...

Source file src/github.com/google/certificate-transparency-go/x509/rpki_test.go

Documentation: github.com/google/certificate-transparency-go/x509 

     1  // Copyright 2018 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package x509
     6  
     7  import (
     8  	"reflect"
     9  	"strings"
    10  	"testing"
    11  )
    12  
    13  func TestParseRPKIAddrBlocks(t *testing.T) {
    14  	tests := []struct {
    15  		desc    string
    16  		in      string // hex-encoded
    17  		want    []*IPAddressFamilyBlocks
    18  		wantErr string
    19  	}{
    20  		{
    21  			desc: "ValidSingleIPv4",
    22  			in: "300e" + // SEQUENCE OF IPAddressFamily
    23  				("300c" + // IPAddressFamily SEQUENCE
    24  					("0402" + "0001") + // addressFamily OCTET STRING
    25  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
    26  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
    27  			want: []*IPAddressFamilyBlocks{
    28  				{
    29  					AFI: 1,
    30  					AddressPrefixes: []IPAddressPrefix{
    31  						{Bytes: fromHex("d596c8"), BitLength: 21},
    32  					},
    33  				},
    34  			},
    35  		},
    36  		{
    37  			desc: "ValidSingleIPv4WithSAFI",
    38  			in: "300f" + // SEQUENCE OF IPAddressFamily
    39  				("300d" + // IPAddressFamily SEQUENCE
    40  					("0403" + "000120") + // addressFamily OCTET STRING
    41  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
    42  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
    43  			want: []*IPAddressFamilyBlocks{
    44  				{
    45  					AFI:  1,
    46  					SAFI: 0x20,
    47  					AddressPrefixes: []IPAddressPrefix{
    48  						{Bytes: fromHex("d596c8"), BitLength: 21},
    49  					},
    50  				},
    51  			},
    52  		},
    53  		{
    54  			desc: "ValidSingleIPv4Inherit",
    55  			in: "3008" + // SEQUENCE OF IPAddressFamily
    56  				("3006" + // IPAddressFamily SEQUENCE
    57  					("0402" + "0001") + // addressFamily OCTET STRING
    58  					("0500")), // inherit NULL
    59  			want: []*IPAddressFamilyBlocks{
    60  				{
    61  					AFI:               1,
    62  					InheritFromIssuer: true,
    63  				},
    64  			},
    65  		},
    66  		{
    67  			desc: "ValidMultipleIPv4",
    68  			in: "3014" + // SEQUENCE OF IPAddressFamily
    69  				("3012" + // IPAddressFamily SEQUENCE
    70  					("0402" + "0001") + // addressFamily OCTET STRING
    71  					("300c" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
    72  						"0304" + "03" + "d596c8" + // addressPrefix BIT STRING
    73  						"0304" + "03" + "d696c8")), // addressPrefix BIT STRING
    74  			want: []*IPAddressFamilyBlocks{
    75  				{
    76  					AFI: 1,
    77  					AddressPrefixes: []IPAddressPrefix{
    78  						{Bytes: fromHex("d596c8"), BitLength: 21},
    79  						{Bytes: fromHex("d696c8"), BitLength: 21},
    80  					},
    81  				},
    82  			},
    83  		},
    84  		{
    85  			desc: "ValidSingleIPv4Range",
    86  			in: "3016" + // SEQUENCE OF IPAddressFamily
    87  				("3014" + // IPAddressFamily SEQUENCE
    88  					("0402" + "0001") + // addressFamily OCTET STRING
    89  					("300e" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
    90  						("300c" + // addressRange SEQUENCE
    91  							"0304" + "03" + "d596c8" + // min BIT STRING
    92  							"0304" + "03" + "d596d8"))), // max BIT STRING
    93  			want: []*IPAddressFamilyBlocks{
    94  				{
    95  					AFI: 1,
    96  					AddressRanges: []IPAddressRange{
    97  						{
    98  							Min: IPAddressPrefix{Bytes: fromHex("d596c8"), BitLength: 21},
    99  							Max: IPAddressPrefix{Bytes: fromHex("d596d8"), BitLength: 21},
   100  						},
   101  					},
   102  				},
   103  			},
   104  		},
   105  		{
   106  			desc: "InvalidOuterSequence",
   107  			in: "310e" + // SET OF not SEQUENCE OF IPAddressFamily
   108  				("300c" + // IPAddressFamily SEQUENCE
   109  					("0402" + "0001") + // addressFamily OCTET STRING
   110  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   111  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
   112  			wantErr: "failed to asn1.Unmarshal ipAddrBlocks ",
   113  		},
   114  		{
   115  			desc: "TrailingOuterSequence",
   116  			in: "300e" + // SEQUENCE OF IPAddressFamily
   117  				("300c" + // IPAddressFamily SEQUENCE
   118  					("0402" + "0001") + // addressFamily OCTET STRING
   119  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   120  						"0304" + "03" + "d596c8") + // addressPrefix BIT STRING
   121  					"ff"), // trailing byte
   122  			wantErr: "trailing data after ipAddrBlocks ",
   123  		},
   124  		{
   125  			desc: "InvalidInnerSequence",
   126  			in: "300e" + // SEQUENCE OF IPAddressFamily
   127  				("310c" + // SET not SEQUENCE
   128  					("0402" + "0001") + // addressFamily OCTET STRING
   129  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   130  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
   131  			wantErr: "failed to asn1.Unmarshal ipAddrBlocks ",
   132  		},
   133  		{
   134  			desc: "TrailingInnerSequence",
   135  			in: "300f" + // SEQUENCE OF IPAddressFamily
   136  				("300c" + // IPAddressFamily SEQUENCE
   137  					("0402" + "0001") + // addressFamily OCTET STRING
   138  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   139  						"0304" + "03" + "d596c8")) + // addressPrefix BIT STRING
   140  				"ff", // trailing byte
   141  			wantErr: "failed to asn1.Unmarshal ipAddrBlocks ",
   142  		},
   143  		{
   144  			desc: "InvalidAddressFamily",
   145  			in: "300e" + // SEQUENCE OF IPAddressFamily
   146  				("300c" + // IPAddressFamily SEQUENCE
   147  					("0302" + "0001") + // BIT STRING not OCTET STRING
   148  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   149  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
   150  			wantErr: "failed to asn1.Unmarshal ipAddrBlocks ",
   151  		},
   152  		{
   153  			desc: "InvalidAddressFamilyTooShort",
   154  			in: "300d" + // SEQUENCE OF IPAddressFamily
   155  				("300b" + // IPAddressFamily SEQUENCE
   156  					("0401" + "01") + // addressFamily OCTET STRING too short
   157  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   158  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
   159  			wantErr: "invalid address family length (1)",
   160  		},
   161  		{
   162  			desc: "InvalidAddressFamilyTooLong",
   163  			in: "3010" + // SEQUENCE OF IPAddressFamily
   164  				("300e" + // IPAddressFamily SEQUENCE
   165  					("0404" + "00010a0b") + // addressFamily OCTET STRING too long
   166  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   167  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
   168  			wantErr: "invalid address family length (4)",
   169  		},
   170  		{
   171  			desc: "InvalidChoiceSequence",
   172  			in: "300e" + // SEQUENCE OF IPAddressFamily
   173  				("300c" + // IPAddressFamily SEQUENCE
   174  					("0402" + "0001") + // addressFamily OCTET STRING
   175  					("3106" + // SET not SEQUENCE
   176  						"0304" + "03" + "d596c8")), // addressPrefix BIT STRING
   177  			wantErr: "failed to asn1.Unmarshal ipAddrBlocks[0].ipAddressChoice",
   178  		},
   179  		{
   180  			desc: "InvalidIPv4Prefix",
   181  			in: "300e" + // SEQUENCE OF IPAddressFamily
   182  				("300c" + // IPAddressFamily SEQUENCE
   183  					("0402" + "0001") + // addressFamily OCTET STRING
   184  					("3006" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   185  						"8304" + "03d596c8")), // addressPrefix BIT STRING, Not class=Universal
   186  			want:    []*IPAddressFamilyBlocks{{AFI: 1}},
   187  			wantErr: "failed to asn1.Unmarshal ipAddrBlocks[0].ipAddressChoice.addressesOrRanges[0].addressPrefix",
   188  		},
   189  		{
   190  			desc: "InvalidIPv4Range",
   191  			in: "3016" + // SEQUENCE OF IPAddressFamily
   192  				("3014" + // IPAddressFamily SEQUENCE
   193  					("0402" + "0001") + // addressFamily OCTET STRING
   194  					("300e" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   195  						("310c" + // SET not SEQUENCE
   196  							"0304" + "03" + "d596c8" + // addressPrefix BIT STRING
   197  							"0304" + "03" + "d596d8"))), // addressPrefix BIT STRING
   198  			want:    []*IPAddressFamilyBlocks{{AFI: 1}},
   199  			wantErr: "unexpected ASN.1 type in ipAddrBlocks[0].ipAddressChoice.addressesOrRanges[0]",
   200  		},
   201  		{
   202  			desc: "InvalidIPv4RangeContents",
   203  			in: "3016" + // SEQUENCE OF IPAddressFamily
   204  				("3014" + // IPAddressFamily SEQUENCE
   205  					("0402" + "0001") + // addressFamily OCTET STRING
   206  					("300e" + // addressesOrRanges SEQUENCE OF IPAddressOrRange
   207  						("300c" +
   208  							"0404" + "03d596c8" + // OCTET STRING not BIT STRING
   209  							"0304" + "03" + "d596d8"))), // addressPrefix BIT STRING
   210  			want:    []*IPAddressFamilyBlocks{{AFI: 1}},
   211  			wantErr: "failed to asn1.Unmarshal ipAddrBlocks[0].ipAddressChoice.addressesOrRanges[0].addressRange",
   212  		},
   213  	}
   214  
   215  	for _, test := range tests {
   216  		t.Run(test.desc, func(t *testing.T) {
   217  			var nfe NonFatalErrors
   218  			got := parseRPKIAddrBlocks(fromHex(test.in), &nfe)
   219  			if !reflect.DeepEqual(got, test.want) {
   220  				t.Errorf("parseRPKIAddrBlocks(%s)=%+v,%v; want %+v,_", test.in, got, nfe, test.want)
   221  			}
   222  			if !strings.Contains(nfe.Error(), test.wantErr) {
   223  				t.Errorf("parseRPKIAddrBlocks(%s)=_,%v; want _, err containing %q", test.in, nfe, test.wantErr)
   224  			}
   225  		})
   226  	}
   227  }
   228  
   229  func TestParseRPKIASIdentifiers(t *testing.T) {
   230  	tests := []struct {
   231  		desc            string
   232  		in              string // hex-encoded
   233  		wantAS, wantRDI *ASIdentifiers
   234  		wantErr         string
   235  	}{
   236  		{
   237  			desc: "ValidASRange",
   238  			in: ("3010" + // SEQUENCE
   239  				("a00e" + // Tag:0 Class:Context-specific Compound:Y
   240  					("300c" + // SEQUENCE OF ASIdOrRange
   241  						("300a" + // SEQUENCE (ASRange)
   242  							"0201" + "00" + // INTEGER
   243  							"0205" + "00ffffffff")))), // INTEGER
   244  			wantAS: &ASIdentifiers{
   245  				ASIDRanges: []ASIDRange{
   246  					{Min: 0, Max: 0x00ffffffff},
   247  				},
   248  			},
   249  		},
   250  		{
   251  			desc: "ValidASNumbers",
   252  			in: ("300b" + // SEQUENCE
   253  				("a009" + // Tag:0 Class:Context-specific Compound:Y
   254  					("3007" + // SEQUENCE OF ASIdOrRange
   255  						"0201" + "01" + // INTEGER
   256  						"0202" + "0123"))), // INTEGER
   257  			wantAS: &ASIdentifiers{ASIDs: []int{1, 0x123}},
   258  		},
   259  		{
   260  			desc: "ValidASInherit",
   261  			in: ("3004" + // SEQUENCE
   262  				("8002" + // Tag:0 Class:Context-specific Compound:N
   263  					"0500")), // NULL
   264  			wantAS: &ASIdentifiers{InheritFromIssuer: true},
   265  		},
   266  		{
   267  			desc: "ValidRDIRange",
   268  			in: ("3010" + // SEQUENCE
   269  				("a10e" + // Tag:1 Class:Context-specific Compound:Y
   270  					("300c" + // SEQUENCE OF ASIdOrRange
   271  						("300a" + // SEQUENCE (ASRange)
   272  							"0201" + "00" + // INTEGER
   273  							"0205" + "00ffffffff")))), // INTEGER
   274  			wantRDI: &ASIdentifiers{
   275  				ASIDRanges: []ASIDRange{
   276  					{Min: 0, Max: 0x00ffffffff},
   277  				},
   278  			},
   279  		},
   280  		{
   281  			desc: "InvalidASRange",
   282  			in: ("3110" + // SET not SEQUENCE
   283  				("a00e" + // Tag:0 Class:Context-specific Compound:Y
   284  					("300c" + // SEQUENCE OF ASIdOrRange
   285  						("300a" + // SEQUENCE (ASRange)
   286  							"0201" + "00" + // INTEGER
   287  							"0205" + "00ffffffff")))), // INTEGER
   288  			wantErr: "failed to asn1.Unmarshal ASIdentifiers extension",
   289  		},
   290  		{
   291  			desc: "TrailingASRange",
   292  			in: ("3010" + // SEQUENCE
   293  				("a00e" + // Tag:0 Class:Context-specific Compound:Y
   294  					("300c" + // SEQUENCE OF ASIdOrRange
   295  						("300a" + // SEQUENCE (ASRange)
   296  							"0201" + "00" + // INTEGER
   297  							"0205" + "00ffffffff"))) + // INTEGER
   298  				"ff"),
   299  			wantErr: "trailing data after ASIdentifiers extension",
   300  		},
   301  		{
   302  			desc: "InvalidAsIdsOrRanges",
   303  			in: ("3010" + // SEQUENCE
   304  				("a00e" + // Tag:0 Class:Context-specific Compound:Y
   305  					("310c" + // SET not SEQUENCE OF ASIdOrRange
   306  						("300a" + // SEQUENCE (ASRange)
   307  							"0201" + "00" + // INTEGER
   308  							"0205" + "00ffffffff")))), // INTEGER
   309  			wantErr: "failed to asn1.Unmarshal ASIdentifiers.asIdsOrRanges",
   310  		},
   311  		{
   312  			desc: "TrailingAsIdsOrRanges",
   313  			in: ("3011" + // SEQUENCE
   314  				("a00f" + // Tag:0 Class:Context-specific Compound:Y
   315  					("300c" + // SEQUENCE OF ASIdOrRange
   316  						("300a" + // SEQUENCE (ASRange)
   317  							"0201" + "00" + // INTEGER
   318  							"0205" + "00ffffffff")) + "ff")), // INTEGER
   319  			wantErr: "trailing data after ASIdentifiers.asIdsOrRanges",
   320  		},
   321  		{
   322  			desc: "InvalidAsIdsOrRangesType",
   323  			in: ("3010" + // SEQUENCE
   324  				("a00e" + // Tag:0 Class:Context-specific Compound:Y
   325  					("300c" + // SEQUENCE OF ASIdOrRange
   326  						("310a" + // SET not SEQUENCE (ASRange)
   327  							"0201" + "00" + // INTEGER
   328  							"0205" + "00ffffffff")))), // INTEGER
   329  			wantAS:  &ASIdentifiers{},
   330  			wantErr: "unexpected value in ASIdentifiers.asIdsOrRanges[0]",
   331  		},
   332  		{
   333  			desc: "InvalidASRange",
   334  			in: ("3010" + // SEQUENCE
   335  				("a00e" + // Tag:0 Class:Context-specific Compound:Y
   336  					("300c" + // SEQUENCE OF ASIdOrRange
   337  						("100a" + // SEQUENCE (ASRange) but not Constructed:Y
   338  							"0201" + "00" + // INTEGER
   339  							"0205" + "00ffffffff")))), // INTEGER
   340  			wantAS:  &ASIdentifiers{},
   341  			wantErr: "failed to asn1.Unmarshal ASIdentifiers.asIdsOrRanges[0].range",
   342  		},
   343  		{
   344  			desc: "InvalidASId",
   345  			in: ("300b" + // SEQUENCE
   346  				("a009" + // Tag:0 Class:Context-specific Compound:Y
   347  					("3007" + // SEQUENCE OF ASIdOrRange
   348  						"8201" + "01" + // INTEGER but Constructed:Y
   349  						"0202" + "0123"))), // INTEGER
   350  			wantAS:  &ASIdentifiers{ASIDs: []int{0x123}},
   351  			wantErr: "failed to asn1.Unmarshal ASIdentifiers.asIdsOrRanges[0].id",
   352  		},
   353  	}
   354  
   355  	for _, test := range tests {
   356  		t.Run(test.desc, func(t *testing.T) {
   357  			var nfe NonFatalErrors
   358  			gotAS, gotRDI := parseRPKIASIdentifiers(fromHex(test.in), &nfe)
   359  			if !reflect.DeepEqual(gotAS, test.wantAS) {
   360  				t.Errorf("parseRPKIASIdentifiers(%s)=%+v,_,%v; want %+v,_", test.in, gotAS, nfe, test.wantAS)
   361  			}
   362  			if !reflect.DeepEqual(gotRDI, test.wantRDI) {
   363  				t.Errorf("parseRPKIASIdentifiers(%s)=_,%+v,%v; want _,%+v", test.in, gotRDI, nfe, test.wantRDI)
   364  			}
   365  			if !strings.Contains(nfe.Error(), test.wantErr) {
   366  				t.Errorf("parseRPKIASIdentifiers(%s)=_,_,%v; want _,_, err containing %q", test.in, nfe, test.wantErr)
   367  			}
   368  		})
   369  	}
   370  }
   371  

View as plain text