| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/pickle.h" | 10 #include "base/pickle.h" |
| (...skipping 953 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 964 { false, "f.uk", ".uk" }, | 964 { false, "f.uk", ".uk" }, |
| 965 { false, "w.bar.foo.com", "?.bar.foo.com" }, | 965 { false, "w.bar.foo.com", "?.bar.foo.com" }, |
| 966 { false, "www.foo.com", "(www|ftp).foo.com" }, | 966 { false, "www.foo.com", "(www|ftp).foo.com" }, |
| 967 { false, "www.foo.com", "www.foo.com#" }, // # = null char. | 967 { false, "www.foo.com", "www.foo.com#" }, // # = null char. |
| 968 { false, "www.foo.com", "", "www.foo.com#*.foo.com,#,#" }, | 968 { false, "www.foo.com", "", "www.foo.com#*.foo.com,#,#" }, |
| 969 { false, "www.house.example", "ww.house.example" }, | 969 { false, "www.house.example", "ww.house.example" }, |
| 970 { false, "test.org", "", "www.test.org,*.test.org,*.org" }, | 970 { false, "test.org", "", "www.test.org,*.test.org,*.org" }, |
| 971 { false, "w.bar.foo.com", "w*.bar.foo.com" }, | 971 { false, "w.bar.foo.com", "w*.bar.foo.com" }, |
| 972 { false, "www.bar.foo.com", "ww*ww.bar.foo.com" }, | 972 { false, "www.bar.foo.com", "ww*ww.bar.foo.com" }, |
| 973 { false, "wwww.bar.foo.com", "ww*ww.bar.foo.com" }, | 973 { false, "wwww.bar.foo.com", "ww*ww.bar.foo.com" }, |
| 974 { true, "wwww.bar.foo.com", "w*w.bar.foo.com" }, | 974 { false, "wwww.bar.foo.com", "w*w.bar.foo.com" }, |
| 975 { false, "wwww.bar.foo.com", "w*w.bar.foo.c0m" }, | 975 { false, "wwww.bar.foo.com", "w*w.bar.foo.c0m" }, |
| 976 { true, "WALLY.bar.foo.com", "wa*.bar.foo.com" }, | 976 { false, "WALLY.bar.foo.com", "wa*.bar.foo.com" }, |
| 977 { true, "wally.bar.foo.com", "*Ly.bar.foo.com" }, | 977 { false, "wally.bar.foo.com", "*Ly.bar.foo.com" }, |
| 978 { true, "ww%57.foo.com", "", "www.foo.com" }, | 978 { true, "ww%57.foo.com", "", "www.foo.com" }, |
| 979 { true, "www&.foo.com", "www%26.foo.com" }, | 979 { true, "www&.foo.com", "www%26.foo.com" }, |
| 980 // Common name must not be used if subject alternative name was provided. | 980 // Common name must not be used if subject alternative name was provided. |
| 981 { false, "www.test.co.jp", "www.test.co.jp", | 981 { false, "www.test.co.jp", "www.test.co.jp", |
| 982 "*.test.de,*.jp,www.test.co.uk,www.*.co.jp" }, | 982 "*.test.de,*.jp,www.test.co.uk,www.*.co.jp" }, |
| 983 { false, "www.bar.foo.com", "www.bar.foo.com", | 983 { false, "www.bar.foo.com", "www.bar.foo.com", |
| 984 "*.foo.com,*.*.foo.com,*.*.bar.foo.com,*..bar.foo.com," }, | 984 "*.foo.com,*.*.foo.com,*.*.bar.foo.com,*..bar.foo.com," }, |
| 985 { false, "www.bath.org", "www.bath.org", "", "20.30.40.50" }, | 985 { false, "www.bath.org", "www.bath.org", "", "20.30.40.50" }, |
| 986 { false, "66.77.88.99", "www.bath.org", "www.bath.org" }, | 986 { false, "66.77.88.99", "www.bath.org", "www.bath.org" }, |
| 987 // IDN tests | 987 // IDN tests |
| 988 { true, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br" }, | 988 { true, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br" }, |
| 989 { true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br" }, | 989 { true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br" }, |
| 990 { false, "xn--poema-9qae5a.com.br", "", "*.xn--poema-9qae5a.com.br," | 990 { false, "xn--poema-9qae5a.com.br", "", "*.xn--poema-9qae5a.com.br," |
| 991 "xn--poema-*.com.br," | 991 "xn--poema-*.com.br," |
| 992 "xn--*-9qae5a.com.br," | 992 "xn--*-9qae5a.com.br," |
| 993 "*--poema-9qae5a.com.br" }, | 993 "*--poema-9qae5a.com.br" }, |
| 994 // The following are adapted from the examples quoted from | 994 // The following are adapted from the examples quoted from |
| 995 // http://tools.ietf.org/html/rfc6125#section-6.4.3 | 995 // http://tools.ietf.org/html/rfc6125#section-6.4.3 |
| 996 // (e.g., *.example.com would match foo.example.com but | 996 // (e.g., *.example.com would match foo.example.com but |
| 997 // not bar.foo.example.com or example.com). | 997 // not bar.foo.example.com or example.com). |
| 998 { true, "foo.example.com", "*.example.com" }, | 998 { true, "foo.example.com", "*.example.com" }, |
| 999 { false, "bar.foo.example.com", "*.example.com" }, | 999 { false, "bar.foo.example.com", "*.example.com" }, |
| 1000 { false, "example.com", "*.example.com" }, | 1000 { false, "example.com", "*.example.com" }, |
| 1001 // (e.g., baz*.example.net and *baz.example.net and b*z.example.net would | 1001 // Partial wildcards are disallowed, though RFC 2818 rules allow them. |
| 1002 // be taken to match baz1.example.net and foobaz.example.net and | 1002 // That is, forms such as baz*.example.net, *baz.example.net, and |
| 1003 // buzz.example.net, respectively | 1003 // b*z.example.net should NOT match domains. Instead, the wildcard must |
| 1004 { true, "baz1.example.net", "baz*.example.net" }, | 1004 // always be the left-most label, and only a single label. |
| 1005 { true, "foobaz.example.net", "*baz.example.net" }, | 1005 { false, "baz1.example.net", "baz*.example.net" }, |
| 1006 { true, "buzz.example.net", "b*z.example.net" }, | 1006 { false, "foobaz.example.net", "*baz.example.net" }, |
| 1007 { false, "buzz.example.net", "b*z.example.net" }, |
| 1008 { false, "www.test.example.net", "www.*.example.net" }, |
| 1007 // Wildcards should not be valid for public registry controlled domains, | 1009 // Wildcards should not be valid for public registry controlled domains, |
| 1008 // and unknown/unrecognized domains, at least three domain components must | 1010 // and unknown/unrecognized domains, at least three domain components must |
| 1009 // be present. | 1011 // be present. |
| 1010 { true, "www.test.example", "*.test.example" }, | 1012 { true, "www.test.example", "*.test.example" }, |
| 1011 { true, "test.example.co.uk", "*.example.co.uk" }, | 1013 { true, "test.example.co.uk", "*.example.co.uk" }, |
| 1012 { false, "test.example", "*.exmaple" }, | 1014 { false, "test.example", "*.exmaple" }, |
| 1013 { false, "example.co.uk", "*.co.uk" }, | 1015 { false, "example.co.uk", "*.co.uk" }, |
| 1014 { false, "foo.com", "*.com" }, | 1016 { false, "foo.com", "*.com" }, |
| 1015 { false, "foo.us", "*.us" }, | 1017 { false, "foo.us", "*.us" }, |
| 1016 { false, "foo", "*" }, | 1018 { false, "foo", "*" }, |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1191 &actual_type); | 1193 &actual_type); |
| 1192 | 1194 |
| 1193 EXPECT_EQ(data.expected_bits, actual_bits); | 1195 EXPECT_EQ(data.expected_bits, actual_bits); |
| 1194 EXPECT_EQ(data.expected_type, actual_type); | 1196 EXPECT_EQ(data.expected_type, actual_type); |
| 1195 } | 1197 } |
| 1196 | 1198 |
| 1197 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, | 1199 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, |
| 1198 testing::ValuesIn(kPublicKeyInfoTestData)); | 1200 testing::ValuesIn(kPublicKeyInfoTestData)); |
| 1199 | 1201 |
| 1200 } // namespace net | 1202 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 762013002:
Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard ha… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master