Chromium Code Reviews Chromium Code Reviews
Issue 2719273002:
Disable commonName matching for certificates (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 | 10 |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 160 const Time& valid_expiry = webkit_cert->valid_expiry(); | 160 const Time& valid_expiry = webkit_cert->valid_expiry(); |
| 161 EXPECT_EQ(1300491319, valid_expiry.ToDoubleT()); // Mar 18 23:35:19 2011 GMT | 161 EXPECT_EQ(1300491319, valid_expiry.ToDoubleT()); // Mar 18 23:35:19 2011 GMT |
| 162 | 162 |
| 163 std::vector<std::string> dns_names; | 163 std::vector<std::string> dns_names; |
| 164 webkit_cert->GetDNSNames(&dns_names); | 164 webkit_cert->GetDNSNames(&dns_names); |
| 165 ASSERT_EQ(2U, dns_names.size()); | 165 ASSERT_EQ(2U, dns_names.size()); |
| 166 EXPECT_EQ("*.webkit.org", dns_names[0]); | 166 EXPECT_EQ("*.webkit.org", dns_names[0]); |
| 167 EXPECT_EQ("webkit.org", dns_names[1]); | 167 EXPECT_EQ("webkit.org", dns_names[1]); |
| 168 | 168 |
| 169 // Test that the wildcard cert matches properly. | 169 // Test that the wildcard cert matches properly. |
| 170 bool unused = false; | 170 EXPECT_TRUE(webkit_cert->VerifyNameMatch("www.webkit.org", false)); |
| 171 EXPECT_TRUE(webkit_cert->VerifyNameMatch("www.webkit.org", &unused)); | 171 EXPECT_TRUE(webkit_cert->VerifyNameMatch("foo.webkit.org", false)); |
| 172 EXPECT_TRUE(webkit_cert->VerifyNameMatch("foo.webkit.org", &unused)); | 172 EXPECT_TRUE(webkit_cert->VerifyNameMatch("webkit.org", false)); |
| 173 EXPECT_TRUE(webkit_cert->VerifyNameMatch("webkit.org", &unused)); | 173 EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.webkit.com", false)); |
| 174 EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.webkit.com", &unused)); | 174 EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com", false)); |
| 175 EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com", &unused)); | |
| 176 } | 175 } |
| 177 | 176 |
| 178 TEST(X509CertificateTest, ThawteCertParsing) { | 177 TEST(X509CertificateTest, ThawteCertParsing) { |
| 179 scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes( | 178 scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes( |
| 180 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); | 179 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); |
| 181 | 180 |
| 182 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert.get()); | 181 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert.get()); |
| 183 | 182 |
| 184 const CertPrincipal& subject = thawte_cert->subject(); | 183 const CertPrincipal& subject = thawte_cert->subject(); |
| 185 EXPECT_EQ("www.thawte.com", subject.common_name); | 184 EXPECT_EQ("www.thawte.com", subject.common_name); |
| (...skipping 950 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1136 EXPECT_GE(decimal_value, 0); | 1135 EXPECT_GE(decimal_value, 0); |
| 1137 EXPECT_LE(decimal_value, 255); | 1136 EXPECT_LE(decimal_value, 255); |
| 1138 addr_bytes.push_back(static_cast<char>(decimal_value)); | 1137 addr_bytes.push_back(static_cast<char>(decimal_value)); |
| 1139 } | 1138 } |
| 1140 ip_addressses.push_back(addr_bytes); | 1139 ip_addressses.push_back(addr_bytes); |
| 1141 ASSERT_EQ(4U, ip_addressses.back().size()) << i; | 1140 ASSERT_EQ(4U, ip_addressses.back().size()) << i; |
| 1142 } | 1141 } |
| 1143 } | 1142 } |
| 1144 } | 1143 } |
| 1145 | 1144 |
| 1146 bool unused = false; | |
| 1147 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1145 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
| 1148 test_data.hostname, common_name, dns_names, ip_addressses, &unused)); | 1146 test_data.hostname, common_name, dns_names, ip_addressses, true)); |
|
Ryan Sleevi
2017/02/28 02:16:58
I'll be adding additional tests to cover these per
| |
| 1149 } | 1147 } |
| 1150 | 1148 |
| 1151 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1149 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
| 1152 testing::ValuesIn(kNameVerifyTestData)); | 1150 testing::ValuesIn(kNameVerifyTestData)); |
| 1153 | 1151 |
| 1154 const struct PublicKeyInfoTestData { | 1152 const struct PublicKeyInfoTestData { |
| 1155 const char* cert_file; | 1153 const char* cert_file; |
| 1156 size_t expected_bits; | 1154 size_t expected_bits; |
| 1157 X509Certificate::PublicKeyType expected_type; | 1155 X509Certificate::PublicKeyType expected_type; |
| 1158 } kPublicKeyInfoTestData[] = { | 1156 } kPublicKeyInfoTestData[] = { |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1194 &actual_type); | 1192 &actual_type); |
| 1195 | 1193 |
| 1196 EXPECT_EQ(data.expected_bits, actual_bits); | 1194 EXPECT_EQ(data.expected_bits, actual_bits); |
| 1197 EXPECT_EQ(data.expected_type, actual_type); | 1195 EXPECT_EQ(data.expected_type, actual_type); |
| 1198 } | 1196 } |
| 1199 | 1197 |
| 1200 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, | 1198 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, |
| 1201 testing::ValuesIn(kPublicKeyInfoTestData)); | 1199 testing::ValuesIn(kPublicKeyInfoTestData)); |
| 1202 | 1200 |
| 1203 } // namespace net | 1201 } // namespace net |
| OLD | NEW |
