From 11f40349ae8b6a644399d7b609a3c702873ddc3b Mon Sep 17 00:00:00 2001 From: "rsleevi@chromium.org" Date: Mon, 22 Nov 2010 13:35:49 +0000 Subject: Clean-up style issues in net:: related to X.509 data-types, eliminating unnecessary includes and marking platform-specific implementations as such. Also clearly document that CertPrincipal::Matches() is not suitable for security-relevant name checks. In addition, because x509_cert_types.h no longer includes base/singleton.h, fix all the classes that broke because they weren't including what they used. BUG=none TEST=existing Review URL: http://codereview.chromium.org/5162001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66941 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/cert_database_nss_unittest.cc | 1 + net/base/x509_cert_types.cc | 60 ---- net/base/x509_cert_types.h | 28 +- net/base/x509_cert_types_mac.cc | 246 ++++++++------- net/base/x509_cert_types_mac_unittest.cc | 341 ++++++++++++++++++++ net/base/x509_cert_types_unittest.cc | 344 --------------------- net/base/x509_certificate.cc | 1 + net/base/x509_certificate.h | 2 + net/base/x509_certificate_mac.cc | 1 + net/base/x509_certificate_win.cc | 1 + net/net.gyp | 2 +- net/socket/ssl_client_socket_nss.cc | 18 +- net/socket_stream/socket_stream_job.cc | 1 + .../mozilla_security_manager/nsPKCS12Blob.cpp | 1 + 14 files changed, 502 insertions(+), 545 deletions(-) create mode 100644 net/base/x509_cert_types_mac_unittest.cc delete mode 100644 net/base/x509_cert_types_unittest.cc (limited to 'net') diff --git a/net/base/cert_database_nss_unittest.cc b/net/base/cert_database_nss_unittest.cc index c68b6fd..5056e5d 100644 --- a/net/base/cert_database_nss_unittest.cc +++ b/net/base/cert_database_nss_unittest.cc @@ -14,6 +14,7 @@ #include "base/nss_util_internal.h" #include "base/path_service.h" #include "base/scoped_temp_dir.h" +#include "base/singleton.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" #include "net/base/cert_database.h" diff --git a/net/base/x509_cert_types.cc b/net/base/x509_cert_types.cc index 5dfc57a..cdfbdaa 100644 --- a/net/base/x509_cert_types.cc +++ b/net/base/x509_cert_types.cc @@ -4,38 +4,11 @@ #include "net/base/x509_cert_types.h" -#include - #include "net/base/x509_certificate.h" #include "base/logging.h" namespace net { -bool match(const std::string &str, const std::string &against) { - // TODO(snej): Use the full matching rules specified in RFC 5280 sec. 7.1 - // including trimming and case-folding: . - return against == str; -} - -bool match(const std::vector &rdn1, - const std::vector &rdn2) { - // "Two relative distinguished names RDN1 and RDN2 match if they have the - // same number of naming attributes and for each naming attribute in RDN1 - // there is a matching naming attribute in RDN2." --RFC 5280 sec. 7.1. - if (rdn1.size() != rdn2.size()) - return false; - for (unsigned i1 = 0; i1 < rdn1.size(); ++i1) { - unsigned i2; - for (i2 = 0; i2 < rdn2.size(); ++i2) { - if (match(rdn1[i1], rdn2[i2])) - break; - } - if (i2 == rdn2.size()) - return false; - } - return true; -} - CertPrincipal::CertPrincipal() { } @@ -44,18 +17,6 @@ CertPrincipal::CertPrincipal(const std::string& name) : common_name(name) {} CertPrincipal::~CertPrincipal() { } -bool CertPrincipal::Matches(const CertPrincipal& against) const { - return match(common_name, against.common_name) && - match(common_name, against.common_name) && - match(locality_name, against.locality_name) && - match(state_or_province_name, against.state_or_province_name) && - match(country_name, against.country_name) && - match(street_addresses, against.street_addresses) && - match(organization_names, against.organization_names) && - match(organization_unit_names, against.organization_unit_names) && - match(domain_components, against.domain_components); -} - std::string CertPrincipal::GetDisplayName() const { if (!common_name.empty()) return common_name; @@ -67,27 +28,6 @@ std::string CertPrincipal::GetDisplayName() const { return std::string(); } -std::ostream& operator<<(std::ostream& s, const CertPrincipal& p) { - s << "CertPrincipal["; - if (!p.common_name.empty()) - s << "cn=\"" << p.common_name << "\" "; - for (unsigned i = 0; i < p.street_addresses.size(); ++i) - s << "street=\"" << p.street_addresses[i] << "\" "; - if (!p.locality_name.empty()) - s << "l=\"" << p.locality_name << "\" "; - for (unsigned i = 0; i < p.organization_names.size(); ++i) - s << "o=\"" << p.organization_names[i] << "\" "; - for (unsigned i = 0; i < p.organization_unit_names.size(); ++i) - s << "ou=\"" << p.organization_unit_names[i] << "\" "; - if (!p.state_or_province_name.empty()) - s << "st=\"" << p.state_or_province_name << "\" "; - if (!p.country_name.empty()) - s << "c=\"" << p.country_name << "\" "; - for (unsigned i = 0; i < p.domain_components.size(); ++i) - s << "dc=\"" << p.domain_components[i] << "\" "; - return s << "]"; -} - CertPolicy::CertPolicy() { } diff --git a/net/base/x509_cert_types.h b/net/base/x509_cert_types.h index 7723c22..f762e56 100644 --- a/net/base/x509_cert_types.h +++ b/net/base/x509_cert_types.h @@ -8,25 +8,14 @@ #include -#include -#include #include #include #include -#include "base/ref_counted.h" -#include "base/singleton.h" -#include "base/time.h" -#include "testing/gtest/include/gtest/gtest_prod.h" +#include "build/build_config.h" -#if defined(OS_WIN) -#include -#include -#elif defined(OS_MACOSX) +#if defined(OS_MACOSX) #include -#elif defined(USE_NSS) -// Forward declaration; real one in -struct CERTCertificateStr; #endif namespace net { @@ -56,17 +45,19 @@ struct CertPrincipal { explicit CertPrincipal(const std::string& name); ~CertPrincipal(); +#if defined(OS_MACOSX) // Parses a BER-format DistinguishedName. bool ParseDistinguishedName(const void* ber_name_data, size_t length); -#if defined(OS_MACOSX) // Parses a CSSM_X509_NAME struct. void Parse(const CSSM_X509_NAME* name); -#endif - // Returns true if all attributes of the two objects match, - // where "match" is defined in RFC 5280 sec. 7.1. + // Compare this CertPrincipal with |against|, returning true if they're + // equal enough to be a possible match. This should NOT be used for any + // security relevant decisions. + // TODO(rsleevi): Remove once Mac client auth uses NSS for name comparison. bool Matches(const CertPrincipal& against) const; +#endif // Returns a name that can be used to represent the issuer. It tries in this // order: CN, O and OU and returns the first non-empty one found. @@ -86,9 +77,6 @@ struct CertPrincipal { std::vector domain_components; }; -// Writes a human-readable description of a CertPrincipal, for debugging. -std::ostream& operator<<(std::ostream& s, const CertPrincipal& p); - // This class is useful for maintaining policies about which certificates are // permitted or forbidden for a particular purpose. class CertPolicy { diff --git a/net/base/x509_cert_types_mac.cc b/net/base/x509_cert_types_mac.cc index 14d5eee..c672863 100644 --- a/net/base/x509_cert_types_mac.cc +++ b/net/base/x509_cert_types_mac.cc @@ -14,7 +14,9 @@ namespace net { -static const CSSM_OID* kOIDs[] = { +namespace { + +const CSSM_OID* kOIDs[] = { &CSSMOID_CommonName, &CSSMOID_LocalityName, &CSSMOID_StateProvinceName, @@ -25,65 +27,6 @@ static const CSSM_OID* kOIDs[] = { &CSSMOID_DNQualifier // This should be "DC" but is undoubtedly wrong. }; // TODO(avi): Find the right OID. -// Converts raw CSSM_DATA to a std::string. (Char encoding is unaltered.) -static std::string DataToString(CSSM_DATA data); - -// Converts raw CSSM_DATA in ISO-8859-1 to a std::string in UTF-8. -static std::string Latin1DataToUTF8String(CSSM_DATA data); - -// Converts big-endian UTF-16 to UTF-8 in a std::string. -// Note: The byte-order flipping is done in place on the input buffer! -static bool UTF16BigEndianToUTF8(char16* chars, size_t length, - std::string* out_string); - -// Converts big-endian UTF-32 to UTF-8 in a std::string. -// Note: The byte-order flipping is done in place on the input buffer! -static bool UTF32BigEndianToUTF8(char32* chars, size_t length, - std::string* out_string); - -// Adds a type+value pair to the appropriate vector from a C array. -// The array is keyed by the matching OIDs from kOIDS[]. - static void AddTypeValuePair(const CSSM_OID type, - const std::string& value, - std::vector* values[]); - -// Stores the first string of the vector, if any, to *single_value. -static void SetSingle(const std::vector &values, - std::string* single_value); - - -void CertPrincipal::Parse(const CSSM_X509_NAME* name) { - std::vector common_names, locality_names, state_names, - country_names; - - std::vector* values[] = { - &common_names, &locality_names, - &state_names, &country_names, - &(this->street_addresses), - &(this->organization_names), - &(this->organization_unit_names), - &(this->domain_components) - }; - DCHECK(arraysize(kOIDs) == arraysize(values)); - - for (size_t rdn = 0; rdn < name->numberOfRDNs; ++rdn) { - CSSM_X509_RDN rdn_struct = name->RelativeDistinguishedName[rdn]; - for (size_t pair = 0; pair < rdn_struct.numberOfPairs; ++pair) { - CSSM_X509_TYPE_VALUE_PAIR pair_struct = - rdn_struct.AttributeTypeAndValue[pair]; - AddTypeValuePair(pair_struct.type, - DataToString(pair_struct.value), - values); - } - } - - SetSingle(common_names, &this->common_name); - SetSingle(locality_names, &this->locality_name); - SetSingle(state_names, &this->state_or_province_name); - SetSingle(country_names, &this->country_name); -} - - // The following structs and templates work with Apple's very arcane and under- // documented SecAsn1Parser API, which is apparently the same as NSS's ASN.1 // decoder: @@ -108,7 +51,7 @@ struct KeyValuePair { }; }; -static const SecAsn1Template kStringValueTemplate[] = { +const SecAsn1Template kStringValueTemplate[] = { { SEC_ASN1_CHOICE, offsetof(KeyValuePair, value_type), }, { SEC_ASN1_PRINTABLE_STRING, offsetof(KeyValuePair, value), 0, KeyValuePair::kTypePrintableString }, @@ -125,7 +68,7 @@ static const SecAsn1Template kStringValueTemplate[] = { { 0, } }; -static const SecAsn1Template kKeyValuePairTemplate[] = { +const SecAsn1Template kKeyValuePairTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KeyValuePair) }, { SEC_ASN1_OBJECT_ID, offsetof(KeyValuePair, key), }, { SEC_ASN1_INLINE, 0, &kStringValueTemplate, }, @@ -136,8 +79,8 @@ struct KeyValuePairs { KeyValuePair* pairs; }; -static const SecAsn1Template kKeyValuePairSetTemplate[] = { - { SEC_ASN1_SET_OF, offsetof(KeyValuePairs,pairs), +const SecAsn1Template kKeyValuePairSetTemplate[] = { + { SEC_ASN1_SET_OF, offsetof(KeyValuePairs, pairs), kKeyValuePairTemplate, sizeof(KeyValuePairs) } }; @@ -145,11 +88,99 @@ struct X509Name { KeyValuePairs** pairs_list; }; -static const SecAsn1Template kNameTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, offsetof(X509Name,pairs_list), +const SecAsn1Template kNameTemplate[] = { + { SEC_ASN1_SEQUENCE_OF, offsetof(X509Name, pairs_list), kKeyValuePairSetTemplate, sizeof(X509Name) } }; +// Converts raw CSSM_DATA to a std::string. (Char encoding is unaltered.) +std::string DataToString(CSSM_DATA data) { + return std::string( + reinterpret_cast(data.Data), + data.Length); +} + +// Converts raw CSSM_DATA in ISO-8859-1 to a std::string in UTF-8. +std::string Latin1DataToUTF8String(CSSM_DATA data) { + string16 utf16; + if (!CodepageToUTF16(DataToString(data), base::kCodepageLatin1, + base::OnStringConversionError::FAIL, &utf16)) + return ""; + return UTF16ToUTF8(utf16); +} + +// Converts big-endian UTF-16 to UTF-8 in a std::string. +// Note: The byte-order flipping is done in place on the input buffer! +bool UTF16BigEndianToUTF8(char16* chars, size_t length, + std::string* out_string) { + for (size_t i = 0; i < length; i++) + chars[i] = EndianU16_BtoN(chars[i]); + return UTF16ToUTF8(chars, length, out_string); +} + +// Converts big-endian UTF-32 to UTF-8 in a std::string. +// Note: The byte-order flipping is done in place on the input buffer! +bool UTF32BigEndianToUTF8(char32* chars, size_t length, + std::string* out_string) { + for (size_t i = 0; i < length; ++i) + chars[i] = EndianS32_BtoN(chars[i]); +#if defined(WCHAR_T_IS_UTF32) + return WideToUTF8(reinterpret_cast(chars), + length, out_string); +#else +#error This code doesn't handle 16-bit wchar_t. +#endif +} + +// Adds a type+value pair to the appropriate vector from a C array. +// The array is keyed by the matching OIDs from kOIDS[]. +void AddTypeValuePair(const CSSM_OID type, + const std::string& value, + std::vector* values[]) { + for (size_t oid = 0; oid < arraysize(kOIDs); ++oid) { + if (CSSMOIDEqual(&type, kOIDs[oid])) { + values[oid]->push_back(value); + break; + } + } +} + +// Stores the first string of the vector, if any, to *single_value. +void SetSingle(const std::vector& values, + std::string* single_value) { + // We don't expect to have more than one CN, L, S, and C. + LOG_IF(WARNING, values.size() > 1) << "Didn't expect multiple values"; + if (values.size() > 0) + *single_value = values[0]; +} + +bool match(const std::string& str, const std::string& against) { + // TODO(snej): Use the full matching rules specified in RFC 5280 sec. 7.1 + // including trimming and case-folding: . + return against == str; +} + +bool match(const std::vector& rdn1, + const std::vector& rdn2) { + // "Two relative distinguished names RDN1 and RDN2 match if they have the + // same number of naming attributes and for each naming attribute in RDN1 + // there is a matching naming attribute in RDN2." --RFC 5280 sec. 7.1. + if (rdn1.size() != rdn2.size()) + return false; + for (unsigned i1 = 0; i1 < rdn1.size(); ++i1) { + unsigned i2; + for (i2 = 0; i2 < rdn2.size(); ++i2) { + if (match(rdn1[i1], rdn2[i2])) + break; + } + if (i2 == rdn2.size()) + return false; + } + return true; +} + +} // namespace + bool CertPrincipal::ParseDistinguishedName(const void* ber_name_data, size_t length) { DCHECK(ber_name_data); @@ -182,7 +213,7 @@ bool CertPrincipal::ParseDistinguishedName(const void* ber_name_data, }; DCHECK(arraysize(kOIDs) == arraysize(values)); - for (int rdn=0; name[rdn].pairs_list; ++rdn) { + for (int rdn = 0; name[rdn].pairs_list; ++rdn) { KeyValuePair *pair; for (int pair_index = 0; NULL != (pair = name[rdn].pairs_list[0][pair_index].pairs); @@ -235,59 +266,46 @@ bool CertPrincipal::ParseDistinguishedName(const void* ber_name_data, return true; } +void CertPrincipal::Parse(const CSSM_X509_NAME* name) { + std::vector common_names, locality_names, state_names, + country_names; -// SUBROUTINES: - -static std::string DataToString(CSSM_DATA data) { - return std::string( - reinterpret_cast(data.Data), - data.Length); -} - -static std::string Latin1DataToUTF8String(CSSM_DATA data) { - string16 utf16; - if (!CodepageToUTF16(DataToString(data), base::kCodepageLatin1, - base::OnStringConversionError::FAIL, &utf16)) - return ""; - return UTF16ToUTF8(utf16); -} - -bool UTF16BigEndianToUTF8(char16* chars, size_t length, - std::string* out_string) { - for (size_t i = 0; i < length; i++) - chars[i] = EndianU16_BtoN(chars[i]); - return UTF16ToUTF8(chars, length, out_string); -} - -bool UTF32BigEndianToUTF8(char32* chars, size_t length, - std::string* out_string) { - for (size_t i = 0; i < length; i++) - chars[i] = EndianS32_BtoN(chars[i]); -#if defined(WCHAR_T_IS_UTF32) - return WideToUTF8(reinterpret_cast(chars), - length, out_string); -#else -#error This code doesn't handle 16-bit wchar_t. -#endif -} + std::vector* values[] = { + &common_names, &locality_names, + &state_names, &country_names, + &(this->street_addresses), + &(this->organization_names), + &(this->organization_unit_names), + &(this->domain_components) + }; + DCHECK(arraysize(kOIDs) == arraysize(values)); - static void AddTypeValuePair(const CSSM_OID type, - const std::string& value, - std::vector* values[]) { - for (size_t oid = 0; oid < arraysize(kOIDs); ++oid) { - if (CSSMOIDEqual(&type, kOIDs[oid])) { - values[oid]->push_back(value); - break; + for (size_t rdn = 0; rdn < name->numberOfRDNs; ++rdn) { + CSSM_X509_RDN rdn_struct = name->RelativeDistinguishedName[rdn]; + for (size_t pair = 0; pair < rdn_struct.numberOfPairs; ++pair) { + CSSM_X509_TYPE_VALUE_PAIR pair_struct = + rdn_struct.AttributeTypeAndValue[pair]; + AddTypeValuePair(pair_struct.type, + DataToString(pair_struct.value), + values); } } + + SetSingle(common_names, &this->common_name); + SetSingle(locality_names, &this->locality_name); + SetSingle(state_names, &this->state_or_province_name); + SetSingle(country_names, &this->country_name); } -static void SetSingle(const std::vector &values, - std::string* single_value) { - // We don't expect to have more than one CN, L, S, and C. - LOG_IF(WARNING, values.size() > 1) << "Didn't expect multiple values"; - if (values.size() > 0) - *single_value = values[0]; +bool CertPrincipal::Matches(const CertPrincipal& against) const { + return match(common_name, against.common_name) && + match(locality_name, against.locality_name) && + match(state_or_province_name, against.state_or_province_name) && + match(country_name, against.country_name) && + match(street_addresses, against.street_addresses) && + match(organization_names, against.organization_names) && + match(organization_unit_names, against.organization_unit_names) && + match(domain_components, against.domain_components); } } // namespace net diff --git a/net/base/x509_cert_types_mac_unittest.cc b/net/base/x509_cert_types_mac_unittest.cc new file mode 100644 index 0000000..e4809b0 --- /dev/null +++ b/net/base/x509_cert_types_mac_unittest.cc @@ -0,0 +1,341 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/basictypes.h" +#include "net/base/x509_cert_types.h" +#include "testing/gtest/include/gtest/gtest.h" + +// 0:d=0 hl=2 l= 95 cons: SEQUENCE +// 2:d=1 hl=2 l= 11 cons: SET +// 4:d=2 hl=2 l= 9 cons: SEQUENCE +// 6:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 11:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US +// 15:d=1 hl=2 l= 23 cons: SET +// 17:d=2 hl=2 l= 21 cons: SEQUENCE +// 19:d=3 hl=2 l= 3 prim: OBJECT :organizationName +// 24:d=3 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc. +// 40:d=1 hl=2 l= 55 cons: SET +// 42:d=2 hl=2 l= 53 cons: SEQUENCE +// 44:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 49:d=3 hl=2 l= 46 prim: PRINTABLESTRING :Class 1 Public Primary Certification Authority +static const uint8 VerisignDN[] = { + 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, + 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, + 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, + 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79 +}; + +// 0:d=0 hl=2 l= 125 cons: SEQUENCE +// 2:d=1 hl=2 l= 11 cons: SET +// 4:d=2 hl=2 l= 9 cons: SEQUENCE +// 6:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 11:d=3 hl=2 l= 2 prim: PRINTABLESTRING :IL +// 15:d=1 hl=2 l= 22 cons: SET +// 17:d=2 hl=2 l= 20 cons: SEQUENCE +// 19:d=3 hl=2 l= 3 prim: OBJECT :organizationName +// 24:d=3 hl=2 l= 13 prim: PRINTABLESTRING :StartCom Ltd. +// 39:d=1 hl=2 l= 43 cons: SET +// 41:d=2 hl=2 l= 41 cons: SEQUENCE +// 43:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 48:d=3 hl=2 l= 34 prim: PRINTABLESTRING :Secure Digital Certificate Signing +// 84:d=1 hl=2 l= 41 cons: SET +// 86:d=2 hl=2 l= 39 cons: SEQUENCE +// 88:d=3 hl=2 l= 3 prim: OBJECT :commonName +// 93:d=3 hl=2 l= 32 prim: PRINTABLESTRING :StartCom Certification Authority +static const uint8 StartComDN[] = { + 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x49, 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, + 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x4c, 0x74, 0x64, 0x2e, + 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x22, 0x53, 0x65, + 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, 0x69, 0x74, 0x61, 0x6c, 0x20, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, + 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x20, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79 +}; + +// 0:d=0 hl=3 l= 174 cons: SEQUENCE +// 3:d=1 hl=2 l= 11 cons: SET +// 5:d=2 hl=2 l= 9 cons: SEQUENCE +// 7:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US +// 16:d=1 hl=2 l= 11 cons: SET +// 18:d=2 hl=2 l= 9 cons: SEQUENCE +// 20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName +// 25:d=3 hl=2 l= 2 prim: PRINTABLESTRING :UT +// 29:d=1 hl=2 l= 23 cons: SET +// 31:d=2 hl=2 l= 21 cons: SEQUENCE +// 33:d=3 hl=2 l= 3 prim: OBJECT :localityName +// 38:d=3 hl=2 l= 14 prim: PRINTABLESTRING :Salt Lake City +// 54:d=1 hl=2 l= 30 cons: SET +// 56:d=2 hl=2 l= 28 cons: SEQUENCE +// 58:d=3 hl=2 l= 3 prim: OBJECT :organizationName +// 63:d=3 hl=2 l= 21 prim: PRINTABLESTRING :The USERTRUST Network +// 86:d=1 hl=2 l= 33 cons: SET +// 88:d=2 hl=2 l= 31 cons: SEQUENCE +// 90:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 95:d=3 hl=2 l= 24 prim: PRINTABLESTRING :http://www.usertrust.com +//121:d=1 hl=2 l= 54 cons: SET +//123:d=2 hl=2 l= 52 cons: SEQUENCE +//125:d=3 hl=2 l= 3 prim: OBJECT :commonName +//130:d=3 hl=2 l= 45 prim: PRINTABLESTRING :UTN-USERFirst-Client Authentication and Email +static const uint8 UserTrustDN[] = { + 0x30, 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x69, + 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, + 0x54, 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, + 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, + 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x2d, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, + 0x73, 0x74, 0x2d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x41, 0x75, 0x74, + 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x45, 0x6d, 0x61, 0x69, 0x6c +}; + +// 0:d=0 hl=3 l= 190 cons: SEQUENCE +// 3:d=1 hl=2 l= 63 cons: SET +// 5:d=2 hl=2 l= 61 cons: SEQUENCE +// 7:d=3 hl=2 l= 3 prim: OBJECT :commonName +// 12:d=3 hl=2 l= 54 prim: UTF8STRING :TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı +// 68:d=1 hl=2 l= 11 cons: SET +// 70:d=2 hl=2 l= 9 cons: SEQUENCE +// 72:d=3 hl=2 l= 3 prim: OBJECT :countryName +// 77:d=3 hl=2 l= 2 prim: PRINTABLESTRING :TR +// 81:d=1 hl=2 l= 15 cons: SET +// 83:d=2 hl=2 l= 13 cons: SEQUENCE +// 85:d=3 hl=2 l= 3 prim: OBJECT :localityName +// 90:d=3 hl=2 l= 6 prim: UTF8STRING :Ankara +// 98:d=1 hl=2 l= 93 cons: SET +//100:d=2 hl=2 l= 91 cons: SEQUENCE +//102:d=3 hl=2 l= 3 prim: OBJECT :organizationName +//107:d=3 hl=2 l= 84 prim: UTF8STRING :TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 +static const uint8 TurkTrustDN[] = { + 0x30, 0x81, 0xbe, 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x36, 0x54, 0xc3, 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x45, + 0x6c, 0x65, 0x6b, 0x74, 0x72, 0x6f, 0x6e, 0x69, 0x6b, 0x20, 0x53, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x6b, 0x61, 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, + 0x20, 0x53, 0x61, 0xc4, 0x9f, 0x6c, 0x61, 0x79, 0xc4, 0xb1, 0x63, 0xc4, 0xb1, + 0x73, 0xc4, 0xb1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x54, 0x52, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x06, 0x41, 0x6e, 0x6b, 0x61, 0x72, 0x61, 0x31, 0x5d, 0x30, 0x5b, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x54, 0x54, 0xc3, 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, + 0x53, 0x54, 0x20, 0x42, 0x69, 0x6c, 0x67, 0x69, 0x20, 0xc4, 0xb0, 0x6c, 0x65, + 0x74, 0x69, 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x76, 0x65, 0x20, 0x42, 0x69, 0x6c, + 0x69, 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x47, 0xc3, 0xbc, 0x76, 0x65, 0x6e, 0x6c, + 0x69, 0xc4, 0x9f, 0x69, 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, 0x6c, 0x65, + 0x72, 0x69, 0x20, 0x41, 0x2e, 0xc5, 0x9e, 0x2e, 0x20, 0x28, 0x63, 0x29, 0x20, + 0x4b, 0x61, 0x73, 0xc4, 0xb1, 0x6d, 0x20, 0x32, 0x30, 0x30, 0x35, 0x30, 0x1e, + 0x17, 0x0d, 0x30, 0x35, 0x31, 0x31, 0x30, 0x37, 0x31, 0x30, 0x30, 0x37, 0x35, + 0x37 +}; + +// 33:d=2 hl=3 l= 207 cons: SEQUENCE +// 36:d=3 hl=2 l= 11 cons: SET +// 38:d=4 hl=2 l= 9 cons: SEQUENCE +// 40:d=5 hl=2 l= 3 prim: OBJECT :countryName +// 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AT +// 49:d=3 hl=3 l= 139 cons: SET +// 52:d=4 hl=3 l= 136 cons: SEQUENCE +// 55:d=5 hl=2 l= 3 prim: OBJECT :organizationName +// 60:d=5 hl=3 l= 128 prim: BMPSTRING :A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH +//191:d=3 hl=2 l= 24 cons: SET +//193:d=4 hl=2 l= 22 cons: SEQUENCE +//195:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName +//200:d=5 hl=2 l= 15 prim: PRINTABLESTRING :A-Trust-Qual-01 +//217:d=3 hl=2 l= 24 cons: SET +//219:d=4 hl=2 l= 22 cons: SEQUENCE +//221:d=5 hl=2 l= 3 prim: OBJECT :commonName +//226:d=5 hl=2 l= 15 prim: PRINTABLESTRING :A-Trust-Qual-01 +static const uint8 ATrustQual01DN[] = { + 0x30, 0x81, 0xcf, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x41, 0x54, 0x31, 0x81, 0x8b, 0x30, 0x81, 0x88, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x1e, 0x81, 0x80, 0x00, 0x41, 0x00, 0x2d, 0x00, 0x54, 0x00, 0x72, 0x00, + 0x75, 0x00, 0x73, 0x00, 0x74, 0x00, 0x20, 0x00, 0x47, 0x00, 0x65, 0x00, 0x73, + 0x00, 0x2e, 0x00, 0x20, 0x00, 0x66, 0x00, 0xfc, 0x00, 0x72, 0x00, 0x20, 0x00, + 0x53, 0x00, 0x69, 0x00, 0x63, 0x00, 0x68, 0x00, 0x65, 0x00, 0x72, 0x00, 0x68, + 0x00, 0x65, 0x00, 0x69, 0x00, 0x74, 0x00, 0x73, 0x00, 0x73, 0x00, 0x79, 0x00, + 0x73, 0x00, 0x74, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, + 0x00, 0x6d, 0x00, 0x20, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x6b, 0x00, + 0x74, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x20, 0x00, 0x44, 0x00, 0x61, 0x00, 0x74, + 0x00, 0x65, 0x00, 0x6e, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6b, 0x00, + 0x65, 0x00, 0x68, 0x00, 0x72, 0x00, 0x20, 0x00, 0x47, 0x00, 0x6d, 0x00, 0x62, + 0x00, 0x48, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0f, + 0x41, 0x2d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x2d, 0x51, 0x75, 0x61, 0x6c, 0x2d, + 0x30, 0x31, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0f, + 0x41, 0x2d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x2d, 0x51, 0x75, 0x61, 0x6c, 0x2d, + 0x30, 0x31, 0x30, 0x1e, 0x17 +}; + +// 34:d=2 hl=3 l= 180 cons: SEQUENCE +// 37:d=3 hl=2 l= 20 cons: SET +// 39:d=4 hl=2 l= 18 cons: SEQUENCE +// 41:d=5 hl=2 l= 3 prim: OBJECT :organizationName +// 46:d=5 hl=2 l= 11 prim: PRINTABLESTRING :Entrust.net +// 59:d=3 hl=2 l= 64 cons: SET +// 61:d=4 hl=2 l= 62 cons: SEQUENCE +// 63:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName +// 68:d=5 hl=2 l= 55 prim: T61STRING :www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) +//125:d=3 hl=2 l= 37 cons: SET +//127:d=4 hl=2 l= 35 cons: SEQUENCE +//129:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName +//134:d=5 hl=2 l= 28 prim: PRINTABLESTRING :(c) 1999 Entrust.net Limited +//164:d=3 hl=2 l= 51 cons: SET +//166:d=4 hl=2 l= 49 cons: SEQUENCE +//168:d=5 hl=2 l= 3 prim: OBJECT :commonName +//173:d=5 hl=2 l= 42 prim: PRINTABLESTRING :Entrust.net Certification Authority (2048) +static const uint8 EntrustDN[] = { + 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, + 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, + 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, + 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, + 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, + 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, + 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, + 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, + 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, + 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, + 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, + 0x29 +}; + +namespace net { + +TEST(X509TypesTest, Matching) { + CertPrincipal spamco; + spamco.common_name = "SpamCo Dept. Of Certificization"; + spamco.country_name = "EB"; + spamco.organization_names.push_back("SpamCo Holding Company, LLC"); + spamco.organization_names.push_back("SpamCo Evil Masterminds"); + spamco.organization_unit_names.push_back("Class Z Obfuscation Authority"); + ASSERT_TRUE(spamco.Matches(spamco)); + + CertPrincipal bogus; + EXPECT_FALSE(bogus.Matches(spamco)); + EXPECT_FALSE(spamco.Matches(bogus)); + + bogus = spamco; + EXPECT_TRUE(bogus.Matches(spamco)); + EXPECT_TRUE(spamco.Matches(bogus)); + + bogus.organization_names.erase(bogus.organization_names.begin(), + bogus.organization_names.end()); + EXPECT_FALSE(bogus.Matches(spamco)); + EXPECT_FALSE(spamco.Matches(bogus)); + + bogus.organization_names.push_back("SpamCo Holding Company, LLC"); + bogus.organization_names.push_back("SpamCo Evil Masterminds"); + EXPECT_TRUE(bogus.Matches(spamco)); + EXPECT_TRUE(spamco.Matches(bogus)); + + bogus.locality_name = "Elbosdorf"; + EXPECT_FALSE(bogus.Matches(spamco)); + EXPECT_FALSE(spamco.Matches(bogus)); + + bogus.locality_name = ""; + bogus.organization_unit_names.push_back("Q Division"); + EXPECT_FALSE(bogus.Matches(spamco)); + EXPECT_FALSE(spamco.Matches(bogus)); +} + +TEST(X509TypesTest, ParseDNVerisign) { + CertPrincipal verisign; + EXPECT_TRUE(verisign.ParseDistinguishedName(VerisignDN, sizeof(VerisignDN))); + EXPECT_EQ("", verisign.common_name); + EXPECT_EQ("US", verisign.country_name); + ASSERT_EQ(1U, verisign.organization_names.size()); + EXPECT_EQ("VeriSign, Inc.", verisign.organization_names[0]); + ASSERT_EQ(1U, verisign.organization_unit_names.size()); + EXPECT_EQ("Class 1 Public Primary Certification Authority", + verisign.organization_unit_names[0]); +} + +TEST(X509TypesTest, ParseDNStartcom) { + CertPrincipal startcom; + EXPECT_TRUE(startcom.ParseDistinguishedName(StartComDN, sizeof(StartComDN))); + EXPECT_EQ("StartCom Certification Authority", startcom.common_name); + EXPECT_EQ("IL", startcom.country_name); + ASSERT_EQ(1U, startcom.organization_names.size()); + EXPECT_EQ("StartCom Ltd.", startcom.organization_names[0]); + ASSERT_EQ(1U, startcom.organization_unit_names.size()); + EXPECT_EQ("Secure Digital Certificate Signing", + startcom.organization_unit_names[0]); +} + +TEST(X509TypesTest, ParseDNUserTrust) { + CertPrincipal usertrust; + EXPECT_TRUE(usertrust.ParseDistinguishedName(UserTrustDN, + sizeof(UserTrustDN))); + EXPECT_EQ("UTN-USERFirst-Client Authentication and Email", + usertrust.common_name); + EXPECT_EQ("US", usertrust.country_name); + EXPECT_EQ("UT", usertrust.state_or_province_name); + EXPECT_EQ("Salt Lake City", usertrust.locality_name); + ASSERT_EQ(1U, usertrust.organization_names.size()); + EXPECT_EQ("The USERTRUST Network", usertrust.organization_names[0]); + ASSERT_EQ(1U, usertrust.organization_unit_names.size()); + EXPECT_EQ("http://www.usertrust.com", + usertrust.organization_unit_names[0]); +} + +TEST(X509TypesTest, ParseDNTurkTrust) { + // Note: This tests parsing UTF8STRINGs. + CertPrincipal turktrust; + EXPECT_TRUE(turktrust.ParseDistinguishedName(TurkTrustDN, + sizeof(TurkTrustDN))); + EXPECT_EQ("TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", + turktrust.common_name); + EXPECT_EQ("TR", turktrust.country_name); + EXPECT_EQ("Ankara", turktrust.locality_name); + ASSERT_EQ(1U, turktrust.organization_names.size()); + EXPECT_EQ("TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005", + turktrust.organization_names[0]); +} + +TEST(X509TypesTest, ParseDNATrust) { + // Note: This tests parsing 16-bit BMPSTRINGs. + CertPrincipal atrust; + EXPECT_TRUE(atrust.ParseDistinguishedName(ATrustQual01DN, + sizeof(ATrustQual01DN))); + EXPECT_EQ("A-Trust-Qual-01", + atrust.common_name); + EXPECT_EQ("AT", atrust.country_name); + ASSERT_EQ(1U, atrust.organization_names.size()); + EXPECT_EQ("A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH", + atrust.organization_names[0]); + ASSERT_EQ(1U, atrust.organization_unit_names.size()); + EXPECT_EQ("A-Trust-Qual-01", + atrust.organization_unit_names[0]); +} + +TEST(X509TypesTest, ParseDNEntrust) { + // Note: This tests parsing T61STRINGs and fields with multiple values. + CertPrincipal entrust; + EXPECT_TRUE(entrust.ParseDistinguishedName(EntrustDN, + sizeof(EntrustDN))); + EXPECT_EQ("Entrust.net Certification Authority (2048)", + entrust.common_name); + EXPECT_EQ("", entrust.country_name); + ASSERT_EQ(1U, entrust.organization_names.size()); + EXPECT_EQ("Entrust.net", + entrust.organization_names[0]); + ASSERT_EQ(2U, entrust.organization_unit_names.size()); + EXPECT_EQ("www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)", + entrust.organization_unit_names[0]); + EXPECT_EQ("(c) 1999 Entrust.net Limited", + entrust.organization_unit_names[1]); +} + +} // namespace net diff --git a/net/base/x509_cert_types_unittest.cc b/net/base/x509_cert_types_unittest.cc deleted file mode 100644 index 50012b1..0000000 --- a/net/base/x509_cert_types_unittest.cc +++ /dev/null @@ -1,344 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/x509_cert_types.h" -#include "testing/gtest/include/gtest/gtest.h" - -// 0:d=0 hl=2 l= 95 cons: SEQUENCE -// 2:d=1 hl=2 l= 11 cons: SET -// 4:d=2 hl=2 l= 9 cons: SEQUENCE -// 6:d=3 hl=2 l= 3 prim: OBJECT :countryName -// 11:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US -// 15:d=1 hl=2 l= 23 cons: SET -// 17:d=2 hl=2 l= 21 cons: SEQUENCE -// 19:d=3 hl=2 l= 3 prim: OBJECT :organizationName -// 24:d=3 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc. -// 40:d=1 hl=2 l= 55 cons: SET -// 42:d=2 hl=2 l= 53 cons: SEQUENCE -// 44:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName -// 49:d=3 hl=2 l= 46 prim: PRINTABLESTRING :Class 1 Public Primary Certification Authority -static const uint8 VerisignDN[] = { - 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, - 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79 -}; - -// 0:d=0 hl=2 l= 125 cons: SEQUENCE -// 2:d=1 hl=2 l= 11 cons: SET -// 4:d=2 hl=2 l= 9 cons: SEQUENCE -// 6:d=3 hl=2 l= 3 prim: OBJECT :countryName -// 11:d=3 hl=2 l= 2 prim: PRINTABLESTRING :IL -// 15:d=1 hl=2 l= 22 cons: SET -// 17:d=2 hl=2 l= 20 cons: SEQUENCE -// 19:d=3 hl=2 l= 3 prim: OBJECT :organizationName -// 24:d=3 hl=2 l= 13 prim: PRINTABLESTRING :StartCom Ltd. -// 39:d=1 hl=2 l= 43 cons: SET -// 41:d=2 hl=2 l= 41 cons: SEQUENCE -// 43:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName -// 48:d=3 hl=2 l= 34 prim: PRINTABLESTRING :Secure Digital Certificate Signing -// 84:d=1 hl=2 l= 41 cons: SET -// 86:d=2 hl=2 l= 39 cons: SEQUENCE -// 88:d=3 hl=2 l= 3 prim: OBJECT :commonName -// 93:d=3 hl=2 l= 32 prim: PRINTABLESTRING :StartCom Certification Authority -static const uint8 StartComDN[] = { - 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x49, 0x4c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, - 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, 0x4c, 0x74, 0x64, 0x2e, - 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x22, 0x53, 0x65, - 0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, 0x69, 0x74, 0x61, 0x6c, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, - 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x20, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x6d, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79 -}; - -// 0:d=0 hl=3 l= 174 cons: SEQUENCE -// 3:d=1 hl=2 l= 11 cons: SET -// 5:d=2 hl=2 l= 9 cons: SEQUENCE -// 7:d=3 hl=2 l= 3 prim: OBJECT :countryName -// 12:d=3 hl=2 l= 2 prim: PRINTABLESTRING :US -// 16:d=1 hl=2 l= 11 cons: SET -// 18:d=2 hl=2 l= 9 cons: SEQUENCE -// 20:d=3 hl=2 l= 3 prim: OBJECT :stateOrProvinceName -// 25:d=3 hl=2 l= 2 prim: PRINTABLESTRING :UT -// 29:d=1 hl=2 l= 23 cons: SET -// 31:d=2 hl=2 l= 21 cons: SEQUENCE -// 33:d=3 hl=2 l= 3 prim: OBJECT :localityName -// 38:d=3 hl=2 l= 14 prim: PRINTABLESTRING :Salt Lake City -// 54:d=1 hl=2 l= 30 cons: SET -// 56:d=2 hl=2 l= 28 cons: SEQUENCE -// 58:d=3 hl=2 l= 3 prim: OBJECT :organizationName -// 63:d=3 hl=2 l= 21 prim: PRINTABLESTRING :The USERTRUST Network -// 86:d=1 hl=2 l= 33 cons: SET -// 88:d=2 hl=2 l= 31 cons: SEQUENCE -// 90:d=3 hl=2 l= 3 prim: OBJECT :organizationalUnitName -// 95:d=3 hl=2 l= 24 prim: PRINTABLESTRING :http://www.usertrust.com -//121:d=1 hl=2 l= 54 cons: SET -//123:d=2 hl=2 l= 52 cons: SEQUENCE -//125:d=3 hl=2 l= 3 prim: OBJECT :commonName -//130:d=3 hl=2 l= 45 prim: PRINTABLESTRING :UTN-USERFirst-Client Authentication and Email -static const uint8 UserTrustDN[] = { - 0x30, 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, - 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, - 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x69, - 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, - 0x54, 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x13, 0x2d, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, - 0x73, 0x74, 0x2d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x41, 0x75, 0x74, - 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61, - 0x6e, 0x64, 0x20, 0x45, 0x6d, 0x61, 0x69, 0x6c -}; - -// 0:d=0 hl=3 l= 190 cons: SEQUENCE -// 3:d=1 hl=2 l= 63 cons: SET -// 5:d=2 hl=2 l= 61 cons: SEQUENCE -// 7:d=3 hl=2 l= 3 prim: OBJECT :commonName -// 12:d=3 hl=2 l= 54 prim: UTF8STRING :TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı -// 68:d=1 hl=2 l= 11 cons: SET -// 70:d=2 hl=2 l= 9 cons: SEQUENCE -// 72:d=3 hl=2 l= 3 prim: OBJECT :countryName -// 77:d=3 hl=2 l= 2 prim: PRINTABLESTRING :TR -// 81:d=1 hl=2 l= 15 cons: SET -// 83:d=2 hl=2 l= 13 cons: SEQUENCE -// 85:d=3 hl=2 l= 3 prim: OBJECT :localityName -// 90:d=3 hl=2 l= 6 prim: UTF8STRING :Ankara -// 98:d=1 hl=2 l= 93 cons: SET -//100:d=2 hl=2 l= 91 cons: SEQUENCE -//102:d=3 hl=2 l= 3 prim: OBJECT :organizationName -//107:d=3 hl=2 l= 84 prim: UTF8STRING :TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 -static const uint8 TurkTrustDN[] = { - 0x30, 0x81, 0xbe, 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x36, 0x54, 0xc3, 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x45, - 0x6c, 0x65, 0x6b, 0x74, 0x72, 0x6f, 0x6e, 0x69, 0x6b, 0x20, 0x53, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x6b, 0x61, 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, - 0x20, 0x53, 0x61, 0xc4, 0x9f, 0x6c, 0x61, 0x79, 0xc4, 0xb1, 0x63, 0xc4, 0xb1, - 0x73, 0xc4, 0xb1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x54, 0x52, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, - 0x06, 0x41, 0x6e, 0x6b, 0x61, 0x72, 0x61, 0x31, 0x5d, 0x30, 0x5b, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x0c, 0x54, 0x54, 0xc3, 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, - 0x53, 0x54, 0x20, 0x42, 0x69, 0x6c, 0x67, 0x69, 0x20, 0xc4, 0xb0, 0x6c, 0x65, - 0x74, 0x69, 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x76, 0x65, 0x20, 0x42, 0x69, 0x6c, - 0x69, 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x47, 0xc3, 0xbc, 0x76, 0x65, 0x6e, 0x6c, - 0x69, 0xc4, 0x9f, 0x69, 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, 0x6c, 0x65, - 0x72, 0x69, 0x20, 0x41, 0x2e, 0xc5, 0x9e, 0x2e, 0x20, 0x28, 0x63, 0x29, 0x20, - 0x4b, 0x61, 0x73, 0xc4, 0xb1, 0x6d, 0x20, 0x32, 0x30, 0x30, 0x35, 0x30, 0x1e, - 0x17, 0x0d, 0x30, 0x35, 0x31, 0x31, 0x30, 0x37, 0x31, 0x30, 0x30, 0x37, 0x35, - 0x37 -}; - -// 33:d=2 hl=3 l= 207 cons: SEQUENCE -// 36:d=3 hl=2 l= 11 cons: SET -// 38:d=4 hl=2 l= 9 cons: SEQUENCE -// 40:d=5 hl=2 l= 3 prim: OBJECT :countryName -// 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AT -// 49:d=3 hl=3 l= 139 cons: SET -// 52:d=4 hl=3 l= 136 cons: SEQUENCE -// 55:d=5 hl=2 l= 3 prim: OBJECT :organizationName -// 60:d=5 hl=3 l= 128 prim: BMPSTRING :A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH -//191:d=3 hl=2 l= 24 cons: SET -//193:d=4 hl=2 l= 22 cons: SEQUENCE -//195:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName -//200:d=5 hl=2 l= 15 prim: PRINTABLESTRING :A-Trust-Qual-01 -//217:d=3 hl=2 l= 24 cons: SET -//219:d=4 hl=2 l= 22 cons: SEQUENCE -//221:d=5 hl=2 l= 3 prim: OBJECT :commonName -//226:d=5 hl=2 l= 15 prim: PRINTABLESTRING :A-Trust-Qual-01 -static const uint8 ATrustQual01DN[] = { - 0x30, 0x81, 0xcf, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x41, 0x54, 0x31, 0x81, 0x8b, 0x30, 0x81, 0x88, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x1e, 0x81, 0x80, 0x00, 0x41, 0x00, 0x2d, 0x00, 0x54, 0x00, 0x72, 0x00, - 0x75, 0x00, 0x73, 0x00, 0x74, 0x00, 0x20, 0x00, 0x47, 0x00, 0x65, 0x00, 0x73, - 0x00, 0x2e, 0x00, 0x20, 0x00, 0x66, 0x00, 0xfc, 0x00, 0x72, 0x00, 0x20, 0x00, - 0x53, 0x00, 0x69, 0x00, 0x63, 0x00, 0x68, 0x00, 0x65, 0x00, 0x72, 0x00, 0x68, - 0x00, 0x65, 0x00, 0x69, 0x00, 0x74, 0x00, 0x73, 0x00, 0x73, 0x00, 0x79, 0x00, - 0x73, 0x00, 0x74, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, - 0x00, 0x6d, 0x00, 0x20, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x6b, 0x00, - 0x74, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x20, 0x00, 0x44, 0x00, 0x61, 0x00, 0x74, - 0x00, 0x65, 0x00, 0x6e, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6b, 0x00, - 0x65, 0x00, 0x68, 0x00, 0x72, 0x00, 0x20, 0x00, 0x47, 0x00, 0x6d, 0x00, 0x62, - 0x00, 0x48, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0f, - 0x41, 0x2d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x2d, 0x51, 0x75, 0x61, 0x6c, 0x2d, - 0x30, 0x31, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0f, - 0x41, 0x2d, 0x54, 0x72, 0x75, 0x73, 0x74, 0x2d, 0x51, 0x75, 0x61, 0x6c, 0x2d, - 0x30, 0x31, 0x30, 0x1e, 0x17 -}; - -// 34:d=2 hl=3 l= 180 cons: SEQUENCE -// 37:d=3 hl=2 l= 20 cons: SET -// 39:d=4 hl=2 l= 18 cons: SEQUENCE -// 41:d=5 hl=2 l= 3 prim: OBJECT :organizationName -// 46:d=5 hl=2 l= 11 prim: PRINTABLESTRING :Entrust.net -// 59:d=3 hl=2 l= 64 cons: SET -// 61:d=4 hl=2 l= 62 cons: SEQUENCE -// 63:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName -// 68:d=5 hl=2 l= 55 prim: T61STRING :www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) -//125:d=3 hl=2 l= 37 cons: SET -//127:d=4 hl=2 l= 35 cons: SEQUENCE -//129:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName -//134:d=5 hl=2 l= 28 prim: PRINTABLESTRING :(c) 1999 Entrust.net Limited -//164:d=3 hl=2 l= 51 cons: SET -//166:d=4 hl=2 l= 49 cons: SEQUENCE -//168:d=5 hl=2 l= 3 prim: OBJECT :commonName -//173:d=5 hl=2 l= 42 prim: PRINTABLESTRING :Entrust.net Certification Authority (2048) -static const uint8 EntrustDN[] = { - 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, - 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, - 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, - 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, - 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, - 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, - 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, - 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, - 0x29 -}; - -namespace net { - -TEST(X509TypesTest, Matching) { - CertPrincipal spamco; - spamco.common_name = "SpamCo Dept. Of Certificization"; - spamco.country_name = "EB"; - spamco.organization_names.push_back("SpamCo Holding Company, LLC"); - spamco.organization_names.push_back("SpamCo Evil Masterminds"); - spamco.organization_unit_names.push_back("Class Z Obfuscation Authority"); - ASSERT_TRUE(spamco.Matches(spamco)); - - CertPrincipal bogus; - EXPECT_FALSE(bogus.Matches(spamco)); - EXPECT_FALSE(spamco.Matches(bogus)); - - bogus = spamco; - EXPECT_TRUE(bogus.Matches(spamco)); - EXPECT_TRUE(spamco.Matches(bogus)); - - bogus.organization_names.erase(bogus.organization_names.begin(), - bogus.organization_names.end()); - EXPECT_FALSE(bogus.Matches(spamco)); - EXPECT_FALSE(spamco.Matches(bogus)); - - bogus.organization_names.push_back("SpamCo Holding Company, LLC"); - bogus.organization_names.push_back("SpamCo Evil Masterminds"); - EXPECT_TRUE(bogus.Matches(spamco)); - EXPECT_TRUE(spamco.Matches(bogus)); - - bogus.locality_name = "Elbosdorf"; - EXPECT_FALSE(bogus.Matches(spamco)); - EXPECT_FALSE(spamco.Matches(bogus)); - - bogus.locality_name = ""; - bogus.organization_unit_names.push_back("Q Division"); - EXPECT_FALSE(bogus.Matches(spamco)); - EXPECT_FALSE(spamco.Matches(bogus)); -} - -#if defined(OS_MACOSX) // ParseDistinguishedName not implemented for Win/Linux - -TEST(X509TypesTest, ParseDNVerisign) { - CertPrincipal verisign; - EXPECT_TRUE(verisign.ParseDistinguishedName(VerisignDN, sizeof(VerisignDN))); - EXPECT_EQ("", verisign.common_name); - EXPECT_EQ("US", verisign.country_name); - ASSERT_EQ(1U, verisign.organization_names.size()); - EXPECT_EQ("VeriSign, Inc.", verisign.organization_names[0]); - ASSERT_EQ(1U, verisign.organization_unit_names.size()); - EXPECT_EQ("Class 1 Public Primary Certification Authority", - verisign.organization_unit_names[0]); -} - -TEST(X509TypesTest, ParseDNStartcom) { - CertPrincipal startcom; - EXPECT_TRUE(startcom.ParseDistinguishedName(StartComDN, sizeof(StartComDN))); - EXPECT_EQ("StartCom Certification Authority", startcom.common_name); - EXPECT_EQ("IL", startcom.country_name); - ASSERT_EQ(1U, startcom.organization_names.size()); - EXPECT_EQ("StartCom Ltd.", startcom.organization_names[0]); - ASSERT_EQ(1U, startcom.organization_unit_names.size()); - EXPECT_EQ("Secure Digital Certificate Signing", - startcom.organization_unit_names[0]); -} - -TEST(X509TypesTest, ParseDNUserTrust) { - CertPrincipal usertrust; - EXPECT_TRUE(usertrust.ParseDistinguishedName(UserTrustDN, - sizeof(UserTrustDN))); - EXPECT_EQ("UTN-USERFirst-Client Authentication and Email", - usertrust.common_name); - EXPECT_EQ("US", usertrust.country_name); - EXPECT_EQ("UT", usertrust.state_or_province_name); - EXPECT_EQ("Salt Lake City", usertrust.locality_name); - ASSERT_EQ(1U, usertrust.organization_names.size()); - EXPECT_EQ("The USERTRUST Network", usertrust.organization_names[0]); - ASSERT_EQ(1U, usertrust.organization_unit_names.size()); - EXPECT_EQ("http://www.usertrust.com", - usertrust.organization_unit_names[0]); -} - -TEST(X509TypesTest, ParseDNTurkTrust) { - // Note: This tests parsing UTF8STRINGs. - CertPrincipal turktrust; - EXPECT_TRUE(turktrust.ParseDistinguishedName(TurkTrustDN, - sizeof(TurkTrustDN))); - EXPECT_EQ("TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", - turktrust.common_name); - EXPECT_EQ("TR", turktrust.country_name); - EXPECT_EQ("Ankara", turktrust.locality_name); - ASSERT_EQ(1U, turktrust.organization_names.size()); - EXPECT_EQ("TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005", - turktrust.organization_names[0]); -} - -TEST(X509TypesTest, ParseDNATrust) { - // Note: This tests parsing 16-bit BMPSTRINGs. - CertPrincipal atrust; - EXPECT_TRUE(atrust.ParseDistinguishedName(ATrustQual01DN, - sizeof(ATrustQual01DN))); - EXPECT_EQ("A-Trust-Qual-01", - atrust.common_name); - EXPECT_EQ("AT", atrust.country_name); - ASSERT_EQ(1U, atrust.organization_names.size()); - EXPECT_EQ("A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH", - atrust.organization_names[0]); - ASSERT_EQ(1U, atrust.organization_unit_names.size()); - EXPECT_EQ("A-Trust-Qual-01", - atrust.organization_unit_names[0]); -} - -TEST(X509TypesTest, ParseDNEntrust) { - // Note: This tests parsing T61STRINGs and fields with multiple values. - CertPrincipal entrust; - EXPECT_TRUE(entrust.ParseDistinguishedName(EntrustDN, - sizeof(EntrustDN))); - EXPECT_EQ("Entrust.net Certification Authority (2048)", - entrust.common_name); - EXPECT_EQ("", entrust.country_name); - ASSERT_EQ(1U, entrust.organization_names.size()); - EXPECT_EQ("Entrust.net", - entrust.organization_names[0]); - ASSERT_EQ(2U, entrust.organization_unit_names.size()); - EXPECT_EQ("www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)", - entrust.organization_unit_names[0]); - EXPECT_EQ("(c) 1999 Entrust.net Limited", - entrust.organization_unit_names[1]); -} - -#endif - -} diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index 310defb..7385743 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -9,6 +9,7 @@ #include "base/lazy_instance.h" #include "base/logging.h" #include "base/metrics/histogram.h" +#include "base/singleton.h" #include "base/string_piece.h" #include "base/time.h" #include "net/base/pem_tokenizer.h" diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h index 9f44952..c0342a1 100644 --- a/net/base/x509_certificate.h +++ b/net/base/x509_certificate.h @@ -23,6 +23,8 @@ #elif defined(OS_MACOSX) #include #include + +#include "base/lock.h" #elif defined(USE_OPENSSL) // Forward declaration; real one in struct x509_st; diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc index 2a604ee..5a5d457c 100644 --- a/net/base/x509_certificate_mac.cc +++ b/net/base/x509_certificate_mac.cc @@ -11,6 +11,7 @@ #include "base/lazy_instance.h" #include "base/logging.h" #include "base/pickle.h" +#include "base/singleton.h" #include "base/mac/scoped_cftyperef.h" #include "base/sys_string_conversions.h" #include "net/base/cert_status_flags.h" diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index 9e018fd..75cdf40 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -6,6 +6,7 @@ #include "base/logging.h" #include "base/pickle.h" +#include "base/singleton.h" #include "base/string_tokenizer.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" diff --git a/net/net.gyp b/net/net.gyp index b9e3776..71d7231 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -862,7 +862,7 @@ 'base/test_completion_callback_unittest.cc', 'base/upload_data_stream_unittest.cc', 'base/x509_certificate_unittest.cc', - 'base/x509_cert_types_unittest.cc', + 'base/x509_cert_types_mac_unittest.cc', 'base/x509_openssl_util_unittest.cc', 'disk_cache/addr_unittest.cc', 'disk_cache/backend_unittest.cc', diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 3234320..cefe630 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -47,12 +47,6 @@ #include "net/socket/ssl_client_socket_nss.h" -#if defined(USE_SYSTEM_SSL) -#include -#endif -#if defined(OS_MACOSX) -#include -#endif #include #include #include @@ -97,6 +91,18 @@ #include "net/socket/ssl_error_params.h" #include "net/socket/ssl_host_info.h" +#if defined(USE_SYSTEM_SSL) +#include +#endif +#if defined(OS_WIN) +#include +#include +#elif defined(OS_MACOSX) +#include +#include +#include +#endif + static const int kRecvBufferSize = 4096; // kCorkTimeoutMs is the number of milliseconds for which we'll wait for a diff --git a/net/socket_stream/socket_stream_job.cc b/net/socket_stream/socket_stream_job.cc index 0913015..8d1da73 100644 --- a/net/socket_stream/socket_stream_job.cc +++ b/net/socket_stream/socket_stream_job.cc @@ -4,6 +4,7 @@ #include "net/socket_stream/socket_stream_job.h" +#include "base/singleton.h" #include "net/socket_stream/socket_stream_job_manager.h" namespace net { diff --git a/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp b/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp index 35170cc..aae8d90 100644 --- a/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp +++ b/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp @@ -45,6 +45,7 @@ #include "base/crypto/scoped_nss_types.h" #include "base/logging.h" #include "base/nss_util_internal.h" +#include "base/singleton.h" #include "base/string_util.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" -- cgit v1.1