//////////////////////////////////////////////////////////////////////////////// // Copyright 2017 Google LLC. // // This software is licensed under the terms defined in the Widevine Master // License Agreement. For a copy of this agreement, please contact // widevine-licensing@google.com. //////////////////////////////////////////////////////////////////////////////// #include #include "testing/gunit.h" #include "absl/strings/escaping.h" #include "common/rsa_key.h" #include "common/test_utils.h" #include "common/x509_cert.h" namespace widevine { const char kTestRootCaDerCert[] = "30820403308202eba003020102020900a24f94af7ae6831f300d06092a86" "4886f70d0101050500308197310b30090603550406130255533113301106" "035504080c0a57617368696e67746f6e3111300f06035504070c084b6972" "6b6c616e6431133011060355040a0c0a476f6f676c6520496e633111300f" "060355040b0c085769646576696e653115301306035504030c0c54657374" "20526f6f742043413121301f06092a864886f70d010901161274696e736b" "697040676f6f676c652e636f6d301e170d3133303831363030353731305a" "170d3333303831353030353731305a308197310b30090603550406130255" "533113301106035504080c0a57617368696e67746f6e3111300f06035504" "070c084b69726b6c616e6431133011060355040a0c0a476f6f676c652049" "6e633111300f060355040b0c085769646576696e65311530130603550403" "0c0c5465737420526f6f742043413121301f06092a864886f70d01090116" "1274696e736b697040676f6f676c652e636f6d30820122300d06092a8648" "86f70d01010105000382010f003082010a0282010100c6eee629d99f7736" "2db5545ed1d6dfb3616c742c617d5fd48f2fbfcb3f2ec40a080bd04d551c" "e519471a8bb4ec5c2c75bf8a2d2caf3f85d90e9e39391dfbdaae68051319" "0da71b1b2ae4829a15c44bc1b19b17134844b94c6f06d9216333236574f3" "f11b0d10c3c621410e42630c57ce9e901057eda5c3c2203ee2ad805a0d93" "52fa91da45a6f4875b4524c193c42fd9048a10204e5b2c8203402ba760e7" "e1b4126c3e2ab4258f2bf28cd3170de8c738a6a1f4cfcc0649fa95f1414f" "d9d09dd4f511bc0a9bf3a5844a334d9e0a4b9525d2789be6abafe2d0cc20" "79dcf030ffa9be8ae3fe2cab4ebdfa494d48aa8c63264d31e2208a9c28f7" "3e0103ce164683bf0203010001a350304e301d0603551d0e041604144d30" "ff181ac4f10da99e6a12c01e02accadf840a301f0603551d230418301680" "144d30ff181ac4f10da99e6a12c01e02accadf840a300c0603551d130405" "30030101ff300d06092a864886f70d01010505000382010100779e9b98d3" "ec066f29862903a00e9c98259d987c04b9e6a2e6c3381ee59ec1dd0d7dee" "79da612e4dfaa3465c8916993ed7adebb27340de20ca101067f8342b2124" "ec0d5db531277b4653c3bc72b2a8daeae120e5348e1a338f6e68e7129436" "026e78024f04d766b132252ec152402dcec28174346aa0ba997d7f1af140" "ff025bec841f8039ba10d7cc098cf24554f8cbb2aa31875205c67df2f053" "0d8784faf63c4f945e62da374cad6155e6ae44f597bcff4566ea2aac4258" "e4ae81569c0eddd1df6929532b4538bd204b2ff5847cb46ac7383c96fe82" "d22de9a13c5092c92c297021c51a2a0a5250cf26c271ff262f25a7738ae4" "c270d87191c13aefdd177b"; const char kTestRootCaPemCert[] = "-----BEGIN CERTIFICATE-----\n" "MIIEAzCCAuugAwIBAgIJAKJPlK965oMfMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYD\n" "VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQx\n" "EzARBgNVBAoMCkdvb2dsZSBJbmMxETAPBgNVBAsMCFdpZGV2aW5lMRUwEwYDVQQD\n" "DAxUZXN0IFJvb3QgQ0ExITAfBgkqhkiG9w0BCQEWEnRpbnNraXBAZ29vZ2xlLmNv\n" "bTAeFw0xMzA4MTYwMDU3MTBaFw0zMzA4MTUwMDU3MTBaMIGXMQswCQYDVQQGEwJV\n" "UzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxEzARBgNV\n" "BAoMCkdvb2dsZSBJbmMxETAPBgNVBAsMCFdpZGV2aW5lMRUwEwYDVQQDDAxUZXN0\n" "IFJvb3QgQ0ExITAfBgkqhkiG9w0BCQEWEnRpbnNraXBAZ29vZ2xlLmNvbTCCASIw\n" "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbu5inZn3c2LbVUXtHW37NhbHQs\n" "YX1f1I8vv8s/LsQKCAvQTVUc5RlHGou07Fwsdb+KLSyvP4XZDp45OR372q5oBRMZ\n" "DacbGyrkgpoVxEvBsZsXE0hEuUxvBtkhYzMjZXTz8RsNEMPGIUEOQmMMV86ekBBX\n" "7aXDwiA+4q2AWg2TUvqR2kWm9IdbRSTBk8Qv2QSKECBOWyyCA0Arp2Dn4bQSbD4q\n" "tCWPK/KM0xcN6Mc4pqH0z8wGSfqV8UFP2dCd1PURvAqb86WESjNNngpLlSXSeJvm\n" "q6/i0MwgedzwMP+pvorj/iyrTr36SU1IqoxjJk0x4iCKnCj3PgEDzhZGg78CAwEA\n" "AaNQME4wHQYDVR0OBBYEFE0w/xgaxPENqZ5qEsAeAqzK34QKMB8GA1UdIwQYMBaA\n" "FE0w/xgaxPENqZ5qEsAeAqzK34QKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\n" "BQADggEBAHeem5jT7AZvKYYpA6AOnJglnZh8BLnmoubDOB7lnsHdDX3uedphLk36\n" "o0ZciRaZPtet67JzQN4gyhAQZ/g0KyEk7A1dtTEne0ZTw7xysqja6uEg5TSOGjOP\n" "bmjnEpQ2Am54Ak8E12axMiUuwVJALc7CgXQ0aqC6mX1/GvFA/wJb7IQfgDm6ENfM\n" "CYzyRVT4y7KqMYdSBcZ98vBTDYeE+vY8T5ReYto3TK1hVeauRPWXvP9FZuoqrEJY\n" "5K6BVpwO3dHfaSlTK0U4vSBLL/WEfLRqxzg8lv6C0i3poTxQksksKXAhxRoqClJQ\n" "zybCcf8mLyWnc4rkwnDYcZHBOu/dF3s=\n" "-----END CERTIFICATE-----\n"; const char kTestPemCert[] = "-----BEGIN CERTIFICATE-----\n" "MIIDwzCCAqsCAQIwDQYJKoZIhvcNAQEFBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD\n" "VQQIDApXYXNoaW5ndG9uMREwDwYDVQQHDAhLaXJrbGFuZDETMBEGA1UECgwKR29v\n" "Z2xlIEluYzERMA8GA1UECwwIV2lkZXZpbmUxHTAbBgNVBAMMFFRlc3QgSW50ZXJt\n" "ZWRpYXRlIENBMSEwHwYJKoZIhvcNAQkBFhJ0aW5za2lwQGdvb2dsZS5jb20wHhcN\n" "MTMwODE2MjE0NDAwWhcNMzMwODE1MjE0NDAwWjCBrjELMAkGA1UEBhMCVVMxEzAR\n" "BgNVBAgMCldhc2hpbmd0b24xETAPBgNVBAcMCEtpcmtsYW5kMSkwJwYDVQQKDCBD\n" "aHJvbWUgRGV2aWNlIENvbnRlbnQgUHJvdGVjdGlvbjEVMBMGA1UECwwMdGVzdGlu\n" "Zy50ZXN0MRIwEAYDVQQDDAlzdGFibGUgaWQxITAfBgkqhkiG9w0BCQEWEnRpbnNr\n" "aXBAZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlb\n" "DqstOK0TlLtJZOGzysjD48ZXEnpwti0cQAK6JcN9htwpHemBlzAbIuOIjeY2tfvk\n" "l2uIOOnNMgAiKs/Dpu9VbedXAVCnuxE7/yrWIw/rg1ZmqdxQXFqTo+52ErteMru4\n" "krOaNgQ63SE934yR0MSFzuSbvTgTFLP7hHueaeg8+CUvQRU0WoC2akMXzY1G6AkV\n" "wyY/lufA/XEQXgPbhvP67YxR+exwCfzQGolB5hkliKux0rmzDfcIiHMM0IDaE6nu\n" "fbm8BKPxlZS/QrzTZAr9Q5GMyjcu0XTI1fknGVrE4pZMh8ge+ondcgIQxXBOhfJK\n" "FCofYSP7rBxtasK+4ncCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEATcNfaLpfLbX6\n" "qz1qKMLYaNe4OI0X8t8ZNXqEdqyNd4C7kSdaQkwNunVAqw1CadUzLRi8Of18cwlQ\n" "EXBN4bPTeODCobPjS71YcYPhDsvGQcQ3GQC6BOyHKCTYpqgcIIPEGFzI+FrACede\n" "f4tyIexq63iIx1IpmTBnpYnnfgc8v4anphNODHKMRBHy8BJRcKpTFFFo571c5OjE\n" "QjhKEOp9eD72GuEgtK0f7jXYH2bRT4lmSLxg2L1jbwg3qIjoX2gjeILyzUF+FTzO\n" "7G5JWQnyDjd/ZJuld7FRsJmuzAgISeqVeraYXU1p4utbqutATmmHBcYhkXJKBKkf\n" "3rDeUI+Odg==\n" "-----END CERTIFICATE-----\n"; const char kTestPemCertSubjectField_C[] = "US"; const char kTestPemCertSubjectField_CN[] = "stable id/emailAddress=tinskip@google.com"; const char kTestPemCertSerialNumber[] = "\002"; const int64_t kTestPemCertNotBeforeSeconds = 1376689440; const int64_t kTestPemCertNotAfterSeconds = 2007755040; const char kTestPemCertChain[] = "-----BEGIN CERTIFICATE-----\n" "MIIDwzCCAqsCAQIwDQYJKoZIhvcNAQEFBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD\n" "VQQIDApXYXNoaW5ndG9uMREwDwYDVQQHDAhLaXJrbGFuZDETMBEGA1UECgwKR29v\n" "Z2xlIEluYzERMA8GA1UECwwIV2lkZXZpbmUxHTAbBgNVBAMMFFRlc3QgSW50ZXJt\n" "ZWRpYXRlIENBMSEwHwYJKoZIhvcNAQkBFhJ0aW5za2lwQGdvb2dsZS5jb20wHhcN\n" "MTMwODE2MjE0NDAwWhcNMzMwODE1MjE0NDAwWjCBrjELMAkGA1UEBhMCVVMxEzAR\n" "BgNVBAgMCldhc2hpbmd0b24xETAPBgNVBAcMCEtpcmtsYW5kMSkwJwYDVQQKDCBD\n" "aHJvbWUgRGV2aWNlIENvbnRlbnQgUHJvdGVjdGlvbjEVMBMGA1UECwwMdGVzdGlu\n" "Zy50ZXN0MRIwEAYDVQQDDAlzdGFibGUgaWQxITAfBgkqhkiG9w0BCQEWEnRpbnNr\n" "aXBAZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlb\n" "DqstOK0TlLtJZOGzysjD48ZXEnpwti0cQAK6JcN9htwpHemBlzAbIuOIjeY2tfvk\n" "l2uIOOnNMgAiKs/Dpu9VbedXAVCnuxE7/yrWIw/rg1ZmqdxQXFqTo+52ErteMru4\n" "krOaNgQ63SE934yR0MSFzuSbvTgTFLP7hHueaeg8+CUvQRU0WoC2akMXzY1G6AkV\n" "wyY/lufA/XEQXgPbhvP67YxR+exwCfzQGolB5hkliKux0rmzDfcIiHMM0IDaE6nu\n" "fbm8BKPxlZS/QrzTZAr9Q5GMyjcu0XTI1fknGVrE4pZMh8ge+ondcgIQxXBOhfJK\n" "FCofYSP7rBxtasK+4ncCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEATcNfaLpfLbX6\n" "qz1qKMLYaNe4OI0X8t8ZNXqEdqyNd4C7kSdaQkwNunVAqw1CadUzLRi8Of18cwlQ\n" "EXBN4bPTeODCobPjS71YcYPhDsvGQcQ3GQC6BOyHKCTYpqgcIIPEGFzI+FrACede\n" "f4tyIexq63iIx1IpmTBnpYnnfgc8v4anphNODHKMRBHy8BJRcKpTFFFo571c5OjE\n" "QjhKEOp9eD72GuEgtK0f7jXYH2bRT4lmSLxg2L1jbwg3qIjoX2gjeILyzUF+FTzO\n" "7G5JWQnyDjd/ZJuld7FRsJmuzAgISeqVeraYXU1p4utbqutATmmHBcYhkXJKBKkf\n" "3rDeUI+Odg==\n" "-----END CERTIFICATE-----\n" "-----BEGIN CERTIFICATE-----\n" "MIIEAzCCAuugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCVVMx\n" "EzARBgNVBAgMCldhc2hpbmd0b24xETAPBgNVBAcMCEtpcmtsYW5kMRMwEQYDVQQK\n" "DApHb29nbGUgSW5jMREwDwYDVQQLDAhXaWRldmluZTEVMBMGA1UEAwwMVGVzdCBS\n" "b290IENBMSEwHwYJKoZIhvcNAQkBFhJ0aW5za2lwQGdvb2dsZS5jb20wHhcNMTMw\n" "ODE2MjE0MTQ2WhcNMzMwODE1MjE0MTQ2WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV\n" "BAgMCldhc2hpbmd0b24xETAPBgNVBAcMCEtpcmtsYW5kMRMwEQYDVQQKDApHb29n\n" "bGUgSW5jMREwDwYDVQQLDAhXaWRldmluZTEdMBsGA1UEAwwUVGVzdCBJbnRlcm1l\n" "ZGlhdGUgQ0ExITAfBgkqhkiG9w0BCQEWEnRpbnNraXBAZ29vZ2xlLmNvbTCCASIw\n" "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANooBi6x3I9Incs6ytlPjBu7yEy5\n" "f6BLf5NREE5nQm74Rt7PAA7YVDtxHP+pi1uyxsL3fUrx904s4tdXNRK85/2zn7+o\n" "oZPYb8fH6dgl7ocmYeyC0jSmg7++ZiaS6OsjPSUTE2aEbAe6Q+ZhYsAbdkL7Z2dN\n" "UJR9akhLEqlqfX4q5bWA0M3P/2/fqNYMS0w010Nwpd+KydbceT0rHQTmTGVsqCCL\n" "gmaP9a8aQRMSP0dn5IOcc/K1Qnnfw1gxnjGF4aBP7KbCMxNBrbgBOwiTxgEMIcKZ\n" "9IGszAcpftKX5ra3XePzFWCcnwilppaaE/2XWXkcAehc8d3xtkdAYZyVIBUCAwEA\n" "AaNQME4wHQYDVR0OBBYEFDm35gzM6ll13HhZUbW5uDw7BieTMB8GA1UdIwQYMBaA\n" "FE0w/xgaxPENqZ5qEsAeAqzK34QKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\n" "BQADggEBALj+/Z8ygfWVNncV0N9UsAcwlGUe5ME+VoXUF/0SOmdrc8LtPc2Dkc8b\n" "xiQN1wHxE/OFsbsOdobPzwOBh67KyYyVWtxzzsLO0MHGxsbOmwa1AersoP4x8xoC\n" "HaBU90cviYqz5k6rZyBIlFIrM5lqG1JB3U0kTceG/1sqwRAAu94BYqMW1iWyr9Mq\n" "ASRCVBOrksWda4pZkCLp62vk7ItOcs2PrHf6UWbANTDH+8Q+pIw2wuJ5lf/imqKO\n" "qrYCJmAi6VBa2jyHqXVPMk6lL1Rmdk4UgOsRvsbmKzb2vYeWIwhsXY5Spo3WVTLv\n" "6kIkGZCFP/ws7ctk+fQyjjttncIdL2k=\n" "-----END CERTIFICATE-----\n"; const char kTestPemIca[] = "-----BEGIN CERTIFICATE-----\n" "MIIEAzCCAuugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCVVMx\n" "EzARBgNVBAgMCldhc2hpbmd0b24xETAPBgNVBAcMCEtpcmtsYW5kMRMwEQYDVQQK\n" "DApHb29nbGUgSW5jMREwDwYDVQQLDAhXaWRldmluZTEVMBMGA1UEAwwMVGVzdCBS\n" "b290IENBMSEwHwYJKoZIhvcNAQkBFhJ0aW5za2lwQGdvb2dsZS5jb20wHhcNMTMw\n" "ODE2MjE0MTQ2WhcNMzMwODE1MjE0MTQ2WjCBnzELMAkGA1UEBhMCVVMxEzARBgNV\n" "BAgMCldhc2hpbmd0b24xETAPBgNVBAcMCEtpcmtsYW5kMRMwEQYDVQQKDApHb29n\n" "bGUgSW5jMREwDwYDVQQLDAhXaWRldmluZTEdMBsGA1UEAwwUVGVzdCBJbnRlcm1l\n" "ZGlhdGUgQ0ExITAfBgkqhkiG9w0BCQEWEnRpbnNraXBAZ29vZ2xlLmNvbTCCASIw\n" "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANooBi6x3I9Incs6ytlPjBu7yEy5\n" "f6BLf5NREE5nQm74Rt7PAA7YVDtxHP+pi1uyxsL3fUrx904s4tdXNRK85/2zn7+o\n" "oZPYb8fH6dgl7ocmYeyC0jSmg7++ZiaS6OsjPSUTE2aEbAe6Q+ZhYsAbdkL7Z2dN\n" "UJR9akhLEqlqfX4q5bWA0M3P/2/fqNYMS0w010Nwpd+KydbceT0rHQTmTGVsqCCL\n" "gmaP9a8aQRMSP0dn5IOcc/K1Qnnfw1gxnjGF4aBP7KbCMxNBrbgBOwiTxgEMIcKZ\n" "9IGszAcpftKX5ra3XePzFWCcnwilppaaE/2XWXkcAehc8d3xtkdAYZyVIBUCAwEA\n" "AaNQME4wHQYDVR0OBBYEFDm35gzM6ll13HhZUbW5uDw7BieTMB8GA1UdIwQYMBaA\n" "FE0w/xgaxPENqZ5qEsAeAqzK34QKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\n" "BQADggEBALj+/Z8ygfWVNncV0N9UsAcwlGUe5ME+VoXUF/0SOmdrc8LtPc2Dkc8b\n" "xiQN1wHxE/OFsbsOdobPzwOBh67KyYyVWtxzzsLO0MHGxsbOmwa1AersoP4x8xoC\n" "HaBU90cviYqz5k6rZyBIlFIrM5lqG1JB3U0kTceG/1sqwRAAu94BYqMW1iWyr9Mq\n" "ASRCVBOrksWda4pZkCLp62vk7ItOcs2PrHf6UWbANTDH+8Q+pIw2wuJ5lf/imqKO\n" "qrYCJmAi6VBa2jyHqXVPMk6lL1Rmdk4UgOsRvsbmKzb2vYeWIwhsXY5Spo3WVTLv\n" "6kIkGZCFP/ws7ctk+fQyjjttncIdL2k=\n" "-----END CERTIFICATE-----\n"; const char kTestPk7CertChain[] = "308207fb06092a864886f70d010702a08207ec308207e80201013100300b" "06092a864886f70d010701a08207ce308203c3308202ab020102300d0609" "2a864886f70d010105050030819f310b3009060355040613025553311330" "1106035504080c0a57617368696e67746f6e3111300f06035504070c084b" "69726b6c616e6431133011060355040a0c0a476f6f676c6520496e633111" "300f060355040b0c085769646576696e65311d301b06035504030c145465" "737420496e7465726d6564696174652043413121301f06092a864886f70d" "010901161274696e736b697040676f6f676c652e636f6d301e170d313330" "3831363231343430305a170d3333303831353231343430305a3081ae310b" "30090603550406130255533113301106035504080c0a57617368696e6774" "6f6e3111300f06035504070c084b69726b6c616e6431293027060355040a" "0c204368726f6d652044657669636520436f6e74656e742050726f746563" "74696f6e31153013060355040b0c0c74657374696e672e74657374311230" "1006035504030c09737461626c652069643121301f06092a864886f70d01" "0901161274696e736b697040676f6f676c652e636f6d30820122300d0609" "2a864886f70d01010105000382010f003082010a0282010100a95b0eab2d" "38ad1394bb4964e1b3cac8c3e3c657127a70b62d1c4002ba25c37d86dc29" "1de98197301b22e3888de636b5fbe4976b8838e9cd3200222acfc3a6ef55" "6de7570150a7bb113bff2ad6230feb835666a9dc505c5a93a3ee7612bb5e" "32bbb892b39a36043add213ddf8c91d0c485cee49bbd381314b3fb847b9e" "69e83cf8252f4115345a80b66a4317cd8d46e80915c3263f96e7c0fd7110" "5e03db86f3faed8c51f9ec7009fcd01a8941e6192588abb1d2b9b30df708" "88730cd080da13a9ee7db9bc04a3f19594bf42bcd3640afd43918cca372e" "d174c8d5f927195ac4e2964c87c81efa89dd720210c5704e85f24a142a1f" "6123fbac1c6d6ac2bee2770203010001300d06092a864886f70d01010505" "0003820101004dc35f68ba5f2db5faab3d6a28c2d868d7b8388d17f2df19" "357a8476ac8d7780bb91275a424c0dba7540ab0d4269d5332d18bc39fd7c" "73095011704de1b3d378e0c2a1b3e34bbd587183e10ecbc641c4371900ba" "04ec872824d8a6a81c2083c4185cc8f85ac009e75e7f8b7221ec6aeb7888" "c75229993067a589e77e073cbf86a7a6134e0c728c4411f2f0125170aa53" "145168e7bd5ce4e8c442384a10ea7d783ef61ae120b4ad1fee35d81f66d1" "4f896648bc60d8bd636f0837a888e85f68237882f2cd417e153cceec6e49" "5909f20e377f649ba577b151b099aecc080849ea957ab6985d4d69e2eb5b" "aaeb404e698705c62191724a04a91fdeb0de508f8e7630820403308202eb" "a003020102020101300d06092a864886f70d0101050500308197310b3009" "0603550406130255533113301106035504080c0a57617368696e67746f6e" "3111300f06035504070c084b69726b6c616e6431133011060355040a0c0a" "476f6f676c6520496e633111300f060355040b0c085769646576696e6531" "15301306035504030c0c5465737420526f6f742043413121301f06092a86" "4886f70d010901161274696e736b697040676f6f676c652e636f6d301e17" "0d3133303831363231343134365a170d3333303831353231343134365a30" "819f310b30090603550406130255533113301106035504080c0a57617368" "696e67746f6e3111300f06035504070c084b69726b6c616e643113301106" "0355040a0c0a476f6f676c6520496e633111300f060355040b0c08576964" "6576696e65311d301b06035504030c145465737420496e7465726d656469" "6174652043413121301f06092a864886f70d010901161274696e736b6970" "40676f6f676c652e636f6d30820122300d06092a864886f70d0101010500" "0382010f003082010a0282010100da28062eb1dc8f489dcb3acad94f8c1b" "bbc84cb97fa04b7f9351104e67426ef846decf000ed8543b711cffa98b5b" "b2c6c2f77d4af1f74e2ce2d7573512bce7fdb39fbfa8a193d86fc7c7e9d8" "25ee872661ec82d234a683bfbe662692e8eb233d25131366846c07ba43e6" "6162c01b7642fb67674d50947d6a484b12a96a7d7e2ae5b580d0cdcfff6f" "dfa8d60c4b4c34d74370a5df8ac9d6dc793d2b1d04e64c656ca8208b8266" "8ff5af1a4113123f4767e4839c73f2b54279dfc358319e3185e1a04feca6" "c2331341adb8013b0893c6010c21c299f481accc07297ed297e6b6b75de3" "f315609c9f08a5a6969a13fd9759791c01e85cf1ddf1b64740619c952015" "0203010001a350304e301d0603551d0e0416041439b7e60cccea5975dc78" "5951b5b9b83c3b062793301f0603551d230418301680144d30ff181ac4f1" "0da99e6a12c01e02accadf840a300c0603551d13040530030101ff300d06" "092a864886f70d01010505000382010100b8fefd9f3281f595367715d0df" "54b0073094651ee4c13e5685d417fd123a676b73c2ed3dcd8391cf1bc624" "0dd701f113f385b1bb0e7686cfcf038187aecac98c955adc73cec2ced0c1" "c6c6c6ce9b06b501eaeca0fe31f31a021da054f7472f898ab3e64eab6720" "4894522b33996a1b5241dd4d244dc786ff5b2ac11000bbde0162a316d625" "b2afd32a0124425413ab92c59d6b8a599022e9eb6be4ec8b4e72cd8fac77" "fa5166c03530c7fbc43ea48c36c2e27995ffe29aa28eaab602266022e950" "5ada3c87a9754f324ea52f5466764e1480eb11bec6e62b36f6bd87962308" "6c5d8e52a68dd65532efea42241990853ffc2cedcb64f9f4328e3b6d9dc2" "1d2f69a1003100"; const char kTestCertPrivateKey[] = "-----BEGIN RSA PRIVATE KEY-----\n" "MIIEowIBAAKCAQEAqVsOqy04rROUu0lk4bPKyMPjxlcSenC2LRxAArolw32G3Ckd\n" "6YGXMBsi44iN5ja1++SXa4g46c0yACIqz8Om71Vt51cBUKe7ETv/KtYjD+uDVmap\n" "3FBcWpOj7nYSu14yu7iSs5o2BDrdIT3fjJHQxIXO5Ju9OBMUs/uEe55p6Dz4JS9B\n" "FTRagLZqQxfNjUboCRXDJj+W58D9cRBeA9uG8/rtjFH57HAJ/NAaiUHmGSWIq7HS\n" "ubMN9wiIcwzQgNoTqe59ubwEo/GVlL9CvNNkCv1DkYzKNy7RdMjV+ScZWsTilkyH\n" "yB76id1yAhDFcE6F8koUKh9hI/usHG1qwr7idwIDAQABAoIBADdwlZa30QvnkxLU\n" "be/s+X9LkS8GpgfrCdgunU3HPkGGwDUmSKJ+R835tCwkMb+hPWXeaStMhsUS5UFh\n" "7f3hoK5MmxPWSZnrrrNvnpKZUxUNFgucxBJZREJqfom7oVow9g6511xwKSqtUmJl\n" "bN8JhPwwiZAQ45qNtINO3QnSy/y4IGrUPgjMpmJa26a+JhduTRq+LMPu2wz+HxS1\n" "Vf2q0H1IOJr/kimMFMaBRYErNclFa8VIFjwjz5reH5lJyptajGhruor6EK1qqhNc\n" "zPSRY4TZH5QcjM46zui6l3tL9e32j6oUd4mAp4HhH0fws/pwawFYECI+M+7OCjgK\n" "y+qSJ1ECgYEA1g+L0yN4i+uScs7EpsYJfaRP1PMtGnUsof64Pg6i9IKcuf5mi5Kp\n" "aIgZdXAZIzsACH5XbfuC5Srs4565k/9XrHehLcuBzodulrzwmOUDbJAxIDw4uTUX\n" "95W0uK9UqyGLyM8wNYs/EzhveSFL8fnFWzOAL/+HshQpKCBzedSU+G0CgYEAyolH\n" "xws2mim7rSrYyRz1Vj02rLZuBUR7cPaHDxjjuuSUbI2nsDRsm6ZUCNlJtReHBkpH\n" "eW5iClBGkksVsJJYJBmyDw6a3mnj0mfxBnh9zGaHQi0RCuOwmYlu2L/XVQXiMFKT\n" "gffazuvysg7N/bz7CJjm8PRRx/cAxxFfAozdf/MCgYEAtBagLCHLaOvnaW9LQoOZ\n" "uHpkL2PmrjumMSN7HbpyngLEmDXPT90zaR4XTRXiECGzBXJFW+IdXW+fnGANANXx\n" "jMeYck6kBn0qLOcIA5moJ82nhtcjYa2pXEI2qKnZMaAnWen1RRbBGgqAvgelPQ5F\n" "W1UYo0j3gHo1peynOff+3IECgYAsP53M4KhHOgLkrE28cnUvKCR/y0NyJyoI3fNX\n" "2wo11KaQqMoP9wQbZVVKsZ4m0EMRnrzKzNDii/M/FuRgNTjIekyqeXhgSyYY29iO\n" "n1hshaHbVVk51dDJWns7I3559tUZ1ZCgfnPxbR8Sw6VBYD4//JfH4LjVRSOIWkU1\n" "m2zw/QKBgGE55o0xrCywF3wDUtFa6vgpsOfZu9IblsWktSbD/lk1YOqGpU//B0O4\n" "GqihOQT7E9kDNusspFUGpZrE0T0B+GW1T9iTR0zd+lC+qExv2ggDJoH063DnH5OU\n" "Qz2M8LESeFxf6ZlBxkcyrk6G1RAy7lUs9fHhfmpEJLVv4DTCuWDl\n" "-----END RSA PRIVATE KEY-----\n"; const char kTestMessage[] = "c8635a17ccc672c941d0cc287715411a0a0222613a04d47693a53eb7f32c" "1ebae1f5d916a815b880426362c42f5f18f694a380756e0452018c70b3e4" "f72ebb5269cb7233a3b8a2a1840e33ca9d473224d17ff91bae6b8d4ff2d1" "8e5c89b5fc8a52c4f791c2063ab1a29ffd3372db483e4975c1c9c7408bf6" "dfe5696e256e86b75313c501ab781175971b9411a73c444592afb1ec1667" "2bfb935715ef5302f3bef712d2296be4f64ef2dc861f0611b06c35d0a5c2" "5ff9f4a2563f265f109d2fa8f8165d7891b8a83c84520eaa284d49a4f76e" "ac158204a5bdf018edd9401ae6593092ba97970be9a58b10720a235c9158" "b9f235f9dda3de05990cef8c2fd04920a2a434bd5b6aa75767762d89b964" "90e42524855a7eab49a8f82ac593e4df01990206d3fa98329aa50e31db89" "b46b82ee0073851826f77aabb3779738a6f311b79f54d036a98dca4881ef" "88c3cbfc86ac358c7bd107dc234d3772fc707df01637354dcb9270c7aefa" "852dd21818ede33ab7154c32f25268b82f89b344e6469b81b6699df68c56" "a6e61f1dd8f140f3be4edce755ceee8ee7868f45a17f8b4b4b0988f45815" "1b43d07dcb0cd80b1ffa37b824e0abc25897cb41c242a3db845bedd37adf" "88a13c0b2f0b158464b02f9fd97ad6e87b92c13cbeee5e69d183cc898c4e" "0cfa9c59abde74a437d030cb966137ffe9abe6be71ed21ef751cdea73625" "7cff9e378718f7d7e9c4d567cbec8e0afdfab0585b8ed0d5f8de159b6524" "22c90737b44c84603ba1131f557604fe4e6b4d91e45363903b8db179cee0" "a50f2ae73394973c8671df7a7b2eeb8341a3417727cfe43290a67ac3ad02" "a52c3d1698c2c28a46268518aea66cecb40f43f50bb9cea4ed1d49ceb51d" "9967fabccccc7237a36b6cecda5916234730d7b3ca3295519d77b7516824" "10e8a238b6345e8d28132f60423a13fdf4b6a6cf272cef9a0833abb4b86d" "9828af45442a390e241b2b8c3290671da4a163d7e55fea7828098c0749ca" "ff65145dd6b4a6e4c65d214801bb8302d8914864e99c4d0b390b8126d4bc" "0353e376e69aba56cf71b9943a47dcffa07c6a24986a077f69b7bec6bd9c" "357e211875453bdadd9bfc4526f96c458e0052d27a903611c09a9c7b5f51" "83daad078aec0e79ef991d102d4af492773f1509a265c5644cbab3253e34" "3015e4305fffd17ce0261bcb232cfa0e1dcc71f83dc1aac490e526f6269f" "606d0e0e556bb30b774c2208ed3771474be23f39b7fc21dcbf304a923d9c"; const char kTestDevCodeSigningCert[] = "-----BEGIN CERTIFICATE-----\n" "MIIFDjCCA3agAwIBAgIPESIzRFVmd4iZqrvM3e7/MA0GCSqGSIb3DQEBCwUAMIGc\n" "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2ly\n" "a2xhbmQxDzANBgNVBAoMBkdvb2dsZTERMA8GA1UECwwIV2lkZXZpbmUxHjAcBgNV\n" "BAMMFXdpZGV2aW5lLWRldi1jb2Rlc2lnbjEhMB8GCSqGSIb3DQEJARYSdGluc2tp\n" "cEBnb29nbGUuY29tMB4XDTE3MTAwOTIwMjUwNloXDTI3MTAwNzIwMjUwNlowRTEL\n" "MAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy\n" "bmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\n" "ggEBAObsg/w+dJedH3x5KEsXdA/5sunWc8G+iZl0wMcngh2DiwmOSkKf68uCK/iW\n" "T0a2XGgk13zl1HuKrjatgc7n6E1j/sqDZBGkr0q1wQgsdzm3qvGZoDG/+Z2U23WU\n" "kX6ZcyIYUbpO2VtQELEl6DgNwoUi/9Yp+vCb6lsItpSZ1WRD9NhbWh1MxZxj1s18\n" "OYcEzpEYg4/vHTVhocUR/1Rp9M9yn0nH1MUdtjhgBM3BmlRH7TA/nF111A4+GzMN\n" "qyqfb0/6yXE64Ca3+fGg1hstfUUXkpmjjNPhYJ6QTgA3Xfrz04a4uwB+pSliF3SD\n" "gip7O3rDyK0ES55lGpZ7B3s3TakCAwEAAaOCASEwggEdMB0GA1UdDgQWBBQ2jJme\n" "0BuaGrhgFGJR2i59HR+DizCBuwYDVR0jBIGzMIGwoYGipIGfMIGcMQswCQYDVQQG\n" "EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxDzAN\n" "BgNVBAoMBkdvb2dsZTERMA8GA1UECwwIV2lkZXZpbmUxHjAcBgNVBAMMFXdpZGV2\n" "aW5lLWRldi1jb2Rlc2lnbjEhMB8GCSqGSIb3DQEJARYSdGluc2tpcEBnb29nbGUu\n" "Y29tggkAxfgvA4+s8VgwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAww\n" "CgYIKwYBBQUHAwMwEQYKKwYBBAHWeQQBAgQDAQH/MA0GCSqGSIb3DQEBCwUAA4IB\n" "gQAtan04ZGie7rRsKpb1F6t7xs48KE6cj6L99B5dgl37fZaZIQ3XE2vbmmmY5YTx\n" "wofCkvOZMXHeQfJEK5GIK49TW/lAR+3kJUJzSh+N67f0X8O1pUl97IUFsbi6PTw/\n" "mjhu197Kdy/OxPu/csOkEChuOfJLagRxXtIXeIyaeVOmn6fkFTOMOL2BusWOPuIs\n" "9OmOQ+UHXpMuX4c2x9iO4NzZwwI/MgULLCrd/c73q199H+ttdPFoNs8+xGdodqA/\n" "NFlHtMHMLMKVGpazAf+JW1/c3nb8L3S0nw4q7vPWi216RdZTfKfSIs/f/IW3CYJh\n" "/IAuHOYvlD0GdSOFZHfhrnAvKhJ2iRu32psN87L9rL5EL22LT8csV/gLMc3SZ35n\n" "/viuYcTDnMbe9S/Mge3mMJ9XHD5XBhN3hzmGDQEUdRS5MXrYdY32viPE7f+GAO9s\n" "5MXS+h+FxQ6QUar2q1zHc/0Gr1hLzA6HYBmI0/AF8LsHs799XjrMKHkSBN6UQkC1\n" "hRk=\n" "-----END CERTIFICATE-----\n"; const char kDevCertFlagOid[] = "1.3.6.1.4.1.11129.4.1.2"; const bool kTestDevCodeSigningCertFlagValue = true; TEST(X509CertTest, LoadCert) { X509Cert test_cert; EXPECT_EQ(OkStatus(), test_cert.LoadDer(absl::HexStringToBytes(kTestRootCaDerCert))); EXPECT_EQ(OkStatus(), test_cert.LoadPem(kTestPemCert)); // TODO(user): Add more specific status checks to failure tests. EXPECT_NE(OkStatus(), test_cert.LoadDer("bad cert")); EXPECT_NE(OkStatus(), test_cert.LoadPem("bad cert")); EXPECT_NE(OkStatus(), test_cert.LoadDer("")); EXPECT_NE(OkStatus(), test_cert.LoadPem("")); } TEST(X509CertTest, VerifySignature) { X509Cert test_cert; ASSERT_EQ(OkStatus(), test_cert.LoadPem(kTestPemCert)); std::string message(absl::HexStringToBytes(kTestMessage)); std::string signature; ASSERT_EQ(OkStatus(), GenerateRsaSignatureSha256Pkcs1(kTestCertPrivateKey, message, &signature)); std::unique_ptr pub_key(test_cert.GetRsaPublicKey()); ASSERT_TRUE(pub_key); EXPECT_TRUE(pub_key->VerifySignatureSha256Pkcs7(message, signature)); EXPECT_FALSE(pub_key->VerifySignatureSha256Pkcs7(message, "bad signature")); EXPECT_FALSE(pub_key->VerifySignatureSha256Pkcs7("bad digest", signature)); EXPECT_FALSE(pub_key->VerifySignatureSha256Pkcs7(message, "")); EXPECT_FALSE(pub_key->VerifySignatureSha256Pkcs7("", signature)); } TEST(X509CertTest, GetSubjectNameField) { X509Cert test_cert; ASSERT_EQ(OkStatus(), test_cert.LoadPem(kTestPemCert)); EXPECT_EQ(kTestPemCertSubjectField_C, test_cert.GetSubjectNameField("C")); EXPECT_EQ(kTestPemCertSubjectField_CN, test_cert.GetSubjectNameField("CN")); EXPECT_EQ("", test_cert.GetSubjectNameField("invalid_field")); } TEST(X509CertTest, GetSerialNumber) { X509Cert test_cert; ASSERT_EQ(OkStatus(), test_cert.LoadPem(kTestPemCert)); EXPECT_EQ(kTestPemCertSerialNumber, test_cert.GetSerialNumber()); } TEST(X509CertTest, GetNotBeforeSeconds) { X509Cert test_cert; ASSERT_EQ(OkStatus(), test_cert.LoadPem(kTestPemCert)); int64_t not_before_seconds = 0; ASSERT_TRUE(test_cert.GetNotBeforeSeconds(¬_before_seconds)); EXPECT_EQ(kTestPemCertNotBeforeSeconds, not_before_seconds); } TEST(X509CertTest, GetNotAfterSeconds) { X509Cert test_cert; ASSERT_EQ(OkStatus(), test_cert.LoadPem(kTestPemCert)); int64_t not_after_seconds = 0; ASSERT_TRUE(test_cert.GetNotAfterSeconds(¬_after_seconds)); EXPECT_EQ(kTestPemCertNotAfterSeconds, not_after_seconds); } TEST(X509CertTest, CertChain) { X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCertChain)); ASSERT_EQ(2, test_chain.GetNumCerts()); EXPECT_FALSE(test_chain.GetCert(0) == NULL); EXPECT_FALSE(test_chain.GetCert(1) == NULL); EXPECT_TRUE(test_chain.GetCert(2) == NULL); } TEST(X509CertTest, IsCaCertificate) { X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCertChain)); ASSERT_EQ(2, test_chain.GetNumCerts()); EXPECT_FALSE(test_chain.GetCert(0)->IsCaCertificate()); EXPECT_TRUE(test_chain.GetCert(1)->IsCaCertificate()); } TEST(X509CertTest, ChainVerificationPem) { std::unique_ptr ca_cert(new X509Cert); ASSERT_EQ(OkStatus(), ca_cert->LoadDer(absl::HexStringToBytes(kTestRootCaDerCert))); X509CA ca(ca_cert.release()); X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCertChain)); EXPECT_EQ(OkStatus(), ca.VerifyCertChain(test_chain)); ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCert)); ASSERT_EQ(1, test_chain.GetNumCerts()); EXPECT_NE(OkStatus(), ca.VerifyCertChain(test_chain)); ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCertChain)); EXPECT_EQ(OkStatus(), ca.VerifyCertChain(test_chain)); } TEST(X509CertTest, ChainVerificationPkcs7) { std::unique_ptr ca_cert(new X509Cert); ASSERT_EQ(OkStatus(), ca_cert->LoadDer(absl::HexStringToBytes(kTestRootCaDerCert))); X509CA ca(ca_cert.release()); X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPkcs7(absl::HexStringToBytes(kTestPk7CertChain))); EXPECT_EQ(OkStatus(), ca.VerifyCertChain(test_chain)); ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCert)); ASSERT_EQ(1, test_chain.GetNumCerts()); EXPECT_NE(OkStatus(), ca.VerifyCertChain(test_chain)); ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCertChain)); EXPECT_EQ(OkStatus(), ca.VerifyCertChain(test_chain)); } TEST(X509CertTest, VerifyCertWithChainIca) { std::unique_ptr ca_cert(new X509Cert); ASSERT_EQ(OkStatus(), ca_cert->LoadPem(kTestRootCaPemCert)); X509CA ca(ca_cert.release()); // Verify the ICA with the root succeeds. X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestRootCaPemCert)); ASSERT_EQ(1, test_chain.GetNumCerts()); X509Cert ica_cert; ASSERT_EQ(OkStatus(), ica_cert.LoadPem(kTestPemIca)); EXPECT_EQ(OkStatus(), ca.VerifyCertWithChain(ica_cert, test_chain)); } TEST(X509CertTest, VerifyCertWithChainLeaf) { std::unique_ptr ca_cert(new X509Cert); ASSERT_EQ(OkStatus(), ca_cert->LoadPem(kTestRootCaPemCert)); X509CA ca(ca_cert.release()); // Verify the leaf with the root and ICA succeeds. X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemIca)); ASSERT_EQ(1, test_chain.GetNumCerts()); X509Cert leaf_cert; ASSERT_EQ(OkStatus(), leaf_cert.LoadPem(kTestPemCert)); EXPECT_EQ(OkStatus(), ca.VerifyCertWithChain(leaf_cert, test_chain)); } TEST(X509CertTest, VerifyCertWithChainLeafMissincIca) { std::unique_ptr ca_cert(new X509Cert); ASSERT_EQ(OkStatus(), ca_cert->LoadPem(kTestRootCaPemCert)); X509CA ca(ca_cert.release()); // Verify the leaf with only the root fails (ICA missing). X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestRootCaPemCert)); ASSERT_EQ(1, test_chain.GetNumCerts()); X509Cert leaf_cert; ASSERT_EQ(OkStatus(), leaf_cert.LoadPem(kTestPemCert)); EXPECT_NE(OkStatus(), ca.VerifyCertWithChain(leaf_cert, test_chain)); } TEST(X509CertTest, GetPkcs7) { X509CertChain test_chain; ASSERT_EQ(OkStatus(), test_chain.LoadPem(kTestPemCertChain)); std::string pkcs7_certificate = test_chain.GetPkcs7(); ASSERT_NE(pkcs7_certificate.size(), 0); X509CertChain new_test_chain; ASSERT_EQ(OkStatus(), new_test_chain.LoadPkcs7(pkcs7_certificate)); ASSERT_EQ(test_chain.GetNumCerts(), new_test_chain.GetNumCerts()); for (int i = 0; i < test_chain.GetNumCerts(); i++) { ASSERT_EQ(test_chain.GetCert(i)->GetPem(), new_test_chain.GetCert(i)->GetPem()); } } TEST(X509CertTest, BooleanExtension) { std::unique_ptr cert1(new X509Cert); ASSERT_EQ(OkStatus(), cert1->LoadPem(kTestPemCert)); bool extension_value; EXPECT_FALSE(cert1->GetV3BooleanExtension(kDevCertFlagOid, &extension_value)); std::unique_ptr cert2(new X509Cert); ASSERT_EQ(OkStatus(), cert2->LoadPem(kTestDevCodeSigningCert)); ASSERT_TRUE(cert2->GetV3BooleanExtension(kDevCertFlagOid, &extension_value)); EXPECT_EQ(kTestDevCodeSigningCertFlagValue, extension_value); } } // namespace widevine