54:25 2009 GMT"},
2125 {"900303125425Z", "Mar 3 12:54:25 1990 GMT"},
2126 {"000303125425Z", "Mar 3 12:54:25 2000 GMT"},
2127
2128 // Correct form, bad values.
2129 {"000000000000Z", "Bad time value"},
2130 {"999999999999Z", "Bad time value"},
2131
2132 // Missing components. Not legal RFC 5280, but permitted.
2133 {"090303125425", "Mar 3 12:54:25 2009"},
2134 {"9003031254", "Mar 3 12:54:00 1990"},
2135 {"9003031254Z", "Mar 3 12:54:00 1990 GMT"},
2136
2137 // GENERALIZEDTIME confused for UTCTIME.
2138 {"20090303125425Z", "Bad time value"},
2139
2140 // Legal ASN.1, but not legal RFC 5280.
2141 {"9003031254+0800", "Bad time value"},
2142 {"9003031254-0800", "Bad time value"},
2143
2144 // Trailing garbage.
2145 {"9003031254Z ", "Bad time value"},
2146 };
2147
2148 for (auto t : asn1_utctime_tests) {
2149 SCOPED_TRACE(t.val);
2150 bssl::UniquePtr<ASN1_UTCTIME> tm(ASN1_UTCTIME_new());
2151 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
2152
2153 // Use this instead of ASN1_UTCTIME_set() because some callers get
2154 // type-confused and pass ASN1_GENERALIZEDTIME to ASN1_UTCTIME_print().
2155 // ASN1_UTCTIME_set_string() is stricter, and would reject the inputs in
2156 // question.
2157 ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
2158 const int ok = ASN1_UTCTIME_print(bio.get(), tm.get());
2159
2160 const uint8_t *contents;
2161 size_t len;
2162 ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len));
2163 EXPECT_EQ(ok, (strcmp(t.want, "Bad time value") != 0) ? 1 : 0);
2164 EXPECT_EQ(t.want,
2165 std::string(reinterpret_cast<const char *>(contents), len));
2166 }
2167 }
2168
TEST(X509Test,PrettyPrintIntegers)2169 TEST(X509Test, PrettyPrintIntegers) {
2170 static const char *kTests[] = {
2171 // Small numbers are pretty-printed in decimal.
2172 "0",
2173 "-1",
2174 "1",
2175 "42",
2176 "-42",
2177 "256",
2178 "-256",
2179 // Large numbers are pretty-printed in hex to avoid taking quadratic time.
2180 "0x0123456789",
2181 "-0x0123456789",
2182 };
2183 for (const char *in : kTests) {
2184 SCOPED_TRACE(in);
2185 BIGNUM *bn = nullptr;
2186 ASSERT_TRUE(BN_asc2bn(&bn, in));
2187 bssl::UniquePtr<BIGNUM> free_bn(bn);
2188
2189 {
2190 bssl::UniquePtr<ASN1_INTEGER> asn1(BN_to_ASN1_INTEGER(bn, nullptr));
2191 ASSERT_TRUE(asn1);
2192 bssl::UniquePtr<char> out(i2s_ASN1_INTEGER(nullptr, asn1.get()));
2193 ASSERT_TRUE(out.get());
2194 EXPECT_STREQ(in, out.get());
2195 }
2196
2197 {
2198 bssl::UniquePtr<ASN1_ENUMERATED> asn1(BN_to_ASN1_ENUMERATED(bn, nullptr));
2199 ASSERT_TRUE(asn1);
2200 bssl::UniquePtr<char> out(i2s_ASN1_ENUMERATED(nullptr, asn1.get()));
2201 ASSERT_TRUE(out.get());
2202 EXPECT_STREQ(in, out.get());
2203 }
2204 }
2205 }
2206
TEST(X509Test,X509NameSet)2207 TEST(X509Test, X509NameSet) {
2208 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
2209 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2210 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("US"),
2211 -1, -1, 0));
2212 EXPECT_EQ(X509_NAME_entry_count(name.get()), 1);
2213 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2214 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("CA"),
2215 -1, -1, 0));
2216 EXPECT_EQ(X509_NAME_entry_count(name.get()), 2);
2217 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2218 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("UK"),
2219 -1, -1, 0));
2220 EXPECT_EQ(X509_NAME_entry_count(name.get()), 3);
2221 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2222 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("JP"),
2223 -1, 1, 0));
2224 EXPECT_EQ(X509_NAME_entry_count(name.get()), 4);
2225
2226 // Check that the correct entries get incremented when inserting new entry.
2227 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1);
2228 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2);
2229 }
2230
TEST(X509Test,NoBasicConstraintsCertSign)2231 TEST(X509Test, NoBasicConstraintsCertSign) {
2232 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2233 bssl::UniquePtr<X509> intermediate(
2234 CertFromPEM(kNoBasicConstraintsCertSignIntermediate));
2235 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf));
2236
2237 ASSERT_TRUE(root);
2238 ASSERT_TRUE(intermediate);
2239 ASSERT_TRUE(leaf);
2240
2241 // The intermediate has keyUsage certSign, but is not marked as a CA in the
2242 // basicConstraints.
2243 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2244 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2245 }
2246
TEST(X509Test,NoBasicConstraintsNetscapeCA)2247 TEST(X509Test, NoBasicConstraintsNetscapeCA) {
2248 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2249 bssl::UniquePtr<X509> intermediate(
2250 CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate));
2251 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf));
2252
2253 ASSERT_TRUE(root);
2254 ASSERT_TRUE(intermediate);
2255 ASSERT_TRUE(leaf);
2256
2257 // The intermediate has a Netscape certificate type of "SSL CA", but is not
2258 // marked as a CA in the basicConstraints.
2259 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2260 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2261 }
2262
TEST(X509Test,MismatchAlgorithms)2263 TEST(X509Test, MismatchAlgorithms) {
2264 bssl::UniquePtr<X509> cert(CertFromPEM(kSelfSignedMismatchAlgorithms));
2265 ASSERT_TRUE(cert);
2266
2267 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2268 ASSERT_TRUE(pkey);
2269
2270 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
2271 uint32_t err = ERR_get_error();
2272 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
2273 EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err));
2274 }
2275
TEST(X509Test,PEMX509Info)2276 TEST(X509Test, PEMX509Info) {
2277 std::string cert = kRootCAPEM;
2278 auto cert_obj = CertFromPEM(kRootCAPEM);
2279 ASSERT_TRUE(cert_obj);
2280
2281 std::string rsa = kRSAKey;
2282 auto rsa_obj = PrivateKeyFromPEM(kRSAKey);
2283 ASSERT_TRUE(rsa_obj);
2284
2285 std::string crl = kBasicCRL;
2286 auto crl_obj = CRLFromPEM(kBasicCRL);
2287 ASSERT_TRUE(crl_obj);
2288
2289 std::string unknown =
2290 "-----BEGIN UNKNOWN-----\n"
2291 "AAAA\n"
2292 "-----END UNKNOWN-----\n";
2293
2294 std::string invalid =
2295 "-----BEGIN CERTIFICATE-----\n"
2296 "AAAA\n"
2297 "-----END CERTIFICATE-----\n";
2298
2299 // Each X509_INFO contains at most one certificate, CRL, etc. The format
2300 // creates a new X509_INFO when a repeated type is seen.
2301 std::string pem =
2302 // The first few entries have one of everything in different orders.
2303 cert + rsa + crl +
2304 rsa + crl + cert +
2305 // Unknown types are ignored.
2306 crl + unknown + cert + rsa +
2307 // Seeing a new certificate starts a new entry, so now we have a bunch of
2308 // certificate-only entries.
2309 cert + cert + cert +
2310 // The key folds into the certificate's entry.
2311 cert + rsa +
2312 // Doubled keys also start new entries.
2313 rsa + rsa + rsa + rsa + crl +
2314 // As do CRLs.
2315 crl + crl;
2316
2317 const struct ExpectedInfo {
2318 const X509 *cert;
2319 const EVP_PKEY *key;
2320 const X509_CRL *crl;
2321 } kExpected[] = {
2322 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2323 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2324 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2325 {cert_obj.get(), nullptr, nullptr},
2326 {cert_obj.get(), nullptr, nullptr},
2327 {cert_obj.get(), nullptr, nullptr},
2328 {cert_obj.get(), rsa_obj.get(), nullptr},
2329 {nullptr, rsa_obj.get(), nullptr},
2330 {nullptr, rsa_obj.get(), nullptr},
2331 {nullptr, rsa_obj.get(), nullptr},
2332 {nullptr, rsa_obj.get(), crl_obj.get()},
2333 {nullptr, nullptr, crl_obj.get()},
2334 {nullptr, nullptr, crl_obj.get()},
2335 };
2336
2337 auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) {
2338 if (expected->cert != nullptr) {
2339 EXPECT_EQ(0, X509_cmp(expected->cert, info->x509));
2340 } else {
2341 EXPECT_EQ(nullptr, info->x509);
2342 }
2343 if (expected->crl != nullptr) {
2344 EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl));
2345 } else {
2346 EXPECT_EQ(nullptr, info->crl);
2347 }
2348 if (expected->key != nullptr) {
2349 ASSERT_NE(nullptr, info->x_pkey);
2350 // EVP_PKEY_cmp returns one if the keys are equal.
2351 EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey));
2352 } else {
2353 EXPECT_EQ(nullptr, info->x_pkey);
2354 }
2355 };
2356
2357 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
2358 ASSERT_TRUE(bio);
2359 bssl::UniquePtr<STACK_OF(X509_INFO)> infos(
2360 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2361 ASSERT_TRUE(infos);
2362 ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2363 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2364 SCOPED_TRACE(i);
2365 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2366 }
2367
2368 // Passing an existing stack appends to it.
2369 bio.reset(BIO_new_mem_buf(pem.data(), pem.size()));
2370 ASSERT_TRUE(bio);
2371 ASSERT_EQ(infos.get(),
2372 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2373 ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2374 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2375 SCOPED_TRACE(i);
2376 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2377 check_info(
2378 &kExpected[i],
2379 sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected)));
2380 }
2381
2382 // Gracefully handle errors in both the append and fresh cases.
2383 std::string bad_pem = cert + cert + invalid;
2384
2385 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2386 ASSERT_TRUE(bio);
2387 bssl::UniquePtr<STACK_OF(X509_INFO)> infos2(
2388 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2389 EXPECT_FALSE(infos2);
2390
2391 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2392 ASSERT_TRUE(bio);
2393 EXPECT_FALSE(
2394 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2395 EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2396 }
2397
TEST(X509Test,ReadBIOEmpty)2398 TEST(X509Test, ReadBIOEmpty) {
2399 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(nullptr, 0));
2400 ASSERT_TRUE(bio);
2401
2402 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2403 // certificates.
2404 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2405 EXPECT_FALSE(x509);
2406 uint32_t err = ERR_get_error();
2407 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2408 EXPECT_EQ(ASN1_R_HEADER_TOO_LONG, ERR_GET_REASON(err));
2409 }
2410
TEST(X509Test,ReadBIOOneByte)2411 TEST(X509Test, ReadBIOOneByte) {
2412 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf("\x30", 1));
2413 ASSERT_TRUE(bio);
2414
2415 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2416 // certificates. This EOF appeared after some data, however, so we do not wish
2417 // to signal EOF.
2418 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2419 EXPECT_FALSE(x509);
2420 uint32_t err = ERR_get_error();
2421 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2422 EXPECT_EQ(ASN1_R_NOT_ENOUGH_DATA, ERR_GET_REASON(err));
2423 }
2424
TEST(X509Test,PartialBIOReturn)2425 TEST(X509Test, PartialBIOReturn) {
2426 // Create a filter BIO that only reads and writes one byte at a time.
2427 bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr));
2428 ASSERT_TRUE(method);
2429 ASSERT_TRUE(BIO_meth_set_create(method.get(), [](BIO *b) -> int {
2430 BIO_set_init(b, 1);
2431 return 1;
2432 }));
2433 ASSERT_TRUE(
2434 BIO_meth_set_read(method.get(), [](BIO *b, char *out, int len) -> int {
2435 return BIO_read(BIO_next(b), out, std::min(len, 1));
2436 }));
2437 ASSERT_TRUE(BIO_meth_set_write(
2438 method.get(), [](BIO *b, const char *in, int len) -> int {
2439 return BIO_write(BIO_next(b), in, std::min(len, 1));
2440 }));
2441
2442 bssl::UniquePtr<BIO> bio(BIO_new(method.get()));
2443 ASSERT_TRUE(bio);
2444 BIO *mem_bio = BIO_new(BIO_s_mem());
2445 ASSERT_TRUE(mem_bio);
2446 BIO_push(bio.get(), mem_bio); // BIO_push takes ownership.
2447
2448 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
2449 ASSERT_TRUE(cert);
2450 uint8_t *der = nullptr;
2451 int der_len = i2d_X509(cert.get(), &der);
2452 ASSERT_GT(der_len, 0);
2453 bssl::UniquePtr<uint8_t> free_der(der);
2454
2455 // Write the certificate into the BIO. Though we only write one byte at a
2456 // time, the write should succeed.
2457 ASSERT_EQ(1, i2d_X509_bio(bio.get(), cert.get()));
2458 const uint8_t *der2;
2459 size_t der2_len;
2460 ASSERT_TRUE(BIO_mem_contents(mem_bio, &der2, &der2_len));
2461 EXPECT_EQ(Bytes(der, static_cast<size_t>(der_len)), Bytes(der2, der2_len));
2462
2463 // Read the certificate back out of the BIO. Though we only read one byte at a
2464 // time, the read should succeed.
2465 bssl::UniquePtr<X509> cert2(d2i_X509_bio(bio.get(), nullptr));
2466 ASSERT_TRUE(cert2);
2467 EXPECT_EQ(0, X509_cmp(cert.get(), cert2.get()));
2468 }
2469
TEST(X509Test,CommonNameFallback)2470 TEST(X509Test, CommonNameFallback) {
2471 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2472 ASSERT_TRUE(root);
2473 bssl::UniquePtr<X509> with_sans = CertFromPEM(kCommonNameWithSANs);
2474 ASSERT_TRUE(with_sans);
2475 bssl::UniquePtr<X509> without_sans = CertFromPEM(kCommonNameWithoutSANs);
2476 ASSERT_TRUE(without_sans);
2477 bssl::UniquePtr<X509> with_email = CertFromPEM(kCommonNameWithEmailSAN);
2478 ASSERT_TRUE(with_email);
2479 bssl::UniquePtr<X509> with_ip = CertFromPEM(kCommonNameWithIPSAN);
2480 ASSERT_TRUE(with_ip);
2481
2482 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2483 return Verify(leaf, {root.get()}, {}, {}, 0, [&](X509_VERIFY_PARAM *param) {
2484 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2485 X509_VERIFY_PARAM_set_hostflags(param, flags);
2486 });
2487 };
2488
2489 // By default, the common name is ignored if the SAN list is present but
2490 // otherwise is checked.
2491 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2492 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host1.test"));
2493 EXPECT_EQ(X509_V_OK,
2494 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host2.test"));
2495 EXPECT_EQ(X509_V_OK,
2496 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host3.test"));
2497 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(), 0 /* no flags */,
2498 "foo.host1.test"));
2499 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2500 verify_cert(with_email.get(), 0 /* no flags */, "foo.host1.test"));
2501 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2502 verify_cert(with_ip.get(), 0 /* no flags */, "foo.host1.test"));
2503
2504 // X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT is ignored.
2505 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2506 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2507 "foo.host1.test"));
2508 EXPECT_EQ(X509_V_OK,
2509 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2510 "foo.host2.test"));
2511 EXPECT_EQ(X509_V_OK,
2512 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2513 "foo.host3.test"));
2514 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(),
2515 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2516 "foo.host1.test"));
2517 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2518 verify_cert(with_email.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2519 "foo.host1.test"));
2520 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2521 verify_cert(with_ip.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2522 "foo.host1.test"));
2523
2524 // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT implements the correct behavior: the
2525 // common name is never checked.
2526 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2527 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2528 "foo.host1.test"));
2529 EXPECT_EQ(X509_V_OK,
2530 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2531 "foo.host2.test"));
2532 EXPECT_EQ(X509_V_OK,
2533 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2534 "foo.host3.test"));
2535 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2536 verify_cert(without_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2537 "foo.host1.test"));
2538 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2539 verify_cert(with_email.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2540 "foo.host1.test"));
2541 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2542 verify_cert(with_ip.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2543 "foo.host1.test"));
2544 }
2545
TEST(X509Test,LooksLikeDNSName)2546 TEST(X509Test, LooksLikeDNSName) {
2547 static const char *kValid[] = {
2548 "example.com",
2549 "eXample123-.com",
2550 "*.example.com",
2551 "exa_mple.com",
2552 "example.com.",
2553 "project-dev:us-central1:main",
2554 };
2555 static const char *kInvalid[] = {
2556 "-eXample123-.com",
2557 "",
2558 ".",
2559 "*",
2560 "*.",
2561 "example..com",
2562 ".example.com",
2563 "example.com..",
2564 "*foo.example.com",
2565 "foo.*.example.com",
2566 "foo,bar",
2567 };
2568
2569 for (const char *str : kValid) {
2570 SCOPED_TRACE(str);
2571 EXPECT_TRUE(x509v3_looks_like_dns_name(
2572 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2573 }
2574 for (const char *str : kInvalid) {
2575 SCOPED_TRACE(str);
2576 EXPECT_FALSE(x509v3_looks_like_dns_name(
2577 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2578 }
2579 }
2580
TEST(X509Test,CommonNameAndNameConstraints)2581 TEST(X509Test, CommonNameAndNameConstraints) {
2582 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2583 ASSERT_TRUE(root);
2584 bssl::UniquePtr<X509> intermediate = CertFromPEM(kConstrainedIntermediate);
2585 ASSERT_TRUE(intermediate);
2586 bssl::UniquePtr<X509> permitted = CertFromPEM(kCommonNamePermittedLeaf);
2587 ASSERT_TRUE(permitted);
2588 bssl::UniquePtr<X509> not_permitted =
2589 CertFromPEM(kCommonNameNotPermittedLeaf);
2590 ASSERT_TRUE(not_permitted);
2591 bssl::UniquePtr<X509> not_permitted_with_sans =
2592 CertFromPEM(kCommonNameNotPermittedWithSANsLeaf);
2593 ASSERT_TRUE(not_permitted_with_sans);
2594 bssl::UniquePtr<X509> not_dns = CertFromPEM(kCommonNameNotDNSLeaf);
2595 ASSERT_TRUE(not_dns);
2596
2597 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2598 return Verify(
2599 leaf, {root.get()}, {intermediate.get()}, {}, 0,
2600 [&](X509_VERIFY_PARAM *param) {
2601 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2602 X509_VERIFY_PARAM_set_hostflags(param, flags);
2603 });
2604 };
2605
2606 // Certificates which would otherwise trigger the common name fallback are
2607 // rejected whenever there are name constraints. We do this whether or not
2608 // the common name matches the constraints.
2609 EXPECT_EQ(
2610 X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2611 verify_cert(permitted.get(), 0 /* no flags */, kCommonNamePermitted));
2612 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2613 verify_cert(not_permitted.get(), 0 /* no flags */,
2614 kCommonNameNotPermitted));
2615
2616 // This occurs even if the built-in name checks aren't used. The caller may
2617 // separately call |X509_check_host|.
2618 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2619 Verify(not_permitted.get(), {root.get()}, {intermediate.get()}, {},
2620 0 /* no flags */, nullptr));
2621
2622 // If the leaf certificate has SANs, the common name fallback is always
2623 // disabled, so the name constraints do not apply.
2624 EXPECT_EQ(X509_V_OK, Verify(not_permitted_with_sans.get(), {root.get()},
2625 {intermediate.get()}, {}, 0, nullptr));
2626 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2627 verify_cert(not_permitted_with_sans.get(), 0 /* no flags */,
2628 kCommonNameNotPermittedWithSANs));
2629
2630 // If the common name does not look like a DNS name, we apply neither name
2631 // constraints nor common name fallback.
2632 EXPECT_EQ(X509_V_OK, Verify(not_dns.get(), {root.get()}, {intermediate.get()},
2633 {}, 0, nullptr));
2634 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2635 verify_cert(not_dns.get(), 0 /* no flags */, kCommonNameNotDNS));
2636 }
2637
TEST(X509Test,ServerGatedCryptoEKUs)2638 TEST(X509Test, ServerGatedCryptoEKUs) {
2639 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2640 ASSERT_TRUE(root);
2641 bssl::UniquePtr<X509> ms_sgc = CertFromPEM(kMicrosoftSGCCert);
2642 ASSERT_TRUE(ms_sgc);
2643 bssl::UniquePtr<X509> ns_sgc = CertFromPEM(kNetscapeSGCCert);
2644 ASSERT_TRUE(ns_sgc);
2645 bssl::UniquePtr<X509> server_eku = CertFromPEM(kServerEKUCert);
2646 ASSERT_TRUE(server_eku);
2647 bssl::UniquePtr<X509> server_eku_plus_ms_sgc =
2648 CertFromPEM(kServerEKUPlusMicrosoftSGCCert);
2649 ASSERT_TRUE(server_eku_plus_ms_sgc);
2650 bssl::UniquePtr<X509> any_eku = CertFromPEM(kAnyEKU);
2651 ASSERT_TRUE(any_eku);
2652 bssl::UniquePtr<X509> no_eku = CertFromPEM(kNoEKU);
2653 ASSERT_TRUE(no_eku);
2654
2655 auto verify_cert = [&root](X509 *leaf) {
2656 return Verify(leaf, {root.get()}, /*intermediates=*/{}, /*crls=*/{},
2657 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
2658 ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
2659 param, X509_PURPOSE_SSL_SERVER));
2660 });
2661 };
2662
2663 // Neither the Microsoft nor Netscape SGC EKU should be sufficient for
2664 // |X509_PURPOSE_SSL_SERVER|. The "any" EKU probably, technically, should be.
2665 // However, we've never accepted it and it's not acceptable in leaf
2666 // certificates by the Baseline, so perhaps we don't need this complexity.
2667 for (X509 *leaf : {ms_sgc.get(), ns_sgc.get(), any_eku.get()}) {
2668 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE, verify_cert(leaf));
2669 }
2670
2671 // The server-auth EKU is sufficient, and it doesn't matter if an SGC EKU is
2672 // also included. Lastly, not specifying an EKU is also valid.
2673 for (X509 *leaf : {server_eku.get(), server_eku_plus_ms_sgc.get(),
2674 no_eku.get()}) {
2675 EXPECT_EQ(X509_V_OK, verify_cert(leaf));
2676 }
2677 }
2678
2679 // Test that invalid extensions are rejected by, if not the parser, at least the
2680 // verifier.
TEST(X509Test,InvalidExtensions)2681 TEST(X509Test, InvalidExtensions) {
2682 bssl::UniquePtr<X509> root = CertFromPEM(
2683 GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str());
2684 ASSERT_TRUE(root);
2685 bssl::UniquePtr<X509> intermediate = CertFromPEM(
2686 GetTestData("crypto/x509/test/invalid_extension_intermediate.pem")
2687 .c_str());
2688 ASSERT_TRUE(intermediate);
2689 bssl::UniquePtr<X509> leaf = CertFromPEM(
2690 GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str());
2691 ASSERT_TRUE(leaf);
2692
2693 // Sanity-check that the baseline chain is accepted.
2694 EXPECT_EQ(X509_V_OK,
2695 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}));
2696
2697 static const char *kExtensions[] = {
2698 "authority_key_identifier",
2699 "basic_constraints",
2700 "ext_key_usage",
2701 "key_usage",
2702 "name_constraints",
2703 "subject_alt_name",
2704 "subject_key_identifier",
2705 };
2706 for (const char *ext : kExtensions) {
2707 SCOPED_TRACE(ext);
2708 bssl::UniquePtr<X509> invalid_root = CertFromPEM(
2709 GetTestData((std::string("crypto/x509/test/invalid_extension_root_") +
2710 ext + ".pem")
2711 .c_str())
2712 .c_str());
2713 ASSERT_TRUE(invalid_root);
2714
2715 bssl::UniquePtr<X509> invalid_intermediate = CertFromPEM(
2716 GetTestData(
2717 (std::string("crypto/x509/test/invalid_extension_intermediate_") +
2718 ext + ".pem")
2719 .c_str())
2720 .c_str());
2721 ASSERT_TRUE(invalid_intermediate);
2722
2723 bssl::UniquePtr<X509> invalid_leaf = CertFromPEM(
2724 GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") +
2725 ext + ".pem")
2726 .c_str())
2727 .c_str());
2728 ASSERT_TRUE(invalid_leaf);
2729
2730 bssl::UniquePtr<X509> trailing_leaf = CertFromPEM(
2731 GetTestData((std::string("crypto/x509/test/trailing_data_leaf_") +
2732 ext + ".pem")
2733 .c_str())
2734 .c_str());
2735 ASSERT_TRUE(trailing_leaf);
2736
2737 EXPECT_EQ(
2738 X509_V_ERR_INVALID_EXTENSION,
2739 Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {}));
2740
2741 EXPECT_EQ(
2742 X509_V_ERR_INVALID_EXTENSION,
2743 Verify(trailing_leaf.get(), {root.get()}, {intermediate.get()}, {}));
2744
2745 // If the invalid extension is on an intermediate or root,
2746 // |X509_verify_cert| notices by way of being unable to build a path to
2747 // a valid issuer.
2748 EXPECT_EQ(
2749 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
2750 Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {}));
2751 EXPECT_EQ(
2752 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
2753 Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {}));
2754 }
2755 }
2756
2757 // kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number
2758 // encoded explicitly, rather than omitted as required by DER.
2759 static const char kExplicitDefaultVersionPEM[] = R"(
2760 -----BEGIN CERTIFICATE-----
2761 MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2762 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2763 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2764 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2765 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2766 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2767 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2768 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2769 FA==
2770 -----END CERTIFICATE-----
2771 )";
2772
2773 // kNegativeVersionPEM is an X.509 certificate with a negative version number.
2774 static const char kNegativeVersionPEM[] = R"(
2775 -----BEGIN CERTIFICATE-----
2776 MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2777 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2778 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2779 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2780 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2781 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2782 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2783 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2784 FA==
2785 -----END CERTIFICATE-----
2786 )";
2787
2788 // kFutureVersionPEM is an X.509 certificate with a version number value of
2789 // three, which is not defined. (v3 has value two).
2790 static const char kFutureVersionPEM[] = R"(
2791 -----BEGIN CERTIFICATE-----
2792 MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2793 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2794 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2795 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2796 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2797 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2798 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2799 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2800 FA==
2801 -----END CERTIFICATE-----
2802 )";
2803
2804 // kOverflowVersionPEM is an X.509 certificate with a version field which
2805 // overflows |uint64_t|.
2806 static const char kOverflowVersionPEM[] = R"(
2807 -----BEGIN CERTIFICATE-----
2808 MIIBoDCCAUegJgIkAP//////////////////////////////////////////////
2809 AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
2810 U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X
2811 DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR
2812 BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
2813 IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX
2814 a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw
2815 CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd
2816 xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
2817 -----END CERTIFICATE-----
2818 )";
2819
2820 // kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
2821 static const char kV1WithExtensionsPEM[] = R"(
2822 -----BEGIN CERTIFICATE-----
2823 MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2824 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2825 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2826 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2827 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2828 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2829 lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud
2830 IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI
2831 zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe
2832 eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
2833 -----END CERTIFICATE-----
2834 )";
2835
2836 // kV2WithExtensionsPEM is an X.509v2 certificate with extensions.
2837 static const char kV2WithExtensionsPEM[] = R"(
2838 -----BEGIN CERTIFICATE-----
2839 MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2840 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2841 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2842 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2843 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2844 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2845 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
2846 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
2847 BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
2848 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=
2849 -----END CERTIFICATE-----
2850 )";
2851
2852 // kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
2853 static const char kV1WithIssuerUniqueIDPEM[] = R"(
2854 -----BEGIN CERTIFICATE-----
2855 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2856 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2857 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2858 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2859 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2860 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2861 lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
2862 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
2863 MlJhXnXJFA==
2864 -----END CERTIFICATE-----
2865 )";
2866
2867 // kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
2868 static const char kV1WithSubjectUniqueIDPEM[] = R"(
2869 -----BEGIN CERTIFICATE-----
2870 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2871 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2872 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2873 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2874 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2875 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2876 lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
2877 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
2878 MlJhXnXJFA==
2879 -----END CERTIFICATE-----
2880 )";
2881
2882 // kV1CRLWithExtensionsPEM is a v1 CRL with extensions.
2883 static const char kV1CRLWithExtensionsPEM[] = R"(
2884 -----BEGIN X509 CRL-----
2885 MIIBpDCBjTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwK
2886 Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9y
2887 aW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNVHRQE
2888 AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LNZEAc
2889 +a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWoeOkq
2890 0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4osdsAR
2891 eBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vvdiyu
2892 0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho/vBb
2893 hl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
2894 -----END X509 CRL-----
2895 )";
2896
2897 // kExplicitDefaultVersionCRLPEM is a v1 CRL with an explicitly-encoded version
2898 // field.
2899 static const char kExplicitDefaultVersionCRLPEM[] = R"(
2900 -----BEGIN X509 CRL-----
2901 MIIBlzCBgAIBADANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
2902 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
2903 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaMA0GCSqGSIb3
2904 DQEBCwUAA4IBAQCesEoqC933H3PAr2u1S9V4V4nv4s1kQBz5rmjGk80SwnHqFegC
2905 lgRvNczG5YFCgKzmIQHJxIa51y3bUv4xV/bszfwqtah46SrRrayKpWJBk7YVv9JQ
2906 VHST3NvzGXzpl/rmWA+mUAu6fRtX8dPswlyXThNziix2wBF4GzmepMY0R3kCULWI
2907 oe9BmQz/8wPnUOykqcOmwOJRWLniH0LVKl9mZfwfZW92LK7R9n9s8AzdUAZrBq1/
2908 9LJZ8EzIqmg9cQbf2gDOaOM6Px6fzamyfubjvggZqGj+8FuGXWazmpCItg+ObhgQ
2909 u2ddCgXILva0GNt0V39kT2TgI0oNvEVRcVuT
2910 -----END X509 CRL-----
2911 )";
2912
2913 // kV3CRLPEM is a v3 CRL. CRL versions only go up to v2.
2914 static const char kV3CRLPEM[] = R"(
2915 -----BEGIN X509 CRL-----
2916 MIIBpzCBkAIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
2917 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
2918 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
2919 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
2920 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
2921 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
2922 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
2923 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
2924 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
2925 -----END X509 CRL-----
2926 )";
2927
2928 // kV2CSRPEM is a v2 CSR. CSR versions only go up to v1.
2929 static const char kV2CSRPEM[] = R"(
2930 -----BEGIN CERTIFICATE REQUEST-----
2931 MIHJMHECAQEwDzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
2932 A0IABJjsayyAQod1J7UJYNT8AH4WWxLdKV0ozhrIz6hCzBAze7AqXWOSH8G+1EWC
2933 pSfL3oMQNtBdJS0kpXXaUqEAgTSgADAKBggqhkjOPQQDAgNIADBFAiAUXVaEYATg
2934 4Cc917T73KBImxh6xyhsA5pKuYpq1S4m9wIhAK+G93HR4ur7Ghel6+zUTvIAsj9e
2935 rsn4lSYsqI4OI4ei
2936 -----END CERTIFICATE REQUEST-----
2937 )";
2938
2939 // Test that the library enforces versions are valid and match the fields
2940 // present.
TEST(X509Test,InvalidVersion)2941 TEST(X509Test, InvalidVersion) {
2942 // kExplicitDefaultVersionPEM is invalid but, for now, we accept it. See
2943 // https://crbug.com/boringssl/364.
2944 EXPECT_TRUE(CertFromPEM(kExplicitDefaultVersionPEM));
2945 EXPECT_TRUE(CRLFromPEM(kExplicitDefaultVersionCRLPEM));
2946
2947 EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
2948 EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
2949 EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
2950 EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
2951 EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
2952 EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
2953 EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
2954 EXPECT_FALSE(CRLFromPEM(kV1CRLWithExtensionsPEM));
2955 EXPECT_FALSE(CRLFromPEM(kV3CRLPEM));
2956 EXPECT_FALSE(CSRFromPEM(kV2CSRPEM));
2957
2958 bssl::UniquePtr<X509> x509(X509_new());
2959 ASSERT_TRUE(x509);
2960 EXPECT_FALSE(X509_set_version(x509.get(), -1));
2961 EXPECT_FALSE(X509_set_version(x509.get(), X509_VERSION_3 + 1));
2962 EXPECT_FALSE(X509_set_version(x509.get(), 9999));
2963
2964 bssl::UniquePtr<X509_CRL> crl(X509_CRL_new());
2965 ASSERT_TRUE(crl);
2966 EXPECT_FALSE(X509_CRL_set_version(crl.get(), -1));
2967 EXPECT_FALSE(X509_CRL_set_version(crl.get(), X509_CRL_VERSION_2 + 1));
2968 EXPECT_FALSE(X509_CRL_set_version(crl.get(), 9999));
2969
2970 bssl::UniquePtr<X509_REQ> req(X509_REQ_new());
2971 ASSERT_TRUE(req);
2972 EXPECT_FALSE(X509_REQ_set_version(req.get(), -1));
2973 EXPECT_FALSE(X509_REQ_set_version(req.get(), X509_REQ_VERSION_1 + 1));
2974 EXPECT_FALSE(X509_REQ_set_version(req.get(), 9999));
2975 }
2976
2977 // Unlike upstream OpenSSL, we require a non-null store in
2978 // |X509_STORE_CTX_init|.
TEST(X509Test,NullStore)2979 TEST(X509Test, NullStore) {
2980 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
2981 ASSERT_TRUE(leaf);
2982 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
2983 ASSERT_TRUE(ctx);
2984 EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr));
2985 }
2986
TEST(X509Test,BasicConstraints)2987 TEST(X509Test, BasicConstraints) {
2988 const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID;
2989
2990 static const struct {
2991 const char *file;
2992 uint32_t flags;
2993 int path_len;
2994 } kTests[] = {
2995 {"basic_constraints_none.pem", 0, -1},
2996 {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1},
2997 {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0},
2998 {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1},
2999 {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10},
3000 {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1},
3001 {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1},
3002 };
3003
3004 for (const auto &test : kTests) {
3005 SCOPED_TRACE(test.file);
3006
3007 std::string path = "crypto/x509/test/";
3008 path += test.file;
3009
3010 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path.c_str()).c_str());
3011 ASSERT_TRUE(cert);
3012 EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask);
3013 EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get()));
3014 }
3015 }
3016
3017 // The following strings are test certificates signed by kP256Key and kRSAKey,
3018 // with missing, NULL, or invalid algorithm parameters.
3019 static const char kP256NoParam[] = R"(
3020 -----BEGIN CERTIFICATE-----
3021 MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
3022 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
3023 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
3024 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
3025 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy
3026 aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy
3027 gGzFYg==
3028 -----END CERTIFICATE-----
3029 )";
3030 static const char kP256NullParam[] = R"(
3031 -----BEGIN CERTIFICATE-----
3032 MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw
3033 IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl
3034 c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3
3035 qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw
3036 DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX
3037 UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r
3038 t6uPxHrmpUY=
3039 -----END CERTIFICATE-----
3040 )";
3041 static const char kP256InvalidParam[] = R"(
3042 -----BEGIN CERTIFICATE-----
3043 MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD
3044 EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD
3045 VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N
3046 lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L
3047 z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF
3048 AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y
3049 fLULTZnynuQUULQkRcF7S7T2WpIL
3050 -----END CERTIFICATE-----
3051 )";
3052 static const char kRSANoParam[] = R"(
3053 -----BEGIN CERTIFICATE-----
3054 MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg
3055 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
3056 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
3057 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
3058 MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh
3059 brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N
3060 l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY
3061 TWUH2ieFP3l+ecj1SeQR
3062 -----END CERTIFICATE-----
3063 )";
3064 static const char kRSANullParam[] = R"(
3065 -----BEGIN CERTIFICATE-----
3066 MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0
3067 MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU
3068 ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr
3069 t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ
3070 MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL
3071 fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy
3072 seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua
3073 SwmQUz4bRpckRBj+sIyp1We+pg==
3074 -----END CERTIFICATE-----
3075 )";
3076 static const char kRSAInvalidParam[] = R"(
3077 -----BEGIN CERTIFICATE-----
3078 MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE
3079 AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG
3080 A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e
3081 DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt
3082 S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB
3083 AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0
3084 4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8
3085 5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9
3086 -----END CERTIFICATE-----
3087 )";
3088
TEST(X509Test,AlgorithmParameters)3089 TEST(X509Test, AlgorithmParameters) {
3090 // P-256 parameters should be omitted, but we accept NULL ones.
3091 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
3092 ASSERT_TRUE(key);
3093
3094 bssl::UniquePtr<X509> cert = CertFromPEM(kP256NoParam);
3095 ASSERT_TRUE(cert);
3096 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3097
3098 cert = CertFromPEM(kP256NullParam);
3099 ASSERT_TRUE(cert);
3100 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3101
3102 cert = CertFromPEM(kP256InvalidParam);
3103 ASSERT_TRUE(cert);
3104 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
3105 uint32_t err = ERR_get_error();
3106 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
3107 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
3108
3109 // RSA parameters should be NULL, but we accept omitted ones.
3110 key = PrivateKeyFromPEM(kRSAKey);
3111 ASSERT_TRUE(key);
3112
3113 cert = CertFromPEM(kRSANoParam);
3114 ASSERT_TRUE(cert);
3115 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3116
3117 cert = CertFromPEM(kRSANullParam);
3118 ASSERT_TRUE(cert);
3119 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3120
3121 cert = CertFromPEM(kRSAInvalidParam);
3122 ASSERT_TRUE(cert);
3123 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
3124 err = ERR_get_error();
3125 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
3126 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
3127 }
3128
TEST(X509Test,GeneralName)3129 TEST(X509Test, GeneralName) {
3130 const std::vector<uint8_t> kNames[] = {
3131 // [0] {
3132 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3133 // [0] {
3134 // SEQUENCE {}
3135 // }
3136 // }
3137 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3138 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00},
3139 // [0] {
3140 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3141 // [0] {
3142 // [APPLICATION 0] {}
3143 // }
3144 // }
3145 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3146 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00},
3147 // [0] {
3148 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3149 // [0] {
3150 // UTF8String { "a" }
3151 // }
3152 // }
3153 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3154 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3155 // [0] {
3156 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
3157 // [0] {
3158 // UTF8String { "a" }
3159 // }
3160 // }
3161 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3162 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3163 // [0] {
3164 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3165 // [0] {
3166 // UTF8String { "b" }
3167 // }
3168 // }
3169 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3170 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62},
3171 // [0] {
3172 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3173 // [0] {
3174 // BOOLEAN { TRUE }
3175 // }
3176 // }
3177 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3178 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff},
3179 // [0] {
3180 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3181 // [0] {
3182 // BOOLEAN { FALSE }
3183 // }
3184 // }
3185 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3186 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00},
3187 // [1 PRIMITIVE] { "a" }
3188 {0x81, 0x01, 0x61},
3189 // [1 PRIMITIVE] { "b" }
3190 {0x81, 0x01, 0x62},
3191 // [2 PRIMITIVE] { "a" }
3192 {0x82, 0x01, 0x61},
3193 // [2 PRIMITIVE] { "b" }
3194 {0x82, 0x01, 0x62},
3195 // [4] {
3196 // SEQUENCE {
3197 // SET {
3198 // SEQUENCE {
3199 // # commonName
3200 // OBJECT_IDENTIFIER { 2.5.4.3 }
3201 // UTF8String { "a" }
3202 // }
3203 // }
3204 // }
3205 // }
3206 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3207 0x03, 0x0c, 0x01, 0x61},
3208 // [4] {
3209 // SEQUENCE {
3210 // SET {
3211 // SEQUENCE {
3212 // # commonName
3213 // OBJECT_IDENTIFIER { 2.5.4.3 }
3214 // UTF8String { "b" }
3215 // }
3216 // }
3217 // }
3218 // }
3219 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3220 0x03, 0x0c, 0x01, 0x62},
3221 // [5] {
3222 // [1] {
3223 // UTF8String { "a" }
3224 // }
3225 // }
3226 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3227 // [5] {
3228 // [1] {
3229 // UTF8String { "b" }
3230 // }
3231 // }
3232 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62},
3233 // [5] {
3234 // [0] {
3235 // UTF8String {}
3236 // }
3237 // [1] {
3238 // UTF8String { "a" }
3239 // }
3240 // }
3241 {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3242 // [5] {
3243 // [0] {
3244 // UTF8String { "a" }
3245 // }
3246 // [1] {
3247 // UTF8String { "a" }
3248 // }
3249 // }
3250 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3251 // [5] {
3252 // [0] {
3253 // UTF8String { "b" }
3254 // }
3255 // [1] {
3256 // UTF8String { "a" }
3257 // }
3258 // }
3259 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3260 // [6 PRIMITIVE] { "a" }
3261 {0x86, 0x01, 0x61},
3262 // [6 PRIMITIVE] { "b" }
3263 {0x86, 0x01, 0x62},
3264 // [7 PRIMITIVE] { `11111111` }
3265 {0x87, 0x04, 0x11, 0x11, 0x11, 0x11},
3266 // [7 PRIMITIVE] { `22222222`}
3267 {0x87, 0x04, 0x22, 0x22, 0x22, 0x22},
3268 // [7 PRIMITIVE] { `11111111111111111111111111111111` }
3269 {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
3270 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
3271 // [7 PRIMITIVE] { `22222222222222222222222222222222` }
3272 {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
3273 0x22, 0x22, 0x22, 0x22, 0x22, 0x22},
3274 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 }
3275 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3276 0x09, 0x02, 0x01},
3277 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 }
3278 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3279 0x09, 0x02, 0x02},
3280 };
3281
3282 // Every name should be equal to itself and not equal to any others.
3283 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) {
3284 SCOPED_TRACE(Bytes(kNames[i]));
3285
3286 const uint8_t *ptr = kNames[i].data();
3287 bssl::UniquePtr<GENERAL_NAME> a(
3288 d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size()));
3289 ASSERT_TRUE(a);
3290 ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size());
3291
3292 for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) {
3293 SCOPED_TRACE(Bytes(kNames[j]));
3294
3295 ptr = kNames[j].data();
3296 bssl::UniquePtr<GENERAL_NAME> b(
3297 d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size()));
3298 ASSERT_TRUE(b);
3299 ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size());
3300
3301 if (i == j) {
3302 EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0);
3303 } else {
3304 EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0);
3305 }
3306 }
3307 }
3308 }
3309
3310 // Test that extracting fields of an |X509_ALGOR| works correctly.
TEST(X509Test,X509AlgorExtract)3311 TEST(X509Test, X509AlgorExtract) {
3312 static const char kTestOID[] = "1.2.840.113554.4.1.72585.2";
3313 const struct {
3314 int param_type;
3315 std::vector<uint8_t> param_der;
3316 } kTests[] = {
3317 // No parameter.
3318 {V_ASN1_UNDEF, {}},
3319 // BOOLEAN { TRUE }
3320 {V_ASN1_BOOLEAN, {0x01, 0x01, 0xff}},
3321 // BOOLEAN { FALSE }
3322 {V_ASN1_BOOLEAN, {0x01, 0x01, 0x00}},
3323 // OCTET_STRING { "a" }
3324 {V_ASN1_OCTET_STRING, {0x04, 0x01, 0x61}},
3325 // BIT_STRING { `01` `00` }
3326 {V_ASN1_BIT_STRING, {0x03, 0x02, 0x01, 0x00}},
3327 // INTEGER { -1 }
3328 {V_ASN1_INTEGER, {0x02, 0x01, 0xff}},
3329 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
3330 {V_ASN1_OBJECT,
3331 {0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3332 0x09, 0x02}},
3333 // NULL {}
3334 {V_ASN1_NULL, {0x05, 0x00}},
3335 // SEQUENCE {}
3336 {V_ASN1_SEQUENCE, {0x30, 0x00}},
3337 // SET {}
3338 {V_ASN1_SET, {0x31, 0x00}},
3339 // [0] { UTF8String { "a" } }
3340 {V_ASN1_OTHER, {0xa0, 0x03, 0x0c, 0x01, 0x61}},
3341 };
3342 for (const auto &t : kTests) {
3343 SCOPED_TRACE(Bytes(t.param_der));
3344
3345 // Assemble an AlgorithmIdentifier with the parameter.
3346 bssl::ScopedCBB cbb;
3347 CBB seq, oid;
3348 ASSERT_TRUE(CBB_init(cbb.get(), 64));
3349 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE));
3350 ASSERT_TRUE(CBB_add_asn1(&seq, &oid, CBS_ASN1_OBJECT));
3351 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&oid, kTestOID, strlen(kTestOID)));
3352 ASSERT_TRUE(CBB_add_bytes(&seq, t.param_der.data(), t.param_der.size()));
3353 ASSERT_TRUE(CBB_flush(cbb.get()));
3354
3355 const uint8_t *ptr = CBB_data(cbb.get());
3356 bssl::UniquePtr<X509_ALGOR> alg(
3357 d2i_X509_ALGOR(nullptr, &ptr, CBB_len(cbb.get())));
3358 ASSERT_TRUE(alg);
3359
3360 const ASN1_OBJECT *obj;
3361 int param_type;
3362 const void *param_value;
3363 X509_ALGOR_get0(&obj, ¶m_type, ¶m_value, alg.get());
3364
3365 EXPECT_EQ(param_type, t.param_type);
3366 char oid_buf[sizeof(kTestOID)];
3367 ASSERT_EQ(int(sizeof(oid_buf) - 1),
3368 OBJ_obj2txt(oid_buf, sizeof(oid_buf), obj,
3369 /*always_return_oid=*/1));
3370 EXPECT_STREQ(oid_buf, kTestOID);
3371
3372 // |param_type| and |param_value| must be consistent with |ASN1_TYPE|.
3373 if (param_type == V_ASN1_UNDEF) {
3374 EXPECT_EQ(nullptr, param_value);
3375 } else {
3376 bssl::UniquePtr<ASN1_TYPE> param(ASN1_TYPE_new());
3377 ASSERT_TRUE(param);
3378 ASSERT_TRUE(ASN1_TYPE_set1(param.get(), param_type, param_value));
3379
3380 uint8_t *param_der = nullptr;
3381 int param_len = i2d_ASN1_TYPE(param.get(), ¶m_der);
3382 ASSERT_GE(param_len, 0);
3383 bssl::UniquePtr<uint8_t> free_param_der(param_der);
3384
3385 EXPECT_EQ(Bytes(param_der, param_len), Bytes(t.param_der));
3386 }
3387 }
3388 }
3389
3390 // Test the various |X509_ATTRIBUTE| creation functions.
TEST(X509Test,Attribute)3391 TEST(X509Test, Attribute) {
3392 // The friendlyName attribute has a BMPString value. See RFC 2985,
3393 // section 5.5.1.
3394 static const uint8_t kTest1[] = {0x26, 0x03}; // U+2603 SNOWMAN
3395 static const uint8_t kTest1UTF8[] = {0xe2, 0x98, 0x83};
3396 static const uint8_t kTest2[] = {0, 't', 0, 'e', 0, 's', 0, 't'};
3397
3398 auto check_attribute = [&](X509_ATTRIBUTE *attr, bool has_test2) {
3399 EXPECT_EQ(NID_friendlyName, OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)));
3400
3401 EXPECT_EQ(has_test2 ? 2 : 1, X509_ATTRIBUTE_count(attr));
3402
3403 // The first attribute should contain |kTest1|.
3404 const ASN1_TYPE *value = X509_ATTRIBUTE_get0_type(attr, 0);
3405 ASSERT_TRUE(value);
3406 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
3407 EXPECT_EQ(Bytes(kTest1),
3408 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
3409 ASN1_STRING_length(value->value.bmpstring)));
3410
3411 // |X509_ATTRIBUTE_get0_data| requires the type match.
3412 EXPECT_FALSE(
3413 X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_OCTET_STRING, nullptr));
3414 const ASN1_BMPSTRING *bmpstring = static_cast<const ASN1_BMPSTRING *>(
3415 X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_BMPSTRING, nullptr));
3416 ASSERT_TRUE(bmpstring);
3417 EXPECT_EQ(Bytes(kTest1), Bytes(ASN1_STRING_get0_data(bmpstring),
3418 ASN1_STRING_length(bmpstring)));
3419
3420 if (has_test2) {
3421 value = X509_ATTRIBUTE_get0_type(attr, 1);
3422 ASSERT_TRUE(value);
3423 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
3424 EXPECT_EQ(Bytes(kTest2),
3425 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
3426 ASN1_STRING_length(value->value.bmpstring)));
3427 } else {
3428 EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 1));
3429 }
3430
3431 EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 2));
3432 };
3433
3434 bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
3435 ASSERT_TRUE(str);
3436 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
3437
3438 // Test |X509_ATTRIBUTE_create|.
3439 bssl::UniquePtr<X509_ATTRIBUTE> attr(
3440 X509_ATTRIBUTE_create(NID_friendlyName, V_ASN1_BMPSTRING, str.get()));
3441 ASSERT_TRUE(attr);
3442 str.release(); // |X509_ATTRIBUTE_create| takes ownership on success.
3443 check_attribute(attr.get(), /*has_test2=*/false);
3444
3445 // Test the |MBSTRING_*| form of |X509_ATTRIBUTE_set1_data|.
3446 attr.reset(X509_ATTRIBUTE_new());
3447 ASSERT_TRUE(attr);
3448 ASSERT_TRUE(
3449 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
3450 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), MBSTRING_UTF8, kTest1UTF8,
3451 sizeof(kTest1UTF8)));
3452 check_attribute(attr.get(), /*has_test2=*/false);
3453
3454 // Test the |ASN1_STRING| form of |X509_ATTRIBUTE_set1_data|.
3455 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, kTest2,
3456 sizeof(kTest2)));
3457 check_attribute(attr.get(), /*has_test2=*/true);
3458
3459 // Test the |ASN1_TYPE| form of |X509_ATTRIBUTE_set1_data|.
3460 attr.reset(X509_ATTRIBUTE_new());
3461 ASSERT_TRUE(attr);
3462 ASSERT_TRUE(
3463 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
3464 str.reset(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
3465 ASSERT_TRUE(str);
3466 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
3467 ASSERT_TRUE(
3468 X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, str.get(), -1));
3469 check_attribute(attr.get(), /*has_test2=*/false);
3470 }
3471
3472 // Test that, by default, |X509_V_FLAG_TRUSTED_FIRST| is set, which means we'll
3473 // skip over server-sent expired intermediates when there is a local trust
3474 // anchor that works better.
TEST(X509Test,TrustedFirst)3475 TEST(X509Test, TrustedFirst) {
3476 // Generate the following certificates:
3477 //
3478 // Root 2 (in store, expired)
3479 // |
3480 // Root 1 (in store) Root 1 (cross-sign)
3481 // \ /
3482 // Intermediate
3483 // |
3484 // Leaf
3485 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
3486 ASSERT_TRUE(key);
3487
3488 bssl::UniquePtr<X509> root2 =
3489 MakeTestCert("Root 2", "Root 2", key.get(), /*is_ca=*/true);
3490 ASSERT_TRUE(root2);
3491 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root2.get()), kReferenceTime,
3492 /*offset_day=*/0,
3493 /*offset_sec=*/-1));
3494 ASSERT_TRUE(X509_sign(root2.get(), key.get(), EVP_sha256()));
3495
3496 bssl::UniquePtr<X509> root1 =
3497 MakeTestCert("Root 1", "Root 1", key.get(), /*is_ca=*/true);
3498 ASSERT_TRUE(root1);
3499 ASSERT_TRUE(X509_sign(root1.get(), key.get(), EVP_sha256()));
3500
3501 bssl::UniquePtr<X509> root1_cross =
3502 MakeTestCert("Root 2", "Root 1", key.get(), /*is_ca=*/true);
3503 ASSERT_TRUE(root1_cross);
3504 ASSERT_TRUE(X509_sign(root1_cross.get(), key.get(), EVP_sha256()));
3505
3506 bssl::UniquePtr<X509> intermediate =
3507 MakeTestCert("Root 1", "Intermediate", key.get(), /*is_ca=*/true);
3508 ASSERT_TRUE(intermediate);
3509 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
3510
3511 bssl::UniquePtr<X509> leaf =
3512 MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
3513 ASSERT_TRUE(leaf);
3514 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
3515
3516 // As a control, confirm that |leaf| -> |intermediate| -> |root1| is valid,
3517 // but the path through |root1_cross| is expired.
3518 EXPECT_EQ(X509_V_OK,
3519 Verify(leaf.get(), {root1.get()}, {intermediate.get()}, {}));
3520 EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
3521 Verify(leaf.get(), {root2.get()},
3522 {intermediate.get(), root1_cross.get()}, {}));
3523
3524 // By default, we should find the |leaf| -> |intermediate| -> |root2| chain,
3525 // skipping |root1_cross|.
3526 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root1.get(), root2.get()},
3527 {intermediate.get(), root1_cross.get()}, {}));
3528
3529 // When |X509_V_FLAG_TRUSTED_FIRST| is disabled, we get stuck on the expired
3530 // intermediate. Note we need the callback to clear the flag. Setting |flags|
3531 // to zero only skips setting new flags.
3532 //
3533 // This test exists to confirm our current behavior, but these modes are just
3534 // workarounds for not having an actual path-building verifier. If we fix it,
3535 // this test can be removed.
3536 EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
3537 Verify(leaf.get(), {root1.get(), root2.get()},
3538 {intermediate.get(), root1_cross.get()}, {}, /*flags=*/0,
3539 [&](X509_VERIFY_PARAM *param) {
3540 X509_VERIFY_PARAM_clear_flags(param,
3541 X509_V_FLAG_TRUSTED_FIRST);
3542 }));
3543
3544 // Even when |X509_V_FLAG_TRUSTED_FIRST| is disabled, if |root2| is not
3545 // trusted, the alt chains logic recovers the path.
3546 EXPECT_EQ(
3547 X509_V_OK,
3548 Verify(leaf.get(), {root1.get()}, {intermediate.get(), root1_cross.get()},
3549 {}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
3550 X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
3551 }));
3552 }
3553
3554 // kConstructedBitString is an X.509 certificate where the signature is encoded
3555 // as a BER constructed BIT STRING. Note that, while OpenSSL's parser accepts
3556 // this input, it interprets the value incorrectly.
3557 static const char kConstructedBitString[] = R"(
3558 -----BEGIN CERTIFICATE-----
3559 MIIBJTCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
3560 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
3561 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
3562 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
3563 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAiNOAyQAMEYCIQCp0iIX5s30KXjihR4g
3564 KnJpd3seqGlVRqCVgrD0KGYDJgA1QAIhAKkx0vR82QU0NtHDD11KX/LuQF2T+2nX
3565 oeKp5LKAbMVi
3566 -----END CERTIFICATE-----
3567 )";
3568
3569 // kConstructedOctetString is an X.509 certificate where an extension is encoded
3570 // as a BER constructed OCTET STRING.
3571 static const char kConstructedOctetString[] = R"(
3572 -----BEGIN CERTIFICATE-----
3573 MIIBJDCByqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
3574 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
3575 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
3576 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMUMBIw
3577 EAYDVR0TJAkEAzADAQQCAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKF
3578 HiAqcml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh
3579 4qnksoBsxWI=
3580 -----END CERTIFICATE-----
3581 )";
3582
3583 // kIndefiniteLength is an X.509 certificate where the outermost SEQUENCE uses
3584 // BER indefinite-length encoding.
3585 static const char kIndefiniteLength[] = R"(
3586 -----BEGIN CERTIFICATE-----
3587 MIAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAgFw0w
3588 MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVzdDBZ
3589 MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7epHg1G
3590 +92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAOMAwG
3591 A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAqcml3
3592 ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnksoBs
3593 xWIAAA==
3594 -----END CERTIFICATE-----
3595 )";
3596
3597 // kNonZeroPadding is an X.09 certificate where the BIT STRING signature field
3598 // has non-zero padding values.
3599 static const char kNonZeroPadding[] = R"(
3600 -----BEGIN CERTIFICATE-----
3601 MIIB0DCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3602 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3603 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3604 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3605 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3606 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3607 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
3608 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
3609 BgcqhkjOPQQBA0kBMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
3610 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQB
3611 -----END CERTIFICATE-----
3612 )";
3613
3614 // kHighTagNumber is an X.509 certificate where the outermost SEQUENCE tag uses
3615 // high tag number form.
3616 static const char kHighTagNumber[] = R"(
3617 -----BEGIN CERTIFICATE-----
3618 PxCCASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg
3619 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
3620 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
3621 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
3622 MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq
3623 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
3624 soBsxWI=
3625 -----END CERTIFICATE-----
3626 )";
3627
TEST(X509Test,BER)3628 TEST(X509Test, BER) {
3629 // Constructed strings are forbidden in DER.
3630 EXPECT_FALSE(CertFromPEM(kConstructedBitString));
3631 EXPECT_FALSE(CertFromPEM(kConstructedOctetString));
3632 // Indefinite lengths are forbidden in DER.
3633 EXPECT_FALSE(CertFromPEM(kIndefiniteLength));
3634 // Padding bits in BIT STRINGs must be zero in BER.
3635 EXPECT_FALSE(CertFromPEM(kNonZeroPadding));
3636 // Tags must be minimal in both BER and DER, though many BER decoders
3637 // incorrectly support non-minimal tags.
3638 EXPECT_FALSE(CertFromPEM(kHighTagNumber));
3639 }
3640
TEST(X509Test,Names)3641 TEST(X509Test, Names) {
3642 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
3643 ASSERT_TRUE(key);
3644 bssl::UniquePtr<X509> root =
3645 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
3646 ASSERT_TRUE(root);
3647 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
3648
3649 struct {
3650 std::vector<std::pair<int, std::string>> cert_subject;
3651 std::vector<std::string> cert_dns_names;
3652 std::vector<std::string> cert_emails;
3653 std::vector<std::string> valid_dns_names;
3654 std::vector<std::string> invalid_dns_names;
3655 std::vector<std::string> valid_emails;
3656 std::vector<std::string> invalid_emails;
3657 unsigned flags;
3658 } kTests[] = {
3659 // DNS names only match DNS names and do so case-insensitively.
3660 {
3661 /*cert_subject=*/{},
3662 /*cert_dns_names=*/{"example.com", "WWW.EXAMPLE.COM"},
3663 /*cert_emails=*/{},
3664 /*valid_dns_names=*/
3665 {"example.com", "EXAMPLE.COM", "www.example.com", "WWW.EXAMPLE.COM"},
3666 /*invalid_dns_names=*/{"test.example.com", "example.org"},
3667 /*valid_emails=*/{},
3668 /*invalid_emails=*/{"test@example.com", "example.com"},
3669 /*flags=*/0,
3670 },
3671
3672 // DNS wildcards match exactly one component.
3673 {
3674 /*cert_subject=*/{},
3675 /*cert_dns_names=*/{"*.example.com", "*.EXAMPLE.ORG"},
3676 /*cert_emails=*/{},
3677 /*valid_dns_names=*/
3678 {"www.example.com", "WWW.EXAMPLE.COM", "www.example.org",
3679 "WWW.EXAMPLE.ORG"},
3680 /*invalid_dns_names=*/{"example.com", "test.www.example.com"},
3681 /*valid_emails=*/{},
3682 /*invalid_emails=*/{"test@example.com", "www.example.com"},
3683 /*flags=*/0,
3684 },
3685
3686 // DNS wildcards can be disabled.
3687 // TODO(davidben): Can we remove this feature? Does anyone use it?
3688 {
3689 /*cert_subject=*/{},
3690 /*cert_dns_names=*/{"example.com", "*.example.com"},
3691 /*cert_emails=*/{},
3692 /*valid_dns_names=*/{"example.com"},
3693 /*invalid_dns_names=*/{"www.example.com"},
3694 /*valid_emails=*/{},
3695 /*invalid_emails=*/{},
3696 /*flags=*/X509_CHECK_FLAG_NO_WILDCARDS,
3697 },
3698
3699 // Invalid DNS wildcards do not match.
3700 {
3701 /*cert_subject=*/{},
3702 /*cert_dns_names=*/
3703 {"a.*", "**.b.example", "*c.example", "d*.example", "e*e.example",
3704 "*", ".", "..", "*."},
3705 /*cert_emails=*/{},
3706 /*valid_dns_names=*/{},
3707 /*invalid_dns_names=*/
3708 {"a.example", "test.b.example", "cc.example", "dd.example",
3709 "eee.example", "f", "g."},
3710 /*valid_emails=*/{},
3711 /*invalid_emails=*/{},
3712 /*flags=*/0,
3713 },
3714
3715 // IDNs match like any other DNS labels.
3716 {
3717 /*cert_subject=*/{},
3718 /*cert_dns_names=*/
3719 {"xn--rger-koa.a.example", "*.xn--rger-koa.b.example",
3720 "www.xn--rger-koa.c.example"},
3721 /*cert_emails=*/{},
3722 /*valid_dns_names=*/
3723 {"xn--rger-koa.a.example", "www.xn--rger-koa.b.example",
3724 "www.xn--rger-koa.c.example"},
3725 /*invalid_dns_names=*/
3726 {"www.xn--rger-koa.a.example", "xn--rger-koa.b.example",
3727 "www.xn--rger-koa.d.example"},
3728 /*valid_emails=*/{},
3729 /*invalid_emails=*/{},
3730 /*flags=*/0,
3731 },
3732
3733 // For now, DNS names are also extracted out of the common name, but only
3734 // there is no SAN list.
3735 // TODO(https://crbug.com/boringssl/464): Remove this.
3736 {
3737 /*cert_subject=*/{{NID_commonName, "a.example"},
3738 {NID_commonName, "*.b.example"}},
3739 /*cert_dns_names=*/{},
3740 /*cert_emails=*/{},
3741 /*valid_dns_names=*/
3742 {"a.example", "A.EXAMPLE", "test.b.example", "TEST.B.EXAMPLE"},
3743 /*invalid_dns_names=*/{},
3744 /*valid_emails=*/{},
3745 /*invalid_emails=*/{},
3746 /*flags=*/0,
3747 },
3748 {
3749 /*cert_subject=*/{{NID_commonName, "a.example"},
3750 {NID_commonName, "*.b.example"}},
3751 /*cert_dns_names=*/{"example.com"},
3752 /*cert_emails=*/{},
3753 /*valid_dns_names=*/{},
3754 /*invalid_dns_names=*/
3755 {"a.example", "A.EXAMPLE", "test.b.example", "TEST.B.EXAMPLE"},
3756 /*valid_emails=*/{},
3757 /*invalid_emails=*/{},
3758 /*flags=*/0,
3759 },
3760
3761 // Other subject RDNs do not provide DNS names.
3762 {
3763 /*cert_subject=*/{{NID_organizationName, "example.com"}},
3764 /*cert_dns_names=*/{},
3765 /*cert_emails=*/{},
3766 /*valid_dns_names=*/{},
3767 /*invalid_dns_names=*/{"example.com"},
3768 /*valid_emails=*/{},
3769 /*invalid_emails=*/{},
3770 /*flags=*/0,
3771 },
3772
3773 // Input DNS names cannot have wildcards.
3774 {
3775 /*cert_subject=*/{},
3776 /*cert_dns_names=*/{"www.example.com"},
3777 /*cert_emails=*/{},
3778 /*valid_dns_names=*/{},
3779 /*invalid_dns_names=*/{"*.example.com"},
3780 /*valid_emails=*/{},
3781 /*invalid_emails=*/{},
3782 /*flags=*/0,
3783 },
3784
3785 // OpenSSL has some non-standard wildcard syntax for input DNS names. We
3786 // do not support this.
3787 {
3788 /*cert_subject=*/{},
3789 /*cert_dns_names=*/{"www.a.example", "*.b.test"},
3790 /*cert_emails=*/{},
3791 /*valid_dns_names=*/{},
3792 /*invalid_dns_names=*/
3793 {".www.a.example", ".www.b.test", ".a.example", ".b.test", ".example",
3794 ".test"},
3795 /*valid_emails=*/{},
3796 /*invalid_emails=*/{},
3797 /*flags=*/0,
3798 },
3799
3800 // Emails match case-sensitively before the '@' and case-insensitively
3801 // after. They do not match DNS names.
3802 {
3803 /*cert_subject=*/{},
3804 /*cert_dns_names=*/{},
3805 /*cert_emails=*/{"test@a.example", "TEST@B.EXAMPLE"},
3806 /*valid_dns_names=*/{},
3807 /*invalid_dns_names=*/{"a.example", "b.example"},
3808 /*valid_emails=*/
3809 {"test@a.example", "test@A.EXAMPLE", "TEST@b.example",
3810 "TEST@B.EXAMPLE"},
3811 /*invalid_emails=*/
3812 {"TEST@a.example", "test@B.EXAMPLE", "another-test@a.example",
3813 "est@a.example"},
3814 /*flags=*/0,
3815 },
3816
3817 // Emails may also be found in the subject.
3818 {
3819 /*cert_subject=*/{{NID_pkcs9_emailAddress, "test@a.example"},
3820 {NID_pkcs9_emailAddress, "TEST@B.EXAMPLE"}},
3821 /*cert_dns_names=*/{},
3822 /*cert_emails=*/{},
3823 /*valid_dns_names=*/{},
3824 /*invalid_dns_names=*/{"a.example", "b.example"},
3825 /*valid_emails=*/
3826 {"test@a.example", "test@A.EXAMPLE", "TEST@b.example",
3827 "TEST@B.EXAMPLE"},
3828 /*invalid_emails=*/
3829 {"TEST@a.example", "test@B.EXAMPLE", "another-test@a.example",
3830 "est@a.example"},
3831 /*flags=*/0,
3832 },
3833
3834 // There are no email wildcard names.
3835 {
3836 /*cert_subject=*/{},
3837 /*cert_dns_names=*/{},
3838 /*cert_emails=*/{"test@*.a.example", "@b.example", "*@c.example"},
3839 /*valid_dns_names=*/{},
3840 /*invalid_dns_names=*/{},
3841 /*valid_emails=*/{},
3842 /*invalid_emails=*/
3843 {"test@test.a.example", "test@b.example", "test@c.example"},
3844 /*flags=*/0,
3845 },
3846
3847 // Unrelated RDNs can be skipped when looking in the subject.
3848 {
3849 /*cert_subject=*/{{NID_organizationName, "Acme Corporation"},
3850 {NID_commonName, "a.example"},
3851 {NID_pkcs9_emailAddress, "test@b.example"},
3852 {NID_countryName, "US"}},
3853 /*cert_dns_names=*/{},
3854 /*cert_emails=*/{},
3855 /*valid_dns_names=*/{"a.example"},
3856 /*invalid_dns_names=*/{},
3857 /*valid_emails=*/{"test@b.example"},
3858 /*invalid_emails=*/{},
3859 /*flags=*/0,
3860 },
3861 };
3862
3863 size_t i = 0;
3864 for (const auto &t : kTests) {
3865 SCOPED_TRACE(i++);
3866
3867 // Issue a test certificate.
3868 bssl::UniquePtr<X509> cert =
3869 MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
3870 ASSERT_TRUE(cert);
3871 if (!t.cert_subject.empty()) {
3872 bssl::UniquePtr<X509_NAME> subject(X509_NAME_new());
3873 ASSERT_TRUE(subject);
3874 for (const auto &entry : t.cert_subject) {
3875 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
3876 subject.get(), entry.first, MBSTRING_ASC,
3877 reinterpret_cast<const unsigned char *>(entry.second.data()),
3878 entry.second.size(), /*loc=*/-1, /*set=*/0));
3879 }
3880 ASSERT_TRUE(X509_set_subject_name(cert.get(), subject.get()));
3881 }
3882 bssl::UniquePtr<GENERAL_NAMES> sans(sk_GENERAL_NAME_new_null());
3883 ASSERT_TRUE(sans);
3884 for (const auto &dns : t.cert_dns_names) {
3885 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
3886 ASSERT_TRUE(name);
3887 name->type = GEN_DNS;
3888 name->d.dNSName = ASN1_IA5STRING_new();
3889 ASSERT_TRUE(name->d.dNSName);
3890 ASSERT_TRUE(ASN1_STRING_set(name->d.dNSName, dns.data(), dns.size()));
3891 ASSERT_TRUE(bssl::PushToStack(sans.get(), std::move(name)));
3892 }
3893 for (const auto &email : t.cert_emails) {
3894 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
3895 ASSERT_TRUE(name);
3896 name->type = GEN_EMAIL;
3897 name->d.rfc822Name = ASN1_IA5STRING_new();
3898 ASSERT_TRUE(name->d.rfc822Name);
3899 ASSERT_TRUE(
3900 ASN1_STRING_set(name->d.rfc822Name, email.data(), email.size()));
3901 ASSERT_TRUE(bssl::PushToStack(sans.get(), std::move(name)));
3902 }
3903 if (sk_GENERAL_NAME_num(sans.get()) != 0) {
3904 ASSERT_TRUE(X509_add1_ext_i2d(cert.get(), NID_subject_alt_name,
3905 sans.get(), /*crit=*/0, /*flags=*/0));
3906 }
3907 ASSERT_TRUE(X509_sign(cert.get(), key.get(), EVP_sha256()));
3908
3909 for (const auto &dns : t.valid_dns_names) {
3910 SCOPED_TRACE(dns);
3911 EXPECT_EQ(1, X509_check_host(cert.get(), dns.data(), dns.size(), t.flags,
3912 /*peername=*/nullptr));
3913 EXPECT_EQ(X509_V_OK,
3914 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
3915 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
3916 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(
3917 param, dns.data(), dns.size()));
3918 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
3919 }));
3920 }
3921
3922 for (const auto &dns : t.invalid_dns_names) {
3923 SCOPED_TRACE(dns);
3924 EXPECT_EQ(0, X509_check_host(cert.get(), dns.data(), dns.size(), t.flags,
3925 /*peername=*/nullptr));
3926 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3927 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
3928 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
3929 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(
3930 param, dns.data(), dns.size()));
3931 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
3932 }));
3933 }
3934
3935 for (const auto &email : t.valid_emails) {
3936 SCOPED_TRACE(email);
3937 EXPECT_EQ(
3938 1, X509_check_email(cert.get(), email.data(), email.size(), t.flags));
3939 EXPECT_EQ(X509_V_OK,
3940 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
3941 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
3942 ASSERT_TRUE(X509_VERIFY_PARAM_set1_email(
3943 param, email.data(), email.size()));
3944 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
3945 }));
3946 }
3947
3948 for (const auto &email : t.invalid_emails) {
3949 SCOPED_TRACE(email);
3950 EXPECT_EQ(
3951 0, X509_check_email(cert.get(), email.data(), email.size(), t.flags));
3952 EXPECT_EQ(X509_V_ERR_EMAIL_MISMATCH,
3953 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
3954 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
3955 ASSERT_TRUE(X509_VERIFY_PARAM_set1_email(
3956 param, email.data(), email.size()));
3957 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
3958 }));
3959 }
3960 }
3961 }
3962
TEST(X509Test,AddDuplicates)3963 TEST(X509Test, AddDuplicates) {
3964 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
3965 bssl::UniquePtr<X509> a(CertFromPEM(kCrossSigningRootPEM));
3966 bssl::UniquePtr<X509> b(CertFromPEM(kRootCAPEM));
3967
3968 ASSERT_TRUE(store);
3969 ASSERT_TRUE(a);
3970 ASSERT_TRUE(b);
3971
3972 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
3973 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
3974 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
3975 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
3976 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
3977 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
3978
3979 EXPECT_EQ(sk_X509_OBJECT_num(X509_STORE_get0_objects(store.get())), 2u);
3980 }
3981
TEST(X509Test,BytesToHex)3982 TEST(X509Test, BytesToHex) {
3983 struct {
3984 std::vector<uint8_t> bytes;
3985 const char *hex;
3986 } kTests[] = {
3987 {{}, ""},
3988 {{0x00}, "00"},
3989 {{0x00, 0x11, 0x22}, "00:11:22"},
3990 {{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
3991 "01:23:45:67:89:AB:CD:EF"},
3992 };
3993 for (const auto &t : kTests) {
3994 SCOPED_TRACE(Bytes(t.bytes));
3995 bssl::UniquePtr<char> hex(
3996 x509v3_bytes_to_hex(t.bytes.data(), t.bytes.size()));
3997 ASSERT_TRUE(hex);
3998 EXPECT_STREQ(hex.get(), t.hex);
3999 }
4000 }
4001
TEST(X509Test,NamePrint)4002 TEST(X509Test, NamePrint) {
4003 // kTestName is a DER-encoded X.509 that covers many cases.
4004 //
4005 // SEQUENCE {
4006 // SET {
4007 // SEQUENCE {
4008 // # countryName
4009 // OBJECT_IDENTIFIER { 2.5.4.6 }
4010 // PrintableString { "US" }
4011 // }
4012 // }
4013 // # Sets may be multi-valued, with different attributes. Try to keep this
4014 // # in DER set order, in case we ever enforce this in the parser.
4015 // SET {
4016 // SEQUENCE {
4017 // # stateOrProvinceName
4018 // OBJECT_IDENTIFIER { 2.5.4.8 }
4019 // PrintableString { "Some State" }
4020 // }
4021 // SEQUENCE {
4022 // # stateOrProvinceName
4023 // OBJECT_IDENTIFIER { 2.5.4.8 }
4024 // UTF8String { "Some Other State \xe2\x98\x83" }
4025 // }
4026 // SEQUENCE {
4027 // # stateOrProvinceName
4028 // OBJECT_IDENTIFIER { 2.5.4.8 }
4029 // BMPString { u"Another State \u2603" }
4030 // }
4031 // SEQUENCE {
4032 // # A custom OID
4033 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
4034 // UniversalString { U"\u2603" }
4035 // }
4036 // }
4037 // # Custom OIDs may have non-string values.
4038 // SET {
4039 // SEQUENCE {
4040 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.3 }
4041 // SEQUENCE { INTEGER { 1 } INTEGER { 2 } }
4042 // }
4043 // }
4044 // SET {
4045 // SEQUENCE {
4046 // # organizationName
4047 // OBJECT_IDENTIFIER { 2.5.4.10 }
4048 // PrintableString { "Org Name" }
4049 // }
4050 // }
4051 // SET {
4052 // SEQUENCE {
4053 // # commonName
4054 // OBJECT_IDENTIFIER { 2.5.4.3 }
4055 // # Embed common delimiter forms to test how well they get escaped.
4056 // UTF8String { "Common
4057 // Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\nCN=A\n" }
4058 // }
4059 // }
4060 // SET {
4061 // SEQUENCE {
4062 // # commonName
4063 // OBJECT_IDENTIFIER { 2.5.4.3 }
4064 // # Test escaping of leading and trailing spaces.
4065 // UTF8String { " spaces " }
4066 // }
4067 // }
4068 static const uint8_t kTestName[] = {
4069 0x30, 0x82, 0x01, 0x00, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
4070 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x6d, 0x30, 0x11, 0x06, 0x03, 0x55,
4071 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x20, 0x53, 0x74, 0x61,
4072 0x74, 0x65, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x14, 0x53,
4073 0x6f, 0x6d, 0x65, 0x20, 0x4f, 0x74, 0x68, 0x65, 0x72, 0x20, 0x53, 0x74,
4074 0x61, 0x74, 0x65, 0x20, 0xe2, 0x98, 0x83, 0x30, 0x25, 0x06, 0x03, 0x55,
4075 0x04, 0x08, 0x1e, 0x1e, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x74,
4076 0x00, 0x68, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, 0x53, 0x00, 0x74,
4077 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x26, 0x03, 0x30, 0x14,
4078 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
4079 0x09, 0x02, 0x1c, 0x04, 0x00, 0x00, 0x26, 0x03, 0x31, 0x18, 0x30, 0x16,
4080 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
4081 0x09, 0x03, 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x02, 0x31, 0x11,
4082 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x4f, 0x72, 0x67,
4083 0x20, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x42, 0x30, 0x40, 0x06, 0x03, 0x55,
4084 0x04, 0x03, 0x0c, 0x39, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x20, 0x4e,
4085 0x61, 0x6d, 0x65, 0x2f, 0x43, 0x4e, 0x3d, 0x41, 0x2f, 0x43, 0x4e, 0x3d,
4086 0x42, 0x2c, 0x43, 0x4e, 0x3d, 0x41, 0x2c, 0x43, 0x4e, 0x3d, 0x42, 0x2b,
4087 0x43, 0x4e, 0x3d, 0x41, 0x2b, 0x43, 0x4e, 0x3d, 0x42, 0x3b, 0x43, 0x4e,
4088 0x3d, 0x41, 0x3b, 0x43, 0x4e, 0x3d, 0x42, 0x0a, 0x43, 0x4e, 0x3d, 0x41,
4089 0x0a, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08,
4090 0x20, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x20};
4091
4092 const uint8_t *ptr = kTestName;
4093 bssl::UniquePtr<X509_NAME> name(
4094 d2i_X509_NAME(nullptr, &ptr, sizeof(kTestName)));
4095 ASSERT_TRUE(name);
4096 EXPECT_EQ(ptr, kTestName + sizeof(kTestName));
4097
4098 struct {
4099 int indent;
4100 unsigned long flags;
4101 std::string printed;
4102 } kTests[] = {
4103 // RFC 2253 uses , and + separators and encodes the RDNs in reverse.
4104 // OpenSSL's implementation additionally happens to reverse the values
4105 // within each RDN. RFC 2253 says any order is permissible.
4106 {/*indent=*/0,
4107 /*flags=*/XN_FLAG_RFC2253,
4108 "CN=\\ spaces\\ ,"
4109 "CN=Common "
4110 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A,"
4111 "O=Org Name,"
4112 "1.2.840.113554.4.1.72585.3=#3006020101020102,"
4113 "1.2.840.113554.4.1.72585.2=#1C0400002603+"
4114 "ST=Another State \\E2\\98\\83+"
4115 "ST=Some Other State \\E2\\98\\83+"
4116 "ST=Some State,"
4117 "C=US"},
4118 {/*indent=*/2,
4119 /*flags=*/XN_FLAG_RFC2253,
4120 " "
4121 "CN=\\ spaces\\ ,"
4122 "CN=Common "
4123 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A,"
4124 "O=Org Name,"
4125 "1.2.840.113554.4.1.72585.3=#3006020101020102,"
4126 "1.2.840.113554.4.1.72585.2=#1C0400002603+"
4127 "ST=Another State \\E2\\98\\83+"
4128 "ST=Some Other State \\E2\\98\\83+"
4129 "ST=Some State,"
4130 "C=US"},
4131 // |XN_FLAG_ONELINE| is an OpenSSL-specific single-line format. It also
4132 // omits |XN_FLAG_DUMP_UNKNOWN_FIELDS|, so unknown OIDs that use known
4133 // string types will still be decoded. (This may drop important
4134 // information if the unknown OID distinguishes between string types.) It
4135 // also passes |ASN1_STRFLGS_ESC_QUOTE|.
4136 {/*indent=*/0,
4137 /*flags=*/XN_FLAG_ONELINE,
4138 "C = US, "
4139 "ST = Some State + "
4140 "ST = Some Other State \\E2\\98\\83 + "
4141 "ST = Another State \\E2\\98\\83 + "
4142 "1.2.840.113554.4.1.72585.2 = \\E2\\98\\83, "
4143 "1.2.840.113554.4.1.72585.3 = #3006020101020102, "
4144 "O = Org Name, "
4145 "CN = \"Common "
4146 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\", "
4147 "CN = \" spaces \""},
4148 // |XN_FLAG_MULTILINE| is an OpenSSL-specific multi-line format that tries
4149 // to vertically align the equal sizes. The vertical alignment doesn't
4150 // quite handle multi-valued RDNs right and uses a non-RFC-2253 escaping.
4151 {/*indent=*/0,
4152 /*flags=*/XN_FLAG_MULTILINE,
4153 "countryName = US\n"
4154 "stateOrProvinceName = Some State + "
4155 "stateOrProvinceName = Some Other State \\U2603 + "
4156 "stateOrProvinceName = Another State \\U2603 + "
4157 "1.2.840.113554.4.1.72585.2 = \\U2603\n"
4158 "1.2.840.113554.4.1.72585.3 = 0\\06\\02\\01\\01\\02\\01\\02\n"
4159 "organizationName = Org Name\n"
4160 "commonName = Common "
4161 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\n"
4162 "commonName = spaces "},
4163 // The multiline format indents every line.
4164 {/*indent=*/2,
4165 /*flags=*/XN_FLAG_MULTILINE,
4166 " countryName = US\n"
4167 " stateOrProvinceName = Some State + "
4168 "stateOrProvinceName = Some Other State \\U2603 + "
4169 "stateOrProvinceName = Another State \\U2603 + "
4170 "1.2.840.113554.4.1.72585.2 = \\U2603\n"
4171 " 1.2.840.113554.4.1.72585.3 = 0\\06\\02\\01\\01\\02\\01\\02\n"
4172 " organizationName = Org Name\n"
4173 " commonName = Common "
4174 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\n"
4175 " commonName = spaces "},
4176 // Callers can also customize the output, wuith both |XN_FLAG_*| and
4177 // |ASN1_STRFLGS_*|. |XN_FLAG_SEP_SPLUS_SPC| uses semicolon separators and
4178 // |XN_FLAG_FN_OID| forces OIDs.
4179 {/*indent=*/0,
4180 /*flags=*/XN_FLAG_SEP_SPLUS_SPC | XN_FLAG_FN_OID | ASN1_STRFLGS_RFC2253 |
4181 ASN1_STRFLGS_ESC_QUOTE,
4182 "2.5.4.6=US; "
4183 "2.5.4.8=Some State + "
4184 "2.5.4.8=Some Other State \\E2\\98\\83 + "
4185 "2.5.4.8=Another State \\E2\\98\\83 + "
4186 "1.2.840.113554.4.1.72585.2=\\E2\\98\\83; "
4187 "1.2.840.113554.4.1.72585.3=#3006020101020102; "
4188 "2.5.4.10=Org Name; "
4189 "2.5.4.3=\"Common "
4190 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\"; "
4191 "2.5.4.3=\" spaces \""},
4192 // |XN_FLAG_COMPAT| matches |X509_NAME_print|, rather than
4193 // |X509_NAME_print_ex|.
4194 //
4195 // TODO(davidben): This works by post-processing the output of
4196 // |X509_NAME_oneline|, which uses "/"" separators, and replacing with
4197 // ", ". The escaping is ambiguous and the post-processing is buggy, so
4198 // some of the trailing slashes are still present and some internal
4199 // slashes are mis-converted.
4200 {/*indent=*/0,
4201 /*flags=*/XN_FLAG_COMPAT,
4202 "C=US, "
4203 "ST=Some State, "
4204 "ST=Some Other State \\xE2\\x98\\x83, "
4205 "ST=\\x00A\\x00n\\x00o\\x00t\\x00h\\x00e\\x00r\\x00 "
4206 "\\x00S\\x00t\\x00a\\x00t\\x00e\\x00 &\\x03/"
4207 "1.2.840.113554.4.1.72585.2=\\x00\\x00&\\x03/"
4208 "1.2.840.113554.4.1.72585.3=0\\x06\\x02\\x01\\x01\\x02\\x01\\x02, "
4209 "O=Org Name, "
4210 "CN=Common Name, "
4211 "CN=A, CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\x0ACN=A\\x0A, "
4212 "CN= spaces "},
4213 };
4214 for (const auto &t : kTests) {
4215 SCOPED_TRACE(t.printed);
4216 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
4217 ASSERT_TRUE(bio);
4218 int len = X509_NAME_print_ex(bio.get(), name.get(), t.indent, t.flags);
4219 ASSERT_GT(len, 0);
4220
4221 const uint8_t *printed;
4222 size_t printed_len;
4223 ASSERT_TRUE(BIO_mem_contents(bio.get(), &printed, &printed_len));
4224 EXPECT_EQ(std::string(printed, printed + printed_len), t.printed);
4225 if (t.flags != XN_FLAG_COMPAT) {
4226 // TODO(davidben): |XN_FLAG_COMPAT| does not return the length.
4227 EXPECT_EQ(static_cast<size_t>(len), printed_len);
4228
4229 // Passing a null |BIO| measures the output instead.
4230 len = X509_NAME_print_ex(nullptr, name.get(), t.indent, t.flags);
4231 EXPECT_GT(len, 0);
4232 EXPECT_EQ(static_cast<size_t>(len), printed_len);
4233 }
4234 }
4235
4236 // TODO(davidben): This escapes the underlying bytes in the string, but that
4237 // is ambiguous without capturing the type. Should this escape like
4238 // |ASN1_STRFLGS_UTF8_CONVERT| instead?
4239 static const char *kOnelineComponents[] = {
4240 "/C=US",
4241 "/ST=Some State",
4242 "/ST=Some Other State \\xE2\\x98\\x83",
4243 "/ST=\\x00A\\x00n\\x00o\\x00t\\x00h\\x00e\\x00r\\x00 "
4244 "\\x00S\\x00t\\x00a\\x00t\\x00e\\x00 &\\x03",
4245 "/1.2.840.113554.4.1.72585.2=\\x00\\x00&\\x03",
4246 "/1.2.840.113554.4.1.72585.3=0\\x06\\x02\\x01\\x01\\x02\\x01\\x02",
4247 "/O=Org Name",
4248 "/CN=Common Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\x0ACN=A\\x0A",
4249 "/CN= spaces ",
4250 };
4251 std::string oneline_expected;
4252 for (const auto& component : kOnelineComponents) {
4253 oneline_expected += component;
4254 }
4255
4256 // Given null buffer, |X509_NAME_oneline| allocates a new output.
4257 bssl::UniquePtr<char> oneline(X509_NAME_oneline(name.get(), nullptr, 0));
4258 ASSERT_TRUE(oneline);
4259 EXPECT_EQ(oneline.get(), oneline_expected);
4260
4261 // Otherwise it writes to the specified buffer. Note one extra byte is needed
4262 // for the trailing NUL.
4263 char buf[1024];
4264 ASSERT_GE(sizeof(buf), oneline_expected.size() + 2);
4265 ASSERT_EQ(buf,
4266 X509_NAME_oneline(name.get(), buf, oneline_expected.size() + 1));
4267 EXPECT_EQ(buf, oneline_expected);
4268
4269 memset(buf, 'a', sizeof(buf));
4270 ASSERT_EQ(buf,
4271 X509_NAME_oneline(name.get(), buf, oneline_expected.size() + 2));
4272 EXPECT_EQ(buf, oneline_expected);
4273
4274 // If the length is too small, |X509_NAME_oneline| truncates at name
4275 // entry boundaries.
4276 EXPECT_EQ(nullptr, X509_NAME_oneline(name.get(), buf, 0));
4277 for (size_t len = 1; len < oneline_expected.size(); len++) {
4278 SCOPED_TRACE(len);
4279 memset(buf, 'a', sizeof(buf));
4280 EXPECT_EQ(buf, X509_NAME_oneline(name.get(), buf, len));
4281
4282 std::string truncated;
4283 for (const auto& component : kOnelineComponents) {
4284 if (truncated.size() + strlen(component) + 1 > len) {
4285 break;
4286 }
4287 truncated += component;
4288 }
4289 EXPECT_EQ(buf, truncated);
4290 }
4291 }
4292
4293 // kLargeSerialPEM is a certificate with a large serial number.
4294 static const char kLargeSerialPEM[] = R"(
4295 -----BEGIN CERTIFICATE-----
4296 MIICZjCCAc+gAwIBAgIQASNFZ4mrze8BI0VniavN7zANBgkqhkiG9w0BAQsFADA2
4297 MRowGAYDVQQKExFCb3JpbmdTU0wgVEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRp
4298 YXRlIENBMCAXDTE1MDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAyMRowGAYD
4299 VQQKExFCb3JpbmdTU0wgVEVTVElORzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wgZ8w
4300 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPRTRliCpKEnug6OzI0rJVcQep5p+aT
4301 9sCg+pj+HVyg/DYTwqZ6qJRKhM+MbkhdJuU7FyqlsBeCeM/OjwMjcY0yEB/xJg1i
4302 ygfuBztTLuPnHxtSuKwae5MeqSofp3j97sRMnuLcKlHxu8rXoOCAS9BO50uKnPwU
4303 Ee1iEVqR92FPAgMBAAGjdzB1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
4304 BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAZBgNVHQ4EEgQQo3mm9u6v
4305 uaVeN4wRgDTidTAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
4306 DQEBCwUAA4GBAGP+n4kKGn/8uddYLWTXbUsz+KLuEXNDMyu3vRufLjTpIbP2MCNo
4307 85fhLeC3fzKuGOk+6QGVLOBBcWDrrLqrmqnWdBMPULDo2QoF71a4GVjeJh+ax/tZ
4308 PyeGVPUK21TE0LDIxf2a11d1CJw582MgZQIPk4tXk+AcU9EqIceKgECG
4309 -----END CERTIFICATE-----
4310 )";
4311
TEST(X509Test,Print)4312 TEST(X509Test, Print) {
4313 bssl::UniquePtr<X509> cert(CertFromPEM(kLargeSerialPEM));
4314 ASSERT_TRUE(cert);
4315
4316 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
4317 ASSERT_TRUE(bio);
4318 EXPECT_TRUE(X509_print_ex(bio.get(), cert.get(), 0, 0));
4319 // Nothing should be left in the error queue.
4320 EXPECT_EQ(0u, ERR_peek_error());
4321
4322 // This output is not guaranteed to be stable, but we assert on it to make
4323 // sure something is printed.
4324 const uint8_t *data;
4325 size_t data_len;
4326 ASSERT_TRUE(BIO_mem_contents(bio.get(), &data, &data_len));
4327 std::string print(reinterpret_cast<const char*>(data), data_len);
4328 EXPECT_EQ(print, R"(Certificate:
4329 Data:
4330 Version: 3 (0x2)
4331 Serial Number:
4332 01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef
4333 Signature Algorithm: sha256WithRSAEncryption
4334 Issuer: O=BoringSSL TESTING, CN=Intermediate CA
4335 Validity
4336 Not Before: Jan 1 00:00:00 2015 GMT
4337 Not After : Jan 1 00:00:00 2100 GMT
4338 Subject: O=BoringSSL TESTING, CN=example.com
4339 Subject Public Key Info:
4340 Public Key Algorithm: rsaEncryption
4341 Public-Key: (1024 bit)
4342 Modulus:
4343 00:c3:d1:4d:19:62:0a:92:84:9e:e8:3a:3b:32:34:
4344 ac:95:5c:41:ea:79:a7:e6:93:f6:c0:a0:fa:98:fe:
4345 1d:5c:a0:fc:36:13:c2:a6:7a:a8:94:4a:84:cf:8c:
4346 6e:48:5d:26:e5:3b:17:2a:a5:b0:17:82:78:cf:ce:
4347 8f:03:23:71:8d:32:10:1f:f1:26:0d:62:ca:07:ee:
4348 07:3b:53:2e:e3:e7:1f:1b:52:b8:ac:1a:7b:93:1e:
4349 a9:2a:1f:a7:78:fd:ee:c4:4c:9e:e2:dc:2a:51:f1:
4350 bb:ca:d7:a0:e0:80:4b:d0:4e:e7:4b:8a:9c:fc:14:
4351 11:ed:62:11:5a:91:f7:61:4f
4352 Exponent: 65537 (0x10001)
4353 X509v3 extensions:
4354 X509v3 Key Usage: critical
4355 Digital Signature, Key Encipherment
4356 X509v3 Extended Key Usage:
4357 TLS Web Server Authentication, TLS Web Client Authentication
4358 X509v3 Basic Constraints: critical
4359 CA:FALSE
4360 X509v3 Subject Key Identifier:
4361 A3:79:A6:F6:EE:AF:B9:A5:5E:37:8C:11:80:34:E2:75
4362 X509v3 Authority Key Identifier:
4363 keyid:8C:1A:68:A8:B5:76:DB:5D:57:7B:1F:8D:14:B2:06:A3
4364
4365 Signature Algorithm: sha256WithRSAEncryption
4366 63:fe:9f:89:0a:1a:7f:fc:b9:d7:58:2d:64:d7:6d:4b:33:f8:
4367 a2:ee:11:73:43:33:2b:b7:bd:1b:9f:2e:34:e9:21:b3:f6:30:
4368 23:68:f3:97:e1:2d:e0:b7:7f:32:ae:18:e9:3e:e9:01:95:2c:
4369 e0:41:71:60:eb:ac:ba:ab:9a:a9:d6:74:13:0f:50:b0:e8:d9:
4370 0a:05:ef:56:b8:19:58:de:26:1f:9a:c7:fb:59:3f:27:86:54:
4371 f5:0a:db:54:c4:d0:b0:c8:c5:fd:9a:d7:57:75:08:9c:39:f3:
4372 63:20:65:02:0f:93:8b:57:93:e0:1c:53:d1:2a:21:c7:8a:80:
4373 40:86
4374 )");
4375 }
4376