| Index: net/cert/x509_certificate_unittest.cc
|
| diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
|
| index 83de91a64bca913cbfae5ed3deef2cbe3ab3f410..3194411196cb7f91c3ce8aa79a1ab150d5cf835e 100644
|
| --- a/net/cert/x509_certificate_unittest.cc
|
| +++ b/net/cert/x509_certificate_unittest.cc
|
| @@ -46,42 +46,36 @@ namespace net {
|
| // $ date +%s -d '<date str>'
|
|
|
| // Google's cert.
|
| -uint8 google_fingerprint[] = {
|
| - 0xab, 0xbe, 0x5e, 0xb4, 0x93, 0x88, 0x4e, 0xe4, 0x60, 0xc6, 0xef, 0xf8,
|
| - 0xea, 0xd4, 0xb1, 0x55, 0x4b, 0xc9, 0x59, 0x3c
|
| -};
|
| +uint8 google_fingerprint[] = {0xab, 0xbe, 0x5e, 0xb4, 0x93, 0x88, 0x4e,
|
| + 0xe4, 0x60, 0xc6, 0xef, 0xf8, 0xea, 0xd4,
|
| + 0xb1, 0x55, 0x4b, 0xc9, 0x59, 0x3c};
|
|
|
| // webkit.org's cert.
|
| -uint8 webkit_fingerprint[] = {
|
| - 0xa1, 0x4a, 0x94, 0x46, 0x22, 0x8e, 0x70, 0x66, 0x2b, 0x94, 0xf9, 0xf8,
|
| - 0x57, 0x83, 0x2d, 0xa2, 0xff, 0xbc, 0x84, 0xc2
|
| -};
|
| +uint8 webkit_fingerprint[] = {0xa1, 0x4a, 0x94, 0x46, 0x22, 0x8e, 0x70,
|
| + 0x66, 0x2b, 0x94, 0xf9, 0xf8, 0x57, 0x83,
|
| + 0x2d, 0xa2, 0xff, 0xbc, 0x84, 0xc2};
|
|
|
| // thawte.com's cert (it's EV-licious!).
|
| -uint8 thawte_fingerprint[] = {
|
| - 0x85, 0x04, 0x2d, 0xfd, 0x2b, 0x0e, 0xc6, 0xc8, 0xaf, 0x2d, 0x77, 0xd6,
|
| - 0xa1, 0x3a, 0x64, 0x04, 0x27, 0x90, 0x97, 0x37
|
| -};
|
| +uint8 thawte_fingerprint[] = {0x85, 0x04, 0x2d, 0xfd, 0x2b, 0x0e, 0xc6,
|
| + 0xc8, 0xaf, 0x2d, 0x77, 0xd6, 0xa1, 0x3a,
|
| + 0x64, 0x04, 0x27, 0x90, 0x97, 0x37};
|
|
|
| // A certificate for https://www.unosoft.hu/, whose AIA extension contains
|
| // an LDAP URL without a host name.
|
| -uint8 unosoft_hu_fingerprint[] = {
|
| - 0x32, 0xff, 0xe3, 0xbe, 0x2c, 0x3b, 0xc7, 0xca, 0xbf, 0x2d, 0x64, 0xbd,
|
| - 0x25, 0x66, 0xf2, 0xec, 0x8b, 0x0f, 0xbf, 0xd8
|
| -};
|
| +uint8 unosoft_hu_fingerprint[] = {0x32, 0xff, 0xe3, 0xbe, 0x2c, 0x3b, 0xc7,
|
| + 0xca, 0xbf, 0x2d, 0x64, 0xbd, 0x25, 0x66,
|
| + 0xf2, 0xec, 0x8b, 0x0f, 0xbf, 0xd8};
|
|
|
| // The fingerprint of the Google certificate used in the parsing tests,
|
| // which is newer than the one included in the x509_certificate_data.h
|
| -uint8 google_parse_fingerprint[] = {
|
| - 0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4, 0xaf, 0x97, 0xe9, 0x38, 0x2a,
|
| - 0xf1, 0x6c, 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2
|
| -};
|
| +uint8 google_parse_fingerprint[] = {0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4,
|
| + 0xaf, 0x97, 0xe9, 0x38, 0x2a, 0xf1, 0x6c,
|
| + 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2};
|
|
|
| // The fingerprint for the Thawte SGC certificate
|
| -uint8 thawte_parse_fingerprint[] = {
|
| - 0xec, 0x07, 0x10, 0x03, 0xd8, 0xf5, 0xa3, 0x7f, 0x42, 0xc4, 0x55, 0x7f,
|
| - 0x65, 0x6a, 0xae, 0x86, 0x65, 0xfa, 0x4b, 0x02
|
| -};
|
| +uint8 thawte_parse_fingerprint[] = {0xec, 0x07, 0x10, 0x03, 0xd8, 0xf5, 0xa3,
|
| + 0x7f, 0x42, 0xc4, 0x55, 0x7f, 0x65, 0x6a,
|
| + 0xae, 0x86, 0x65, 0xfa, 0x4b, 0x02};
|
|
|
| // Dec 18 00:00:00 2009 GMT
|
| const double kGoogleParseValidFrom = 1261094400;
|
| @@ -90,7 +84,8 @@ const double kGoogleParseValidTo = 1324252799;
|
|
|
| void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
|
| uint8* expected_fingerprint,
|
| - double valid_from, double valid_to) {
|
| + double valid_from,
|
| + double valid_to) {
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert);
|
|
|
| const CertPrincipal& subject = google_cert->subject();
|
| @@ -133,11 +128,11 @@ void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
|
| }
|
|
|
| TEST(X509CertificateTest, GoogleCertParsing) {
|
| - scoped_refptr<X509Certificate> google_cert(
|
| - X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
| + scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(
|
| + reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
|
|
| - CheckGoogleCert(google_cert, google_fingerprint,
|
| + CheckGoogleCert(google_cert,
|
| + google_fingerprint,
|
| 1238192407, // Mar 27 22:20:07 2009 GMT
|
| 1269728407); // Mar 27 22:20:07 2010 GMT
|
| }
|
| @@ -169,7 +164,7 @@ TEST(X509CertificateTest, WebkitCertParsing) {
|
| EXPECT_EQ("GoDaddy.com, Inc.", issuer.organization_names[0]);
|
| ASSERT_EQ(1U, issuer.organization_unit_names.size());
|
| EXPECT_EQ("http://certificates.godaddy.com/repository",
|
| - issuer.organization_unit_names[0]);
|
| + issuer.organization_unit_names[0]);
|
| EXPECT_EQ(0U, issuer.domain_components.size());
|
|
|
| // Use DoubleT because its epoch is the same on all platforms
|
| @@ -296,17 +291,17 @@ TEST(X509CertificateTest, UnescapedSpecialCharacters) {
|
| }
|
|
|
| TEST(X509CertificateTest, SerialNumbers) {
|
| - scoped_refptr<X509Certificate> google_cert(
|
| - X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
| + scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(
|
| + reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
|
|
| static const uint8 google_serial[16] = {
|
| - 0x01,0x2a,0x39,0x76,0x0d,0x3f,0x4f,0xc9,
|
| - 0x0b,0xe7,0xbd,0x2b,0xcf,0x95,0x2e,0x7a,
|
| + 0x01, 0x2a, 0x39, 0x76, 0x0d, 0x3f, 0x4f, 0xc9,
|
| + 0x0b, 0xe7, 0xbd, 0x2b, 0xcf, 0x95, 0x2e, 0x7a,
|
| };
|
|
|
| ASSERT_EQ(sizeof(google_serial), google_cert->serial_number().size());
|
| - EXPECT_TRUE(memcmp(google_cert->serial_number().data(), google_serial,
|
| + EXPECT_TRUE(memcmp(google_cert->serial_number().data(),
|
| + google_serial,
|
| sizeof(google_serial)) == 0);
|
|
|
| // We also want to check a serial number where the first byte is >= 0x80 in
|
| @@ -320,7 +315,8 @@ TEST(X509CertificateTest, SerialNumbers) {
|
| ASSERT_EQ(sizeof(paypal_null_serial),
|
| paypal_null_cert->serial_number().size());
|
| EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(),
|
| - paypal_null_serial, sizeof(paypal_null_serial)) == 0);
|
| + paypal_null_serial,
|
| + sizeof(paypal_null_serial)) == 0);
|
| }
|
|
|
| TEST(X509CertificateTest, CAFingerprints) {
|
| @@ -357,24 +353,24 @@ TEST(X509CertificateTest, CAFingerprints) {
|
| intermediates);
|
|
|
| static const uint8 cert_chain1_ca_fingerprint[20] = {
|
| - 0xc2, 0xf0, 0x08, 0x7d, 0x01, 0xe6, 0x86, 0x05, 0x3a, 0x4d,
|
| - 0x63, 0x3e, 0x7e, 0x70, 0xd4, 0xef, 0x65, 0xc2, 0xcc, 0x4f
|
| - };
|
| + 0xc2, 0xf0, 0x08, 0x7d, 0x01, 0xe6, 0x86, 0x05, 0x3a, 0x4d,
|
| + 0x63, 0x3e, 0x7e, 0x70, 0xd4, 0xef, 0x65, 0xc2, 0xcc, 0x4f};
|
| static const uint8 cert_chain2_ca_fingerprint[20] = {
|
| - 0xd5, 0x59, 0xa5, 0x86, 0x66, 0x9b, 0x08, 0xf4, 0x6a, 0x30,
|
| - 0xa1, 0x33, 0xf8, 0xa9, 0xed, 0x3d, 0x03, 0x8e, 0x2e, 0xa8
|
| - };
|
| + 0xd5, 0x59, 0xa5, 0x86, 0x66, 0x9b, 0x08, 0xf4, 0x6a, 0x30,
|
| + 0xa1, 0x33, 0xf8, 0xa9, 0xed, 0x3d, 0x03, 0x8e, 0x2e, 0xa8};
|
| // The SHA-1 hash of nothing.
|
| static const uint8 cert_chain3_ca_fingerprint[20] = {
|
| - 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55,
|
| - 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09
|
| - };
|
| + 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55,
|
| + 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09};
|
| EXPECT_TRUE(memcmp(cert_chain1->ca_fingerprint().data,
|
| - cert_chain1_ca_fingerprint, 20) == 0);
|
| + cert_chain1_ca_fingerprint,
|
| + 20) == 0);
|
| EXPECT_TRUE(memcmp(cert_chain2->ca_fingerprint().data,
|
| - cert_chain2_ca_fingerprint, 20) == 0);
|
| + cert_chain2_ca_fingerprint,
|
| + 20) == 0);
|
| EXPECT_TRUE(memcmp(cert_chain3->ca_fingerprint().data,
|
| - cert_chain3_ca_fingerprint, 20) == 0);
|
| + cert_chain3_ca_fingerprint,
|
| + 20) == 0);
|
| }
|
|
|
| TEST(X509CertificateTest, ParseSubjectAltNames) {
|
| @@ -395,20 +391,17 @@ TEST(X509CertificateTest, ParseSubjectAltNames) {
|
| // Ensure that both IPv4 and IPv6 addresses are correctly parsed.
|
| ASSERT_EQ(2U, ip_addresses.size());
|
|
|
| - static const uint8 kIPv4Address[] = {
|
| - 0x7F, 0x00, 0x00, 0x02
|
| - };
|
| + static const uint8 kIPv4Address[] = {0x7F, 0x00, 0x00, 0x02};
|
| ASSERT_EQ(arraysize(kIPv4Address), ip_addresses[0].size());
|
| - EXPECT_EQ(0, memcmp(ip_addresses[0].data(), kIPv4Address,
|
| - arraysize(kIPv4Address)));
|
| + EXPECT_EQ(
|
| + 0, memcmp(ip_addresses[0].data(), kIPv4Address, arraysize(kIPv4Address)));
|
|
|
| - static const uint8 kIPv6Address[] = {
|
| - 0xFE, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
| - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
|
| - };
|
| + static const uint8 kIPv6Address[] = {0xFE, 0x80, 0x00, 0x00, 0x00, 0x00,
|
| + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
| + 0x00, 0x00, 0x00, 0x01};
|
| ASSERT_EQ(arraysize(kIPv6Address), ip_addresses[1].size());
|
| - EXPECT_EQ(0, memcmp(ip_addresses[1].data(), kIPv6Address,
|
| - arraysize(kIPv6Address)));
|
| + EXPECT_EQ(
|
| + 0, memcmp(ip_addresses[1].data(), kIPv6Address, arraysize(kIPv6Address)));
|
|
|
| // Ensure the subjectAltName dirName has not influenced the handling of
|
| // the subject commonName.
|
| @@ -422,15 +415,15 @@ TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);
|
|
|
| std::string derBytes;
|
| - EXPECT_TRUE(X509Certificate::GetDEREncoded(cert->os_cert_handle(),
|
| - &derBytes));
|
| + EXPECT_TRUE(
|
| + X509Certificate::GetDEREncoded(cert->os_cert_handle(), &derBytes));
|
|
|
| base::StringPiece spkiBytes;
|
| EXPECT_TRUE(asn1::ExtractSPKIFromDERCert(derBytes, &spkiBytes));
|
|
|
| uint8 hash[base::kSHA1Length];
|
| - base::SHA1HashBytes(reinterpret_cast<const uint8*>(spkiBytes.data()),
|
| - spkiBytes.size(), hash);
|
| + base::SHA1HashBytes(
|
| + reinterpret_cast<const uint8*>(spkiBytes.data()), spkiBytes.size(), hash);
|
|
|
| EXPECT_EQ(0, memcmp(hash, kNistSPKIHash, sizeof(hash)));
|
| }
|
| @@ -442,8 +435,8 @@ TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);
|
|
|
| std::string derBytes;
|
| - EXPECT_TRUE(X509Certificate::GetDEREncoded(cert->os_cert_handle(),
|
| - &derBytes));
|
| + EXPECT_TRUE(
|
| + X509Certificate::GetDEREncoded(cert->os_cert_handle(), &derBytes));
|
|
|
| std::vector<base::StringPiece> crl_urls;
|
| EXPECT_TRUE(asn1::ExtractCRLURLsFromDERCert(derBytes, &crl_urls));
|
| @@ -492,8 +485,8 @@ TEST(X509CertificateTest, Cache) {
|
| reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der));
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(thawte_cert_handle);
|
| - scoped_refptr<X509Certificate> cert3(X509Certificate::CreateFromHandle(
|
| - google_cert_handle, intermediates));
|
| + scoped_refptr<X509Certificate> cert3(
|
| + X509Certificate::CreateFromHandle(google_cert_handle, intermediates));
|
| X509Certificate::FreeOSCertHandle(google_cert_handle);
|
| X509Certificate::FreeOSCertHandle(thawte_cert_handle);
|
|
|
| @@ -502,7 +495,7 @@ TEST(X509CertificateTest, Cache) {
|
| EXPECT_EQ(cert1->os_cert_handle(), cert3->os_cert_handle());
|
| // Though they use the same OS handle, the intermediates should be different.
|
| EXPECT_NE(cert1->GetIntermediateCertificates().size(),
|
| - cert3->GetIntermediateCertificates().size());
|
| + cert3->GetIntermediateCertificates().size());
|
| }
|
|
|
| TEST(X509CertificateTest, Pickle) {
|
| @@ -515,8 +508,8 @@ TEST(X509CertificateTest, Pickle) {
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(thawte_cert_handle);
|
| - scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
|
| - google_cert_handle, intermediates);
|
| + scoped_refptr<X509Certificate> cert =
|
| + X509Certificate::CreateFromHandle(google_cert_handle, intermediates);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), cert.get());
|
|
|
| X509Certificate::FreeOSCertHandle(google_cert_handle);
|
| @@ -566,9 +559,10 @@ TEST(X509CertificateTest, Policy) {
|
| policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| EXPECT_EQ(CertPolicy::UNKNOWN,
|
| policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(google_cert.get(),
|
| - CERT_STATUS_DATE_INVALID | CERT_STATUS_COMMON_NAME_INVALID));
|
| + EXPECT_EQ(
|
| + CertPolicy::UNKNOWN,
|
| + policy.Check(google_cert.get(),
|
| + CERT_STATUS_DATE_INVALID | CERT_STATUS_COMMON_NAME_INVALID));
|
| EXPECT_EQ(CertPolicy::UNKNOWN,
|
| policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| EXPECT_TRUE(policy.HasAllowedCert());
|
| @@ -634,9 +628,10 @@ TEST(X509CertificateTest, Policy) {
|
| policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| EXPECT_EQ(CertPolicy::UNKNOWN,
|
| policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(google_cert.get(),
|
| - CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(
|
| + CertPolicy::DENIED,
|
| + policy.Check(google_cert.get(),
|
| + CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_DATE_INVALID));
|
|
|
| // Test denying an overlapping certificate (other direction).
|
| policy.Allow(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
|
| @@ -649,13 +644,11 @@ TEST(X509CertificateTest, Policy) {
|
| }
|
|
|
| TEST(X509CertificateTest, IntermediateCertificates) {
|
| - scoped_refptr<X509Certificate> webkit_cert(
|
| - X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
|
| + scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes(
|
| + reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
|
|
|
| - scoped_refptr<X509Certificate> thawte_cert(
|
| - X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));
|
| + scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes(
|
| + reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));
|
|
|
| X509Certificate::OSCertHandle google_handle;
|
| // Create object with no intermediates:
|
| @@ -694,8 +687,7 @@ TEST(X509CertificateTest, IsIssuedByEncoded) {
|
| ImportCertFromFile(certs_dir, "mit.davidben.der"));
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert);
|
|
|
| - std::string mit_issuer(reinterpret_cast<const char*>(MITDN),
|
| - sizeof(MITDN));
|
| + std::string mit_issuer(reinterpret_cast<const char*>(MITDN), sizeof(MITDN));
|
|
|
| // Test a certificate from Google, issued by Thawte
|
| scoped_refptr<X509Certificate> google_cert(
|
| @@ -730,16 +722,14 @@ TEST(X509CertificateTest, IsIssuedByEncoded) {
|
|
|
| TEST(X509CertificateTest, IsIssuedByEncodedWithIntermediates) {
|
| static const unsigned char kPolicyRootDN[] = {
|
| - 0x30, 0x1e, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
|
| - 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x20, 0x54, 0x65, 0x73, 0x74,
|
| - 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41
|
| - };
|
| + 0x30, 0x1e, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03,
|
| + 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x20, 0x54, 0x65,
|
| + 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41};
|
| static const unsigned char kPolicyIntermediateDN[] = {
|
| - 0x30, 0x26, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
|
| - 0x1b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x20, 0x54, 0x65, 0x73, 0x74,
|
| - 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74,
|
| - 0x65, 0x20, 0x43, 0x41
|
| - };
|
| + 0x30, 0x26, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04,
|
| + 0x03, 0x0c, 0x1b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x20,
|
| + 0x54, 0x65, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72,
|
| + 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41};
|
|
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| @@ -757,9 +747,8 @@ TEST(X509CertificateTest, IsIssuedByEncodedWithIntermediates) {
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(policy_chain[1]->os_cert_handle());
|
| - scoped_refptr<X509Certificate> cert_chain =
|
| - X509Certificate::CreateFromHandle(policy_chain[0]->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(
|
| + policy_chain[0]->os_cert_handle(), intermediates);
|
|
|
| std::vector<std::string> issuers;
|
|
|
| @@ -800,8 +789,10 @@ TEST(X509CertificateTest, GetDefaultNickname) {
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert);
|
|
|
| std::string nickname = test_cert->GetDefaultNickname(USER_CERT);
|
| - EXPECT_EQ("wtc@google.com's COMODO Client Authentication and "
|
| - "Secure Email CA ID", nickname);
|
| + EXPECT_EQ(
|
| + "wtc@google.com's COMODO Client Authentication and "
|
| + "Secure Email CA ID",
|
| + nickname);
|
| }
|
| #endif
|
|
|
| @@ -810,75 +801,94 @@ const struct CertificateFormatTestData {
|
| X509Certificate::Format format;
|
| uint8* chain_fingerprints[3];
|
| } kFormatTestData[] = {
|
| - // DER Parsing - single certificate, DER encoded
|
| - { "google.single.der", X509Certificate::FORMAT_SINGLE_CERTIFICATE,
|
| - { google_parse_fingerprint,
|
| - NULL, } },
|
| - // DER parsing - single certificate, PEM encoded
|
| - { "google.single.pem", X509Certificate::FORMAT_SINGLE_CERTIFICATE,
|
| - { google_parse_fingerprint,
|
| - NULL, } },
|
| - // PEM parsing - single certificate, PEM encoded with a PEB of
|
| - // "CERTIFICATE"
|
| - { "google.single.pem", X509Certificate::FORMAT_PEM_CERT_SEQUENCE,
|
| - { google_parse_fingerprint,
|
| - NULL, } },
|
| - // PEM parsing - sequence of certificates, PEM encoded with a PEB of
|
| - // "CERTIFICATE"
|
| - { "google.chain.pem", X509Certificate::FORMAT_PEM_CERT_SEQUENCE,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| - // PKCS#7 parsing - "degenerate" SignedData collection of certificates, DER
|
| - // encoding
|
| - { "google.binary.p7b", X509Certificate::FORMAT_PKCS7,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| - // PKCS#7 parsing - "degenerate" SignedData collection of certificates, PEM
|
| - // encoded with a PEM PEB of "CERTIFICATE"
|
| - { "google.pem_cert.p7b", X509Certificate::FORMAT_PKCS7,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| - // PKCS#7 parsing - "degenerate" SignedData collection of certificates, PEM
|
| - // encoded with a PEM PEB of "PKCS7"
|
| - { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_PKCS7,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| - // All of the above, this time using auto-detection
|
| - { "google.single.der", X509Certificate::FORMAT_AUTO,
|
| - { google_parse_fingerprint,
|
| - NULL, } },
|
| - { "google.single.pem", X509Certificate::FORMAT_AUTO,
|
| - { google_parse_fingerprint,
|
| - NULL, } },
|
| - { "google.chain.pem", X509Certificate::FORMAT_AUTO,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| - { "google.binary.p7b", X509Certificate::FORMAT_AUTO,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| - { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| - { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO,
|
| - { google_parse_fingerprint,
|
| - thawte_parse_fingerprint,
|
| - NULL, } },
|
| + // DER Parsing - single certificate, DER encoded
|
| + {"google.single.der",
|
| + X509Certificate::FORMAT_SINGLE_CERTIFICATE,
|
| + {
|
| + google_parse_fingerprint, NULL,
|
| + }},
|
| + // DER parsing - single certificate, PEM encoded
|
| + {"google.single.pem",
|
| + X509Certificate::FORMAT_SINGLE_CERTIFICATE,
|
| + {
|
| + google_parse_fingerprint, NULL,
|
| + }},
|
| + // PEM parsing - single certificate, PEM encoded with a PEB of
|
| + // "CERTIFICATE"
|
| + {"google.single.pem",
|
| + X509Certificate::FORMAT_PEM_CERT_SEQUENCE,
|
| + {
|
| + google_parse_fingerprint, NULL,
|
| + }},
|
| + // PEM parsing - sequence of certificates, PEM encoded with a PEB of
|
| + // "CERTIFICATE"
|
| + {"google.chain.pem",
|
| + X509Certificate::FORMAT_PEM_CERT_SEQUENCE,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| + // PKCS#7 parsing - "degenerate" SignedData collection of certificates,
|
| + // DER
|
| + // encoding
|
| + {"google.binary.p7b",
|
| + X509Certificate::FORMAT_PKCS7,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| + // PKCS#7 parsing - "degenerate" SignedData collection of certificates,
|
| + // PEM
|
| + // encoded with a PEM PEB of "CERTIFICATE"
|
| + {"google.pem_cert.p7b",
|
| + X509Certificate::FORMAT_PKCS7,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| + // PKCS#7 parsing - "degenerate" SignedData collection of certificates,
|
| + // PEM
|
| + // encoded with a PEM PEB of "PKCS7"
|
| + {"google.pem_pkcs7.p7b",
|
| + X509Certificate::FORMAT_PKCS7,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| + // All of the above, this time using auto-detection
|
| + {"google.single.der",
|
| + X509Certificate::FORMAT_AUTO,
|
| + {
|
| + google_parse_fingerprint, NULL,
|
| + }},
|
| + {"google.single.pem",
|
| + X509Certificate::FORMAT_AUTO,
|
| + {
|
| + google_parse_fingerprint, NULL,
|
| + }},
|
| + {"google.chain.pem",
|
| + X509Certificate::FORMAT_AUTO,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| + {"google.binary.p7b",
|
| + X509Certificate::FORMAT_AUTO,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| + {"google.pem_cert.p7b",
|
| + X509Certificate::FORMAT_AUTO,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| + {"google.pem_pkcs7.p7b",
|
| + X509Certificate::FORMAT_AUTO,
|
| + {
|
| + google_parse_fingerprint, thawte_parse_fingerprint, NULL,
|
| + }},
|
| };
|
|
|
| class X509CertificateParseTest
|
| : public testing::TestWithParam<CertificateFormatTestData> {
|
| public:
|
| virtual ~X509CertificateParseTest() {}
|
| - virtual void SetUp() {
|
| - test_data_ = GetParam();
|
| - }
|
| + virtual void SetUp() { test_data_ = GetParam(); }
|
| virtual void TearDown() {}
|
|
|
| protected:
|
| @@ -891,8 +901,10 @@ TEST_P(X509CertificateParseTest, CanParseFormat) {
|
| certs_dir, test_data_.file_name, test_data_.format);
|
| ASSERT_FALSE(certs.empty());
|
| ASSERT_LE(certs.size(), arraysize(test_data_.chain_fingerprints));
|
| - CheckGoogleCert(certs.front(), google_parse_fingerprint,
|
| - kGoogleParseValidFrom, kGoogleParseValidTo);
|
| + CheckGoogleCert(certs.front(),
|
| + google_parse_fingerprint,
|
| + kGoogleParseValidFrom,
|
| + kGoogleParseValidTo);
|
|
|
| size_t i;
|
| for (i = 0; i < arraysize(test_data_.chain_fingerprints); ++i) {
|
| @@ -917,7 +929,8 @@ TEST_P(X509CertificateParseTest, CanParseFormat) {
|
| }
|
| }
|
|
|
| -INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest,
|
| +INSTANTIATE_TEST_CASE_P(,
|
| + X509CertificateParseTest,
|
| testing::ValuesIn(kFormatTestData));
|
|
|
| struct CertificateNameVerifyTestData {
|
| @@ -942,154 +955,152 @@ struct CertificateNameVerifyTestData {
|
| void PrintTo(const CertificateNameVerifyTestData& data, std::ostream* os) {
|
| ASSERT_TRUE(data.hostname && data.common_name);
|
| // Using StringPiece to allow for optional fields being NULL.
|
| - *os << " expected: " << data.expected
|
| - << "; hostname: " << data.hostname
|
| + *os << " expected: " << data.expected << "; hostname: " << data.hostname
|
| << "; common_name: " << data.common_name
|
| << "; dns_names: " << base::StringPiece(data.dns_names)
|
| << "; ip_addrs: " << base::StringPiece(data.ip_addrs);
|
| }
|
|
|
| const CertificateNameVerifyTestData kNameVerifyTestData[] = {
|
| - { true, "foo.com", "foo.com" },
|
| - { true, "f", "f" },
|
| - { false, "h", "i" },
|
| - { true, "bar.foo.com", "*.foo.com" },
|
| - { true, "www.test.fr", "common.name",
|
| - "*.test.com,*.test.co.uk,*.test.de,*.test.fr" },
|
| - { true, "wwW.tESt.fr", "common.name",
|
| - ",*.*,*.test.de,*.test.FR,www" },
|
| - { false, "f.uk", ".uk" },
|
| - { false, "w.bar.foo.com", "?.bar.foo.com" },
|
| - { false, "www.foo.com", "(www|ftp).foo.com" },
|
| - { false, "www.foo.com", "www.foo.com#" }, // # = null char.
|
| - { false, "www.foo.com", "", "www.foo.com#*.foo.com,#,#" },
|
| - { false, "www.house.example", "ww.house.example" },
|
| - { false, "test.org", "", "www.test.org,*.test.org,*.org" },
|
| - { false, "w.bar.foo.com", "w*.bar.foo.com" },
|
| - { false, "www.bar.foo.com", "ww*ww.bar.foo.com" },
|
| - { false, "wwww.bar.foo.com", "ww*ww.bar.foo.com" },
|
| - { true, "wwww.bar.foo.com", "w*w.bar.foo.com" },
|
| - { false, "wwww.bar.foo.com", "w*w.bar.foo.c0m" },
|
| - { true, "WALLY.bar.foo.com", "wa*.bar.foo.com" },
|
| - { true, "wally.bar.foo.com", "*Ly.bar.foo.com" },
|
| - { true, "ww%57.foo.com", "", "www.foo.com" },
|
| - { true, "www&.foo.com", "www%26.foo.com" },
|
| + {true, "foo.com", "foo.com"},
|
| + {true, "f", "f"},
|
| + {false, "h", "i"},
|
| + {true, "bar.foo.com", "*.foo.com"},
|
| + {true, "www.test.fr", "common.name",
|
| + "*.test.com,*.test.co.uk,*.test.de,*.test.fr"},
|
| + {true, "wwW.tESt.fr", "common.name", ",*.*,*.test.de,*.test.FR,www"},
|
| + {false, "f.uk", ".uk"},
|
| + {false, "w.bar.foo.com", "?.bar.foo.com"},
|
| + {false, "www.foo.com", "(www|ftp).foo.com"},
|
| + {false, "www.foo.com", "www.foo.com#"}, // # = null char.
|
| + {false, "www.foo.com", "", "www.foo.com#*.foo.com,#,#"},
|
| + {false, "www.house.example", "ww.house.example"},
|
| + {false, "test.org", "", "www.test.org,*.test.org,*.org"},
|
| + {false, "w.bar.foo.com", "w*.bar.foo.com"},
|
| + {false, "www.bar.foo.com", "ww*ww.bar.foo.com"},
|
| + {false, "wwww.bar.foo.com", "ww*ww.bar.foo.com"},
|
| + {true, "wwww.bar.foo.com", "w*w.bar.foo.com"},
|
| + {false, "wwww.bar.foo.com", "w*w.bar.foo.c0m"},
|
| + {true, "WALLY.bar.foo.com", "wa*.bar.foo.com"},
|
| + {true, "wally.bar.foo.com", "*Ly.bar.foo.com"},
|
| + {true, "ww%57.foo.com", "", "www.foo.com"},
|
| + {true, "www&.foo.com", "www%26.foo.com"},
|
| // Common name must not be used if subject alternative name was provided.
|
| - { false, "www.test.co.jp", "www.test.co.jp",
|
| - "*.test.de,*.jp,www.test.co.uk,www.*.co.jp" },
|
| - { false, "www.bar.foo.com", "www.bar.foo.com",
|
| - "*.foo.com,*.*.foo.com,*.*.bar.foo.com,*..bar.foo.com," },
|
| - { false, "www.bath.org", "www.bath.org", "", "20.30.40.50" },
|
| - { false, "66.77.88.99", "www.bath.org", "www.bath.org" },
|
| + {false, "www.test.co.jp", "www.test.co.jp",
|
| + "*.test.de,*.jp,www.test.co.uk,www.*.co.jp"},
|
| + {false, "www.bar.foo.com", "www.bar.foo.com",
|
| + "*.foo.com,*.*.foo.com,*.*.bar.foo.com,*..bar.foo.com,"},
|
| + {false, "www.bath.org", "www.bath.org", "", "20.30.40.50"},
|
| + {false, "66.77.88.99", "www.bath.org", "www.bath.org"},
|
| // IDN tests
|
| - { true, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br" },
|
| - { true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br" },
|
| - { false, "xn--poema-9qae5a.com.br", "", "*.xn--poema-9qae5a.com.br,"
|
| - "xn--poema-*.com.br,"
|
| - "xn--*-9qae5a.com.br,"
|
| - "*--poema-9qae5a.com.br" },
|
| + {true, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br"},
|
| + {true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br"},
|
| + {false, "xn--poema-9qae5a.com.br", "",
|
| + "*.xn--poema-9qae5a.com.br,"
|
| + "xn--poema-*.com.br,"
|
| + "xn--*-9qae5a.com.br,"
|
| + "*--poema-9qae5a.com.br"},
|
| // The following are adapted from the examples quoted from
|
| // http://tools.ietf.org/html/rfc6125#section-6.4.3
|
| // (e.g., *.example.com would match foo.example.com but
|
| // not bar.foo.example.com or example.com).
|
| - { true, "foo.example.com", "*.example.com" },
|
| - { false, "bar.foo.example.com", "*.example.com" },
|
| - { false, "example.com", "*.example.com" },
|
| + {true, "foo.example.com", "*.example.com"},
|
| + {false, "bar.foo.example.com", "*.example.com"},
|
| + {false, "example.com", "*.example.com"},
|
| // (e.g., baz*.example.net and *baz.example.net and b*z.example.net would
|
| // be taken to match baz1.example.net and foobaz.example.net and
|
| // buzz.example.net, respectively
|
| - { true, "baz1.example.net", "baz*.example.net" },
|
| - { true, "foobaz.example.net", "*baz.example.net" },
|
| - { true, "buzz.example.net", "b*z.example.net" },
|
| + {true, "baz1.example.net", "baz*.example.net"},
|
| + {true, "foobaz.example.net", "*baz.example.net"},
|
| + {true, "buzz.example.net", "b*z.example.net"},
|
| // Wildcards should not be valid for public registry controlled domains,
|
| // and unknown/unrecognized domains, at least three domain components must
|
| // be present.
|
| - { true, "www.test.example", "*.test.example" },
|
| - { true, "test.example.co.uk", "*.example.co.uk" },
|
| - { false, "test.example", "*.exmaple" },
|
| - { false, "example.co.uk", "*.co.uk" },
|
| - { false, "foo.com", "*.com" },
|
| - { false, "foo.us", "*.us" },
|
| - { false, "foo", "*" },
|
| + {true, "www.test.example", "*.test.example"},
|
| + {true, "test.example.co.uk", "*.example.co.uk"},
|
| + {false, "test.example", "*.exmaple"},
|
| + {false, "example.co.uk", "*.co.uk"},
|
| + {false, "foo.com", "*.com"},
|
| + {false, "foo.us", "*.us"},
|
| + {false, "foo", "*"},
|
| // IDN variants of wildcards and registry controlled domains.
|
| - { true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br" },
|
| - { true, "test.example.xn--mgbaam7a8h", "*.example.xn--mgbaam7a8h" },
|
| - { false, "xn--poema-9qae5a.com.br", "*.com.br" },
|
| - { false, "example.xn--mgbaam7a8h", "*.xn--mgbaam7a8h" },
|
| + {true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br"},
|
| + {true, "test.example.xn--mgbaam7a8h", "*.example.xn--mgbaam7a8h"},
|
| + {false, "xn--poema-9qae5a.com.br", "*.com.br"},
|
| + {false, "example.xn--mgbaam7a8h", "*.xn--mgbaam7a8h"},
|
| // Wildcards should be permissible for 'private' registry controlled
|
| // domains.
|
| - { true, "www.appspot.com", "*.appspot.com" },
|
| - { true, "foo.s3.amazonaws.com", "*.s3.amazonaws.com" },
|
| + {true, "www.appspot.com", "*.appspot.com"},
|
| + {true, "foo.s3.amazonaws.com", "*.s3.amazonaws.com"},
|
| // Multiple wildcards are not valid.
|
| - { false, "foo.example.com", "*.*.com" },
|
| - { false, "foo.bar.example.com", "*.bar.*.com" },
|
| + {false, "foo.example.com", "*.*.com"},
|
| + {false, "foo.bar.example.com", "*.bar.*.com"},
|
| // Absolute vs relative DNS name tests. Although not explicitly specified
|
| // in RFC 6125, absolute reference names (those ending in a .) should
|
| // match either absolute or relative presented names.
|
| - { true, "foo.com", "foo.com." },
|
| - { true, "foo.com.", "foo.com" },
|
| - { true, "foo.com.", "foo.com." },
|
| - { true, "f", "f." },
|
| - { true, "f.", "f" },
|
| - { true, "f.", "f." },
|
| - { true, "www-3.bar.foo.com", "*.bar.foo.com." },
|
| - { true, "www-3.bar.foo.com.", "*.bar.foo.com" },
|
| - { true, "www-3.bar.foo.com.", "*.bar.foo.com." },
|
| - { false, ".", "." },
|
| - { false, "example.com", "*.com." },
|
| - { false, "example.com.", "*.com" },
|
| - { false, "example.com.", "*.com." },
|
| - { false, "foo.", "*." },
|
| - { false, "foo", "*." },
|
| - { false, "foo.co.uk", "*.co.uk." },
|
| - { false, "foo.co.uk.", "*.co.uk." },
|
| + {true, "foo.com", "foo.com."},
|
| + {true, "foo.com.", "foo.com"},
|
| + {true, "foo.com.", "foo.com."},
|
| + {true, "f", "f."},
|
| + {true, "f.", "f"},
|
| + {true, "f.", "f."},
|
| + {true, "www-3.bar.foo.com", "*.bar.foo.com."},
|
| + {true, "www-3.bar.foo.com.", "*.bar.foo.com"},
|
| + {true, "www-3.bar.foo.com.", "*.bar.foo.com."},
|
| + {false, ".", "."},
|
| + {false, "example.com", "*.com."},
|
| + {false, "example.com.", "*.com"},
|
| + {false, "example.com.", "*.com."},
|
| + {false, "foo.", "*."},
|
| + {false, "foo", "*."},
|
| + {false, "foo.co.uk", "*.co.uk."},
|
| + {false, "foo.co.uk.", "*.co.uk."},
|
| // IP addresses in common name; IPv4 only.
|
| - { true, "127.0.0.1", "127.0.0.1" },
|
| - { true, "192.168.1.1", "192.168.1.1" },
|
| - { true, "676768", "0.10.83.160" },
|
| - { true, "1.2.3", "1.2.0.3" },
|
| - { false, "192.169.1.1", "192.168.1.1" },
|
| - { false, "12.19.1.1", "12.19.1.1/255.255.255.0" },
|
| - { false, "FEDC:ba98:7654:3210:FEDC:BA98:7654:3210",
|
| - "FEDC:BA98:7654:3210:FEDC:ba98:7654:3210" },
|
| - { false, "1111:2222:3333:4444:5555:6666:7777:8888",
|
| - "1111:2222:3333:4444:5555:6666:7777:8888" },
|
| - { false, "::192.9.5.5", "[::192.9.5.5]" },
|
| + {true, "127.0.0.1", "127.0.0.1"},
|
| + {true, "192.168.1.1", "192.168.1.1"},
|
| + {true, "676768", "0.10.83.160"},
|
| + {true, "1.2.3", "1.2.0.3"},
|
| + {false, "192.169.1.1", "192.168.1.1"},
|
| + {false, "12.19.1.1", "12.19.1.1/255.255.255.0"},
|
| + {false, "FEDC:ba98:7654:3210:FEDC:BA98:7654:3210",
|
| + "FEDC:BA98:7654:3210:FEDC:ba98:7654:3210"},
|
| + {false, "1111:2222:3333:4444:5555:6666:7777:8888",
|
| + "1111:2222:3333:4444:5555:6666:7777:8888"},
|
| + {false, "::192.9.5.5", "[::192.9.5.5]"},
|
| // No wildcard matching in valid IP addresses
|
| - { false, "::192.9.5.5", "*.9.5.5" },
|
| - { false, "2010:836B:4179::836B:4179", "*:836B:4179::836B:4179" },
|
| - { false, "192.168.1.11", "*.168.1.11" },
|
| - { false, "FEDC:BA98:7654:3210:FEDC:BA98:7654:3210", "*.]" },
|
| + {false, "::192.9.5.5", "*.9.5.5"},
|
| + {false, "2010:836B:4179::836B:4179", "*:836B:4179::836B:4179"},
|
| + {false, "192.168.1.11", "*.168.1.11"},
|
| + {false, "FEDC:BA98:7654:3210:FEDC:BA98:7654:3210", "*.]"},
|
| // IP addresses in subject alternative name (common name ignored)
|
| - { true, "10.1.2.3", "", "", "10.1.2.3" },
|
| - { true, "14.15", "", "", "14.0.0.15" },
|
| - { false, "10.1.2.7", "10.1.2.7", "", "10.1.2.6,10.1.2.8" },
|
| - { false, "10.1.2.8", "10.20.2.8", "foo" },
|
| - { true, "::4.5.6.7", "", "", "x00000000000000000000000004050607" },
|
| - { false, "::6.7.8.9", "::6.7.8.9", "::6.7.8.9",
|
| - "x00000000000000000000000006070808,x0000000000000000000000000607080a,"
|
| - "xff000000000000000000000006070809,6.7.8.9" },
|
| - { true, "FE80::200:f8ff:fe21:67cf", "no.common.name", "",
|
| - "x00000000000000000000000006070808,xfe800000000000000200f8fffe2167cf,"
|
| - "xff0000000000000000000000060708ff,10.0.0.1" },
|
| + {true, "10.1.2.3", "", "", "10.1.2.3"},
|
| + {true, "14.15", "", "", "14.0.0.15"},
|
| + {false, "10.1.2.7", "10.1.2.7", "", "10.1.2.6,10.1.2.8"},
|
| + {false, "10.1.2.8", "10.20.2.8", "foo"},
|
| + {true, "::4.5.6.7", "", "", "x00000000000000000000000004050607"},
|
| + {false, "::6.7.8.9", "::6.7.8.9", "::6.7.8.9",
|
| + "x00000000000000000000000006070808,x0000000000000000000000000607080a,"
|
| + "xff000000000000000000000006070809,6.7.8.9"},
|
| + {true, "FE80::200:f8ff:fe21:67cf", "no.common.name", "",
|
| + "x00000000000000000000000006070808,xfe800000000000000200f8fffe2167cf,"
|
| + "xff0000000000000000000000060708ff,10.0.0.1"},
|
| // Numeric only hostnames (none of these are considered valid IP addresses).
|
| - { false, "12345.6", "12345.6" },
|
| - { false, "121.2.3.512", "", "1*1.2.3.512,*1.2.3.512,1*.2.3.512,*.2.3.512",
|
| - "121.2.3.0"},
|
| - { false, "1.2.3.4.5.6", "*.2.3.4.5.6" },
|
| - { true, "1.2.3.4.5", "", "1.2.3.4.5" },
|
| + {false, "12345.6", "12345.6"},
|
| + {false, "121.2.3.512", "", "1*1.2.3.512,*1.2.3.512,1*.2.3.512,*.2.3.512",
|
| + "121.2.3.0"},
|
| + {false, "1.2.3.4.5.6", "*.2.3.4.5.6"},
|
| + {true, "1.2.3.4.5", "", "1.2.3.4.5"},
|
| // Invalid host names.
|
| - { false, "junk)(£)$*!@~#", "junk)(£)$*!@~#" },
|
| - { false, "www.*.com", "www.*.com" },
|
| - { false, "w$w.f.com", "w$w.f.com" },
|
| - { false, "nocolonallowed:example", "", "nocolonallowed:example" },
|
| - { false, "www-1.[::FFFF:129.144.52.38]", "*.[::FFFF:129.144.52.38]" },
|
| - { false, "[::4.5.6.9]", "", "", "x00000000000000000000000004050609" },
|
| + {false, "junk)(£)$*!@~#", "junk)(£)$*!@~#"},
|
| + {false, "www.*.com", "www.*.com"},
|
| + {false, "w$w.f.com", "w$w.f.com"},
|
| + {false, "nocolonallowed:example", "", "nocolonallowed:example"},
|
| + {false, "www-1.[::FFFF:129.144.52.38]", "*.[::FFFF:129.144.52.38]"},
|
| + {false, "[::4.5.6.9]", "", "", "x00000000000000000000000004050609"},
|
| };
|
|
|
| class X509CertificateNameVerifyTest
|
| - : public testing::TestWithParam<CertificateNameVerifyTestData> {
|
| -};
|
| + : public testing::TestWithParam<CertificateNameVerifyTestData> {};
|
|
|
| TEST_P(X509CertificateNameVerifyTest, VerifyHostname) {
|
| CertificateNameVerifyTestData test_data = GetParam();
|
| @@ -1119,8 +1130,8 @@ TEST_P(X509CertificateNameVerifyTest, VerifyHostname) {
|
| std::vector<uint8> bytes;
|
| EXPECT_TRUE(base::HexStringToBytes(addr_ascii, &bytes))
|
| << "Could not parse hex address " << addr_ascii << " i = " << i;
|
| - ip_addressses.push_back(std::string(reinterpret_cast<char*>(&bytes[0]),
|
| - bytes.size()));
|
| + ip_addressses.push_back(
|
| + std::string(reinterpret_cast<char*>(&bytes[0]), bytes.size()));
|
| ASSERT_EQ(16U, ip_addressses.back().size()) << i;
|
| } else { // Decimal groups
|
| std::vector<std::string> decimals_ascii;
|
| @@ -1141,11 +1152,14 @@ TEST_P(X509CertificateNameVerifyTest, VerifyHostname) {
|
| }
|
|
|
| bool unused = false;
|
| - EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(
|
| - test_data.hostname, common_name, dns_names, ip_addressses, &unused));
|
| + EXPECT_EQ(
|
| + test_data.expected,
|
| + X509Certificate::VerifyHostname(
|
| + test_data.hostname, common_name, dns_names, ip_addressses, &unused));
|
| }
|
|
|
| -INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,
|
| +INSTANTIATE_TEST_CASE_P(,
|
| + X509CertificateNameVerifyTest,
|
| testing::ValuesIn(kNameVerifyTestData));
|
|
|
| const struct PublicKeyInfoTestData {
|
| @@ -1153,17 +1167,16 @@ const struct PublicKeyInfoTestData {
|
| size_t expected_bits;
|
| X509Certificate::PublicKeyType expected_type;
|
| } kPublicKeyInfoTestData[] = {
|
| - { "768-rsa-ee-by-768-rsa-intermediate.pem", 768,
|
| - X509Certificate::kPublicKeyTypeRSA },
|
| - { "1024-rsa-ee-by-768-rsa-intermediate.pem", 1024,
|
| - X509Certificate::kPublicKeyTypeRSA },
|
| - { "prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem", 256,
|
| - X509Certificate::kPublicKeyTypeECDSA },
|
| + {"768-rsa-ee-by-768-rsa-intermediate.pem", 768,
|
| + X509Certificate::kPublicKeyTypeRSA},
|
| + {"1024-rsa-ee-by-768-rsa-intermediate.pem", 1024,
|
| + X509Certificate::kPublicKeyTypeRSA},
|
| + {"prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem", 256,
|
| + X509Certificate::kPublicKeyTypeECDSA},
|
| };
|
|
|
| class X509CertificatePublicKeyInfoTest
|
| - : public testing::TestWithParam<PublicKeyInfoTestData> {
|
| -};
|
| + : public testing::TestWithParam<PublicKeyInfoTestData> {};
|
|
|
| TEST_P(X509CertificatePublicKeyInfoTest, GetPublicKeyInfo) {
|
| PublicKeyInfoTestData data = GetParam();
|
| @@ -1184,14 +1197,15 @@ TEST_P(X509CertificatePublicKeyInfoTest, GetPublicKeyInfo) {
|
| X509Certificate::PublicKeyType actual_type =
|
| X509Certificate::kPublicKeyTypeUnknown;
|
|
|
| - X509Certificate::GetPublicKeyInfo(cert->os_cert_handle(), &actual_bits,
|
| - &actual_type);
|
| + X509Certificate::GetPublicKeyInfo(
|
| + cert->os_cert_handle(), &actual_bits, &actual_type);
|
|
|
| EXPECT_EQ(data.expected_bits, actual_bits);
|
| EXPECT_EQ(data.expected_type, actual_type);
|
| }
|
|
|
| -INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest,
|
| +INSTANTIATE_TEST_CASE_P(,
|
| + X509CertificatePublicKeyInfoTest,
|
| testing::ValuesIn(kPublicKeyInfoTestData));
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
