Lines 37-42
Link Here
|
37 |
#include "svn_pools.h" |
37 |
#include "svn_pools.h" |
38 |
#include "svn_dirent_uri.h" |
38 |
#include "svn_dirent_uri.h" |
39 |
#include "private/svn_fspath.h" |
39 |
#include "private/svn_fspath.h" |
|
|
40 |
#include "private/svn_cert.h" |
40 |
|
41 |
|
41 |
#include "../svn_test.h" |
42 |
#include "../svn_test.h" |
42 |
|
43 |
|
Lines 2821-2826
test_fspath_get_longest_ancestor(apr_pool_t *pool)
Link Here
|
2821 |
return SVN_NO_ERROR; |
2822 |
return SVN_NO_ERROR; |
2822 |
} |
2823 |
} |
2823 |
|
2824 |
|
|
|
2825 |
struct cert_match_dns_test { |
2826 |
const char *pattern; |
2827 |
const char *hostname; |
2828 |
svn_boolean_t expected; |
2829 |
}; |
2830 |
|
2831 |
static svn_error_t * |
2832 |
run_cert_match_dns_tests(struct cert_match_dns_test *tests, apr_pool_t *pool) |
2833 |
{ |
2834 |
struct cert_match_dns_test *ct; |
2835 |
apr_pool_t *iterpool = svn_pool_create(pool); |
2836 |
|
2837 |
for (ct = tests; ct->pattern; ct++) |
2838 |
{ |
2839 |
svn_boolean_t result; |
2840 |
svn_string_t *pattern, *hostname; |
2841 |
|
2842 |
svn_pool_clear(iterpool); |
2843 |
|
2844 |
pattern = svn_string_create(ct->pattern, iterpool); |
2845 |
hostname = svn_string_create(ct->hostname, iterpool); |
2846 |
|
2847 |
result = svn_cert__match_dns_identity(pattern, hostname); |
2848 |
if (result != ct->expected) |
2849 |
return svn_error_createf(SVN_ERR_TEST_FAILED, NULL, |
2850 |
"Expected %s but got %s for pattern '%s' on " |
2851 |
"hostname '%s'", |
2852 |
ct->expected ? "match" : "no match", |
2853 |
result ? "match" : "no match", |
2854 |
pattern->data, hostname->data); |
2855 |
|
2856 |
} |
2857 |
|
2858 |
svn_pool_destroy(iterpool); |
2859 |
|
2860 |
return SVN_NO_ERROR; |
2861 |
} |
2862 |
|
2863 |
static struct cert_match_dns_test cert_match_dns_tests[] = { |
2864 |
{ "foo.example.com", "foo.example.com", TRUE }, /* exact match */ |
2865 |
{ "foo.example.com", "FOO.EXAMPLE.COM", TRUE }, /* case differences */ |
2866 |
{ "FOO.EXAMPLE.COM", "foo.example.com", TRUE }, |
2867 |
{ "*.example.com", "FoO.ExAmPlE.CoM", TRUE }, |
2868 |
{ "*.ExAmPlE.CoM", "foo.example.com", TRUE }, |
2869 |
{ "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz", TRUE }, |
2870 |
{ "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZ", TRUE }, |
2871 |
{ "foo.example.com", "bar.example.com", FALSE }, /* difference at start */ |
2872 |
{ "foo.example.com", "foo.example.net", FALSE }, /* difference at end */ |
2873 |
{ "foo.example.com", "foo.example.commercial", FALSE }, /* hostname longer */ |
2874 |
{ "foo.example.commercial", "foo.example.com", FALSE }, /* pattern longer */ |
2875 |
{ "foo.example.comcom", "foo.example.com", FALSE }, /* repeated suffix */ |
2876 |
{ "foo.example.com", "foo.example.comcom", FALSE }, |
2877 |
{ "foo.example.com.com", "foo.example.com", FALSE }, |
2878 |
{ "foo.example.com", "foo.example.com.com", FALSE }, |
2879 |
{ "foofoo.example.com", "foo.example.com", FALSE }, /* repeated prefix */ |
2880 |
{ "foo.example.com", "foofoo.example.com", FALSE }, |
2881 |
{ "foo.foo.example.com", "foo.example.com", FALSE }, |
2882 |
{ "foo.example.com", "foo.foo.example.com", FALSE }, |
2883 |
{ "foo.*.example.com", "foo.bar.example.com", FALSE }, /* RFC 6125 s. 6.4.3 |
2884 |
Rule 1 */ |
2885 |
{ "*.example.com", "foo.example.com", TRUE }, /* RFC 6125 s. 6.4.3 Rule 2 */ |
2886 |
{ "*.example.com", "bar.foo.example.com", FALSE }, /* Rule 2 */ |
2887 |
{ "*.example.com", "example.com", FALSE }, /* Rule 2 */ |
2888 |
{ "*.example.com", ".example.com", FALSE }, /* RFC doesn't say what to do |
2889 |
here and a leading period on |
2890 |
a hostname doesn't make sense |
2891 |
so we'll just reject this. */ |
2892 |
{ "*", "foo.example.com", FALSE }, /* wildcard must be left-most label, |
2893 |
implies that there must be more than |
2894 |
one label. */ |
2895 |
{ "*", "example.com", FALSE }, |
2896 |
{ "*", "com", FALSE }, |
2897 |
{ "*.example.com", "foo.example.net", FALSE }, /* difference in literal text |
2898 |
with a wildcard. */ |
2899 |
{ "*.com", "example.com", TRUE }, /* See Errata ID 3090 for RFC 6125, |
2900 |
probably shouldn't allow this but |
2901 |
we do for now. */ |
2902 |
{ "*.", "example.com", FALSE }, /* test some dubious 2 character wildcard |
2903 |
patterns */ |
2904 |
{ "*.", "example.", TRUE }, /* This one feels questionable */ |
2905 |
{ "*.", "example", FALSE }, |
2906 |
{ "*.", ".", FALSE }, |
2907 |
{ "a", "a", TRUE }, /* check that single letter exact matches work */ |
2908 |
{ "a", "b", FALSE }, /* and single letter not matches shouldn't */ |
2909 |
{ "*.*.com", "foo.example.com", FALSE }, /* unsupported wildcards */ |
2910 |
{ "*.*.com", "example.com", FALSE }, |
2911 |
{ "**.example.com", "foo.example.com", FALSE }, |
2912 |
{ "**.example.com", "example.com", FALSE }, |
2913 |
{ "f*.example.com", "foo.example.com", FALSE }, |
2914 |
{ "f*.example.com", "bar.example.com", FALSE }, |
2915 |
{ "*o.example.com", "foo.example.com", FALSE }, |
2916 |
{ "*o.example.com", "bar.example.com", FALSE }, |
2917 |
{ "f*o.example.com", "foo.example.com", FALSE }, |
2918 |
{ "f*o.example.com", "bar.example.com", FALSE }, |
2919 |
{ "foo.e*.com", "foo.example.com", FALSE }, |
2920 |
{ "foo.*e.com", "foo.example.com", FALSE }, |
2921 |
{ "foo.e*e.com", "foo.example.com", FALSE }, |
2922 |
{ "foo.example.com", "foo.example.com.", TRUE }, /* trailing dot */ |
2923 |
{ "*.example.com", "foo.example.com.", TRUE }, |
2924 |
{ "foo", "foo.", TRUE }, |
2925 |
{ "foo.example.com.", "foo.example.com", FALSE }, |
2926 |
{ "*.example.com.", "foo.example.com", FALSE }, |
2927 |
{ "foo.", "foo", FALSE }, |
2928 |
{ "foo.example.com", "foo.example.com..", FALSE }, |
2929 |
{ "*.example.com", "foo.example.com..", FALSE }, |
2930 |
{ "foo", "foo..", FALSE }, |
2931 |
{ "foo.example.com..", "foo.example.com", FALSE }, |
2932 |
{ "*.example.com..", "foo.example.com", FALSE }, |
2933 |
{ "foo..", "foo", FALSE }, |
2934 |
{ NULL } |
2935 |
}; |
2936 |
|
2937 |
static svn_error_t * |
2938 |
test_cert_match_dns_identity(apr_pool_t *pool) |
2939 |
{ |
2940 |
return run_cert_match_dns_tests(cert_match_dns_tests, pool); |
2941 |
} |
2942 |
|
2943 |
/* This test table implements results that should happen if we supported |
2944 |
* RFC 6125 s. 6.4.3 Rule 3. We don't so it's expected to fail for now. */ |
2945 |
static struct cert_match_dns_test rule3_tests[] = { |
2946 |
{ "baz*.example.net", "baz1.example.net", TRUE }, |
2947 |
{ "*baz.example.net", "foobaz.example.net", TRUE }, |
2948 |
{ "b*z.example.net", "buuz.example.net", TRUE }, |
2949 |
{ "b*z.example.net", "bz.example.net", FALSE }, /* presume wildcard can't |
2950 |
match nothing */ |
2951 |
{ "baz*.example.net", "baz.example.net", FALSE }, |
2952 |
{ "*baz.example.net", "baz.example.net", FALSE }, |
2953 |
{ "b*z.example.net", "buuzuuz.example.net", TRUE }, /* presume wildcard |
2954 |
should be greedy */ |
2955 |
{ NULL } |
2956 |
}; |
2957 |
|
2958 |
static svn_error_t * |
2959 |
test_rule3(apr_pool_t *pool) |
2960 |
{ |
2961 |
return run_cert_match_dns_tests(rule3_tests, pool); |
2962 |
} |
2963 |
|
2824 |
|
2964 |
|
2825 |
/* The test table. */ |
2965 |
/* The test table. */ |
2826 |
|
2966 |
|
Lines 2925-2929
struct svn_test_descriptor_t test_funcs[] =
Link Here
|
2925 |
"test svn_fspath__dirname/basename/split"), |
3065 |
"test svn_fspath__dirname/basename/split"), |
2926 |
SVN_TEST_PASS2(test_fspath_get_longest_ancestor, |
3066 |
SVN_TEST_PASS2(test_fspath_get_longest_ancestor, |
2927 |
"test svn_fspath__get_longest_ancestor"), |
3067 |
"test svn_fspath__get_longest_ancestor"), |
|
|
3068 |
SVN_TEST_PASS2(test_cert_match_dns_identity, |
3069 |
"test svn_cert__match_dns_identity"), |
3070 |
SVN_TEST_XFAIL2(test_rule3, |
3071 |
"test match with RFC 6125 s. 6.4.3 Rule 3"), |
2928 |
SVN_TEST_NULL |
3072 |
SVN_TEST_NULL |
2929 |
}; |
3073 |
}; |
2930 |
Patch against 1.8.9: |
3074 |
Patch against 1.8.9: |