1 // Copyright 2013 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 package org.chromium.net; 6 7 import static org.chromium.net.test.util.CertTestUtil.CERTS_DIRECTORY; 8 9 import androidx.test.filters.MediumTest; 10 11 import org.junit.After; 12 import org.junit.Assert; 13 import org.junit.Test; 14 import org.junit.runner.RunWith; 15 16 import org.chromium.base.test.BaseJUnit4ClassRunner; 17 import org.chromium.base.test.util.Batch; 18 import org.chromium.net.test.util.CertTestUtil; 19 20 import java.io.IOException; 21 import java.io.RandomAccessFile; 22 import java.security.GeneralSecurityException; 23 import java.util.Arrays; 24 25 /** Tests for org.chromium.net.X509Util. */ 26 @RunWith(BaseJUnit4ClassRunner.class) 27 @Batch(Batch.UNIT_TESTS) 28 public class X509UtilTest { 29 private static final String BAD_EKU_TEST_ROOT = "eku-test-root.pem"; 30 private static final String CRITICAL_CODE_SIGNING_EE = "crit-codeSigning-chain.pem"; 31 private static final String NON_CRITICAL_CODE_SIGNING_EE = "non-crit-codeSigning-chain.pem"; 32 private static final String WEB_CLIENT_AUTH_EE = "invalid_key_usage_cert.der"; 33 private static final String OK_CERT = "ok_cert.pem"; 34 private static final String GOOD_ROOT_CA = "root_ca_cert.pem"; 35 readFileBytes(String pathname)36 private static byte[] readFileBytes(String pathname) throws IOException { 37 RandomAccessFile file = new RandomAccessFile(pathname, "r"); 38 byte[] bytes = new byte[(int) file.length()]; 39 int bytesRead = file.read(bytes); 40 if (bytesRead != bytes.length) { 41 return Arrays.copyOfRange(bytes, 0, bytesRead); 42 } 43 return bytes; 44 } 45 46 @After tearDown()47 public void tearDown() { 48 try { 49 X509Util.clearTestRootCertificates(); 50 } catch (Exception e) { 51 Assert.fail("Could not clear test root certificates: " + e.toString()); 52 } 53 } 54 55 @Test 56 @MediumTest testEkusVerified()57 public void testEkusVerified() throws GeneralSecurityException, IOException { 58 X509Util.addTestRootCertificate(CertTestUtil.pemToDer(CERTS_DIRECTORY + BAD_EKU_TEST_ROOT)); 59 X509Util.addTestRootCertificate(CertTestUtil.pemToDer(CERTS_DIRECTORY + GOOD_ROOT_CA)); 60 61 Assert.assertFalse( 62 X509Util.verifyKeyUsage( 63 X509Util.createCertificateFromBytes( 64 CertTestUtil.pemToDer( 65 CERTS_DIRECTORY + CRITICAL_CODE_SIGNING_EE)))); 66 67 Assert.assertFalse( 68 X509Util.verifyKeyUsage( 69 X509Util.createCertificateFromBytes( 70 CertTestUtil.pemToDer( 71 CERTS_DIRECTORY + NON_CRITICAL_CODE_SIGNING_EE)))); 72 73 Assert.assertFalse( 74 X509Util.verifyKeyUsage( 75 X509Util.createCertificateFromBytes( 76 readFileBytes(CERTS_DIRECTORY + WEB_CLIENT_AUTH_EE)))); 77 78 Assert.assertTrue( 79 X509Util.verifyKeyUsage( 80 X509Util.createCertificateFromBytes( 81 CertTestUtil.pemToDer(CERTS_DIRECTORY + OK_CERT)))); 82 } 83 } 84