Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(46)

Unified Diff: net/base/x509_certificate_unittest.cc

Issue 9950065: Properly parse IPv6 subjectAltNames when USE_OPENSSL is set (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Feedback Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/x509_certificate_openssl.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/x509_certificate_unittest.cc
diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc
index 4855d89bf41060f3f676838ff5d2b9e8b1cdd2dd..4615cf70b78562ad90e77567692eb27278daf494 100644
--- a/net/base/x509_certificate_unittest.cc
+++ b/net/base/x509_certificate_unittest.cc
@@ -2,6 +2,9 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "net/base/x509_certificate.h"
+
+#include "base/basictypes.h"
#include "base/file_path.h"
#include "base/memory/scoped_ptr.h"
#include "base/pickle.h"
@@ -13,7 +16,6 @@
#include "net/base/cert_test_util.h"
#include "net/base/net_errors.h"
#include "net/base/test_certificate_data.h"
-#include "net/base/x509_certificate.h"
#include "testing/gtest/include/gtest/gtest.h"
#if defined(USE_NSS)
@@ -39,39 +41,39 @@ namespace net {
// $ date +%s -d '<date str>'
// Google's cert.
-unsigned char google_fingerprint[] = {
+uint8 google_fingerprint[] = {
wtc 2012/04/03 23:11:42 We sometimes use 'unsigned char' to mean a byte, b
0xab, 0xbe, 0x5e, 0xb4, 0x93, 0x88, 0x4e, 0xe4, 0x60, 0xc6, 0xef, 0xf8,
0xea, 0xd4, 0xb1, 0x55, 0x4b, 0xc9, 0x59, 0x3c
};
// webkit.org's cert.
-unsigned char webkit_fingerprint[] = {
+uint8 webkit_fingerprint[] = {
0xa1, 0x4a, 0x94, 0x46, 0x22, 0x8e, 0x70, 0x66, 0x2b, 0x94, 0xf9, 0xf8,
0x57, 0x83, 0x2d, 0xa2, 0xff, 0xbc, 0x84, 0xc2
};
// thawte.com's cert (it's EV-licious!).
-unsigned char thawte_fingerprint[] = {
+uint8 thawte_fingerprint[] = {
0x85, 0x04, 0x2d, 0xfd, 0x2b, 0x0e, 0xc6, 0xc8, 0xaf, 0x2d, 0x77, 0xd6,
0xa1, 0x3a, 0x64, 0x04, 0x27, 0x90, 0x97, 0x37
};
// A certificate for https://www.unosoft.hu/, whose AIA extension contains
// an LDAP URL without a host name.
-unsigned char unosoft_hu_fingerprint[] = {
+uint8 unosoft_hu_fingerprint[] = {
0x32, 0xff, 0xe3, 0xbe, 0x2c, 0x3b, 0xc7, 0xca, 0xbf, 0x2d, 0x64, 0xbd,
0x25, 0x66, 0xf2, 0xec, 0x8b, 0x0f, 0xbf, 0xd8
};
// The fingerprint of the Google certificate used in the parsing tests,
// which is newer than the one included in the x509_certificate_data.h
-unsigned char google_parse_fingerprint[] = {
+uint8 google_parse_fingerprint[] = {
0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4, 0xaf, 0x97, 0xe9, 0x38, 0x2a,
0xf1, 0x6c, 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2
};
// The fingerprint for the Thawte SGC certificate
-unsigned char thawte_parse_fingerprint[] = {
+uint8 thawte_parse_fingerprint[] = {
0xec, 0x07, 0x10, 0x03, 0xd8, 0xf5, 0xa3, 0x7f, 0x42, 0xc4, 0x55, 0x7f,
0x65, 0x6a, 0xae, 0x86, 0x65, 0xfa, 0x4b, 0x02
};
@@ -84,7 +86,7 @@ const double kGoogleParseValidTo = 1324252799;
struct CertificateFormatTestData {
const char* file_name;
X509Certificate::Format format;
- unsigned char* chain_fingerprints[3];
+ uint8* chain_fingerprints[3];
};
const CertificateFormatTestData FormatTestData[] = {
@@ -151,7 +153,7 @@ const CertificateFormatTestData FormatTestData[] = {
};
void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
- unsigned char* expected_fingerprint,
+ uint8* expected_fingerprint,
double valid_from, double valid_to) {
ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert);
@@ -438,6 +440,44 @@ TEST(X509CertificateTest, CAFingerprints) {
cert_chain3_ca_fingerprint, 20) == 0);
}
+TEST(X509CertificateTest, ParseSubjectAltNames) {
+ FilePath certs_dir = GetTestCertsDirectory();
+
+ scoped_refptr<X509Certificate> san_cert =
+ ImportCertFromFile(certs_dir, "subjectAltName_sanity_check.pem");
+ ASSERT_NE(static_cast<X509Certificate*>(NULL), san_cert);
+
+ std::vector<std::string> dns_names;
+ std::vector<std::string> ip_addresses;
+ san_cert->GetSubjectAltName(&dns_names, &ip_addresses);
+
+ // Ensure that DNS names are correctly parsed.
+ ASSERT_EQ(1U, dns_names.size());
+ EXPECT_EQ("test.example", dns_names[0]);
+
+ // Ensure that both IPv4 and IPv6 addresses are correctly parsed.
+ ASSERT_EQ(2U, ip_addresses.size());
+
+ static const uint8 kIPv4Address[] = {
+ 0x7F, 0x00, 0x00, 0x02
+ };
+ ASSERT_EQ(arraysize(kIPv4Address), ip_addresses[0].size());
+ EXPECT_EQ(0, memcmp(ip_addresses[0].data(), kIPv4Address,
+ arraysize(kIPv4Address)));
+
+ static const uint8 kIPv6Address[] = {
+ 0xFE, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+ };
+ ASSERT_EQ(arraysize(kIPv6Address), ip_addresses[1].size());
+ EXPECT_EQ(0, memcmp(ip_addresses[1].data(), kIPv6Address,
+ arraysize(kIPv6Address)));
+
+ // Ensure the subjectAltName dirName has not influenced the handling of
+ // the subject commonName.
+ EXPECT_EQ("127.0.0.1", san_cert->subject().common_name);
+}
+
TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> cert =
@@ -849,7 +889,7 @@ TEST_P(X509CertificateParseTest, CanParseFormat) {
// comparing fingerprints.
const X509Certificate* cert = certs[i];
const SHA1Fingerprint& actual_fingerprint = cert->fingerprint();
- unsigned char* expected_fingerprint = test_data_.chain_fingerprints[i];
+ uint8* expected_fingerprint = test_data_.chain_fingerprints[i];
for (size_t j = 0; j < 20; ++j)
EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]);
« no previous file with comments | « net/base/x509_certificate_openssl.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698