name_constraints_unittest.cc | Explore in Territory

// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "name_constraints.h"

#include <array>
#include <memory>

#include <gtest/gtest.h>
#include "common_cert_errors.h"
#include "test_helpers.h"

BSSL_NAMESPACE_BEGIN
namespace {

::testing::AssertionResult LoadTestData(const char *token,
                                        const std::string &basename,
                                        std::string *result) { … }

::testing::AssertionResult LoadTestName(const std::string &basename,
                                        std::string *result) { … }

::testing::AssertionResult LoadTestNameConstraint(const std::string &basename,
                                                  std::string *result) { … }

::testing::AssertionResult LoadTestSubjectAltNameData(
    const std::string &basename, std::string *result) { … }

::testing::AssertionResult LoadTestSubjectAltName(
    const std::string &basename, std::unique_ptr<GeneralNames> *result,
    std::string *result_der) { … }

::testing::AssertionResult IsPermittedCert(
    const NameConstraints *name_constraints, der::Input subject_rdn_sequence,
    const GeneralNames *subject_alt_names) { … }

std::array<uint8_t, 4> IPAddress(uint8_t b0, uint8_t b1, uint8_t b2,
                                 uint8_t b3) { … }
std::array<uint8_t, 16> IPAddress(uint8_t b0, uint8_t b1, uint8_t b2,
                                  uint8_t b3, uint8_t b4, uint8_t b5,
                                  uint8_t b6, uint8_t b7, uint8_t b8,
                                  uint8_t b9, uint8_t b10, uint8_t b11,
                                  uint8_t b12, uint8_t b13, uint8_t b14,
                                  uint8_t b15) { … }

}  // namespace

class ParseNameConstraints
    : public ::testing::TestWithParam<::testing::tuple<bool>> { … };

// Run the tests with the name constraints marked critical and non-critical. For
// supported name types, the results should be the same for both.
INSTANTIATE_TEST_SUITE_P(…);

TEST_P(ParseNameConstraints, DNSNames) { … }

TEST_P(ParseNameConstraints,
       DNSNamesWithMultipleLevelsBetweenExcludedAndPermitted) { … }

TEST_P(ParseNameConstraints, DNSNamesPermittedWithLeadingDot) { … }

TEST_P(ParseNameConstraints, DNSNamesExcludedWithLeadingDot) { … }

TEST_P(ParseNameConstraints, DNSNamesPermittedTwoDot) { … }

TEST_P(ParseNameConstraints, DNSNamesExcludeOnly) { … }

TEST_P(ParseNameConstraints, DNSNamesExcludeAll) { … }

TEST_P(ParseNameConstraints, DNSNamesExcludeDot) { … }

TEST_P(ParseNameConstraints, DNSNamesFailOnInvalidIA5String) { … }

TEST_P(ParseNameConstraints, DirectoryNames) { … }

TEST_P(ParseNameConstraints, DirectoryNamesExcludeOnly) { … }

TEST_P(ParseNameConstraints, DirectoryNamesExcludeAll) { … }

TEST_P(ParseNameConstraints, IPAddresses) { … }

TEST_P(ParseNameConstraints, IPAddressesExcludeOnly) { … }

TEST_P(ParseNameConstraints, IPAddressesExcludeAll) { … }

TEST_P(ParseNameConstraints, IPAddressesNetmaskPermitSingleHost) { … }

TEST_P(ParseNameConstraints, IPAddressesNetmaskPermitPrefixLen31) { … }

TEST_P(ParseNameConstraints, IPAddressesNetmaskPermitPrefixLen1) { … }

TEST_P(ParseNameConstraints, IPAddressesNetmaskPermitAll) { … }

TEST_P(ParseNameConstraints, IPAddressesFailOnInvalidAddr) { … }

TEST_P(ParseNameConstraints, IPAddressesFailOnInvalidMaskNotContiguous) { … }

// Test that v4/v6 mapping is not applied when evaluating name constraints.
TEST_P(ParseNameConstraints, IPAddressesMapped) { … }

TEST_P(ParseNameConstraints, OtherNamesInPermitted) { … }

TEST_P(ParseNameConstraints, OtherNamesInExcluded) { … }

TEST_P(ParseNameConstraints, Rfc822NamesInPermitted) { … }

TEST_P(ParseNameConstraints, Rfc822NamesInExcluded) { … }

TEST_P(ParseNameConstraints, Rfc822NameHostnameInPermitted) { … }

TEST_P(ParseNameConstraints, Rfc822NameHostnameInExcluded) { … }

TEST_P(ParseNameConstraints, Rfc822NameHostnameWithAtInPermitted) { … }

TEST_P(ParseNameConstraints, Rfc822NameHostnameWithAtInExcluded) { … }

TEST_P(ParseNameConstraints, Rfc822NameSubdomainInPermitted) { … }

TEST_P(ParseNameConstraints, Rfc822NameSubdomainInExcluded) { … }

TEST_P(ParseNameConstraints, Rfc822NameEmptyPermitted) { … }

TEST_P(ParseNameConstraints, Rfc822NameEmptyExcluded) { … }

TEST_P(ParseNameConstraints, Rfc822NameIPv4Permitted) { … }

TEST_P(ParseNameConstraints, Rfc822NameIPv4Excluded) { … }

TEST_P(ParseNameConstraints, QuotedRfc822SanWithNoRfc822Constraints) { … }

TEST_P(ParseNameConstraints, QuotedRfc822SanMatchesQuotedPermitted) { … }

TEST_P(ParseNameConstraints, UnquotedRfc822SanNotMatchingQuotedExcluded) { … }

TEST_P(ParseNameConstraints, X400AddresssInPermitted) { … }

TEST_P(ParseNameConstraints, X400AddresssInExcluded) { … }

TEST_P(ParseNameConstraints, EdiPartyNamesInPermitted) { … }

TEST_P(ParseNameConstraints, EdiPartyNamesInExcluded) { … }

TEST_P(ParseNameConstraints, URIsInPermitted) { … }

TEST_P(ParseNameConstraints, URIsInExcluded) { … }

TEST_P(ParseNameConstraints, RegisteredIDsInPermitted) { … }

TEST_P(ParseNameConstraints, RegisteredIDsInExcluded) { … }

TEST_P(ParseNameConstraints,
       failsOnGeneralSubtreeWithMinimumZeroEncodedUnnecessarily) { … }

TEST_P(ParseNameConstraints, FailsOnGeneralSubtreeWithMinimum) { … }

TEST_P(ParseNameConstraints,
       failsOnGeneralSubtreeWithMinimumZeroEncodedUnnecessarilyAndMaximum) { … }

TEST_P(ParseNameConstraints, FailsOnGeneralSubtreeWithMinimumAndMaximum) { … }

TEST_P(ParseNameConstraints, FailsOnGeneralSubtreeWithMaximum) { … }

TEST_P(ParseNameConstraints, FailsOnEmptyExtensionValue) { … }

TEST_P(ParseNameConstraints, FailsOnNoPermittedAndExcluded) { … }

TEST_P(ParseNameConstraints, FailsOnEmptyPermitted) { … }

TEST_P(ParseNameConstraints, FailsOnEmptyExcluded) { … }

TEST_P(ParseNameConstraints,
       IsPermittedCertSubjectEmailAddressNoEmailConstraint) { … }

TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressIsOk) { … }

TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressIsNotOk) { … }

TEST_P(ParseNameConstraints, IsPermittedCertSubjectEmailAddressExcluded) { … }

// Hostname in commonName is not allowed (crbug.com/308330), so these are tests
// are not particularly interesting, just verifying that the commonName is
// ignored for dNSName constraints.
TEST_P(ParseNameConstraints, IsPermittedCertSubjectDnsNames) { … }

// IP addresses in commonName are not allowed (crbug.com/308330), so these are
// tests are not particularly interesting, just verifying that the commonName is
// ignored for iPAddress constraints.
TEST_P(ParseNameConstraints, IsPermittedCertSubjectIpAddresses) { … }

BSSL_NAMESPACE_END
chromium/third_party/boringssl/src/pki/name_constraints_unittest.cc
