1 // Copyright 2017 The Chromium Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "general_names.h"
16
17 #include <gtest/gtest.h>
18
19 #include <openssl/span.h>
20
21 #include "test_helpers.h"
22
23 BSSL_NAMESPACE_BEGIN
24 namespace {
25
LoadTestData(const char * token,const std::string & basename,std::string * result)26 ::testing::AssertionResult LoadTestData(const char *token,
27 const std::string &basename,
28 std::string *result) {
29 std::string path = "testdata/name_constraints_unittest/" + basename;
30
31 const PemBlockMapping mappings[] = {
32 {token, result},
33 };
34
35 return ReadTestDataFromPemFile(path, mappings);
36 }
37
LoadTestSubjectAltNameData(const std::string & basename,std::string * result)38 ::testing::AssertionResult LoadTestSubjectAltNameData(
39 const std::string &basename, std::string *result) {
40 return LoadTestData("SUBJECT ALTERNATIVE NAME", basename, result);
41 }
42
ReplaceFirstSubstring(std::string * str,std::string_view substr,std::string_view replacement)43 void ReplaceFirstSubstring(std::string *str, std::string_view substr,
44 std::string_view replacement) {
45 size_t idx = str->find(substr);
46 if (idx != std::string::npos) {
47 str->replace(idx, substr.size(), replacement);
48 }
49 }
50
51 } // namespace
52
TEST(GeneralNames,CreateFailsOnEmptySubjectAltName)53 TEST(GeneralNames, CreateFailsOnEmptySubjectAltName) {
54 std::string invalid_san_der;
55 ASSERT_TRUE(
56 LoadTestSubjectAltNameData("san-invalid-empty.pem", &invalid_san_der));
57 CertErrors errors;
58 EXPECT_FALSE(GeneralNames::Create(StringAsBytes(invalid_san_der), &errors));
59 }
60
TEST(GeneralNames,OtherName)61 TEST(GeneralNames, OtherName) {
62 std::string san_der;
63 ASSERT_TRUE(LoadTestSubjectAltNameData("san-othername.pem", &san_der));
64
65 CertErrors errors;
66 std::unique_ptr<GeneralNames> general_names =
67 GeneralNames::Create(StringAsBytes(san_der), &errors);
68 ASSERT_TRUE(general_names);
69 EXPECT_EQ(GENERAL_NAME_OTHER_NAME, general_names->present_name_types);
70 const uint8_t expected_der[] = {0x06, 0x04, 0x2a, 0x03, 0x04, 0x05,
71 0x04, 0x04, 0xde, 0xad, 0xbe, 0xef};
72 ASSERT_EQ(1U, general_names->other_names.size());
73 EXPECT_EQ(der::Input(expected_der), general_names->other_names[0]);
74 }
75
TEST(GeneralNames,RFC822Name)76 TEST(GeneralNames, RFC822Name) {
77 std::string san_der;
78 ASSERT_TRUE(LoadTestSubjectAltNameData("san-rfc822name.pem", &san_der));
79
80 CertErrors errors;
81 std::unique_ptr<GeneralNames> general_names =
82 GeneralNames::Create(StringAsBytes(san_der), &errors);
83 ASSERT_TRUE(general_names);
84 EXPECT_EQ(GENERAL_NAME_RFC822_NAME, general_names->present_name_types);
85 ASSERT_EQ(1U, general_names->rfc822_names.size());
86 EXPECT_EQ("foo@example.com", general_names->rfc822_names[0]);
87 }
88
TEST(GeneralNames,CreateFailsOnNonAsciiRFC822Name)89 TEST(GeneralNames, CreateFailsOnNonAsciiRFC822Name) {
90 std::string san_der;
91 ASSERT_TRUE(LoadTestSubjectAltNameData("san-rfc822name.pem", &san_der));
92 ReplaceFirstSubstring(&san_der, "foo@example.com", "f\xF6\xF6@example.com");
93 CertErrors errors;
94 EXPECT_FALSE(GeneralNames::Create(StringAsBytes(san_der), &errors));
95 }
96
TEST(GeneralNames,DnsName)97 TEST(GeneralNames, DnsName) {
98 std::string san_der;
99 ASSERT_TRUE(LoadTestSubjectAltNameData("san-dnsname.pem", &san_der));
100
101 CertErrors errors;
102 std::unique_ptr<GeneralNames> general_names =
103 GeneralNames::Create(StringAsBytes(san_der), &errors);
104 ASSERT_TRUE(general_names);
105 EXPECT_EQ(GENERAL_NAME_DNS_NAME, general_names->present_name_types);
106 ASSERT_EQ(1U, general_names->dns_names.size());
107 EXPECT_EQ("foo.example.com", general_names->dns_names[0]);
108 }
109
TEST(GeneralNames,CreateFailsOnNonAsciiDnsName)110 TEST(GeneralNames, CreateFailsOnNonAsciiDnsName) {
111 std::string san_der;
112 ASSERT_TRUE(LoadTestSubjectAltNameData("san-dnsname.pem", &san_der));
113 ReplaceFirstSubstring(&san_der, "foo.example.com", "f\xF6\xF6.example.com");
114 CertErrors errors;
115 EXPECT_FALSE(GeneralNames::Create(StringAsBytes(san_der), &errors));
116 }
117
TEST(GeneralNames,X400Address)118 TEST(GeneralNames, X400Address) {
119 std::string san_der;
120 ASSERT_TRUE(LoadTestSubjectAltNameData("san-x400address.pem", &san_der));
121
122 CertErrors errors;
123 std::unique_ptr<GeneralNames> general_names =
124 GeneralNames::Create(StringAsBytes(san_der), &errors);
125 ASSERT_TRUE(general_names);
126 EXPECT_EQ(GENERAL_NAME_X400_ADDRESS, general_names->present_name_types);
127 ASSERT_EQ(1U, general_names->x400_addresses.size());
128 const uint8_t expected_der[] = {0x30, 0x06, 0x61, 0x04,
129 0x13, 0x02, 0x55, 0x53};
130 EXPECT_EQ(der::Input(expected_der), general_names->x400_addresses[0]);
131 }
132
TEST(GeneralNames,DirectoryName)133 TEST(GeneralNames, DirectoryName) {
134 std::string san_der;
135 ASSERT_TRUE(LoadTestSubjectAltNameData("san-directoryname.pem", &san_der));
136
137 CertErrors errors;
138 std::unique_ptr<GeneralNames> general_names =
139 GeneralNames::Create(StringAsBytes(san_der), &errors);
140 ASSERT_TRUE(general_names);
141 EXPECT_EQ(GENERAL_NAME_DIRECTORY_NAME, general_names->present_name_types);
142 ASSERT_EQ(1U, general_names->directory_names.size());
143 const uint8_t expected_der[] = {0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
144 0x04, 0x06, 0x13, 0x02, 0x55, 0x53};
145 EXPECT_EQ(der::Input(expected_der), general_names->directory_names[0]);
146 }
147
TEST(GeneralNames,EDIPartyName)148 TEST(GeneralNames, EDIPartyName) {
149 std::string san_der;
150 ASSERT_TRUE(LoadTestSubjectAltNameData("san-edipartyname.pem", &san_der));
151
152 CertErrors errors;
153 std::unique_ptr<GeneralNames> general_names =
154 GeneralNames::Create(StringAsBytes(san_der), &errors);
155 ASSERT_TRUE(general_names);
156 EXPECT_EQ(GENERAL_NAME_EDI_PARTY_NAME, general_names->present_name_types);
157 ASSERT_EQ(1U, general_names->edi_party_names.size());
158 const uint8_t expected_der[] = {0x81, 0x03, 0x66, 0x6f, 0x6f};
159 EXPECT_EQ(der::Input(expected_der), general_names->edi_party_names[0]);
160 }
161
TEST(GeneralNames,URI)162 TEST(GeneralNames, URI) {
163 std::string san_der;
164 ASSERT_TRUE(LoadTestSubjectAltNameData("san-uri.pem", &san_der));
165
166 CertErrors errors;
167 std::unique_ptr<GeneralNames> general_names =
168 GeneralNames::Create(StringAsBytes(san_der), &errors);
169 ASSERT_TRUE(general_names);
170 EXPECT_EQ(GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER,
171 general_names->present_name_types);
172 ASSERT_EQ(1U, general_names->uniform_resource_identifiers.size());
173 EXPECT_EQ("http://example.com",
174 general_names->uniform_resource_identifiers[0]);
175 }
176
TEST(GeneralNames,CreateFailsOnNonAsciiURI)177 TEST(GeneralNames, CreateFailsOnNonAsciiURI) {
178 std::string san_der;
179 ASSERT_TRUE(LoadTestSubjectAltNameData("san-uri.pem", &san_der));
180 ReplaceFirstSubstring(&san_der, "http://example.com",
181 "http://ex\xE4mple.com");
182 CertErrors errors;
183 EXPECT_FALSE(GeneralNames::Create(StringAsBytes(san_der), &errors));
184 }
185
TEST(GeneralNames,IPAddress_v4)186 TEST(GeneralNames, IPAddress_v4) {
187 std::string san_der;
188 ASSERT_TRUE(LoadTestSubjectAltNameData("san-ipaddress4.pem", &san_der));
189
190 CertErrors errors;
191 std::unique_ptr<GeneralNames> general_names =
192 GeneralNames::Create(StringAsBytes(san_der), &errors);
193 ASSERT_TRUE(general_names);
194 EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, general_names->present_name_types);
195 ASSERT_EQ(1U, general_names->ip_addresses.size());
196 static const uint8_t kIP[] = {192, 168, 6, 7};
197 EXPECT_EQ(der::Input(kIP), general_names->ip_addresses[0]);
198 EXPECT_EQ(0U, general_names->ip_address_ranges.size());
199 }
200
TEST(GeneralNames,IPAddress_v6)201 TEST(GeneralNames, IPAddress_v6) {
202 std::string san_der;
203 ASSERT_TRUE(LoadTestSubjectAltNameData("san-ipaddress6.pem", &san_der));
204
205 CertErrors errors;
206 std::unique_ptr<GeneralNames> general_names =
207 GeneralNames::Create(StringAsBytes(san_der), &errors);
208 ASSERT_TRUE(general_names);
209 EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, general_names->present_name_types);
210 ASSERT_EQ(1U, general_names->ip_addresses.size());
211 static const uint8_t kIP[] = {0xFE, 0x80, 1, 2, 3, 4, 5, 6,
212 7, 8, 9, 10, 11, 12, 13, 14};
213 EXPECT_EQ(der::Input(kIP), general_names->ip_addresses[0]);
214 EXPECT_EQ(0U, general_names->ip_address_ranges.size());
215 }
216
TEST(GeneralNames,CreateFailsOnInvalidLengthIpAddress)217 TEST(GeneralNames, CreateFailsOnInvalidLengthIpAddress) {
218 std::string invalid_san_der;
219 ASSERT_TRUE(LoadTestSubjectAltNameData("san-invalid-ipaddress.pem",
220 &invalid_san_der));
221 CertErrors errors;
222 EXPECT_FALSE(GeneralNames::Create(StringAsBytes(invalid_san_der), &errors));
223 }
224
TEST(GeneralNames,RegisteredIDs)225 TEST(GeneralNames, RegisteredIDs) {
226 std::string san_der;
227 ASSERT_TRUE(LoadTestSubjectAltNameData("san-registeredid.pem", &san_der));
228
229 CertErrors errors;
230 std::unique_ptr<GeneralNames> general_names =
231 GeneralNames::Create(StringAsBytes(san_der), &errors);
232 ASSERT_TRUE(general_names);
233 EXPECT_EQ(GENERAL_NAME_REGISTERED_ID, general_names->present_name_types);
234 ASSERT_EQ(1U, general_names->registered_ids.size());
235 const uint8_t expected_der[] = {0x2a, 0x03, 0x04};
236 EXPECT_EQ(der::Input(expected_der), general_names->registered_ids[0]);
237 }
238
239 BSSL_NAMESPACE_END
240