commit 4015000e19e876f54867b656ceb96702aeb31c9b
author David Benjamin <davidben@google.com> Mon Sep 18 18:22:01 2017 -0400
committer David Benjamin <davidben@google.com> Wed Sep 20 19:58:48 2017 +0000
tree 44fe55a89ac7a6d3b57ac955f1ce263f776a8dd3
parent 60931e2d8afff685f5460cf9a88469b96942849b

Add a test for lots of names and constraints.

Change-Id: I0ad593cb5c73d61391aa7513054e5cf102334817
Reviewed-on: https://boringssl-review.googlesource.com/20524
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>

crypto/x509/x509_test.cc

diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index 1b34578..2fb1b1b 100644
--- a/crypto/x509/x509_test.cc
+++ b/crypto/x509/x509_test.cc
@@ -30,6 +30,8 @@
 #include "../internal.h"
 
 
+std::string GetTestData(const char *path);
+
 static const char kCrossSigningRootPEM[] =
     "-----BEGIN CERTIFICATE-----\n"
     "MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE\n"
@@ -657,6 +659,47 @@
                    {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
 }
 
+TEST(X509Test, ManyNamesAndConstraints) {
+  bssl::UniquePtr<X509> many_constraints(
+      CertFromPEM(GetTestData("crypto/x509/many_constraints.pem").c_str()));
+  ASSERT_TRUE(many_constraints);
+  bssl::UniquePtr<X509> many_names1(
+      CertFromPEM(GetTestData("crypto/x509/many_names1.pem").c_str()));
+  ASSERT_TRUE(many_names1);
+  bssl::UniquePtr<X509> many_names2(
+      CertFromPEM(GetTestData("crypto/x509/many_names2.pem").c_str()));
+  ASSERT_TRUE(many_names2);
+  bssl::UniquePtr<X509> many_names3(
+      CertFromPEM(GetTestData("crypto/x509/many_names3.pem").c_str()));
+  ASSERT_TRUE(many_names3);
+  bssl::UniquePtr<X509> some_names1(
+      CertFromPEM(GetTestData("crypto/x509/some_names1.pem").c_str()));
+  ASSERT_TRUE(some_names1);
+  bssl::UniquePtr<X509> some_names2(
+      CertFromPEM(GetTestData("crypto/x509/some_names2.pem").c_str()));
+  ASSERT_TRUE(some_names2);
+  bssl::UniquePtr<X509> some_names3(
+      CertFromPEM(GetTestData("crypto/x509/some_names3.pem").c_str()));
+  ASSERT_TRUE(some_names3);
+
+  EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+            Verify(many_names1.get(), {many_constraints.get()},
+                   {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+            Verify(many_names2.get(), {many_constraints.get()},
+                   {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
+            Verify(many_names3.get(), {many_constraints.get()},
+                   {many_constraints.get()}, {}));
+
+  EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
+                              {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
+                              {many_constraints.get()}, {}));
+  EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
+                              {many_constraints.get()}, {}));
+}
+
 TEST(X509Test, TestPSS) {
   bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
   ASSERT_TRUE(cert);