File: IPAddressTests.swift

package info (click to toggle)
swiftlang 6.0.3-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,519,992 kB
  • sloc: cpp: 9,107,863; ansic: 2,040,022; asm: 1,135,751; python: 296,500; objc: 82,456; f90: 60,502; lisp: 34,951; pascal: 19,946; sh: 18,133; perl: 7,482; ml: 4,937; javascript: 4,117; makefile: 3,840; awk: 3,535; xml: 914; fortran: 619; cs: 573; ruby: 573
file content (148 lines) | stat: -rw-r--r-- 7,184 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftCertificates open source project
//
// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

import XCTest
import SwiftASN1
@testable import X509

final class IPAddressNameTests: XCTestCase {
    static let fixtures: [(ASN1OctetString, ASN1OctetString, Bool)] = [
        // Confirm a few CIDR masks
        (.v4("17.250.78.1"), .v4(subnet: "17.0.0.0", mask: "255.0.0.0"), true),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.0.66", mask: "255.255.0.0"), true),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.0", mask: "255.255.255.0"), true),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "255.255.255.255"), true),
        (.v4("18.250.78.1"), .v4(subnet: "17.0.0.0", mask: "255.0.0.0"), false),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.2", mask: "255.255.255.255"), false),

        // CIDR mask with zero bytes in weird places.
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "0.0.0.255"), false),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "0.0.255.255"), false),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "0.255.255.255"), false),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "255.0.255.0"), false),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "255.255.0.255"), false),

        // CIDR masks that aren't all zeros
        (.v4("17.250.78.1"), .v4(subnet: "17.0.0.0", mask: "128.0.0.0"), true),
        (.v4("17.255.78.1"), .v4(subnet: "17.254.0.0", mask: "255.254.0.0"), true),
        (.v4("17.255.78.1"), .v4(subnet: "17.254.0.0", mask: "255.255.0.0"), false),

        // CIDR masks with weird bit patterns
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "255.255.62.0"), false),
        (.v4("17.250.78.1"), .v4(subnet: "17.250.78.1", mask: "255.239.255.255"), false),

        // All zero mask matches nothing
        (.v4("17.250.78.1"), .v4(subnet: "0.0.0.0", mask: "0.0.0.0"), false),

        // v4 address with v6 mask and vice-versa
        (.v4("17.250.78.1"), .v6(subnet: "8000::", mask: "8000::"), false),
        (.v6("fe80::"), .v4(subnet: "254.128.0.0", mask: "255.128.0.0"), false),

        // Confirm a few CIDR masks
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::", mask: "ffff:ffff:ffff:ffff::"), true),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:0:0:0", mask: "ffff:ffff:ffff:ffff:ffff::"), true),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:f7d:0:0", mask: "ffff:ffff:ffff:ffff:ffff:ffff::"), true),
        (
            .v6("fe80::8d:f7d:79c5:5719"),
            .v6(subnet: "fe80::8d:f7d:79c5:0", mask: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0"), true
        ),
        (
            .v6("fe80::8d:f7d:79c5:5719"),
            .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"), true
        ),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe81::", mask: "ffff:ffff:ffff:ffff::"), false),
        (
            .v6("fe80::8d:f7d:79d5:5719"),
            .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"), false
        ),

        // CIDR mask with zero bytes in weird places.
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "::ffff"), false),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "::ffff:ffff"), false),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "ffff::ffff"), false),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "ffff:0:0:ffff::ffff"), false),

        // CIDR masks that aren't all zeros
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "8000::"), true),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe80::8d:f7d:79c5:5719", mask: "fffe::"), true),
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe81::8d:f7d:79c5:5719", mask: "ffff:ffff::"), false),

        // CIDR masks with weird bit patterns
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "fe81::8d:f7d:79c5:5719", mask: "ffff:ffff:c9c9::"), false),
        (
            .v6("fe80::8d:f7d:79c5:5719"),
            .v6(subnet: "fe81::8d:f7d:79c5:5719", mask: "ffff:ffff:feff:ffff:ffff:ffff:ffff:ffff"), false
        ),

        // All zero mask matches nothing
        (.v6("fe80::8d:f7d:79c5:5719"), .v6(subnet: "::", mask: "::"), false),

        // Require exactly double the bytes for the subnet.
        (.v4("17.250.78.1"), ASN1OctetString(contentBytes: .init(repeating: 0xff, count: 1)), false),
        (.v4("17.250.78.1"), ASN1OctetString(contentBytes: .init(repeating: 0xff, count: 7)), false),
        (.v4("17.250.78.1"), ASN1OctetString(contentBytes: .init(repeating: 0xff, count: 9)), false),
        (.v6("fe80::8d:f7d:79c5:5719"), ASN1OctetString(contentBytes: .init(repeating: 0xff, count: 1)), false),
        (.v6("fe80::8d:f7d:79c5:5719"), ASN1OctetString(contentBytes: .init(repeating: 0xff, count: 31)), false),
        (.v6("fe80::8d:f7d:79c5:5719"), ASN1OctetString(contentBytes: .init(repeating: 0xff, count: 33)), false),
    ]

    func testConstraints() throws {
        // (presented name, constraint, match)
        for (presentedName, constraint, match) in IPAddressNameTests.fixtures {
            XCTAssertEqual(
                NameConstraintsPolicy.ipAddressMatchesConstraint(ipAddress: presentedName, constraint: constraint),
                match,
                "Expected address \(presentedName) matching \(constraint) to be \(match), but it wasn't"
            )
        }
    }
}

extension ASN1OctetString {
    static func v4(_ ipv4Address: String) -> ASN1OctetString {
        var addr = in_addr()
        let rc = inet_pton(AF_INET, ipv4Address, &addr)
        precondition(rc == 1)

        let bytes = Swift.withUnsafeBytes(of: &addr) {
            ArraySlice($0)
        }

        return .init(contentBytes: bytes)
    }

    static func v6(_ ipv6Address: String) -> ASN1OctetString {
        var addr = in6_addr()
        let rc = inet_pton(AF_INET6, ipv6Address, &addr)
        precondition(rc == 1)

        let bytes = Swift.withUnsafeBytes(of: &addr) {
            ArraySlice($0)
        }

        return .init(contentBytes: bytes)
    }

    static func v4(subnet: String, mask: String) -> ASN1OctetString {
        let subnet = ASN1OctetString.v4(subnet)
        let mask = ASN1OctetString.v4(mask)
        return ASN1OctetString(contentBytes: subnet.bytes + mask.bytes)
    }

    static func v6(subnet: String, mask: String) -> ASN1OctetString {
        let subnet = ASN1OctetString.v6(subnet)
        let mask = ASN1OctetString.v6(mask)
        return ASN1OctetString(contentBytes: subnet.bytes + mask.bytes)
    }
}