diff options
| author |  Craig Tiller <ctiller@google.com> | 2015-09-22 10:42:19 -0700 |
|---|---|---|
| committer | Craig Tiller <ctiller@google.com> | 2015-09-22 10:42:19 -0700 |
| commit | 45724b35e411fef7c5da66a74c78428c11d56843 (patch) | |
| tree | 9264034aca675c89444e02f72ef58e67d7043604 /test/core/tsi | |
| parent | 298751c1195523ef6228595043b583c3a6270e08 (diff) | |
indent pass to get logical source lines on one physical line
Diffstat (limited to 'test/core/tsi')
| -rw-r--r-- | test/core/tsi/transport_security_test.c | 388 |
1 files changed, 203 insertions, 185 deletions
diff --git a/test/core/tsi/transport_security_test.c b/test/core/tsi/transport_security_test.c index bec3866166..4852a44bb1 100644 --- a/test/core/tsi/transport_security_test.c +++ b/test/core/tsi/transport_security_test.c @@ -46,7 +46,8 @@ #include "src/core/tsi/ssl_transport_security.h" #include "test/core/util/test_config.h" -typedef struct { +typedef struct +{ /* 1 if success, 0 if failure. */ int expected; @@ -66,238 +67,255 @@ typedef struct { chromium/src/net/cert/x509_certificate_unittest.cc. TODO(jboeuf) uncomment test cases as we fix tsi_ssl_peer_matches_name. */ const cert_name_test_entry cert_name_test_entries[] = { - {1, "foo.com", "foo.com", NULL}, - {1, "f", "f", NULL}, - {0, "h", "i", NULL}, - {1, "bar.foo.com", "*.foo.com", NULL}, - {1, "www.test.fr", "common.name", - "*.test.com,*.test.co.uk,*.test.de,*.test.fr"}, - /* - {1, "wwW.tESt.fr", "common.name", ",*.*,*.test.de,*.test.FR,www"}, - */ - {0, "f.uk", ".uk", NULL}, - {0, "w.bar.foo.com", "?.bar.foo.com", NULL}, - {0, "www.foo.com", "(www|ftp).foo.com", NULL}, - {0, "www.foo.com", "www.foo.com#", NULL}, /* # = null char. */ - {0, "www.foo.com", "", "www.foo.com#*.foo.com,#,#"}, - {0, "www.house.example", "ww.house.example", NULL}, - {0, "test.org", "", "www.test.org,*.test.org,*.org"}, - {0, "w.bar.foo.com", "w*.bar.foo.com", NULL}, - {0, "www.bar.foo.com", "ww*ww.bar.foo.com", NULL}, - {0, "wwww.bar.foo.com", "ww*ww.bar.foo.com", NULL}, - {0, "wwww.bar.foo.com", "w*w.bar.foo.com", NULL}, - {0, "wwww.bar.foo.com", "w*w.bar.foo.c0m", NULL}, - {0, "WALLY.bar.foo.com", "wa*.bar.foo.com", NULL}, - {0, "wally.bar.foo.com", "*Ly.bar.foo.com", NULL}, - /* - {1, "ww%57.foo.com", "", "www.foo.com"}, - {1, "www&.foo.com", "www%26.foo.com", NULL}, - */ - - /* Common name must not be used if subject alternative name was provided. */ - {0, "www.test.co.jp", "www.test.co.jp", - "*.test.de,*.jp,www.test.co.uk,www.*.co.jp"}, - {0, "www.bar.foo.com", "www.bar.foo.com", - "*.foo.com,*.*.foo.com,*.*.bar.foo.com,*..bar.foo.com,"}, - - /* IDN tests */ - {1, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br", NULL}, - {1, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br", NULL}, - {0, "xn--poema-9qae5a.com.br", "", - "*.xn--poema-9qae5a.com.br," - "xn--poema-*.com.br," - "xn--*-9qae5a.com.br," - "*--poema-9qae5a.com.br"}, - - /* The following are adapted from the examples quoted from - http://tools.ietf.org/html/rfc6125#section-6.4.3 - (e.g., *.example.com would match foo.example.com but - not bar.foo.example.com or example.com). */ - {1, "foo.example.com", "*.example.com", NULL}, - {0, "bar.foo.example.com", "*.example.com", NULL}, - {0, "example.com", "*.example.com", NULL}, - - /* Partial wildcards are disallowed, though RFC 2818 rules allow them. - That is, forms such as baz*.example.net, *baz.example.net, and - b*z.example.net should NOT match domains. Instead, the wildcard must - always be the left-most label, and only a single label. */ - {0, "baz1.example.net", "baz*.example.net", NULL}, - {0, "foobaz.example.net", "*baz.example.net", NULL}, - {0, "buzz.example.net", "b*z.example.net", NULL}, - {0, "www.test.example.net", "www.*.example.net", NULL}, - - /* Wildcards should not be valid for public registry controlled domains, - and unknown/unrecognized domains, at least three domain components must - be present. */ - {1, "www.test.example", "*.test.example", NULL}, - {1, "test.example.co.uk", "*.example.co.uk", NULL}, - {0, "test.example", "*.example", NULL}, - /* - {0, "example.co.uk", "*.co.uk", NULL}, - */ - {0, "foo.com", "*.com", NULL}, - {0, "foo.us", "*.us", NULL}, - {0, "foo", "*", NULL}, - - /* IDN variants of wildcards and registry controlled domains. */ - {1, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br", NULL}, - {1, "test.example.xn--mgbaam7a8h", "*.example.xn--mgbaam7a8h", NULL}, - /* - {0, "xn--poema-9qae5a.com.br", "*.com.br", NULL}, - */ - {0, "example.xn--mgbaam7a8h", "*.xn--mgbaam7a8h", NULL}, - - /* Wildcards should be permissible for 'private' registry controlled - domains. */ - {1, "www.appspot.com", "*.appspot.com", NULL}, - {1, "foo.s3.amazonaws.com", "*.s3.amazonaws.com", NULL}, - - /* Multiple wildcards are not valid. */ - {0, "foo.example.com", "*.*.com", NULL}, - {0, "foo.bar.example.com", "*.bar.*.com", NULL}, - - /* Absolute vs relative DNS name tests. Although not explicitly specified - in RFC 6125, absolute reference names (those ending in a .) should - match either absolute or relative presented names. */ - {1, "foo.com", "foo.com.", NULL}, - {1, "foo.com.", "foo.com", NULL}, - {1, "foo.com.", "foo.com.", NULL}, - {1, "f", "f.", NULL}, - {1, "f.", "f", NULL}, - {1, "f.", "f.", NULL}, - {1, "www-3.bar.foo.com", "*.bar.foo.com.", NULL}, - {1, "www-3.bar.foo.com.", "*.bar.foo.com", NULL}, - {1, "www-3.bar.foo.com.", "*.bar.foo.com.", NULL}, - {0, ".", ".", NULL}, - {0, "example.com", "*.com.", NULL}, - {0, "example.com.", "*.com", NULL}, - {0, "example.com.", "*.com.", NULL}, - {0, "foo.", "*.", NULL}, - {0, "foo", "*.", NULL}, - /* - {0, "foo.co.uk", "*.co.uk.", NULL}, - {0, "foo.co.uk.", "*.co.uk.", NULL}, - */ - - /* An empty CN is OK. */ - {1, "test.foo.com", "", "test.foo.com"}, - - /* An IP should not be used for the CN. */ - {0, "173.194.195.139", "173.194.195.139", NULL}, + {1, "foo.com", "foo.com", NULL}, + {1, "f", "f", NULL}, + {0, "h", "i", NULL}, + {1, "bar.foo.com", "*.foo.com", NULL}, + {1, "www.test.fr", "common.name", + "*.test.com,*.test.co.uk,*.test.de,*.test.fr"}, + /* + {1, "wwW.tESt.fr", "common.name", ",*.*,*.test.de,*.test.FR,www"}, + */ + {0, "f.uk", ".uk", NULL}, + {0, "w.bar.foo.com", "?.bar.foo.com", NULL}, + {0, "www.foo.com", "(www|ftp).foo.com", NULL}, + {0, "www.foo.com", "www.foo.com#", NULL}, /* # = null char. */ + {0, "www.foo.com", "", "www.foo.com#*.foo.com,#,#"}, + {0, "www.house.example", "ww.house.example", NULL}, + {0, "test.org", "", "www.test.org,*.test.org,*.org"}, + {0, "w.bar.foo.com", "w*.bar.foo.com", NULL}, + {0, "www.bar.foo.com", "ww*ww.bar.foo.com", NULL}, + {0, "wwww.bar.foo.com", "ww*ww.bar.foo.com", NULL}, + {0, "wwww.bar.foo.com", "w*w.bar.foo.com", NULL}, + {0, "wwww.bar.foo.com", "w*w.bar.foo.c0m", NULL}, + {0, "WALLY.bar.foo.com", "wa*.bar.foo.com", NULL}, + {0, "wally.bar.foo.com", "*Ly.bar.foo.com", NULL}, + /* + {1, "ww%57.foo.com", "", "www.foo.com"}, + {1, "www&.foo.com", "www%26.foo.com", NULL}, + */ + + /* Common name must not be used if subject alternative name was provided. */ + {0, "www.test.co.jp", "www.test.co.jp", + "*.test.de,*.jp,www.test.co.uk,www.*.co.jp"}, + {0, "www.bar.foo.com", "www.bar.foo.com", + "*.foo.com,*.*.foo.com,*.*.bar.foo.com,*..bar.foo.com,"}, + + /* IDN tests */ + {1, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br", NULL}, + {1, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br", NULL}, + {0, "xn--poema-9qae5a.com.br", "", + "*.xn--poema-9qae5a.com.br," "xn--poema-*.com.br," "xn--*-9qae5a.com.br," "*--poema-9qae5a.com.br"}, + + /* The following are adapted from the examples quoted from + http://tools.ietf.org/html/rfc6125#section-6.4.3 + (e.g., *.example.com would match foo.example.com but + not bar.foo.example.com or example.com). */ + {1, "foo.example.com", "*.example.com", NULL}, + {0, "bar.foo.example.com", "*.example.com", NULL}, + {0, "example.com", "*.example.com", NULL}, + + /* Partial wildcards are disallowed, though RFC 2818 rules allow them. + That is, forms such as baz*.example.net, *baz.example.net, and + b*z.example.net should NOT match domains. Instead, the wildcard must + always be the left-most label, and only a single label. */ + {0, "baz1.example.net", "baz*.example.net", NULL}, + {0, "foobaz.example.net", "*baz.example.net", NULL}, + {0, "buzz.example.net", "b*z.example.net", NULL}, + {0, "www.test.example.net", "www.*.example.net", NULL}, + + /* Wildcards should not be valid for public registry controlled domains, + and unknown/unrecognized domains, at least three domain components must + be present. */ + {1, "www.test.example", "*.test.example", NULL}, + {1, "test.example.co.uk", "*.example.co.uk", NULL}, + {0, "test.example", "*.example", NULL}, + /* + {0, "example.co.uk", "*.co.uk", NULL}, + */ + {0, "foo.com", "*.com", NULL}, + {0, "foo.us", "*.us", NULL}, + {0, "foo", "*", NULL}, + + /* IDN variants of wildcards and registry controlled domains. */ + {1, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br", NULL}, + {1, "test.example.xn--mgbaam7a8h", "*.example.xn--mgbaam7a8h", NULL}, + /* + {0, "xn--poema-9qae5a.com.br", "*.com.br", NULL}, + */ + {0, "example.xn--mgbaam7a8h", "*.xn--mgbaam7a8h", NULL}, + + /* Wildcards should be permissible for 'private' registry controlled + domains. */ + {1, "www.appspot.com", "*.appspot.com", NULL}, + {1, "foo.s3.amazonaws.com", "*.s3.amazonaws.com", NULL}, + + /* Multiple wildcards are not valid. */ + {0, "foo.example.com", "*.*.com", NULL}, + {0, "foo.bar.example.com", "*.bar.*.com", NULL}, + + /* Absolute vs relative DNS name tests. Although not explicitly specified + in RFC 6125, absolute reference names (those ending in a .) should + match either absolute or relative presented names. */ + {1, "foo.com", "foo.com.", NULL}, + {1, "foo.com.", "foo.com", NULL}, + {1, "foo.com.", "foo.com.", NULL}, + {1, "f", "f.", NULL}, + {1, "f.", "f", NULL}, + {1, "f.", "f.", NULL}, + {1, "www-3.bar.foo.com", "*.bar.foo.com.", NULL}, + {1, "www-3.bar.foo.com.", "*.bar.foo.com", NULL}, + {1, "www-3.bar.foo.com.", "*.bar.foo.com.", NULL}, + {0, ".", ".", NULL}, + {0, "example.com", "*.com.", NULL}, + {0, "example.com.", "*.com", NULL}, + {0, "example.com.", "*.com.", NULL}, + {0, "foo.", "*.", NULL}, + {0, "foo", "*.", NULL}, + /* + {0, "foo.co.uk", "*.co.uk.", NULL}, + {0, "foo.co.uk.", "*.co.uk.", NULL}, + */ + + /* An empty CN is OK. */ + {1, "test.foo.com", "", "test.foo.com"}, + + /* An IP should not be used for the CN. */ + {0, "173.194.195.139", "173.194.195.139", NULL}, }; -typedef struct name_list { +typedef struct name_list +{ const char *name; struct name_list *next; } name_list; -typedef struct { +typedef struct +{ size_t name_count; char *buffer; name_list *names; } parsed_dns_names; -name_list *name_list_add(const char *n) { - name_list *result = gpr_malloc(sizeof(name_list)); +name_list * +name_list_add (const char *n) +{ + name_list *result = gpr_malloc (sizeof (name_list)); result->name = n; result->next = NULL; return result; } -static parsed_dns_names parse_dns_names(const char *dns_names_str) { +static parsed_dns_names +parse_dns_names (const char *dns_names_str) +{ parsed_dns_names result; name_list *current_nl; size_t i; - memset(&result, 0, sizeof(parsed_dns_names)); - if (dns_names_str == 0) return result; + memset (&result, 0, sizeof (parsed_dns_names)); + if (dns_names_str == 0) + return result; result.name_count = 1; - result.buffer = gpr_strdup(dns_names_str); - result.names = name_list_add(result.buffer); + result.buffer = gpr_strdup (dns_names_str); + result.names = name_list_add (result.buffer); current_nl = result.names; - for (i = 0; i < strlen(dns_names_str); i++) { - if (dns_names_str[i] == ',') { - result.buffer[i] = '\0'; - result.name_count++; - i++; - current_nl->next = name_list_add(result.buffer + i); - current_nl = current_nl->next; + for (i = 0; i < strlen (dns_names_str); i++) + { + if (dns_names_str[i] == ',') + { + result.buffer[i] = '\0'; + result.name_count++; + i++; + current_nl->next = name_list_add (result.buffer + i); + current_nl = current_nl->next; + } } - } return result; } -static void destruct_parsed_dns_names(parsed_dns_names *pdn) { +static void +destruct_parsed_dns_names (parsed_dns_names * pdn) +{ name_list *nl = pdn->names; - if (pdn->buffer != NULL) gpr_free(pdn->buffer); - while (nl != NULL) { - name_list *to_be_free = nl; - nl = nl->next; - gpr_free(to_be_free); - } + if (pdn->buffer != NULL) + gpr_free (pdn->buffer); + while (nl != NULL) + { + name_list *to_be_free = nl; + nl = nl->next; + gpr_free (to_be_free); + } } -static char *processed_dns_name(const char *dns_name) { - char *result = gpr_strdup(dns_name); +static char * +processed_dns_name (const char *dns_name) +{ + char *result = gpr_strdup (dns_name); size_t i; - for (i = 0; i < strlen(result); i++) { - if (result[i] == '#') { - result[i] = '\0'; + for (i = 0; i < strlen (result); i++) + { + if (result[i] == '#') + { + result[i] = '\0'; + } } - } return result; } -static tsi_peer peer_from_cert_name_test_entry( - const cert_name_test_entry *entry) { +static tsi_peer +peer_from_cert_name_test_entry (const cert_name_test_entry * entry) +{ size_t i; tsi_peer peer; name_list *nl; - parsed_dns_names dns_entries = parse_dns_names(entry->dns_names); + parsed_dns_names dns_entries = parse_dns_names (entry->dns_names); nl = dns_entries.names; - GPR_ASSERT(tsi_construct_peer(1 + dns_entries.name_count, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, entry->common_name, - &peer.properties[0]) == TSI_OK); + GPR_ASSERT (tsi_construct_peer (1 + dns_entries.name_count, &peer) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, entry->common_name, &peer.properties[0]) == TSI_OK); i = 1; - while (nl != NULL) { - char *processed = processed_dns_name(nl->name); - GPR_ASSERT(tsi_construct_string_peer_property( - TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, processed, - strlen(nl->name), &peer.properties[i++]) == TSI_OK); - nl = nl->next; - gpr_free(processed); - } - destruct_parsed_dns_names(&dns_entries); + while (nl != NULL) + { + char *processed = processed_dns_name (nl->name); + GPR_ASSERT (tsi_construct_string_peer_property (TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, processed, strlen (nl->name), &peer.properties[i++]) == TSI_OK); + nl = nl->next; + gpr_free (processed); + } + destruct_parsed_dns_names (&dns_entries); return peer; } -char *cert_name_test_entry_to_string(const cert_name_test_entry *entry) { +char * +cert_name_test_entry_to_string (const cert_name_test_entry * entry) +{ char *s; - gpr_asprintf( - &s, "{ success = %s, host_name = %s, common_name = %s, dns_names = %s}", - entry->expected ? "true" : "false", entry->host_name, entry->common_name, - entry->dns_names != NULL ? entry->dns_names : ""); + gpr_asprintf (&s, "{ success = %s, host_name = %s, common_name = %s, dns_names = %s}", entry->expected ? "true" : "false", entry->host_name, entry->common_name, entry->dns_names != NULL ? entry->dns_names : ""); return s; } -static void test_peer_matches_name(void) { +static void +test_peer_matches_name (void) +{ size_t i = 0; - for (i = 0; i < GPR_ARRAY_SIZE(cert_name_test_entries); i++) { - const cert_name_test_entry *entry = &cert_name_test_entries[i]; - tsi_peer peer = peer_from_cert_name_test_entry(entry); - int result = tsi_ssl_peer_matches_name(&peer, entry->host_name); - if (result != entry->expected) { - char *entry_str = cert_name_test_entry_to_string(entry); - gpr_log(GPR_ERROR, "%s", entry_str); - gpr_free(entry_str); - GPR_ASSERT(0); /* Unexpected result. */ + for (i = 0; i < GPR_ARRAY_SIZE (cert_name_test_entries); i++) + { + const cert_name_test_entry *entry = &cert_name_test_entries[i]; + tsi_peer peer = peer_from_cert_name_test_entry (entry); + int result = tsi_ssl_peer_matches_name (&peer, entry->host_name); + if (result != entry->expected) + { + char *entry_str = cert_name_test_entry_to_string (entry); + gpr_log (GPR_ERROR, "%s", entry_str); + gpr_free (entry_str); + GPR_ASSERT (0); /* Unexpected result. */ + } + tsi_peer_destruct (&peer); } - tsi_peer_destruct(&peer); - } } -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - test_peer_matches_name(); +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + test_peer_matches_name (); return 0; } |