Parse individual X.509 name components on Windows, rather than parsing the stringified form

On Windows, rather than converting the entire certificate name to a string and attempting to parse out the components and values, iterate through the relativeDistinguishedName and AttributeTypeAndValue pairs to extract each name component. This is to ensure that: 1) When multiple AVAs are present in an RDN, ALL AVAs are parsed. 2) When converting an AVA to a string, no extra escaping is applied. This also fixes domainComponent parsing on OS X, so that unittests with a domainComponent can pass. BUG=101009, 102839 TEST=net_unittests:X509CertificateTest has two new regression tests. Additionally, sample a variety of SSL sites and ensure no regressions, paying attention to internationalized domains. Review URL: http://codereview.chromium.org/8608003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112650 0039d316-1c4b-4281-b951-d872f2087c98
author: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-12-02 07:31:20 +0000
committer: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-12-02 07:31:20 +0000
commit: 016ab203d8021cd0d7f5584daba46737498c30d9 (patch)
tree: 008c25a88b040c7dc37f96fa67ce35451559a4e9 /net/data
parent: ddb9b33b95c5fe0224c92292ea53d8bcd5637a54 (diff)
download: chromium_src-016ab203d8021cd0d7f5584daba46737498c30d9.zip
chromium_src-016ab203d8021cd0d7f5584daba46737498c30d9.tar.gz
chromium_src-016ab203d8021cd0d7f5584daba46737498c30d9.tar.bz2
3 files changed, 129 insertions, 0 deletions
diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README
index 42e40e6..afc395b 100644
--- a/net/data/ssl/certificates/README
+++ b/net/data/ssl/certificates/README
@@ -64,3 +64,11 @@ unit tests.
      different intermediate CA certificates.  The two intermediate CA
      certificates actually represent the same intermediate CA but have
      different validity periods.
+
+- multivalue_rdn.pem : A regression test for http://crbug.com/101009. A
+     certificate with all of the AttributeTypeAndValues stored within a single
+     RelativeDistinguishedName, rather than one AVA per RDN as normally seen.
+
+- unescaped.pem : Regression test for http://crbug.com/102839. Contains
+     characters such as '=' and '"' that would normally be escaped when
+     converting a subject/issuer name to their stringized form.
+\ No newline at end of file
diff --git a/net/data/ssl/certificates/multivalue_rdn.pem b/net/data/ssl/certificates/multivalue_rdn.pem
new file mode 100644
index 0000000..6ffe161
--- /dev/null
+++ b/net/data/ssl/certificates/multivalue_rdn.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            ef:6c:2f:57:d9:fd:5a:0f
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Chromium, DC=Chromium, CN=Multivalue RDN Test, OU=Chromium net_unittests
+        Validity
+            Not Before: Dec  2 03:47:39 2011 GMT
+            Not After : Jan  1 03:47:39 2012 GMT
+        Subject: C=US, O=Chromium, DC=Chromium, CN=Multivalue RDN Test, OU=Chromium net_unittests
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9d:23:10:ed:87:82:b0:eb:a4:fb:49:f5:db:c1:
+                    7b:4d:f0:ed:1b:f5:f8:f2:c1:b5:d2:84:de:eb:94:
+                    82:f0:de:8b:04:b7:e8:ed:86:22:41:99:56:54:71:
+                    33:8e:c1:69:6a:2b:f4:77:1e:24:70:81:5b:56:08:
+                    57:02:4c:bf:af:9a:a0:33:55:e2:00:6b:b3:cc:5c:
+                    3b:47:6e:dc:05:30:bd:0c:f9:51:c0:70:2b:3f:70:
+                    a2:10:a3:b7:8b:3f:22:fa:ab:bd:c7:48:a5:ff:d3:
+                    7b:d0:b7:12:48:0b:bf:90:62:f1:8a:40:db:1d:1a:
+                    0c:f5:dd:92:2a:1c:b6:2c:6b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                8D:5E:71:FA:2A:73:BA:9F:8E:63:32:1C:5D:AB:87:D0:AB:47:AB:B7
+            X509v3 Authority Key Identifier: 
+                keyid:8D:5E:71:FA:2A:73:BA:9F:8E:63:32:1C:5D:AB:87:D0:AB:47:AB:B7
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        18:ac:0d:d3:50:38:ee:7c:55:1c:e9:30:c0:57:5b:4f:cb:7d:
+        14:59:18:de:92:20:e6:67:a8:a8:ed:da:01:33:5a:48:4c:e4:
+        66:85:25:8d:6b:56:81:67:f3:af:e9:f8:12:5c:19:07:17:98:
+        bf:d7:0f:ba:b5:64:6b:ec:17:ca:0c:d6:ce:c3:b3:09:43:0a:
+        04:8f:da:4b:c8:a3:45:ea:ef:ca:f8:7a:2e:91:a8:8c:f1:a7:
+        d4:7b:6d:9d:73:4b:9a:1c:be:04:b1:02:b3:b7:2a:e9:fd:19:
+        86:f2:26:ac:45:a1:0f:9b:99:1a:53:b1:69:99:3e:6c:51:23:
+        40:70
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJAO9sL1fZ/VoPMA0GCSqGSIb3DQEBBQUAMHExbzAJBgNV
+BAYTAlVTMA8GA1UECgwIQ2hyb21pdW0wFgYKCZImiZPyLGQBGRYIQ2hyb21pdW0w
+GgYDVQQDDBNNdWx0aXZhbHVlIFJETiBUZXN0MB0GA1UECwwWQ2hyb21pdW0gbmV0
+X3VuaXR0ZXN0czAeFw0xMTEyMDIwMzQ3MzlaFw0xMjAxMDEwMzQ3MzlaMHExbzAJ
+BgNVBAYTAlVTMA8GA1UECgwIQ2hyb21pdW0wFgYKCZImiZPyLGQBGRYIQ2hyb21p
+dW0wGgYDVQQDDBNNdWx0aXZhbHVlIFJETiBUZXN0MB0GA1UECwwWQ2hyb21pdW0g
+bmV0X3VuaXR0ZXN0czCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnSMQ7YeC
+sOuk+0n128F7TfDtG/X48sG10oTe65SC8N6LBLfo7YYiQZlWVHEzjsFpaiv0dx4k
+cIFbVghXAky/r5qgM1XiAGuzzFw7R27cBTC9DPlRwHArP3CiEKO3iz8i+qu9x0il
+/9N70LcSSAu/kGLxikDbHRoM9d2SKhy2LGsCAwEAAaNQME4wHQYDVR0OBBYEFI1e
+cfoqc7qfjmMyHF2rh9CrR6u3MB8GA1UdIwQYMBaAFI1ecfoqc7qfjmMyHF2rh9Cr
+R6u3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAGKwN01A47nxVHOkw
+wFdbT8t9FFkY3pIg5meoqO3aATNaSEzkZoUljWtWgWfzr+n4ElwZBxeYv9cPurVk
+a+wXygzWzsOzCUMKBI/aS8ijRervyvh6LpGojPGn1HttnXNLmhy+BLECs7cq6f0Z
+hvImrEWhD5uZGlOxaZk+bFEjQHA=
+-----END CERTIFICATE-----
diff --git a/net/data/ssl/certificates/unescaped.pem b/net/data/ssl/certificates/unescaped.pem
new file mode 100644
index 0000000..33dbb40
--- /dev/null
+++ b/net/data/ssl/certificates/unescaped.pem
@@ -0,0 +1,62 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            ed:cd:27:0f:4c:ca:cc:fc
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=127.0.0.1, L=Mountain View, ST=California/streetAddress=1600 Amphitheatre Parkway, C=US, O=Chromium = "net_unittests", OU=net_unittests, OU=Chromium
+        Validity
+            Not Before: Dec  2 03:56:43 2011 GMT
+            Not After : Jan  1 03:56:43 2012 GMT
+        Subject: CN=127.0.0.1, L=Mountain View, ST=California/streetAddress=1600 Amphitheatre Parkway, C=US, O=Chromium = "net_unittests", OU=net_unittests, OU=Chromium
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ac:25:6c:de:22:4f:be:77:07:3a:6c:f9:5f:e6:
+                    0a:ce:69:f7:ca:c5:b8:08:2b:b8:b0:04:12:55:fe:
+                    65:4c:c2:aa:b9:3d:b2:87:f5:59:c3:72:ac:a9:d4:
+                    1e:0b:ec:7f:2e:df:4c:ad:e7:cc:52:93:b4:ed:0a:
+                    99:40:7e:6a:35:c3:b0:8b:93:c7:e5:97:54:b9:7f:
+                    68:26:04:17:a6:b4:50:9e:d6:d7:6b:19:a1:ce:0b:
+                    5e:73:80:a6:b9:ef:5d:34:8e:6f:f7:8c:de:cf:78:
+                    cd:16:93:30:23:c3:5c:8c:9f:78:ce:18:c6:0f:e1:
+                    32:76:8a:c4:c4:54:30:56:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                38:85:CF:3E:10:D5:47:FC:08:81:FA:85:7F:84:7A:2F:3D:69:2B:A6
+            X509v3 Authority Key Identifier: 
+                keyid:38:85:CF:3E:10:D5:47:FC:08:81:FA:85:7F:84:7A:2F:3D:69:2B:A6
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        32:0a:90:29:b1:9f:c0:c7:55:da:37:8f:5b:b8:09:a0:97:65:
+        15:3a:79:d1:3e:24:f4:44:ad:3f:eb:84:b4:ae:e3:7a:ba:43:
+        8c:d4:df:ef:ca:46:c5:99:c4:99:b5:ae:7e:2c:a9:85:05:d0:
+        8f:07:d2:ee:9e:72:b0:e0:87:51:5c:e8:f4:5a:a1:44:25:a5:
+        47:6a:67:b3:79:2e:66:7d:93:7d:f7:cf:31:13:c1:fc:af:62:
+        c6:ec:22:14:50:7f:d2:38:ff:5d:11:d5:58:c8:5e:43:08:bb:
+        ca:9c:45:78:f4:28:08:cc:98:75:1d:4c:d2:43:a5:34:f0:86:
+        56:37
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAr2gAwIBAgIJAO3NJw9Mysz8MA0GCSqGSIb3DQEBBQUAMIHCMRIwEAYD
+VQQDDAkxMjcuMC4wLjExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAgM
+CkNhbGlmb3JuaWExIjAgBgNVBAkMGTE2MDAgQW1waGl0aGVhdHJlIFBhcmt3YXkx
+CzAJBgNVBAYTAlVTMSMwIQYDVQQKDBpDaHJvbWl1bSA9ICJuZXRfdW5pdHRlc3Rz
+IjEWMBQGA1UECwwNbmV0X3VuaXR0ZXN0czERMA8GA1UECwwIQ2hyb21pdW0wHhcN
+MTExMjAyMDM1NjQzWhcNMTIwMTAxMDM1NjQzWjCBwjESMBAGA1UEAwwJMTI3LjAu
+MC4xMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQIDApDYWxpZm9ybmlh
+MSIwIAYDVQQJDBkxNjAwIEFtcGhpdGhlYXRyZSBQYXJrd2F5MQswCQYDVQQGEwJV
+UzEjMCEGA1UECgwaQ2hyb21pdW0gPSAibmV0X3VuaXR0ZXN0cyIxFjAUBgNVBAsM
+DW5ldF91bml0dGVzdHMxETAPBgNVBAsMCENocm9taXVtMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCsJWzeIk++dwc6bPlf5grOaffKxbgIK7iwBBJV/mVMwqq5
+PbKH9VnDcqyp1B4L7H8u30yt58xSk7TtCplAfmo1w7CLk8fll1S5f2gmBBemtFCe
+1tdrGaHOC15zgKa57100jm/3jN7PeM0WkzAjw1yMn3jOGMYP4TJ2isTEVDBWOQID
+AQABo1AwTjAdBgNVHQ4EFgQUOIXPPhDVR/wIgfqFf4R6Lz1pK6YwHwYDVR0jBBgw
+FoAUOIXPPhDVR/wIgfqFf4R6Lz1pK6YwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQUFAAOBgQAyCpApsZ/Ax1XaN49buAmgl2UVOnnRPiT0RK0/64S0ruN6ukOM1N/v
+ykbFmcSZta5+LKmFBdCPB9LunnKw4IdRXOj0WqFEJaVHamezeS5mfZN9988xE8H8
+r2LG7CIUUH/SOP9dEdVYyF5DCLvKnEV49CgIzJh1HUzSQ6U08IZWNw==
+-----END CERTIFICATE-----
author	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-12-02 07:31:20 +0000
committer	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-12-02 07:31:20 +0000
commit	016ab203d8021cd0d7f5584daba46737498c30d9 (patch)
tree	008c25a88b040c7dc37f96fa67ce35451559a4e9 /net/data
parent	ddb9b33b95c5fe0224c92292ea53d8bcd5637a54 (diff)
download	chromium_src-016ab203d8021cd0d7f5584daba46737498c30d9.zip chromium_src-016ab203d8021cd0d7f5584daba46737498c30d9.tar.gz chromium_src-016ab203d8021cd0d7f5584daba46737498c30d9.tar.bz2