Migrate net/cert/* to net::IPAddress.

BUG=496258 Review URL: https://codereview.chromium.org/1822563002 Cr-Commit-Position: refs/heads/master@{#382713}
author: martijn <martijn@martijnc.be> 2016-03-22 15:29:56 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-03-22 22:31:14 +0000
commit: cd42ba75341213b8995a88274f1858a5274a11a3 (patch)
tree: 2a1670b340e695b39d3d4b64b517924982a57ad8 /net
parent: 430477a94f8f370ffa7af04919b536d4a158c7c7 (diff)
download: chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.zip
chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.tar.gz
chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.tar.bz2
6 files changed, 195 insertions, 291 deletions
diff --git a/net/base/ip_address.cc b/net/base/ip_address.cc
index 7ae68bf..26c8cc5 100644
--- a/net/base/ip_address.cc
+++ b/net/base/ip_address.cc
@@ -30,6 +30,27 @@ IPAddress::IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3) {
   ip_address_.push_back(b3);
 }
 
+IPAddress::IPAddress(uint8_t b0,
+                     uint8_t b1,
+                     uint8_t b2,
+                     uint8_t b3,
+                     uint8_t b4,
+                     uint8_t b5,
+                     uint8_t b6,
+                     uint8_t b7,
+                     uint8_t b8,
+                     uint8_t b9,
+                     uint8_t b10,
+                     uint8_t b11,
+                     uint8_t b12,
+                     uint8_t b13,
+                     uint8_t b14,
+                     uint8_t b15) {
+  const uint8_t address[] = {b0, b1, b2,  b3,  b4,  b5,  b6,  b7,
+                             b8, b9, b10, b11, b12, b13, b14, b15};
+  ip_address_ = std::vector<uint8_t>(std::begin(address), std::end(address));
+}
+
 IPAddress::~IPAddress() {}
 
 bool IPAddress::IsIPv4() const {
diff --git a/net/base/ip_address.h b/net/base/ip_address.h
index 91ce071..1897ebcc 100644
--- a/net/base/ip_address.h
+++ b/net/base/ip_address.h
@@ -40,10 +40,29 @@ class NET_EXPORT IPAddress {
   // parameter. The input is expected to be in network byte order.
   IPAddress(const uint8_t* address, size_t address_len);
 
-  // Initializes |ip_address_| from the 4 bX bytes. The bytes are expected to be
-  // in network byte order.
+  // Initializes |ip_address_| from the 4 bX bytes to form an IPv4 address.
+  // The bytes are expected to be in network byte order.
   IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3);
 
+  // Initializes |ip_address_| from the 16 bX bytes to form an IPv6 address.
+  // The bytes are expected to be in network byte order.
+  IPAddress(uint8_t b0,
+            uint8_t b1,
+            uint8_t b2,
+            uint8_t b3,
+            uint8_t b4,
+            uint8_t b5,
+            uint8_t b6,
+            uint8_t b7,
+            uint8_t b8,
+            uint8_t b9,
+            uint8_t b10,
+            uint8_t b11,
+            uint8_t b12,
+            uint8_t b13,
+            uint8_t b14,
+            uint8_t b15);
+
   ~IPAddress();
 
   // Returns true if the IP has |kIPv4AddressSize| elements.
diff --git a/net/base/ip_address_unittest.cc b/net/base/ip_address_unittest.cc
index 3ebcb72..d386e49 100644
--- a/net/base/ip_address_unittest.cc
+++ b/net/base/ip_address_unittest.cc
@@ -24,6 +24,20 @@ std::string DumpIPAddress(const IPAddress& v) {
   return out;
 }
 
+TEST(IPAddressTest, ConstructIPv4) {
+  EXPECT_EQ("127.0.0.1", IPAddress::IPv4Localhost().ToString());
+
+  IPAddress ipv4_ctor(192, 168, 1, 1);
+  EXPECT_EQ("192.168.1.1", ipv4_ctor.ToString());
+}
+
+TEST(IPAddressTest, ConstructIPv6) {
+  EXPECT_EQ("::1", IPAddress::IPv6Localhost().ToString());
+
+  IPAddress ipv6_ctor(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16);
+  EXPECT_EQ("102:304:506:708:90a:b0c:d0e:f10", ipv6_ctor.ToString());
+}
+
 TEST(IPAddressTest, IsIPVersion) {
   uint8_t addr1[4] = {192, 168, 0, 1};
   IPAddress ip_address1(addr1);
diff --git a/net/cert/internal/name_constraints.cc b/net/cert/internal/name_constraints.cc
index 2077d20..9141a02 100644
--- a/net/cert/internal/name_constraints.cc
+++ b/net/cert/internal/name_constraints.cc
@@ -192,12 +192,12 @@ WARN_UNUSED_RESULT bool ParseGeneralName(
       // version 4, as specified in [RFC791], the octet string MUST contain
       // exactly four octets.  For IP version 6, as specified in [RFC2460],
       // the octet string MUST contain exactly sixteen octets.
-      if ((value.Length() != kIPv4AddressSize &&
-           value.Length() != kIPv6AddressSize)) {
+      if ((value.Length() != IPAddress::kIPv4AddressSize &&
+           value.Length() != IPAddress::kIPv6AddressSize)) {
         return false;
       }
-      subtrees->ip_addresses.push_back(std::vector<uint8_t>(
-          value.UnsafeData(), value.UnsafeData() + value.Length()));
+      subtrees->ip_addresses.push_back(
+          IPAddress(value.UnsafeData(), value.Length()));
     } else {
       DCHECK_EQ(ip_address_type, IP_ADDRESS_AND_NETMASK);
       // RFC 5280 section 4.2.1.10:
@@ -210,19 +210,18 @@ WARN_UNUSED_RESULT bool ParseGeneralName(
       // constraint for "class C" subnet 192.0.2.0 is represented as the
       // octets C0 00 02 00 FF FF FF 00, representing the CIDR notation
       // 192.0.2.0/24 (mask 255.255.255.0).
-      if (value.Length() != kIPv4AddressSize * 2 &&
-          value.Length() != kIPv6AddressSize * 2) {
+      if (value.Length() != IPAddress::kIPv4AddressSize * 2 &&
+          value.Length() != IPAddress::kIPv6AddressSize * 2) {
         return false;
       }
-      const std::vector<uint8_t> mask(value.UnsafeData() + value.Length() / 2,
-                                      value.UnsafeData() + value.Length());
+      const IPAddress mask(value.UnsafeData() + value.Length() / 2,
+                           value.Length() / 2);
       const unsigned mask_prefix_length = MaskPrefixLength(mask);
-      if (!IsSuffixZero(mask, mask_prefix_length))
+      if (!IsSuffixZero(mask.bytes(), mask_prefix_length))
         return false;
-      subtrees->ip_address_ranges.push_back(std::make_pair(
-          std::vector<uint8_t>(value.UnsafeData(),
-                               value.UnsafeData() + value.Length() / 2),
-          mask_prefix_length));
+      subtrees->ip_address_ranges.push_back(
+          std::make_pair(IPAddress(value.UnsafeData(), value.Length() / 2),
+                         mask_prefix_length));
     }
   } else if (tag == der::ContextSpecificPrimitive(8)) {
     // registeredID                    [8]     OBJECT IDENTIFIER }
@@ -524,9 +523,9 @@ bool NameConstraints::IsPermittedDirectoryName(
   return false;
 }
 
-bool NameConstraints::IsPermittedIP(const IPAddressNumber& ip) const {
+bool NameConstraints::IsPermittedIP(const IPAddress& ip) const {
   for (const auto& excluded_ip : excluded_subtrees_.ip_address_ranges) {
-    if (IPNumberMatchesPrefix(ip, excluded_ip.first, excluded_ip.second))
+    if (IPAddressMatchesPrefix(ip, excluded_ip.first, excluded_ip.second))
       return false;
   }
 
@@ -536,7 +535,7 @@ bool NameConstraints::IsPermittedIP(const IPAddressNumber& ip) const {
     return true;
 
   for (const auto& permitted_ip : permitted_subtrees_.ip_address_ranges) {
-    if (IPNumberMatchesPrefix(ip, permitted_ip.first, permitted_ip.second))
+    if (IPAddressMatchesPrefix(ip, permitted_ip.first, permitted_ip.second))
       return true;
   }
 
diff --git a/net/cert/internal/name_constraints.h b/net/cert/internal/name_constraints.h
index 07b98a3..35ff913 100644
--- a/net/cert/internal/name_constraints.h
+++ b/net/cert/internal/name_constraints.h
@@ -11,7 +11,7 @@
 
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
-#include "net/base/ip_address_number.h"
+#include "net/base/ip_address.h"
 
 namespace net {
 
@@ -59,11 +59,11 @@ struct NET_EXPORT GeneralNames {
 
   // iPAddresses as sequences of octets in network byte order. This will be
   // populated if the GeneralNames represents a Subject Alternative Name.
-  std::vector<std::vector<uint8_t>> ip_addresses;
+  std::vector<IPAddress> ip_addresses;
 
   // iPAddress ranges, as <IP, prefix length> pairs. This will be populated
   // if the GeneralNames represents a Name Constraints.
-  std::vector<std::pair<std::vector<uint8_t>, unsigned>> ip_address_ranges;
+  std::vector<std::pair<IPAddress, unsigned>> ip_address_ranges;
 
   // Which name types were present, as a bitfield of GeneralNameTypes.
   // Includes both the supported and unsupported types (although unsupported
@@ -111,7 +111,7 @@ class NET_EXPORT NameConstraints {
   bool IsPermittedDirectoryName(const der::Input& name_rdn_sequence) const;
 
   // Returns true if the iPAddress |ip| is permitted.
-  bool IsPermittedIP(const IPAddressNumber& ip) const;
+  bool IsPermittedIP(const IPAddress& ip) const;
 
   // Returns a bitfield of GeneralNameTypes of all the types constrained by this
   // NameConstraints. Name types that aren't supported will only be present if
diff --git a/net/cert/internal/name_constraints_unittest.cc b/net/cert/internal/name_constraints_unittest.cc
index 879986e..693597d 100644
--- a/net/cert/internal/name_constraints_unittest.cc
+++ b/net/cert/internal/name_constraints_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "net/cert/internal/name_constraints.h"
 
+#include "net/base/ip_address.h"
 #include "net/cert/internal/test_helpers.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -409,142 +410,95 @@ TEST_P(ParseNameConstraints, IPAdresses) {
   ASSERT_TRUE(name_constraints);
 
   // IPv4 tests:
-  {
-    // Not in any permitted range.
-    const uint8_t ip4[] = {192, 169, 0, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Within the permitted 192.168.0.0/255.255.0.0 range.
-    const uint8_t ip4[] = {192, 168, 0, 1};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Within the permitted 192.168.0.0/255.255.0.0 range, however the
-    // excluded 192.168.5.0/255.255.255.0 takes priority.
-    const uint8_t ip4[] = {192, 168, 5, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Within the permitted 192.168.0.0/255.255.0.0 range as well as the
-    // permitted 192.168.5.32/255.255.255.224 range, however the excluded
-    // 192.168.5.0/255.255.255.0 still takes priority.
-    const uint8_t ip4[] = {192, 168, 5, 33};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Not in any permitted range. (Just outside the
-    // 192.167.5.32/255.255.255.224 range.)
-    const uint8_t ip4[] = {192, 167, 5, 31};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Within the permitted 192.167.5.32/255.255.255.224 range.
-    const uint8_t ip4[] = {192, 167, 5, 32};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Within the permitted 192.167.5.32/255.255.255.224 range.
-    const uint8_t ip4[] = {192, 167, 5, 63};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Not in any permitted range. (Just outside the
-    // 192.167.5.32/255.255.255.224 range.)
-    const uint8_t ip4[] = {192, 167, 5, 64};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    // Not in any permitted range, and also inside the extraneous excluded
-    // 192.166.5.32/255.255.255.224 range.
-    const uint8_t ip4[] = {192, 166, 5, 32};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
+
+  // Not in any permitted range.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 169, 0, 1)));
+
+  // Within the permitted 192.168.0.0/255.255.0.0 range.
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 0, 1)));
+
+  // Within the permitted 192.168.0.0/255.255.0.0 range, however the
+  // excluded 192.168.5.0/255.255.255.0 takes priority.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 5, 1)));
+
+  // Within the permitted 192.168.0.0/255.255.0.0 range as well as the
+  // permitted 192.168.5.32/255.255.255.224 range, however the excluded
+  // 192.168.5.0/255.255.255.0 still takes priority.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 5, 33)));
+
+  // Not in any permitted range. (Just outside the
+  // 192.167.5.32/255.255.255.224 range.)
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 31)));
+
+  // Within the permitted 192.167.5.32/255.255.255.224 range.
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 32)));
+
+  // Within the permitted 192.167.5.32/255.255.255.224 range.
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 63)));
+
+  // Not in any permitted range. (Just outside the
+  // 192.167.5.32/255.255.255.224 range.)
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 64)));
+
+  // Not in any permitted range, and also inside the extraneous excluded
+  // 192.166.5.32/255.255.255.224 range.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 166, 5, 32)));
 
   // IPv6 tests:
-  {
-    // Not in any permitted range.
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Within the permitted
-    // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range.
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 0, 0, 0, 1};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Within the permitted
-    // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range, however
-    // the excluded
-    // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes
-    // priority.
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 0, 0, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Within the permitted
-    // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range as well
-    // as the permitted
-    // 102:304:506:708:90a:b0c:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0,
-    // however the excluded
-    // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes
-    // priority.
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 33, 0, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Not in any permitted range. (Just outside the
-    // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0
-    // range.)
-    const uint8_t ip6[] = {1, 2,  3,  4,  5, 6,  7,   8,
-                           9, 10, 11, 11, 5, 31, 255, 255};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Within the permitted
-    // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range.
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 32, 0, 0};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Within the permitted
-    // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range.
-    const uint8_t ip6[] = {1, 2,  3,  4,  5, 6,  7,   8,
-                           9, 10, 11, 11, 5, 63, 255, 255};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Not in any permitted range. (Just outside the
-    // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0
-    // range.)
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 64, 0, 0};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    // Not in any permitted range, and also inside the extraneous excluded
-    // 102:304:506:708:90a:b0a:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range.
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 10, 5, 33, 0, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
+
+  // Not in any permitted range.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1)));
+
+  // Within the permitted
+  // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range.
+  EXPECT_TRUE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 0, 0, 0, 1)));
+
+  // Within the permitted
+  // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range, however
+  // the excluded
+  // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes
+  // priority.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 0, 0, 1)));
+
+  // Within the permitted
+  // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range as well
+  // as the permitted
+  // 102:304:506:708:90a:b0c:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0,
+  // however the excluded
+  // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes
+  // priority.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 33, 0, 1)));
+
+  // Not in any permitted range. (Just outside the
+  // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0
+  // range.)
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 31, 255, 255)));
+
+  // Within the permitted
+  // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range.
+  EXPECT_TRUE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 32, 0, 0)));
+
+  // Within the permitted
+  // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range.
+  EXPECT_TRUE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 63, 255, 255)));
+
+  // Not in any permitted range. (Just outside the
+  // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0
+  // range.)
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 64, 0, 0)));
+
+  // Not in any permitted range, and also inside the extraneous excluded
+  // 102:304:506:708:90a:b0a:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range.
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 10, 5, 33, 0, 1)));
 
   EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, name_constraints->ConstrainedNameTypes());
 
@@ -572,21 +526,10 @@ TEST_P(ParseNameConstraints, IPAdressesExcludeOnly) {
 
   // Only 192.168.5.0/255.255.255.0 is excluded, and since permitted is empty,
   // any iPAddress outside that is allowed.
-  {
-    const uint8_t ip4[] = {192, 168, 0, 1};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 5, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 0, 1)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 5, 1)));
+  EXPECT_TRUE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1)));
 }
 
 TEST_P(ParseNameConstraints, IPAdressesExcludeAll) {
@@ -600,26 +543,12 @@ TEST_P(ParseNameConstraints, IPAdressesExcludeAll) {
   // 192.168.0.0/255.255.0.0 and
   // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: are permitted,
   // but since 0.0.0.0/0 and ::/0 are excluded nothing is permitted.
-  {
-    const uint8_t ip4[] = {192, 168, 0, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {1, 1, 1, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip6[] = {2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
-  {
-    const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip6, ip6 + arraysize(ip6))));
-  }
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 0, 1)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(1, 1, 1, 1)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(
+      IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1)));
 }
 
 TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitSingleHost) {
@@ -630,36 +559,12 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitSingleHost) {
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
-  {
-    const uint8_t ip4[] = {0, 0, 0, 0};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 2};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 3};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 4};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {255, 255, 255, 255};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros()));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 1)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 2)));
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 3)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 4)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(255, 255, 255, 255)));
 }
 
 TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen31) {
@@ -670,41 +575,13 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen31) {
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
-  {
-    const uint8_t ip4[] = {0, 0, 0, 0};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 1};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 2};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 3};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 4};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 5};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {255, 255, 255, 255};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros()));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 1)));
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 2)));
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 3)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 4)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 5)));
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(255, 255, 255, 255)));
 }
 
 TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen1) {
@@ -715,26 +592,12 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen1) {
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
-  {
-    const uint8_t ip4[] = {0, 0, 0, 0};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {0x7F, 0xFF, 0xFF, 0xFF};
-    EXPECT_FALSE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {0x80, 0, 0, 0};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {0xFF, 0xFF, 0xFF, 0xFF};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
+  EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros()));
+  EXPECT_FALSE(
+      name_constraints->IsPermittedIP(IPAddress(0x7F, 0xFF, 0xFF, 0xFF)));
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(0x80, 0, 0, 0)));
+  EXPECT_TRUE(
+      name_constraints->IsPermittedIP(IPAddress(0xFF, 0xFF, 0xFF, 0xFF)));
 }
 
 TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitAll) {
@@ -745,21 +608,9 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitAll) {
       NameConstraints::CreateFromDer(der::Input(&a), is_critical()));
   ASSERT_TRUE(name_constraints);
 
-  {
-    const uint8_t ip4[] = {0, 0, 0, 0};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {192, 168, 1, 1};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
-  {
-    const uint8_t ip4[] = {255, 255, 255, 255};
-    EXPECT_TRUE(name_constraints->IsPermittedIP(
-        IPAddressNumber(ip4, ip4 + arraysize(ip4))));
-  }
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros()));
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 1)));
+  EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(255, 255, 255, 255)));
 }
 
 TEST_P(ParseNameConstraints, IPAdressesFailOnInvalidAddr) {
author	martijn <martijn@martijnc.be>	2016-03-22 15:29:56 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-03-22 22:31:14 +0000
commit	cd42ba75341213b8995a88274f1858a5274a11a3 (patch)
tree	2a1670b340e695b39d3d4b64b517924982a57ad8 /net
parent	430477a94f8f370ffa7af04919b536d4a158c7c7 (diff)
download	chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.zip chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.tar.gz chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.tar.bz2