Add a DevTools warning for a missing subjectAltName

net/cert/x509_certificate_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include <stdint.h>
 
 #include <memory>
 
@@ skipping 379 matching lines @@
                 cert_chain3->GetIntermediateCertificates()));
 }
 
 TEST(X509CertificateTest, ParseSubjectAltNames) {
   base::FilePath certs_dir = GetTestCertsDirectory();
 
   scoped_refptr<X509Certificate> san_cert =
       ImportCertFromFile(certs_dir, "subjectAltName_sanity_check.pem");
   ASSERT_NE(static_cast<X509Certificate*>(NULL), san_cert.get());
 
+  // Ensure that testing for SAN without using it is accepted.
+  EXPECT_TRUE(san_cert->GetSubjectAltName(nullptr, nullptr));
+
+  // Ensure that it's possible to get just dNSNames.
   std::vector<std::string> dns_names;
+  EXPECT_TRUE(san_cert->GetSubjectAltName(&dns_names, nullptr));
+
+  // Ensure that it's possible to get just iPAddresses.
   std::vector<std::string> ip_addresses;
-  san_cert->GetSubjectAltName(&dns_names, &ip_addresses);
+  EXPECT_TRUE(san_cert->GetSubjectAltName(nullptr, &ip_addresses));
 
   // Ensure that DNS names are correctly parsed.
   ASSERT_EQ(1U, dns_names.size());
   EXPECT_EQ("test.example", dns_names[0]);
 
   // Ensure that both IPv4 and IPv6 addresses are correctly parsed.
   ASSERT_EQ(2U, ip_addresses.size());
 
   static const uint8_t kIPv4Address[] = {
       0x7F, 0x00, 0x00, 0x02
   };
   ASSERT_EQ(arraysize(kIPv4Address), ip_addresses[0].size());
   EXPECT_EQ(0, memcmp(ip_addresses[0].data(), kIPv4Address,
                       arraysize(kIPv4Address)));
 
   static const uint8_t kIPv6Address[] = {
       0xFE, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
   };
   ASSERT_EQ(arraysize(kIPv6Address), ip_addresses[1].size());
   EXPECT_EQ(0, memcmp(ip_addresses[1].data(), kIPv6Address,
                       arraysize(kIPv6Address)));
 
   // Ensure the subjectAltName dirName has not influenced the handling of
   // the subject commonName.
   EXPECT_EQ("127.0.0.1", san_cert->subject().common_name);
+
+  scoped_refptr<X509Certificate> no_san_cert =
+      ImportCertFromFile(certs_dir, "salesforce_com_test.pem");
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), no_san_cert.get());
+
+  EXPECT_NE(0u, dns_names.size());
+  EXPECT_NE(0u, ip_addresses.size());
+  EXPECT_FALSE(no_san_cert->GetSubjectAltName(&dns_names, &ip_addresses));
+  EXPECT_EQ(0u, dns_names.size());
+  EXPECT_EQ(0u, ip_addresses.size());
 }
 
 #if defined(USE_NSS_CERTS)
 TEST(X509CertificateTest, ParseClientSubjectAltNames) {
   base::FilePath certs_dir = GetTestCertsDirectory();
 
   // This cert contains one rfc822Name field, and one Microsoft UPN
   // otherName field.
   scoped_refptr<X509Certificate> san_cert =
       ImportCertFromFile(certs_dir, "client_3.pem");
@@ skipping 763 matching lines @@
                                     &actual_type);
 
   EXPECT_EQ(data.expected_bits, actual_bits);
   EXPECT_EQ(data.expected_type, actual_type);
 }
 
 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest,
                         testing::ValuesIn(kPublicKeyInfoTestData));
 
 }  // namespace net