diff options
author | martijn <martijn@martijnc.be> | 2016-03-22 15:29:56 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-22 22:31:14 +0000 |
commit | cd42ba75341213b8995a88274f1858a5274a11a3 (patch) | |
tree | 2a1670b340e695b39d3d4b64b517924982a57ad8 /net | |
parent | 430477a94f8f370ffa7af04919b536d4a158c7c7 (diff) | |
download | chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.zip chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.tar.gz chromium_src-cd42ba75341213b8995a88274f1858a5274a11a3.tar.bz2 |
Migrate net/cert/* to net::IPAddress.
BUG=496258
Review URL: https://codereview.chromium.org/1822563002
Cr-Commit-Position: refs/heads/master@{#382713}
Diffstat (limited to 'net')
-rw-r--r-- | net/base/ip_address.cc | 21 | ||||
-rw-r--r-- | net/base/ip_address.h | 23 | ||||
-rw-r--r-- | net/base/ip_address_unittest.cc | 14 | ||||
-rw-r--r-- | net/cert/internal/name_constraints.cc | 31 | ||||
-rw-r--r-- | net/cert/internal/name_constraints.h | 8 | ||||
-rw-r--r-- | net/cert/internal/name_constraints_unittest.cc | 389 |
6 files changed, 195 insertions, 291 deletions
diff --git a/net/base/ip_address.cc b/net/base/ip_address.cc index 7ae68bf..26c8cc5 100644 --- a/net/base/ip_address.cc +++ b/net/base/ip_address.cc @@ -30,6 +30,27 @@ IPAddress::IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3) { ip_address_.push_back(b3); } +IPAddress::IPAddress(uint8_t b0, + uint8_t b1, + uint8_t b2, + uint8_t b3, + uint8_t b4, + uint8_t b5, + uint8_t b6, + uint8_t b7, + uint8_t b8, + uint8_t b9, + uint8_t b10, + uint8_t b11, + uint8_t b12, + uint8_t b13, + uint8_t b14, + uint8_t b15) { + const uint8_t address[] = {b0, b1, b2, b3, b4, b5, b6, b7, + b8, b9, b10, b11, b12, b13, b14, b15}; + ip_address_ = std::vector<uint8_t>(std::begin(address), std::end(address)); +} + IPAddress::~IPAddress() {} bool IPAddress::IsIPv4() const { diff --git a/net/base/ip_address.h b/net/base/ip_address.h index 91ce071..1897ebcc 100644 --- a/net/base/ip_address.h +++ b/net/base/ip_address.h @@ -40,10 +40,29 @@ class NET_EXPORT IPAddress { // parameter. The input is expected to be in network byte order. IPAddress(const uint8_t* address, size_t address_len); - // Initializes |ip_address_| from the 4 bX bytes. The bytes are expected to be - // in network byte order. + // Initializes |ip_address_| from the 4 bX bytes to form an IPv4 address. + // The bytes are expected to be in network byte order. IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3); + // Initializes |ip_address_| from the 16 bX bytes to form an IPv6 address. + // The bytes are expected to be in network byte order. + IPAddress(uint8_t b0, + uint8_t b1, + uint8_t b2, + uint8_t b3, + uint8_t b4, + uint8_t b5, + uint8_t b6, + uint8_t b7, + uint8_t b8, + uint8_t b9, + uint8_t b10, + uint8_t b11, + uint8_t b12, + uint8_t b13, + uint8_t b14, + uint8_t b15); + ~IPAddress(); // Returns true if the IP has |kIPv4AddressSize| elements. diff --git a/net/base/ip_address_unittest.cc b/net/base/ip_address_unittest.cc index 3ebcb72..d386e49 100644 --- a/net/base/ip_address_unittest.cc +++ b/net/base/ip_address_unittest.cc @@ -24,6 +24,20 @@ std::string DumpIPAddress(const IPAddress& v) { return out; } +TEST(IPAddressTest, ConstructIPv4) { + EXPECT_EQ("127.0.0.1", IPAddress::IPv4Localhost().ToString()); + + IPAddress ipv4_ctor(192, 168, 1, 1); + EXPECT_EQ("192.168.1.1", ipv4_ctor.ToString()); +} + +TEST(IPAddressTest, ConstructIPv6) { + EXPECT_EQ("::1", IPAddress::IPv6Localhost().ToString()); + + IPAddress ipv6_ctor(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16); + EXPECT_EQ("102:304:506:708:90a:b0c:d0e:f10", ipv6_ctor.ToString()); +} + TEST(IPAddressTest, IsIPVersion) { uint8_t addr1[4] = {192, 168, 0, 1}; IPAddress ip_address1(addr1); diff --git a/net/cert/internal/name_constraints.cc b/net/cert/internal/name_constraints.cc index 2077d20..9141a02 100644 --- a/net/cert/internal/name_constraints.cc +++ b/net/cert/internal/name_constraints.cc @@ -192,12 +192,12 @@ WARN_UNUSED_RESULT bool ParseGeneralName( // version 4, as specified in [RFC791], the octet string MUST contain // exactly four octets. For IP version 6, as specified in [RFC2460], // the octet string MUST contain exactly sixteen octets. - if ((value.Length() != kIPv4AddressSize && - value.Length() != kIPv6AddressSize)) { + if ((value.Length() != IPAddress::kIPv4AddressSize && + value.Length() != IPAddress::kIPv6AddressSize)) { return false; } - subtrees->ip_addresses.push_back(std::vector<uint8_t>( - value.UnsafeData(), value.UnsafeData() + value.Length())); + subtrees->ip_addresses.push_back( + IPAddress(value.UnsafeData(), value.Length())); } else { DCHECK_EQ(ip_address_type, IP_ADDRESS_AND_NETMASK); // RFC 5280 section 4.2.1.10: @@ -210,19 +210,18 @@ WARN_UNUSED_RESULT bool ParseGeneralName( // constraint for "class C" subnet 192.0.2.0 is represented as the // octets C0 00 02 00 FF FF FF 00, representing the CIDR notation // 192.0.2.0/24 (mask 255.255.255.0). - if (value.Length() != kIPv4AddressSize * 2 && - value.Length() != kIPv6AddressSize * 2) { + if (value.Length() != IPAddress::kIPv4AddressSize * 2 && + value.Length() != IPAddress::kIPv6AddressSize * 2) { return false; } - const std::vector<uint8_t> mask(value.UnsafeData() + value.Length() / 2, - value.UnsafeData() + value.Length()); + const IPAddress mask(value.UnsafeData() + value.Length() / 2, + value.Length() / 2); const unsigned mask_prefix_length = MaskPrefixLength(mask); - if (!IsSuffixZero(mask, mask_prefix_length)) + if (!IsSuffixZero(mask.bytes(), mask_prefix_length)) return false; - subtrees->ip_address_ranges.push_back(std::make_pair( - std::vector<uint8_t>(value.UnsafeData(), - value.UnsafeData() + value.Length() / 2), - mask_prefix_length)); + subtrees->ip_address_ranges.push_back( + std::make_pair(IPAddress(value.UnsafeData(), value.Length() / 2), + mask_prefix_length)); } } else if (tag == der::ContextSpecificPrimitive(8)) { // registeredID [8] OBJECT IDENTIFIER } @@ -524,9 +523,9 @@ bool NameConstraints::IsPermittedDirectoryName( return false; } -bool NameConstraints::IsPermittedIP(const IPAddressNumber& ip) const { +bool NameConstraints::IsPermittedIP(const IPAddress& ip) const { for (const auto& excluded_ip : excluded_subtrees_.ip_address_ranges) { - if (IPNumberMatchesPrefix(ip, excluded_ip.first, excluded_ip.second)) + if (IPAddressMatchesPrefix(ip, excluded_ip.first, excluded_ip.second)) return false; } @@ -536,7 +535,7 @@ bool NameConstraints::IsPermittedIP(const IPAddressNumber& ip) const { return true; for (const auto& permitted_ip : permitted_subtrees_.ip_address_ranges) { - if (IPNumberMatchesPrefix(ip, permitted_ip.first, permitted_ip.second)) + if (IPAddressMatchesPrefix(ip, permitted_ip.first, permitted_ip.second)) return true; } diff --git a/net/cert/internal/name_constraints.h b/net/cert/internal/name_constraints.h index 07b98a3..35ff913 100644 --- a/net/cert/internal/name_constraints.h +++ b/net/cert/internal/name_constraints.h @@ -11,7 +11,7 @@ #include "base/compiler_specific.h" #include "base/memory/scoped_ptr.h" -#include "net/base/ip_address_number.h" +#include "net/base/ip_address.h" namespace net { @@ -59,11 +59,11 @@ struct NET_EXPORT GeneralNames { // iPAddresses as sequences of octets in network byte order. This will be // populated if the GeneralNames represents a Subject Alternative Name. - std::vector<std::vector<uint8_t>> ip_addresses; + std::vector<IPAddress> ip_addresses; // iPAddress ranges, as <IP, prefix length> pairs. This will be populated // if the GeneralNames represents a Name Constraints. - std::vector<std::pair<std::vector<uint8_t>, unsigned>> ip_address_ranges; + std::vector<std::pair<IPAddress, unsigned>> ip_address_ranges; // Which name types were present, as a bitfield of GeneralNameTypes. // Includes both the supported and unsupported types (although unsupported @@ -111,7 +111,7 @@ class NET_EXPORT NameConstraints { bool IsPermittedDirectoryName(const der::Input& name_rdn_sequence) const; // Returns true if the iPAddress |ip| is permitted. - bool IsPermittedIP(const IPAddressNumber& ip) const; + bool IsPermittedIP(const IPAddress& ip) const; // Returns a bitfield of GeneralNameTypes of all the types constrained by this // NameConstraints. Name types that aren't supported will only be present if diff --git a/net/cert/internal/name_constraints_unittest.cc b/net/cert/internal/name_constraints_unittest.cc index 879986e..693597d 100644 --- a/net/cert/internal/name_constraints_unittest.cc +++ b/net/cert/internal/name_constraints_unittest.cc @@ -4,6 +4,7 @@ #include "net/cert/internal/name_constraints.h" +#include "net/base/ip_address.h" #include "net/cert/internal/test_helpers.h" #include "testing/gtest/include/gtest/gtest.h" @@ -409,142 +410,95 @@ TEST_P(ParseNameConstraints, IPAdresses) { ASSERT_TRUE(name_constraints); // IPv4 tests: - { - // Not in any permitted range. - const uint8_t ip4[] = {192, 169, 0, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Within the permitted 192.168.0.0/255.255.0.0 range. - const uint8_t ip4[] = {192, 168, 0, 1}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Within the permitted 192.168.0.0/255.255.0.0 range, however the - // excluded 192.168.5.0/255.255.255.0 takes priority. - const uint8_t ip4[] = {192, 168, 5, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Within the permitted 192.168.0.0/255.255.0.0 range as well as the - // permitted 192.168.5.32/255.255.255.224 range, however the excluded - // 192.168.5.0/255.255.255.0 still takes priority. - const uint8_t ip4[] = {192, 168, 5, 33}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Not in any permitted range. (Just outside the - // 192.167.5.32/255.255.255.224 range.) - const uint8_t ip4[] = {192, 167, 5, 31}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Within the permitted 192.167.5.32/255.255.255.224 range. - const uint8_t ip4[] = {192, 167, 5, 32}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Within the permitted 192.167.5.32/255.255.255.224 range. - const uint8_t ip4[] = {192, 167, 5, 63}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Not in any permitted range. (Just outside the - // 192.167.5.32/255.255.255.224 range.) - const uint8_t ip4[] = {192, 167, 5, 64}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - // Not in any permitted range, and also inside the extraneous excluded - // 192.166.5.32/255.255.255.224 range. - const uint8_t ip4[] = {192, 166, 5, 32}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } + + // Not in any permitted range. + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 169, 0, 1))); + + // Within the permitted 192.168.0.0/255.255.0.0 range. + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 0, 1))); + + // Within the permitted 192.168.0.0/255.255.0.0 range, however the + // excluded 192.168.5.0/255.255.255.0 takes priority. + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 5, 1))); + + // Within the permitted 192.168.0.0/255.255.0.0 range as well as the + // permitted 192.168.5.32/255.255.255.224 range, however the excluded + // 192.168.5.0/255.255.255.0 still takes priority. + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 5, 33))); + + // Not in any permitted range. (Just outside the + // 192.167.5.32/255.255.255.224 range.) + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 31))); + + // Within the permitted 192.167.5.32/255.255.255.224 range. + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 32))); + + // Within the permitted 192.167.5.32/255.255.255.224 range. + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 63))); + + // Not in any permitted range. (Just outside the + // 192.167.5.32/255.255.255.224 range.) + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 167, 5, 64))); + + // Not in any permitted range, and also inside the extraneous excluded + // 192.166.5.32/255.255.255.224 range. + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 166, 5, 32))); // IPv6 tests: - { - // Not in any permitted range. - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Within the permitted - // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range. - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 0, 0, 0, 1}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Within the permitted - // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range, however - // the excluded - // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes - // priority. - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 0, 0, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Within the permitted - // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range as well - // as the permitted - // 102:304:506:708:90a:b0c:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0, - // however the excluded - // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes - // priority. - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 33, 0, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Not in any permitted range. (Just outside the - // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 - // range.) - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, - 9, 10, 11, 11, 5, 31, 255, 255}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Within the permitted - // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 32, 0, 0}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Within the permitted - // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, - 9, 10, 11, 11, 5, 63, 255, 255}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Not in any permitted range. (Just outside the - // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 - // range.) - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 64, 0, 0}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - // Not in any permitted range, and also inside the extraneous excluded - // 102:304:506:708:90a:b0a:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 10, 5, 33, 0, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } + + // Not in any permitted range. + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1))); + + // Within the permitted + // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range. + EXPECT_TRUE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 0, 0, 0, 1))); + + // Within the permitted + // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range, however + // the excluded + // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes + // priority. + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 0, 0, 1))); + + // Within the permitted + // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: range as well + // as the permitted + // 102:304:506:708:90a:b0c:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0, + // however the excluded + // 102:304:506:708:90a:b0c:500:0/ffff:ffff:ffff:ffff:ffff:ffff:ff00:0 takes + // priority. + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 5, 33, 0, 1))); + + // Not in any permitted range. (Just outside the + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 + // range.) + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 31, 255, 255))); + + // Within the permitted + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. + EXPECT_TRUE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 32, 0, 0))); + + // Within the permitted + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. + EXPECT_TRUE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 63, 255, 255))); + + // Not in any permitted range. (Just outside the + // 102:304:506:708:90a:b0b:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 + // range.) + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 11, 5, 64, 0, 0))); + + // Not in any permitted range, and also inside the extraneous excluded + // 102:304:506:708:90a:b0a:520:0/ffff:ffff:ffff:ffff:ffff:ffff:ff60:0 range. + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 10, 5, 33, 0, 1))); EXPECT_EQ(GENERAL_NAME_IP_ADDRESS, name_constraints->ConstrainedNameTypes()); @@ -572,21 +526,10 @@ TEST_P(ParseNameConstraints, IPAdressesExcludeOnly) { // Only 192.168.5.0/255.255.255.0 is excluded, and since permitted is empty, // any iPAddress outside that is allowed. - { - const uint8_t ip4[] = {192, 168, 0, 1}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 5, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 0, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 5, 1))); + EXPECT_TRUE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1))); } TEST_P(ParseNameConstraints, IPAdressesExcludeAll) { @@ -600,26 +543,12 @@ TEST_P(ParseNameConstraints, IPAdressesExcludeAll) { // 192.168.0.0/255.255.0.0 and // 102:304:506:708:90a:b0c::/ffff:ffff:ffff:ffff:ffff:ffff:: are permitted, // but since 0.0.0.0/0 and ::/0 are excluded nothing is permitted. - { - const uint8_t ip4[] = {192, 168, 0, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {1, 1, 1, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip6[] = {2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } - { - const uint8_t ip6[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip6, ip6 + arraysize(ip6)))); - } + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 0, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(1, 1, 1, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP( + IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 0, 0, 1))); } TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitSingleHost) { @@ -630,36 +559,12 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitSingleHost) { NameConstraints::CreateFromDer(der::Input(&a), is_critical())); ASSERT_TRUE(name_constraints); - { - const uint8_t ip4[] = {0, 0, 0, 0}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 2}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 3}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 4}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {255, 255, 255, 255}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros())); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 1))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 2))); + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 3))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 4))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(255, 255, 255, 255))); } TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen31) { @@ -670,41 +575,13 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen31) { NameConstraints::CreateFromDer(der::Input(&a), is_critical())); ASSERT_TRUE(name_constraints); - { - const uint8_t ip4[] = {0, 0, 0, 0}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 1}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 2}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 3}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 4}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 5}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {255, 255, 255, 255}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros())); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 1))); + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 2))); + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 3))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 4))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 5))); + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress(255, 255, 255, 255))); } TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen1) { @@ -715,26 +592,12 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitPrefixLen1) { NameConstraints::CreateFromDer(der::Input(&a), is_critical())); ASSERT_TRUE(name_constraints); - { - const uint8_t ip4[] = {0, 0, 0, 0}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {0x7F, 0xFF, 0xFF, 0xFF}; - EXPECT_FALSE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {0x80, 0, 0, 0}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {0xFF, 0xFF, 0xFF, 0xFF}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } + EXPECT_FALSE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros())); + EXPECT_FALSE( + name_constraints->IsPermittedIP(IPAddress(0x7F, 0xFF, 0xFF, 0xFF))); + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(0x80, 0, 0, 0))); + EXPECT_TRUE( + name_constraints->IsPermittedIP(IPAddress(0xFF, 0xFF, 0xFF, 0xFF))); } TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitAll) { @@ -745,21 +608,9 @@ TEST_P(ParseNameConstraints, IPAdressesNetmaskPermitAll) { NameConstraints::CreateFromDer(der::Input(&a), is_critical())); ASSERT_TRUE(name_constraints); - { - const uint8_t ip4[] = {0, 0, 0, 0}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {192, 168, 1, 1}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } - { - const uint8_t ip4[] = {255, 255, 255, 255}; - EXPECT_TRUE(name_constraints->IsPermittedIP( - IPAddressNumber(ip4, ip4 + arraysize(ip4)))); - } + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress::IPv4AllZeros())); + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(192, 168, 1, 1))); + EXPECT_TRUE(name_constraints->IsPermittedIP(IPAddress(255, 255, 255, 255))); } TEST_P(ParseNameConstraints, IPAdressesFailOnInvalidAddr) { |