1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "general_names.h"
6
7 #include "test_helpers.h"
8 #include <gtest/gtest.h>
9
10 namespace bssl {
11 namespace {
12
LoadTestData(const char * token,const std::string & basename,std::string * result)13 ::testing::AssertionResult LoadTestData(const char* token,
14 const std::string& basename,
15 std::string* result) {
16 std::string path = "testdata/name_constraints_unittest/" + basename;
17
18 const PemBlockMapping mappings[] = {
19 {token, result},
20 };
21
22 return ReadTestDataFromPemFile(path, mappings);
23 }
24
LoadTestSubjectAltNameData(const std::string & basename,std::string * result)25 ::testing::AssertionResult LoadTestSubjectAltNameData(
26 const std::string& basename,
27 std::string* result) {
28 return LoadTestData("SUBJECT ALTERNATIVE NAME", basename, result);
29 }
30
ReplaceFirstSubstring(std::string * str,std::string_view substr,std::string_view replacement)31 void ReplaceFirstSubstring(std::string* str,
32 std::string_view substr,
33 std::string_view replacement) {
34 size_t idx = str->find(substr);
35 if (idx != std::string::npos) {
36 str->replace(idx, substr.size(), replacement);
37 }
38 }
39
40 } // namespace
41
TEST(GeneralNames,CreateFailsOnEmptySubjectAltName)42 TEST(GeneralNames, CreateFailsOnEmptySubjectAltName) {
43 std::string invalid_san_der;
44 ASSERT_TRUE(
45 LoadTestSubjectAltNameData("san-invalid-empty.pem", &invalid_san_der));
46 CertErrors errors;
47 EXPECT_FALSE(GeneralNames::Create(der::Input(invalid_san_der), &errors));
48 }
49
TEST(GeneralNames,OtherName)50 TEST(GeneralNames, OtherName) {
51 std::string san_der;
52 ASSERT_TRUE(LoadTestSubjectAltNameData("san-othername.pem", &san_der));
53
54 CertErrors errors;
55 std::unique_ptr<GeneralNames> general_names =
56 GeneralNames::Create(der::Input(san_der), &errors);
57 ASSERT_TRUE(general_names);
58 EXPECT_EQ(GENERAL_NAME_OTHER_NAME, general_names->present_name_types);
59 const uint8_t expected_der[] = {0x06, 0x04, 0x2a, 0x03, 0x04, 0x05,
60 0x04, 0x04, 0xde, 0xad, 0xbe, 0xef};
61 ASSERT_EQ(1U, general_names->other_names.size());
62 EXPECT_EQ(der::Input(expected_der), general_names->other_names[0]);
63 }
64
TEST(GeneralNames,RFC822Name)65 TEST(GeneralNames, RFC822Name) {
66 std::string san_der;
67 ASSERT_TRUE(LoadTestSubjectAltNameData("san-rfc822name.pem", &san_der));
68
69 CertErrors errors;
70 std::unique_ptr<GeneralNames> general_names =
71 GeneralNames::Create(der::Input(san_der), &errors);
72 ASSERT_TRUE(general_names);
73 EXPECT_EQ(GENERAL_NAME_RFC822_NAME, general_names->present_name_types);
74 ASSERT_EQ(1U, general_names->rfc822_names.size());
75 EXPECT_EQ("foo@example.com", general_names->rfc822_names[0]);
76 }
77
TEST(GeneralNames,CreateFailsOnNonAsciiRFC822Name)78 TEST(GeneralNames, CreateFailsOnNonAsciiRFC822Name) {
79 std::string san_der;
80 ASSERT_TRUE(LoadTestSubjectAltNameData("san-rfc822name.pem", &san_der));
81 ReplaceFirstSubstring(&san_der, "foo@example.com", "f\xF6\xF6@example.com");
82 CertErrors errors;
83 EXPECT_FALSE(GeneralNames::Create(der::Input(san_der), &errors));
84 }
85
TEST(GeneralNames,DnsName)86 TEST(GeneralNames, DnsName) {
87 std::string san_der;
88 ASSERT_TRUE(LoadTestSubjectAltNameData("san-dnsname.pem", &san_der));
89
90 CertErrors errors;
91 std::unique_ptr<GeneralNames> general_names =
92 GeneralNames::Create(der::Input(san_der), &errors);
93 ASSERT_TRUE(general_names);
94 EXPECT_EQ(GENERAL_NAME_DNS_NAME, general_names->present_name_types);
95 ASSERT_EQ(1U, general_names->dns_names.size());
96 EXPECT_EQ("foo.example.com", general_names->dns_names[0]);
97 }
98
TEST(GeneralNames,CreateFailsOnNonAsciiDnsName)99 TEST(GeneralNames, CreateFailsOnNonAsciiDnsName) {
100 std::string san_der;
101 ASSERT_TRUE(LoadTestSubjectAltNameData("san-dnsname.pem", &san_der));
102 ReplaceFirstSubstring(&san_der, "foo.example.com", "f\xF6\xF6.example.com");
103 CertErrors errors;
104 EXPECT_FALSE(GeneralNames::Create(der::Input(san_der), &errors));
105 }
106
TEST(GeneralNames,X400Address)107 TEST(GeneralNames, X400Address) {
108 std::string san_der;
109 ASSERT_TRUE(LoadTestSubjectAltNameData("san-x400address.pem", &san_der));
110
111 CertErrors errors;
112 std::unique_ptr<GeneralNames> general_names =
113 GeneralNames::Create(der::Input(san_der), &errors);
114 ASSERT_TRUE(general_names);
115 EXPECT_EQ(GENERAL_NAME_X400_ADDRESS, general_names->present_name_types);
116 ASSERT_EQ(1U, general_names->x400_addresses.size());
117 const uint8_t expected_der[] = {0x30, 0x06, 0x61, 0x04,
118 0x13, 0x02, 0x55, 0x53};
119 EXPECT_EQ(der::Input(expected_der), general_names->x400_addresses[0]);
120 }
121
TEST(GeneralNames,DirectoryName)122 TEST(GeneralNames, DirectoryName) {
123 std::string san_der;
124 ASSERT_TRUE(LoadTestSubjectAltNameData("san-directoryname.pem", &san_der));
125
126 CertErrors errors;
127 std::unique_ptr<GeneralNames> general_names =
128 GeneralNames::Create(der::Input(san_der), &errors);
129 ASSERT_TRUE(general_names);
130 EXPECT_EQ(GENERAL_NAME_DIRECTORY_NAME, general_names->present_name_types);
131 ASSERT_EQ(1U, general_names->directory_names.size());
132 const uint8_t expected_der[] = {0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
133 0x04, 0x06, 0x13, 0x02, 0x55, 0x53};
134 EXPECT_EQ(der::Input(expected_der), general_names->directory_names[0]);
135 }
136
TEST(GeneralNames,EDIPartyName)137 TEST(GeneralNames, EDIPartyName) {
138 std::string san_der;
139 ASSERT_TRUE(LoadTestSubjectAltNameData("san-edipartyname.pem", &san_der));
140
141 CertErrors errors;
142 std::unique_ptr<GeneralNames> general_names =
143 GeneralNames::Create(der::Input(san_der), &errors);
144 ASSERT_TRUE(general_names);
145 EXPECT_EQ(GENERAL_NAME_EDI_PARTY_NAME, general_names->present_name_types);
146 ASSERT_EQ(1U, general_names->edi_party_names.size());
147 const uint8_t expected_der[] = {0x81, 0x03, 0x66, 0x6f, 0x6f};
148 EXPECT_EQ(der::Input(expected_der), general_names->edi_party_names[0]);
149 }
150
TEST(GeneralNames,URI)151 TEST(GeneralNames, URI) {
152 std::string san_der;
153 ASSERT_TRUE(LoadTestSubjectAltNameData("san-uri.pem", &san_der));
154
155 CertErrors errors;
156 std::unique_ptr<GeneralNames> general_names =
157 GeneralNames::Create(der::Input(san_der), &errors);
158 ASSERT_TRUE(general_names);
159 EXPECT_EQ(GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER,
160 general_names->present_name_types);
161 ASSERT_EQ(1U, general_names->uniform_resource_identifiers.size());
162 EXPECT_EQ("http://example.com",
163 general_names->uniform_resource_identifiers[0]);
164 }
165
TEST(GeneralNames,CreateFailsOnNonAsciiURI)166 TEST(GeneralNames, CreateFailsOnNonAsciiURI) {
167 std::string san_der;
168 ASSERT_TRUE(LoadTestSubjectAltNameData("san-uri.pem", &san_der));
169 ReplaceFirstSubstring(&san_der, "http://example.com",
170 "http://ex\xE4mple.com");
171 CertErrors errors;
172 EXPECT_FALSE(GeneralNames::Create(der::Input(san_der), &errors));
173 }
174
TEST(GeneralNames,IPAddress_v4)175 TEST(GeneralNames, IPAddress_v4) {
176 std::string san_der;
177 ASSERT_TRUE(LoadTestSubjectAltNameData("san-ipaddress4.pem", &san_der));
178
179 CertErrors errors;
180 std::unique_ptr<GeneralNames> general_names =
181 GeneralNames::Create(der::Input(san_der), &errors);
182 ASSERT_TRUE(general_names);
183 EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, general_names->present_name_types);
184 ASSERT_EQ(1U, general_names->ip_addresses.size());
185 static const uint8_t kIP[] = {192, 168, 6, 7};
186 EXPECT_EQ(der::Input(kIP), general_names->ip_addresses[0]);
187 EXPECT_EQ(0U, general_names->ip_address_ranges.size());
188 }
189
TEST(GeneralNames,IPAddress_v6)190 TEST(GeneralNames, IPAddress_v6) {
191 std::string san_der;
192 ASSERT_TRUE(LoadTestSubjectAltNameData("san-ipaddress6.pem", &san_der));
193
194 CertErrors errors;
195 std::unique_ptr<GeneralNames> general_names =
196 GeneralNames::Create(der::Input(san_der), &errors);
197 ASSERT_TRUE(general_names);
198 EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, general_names->present_name_types);
199 ASSERT_EQ(1U, general_names->ip_addresses.size());
200 static const uint8_t kIP[] = {0xFE, 0x80, 1, 2, 3, 4, 5, 6,
201 7, 8, 9, 10, 11, 12, 13, 14};
202 EXPECT_EQ(der::Input(kIP), general_names->ip_addresses[0]);
203 EXPECT_EQ(0U, general_names->ip_address_ranges.size());
204 }
205
TEST(GeneralNames,CreateFailsOnInvalidLengthIpAddress)206 TEST(GeneralNames, CreateFailsOnInvalidLengthIpAddress) {
207 std::string invalid_san_der;
208 ASSERT_TRUE(LoadTestSubjectAltNameData("san-invalid-ipaddress.pem",
209 &invalid_san_der));
210 CertErrors errors;
211 EXPECT_FALSE(GeneralNames::Create(der::Input(invalid_san_der), &errors));
212 }
213
TEST(GeneralNames,RegisteredIDs)214 TEST(GeneralNames, RegisteredIDs) {
215 std::string san_der;
216 ASSERT_TRUE(LoadTestSubjectAltNameData("san-registeredid.pem", &san_der));
217
218 CertErrors errors;
219 std::unique_ptr<GeneralNames> general_names =
220 GeneralNames::Create(der::Input(san_der), &errors);
221 ASSERT_TRUE(general_names);
222 EXPECT_EQ(GENERAL_NAME_REGISTERED_ID, general_names->present_name_types);
223 ASSERT_EQ(1U, general_names->registered_ids.size());
224 const uint8_t expected_der[] = {0x2a, 0x03, 0x04};
225 EXPECT_EQ(der::Input(expected_der), general_names->registered_ids[0]);
226 }
227
228 } // namespace net
229