1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "general_names.h"
6
7 #include <gtest/gtest.h>
8 #include "test_helpers.h"
9
10 namespace bssl {
11 namespace {
12
LoadTestData(const char * token,const std::string & basename,std::string * result)13 ::testing::AssertionResult LoadTestData(const char *token,
14 const std::string &basename,
15 std::string *result) {
16 std::string path = "testdata/name_constraints_unittest/" + basename;
17
18 const PemBlockMapping mappings[] = {
19 {token, result},
20 };
21
22 return ReadTestDataFromPemFile(path, mappings);
23 }
24
LoadTestSubjectAltNameData(const std::string & basename,std::string * result)25 ::testing::AssertionResult LoadTestSubjectAltNameData(
26 const std::string &basename, std::string *result) {
27 return LoadTestData("SUBJECT ALTERNATIVE NAME", basename, result);
28 }
29
ReplaceFirstSubstring(std::string * str,std::string_view substr,std::string_view replacement)30 void ReplaceFirstSubstring(std::string *str, std::string_view substr,
31 std::string_view replacement) {
32 size_t idx = str->find(substr);
33 if (idx != std::string::npos) {
34 str->replace(idx, substr.size(), replacement);
35 }
36 }
37
38 } // namespace
39
TEST(GeneralNames,CreateFailsOnEmptySubjectAltName)40 TEST(GeneralNames, CreateFailsOnEmptySubjectAltName) {
41 std::string invalid_san_der;
42 ASSERT_TRUE(
43 LoadTestSubjectAltNameData("san-invalid-empty.pem", &invalid_san_der));
44 CertErrors errors;
45 EXPECT_FALSE(GeneralNames::Create(der::Input(invalid_san_der), &errors));
46 }
47
TEST(GeneralNames,OtherName)48 TEST(GeneralNames, OtherName) {
49 std::string san_der;
50 ASSERT_TRUE(LoadTestSubjectAltNameData("san-othername.pem", &san_der));
51
52 CertErrors errors;
53 std::unique_ptr<GeneralNames> general_names =
54 GeneralNames::Create(der::Input(san_der), &errors);
55 ASSERT_TRUE(general_names);
56 EXPECT_EQ(GENERAL_NAME_OTHER_NAME, general_names->present_name_types);
57 const uint8_t expected_der[] = {0x06, 0x04, 0x2a, 0x03, 0x04, 0x05,
58 0x04, 0x04, 0xde, 0xad, 0xbe, 0xef};
59 ASSERT_EQ(1U, general_names->other_names.size());
60 EXPECT_EQ(der::Input(expected_der), general_names->other_names[0]);
61 }
62
TEST(GeneralNames,RFC822Name)63 TEST(GeneralNames, RFC822Name) {
64 std::string san_der;
65 ASSERT_TRUE(LoadTestSubjectAltNameData("san-rfc822name.pem", &san_der));
66
67 CertErrors errors;
68 std::unique_ptr<GeneralNames> general_names =
69 GeneralNames::Create(der::Input(san_der), &errors);
70 ASSERT_TRUE(general_names);
71 EXPECT_EQ(GENERAL_NAME_RFC822_NAME, general_names->present_name_types);
72 ASSERT_EQ(1U, general_names->rfc822_names.size());
73 EXPECT_EQ("[email protected]", general_names->rfc822_names[0]);
74 }
75
TEST(GeneralNames,CreateFailsOnNonAsciiRFC822Name)76 TEST(GeneralNames, CreateFailsOnNonAsciiRFC822Name) {
77 std::string san_der;
78 ASSERT_TRUE(LoadTestSubjectAltNameData("san-rfc822name.pem", &san_der));
79 ReplaceFirstSubstring(&san_der, "[email protected]", "f\xF6\[email protected]");
80 CertErrors errors;
81 EXPECT_FALSE(GeneralNames::Create(der::Input(san_der), &errors));
82 }
83
TEST(GeneralNames,DnsName)84 TEST(GeneralNames, DnsName) {
85 std::string san_der;
86 ASSERT_TRUE(LoadTestSubjectAltNameData("san-dnsname.pem", &san_der));
87
88 CertErrors errors;
89 std::unique_ptr<GeneralNames> general_names =
90 GeneralNames::Create(der::Input(san_der), &errors);
91 ASSERT_TRUE(general_names);
92 EXPECT_EQ(GENERAL_NAME_DNS_NAME, general_names->present_name_types);
93 ASSERT_EQ(1U, general_names->dns_names.size());
94 EXPECT_EQ("foo.example.com", general_names->dns_names[0]);
95 }
96
TEST(GeneralNames,CreateFailsOnNonAsciiDnsName)97 TEST(GeneralNames, CreateFailsOnNonAsciiDnsName) {
98 std::string san_der;
99 ASSERT_TRUE(LoadTestSubjectAltNameData("san-dnsname.pem", &san_der));
100 ReplaceFirstSubstring(&san_der, "foo.example.com", "f\xF6\xF6.example.com");
101 CertErrors errors;
102 EXPECT_FALSE(GeneralNames::Create(der::Input(san_der), &errors));
103 }
104
TEST(GeneralNames,X400Address)105 TEST(GeneralNames, X400Address) {
106 std::string san_der;
107 ASSERT_TRUE(LoadTestSubjectAltNameData("san-x400address.pem", &san_der));
108
109 CertErrors errors;
110 std::unique_ptr<GeneralNames> general_names =
111 GeneralNames::Create(der::Input(san_der), &errors);
112 ASSERT_TRUE(general_names);
113 EXPECT_EQ(GENERAL_NAME_X400_ADDRESS, general_names->present_name_types);
114 ASSERT_EQ(1U, general_names->x400_addresses.size());
115 const uint8_t expected_der[] = {0x30, 0x06, 0x61, 0x04,
116 0x13, 0x02, 0x55, 0x53};
117 EXPECT_EQ(der::Input(expected_der), general_names->x400_addresses[0]);
118 }
119
TEST(GeneralNames,DirectoryName)120 TEST(GeneralNames, DirectoryName) {
121 std::string san_der;
122 ASSERT_TRUE(LoadTestSubjectAltNameData("san-directoryname.pem", &san_der));
123
124 CertErrors errors;
125 std::unique_ptr<GeneralNames> general_names =
126 GeneralNames::Create(der::Input(san_der), &errors);
127 ASSERT_TRUE(general_names);
128 EXPECT_EQ(GENERAL_NAME_DIRECTORY_NAME, general_names->present_name_types);
129 ASSERT_EQ(1U, general_names->directory_names.size());
130 const uint8_t expected_der[] = {0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
131 0x04, 0x06, 0x13, 0x02, 0x55, 0x53};
132 EXPECT_EQ(der::Input(expected_der), general_names->directory_names[0]);
133 }
134
TEST(GeneralNames,EDIPartyName)135 TEST(GeneralNames, EDIPartyName) {
136 std::string san_der;
137 ASSERT_TRUE(LoadTestSubjectAltNameData("san-edipartyname.pem", &san_der));
138
139 CertErrors errors;
140 std::unique_ptr<GeneralNames> general_names =
141 GeneralNames::Create(der::Input(san_der), &errors);
142 ASSERT_TRUE(general_names);
143 EXPECT_EQ(GENERAL_NAME_EDI_PARTY_NAME, general_names->present_name_types);
144 ASSERT_EQ(1U, general_names->edi_party_names.size());
145 const uint8_t expected_der[] = {0x81, 0x03, 0x66, 0x6f, 0x6f};
146 EXPECT_EQ(der::Input(expected_der), general_names->edi_party_names[0]);
147 }
148
TEST(GeneralNames,URI)149 TEST(GeneralNames, URI) {
150 std::string san_der;
151 ASSERT_TRUE(LoadTestSubjectAltNameData("san-uri.pem", &san_der));
152
153 CertErrors errors;
154 std::unique_ptr<GeneralNames> general_names =
155 GeneralNames::Create(der::Input(san_der), &errors);
156 ASSERT_TRUE(general_names);
157 EXPECT_EQ(GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER,
158 general_names->present_name_types);
159 ASSERT_EQ(1U, general_names->uniform_resource_identifiers.size());
160 EXPECT_EQ("http://example.com",
161 general_names->uniform_resource_identifiers[0]);
162 }
163
TEST(GeneralNames,CreateFailsOnNonAsciiURI)164 TEST(GeneralNames, CreateFailsOnNonAsciiURI) {
165 std::string san_der;
166 ASSERT_TRUE(LoadTestSubjectAltNameData("san-uri.pem", &san_der));
167 ReplaceFirstSubstring(&san_der, "http://example.com",
168 "http://ex\xE4mple.com");
169 CertErrors errors;
170 EXPECT_FALSE(GeneralNames::Create(der::Input(san_der), &errors));
171 }
172
TEST(GeneralNames,IPAddress_v4)173 TEST(GeneralNames, IPAddress_v4) {
174 std::string san_der;
175 ASSERT_TRUE(LoadTestSubjectAltNameData("san-ipaddress4.pem", &san_der));
176
177 CertErrors errors;
178 std::unique_ptr<GeneralNames> general_names =
179 GeneralNames::Create(der::Input(san_der), &errors);
180 ASSERT_TRUE(general_names);
181 EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, general_names->present_name_types);
182 ASSERT_EQ(1U, general_names->ip_addresses.size());
183 static const uint8_t kIP[] = {192, 168, 6, 7};
184 EXPECT_EQ(der::Input(kIP), general_names->ip_addresses[0]);
185 EXPECT_EQ(0U, general_names->ip_address_ranges.size());
186 }
187
TEST(GeneralNames,IPAddress_v6)188 TEST(GeneralNames, IPAddress_v6) {
189 std::string san_der;
190 ASSERT_TRUE(LoadTestSubjectAltNameData("san-ipaddress6.pem", &san_der));
191
192 CertErrors errors;
193 std::unique_ptr<GeneralNames> general_names =
194 GeneralNames::Create(der::Input(san_der), &errors);
195 ASSERT_TRUE(general_names);
196 EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, general_names->present_name_types);
197 ASSERT_EQ(1U, general_names->ip_addresses.size());
198 static const uint8_t kIP[] = {0xFE, 0x80, 1, 2, 3, 4, 5, 6,
199 7, 8, 9, 10, 11, 12, 13, 14};
200 EXPECT_EQ(der::Input(kIP), general_names->ip_addresses[0]);
201 EXPECT_EQ(0U, general_names->ip_address_ranges.size());
202 }
203
TEST(GeneralNames,CreateFailsOnInvalidLengthIpAddress)204 TEST(GeneralNames, CreateFailsOnInvalidLengthIpAddress) {
205 std::string invalid_san_der;
206 ASSERT_TRUE(LoadTestSubjectAltNameData("san-invalid-ipaddress.pem",
207 &invalid_san_der));
208 CertErrors errors;
209 EXPECT_FALSE(GeneralNames::Create(der::Input(invalid_san_der), &errors));
210 }
211
TEST(GeneralNames,RegisteredIDs)212 TEST(GeneralNames, RegisteredIDs) {
213 std::string san_der;
214 ASSERT_TRUE(LoadTestSubjectAltNameData("san-registeredid.pem", &san_der));
215
216 CertErrors errors;
217 std::unique_ptr<GeneralNames> general_names =
218 GeneralNames::Create(der::Input(san_der), &errors);
219 ASSERT_TRUE(general_names);
220 EXPECT_EQ(GENERAL_NAME_REGISTERED_ID, general_names->present_name_types);
221 ASSERT_EQ(1U, general_names->registered_ids.size());
222 const uint8_t expected_der[] = {0x2a, 0x03, 0x04};
223 EXPECT_EQ(der::Input(expected_der), general_names->registered_ids[0]);
224 }
225
226 } // namespace bssl
227