diff options
Diffstat (limited to 'src/crypto/x509/x509_test.cc')
-rw-r--r-- | src/crypto/x509/x509_test.cc | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc index 38414e99..b201afe9 100644 --- a/src/crypto/x509/x509_test.cc +++ b/src/crypto/x509/x509_test.cc @@ -3524,6 +3524,20 @@ BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQB -----END CERTIFICATE----- )"; +// kHighTagNumber is an X.509 certificate where the outermost SEQUENCE tag uses +// high tag number form. +static const char kHighTagNumber[] = R"( +-----BEGIN CERTIFICATE----- +PxCCASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz +dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep +Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO +MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq +cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk +soBsxWI= +-----END CERTIFICATE----- +)"; + TEST(X509Test, BER) { // Constructed strings are forbidden in DER. EXPECT_FALSE(CertFromPEM(kConstructedBitString)); @@ -3532,6 +3546,9 @@ TEST(X509Test, BER) { EXPECT_FALSE(CertFromPEM(kIndefiniteLength)); // Padding bits in BIT STRINGs must be zero in BER. EXPECT_FALSE(CertFromPEM(kNonZeroPadding)); + // Tags must be minimal in both BER and DER, though many BER decoders + // incorrectly support non-minimal tags. + EXPECT_FALSE(CertFromPEM(kHighTagNumber)); } TEST(X509Test, Names) { @@ -3874,3 +3891,23 @@ TEST(X509Test, AddDuplicates) { EXPECT_EQ(sk_X509_OBJECT_num(X509_STORE_get0_objects(store.get())), 2u); } + +TEST(X509Test, BytesToHex) { + struct { + std::vector<uint8_t> bytes; + const char *hex; + } kTests[] = { + {{}, ""}, + {{0x00}, "00"}, + {{0x00, 0x11, 0x22}, "00:11:22"}, + {{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, + "01:23:45:67:89:AB:CD:EF"}, + }; + for (const auto &t : kTests) { + SCOPED_TRACE(Bytes(t.bytes)); + bssl::UniquePtr<char> hex( + x509v3_bytes_to_hex(t.bytes.data(), t.bytes.size())); + ASSERT_TRUE(hex); + EXPECT_STREQ(hex.get(), t.hex); + } +} |