Parse individual X.509 name components on Windows, rather than their stringified form

net/base/x509_certificate_unittest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/path_service.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/string_number_conversions.h"
@@ skipping 357 matching lines @@
   EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
   // Consequently, if we don't have revocation checking enabled, we can't claim
   // any cert is EV.
   flags = X509Certificate::VERIFY_EV_CERT;
   EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, NULL,
                                     &verify_result));
   EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV);
 #endif
 }
 
+// Test that all desired AttributeAndValue pairs can be extracted when only
+// a single RelativeDistinguishedName is present. "Normally" there is only
+// one AVA per RDN, but some CAs place all AVAs within a single RDN.
+// This is a regression test for http://crbug.com/101009
+TEST(X509CertificateTest, MultivalueRDN) {
+  FilePath certs_dir = GetTestCertsDirectory();
+
+  scoped_refptr<X509Certificate> multivalue_rdn_cert =
+      ImportCertFromFile(certs_dir, "multivalue_rdn.pem");
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), multivalue_rdn_cert);
+
+  const CertPrincipal& subject = multivalue_rdn_cert->subject();
+  EXPECT_EQ("Multivalue RDN Test", subject.common_name);
+  EXPECT_EQ("", subject.locality_name);
+  EXPECT_EQ("", subject.state_or_province_name);
+  EXPECT_EQ("US", subject.country_name);
+  EXPECT_EQ(0U, subject.street_addresses.size());
+  ASSERT_EQ(1U, subject.organization_names.size());
+  EXPECT_EQ("Chromium", subject.organization_names[0]);
+  ASSERT_EQ(1U, subject.organization_unit_names.size());
+  EXPECT_EQ("Chromium net_unittests", subject.organization_unit_names[0]);
+  ASSERT_EQ(1U, subject.domain_components.size());
+  EXPECT_EQ("Chromium", subject.domain_components[0]);
+}
+
+// Test that characters which would normally be escaped in the string form,
+// such as '=' or '"', are not escaped when parsed as individual components.
+// This is a regression test for http://crbug.com/102839
+TEST(X509CertificateTest, UnescapedSpecialCharacters) {
+  FilePath certs_dir = GetTestCertsDirectory();
+
+  scoped_refptr<X509Certificate> unescaped_cert =
+      ImportCertFromFile(certs_dir, "unescaped.pem");
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), unescaped_cert);
+
+  const CertPrincipal& subject = unescaped_cert->subject();
+  EXPECT_EQ("127.0.0.1", subject.common_name);
+  EXPECT_EQ("Mountain View", subject.locality_name);
+  EXPECT_EQ("California", subject.state_or_province_name);
+  EXPECT_EQ("US", subject.country_name);
+  ASSERT_EQ(1U, subject.street_addresses.size());
+  EXPECT_EQ("1600 Amphitheatre Parkway", subject.street_addresses[0]);
+  ASSERT_EQ(1U, subject.organization_names.size());
+  EXPECT_EQ("Chromium = \"net_unittests\"", subject.organization_names[0]);
+  ASSERT_EQ(2U, subject.organization_unit_names.size());
+  EXPECT_EQ("net_unittests", subject.organization_unit_names[0]);
+  EXPECT_EQ("Chromium", subject.organization_unit_names[1]);
+  EXPECT_EQ(0U, subject.domain_components.size());
+}
+
 TEST(X509CertificateTest, PaypalNullCertParsing) {
   scoped_refptr<X509Certificate> paypal_null_cert(
       X509Certificate::CreateFromBytes(
           reinterpret_cast<const char*>(paypal_null_der),
           sizeof(paypal_null_der)));
 
   ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert);
 
   const SHA1Fingerprint& fingerprint =
       paypal_null_cert->fingerprint();
@@ skipping 1313 matching lines @@
 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
 #else
 #define MAYBE_VerifyMixed VerifyMixed
 #endif
 WRAPPED_INSTANTIATE_TEST_CASE_P(
     MAYBE_VerifyMixed,
     X509CertificateWeakDigestTest,
     testing::ValuesIn(kVerifyMixedTestData));
 
 }  // namespace net