!120 证书状态校验支持OCSP和CRL两种方式,支持在线获取CRL列表&证书链校验支持常用的校验策略和校验KeyUsage

Merge pull request !120 from hhhFun/req_cert_verify
This commit is contained in:
openharmony_ci 2024-04-09 14:45:13 +00:00 committed by Gitee
commit d503d9947b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
28 changed files with 3229 additions and 375 deletions

View File

@ -31,6 +31,7 @@ group("certificate_framework_fuzztest") {
deps += [
"test/fuzztest/cfcreate_fuzzer:fuzztest",
"test/fuzztest/cfgetandcheck_fuzzer:fuzztest",
"test/fuzztest/v1.0/x509certchain_fuzzer:fuzztest",
"test/fuzztest/v1.0/x509certificate_fuzzer:fuzztest",
"test/fuzztest/v1.0/x509crl_fuzzer:fuzztest",
]

View File

@ -1,4 +1,4 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Copyright (c) 2023-2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -54,5 +54,6 @@ ohos_static_library("certificate_openssl_plugin_lib") {
"crypto_framework:crypto_framework_lib",
"hilog:libhilog",
"openssl:libcrypto_shared",
"openssl:libssl_shared",
]
}

View File

@ -51,6 +51,11 @@ char *Asn1TimeToStr(const ASN1_GENERALIZEDTIME *time);
bool CfArrayContains(const CfArray *self, const CfArray *sub);
CfResult DeepCopyDataToOut(const char *data, uint32_t len, CfBlob *out);
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array);
bool CheckIsSelfSigned(const X509 *cert);
bool CheckIsLeafCert(X509 *cert);
CfResult IsOrderCertChain(STACK_OF(X509) * certsChain, bool *isOrder);
CfResult CheckSelfPubkey(X509 *cert, const EVP_PKEY *pubKey);
X509 *FindCertificateBySubject(STACK_OF(X509) * certs, X509_NAME *subjectName);
#ifdef __cplusplus
}
#endif

View File

@ -15,6 +15,8 @@
#include "certificate_openssl_common.h"
#include <openssl/err.h>
#include <openssl/x509v3.h>
#include <securec.h>
#include <string.h>
@ -23,8 +25,6 @@
#include "cf_result.h"
#include "config.h"
#include <openssl/err.h>
#define TIME_MON_LEN 2
#define TIME_HOUR_LEN 8
#define TIME_MIN_LEN 10
@ -333,3 +333,163 @@ CfResult DeepCopyDataToOut(const char *data, uint32_t len, CfBlob *out)
out->size = len;
return CF_SUCCESS;
}
bool CheckIsSelfSigned(const X509 *cert)
{
bool ret = false;
X509_NAME *issuer = X509_get_issuer_name(cert);
if (issuer == NULL) {
LOGE("x509 get issuer name failed!");
CfPrintOpensslError();
return CF_ERR_CRYPTO_OPERATION;
}
X509_NAME *subject = X509_get_subject_name(cert);
if (subject == NULL) {
LOGE("x509 get subject name failed!");
CfPrintOpensslError();
return CF_ERR_CRYPTO_OPERATION;
}
ret = (X509_NAME_cmp(issuer, subject) == 0);
LOGI("CheckIsSelfSigned() ret: %d .", ret);
return ret;
}
bool CheckIsLeafCert(X509 *cert)
{
if (cert == NULL) {
return false;
}
bool ret = true;
if (X509_check_ca(cert)) {
return false;
}
return ret;
}
CfResult IsOrderCertChain(STACK_OF(X509) * certsChain, bool *isOrder)
{
int num = sk_X509_num(certsChain);
if (num == 1) {
LOGI("1 certs is order chain.");
return CF_SUCCESS;
}
X509 *cert = NULL;
X509 *certNext = NULL;
X509_NAME *issuerName = NULL;
X509_NAME *subjectName = NULL;
for (int i = num - 1; i > 0; --i) {
cert = sk_X509_value(certsChain, i);
if (cert == NULL) {
LOGE("sk X509 value is null, failed!");
CfPrintOpensslError();
return CF_ERR_CRYPTO_OPERATION;
}
certNext = sk_X509_value(certsChain, i - 1);
if (certNext == NULL) {
LOGE("sk X509 value is null, failed!");
CfPrintOpensslError();
return CF_ERR_CRYPTO_OPERATION;
}
subjectName = X509_get_subject_name(cert);
if (subjectName == NULL) {
LOGE("x509 get subject name failed!");
CfPrintOpensslError();
return CF_ERR_CRYPTO_OPERATION;
}
issuerName = X509_get_issuer_name(certNext);
if (issuerName == NULL) {
LOGE("x509 get subject name failed!");
CfPrintOpensslError();
return CF_ERR_CRYPTO_OPERATION;
}
if (X509_NAME_cmp(subjectName, issuerName) != 0) {
*isOrder = false;
LOGI("is a misOrder chain.");
break;
}
}
return CF_SUCCESS;
}
CfResult CheckSelfPubkey(X509 *cert, const EVP_PKEY *pubKey)
{
EVP_PKEY *certPublicKey = X509_get_pubkey(cert);
if (certPublicKey == NULL) {
LOGE("get cert public key failed!");
CfPrintOpensslError();
return CF_ERR_CRYPTO_OPERATION;
}
int isMatch = EVP_PKEY_cmp(certPublicKey, pubKey);
if (isMatch != CF_OPENSSL_SUCCESS) {
LOGE("cmp cert public key failed!");
CfPrintOpensslError();
EVP_PKEY_free(certPublicKey);
return CF_ERR_CRYPTO_OPERATION;
}
EVP_PKEY_free(certPublicKey);
return CF_SUCCESS;
}
X509 *FindCertificateBySubject(STACK_OF(X509) * certs, X509_NAME *subjectName)
{
X509_STORE_CTX *ctx = NULL;
X509 *cert = NULL;
X509_OBJECT *obj;
X509_STORE *store = X509_STORE_new();
if (store == NULL) {
return NULL;
}
for (int i = 0; i < sk_X509_num(certs); i++) {
cert = sk_X509_value(certs, i);
X509_STORE_add_cert(store, cert);
}
if (!(ctx = X509_STORE_CTX_new())) {
X509_STORE_free(store);
return NULL;
}
if (X509_STORE_CTX_init(ctx, store, NULL, NULL) != 1) {
X509_STORE_free(store);
X509_STORE_CTX_free(ctx);
return NULL;
}
obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, subjectName);
if (obj == NULL) {
X509_STORE_free(store);
X509_STORE_CTX_free(ctx);
return NULL;
}
cert = X509_OBJECT_get0_X509(obj);
X509_STORE_free(store);
X509_OBJECT_free(obj);
X509_STORE_CTX_free(ctx);
return cert;
}
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array)
{
if (array == NULL) {
LOGD("The input array is null, no need to free.");
return;
}
if (array->data != NULL) {
for (uint32_t i = 0; i < array->count; ++i) {
CF_FREE_BLOB(array->data[i].name);
}
CfFree(array->data);
array->data = NULL;
array->count = 0;
}
}

File diff suppressed because it is too large Load Diff

View File

@ -15,7 +15,6 @@
#include "x509_crl_openssl.h"
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/pkcs7.h>

View File

@ -22,7 +22,6 @@
#include "cf_blob.h"
#include "cf_object_base.h"
#include "object_base.h"
#include "x509_cert_match_parameters.h"
#ifdef __cplusplus
extern "C" {
@ -32,7 +31,8 @@ bool IsStrValid(const char *str, uint32_t maxLen);
bool IsBlobValid(const CfBlob *blob);
bool IsClassMatch(const CfObjectBase *obj, const char *className);
bool IsPubKeyClassMatch(const HcfObjectBase *obj, const char *className);
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array);
bool IsUrlValid(const char *url);
bool IsHttp(const char *url);
#ifdef __cplusplus
}

View File

@ -20,6 +20,10 @@
#include "cf_log.h"
#include "cf_memory.h"
#define MIN_URL_LEN 5
#define HTTP_URL_LEN 7
#define HTTPS_URL_LEN 8
bool IsStrValid(const char *str, uint32_t maxLen)
{
if (str == NULL) {
@ -65,18 +69,49 @@ bool IsPubKeyClassMatch(const HcfObjectBase *obj, const char *className)
}
}
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array)
bool IsUrlValid(const char *url)
{
if (array == NULL) {
LOGD("The input array is null, no need to free.");
return;
if (url == NULL) {
return false;
}
if (array->data != NULL) {
for (uint32_t i = 0; i < array->count; ++i) {
CF_FREE_BLOB(array->data[i].name);
if (strlen(url) < MIN_URL_LEN) {
return false;
}
CfFree(array->data);
array->data = NULL;
array->count = 0;
if (strncmp(url, "http://", HTTP_URL_LEN) != 0 && strncmp(url, "https://", HTTPS_URL_LEN) != 0) {
return false;
}
int httpHeaderLen = (strncmp(url, "http://", HTTP_URL_LEN) == 0) ? HTTP_URL_LEN : HTTPS_URL_LEN;
const char *startDomain = url + httpHeaderLen;
const char *endDomain = startDomain;
while (*endDomain != '\0' && *endDomain != '/') {
endDomain++;
}
if (endDomain == startDomain) {
return false;
}
if (*endDomain == '\0') {
return true;
} else {
const char *startPath = endDomain;
while (*startPath == '/') {
startPath++;
}
if (*startPath == '\0') {
return false;
} else {
return true;
}
}
return false;
}
bool IsHttp(const char *url)
{
if (url != NULL && strncmp(url, "http://", strlen("http://")) == 0) {
return true;
} else {
return false;
}
}

View File

@ -100,6 +100,16 @@ const std::string CERT_CHAIN_TRUSTANCHOR_TAG_CASUBJECT = "CASubject";
const std::string CERT_CHAIN_VALIDATE_TAG_DATE = "date";
const std::string CERT_CHAIN_VALIDATE_TAG_TRUSTANCHORS = "trustAnchors";
const std::string CERT_CHAIN_VALIDATE_TAG_CERTCRLS = "certCRLs";
const std::string CERT_CHAIN_VALIDATE_TAG_REVOCATIONCHECKPARAM = "revocationCheckParam";
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_REQ_EXTENSION = "ocspRequestExtension";
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_URI = "ocspResponderURI";
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_CERT = "ocspResponderCert";
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_RESPS = "ocspResponses";
const std::string CERT_CHAIN_VALIDATE_TAG_CRL_DOWNLOAD_URI = "crlDownloadURI";
const std::string CERT_CHAIN_VALIDATE_TAG_OPTIONS = "options";
const std::string CERT_CHAIN_VALIDATE_TAG_POLICY = "policy";
const std::string CERT_CHAIN_VALIDATE_TAG_SSLHOSTNAME = "sslHostname";
const std::string CERT_CHAIN_VALIDATE_TAG_KEYUSAGE = "keyUsage";
// CertChainValidateResult
const std::string CERT_CHAIN_VALIDATE_RESULLT_TAG_TRUSTANCHOR = "trustAnchor";
const std::string CERT_CHAIN_VALIDATE_RESULLT_TAG_X509CERT = "entityCert";

View File

@ -628,6 +628,22 @@ bool ParserArray(napi_env env, napi_value arg, uint32_t &arrayLen)
return true;
}
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array)
{
if (array == NULL) {
LOGD("The input array is null, no need to free.");
return;
}
if (array->data != NULL) {
for (uint32_t i = 0; i < array->count; ++i) {
CF_FREE_BLOB(array->data[i].name);
}
CfFree(array->data);
array->data = NULL;
array->count = 0;
}
}
SubAltNameArray *CertGetSANArrFromArrUarrJSParams(napi_env env, napi_value arg)
{
uint32_t length = 0;

View File

@ -170,6 +170,76 @@ static void DefineGeneralNameTypeProperties(napi_env env, napi_value exports)
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
}
static napi_value CreateRevocationCheckOptions(napi_env env)
{
napi_value revocationCheckOptions = nullptr;
napi_create_object(env, &revocationCheckOptions);
CertAddUint32Property(
env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_PREFER_OCSP", CF_REVOCATION_CHECK_OPTION_PREFER_OCSP);
CertAddUint32Property(env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_ACCESS_NETWORK",
CF_REVOCATION_CHECK_OPTION_ACCESS_NETWORK);
CertAddUint32Property(env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER",
CF_REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER);
CertAddUint32Property(env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_FALLBACK_LOCAL",
CF_REVOCATION_CHECK_OPTION_FALLBACK_LOCAL);
return revocationCheckOptions;
}
static napi_value CreateValidationPolicyType(napi_env env)
{
napi_value ValidationPolicyType = nullptr;
napi_create_object(env, &ValidationPolicyType);
CertAddUint32Property(env, ValidationPolicyType, "VALIDATION_POLICY_TYPE_X509", CF_VALIDATION_POLICY_TYPE_X509);
CertAddUint32Property(env, ValidationPolicyType, "VALIDATION_POLICY_TYPE_SSL", CF_VALIDATION_POLICY_TYPE_SSL);
return ValidationPolicyType;
}
static napi_value CreateValidationKeyUsageType(napi_env env)
{
napi_value ValidationKeyUsageType = nullptr;
napi_create_object(env, &ValidationKeyUsageType);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_DIGITAL_SIGNATURE", CF_KEYUSAGE_DIGITAL_SIGNATURE);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_NON_REPUDIATION", CF_KEYUSAGE_NON_REPUDIATION);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_KEY_ENCIPHERMENT", CF_KEYUSAGE_KEY_ENCIPHERMENT);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_DATA_ENCIPHERMENT", CF_KEYUSAGE_DATA_ENCIPHERMENT);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_KEY_AGREEMENT", CF_KEYUSAGE_KEY_AGREEMENT);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_KEY_CERT_SIGN", CF_KEYUSAGE_KEY_CERT_SIGN);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_CRL_SIGN", CF_KEYUSAGE_CRL_SIGN);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_ENCIPHER_ONLY", CF_KEYUSAGE_ENCIPHER_ONLY);
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_DECIPHER_ONLY", CF_KEYUSAGE_DECIPHER_ONLY);
return ValidationKeyUsageType;
}
static void DefineOcspCheckOptionTypeProperties(napi_env env, napi_value exports)
{
napi_property_descriptor desc[] = {
DECLARE_NAPI_PROPERTY("RevocationCheckOptions", CreateRevocationCheckOptions(env)),
};
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
}
static void DefineValidationPolicyTypeProperties(napi_env env, napi_value exports)
{
napi_property_descriptor desc[] = {
DECLARE_NAPI_PROPERTY("ValidationPolicyType", CreateValidationPolicyType(env)),
};
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
}
static void DefineValidationKeyUsageTypeProperties(napi_env env, napi_value exports)
{
napi_property_descriptor desc[] = {
DECLARE_NAPI_PROPERTY("KeyUsageType", CreateValidationKeyUsageType(env)),
};
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
}
/***********************************************
* Module export and register
***********************************************/
@ -182,6 +252,9 @@ static napi_value CertModuleExport(napi_env env, napi_value exports)
DefineExtensionOidTypeProperties(env, exports);
DefineExtensionEntryTypeProperties(env, exports);
DefineGeneralNameTypeProperties(env, exports);
DefineOcspCheckOptionTypeProperties(env, exports);
DefineValidationPolicyTypeProperties(env, exports);
DefineValidationKeyUsageTypeProperties(env, exports);
NapiKey::DefineHcfKeyJSClass(env);
NapiPubKey::DefinePubKeyJSClass(env);

View File

@ -163,6 +163,186 @@ static bool GetCertCRLCollectionArray(napi_env env, napi_value arg, HcfCertCRLCo
return true;
}
static bool GetRevocationOptions(napi_env env, napi_value rckObj, HcfRevocationCheckParam *&out)
{
napi_value obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OPTIONS.c_str());
if (obj == nullptr) {
return true;
}
bool flag = false;
napi_status status = napi_is_array(env, obj, &flag);
if (status != napi_ok || !flag) {
return false;
}
uint32_t length = 0;
status = napi_get_array_length(env, obj, &length);
if (status != napi_ok || length == 0 || length > MAX_NAPI_ARRAY_OF_U8ARR) {
return false;
}
out->options = static_cast<HcfRevChkOpArray *>(HcfMalloc(sizeof(HcfRevChkOpArray), 0));
out->options->count = length;
out->options->data = static_cast<HcfRevChkOption *>(HcfMalloc(length * sizeof(HcfRevChkOption), 0));
for (uint32_t i = 0; i < length; i++) {
napi_value element;
if (napi_get_element(env, obj, i, &element) != napi_ok ||
napi_get_value_int32(env, element, (int32_t *)&(out->options->data[i])) != napi_ok) {
return false;
}
switch (out->options->data[i]) {
case REVOCATION_CHECK_OPTION_PREFER_OCSP:
case REVOCATION_CHECK_OPTION_ACCESS_NETWORK:
case REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER:
case REVOCATION_CHECK_OPTION_FALLBACK_LOCAL:
break;
default:
return false;
}
}
return true;
}
static bool GetRevocationDetail(napi_env env, napi_value rckObj, HcfRevocationCheckParam *&out)
{
napi_value obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_REQ_EXTENSION.c_str());
if (obj != nullptr) {
out->ocspRequestExtension = CertGetBlobArrFromArrUarrJSParams(env, obj);
if (out->ocspRequestExtension == nullptr) {
return false;
}
}
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_URI.c_str());
if (obj != nullptr) {
out->ocspResponderURI = CertGetBlobFromStringJSParams(env, obj);
if (out->ocspResponderURI == nullptr) {
return false;
}
}
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_CERT.c_str());
if (obj != nullptr) {
NapiX509Certificate *napiX509Cert = nullptr;
napi_unwrap(env, obj, reinterpret_cast<void **>(&napiX509Cert));
if (napiX509Cert != nullptr) {
out->ocspResponderCert = napiX509Cert->GetX509Cert();
if (out->ocspResponderCert == nullptr) {
return false;
}
} else {
return false;
}
}
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_RESPS.c_str());
if (obj != nullptr) {
out->ocspResponses = CertGetBlobFromUint8ArrJSParams(env, obj);
if (out->ocspResponses == nullptr) {
return false;
}
}
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_CRL_DOWNLOAD_URI.c_str());
if (obj != nullptr) {
out->crlDownloadURI = CertGetBlobFromStringJSParams(env, obj);
if (out->crlDownloadURI == nullptr) {
return false;
}
}
return GetRevocationOptions(env, rckObj, out);
}
static bool GetRevocationCheckParam(napi_env env, napi_value arg, HcfRevocationCheckParam *&out)
{
napi_value rckObj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_REVOCATIONCHECKPARAM.c_str());
if (rckObj == nullptr) {
LOGI("RevocationCheckParam do not exist!");
return true;
}
napi_valuetype valueType;
napi_typeof(env, rckObj, &valueType);
if (valueType == napi_null || valueType != napi_object) {
LOGE("Failed to check input param!");
return false;
}
out = static_cast<HcfRevocationCheckParam *>(HcfMalloc(sizeof(HcfRevocationCheckParam), 0));
if (out == nullptr) {
LOGE("Failed to allocate out memory!");
return false;
}
if (!GetRevocationDetail(env, rckObj, out)) {
LOGE("Failed to get revocation detail!");
CfFree(out);
return false;
}
return true;
}
static bool GetValidationPolicyType(napi_env env, napi_value arg, HcfValPolicyType &out)
{
napi_value obj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_POLICY.c_str());
if (obj != nullptr) {
napi_status status = napi_get_value_int32(env, obj, (int32_t *)&out);
if (status != napi_ok) {
return false;
}
}
return true;
}
static bool GetSSLHostname(napi_env env, napi_value arg, CfBlob *&out)
{
napi_value obj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_SSLHOSTNAME.c_str());
if (obj == nullptr) {
LOGI("Param type not SSLHostname!");
return true;
}
out = CertGetBlobFromStringJSParams(env, obj);
if (out == nullptr) {
LOGE("SSLHostname is nullptr");
return false;
}
return true;
}
static bool GetKeyUsage(napi_env env, napi_value arg, HcfKuArray *&out)
{
out = nullptr;
napi_value obj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_KEYUSAGE.c_str());
if (obj == nullptr) {
return true;
}
bool flag = false;
napi_status status = napi_is_array(env, obj, &flag);
if (status != napi_ok || !flag) {
return false;
}
uint32_t length = 0;
status = napi_get_array_length(env, obj, &length);
if (status != napi_ok || length == 0 || length > MAX_NAPI_ARRAY_OF_U8ARR) {
return false;
}
out = static_cast<HcfKuArray *>(HcfMalloc(sizeof(HcfKuArray), 0));
if (out == nullptr) {
return false;
}
out->count = length;
out->data = static_cast<HcfKeyUsageType *>(HcfMalloc(length * sizeof(HcfKeyUsageType), 0));
if (out->data == nullptr) {
CfFree(out);
out = nullptr;
return false;
}
for (uint32_t i = 0; i < length; i++) {
napi_value element;
if (napi_get_element(env, obj, i, &element) != napi_ok ||
napi_get_value_int32(env, element, (int32_t *)&(out->data[i])) != napi_ok) {
CfFree(out);
out = nullptr;
return false;
}
}
return true;
}
void FreeX509CertChainValidateParams(HcfX509CertChainValidateParams &param)
{
CfBlobFree(&param.date);
@ -223,6 +403,22 @@ bool BuildX509CertChainValidateParams(napi_env env, napi_value arg, HcfX509CertC
LOGE("GetCertCRLCollectionArray failed");
return false;
}
if (!GetRevocationCheckParam(env, arg, param.revocationCheckParam)) {
LOGE("Get revocation check param failed!");
return false;
}
if (!GetValidationPolicyType(env, arg, param.policy)) {
LOGE("Get validation policy type failed!");
return false;
}
if (!GetSSLHostname(env, arg, param.sslHostname)) {
LOGE("Get SSLHostname failed!");
return false;
}
if (!GetKeyUsage(env, arg, param.keyUsage)) {
LOGE("Get key usage failed!");
return false;
}
return true;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Copyright (c) 2023-2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@ -24,11 +24,59 @@
#include "cf_blob.h"
#include "x509_trust_anchor.h"
typedef enum {
VALIDATION_POLICY_TYPE_X509 = 0,
VALIDATION_POLICY_TYPE_SSL = 1,
} HcfValPolicyType;
typedef enum {
REVOCATION_CHECK_OPTION_PREFER_OCSP = 0,
REVOCATION_CHECK_OPTION_ACCESS_NETWORK = 1,
REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER = 2,
REVOCATION_CHECK_OPTION_FALLBACK_LOCAL = 3,
} HcfRevChkOption;
typedef enum {
KEYUSAGE_DIGITAL_SIGNATURE = 0,
KEYUSAGE_NON_REPUDIATION = 1,
KEYUSAGE_KEY_ENCIPHERMENT = 2,
KEYUSAGE_DATA_ENCIPHERMENT = 3,
KEYUSAGE_KEY_AGREEMENT = 4,
KEYUSAGE_KEY_CERT_SIGN = 5,
KEYUSAGE_CRL_SIGN = 6,
KEYUSAGE_ENCIPHER_ONLY = 7,
KEYUSAGE_DECIPHER_ONLY = 8,
} HcfKeyUsageType;
typedef struct {
HcfKeyUsageType *data;
uint32_t count;
} HcfKuArray;
typedef struct {
HcfRevChkOption *data;
uint32_t count;
} HcfRevChkOpArray;
typedef struct HcfRevocationCheckParam HcfRevocationCheckParam;
struct HcfRevocationCheckParam {
CfBlobArray *ocspRequestExtension;
CfBlob *ocspResponderURI;
HcfX509Certificate *ocspResponderCert;
CfBlob *ocspResponses;
CfBlob *crlDownloadURI;
HcfRevChkOpArray *options;
};
typedef struct HcfX509CertChainValidateParams HcfX509CertChainValidateParams;
struct HcfX509CertChainValidateParams {
CfBlob *date; // string
HcfX509TrustAnchorArray *trustAnchors; // Array<X509TrustAnchor>
HcfCertCRLCollectionArray *certCRLCollections; // Array<CertCRLCollection>;
HcfRevocationCheckParam *revocationCheckParam;
HcfValPolicyType policy;
CfBlob *sslHostname;
HcfKuArray *keyUsage;
};
#endif // X509_CERT_CHAIN_VALIDATE_PARAMETERS_H

View File

@ -79,6 +79,30 @@ typedef enum {
CF_GENERAL_NAME_TYPE_REGISTERED_ID
} CfGeneralNameType;
typedef enum {
CF_REVOCATION_CHECK_OPTION_PREFER_OCSP,
CF_REVOCATION_CHECK_OPTION_ACCESS_NETWORK,
CF_REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER,
CF_REVOCATION_CHECK_OPTION_FALLBACK_LOCAL,
} CfRevocationCheckOptionsType;
typedef enum {
CF_VALIDATION_POLICY_TYPE_X509,
CF_VALIDATION_POLICY_TYPE_SSL,
} CfValidationPolicyType;
typedef enum {
CF_KEYUSAGE_DIGITAL_SIGNATURE,
CF_KEYUSAGE_NON_REPUDIATION,
CF_KEYUSAGE_KEY_ENCIPHERMENT,
CF_KEYUSAGE_DATA_ENCIPHERMENT,
CF_KEYUSAGE_KEY_AGREEMENT,
CF_KEYUSAGE_KEY_CERT_SIGN,
CF_KEYUSAGE_CRL_SIGN,
CF_KEYUSAGE_ENCIPHER_ONLY,
CF_KEYUSAGE_DECIPHER_ONLY,
} CfValidationKeyUsageType;
typedef enum {
CF_GET_TYPE_CERT_ITEM,
CF_GET_TYPE_EXT_ITEM,

View File

@ -0,0 +1,49 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#####################hydra-fuzz###################
import("//build/config/features.gni")
import("//build/test.gni")
module_output_path = "certificate_framework/certificate_framework"
##############################fuzztest##########################################
ohos_fuzztest("X509CertChainFuzzTest") {
module_out_path = module_output_path
fuzz_config_file = "../x509certchain_fuzzer"
configs = [ "../../../../config/build:coverage_flag_cc" ]
cflags = [
"-g",
"-O0",
"-Wno-unused-variable",
"-fno-omit-frame-pointer",
]
sources = [ "x509cert_chain_fuzzer.cpp" ]
external_deps = [
"c_utils:utils",
"certificate_framework:certificate_framework_core",
"crypto_framework:crypto_framework_lib",
"hilog:libhilog",
]
}
###############################################################################
group("fuzztest") {
testonly = true
deps = []
deps += [
# deps file
":X509CertChainFuzzTest",
]
}
###############################################################################

View File

@ -0,0 +1,14 @@
# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2024 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>1000</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>300</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>4096</rss_limit_mb>
</fuzztest>
</fuzz_config>

View File

@ -0,0 +1,218 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "x509cert_chain_fuzzer.h"
#include <cstddef>
#include <cstdint>
#include "securec.h"
#include "cf_blob.h"
#include "cf_result.h"
#include "x509_cert_chain.h"
namespace OHOS {
static char g_fuzzCert[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIEMjCCAxqgAwIBAgICARAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQ04x\r\n"
"CzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjELMAkGA1UECgwCSEQxDDAKBgNVBAsM\r\n"
"A2RldjELMAkGA1UEAwwCY2ExJTAjBgkqhkiG9w0BCQEWFmNhQGNyeXB0b2ZyYW1l\r\n"
"d29yay5jb20wHhcNMjIwODE5MTI0OTA2WhcNMzIwODE2MTI0OTA2WjB2MQswCQYD\r\n"
"VQQGEwJDTjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQswCQYDVQQKDAJIRDEM\r\n"
"MAoGA1UECwwDZGV2MQswCQYDVQQDDAJjYTElMCMGCSqGSIb3DQEJARYWY2FAY3J5\r\n"
"cHRvZnJhbWV3b3JrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\r\n"
"AJ8p0IWE7WwwbtATg+AbYQj33WNBBktU+/AVf+Tl1aAa4TOeW2/ZARc4sdwLVTxd\r\n"
"XCipFseuiGN30hwXrXFUHrcMf0w2sCkznJVZ/rQcfEO5Kb1vBz6DEEcgISYEhhqO\r\n"
"BfYBit5qfpq5R2+2R/Th/ybV+kBrUl+GssXbDAe6oZCy56lGphDvmHMUO7a13j+S\r\n"
"FmThMbI2yeyua1LagSoaBJfY1J+i7jWPmmEFR0dQ2p0EGjHTgQGhRo5VuwDHipNS\r\n"
"v0XP8OUA/PYbL/SBj1Fq4C3gtfvjeswUbzVaMoq/wCuy1qcXI80ZLe3whR24c0cX\r\n"
"YFO0uGi9egPp24fw7yYGqgECAwEAAaOByTCBxjAdBgNVHQ4EFgQUjKM7QmMBs01R\r\n"
"9uQttYN/GDkvt7UwHwYDVR0jBBgwFoAUjKM7QmMBs01R9uQttYN/GDkvt7UwEgYD\r\n"
"VR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH\r\n"
"AwEGCCsGAQUFBwMCMCEGA1UdEQQaMBiBFmNhQGNyeXB0b2ZyYW1ld29yay5jb20w\r\n"
"IQYDVR0SBBowGIEWY2FAY3J5cHRvZnJhbWV3b3JrLmNvbTANBgkqhkiG9w0BAQsF\r\n"
"AAOCAQEAh+4RE6cJ62/gLYssLkc7ESg7exKwZlmisHyBicuy/+XagOZ3cTbgQNXl\r\n"
"QoZKbw/ks/B/cInbQGYbpAm47Sudo+I/G9xj0X7gQB9wtSrbStOs6SjnLiYU0xFc\r\n"
"Fsc0j6k2SrlyiwRQcjS4POKiUS0Cm3F3DHGdj55PlBkXxudXCq2V3J3VwKf2bVjQ\r\n"
"bzz2+M/Q1m+P7FhB+JmeO8eemkqMQ0tFMU3EM441NpejC5iFVAGgownC8S0B+fxH\r\n"
"9dBJuHM6vpxEWw3ckZFDZQ1kd91YRgr7jY8fc0v/T0tzHWbOEVzklEIBWL1mompL\r\n"
"BCwe0/Gw+BO60bfi2MoJw8t2IcB1Qw==\r\n"
"-----END CERTIFICATE-----\r\n";
static char g_fuzzDate[] = "20231212080000Z";
static uint8_t g_fuzzPubKey[] = {
0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd0, 0x35, 0x39, 0x92, 0x49, 0xb5,
0x95, 0x08, 0xef, 0x38, 0xf8, 0xa8, 0x51, 0xd3, 0xef, 0xd8, 0x3e, 0x3a, 0xd9,
0x2c, 0xe1, 0x31, 0x1f, 0x99, 0x41, 0x03, 0x86, 0xb3, 0x4a, 0x04, 0x41, 0x23,
0x6f, 0xf8, 0xb6, 0xf4, 0x60, 0x5f, 0x9e, 0x9b, 0xc5, 0x75, 0x3d, 0xfa, 0x6b,
0x30, 0xa0, 0xd9, 0x53, 0x83, 0x25, 0x14, 0xa3, 0x23, 0x31, 0x67, 0xe2, 0xa0,
0x03, 0x71, 0xcf, 0x38, 0x12, 0x67, 0xca, 0x88, 0x31, 0x0c, 0xf7, 0xb1, 0xc5,
0xb1, 0x03, 0xe9, 0xf5, 0x14, 0x64, 0xab, 0x11, 0xf9, 0x70, 0x1e, 0x75, 0x11,
0x4d, 0x9e, 0x04, 0x4f, 0x54, 0x6b, 0xde, 0x71, 0xfb, 0x04, 0x29, 0xfc, 0xa4,
0x9d, 0x0a, 0xa2, 0x13, 0x09, 0x0f, 0xef, 0xca, 0xf9, 0xb7, 0x27, 0x85, 0x29,
0x8e, 0x5d, 0x30, 0x95, 0x6f, 0x30, 0x44, 0x23, 0xc2, 0x59, 0xc6, 0x30, 0xde,
0x92, 0x82, 0x94, 0x64, 0x64, 0x37, 0x35, 0x6d, 0x23, 0x52, 0x97, 0x9d, 0xfa,
0x67, 0xed, 0xf1, 0xb7, 0x37, 0xce, 0x27, 0xef, 0x09, 0x41, 0x6f, 0xd2, 0x06,
0x28, 0x91, 0x5a, 0x73, 0xfe, 0xbe, 0x87, 0x1b, 0xd9, 0xc7, 0x6a, 0xa7, 0x7c,
0xbb, 0x31, 0x74, 0x82, 0x91, 0xd1, 0x0f, 0xdb, 0x88, 0x6a, 0x14, 0xe9, 0x9f,
0x08, 0xcb, 0xf4, 0x7f, 0xa7, 0xb1, 0xa8, 0x3c, 0xef, 0x2f, 0x6a, 0x65, 0x74,
0xf7, 0x4f, 0x90, 0x1c, 0x42, 0xf9, 0x01, 0xd4, 0xb3, 0x2a, 0xd1, 0x21, 0x53,
0xdb, 0xdd, 0xbd, 0xcb, 0x96, 0x8e, 0x32, 0xf1, 0x56, 0x76, 0x89, 0x2d, 0xf8,
0xff, 0xe9, 0x6a, 0x06, 0x66, 0x3f, 0x14, 0x5a, 0x7d, 0xf3, 0x15, 0xb1, 0x28,
0x4d, 0x56, 0x80, 0x7e, 0x9d, 0xb1, 0xa9, 0xdc, 0xd6, 0xef, 0x24, 0x6f, 0x8b,
0x6a, 0xf5, 0xe3, 0xc9, 0xbd, 0x7a, 0xfe, 0xe5, 0x8c, 0x3a, 0x87, 0xa3, 0xc5,
0x17, 0xeb, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01
};
static uint8_t g_fuzzSubject[] = {
0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31,
0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x47, 0x65, 0x6f,
0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x4e, 0x20,
0x43, 0x41, 0x20, 0x47, 0x32
};
static char g_fuzzSslHostName[] = "*.163.com";
constexpr int TEST_DATA_LEN = 1;
static bool g_testFlag = true;
static void FreeTrustAnchor(HcfX509TrustAnchor *trustAnchor)
{
if (trustAnchor == nullptr) {
return;
}
CfBlobFree(&trustAnchor->CAPubKey);
CfBlobFree(&trustAnchor->CASubject);
CfObjDestroy(trustAnchor->CACert);
trustAnchor->CACert = nullptr;
free(trustAnchor);
trustAnchor = nullptr;
}
static void FreeValidateResult(HcfX509CertChainValidateResult *result)
{
if (result->entityCert != nullptr) {
CfObjDestroy(result->entityCert);
result->entityCert = nullptr;
}
if (result->trustAnchor != nullptr) {
FreeTrustAnchor(result->trustAnchor);
}
}
static void TestValidateParam(HcfX509CertChainValidateParams &params, HcfCertChain *x509CertChainObj)
{
CfBlob date = { 0 };
date.data = reinterpret_cast<uint8_t *>(g_fuzzDate);
date.size = strlen(g_fuzzDate) + 1;
HcfX509TrustAnchorArray trustAnchors = { 0 };
HcfX509TrustAnchor anchor = { 0 };
CfBlob caPubKey = { 0 };
caPubKey.data = g_fuzzPubKey;
caPubKey.size = strlen(reinterpret_cast<char *>(g_fuzzPubKey)) + 1;
anchor.CAPubKey = &caPubKey;
CfBlob caSubject = { 0 };
caSubject.data = g_fuzzSubject;
caSubject.size = strlen(reinterpret_cast<char *>(g_fuzzSubject)) + 1;
anchor.CASubject = &caSubject;
trustAnchors.data = static_cast<HcfX509TrustAnchor **>(
calloc(TEST_DATA_LEN * sizeof(HcfX509TrustAnchor *), 0));
if (trustAnchors.data == nullptr) {
return;
}
trustAnchors.data[0] = &anchor;
trustAnchors.count = TEST_DATA_LEN;
HcfRevocationCheckParam revocationCheckParam = { 0 };
HcfRevChkOpArray optionData = { 0 };
HcfRevChkOption option[TEST_DATA_LEN] = { REVOCATION_CHECK_OPTION_ACCESS_NETWORK };
optionData.data = option;
optionData.count = TEST_DATA_LEN;
revocationCheckParam.options = &optionData;
CfBlob sslHostname = { 0 };
sslHostname.data = reinterpret_cast<uint8_t *>(g_fuzzSslHostName);
sslHostname.size = strlen(g_fuzzSslHostName) + 1;
HcfKuArray keyUsage = { 0 };
HcfKeyUsageType type[TEST_DATA_LEN] = { KEYUSAGE_DIGITAL_SIGNATURE };
keyUsage.data = type;
keyUsage.count = TEST_DATA_LEN;
params.date = &date;
params.trustAnchors = &trustAnchors;
params.sslHostname = &sslHostname;
params.policy = HcfValPolicyType::VALIDATION_POLICY_TYPE_SSL;
params.keyUsage = &keyUsage;
params.revocationCheckParam = &revocationCheckParam;
HcfX509CertChainValidateResult result = { 0 };
(void)x509CertChainObj->validate(x509CertChainObj, &params, &result);
FreeValidateResult(&result);
free(params.trustAnchors->data);
}
static void TestQuery(HcfCertChain *x509CertChainObj)
{
HcfX509CertChainValidateParams params = { 0 };
TestValidateParam(params, x509CertChainObj);
}
static void CreateOneCert(void)
{
CfEncodingBlob inStream = { 0 };
inStream.data = reinterpret_cast<uint8_t *>(g_fuzzCert);
inStream.encodingFormat = CF_FORMAT_PEM;
inStream.len = strlen(g_fuzzCert) + 1;
HcfCertChain *x509CertChainObj = nullptr;
CfResult res = HcfCertChainCreate(&inStream, nullptr, &x509CertChainObj);
if (res != CF_SUCCESS) {
return;
}
TestQuery(x509CertChainObj);
CfObjDestroy(x509CertChainObj);
}
bool X509CertChainFuzzTest(const uint8_t* data, size_t size)
{
if (g_testFlag) {
CreateOneCert();
g_testFlag = false;
}
if (data == nullptr) {
return false;
}
CfEncodingBlob inStream = { 0 };
inStream.data = const_cast<uint8_t *>(data);
inStream.encodingFormat = CF_FORMAT_PEM;
inStream.len = size;
HcfCertChain *x509CertChainObj = nullptr;
CfResult res = HcfCertChainCreate(&inStream, nullptr, &x509CertChainObj);
if (res != CF_SUCCESS) {
return false;
}
CfObjDestroy(x509CertChainObj);
return true;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
/* Run your code on data */
OHOS::X509CertChainFuzzTest(data, size);
return 0;
}

View File

@ -0,0 +1,21 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef X509_CERT_CHAIN_FUZZER_H
#define X509_CERT_CHAIN_FUZZER_H
#define FUZZ_PROJECT_NAME "x509cert_chain_fuzzer"
#endif

View File

@ -36,6 +36,7 @@ ohos_unittest("cf_version1_test") {
sources = [
"src/cf_mock.cpp",
"src/crypto_x509_cert_chain_test.cpp",
"src/crypto_x509_cert_chain_test_part2.cpp",
"src/crypto_x509_cert_chain_validator_test.cpp",
"src/crypto_x509_cert_crl_collection_test.cpp",
"src/crypto_x509_certificate_test.cpp",
@ -102,17 +103,22 @@ ohos_unittest("cf_version1_test") {
"-Wl,--wrap=OBJ_obj2nid",
"-Wl,--wrap=OBJ_nid2obj",
"-Wl,--wrap=OBJ_obj2txt",
"-Wl,--wrap=OCSP_REQUEST_new",
"-Wl,--wrap=OSSL_HTTP_parse_url",
"-Wl,--wrap=OPENSSL_sk_deep_copy",
"-Wl,--wrap=OPENSSL_sk_num",
"-Wl,--wrap=OPENSSL_sk_value",
"-Wl,--wrap=OPENSSL_sk_new_null",
"-Wl,--wrap=OPENSSL_sk_push",
"-Wl,--wrap=X509_ALGOR_get0",
"-Wl,--wrap=X509_check_host",
"-Wl,--wrap=X509_CRL_load_http",
"-Wl,--wrap=X509_dup",
"-Wl,--wrap=X509_get_pubkey",
"-Wl,--wrap=X509_get_ext",
"-Wl,--wrap=X509_get_ext_d2i",
"-Wl,--wrap=X509_get0_serialNumber",
"-Wl,--wrap=X509_get1_ocsp",
"-Wl,--wrap=X509_getm_notBefore",
"-Wl,--wrap=X509_getm_notAfter",
"-Wl,--wrap=X509_NAME_oneline",
@ -139,5 +145,6 @@ ohos_unittest("cf_version1_test") {
"googletest:gmock",
"hilog:libhilog",
"openssl:libcrypto_shared",
"openssl:libssl_shared",
]
}

View File

@ -18,72 +18,83 @@
#include <gmock/gmock.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/ocsp.h>
#include <openssl/x509v3.h>
#include "certificate_openssl_common.h"
#include "x509_certificate.h"
#include "x509_certificate_openssl.h"
using ::testing::NiceMock;
namespace CFMock {
class X509OpensslMock {
public:
MOCK_METHOD2(i2d_X509_EXTENSIONS, int(X509_EXTENSIONS *a, unsigned char **out));
MOCK_METHOD1(OPENSSL_sk_num, int(const OPENSSL_STACK *st));
MOCK_METHOD1(X509_getm_notBefore, ASN1_TIME *(const X509 *x));
MOCK_METHOD1(X509_getm_notAfter, ASN1_TIME *(const X509 *x));
MOCK_METHOD3(X509_NAME_oneline, char *(const X509_NAME *a, char *buf, int size));
MOCK_METHOD2(i2d_X509, int(X509 *a, unsigned char **out));
MOCK_METHOD2(BIO_new_mem_buf, BIO *(const void *buf, int len));
MOCK_METHOD2(OPENSSL_sk_value, void *(const OPENSSL_STACK *st, int i));
MOCK_METHOD2(HcfX509CertificateCreate, CfResult(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj));
MOCK_METHOD0(OPENSSL_sk_new_null, OPENSSL_STACK *(void));
MOCK_METHOD2(X509_STORE_add_cert, int(X509_STORE *ctx, X509 *x));
MOCK_METHOD0(X509_STORE_CTX_new, X509_STORE_CTX *(void));
MOCK_METHOD0(X509_STORE_new, X509_STORE *(void));
MOCK_METHOD4(X509_STORE_CTX_init, int(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) * chain));
MOCK_METHOD1(X509_verify_cert, int(X509_STORE_CTX *ctx));
MOCK_METHOD2(i2d_PUBKEY, int(EVP_PKEY *a, unsigned char **pp));
MOCK_METHOD4(X509_get_ext_d2i, void *(const X509 *x, int nid, int *crit, int *idx));
MOCK_METHOD2(i2d_ASN1_OCTET_STRING, int(ASN1_OCTET_STRING *a, unsigned char **out));
MOCK_METHOD2(i2d_AUTHORITY_KEYID, int(AUTHORITY_KEYID *a, unsigned char **out));
MOCK_METHOD3(DeepCopyDataToBlob, CfResult(const unsigned char *data, uint32_t len, CfBlob *outBlob));
MOCK_METHOD0(ASN1_TIME_new, ASN1_TIME *(void));
MOCK_METHOD1(X509_get0_serialNumber, const ASN1_INTEGER *(const X509 *x));
MOCK_METHOD2(i2d_ASN1_INTEGER, int(ASN1_INTEGER *a, unsigned char **out));
MOCK_METHOD1(X509_get_pubkey, EVP_PKEY *(X509 *x));
MOCK_METHOD1(OBJ_nid2obj, ASN1_OBJECT *(int n));
MOCK_METHOD4(OBJ_obj2txt, int(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name));
MOCK_METHOD3(BN_bin2bn, BIGNUM *(const unsigned char *s, int len, BIGNUM *ret));
MOCK_METHOD1(ASN1_TIME_normalize, int(ASN1_TIME *s));
MOCK_METHOD4(
X509_ALGOR_get0, void(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor));
MOCK_METHOD0(ASN1_TYPE_new, ASN1_TYPE *(void));
MOCK_METHOD3(ASN1_TYPE_set1, int(ASN1_TYPE *a, int type, const void *value));
MOCK_METHOD2(i2d_ASN1_TYPE, int(ASN1_TYPE *a, unsigned char **out));
MOCK_METHOD1(ASN1_INTEGER_get, long(const ASN1_INTEGER *a));
MOCK_METHOD1(ASN1_STRING_get0_data, const unsigned char *(const ASN1_STRING *x));
MOCK_METHOD2(i2d_GENERAL_NAME, int(GENERAL_NAME *a, unsigned char **out));
MOCK_METHOD2(X509_get_ext, X509_EXTENSION *(const X509 *x, X509_EXTENSION *loc));
MOCK_METHOD1(X509V3_EXT_d2i, void *(X509_EXTENSION *ext));
MOCK_METHOD2(GENERAL_NAME_get0_value, void *(const GENERAL_NAME *a, int *ptype));
MOCK_METHOD2(X509_verify, int(X509 *a, EVP_PKEY *r));
MOCK_METHOD2(DeepCopyBlobToBlob, CfResult(const CfBlob *inBlob, CfBlob **outBlob));
MOCK_METHOD2(OPENSSL_sk_push, int(OPENSSL_STACK *st, const int data));
MOCK_METHOD2(i2d_X509_REVOKED, int(X509_REVOKED *a, unsigned char **out));
MOCK_METHOD2(i2d_X509_CRL, int(X509_CRL *a, unsigned char **out));
MOCK_METHOD3(
OPENSSL_sk_deep_copy, OPENSSL_STACK *(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f));
MOCK_METHOD1(OBJ_obj2nid, int(const ASN1_OBJECT *o));
MOCK_METHOD1(X509_dup, X509 *(X509 *x509));
MOCK_METHOD(int, i2d_X509_EXTENSIONS, (X509_EXTENSIONS * a, unsigned char **out));
MOCK_METHOD(int, OPENSSL_sk_num, (const OPENSSL_STACK *st));
MOCK_METHOD(ASN1_TIME *, X509_getm_notBefore, (const X509 *x));
MOCK_METHOD(ASN1_TIME *, X509_getm_notAfter, (const X509 *x));
MOCK_METHOD(char *, X509_NAME_oneline, (const X509_NAME *a, char *buf, int size));
MOCK_METHOD(int, i2d_X509, (X509 * a, unsigned char **out));
MOCK_METHOD(BIO *, BIO_new_mem_buf, (const void *buf, int len));
MOCK_METHOD(void *, OPENSSL_sk_value, (const OPENSSL_STACK *st, int i));
MOCK_METHOD(CfResult, HcfX509CertificateCreate, (const CfEncodingBlob *inStream, HcfX509Certificate **returnObj));
MOCK_METHOD(OPENSSL_STACK *, OPENSSL_sk_new_null, ());
MOCK_METHOD(int, X509_STORE_add_cert, (X509_STORE * ctx, X509 *x));
MOCK_METHOD(X509_STORE_CTX *, X509_STORE_CTX_new, ());
MOCK_METHOD(X509_STORE *, X509_STORE_new, ());
MOCK_METHOD(
int, X509_STORE_CTX_init, (X509_STORE_CTX * ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) * chain));
MOCK_METHOD(int, X509_verify_cert, (X509_STORE_CTX * ctx));
MOCK_METHOD(int, i2d_PUBKEY, (EVP_PKEY * a, unsigned char **pp));
MOCK_METHOD(void *, X509_get_ext_d2i, (const X509 *x, int nid, int *crit, int *idx));
MOCK_METHOD(int, i2d_ASN1_OCTET_STRING, (ASN1_OCTET_STRING * a, unsigned char **out));
MOCK_METHOD(int, i2d_AUTHORITY_KEYID, (AUTHORITY_KEYID * a, unsigned char **out));
MOCK_METHOD(CfResult, DeepCopyDataToBlob, (const unsigned char *data, uint32_t len, CfBlob *outBlob));
MOCK_METHOD(ASN1_TIME *, ASN1_TIME_new, ());
MOCK_METHOD(const ASN1_INTEGER *, X509_get0_serialNumber, (const X509 *x));
MOCK_METHOD(int, i2d_ASN1_INTEGER, (ASN1_INTEGER * a, unsigned char **out));
MOCK_METHOD(EVP_PKEY *, X509_get_pubkey, (X509 * x));
MOCK_METHOD(ASN1_OBJECT *, OBJ_nid2obj, (int n));
MOCK_METHOD(int, OBJ_obj2txt, (char *buf, int buf_len, const ASN1_OBJECT *a, int no_name));
MOCK_METHOD(BIGNUM *, BN_bin2bn, (const unsigned char *s, int len, BIGNUM *ret));
MOCK_METHOD(int, ASN1_TIME_normalize, (ASN1_TIME * s));
MOCK_METHOD(
void, X509_ALGOR_get0, (const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor));
MOCK_METHOD(ASN1_TYPE *, ASN1_TYPE_new, ());
MOCK_METHOD(int, ASN1_TYPE_set1, (ASN1_TYPE * a, int type, const void *value));
MOCK_METHOD(int, i2d_ASN1_TYPE, (ASN1_TYPE * a, unsigned char **out));
MOCK_METHOD(long, ASN1_INTEGER_get, (const ASN1_INTEGER *a));
MOCK_METHOD(const unsigned char *, ASN1_STRING_get0_data, (const ASN1_STRING *x));
MOCK_METHOD(int, i2d_GENERAL_NAME, (GENERAL_NAME * a, unsigned char **out));
MOCK_METHOD(X509_EXTENSION *, X509_get_ext, (const X509 *x, X509_EXTENSION *loc));
MOCK_METHOD(void *, X509V3_EXT_d2i, (X509_EXTENSION * ext));
MOCK_METHOD(void *, GENERAL_NAME_get0_value, (const GENERAL_NAME *a, int *ptype));
MOCK_METHOD(int, X509_verify, (X509 * a, EVP_PKEY *r));
MOCK_METHOD(CfResult, DeepCopyBlobToBlob, (const CfBlob *inBlob, CfBlob **outBlob));
MOCK_METHOD(int, OPENSSL_sk_push, (OPENSSL_STACK * st, const int data));
MOCK_METHOD(int, i2d_X509_REVOKED, (X509_REVOKED * a, unsigned char **out));
MOCK_METHOD(int, i2d_X509_CRL, (X509_CRL * a, unsigned char **out));
MOCK_METHOD(
OPENSSL_STACK *, OPENSSL_sk_deep_copy, (const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f));
MOCK_METHOD(int, OBJ_obj2nid, (const ASN1_OBJECT *o));
MOCK_METHOD(X509 *, X509_dup, (X509 * x509));
MOCK_METHOD(int, X509_check_host, (X509 * x, const char *chk, size_t chklen, unsigned int flags, char **peername));
MOCK_METHOD(OCSP_REQUEST *, OCSP_REQUEST_new, ());
MOCK_METHOD(X509_CRL *, X509_CRL_load_http, (const char *url, BIO *bio, BIO *rbio, int timeout));
MOCK_METHOD(struct stack_st_OPENSSL_STRING *, X509_get1_ocsp, (X509 * x));
MOCK_METHOD(int, OSSL_HTTP_parse_url,
(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num, char **ppath,
char **pquery, char **pfrag));
static X509OpensslMock &GetInstance(void);
static NiceMock<X509OpensslMock> &GetInstance(void);
static void SetMockFlag(bool flag);
static bool GetMockFlag(void);
private:
X509OpensslMock();
virtual ~X509OpensslMock();
~X509OpensslMock();
private:
void SetMockFunDefaultBehaviorPartOne(void);
void SetMockFunDefaultBehaviorPartTwo(void);
void SetMockFunDefaultBehaviorPartThree(void);

View File

@ -22,6 +22,138 @@
extern "C" {
#endif
static const char g_testCertChainPem163[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\r\n"
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\r\n"
"ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\r\n"
"OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\r\n"
"CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\r\n"
"by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\r\n"
"AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\r\n"
"MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\r\n"
"vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\r\n"
"tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\r\n"
"C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\r\n"
"GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\r\n"
"BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\r\n"
"C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\r\n"
"Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\r\n"
"MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\r\n"
"RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\r\n"
"Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\r\n"
"MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\r\n"
"Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\r\n"
"BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\r\n"
"ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\r\n"
"bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\r\n"
"nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\r\n"
"AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\r\n"
"W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\r\n"
"HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\r\n"
"Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\r\n"
"QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\r\n"
"lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\r\n"
"ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\r\n"
"P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\r\n"
"7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\r\n"
"9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\r\n"
"-----END CERTIFICATE-----\r\n"
"-----BEGIN CERTIFICATE-----\r\n"
"MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\r\n"
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\n"
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r\n"
"QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\r\n"
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\r\n"
"TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\r\n"
"7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\r\n"
"4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\r\n"
"yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\r\n"
"c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\r\n"
"U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\r\n"
"jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\r\n"
"T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\r\n"
"BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\r\n"
"MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\r\n"
"cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\r\n"
"ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\r\n"
"BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\r\n"
"LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\r\n"
"Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\r\n"
"IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\r\n"
"cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\r\n"
"FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\r\n"
"O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\r\n"
"sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\r\n"
"3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\r\n"
"lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\r\n"
"tPO+\r\n"
"-----END CERTIFICATE-----\r\n";
static const char g_testOcspResponderCert[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\r\n"
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\n"
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r\n"
"QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\r\n"
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\r\n"
"TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\r\n"
"7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\r\n"
"4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\r\n"
"yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\r\n"
"c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\r\n"
"U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\r\n"
"jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\r\n"
"T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\r\n"
"BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\r\n"
"MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\r\n"
"cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\r\n"
"ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\r\n"
"BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\r\n"
"LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\r\n"
"Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\r\n"
"IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\r\n"
"cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\r\n"
"FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\r\n"
"O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\r\n"
"sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\r\n"
"3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\r\n"
"lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\r\n"
"tPO+\r\n"
"-----END CERTIFICATE-----\r\n";
static const char g_testCertChainPemRoot163[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\r\n"
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\n"
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r\n"
"QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\r\n"
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\r\n"
"TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\r\n"
"7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\r\n"
"4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\r\n"
"yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\r\n"
"c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\r\n"
"U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\r\n"
"jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\r\n"
"T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\r\n"
"BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\r\n"
"MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\r\n"
"cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\r\n"
"ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\r\n"
"BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\r\n"
"LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\r\n"
"Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\r\n"
"IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\r\n"
"cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\r\n"
"FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\r\n"
"O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\r\n"
"sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\r\n"
"3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\r\n"
"lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\r\n"
"tPO+\r\n"
"-----END CERTIFICATE-----\r\n";
const uint8_t g_testChainKeystore[] = { 0x30, 0x82, 0x0D, 0xF1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0D, 0xB7, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x0D, 0xA8, 0x04, 0x82, 0x0D, 0xA4, 0x30, 0x82,
0x0D, 0xA0, 0x30, 0x82, 0x08, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82,
@ -217,6 +349,39 @@ static const char g_testKeystorePwd[] = "123456";
const uint8_t g_testIssuerValid[] = { 0x30, 0x17, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0C,
0x54, 0x65, 0x73, 0x74, 0x20, 0x4E, 0x43, 0x20, 0x43, 0x41, 0x20, 0x31 };
static const uint8_t g_testOcspResponses[] = { 0x30, 0x82, 0x01, 0xd3, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x01, 0xcc, 0x30,
0x82, 0x01, 0xc8, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x01, 0xb9, 0x30,
0x82, 0x01, 0xb5, 0x30, 0x81, 0x9e, 0xa2, 0x16, 0x04, 0x14, 0x24, 0x6f, 0x91, 0x3f, 0x89, 0x87, 0x87, 0x0e, 0x32,
0xc2, 0x40, 0x18, 0xdf, 0xc5, 0x4c, 0xeb, 0x4f, 0xc8, 0x49, 0x32, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, 0x32,
0x32, 0x31, 0x31, 0x33, 0x30, 0x30, 0x33, 0x31, 0x5a, 0x30, 0x73, 0x30, 0x71, 0x30, 0x49, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0xd1, 0x5d, 0xff, 0xaa, 0x00, 0x86, 0xa3, 0x32, 0x76, 0x5e,
0x89, 0x07, 0x31, 0xdb, 0xba, 0x75, 0x0b, 0x31, 0x13, 0xdb, 0x04, 0x14, 0x24, 0x6f, 0x91, 0x3f, 0x89, 0x87, 0x87,
0x0e, 0x32, 0xc2, 0x40, 0x18, 0xdf, 0xc5, 0x4c, 0xeb, 0x4f, 0xc8, 0x49, 0x32, 0x02, 0x10, 0x04, 0xc3, 0xb4, 0x5b,
0x70, 0x94, 0xf4, 0xb5, 0x95, 0xc3, 0x56, 0xc4, 0xfe, 0x3a, 0x98, 0xa2, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32,
0x34, 0x30, 0x32, 0x32, 0x31, 0x31, 0x32, 0x34, 0x35, 0x30, 0x31, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x32,
0x34, 0x30, 0x32, 0x32, 0x38, 0x31, 0x31, 0x34, 0x35, 0x30, 0x31, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xb0, 0xdf, 0x0f, 0x94, 0x4f, 0x25,
0x05, 0xec, 0x59, 0x65, 0x15, 0xb7, 0x04, 0x91, 0x10, 0x45, 0xf5, 0xbd, 0x26, 0x16, 0xd1, 0x7d, 0x4e, 0x69, 0x2f,
0xb3, 0xb2, 0xb5, 0x1c, 0xaa, 0x1d, 0xe5, 0xe9, 0x2a, 0x52, 0xdb, 0xde, 0x69, 0xed, 0xa0, 0x2e, 0x84, 0x18, 0x88,
0xfd, 0x26, 0x9f, 0xe7, 0x1c, 0x09, 0xba, 0xe8, 0x18, 0x7c, 0x17, 0x5e, 0xfd, 0x1f, 0x52, 0x75, 0x7e, 0xec, 0x3c,
0xf2, 0x1d, 0x55, 0xa4, 0xf7, 0x2c, 0xdf, 0x40, 0x06, 0x8c, 0x19, 0xc2, 0xbc, 0x72, 0xbb, 0xc2, 0xa1, 0xbb, 0xd7,
0xd3, 0x79, 0xb3, 0x70, 0xcb, 0x4c, 0x07, 0x18, 0xbc, 0xd1, 0x4e, 0xe2, 0x3e, 0x18, 0xca, 0x08, 0x3d, 0x7f, 0xbc,
0xf2, 0x0c, 0x1a, 0x2c, 0x10, 0x83, 0x59, 0xa0, 0xfb, 0x1f, 0xc2, 0x0e, 0x26, 0x17, 0x27, 0xa3, 0xba, 0x49, 0x9b,
0x13, 0xdd, 0x55, 0xeb, 0xc8, 0xa2, 0x49, 0x76, 0xcd, 0x46, 0x5a, 0x78, 0x19, 0x26, 0xde, 0xff, 0x66, 0xac, 0x13,
0x42, 0x89, 0x86, 0x7e, 0x5c, 0xa4, 0x67, 0xd7, 0x0d, 0xbb, 0x5f, 0xf4, 0x38, 0x91, 0x87, 0x99, 0xeb, 0xd3, 0x99,
0x97, 0xd8, 0x0c, 0xae, 0xfa, 0x23, 0x2c, 0x4a, 0xbd, 0xd1, 0xe6, 0xa5, 0x31, 0xee, 0x8a, 0x88, 0xc2, 0x5d, 0x61,
0x2c, 0x43, 0x04, 0x33, 0x57, 0x16, 0x98, 0xc2, 0x9a, 0x01, 0xd1, 0xad, 0x8b, 0xa5, 0x56, 0x0b, 0xd9, 0x4c, 0x81,
0x88, 0x90, 0x92, 0x07, 0x38, 0xf3, 0xab, 0x38, 0xf8, 0xbc, 0x97, 0x59, 0xae, 0x71, 0xea, 0x25, 0x05, 0x75, 0x3f,
0x35, 0x0b, 0x00, 0xcc, 0x1b, 0xe3, 0x32, 0x46, 0x01, 0x72, 0x4c, 0x46, 0x1a, 0x72, 0xd4, 0x7f, 0x4a, 0x94, 0x4f,
0x82, 0xf8, 0x69, 0x86, 0x40, 0x32, 0x69, 0x79, 0xbd, 0x09, 0x16, 0x2b, 0xbb, 0x9a, 0x0a, 0x11, 0xa9, 0x65, 0xf0,
0xac, 0xbe, 0xd8 };
static const char g_crlDownloadURI[] = "http://crl.digicert.cn/GeoTrustRSACNCAG2.crl";
static const char g_crlDownloadURIHttps[] = "https://ocsp.digicert.cn";
static const char g_crlDownloadURIHttpsInvalid[] = "https://www.123.com";
#ifdef __cplusplus
}
#endif

View File

@ -31,6 +31,7 @@
#include "key_pair.h"
#include "memory_mock.h"
#include "securec.h"
#include "x509_cert_chain.h"
#include "x509_crl.h"
#ifdef __cplusplus
@ -503,12 +504,23 @@ extern const CfEncodingBlob g_inStreamChainDataPemMidCRL;
extern const CfEncodingBlob g_inStreamChainPemNoRootHasPubKey;
extern const CfEncodingBlob g_inStreamChainPemNoRootLast;
extern const CfEncodingBlob g_inStreamChainDataPemDisorder;
extern const CfEncodingBlob g_inStreamChainDataPem163;
extern const CfEncodingBlob g_inStreamChainDataPemRoot163;
extern const CfEncodingBlob g_inStreamOcspResponderCert;
const char *GetInvalidCertClass(void);
const char *GetInvalidCrlClass(void);
SubAltNameArray *ConstructSubAltNameArrayData();
CfArray *ConstructCertPolicyData();
const char *GetValidCrlClass(void);
const char *GetValidX509CertificateClass(void);
void FreeTrustAnchor(HcfX509TrustAnchor *&trustAnchor);
void BuildAnchorArr(const CfEncodingBlob &certInStream, HcfX509TrustAnchorArray &trustAnchorArray);
void FreeTrustAnchorArr(HcfX509TrustAnchorArray &trustAnchorArray);
void BuildCollectionArr(const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream,
HcfCertCRLCollectionArray &certCRLCollections);
void FreeCertCrlCollectionArr(HcfCertCRLCollectionArray &certCRLCollections);
void FreeValidateResult(HcfX509CertChainValidateResult &result);
#ifdef __cplusplus
}

View File

@ -70,6 +70,12 @@ OPENSSL_STACK *__real_OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_cop
int __real_OBJ_obj2nid(const ASN1_OBJECT *o);
X509 *__real_X509_dup(X509 *x509);
int __real_i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out);
int __real_X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername);
OCSP_REQUEST *__real_OCSP_REQUEST_new(void);
X509_CRL *__real_X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
struct stack_st_OPENSSL_STRING *__real_X509_get1_ocsp(X509 *x);
int __real_OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
char **ppath, char **pquery, char **pfrag);
#ifdef __cplusplus
}
@ -77,9 +83,9 @@ int __real_i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out);
static bool g_mockTagX509Openssl = false;
X509OpensslMock &X509OpensslMock::GetInstance(void)
NiceMock<X509OpensslMock> &X509OpensslMock::GetInstance(void)
{
static X509OpensslMock gX509OpensslMock;
static NiceMock<X509OpensslMock> gX509OpensslMock;
return gX509OpensslMock;
}
@ -233,6 +239,25 @@ void X509OpensslMock::SetMockFunDefaultBehaviorPartThree(void)
ON_CALL(*this, i2d_ASN1_INTEGER).WillByDefault([this](ASN1_INTEGER *a, unsigned char **out) {
return __real_i2d_ASN1_INTEGER(a, out);
});
ON_CALL(*this, X509_check_host)
.WillByDefault([this](X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername) {
return __real_X509_check_host(x, chk, chklen, flags, peername);
});
ON_CALL(*this, OCSP_REQUEST_new).WillByDefault([this](void) { return __real_OCSP_REQUEST_new(); });
ON_CALL(*this, X509_CRL_load_http).WillByDefault([this](const char *url, BIO *bio, BIO *rbio, int timeout) {
return __real_X509_CRL_load_http(url, bio, rbio, timeout);
});
ON_CALL(*this, X509_get1_ocsp).WillByDefault([this](X509 *x) { return __real_X509_get1_ocsp(x); });
ON_CALL(*this, OSSL_HTTP_parse_url)
.WillByDefault([this](const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
char **ppath, char **pquery, char **pfrag) {
return __real_OSSL_HTTP_parse_url(url, pssl, puser, phost, pport, pport_num, ppath, pquery, pfrag);
});
}
X509OpensslMock::X509OpensslMock()
@ -672,6 +697,53 @@ X509 *__wrap_X509_dup(X509 *x509)
}
}
int __wrap_X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername)
{
if (g_mockTagX509Openssl) {
return X509OpensslMock::GetInstance().X509_check_host(x, chk, chklen, flags, peername);
} else {
return __real_X509_check_host(x, chk, chklen, flags, peername);
}
}
OCSP_REQUEST *__wrap_OCSP_REQUEST_new(void)
{
if (g_mockTagX509Openssl) {
return X509OpensslMock::GetInstance().OCSP_REQUEST_new();
} else {
return __real_OCSP_REQUEST_new();
}
}
X509_CRL *__wrap_X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
{
if (g_mockTagX509Openssl) {
return X509OpensslMock::GetInstance().X509_CRL_load_http(url, bio, rbio, timeout);
} else {
return __real_X509_CRL_load_http(url, bio, rbio, timeout);
}
}
struct stack_st_OPENSSL_STRING *__wrap_X509_get1_ocsp(X509 *x)
{
if (g_mockTagX509Openssl) {
return X509OpensslMock::GetInstance().X509_get1_ocsp(x);
} else {
return __real_X509_get1_ocsp(x);
}
}
int __wrap_OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
char **ppath, char **pquery, char **pfrag)
{
if (g_mockTagX509Openssl) {
return X509OpensslMock::GetInstance().OSSL_HTTP_parse_url(
url, pssl, puser, phost, pport, pport_num, ppath, pquery, pfrag);
} else {
return __real_OSSL_HTTP_parse_url(url, pssl, puser, phost, pport, pport_num, ppath, pquery, pfrag);
}
}
#ifdef __cplusplus
}
#endif

View File

@ -53,6 +53,9 @@ void *__real_OPENSSL_sk_value(const OPENSSL_STACK *st, int i);
CfResult __real_DeepCopyBlobToBlob(const CfBlob *inBlob, CfBlob **outBlob);
CfResult __real_HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj);
int __real_OPENSSL_sk_push(OPENSSL_STACK *st, const int data);
OPENSSL_STACK *__real_OPENSSL_sk_new_null(void);
int __real_OPENSSL_sk_push(OPENSSL_STACK *st, const int data);
X509 *__real_X509_dup(X509 *x509);
#ifdef __cplusplus
}
@ -100,93 +103,6 @@ static const char *GetInvalidCertChainClass(void)
return "HcfInvalidCertChain";
}
static void FreeTrustAnchor(HcfX509TrustAnchor *&trustAnchor)
{
if (trustAnchor == nullptr) {
return;
}
CfBlobFree(&trustAnchor->CAPubKey);
CfBlobFree(&trustAnchor->CASubject);
CfObjDestroy(trustAnchor->CACert);
trustAnchor->CACert = nullptr;
CfFree(trustAnchor);
trustAnchor = nullptr;
}
static void BuildAnchorArr(const CfEncodingBlob &certInStream, HcfX509TrustAnchorArray &trustAnchorArray)
{
HcfX509TrustAnchor *anchor = static_cast<HcfX509TrustAnchor *>(HcfMalloc(sizeof(HcfX509TrustAnchor), 0));
ASSERT_NE(anchor, nullptr);
(void)HcfX509CertificateCreate(&certInStream, &anchor->CACert);
trustAnchorArray.data = static_cast<HcfX509TrustAnchor **>(HcfMalloc(1 * sizeof(HcfX509TrustAnchor *), 0));
ASSERT_NE(trustAnchorArray.data, nullptr);
trustAnchorArray.data[0] = anchor;
trustAnchorArray.count = 1;
}
static void FreeTrustAnchorArr(HcfX509TrustAnchorArray &trustAnchorArray)
{
for (uint32_t i = 0; i < trustAnchorArray.count; ++i) {
HcfX509TrustAnchor *anchor = trustAnchorArray.data[i];
FreeTrustAnchor(anchor);
}
CfFree(trustAnchorArray.data);
trustAnchorArray.data = nullptr;
trustAnchorArray.count = 0;
}
static void BuildCollectionArr(const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream,
HcfCertCRLCollectionArray &certCRLCollections)
{
CfResult ret = CF_SUCCESS;
HcfX509CertificateArray *certArray = nullptr;
if (certInStream != nullptr) {
certArray = static_cast<HcfX509CertificateArray *>(HcfMalloc(sizeof(HcfX509CertificateArray), 0));
ASSERT_NE(certArray, nullptr);
HcfX509Certificate *x509CertObj = nullptr;
(void)HcfX509CertificateCreate(certInStream, &x509CertObj);
ASSERT_NE(x509CertObj, nullptr);
certArray->data = static_cast<HcfX509Certificate **>(HcfMalloc(1 * sizeof(HcfX509Certificate *), 0));
ASSERT_NE(certArray->data, nullptr);
certArray->data[0] = x509CertObj;
certArray->count = 1;
}
HcfX509CrlArray *crlArray = nullptr;
if (crlInStream != nullptr) {
crlArray = static_cast<HcfX509CrlArray *>(HcfMalloc(sizeof(HcfX509CrlArray), 0));
ASSERT_NE(crlArray, nullptr);
HcfX509Crl *x509Crl = nullptr;
ret = HcfX509CrlCreate(crlInStream, &x509Crl);
ASSERT_EQ(ret, CF_SUCCESS);
ASSERT_NE(x509Crl, nullptr);
crlArray->data = static_cast<HcfX509Crl **>(HcfMalloc(1 * sizeof(HcfX509Crl *), 0));
ASSERT_NE(crlArray->data, nullptr);
crlArray->data[0] = x509Crl;
crlArray->count = 1;
}
HcfCertCrlCollection *x509CertCrlCollection = nullptr;
ret = HcfCertCrlCollectionCreate(certArray, crlArray, &x509CertCrlCollection);
ASSERT_EQ(ret, CF_SUCCESS);
ASSERT_NE(x509CertCrlCollection, nullptr);
certCRLCollections.data = static_cast<HcfCertCrlCollection **>(HcfMalloc(1 * sizeof(HcfCertCrlCollection *), 0));
ASSERT_NE(certCRLCollections.data, nullptr);
certCRLCollections.data[0] = x509CertCrlCollection;
certCRLCollections.count = 1;
FreeCertArrayData(certArray);
CfFree(certArray);
FreeCrlArrayData(crlArray);
CfFree(crlArray);
}
void CryptoX509CertChainTest::SetUpTestCase()
{
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataP7b, nullptr, &g_certChainP7b);
@ -234,29 +150,6 @@ void CryptoX509CertChainTest::SetUp() {}
void CryptoX509CertChainTest::TearDown() {}
static void FreeCertCrlCollectionArr(HcfCertCRLCollectionArray &certCRLCollections)
{
for (uint32_t i = 0; i < certCRLCollections.count; ++i) {
HcfCertCrlCollection *collection = certCRLCollections.data[i];
CfObjDestroy(collection);
}
CfFree(certCRLCollections.data);
certCRLCollections.data = nullptr;
certCRLCollections.count = 0;
}
static void FreeValidateResult(HcfX509CertChainValidateResult &result)
{
if (result.entityCert != nullptr) {
CfObjDestroy(result.entityCert);
result.entityCert = nullptr;
}
if (result.trustAnchor != nullptr) {
FreeTrustAnchor(result.trustAnchor);
}
}
/* invalid encodingBlob. */
HWTEST_F(CryptoX509CertChainTest, CertChainByEncSpiCreateTest001, TestSize.Level0)
{
@ -694,6 +587,7 @@ HWTEST_F(CryptoX509CertChainTest, GetCertListCoreTest004, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest001, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest001");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataP7b, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -707,6 +601,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest001, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest002, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest002");
ASSERT_NE(g_certChainP7bSpi, nullptr);
CfResult ret = g_certChainP7bSpi->engineValidate(g_certChainP7bSpi, nullptr, nullptr);
ASSERT_EQ(ret, CF_INVALID_PARAMS);
@ -714,6 +609,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest002, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest003, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest003");
ASSERT_NE(g_certChainP7bSpi, nullptr);
HcfX509TrustAnchor anchor = { 0 };
CfEncodingBlob inStream = { 0 };
@ -742,6 +638,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest003, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest004, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest004");
ASSERT_NE(g_certChainP7bSpi, nullptr);
HcfX509CertChainSpi *certChainSpi = nullptr;
@ -767,6 +664,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest004, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest005, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest005");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -787,6 +685,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest005, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest006, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest006");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -804,6 +703,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest006, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest007, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest007");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchor anchor = { 0 };
@ -826,6 +726,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest007, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest008, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest008");
ASSERT_NE(g_certChainPemSpi, nullptr);
CfBlob pubkey = { 0, nullptr };
@ -857,6 +758,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest008, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest009, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest009");
ASSERT_NE(g_certChainPemSpi, nullptr);
CfBlob pubkey = { 0, nullptr };
@ -877,13 +779,14 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest009, TestSize.Level0)
HcfX509CertChainValidateResult result = { 0 };
CfResult ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, &pCertChainValidateParams, &result);
ASSERT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
ASSERT_EQ(ret, CF_INVALID_PARAMS);
CfFree(trustAnchorArray.data);
}
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest010, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest010");
ASSERT_NE(g_certChainPemSpi, nullptr);
CfBlob pubkey = { 0, nullptr };
@ -919,6 +822,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest010, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest011, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest011");
ASSERT_NE(g_certChainPemSpi, nullptr);
CfBlob pubkey = { 0, nullptr };
@ -952,6 +856,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest011, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest012, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest012");
ASSERT_NE(g_certChainPemSpi, nullptr);
CfBlob pubkey = { 0, nullptr };
@ -973,13 +878,14 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest012, TestSize.Level0)
HcfX509CertChainValidateResult result = { 0 };
CfResult ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, &pCertChainValidateParams, &result);
ASSERT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
ASSERT_EQ(ret, CF_INVALID_PARAMS);
CfFree(trustAnchorArray.data);
}
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest013, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest013");
ASSERT_NE(g_certChainPemSpi, nullptr);
CfBlob pubkey = { 0, nullptr };
@ -1002,13 +908,14 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest013, TestSize.Level0)
HcfX509CertChainValidateResult result = { 0 };
CfResult ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, &pCertChainValidateParams, &result);
ASSERT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
ASSERT_EQ(ret, CF_INVALID_PARAMS);
CfFree(trustAnchorArray.data);
}
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest014, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest014");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPemNoRoot, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1033,6 +940,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest014, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest015, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest015");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1067,6 +975,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest015, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest016, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest016");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1085,6 +994,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest016, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest017, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest017");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPemRoot, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1121,6 +1031,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest017, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest018, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest018");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1148,6 +1059,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest018, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest019, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest019");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1175,6 +1087,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest019, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest020, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest020");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1202,6 +1115,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest020, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest021, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest021");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1226,6 +1140,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest021, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest022, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest022");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1250,6 +1165,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest022, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest023, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest023");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1275,6 +1191,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest023, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest024, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest024");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1299,6 +1216,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest024, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest025, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest025");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1324,6 +1242,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest025, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest026, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest026");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1346,6 +1265,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest026, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest027, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest027");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1378,6 +1298,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest027, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest028, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest028");
for (unsigned int i = 0; i < 1000; i++) {
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
@ -1398,6 +1319,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest028, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest029, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest029");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1422,6 +1344,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest029, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest030, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest030");
ASSERT_NE(g_certChainPemSpi, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1447,6 +1370,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest030, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest031, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest031");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPemDisorder, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1468,6 +1392,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest031, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest032, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest032");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1502,6 +1427,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest032, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest033, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest033");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1538,6 +1464,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest033, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest034, TestSize.Level0)
{
CF_LOG_I("ValidateOpensslTest034");
HcfX509CertChainSpi *certChainSpi = nullptr;
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1574,6 +1501,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest034, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest001, TestSize.Level0)
{
CF_LOG_I("ValidateCoreTest001");
HcfCertChain *pCertChain = nullptr;
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataP7b, nullptr, &pCertChain);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1587,6 +1515,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest001, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest002, TestSize.Level0)
{
CF_LOG_I("ValidateCoreTest002");
HcfCertChain *pCertChain = nullptr;
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataP7b, nullptr, &pCertChain);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1600,6 +1529,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest002, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest003, TestSize.Level0)
{
CF_LOG_I("ValidateCoreTest003");
ASSERT_NE(g_certChainP7b, nullptr);
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
@ -1616,6 +1546,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest003, TestSize.Level0)
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest004, TestSize.Level0)
{
CF_LOG_I("ValidateCoreTest004");
HcfCertChain *pCertChain = nullptr;
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataPem, nullptr, &pCertChain);
ASSERT_EQ(ret, CF_SUCCESS);
@ -1780,19 +1711,25 @@ HWTEST_F(CryptoX509CertChainTest, HcfX509CertChainByParamsSpiCreateTest002, Test
// test HcfX509CertChainByParamsSpiCreate failed case
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null()).Times(AnyNumber()).WillOnce(Return(NULL));
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null())
.WillOnce(Return(NULL))
.WillRepeatedly(Invoke(__real_OPENSSL_sk_new_null));
CfResult result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
EXPECT_EQ(result, CF_ERR_MALLOC);
X509OpensslMock::SetMockFlag(false);
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_dup(_)).Times(AnyNumber()).WillOnce(Return(NULL));
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_dup(_))
.WillOnce(Return(NULL))
.WillRepeatedly(Invoke(__real_X509_dup));
result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
EXPECT_EQ(result, CF_ERR_MALLOC);
X509OpensslMock::SetMockFlag(false);
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_push(_, _)).Times(AnyNumber()).WillOnce(Return(-1));
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_push(_, _))
.WillOnce(Return(-1))
.WillRepeatedly(Invoke(__real_OPENSSL_sk_push));
result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
X509OpensslMock::SetMockFlag(false);

File diff suppressed because it is too large Load Diff

View File

@ -40,6 +40,22 @@ using ::testing::AnyNumber;
using ::testing::Invoke;
using ::testing::Return;
#ifdef __cplusplus
extern "C" {
#endif
int __real_OPENSSL_sk_num(const OPENSSL_STACK *st);
void *__real_OPENSSL_sk_value(const OPENSSL_STACK *st, int i);
long __real_ASN1_INTEGER_get(const ASN1_INTEGER *a);
void *__real_X509V3_EXT_d2i(X509_EXTENSION *ext);
X509_EXTENSION *__real_X509_get_ext(const X509 *x, X509_EXTENSION *loc);
void *__real_X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
CfResult __real_DeepCopyDataToBlob(const unsigned char *data, uint32_t len, CfBlob *outBlob);
#ifdef __cplusplus
}
#endif
namespace {
class CryptoX509CertificateTestPart3 : public testing::Test {
public:
@ -140,7 +156,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareSubjectAlternativeNamesTest002,
// test CompareSubAltNameX509Openssl failed case
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _)).Times(AnyNumber()).WillOnce(Return(NULL));
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _))
.WillOnce(Return(NULL))
.WillRepeatedly(Invoke(__real_X509_get_ext_d2i));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &matchParams, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
@ -182,7 +200,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareMatchAllSubjectAltNamesTest001,
// add failed case ret != CF_SUCCESS
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_)).Times(AnyNumber()).WillOnce(Return(-1));
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_))
.WillOnce(Return(-1))
.WillRepeatedly(Invoke(__real_OPENSSL_sk_num));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
X509OpensslMock::SetMockFlag(false);
@ -225,8 +245,8 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareAuthorityKeyIdentifierTest001, T
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), DeepCopyDataToBlob(_, _, _))
.Times(AnyNumber())
.WillOnce(Return(CF_INVALID_PARAMS));
.WillOnce(Return(CF_INVALID_PARAMS))
.WillRepeatedly(Invoke(__real_DeepCopyDataToBlob));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_INVALID_PARAMS);
X509OpensslMock::SetMockFlag(false);
@ -280,14 +300,18 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareMinPathLenConstraintTest002, Tes
constraints->pathlen = pathlen;
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), X509V3_EXT_d2i(_)).Times(AnyNumber()).WillOnce(Return(constraints));
EXPECT_CALL(X509OpensslMock::GetInstance(), ASN1_INTEGER_get(_)).Times(AnyNumber()).WillOnce(Return(10));
EXPECT_CALL(X509OpensslMock::GetInstance(), ASN1_INTEGER_get(_))
.WillOnce(Return(10))
.WillRepeatedly(Invoke(__real_ASN1_INTEGER_get));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), X509V3_EXT_d2i(_)).Times(AnyNumber()).WillOnce(Return(NULL));
EXPECT_CALL(X509OpensslMock::GetInstance(), X509V3_EXT_d2i(_))
.WillOnce(Return(NULL))
.WillRepeatedly(Invoke(__real_X509V3_EXT_d2i));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
@ -302,7 +326,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareMinPathLenConstraintTest002, Tes
X509OpensslMock::SetMockFlag(true);
certMatchParameters.minPathLenConstraint = 2;
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext(_, _)).Times(AnyNumber()).WillOnce(Return(NULL));
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext(_, _))
.WillOnce(Return(NULL))
.WillRepeatedly(Invoke(__real_X509_get_ext));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
@ -374,7 +400,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize
tree->base->d.otherName = OTHERNAME_new();
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _)).Times(AnyNumber()).WillOnce(Return(tree));
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
.WillOnce(Return(tree))
.WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
ret = g_testCertWithPrivateKeyValidObj->match(g_testCertWithPrivateKeyValidObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
@ -389,7 +417,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize
tree->base->d.x400Address = ASN1_STRING_new();
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _)).Times(AnyNumber()).WillOnce(Return(tree));
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
.WillOnce(Return(tree))
.WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
ret = g_testCertWithPrivateKeyValidObj->match(g_testCertWithPrivateKeyValidObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
@ -508,7 +538,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest004, TestSize
tree->base->d.registeredID = ASN1_OBJECT_new();
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _)).Times(AnyNumber()).WillOnce(Return(tree));
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
.WillOnce(Return(tree))
.WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
@ -550,7 +582,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest005, TestSize
nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null();
EXPECT_NE(nc, nullptr);
X509OpensslMock::SetMockFlag(true);
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _)).Times(AnyNumber()).WillOnce(Return(nc));
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _))
.WillOnce(Return(nc))
.WillRepeatedly(Invoke(__real_X509_get_ext_d2i));
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);

View File

@ -16,16 +16,17 @@
#include "crypto_x509_test_common.h"
#include <gtest/gtest.h>
#include <openssl/x509v3.h>
#include "cert_crl_common.h"
#include "certificate_openssl_common.h"
#include "cf_blob.h"
#include "cf_log.h"
#include "fwk_class.h"
#include "memory_mock.h"
#include "securec.h"
#include "x509_certificate.h"
#include "x509_certificate_openssl.h"
#include "fwk_class.h"
#include <openssl/x509v3.h>
#define CONSTRUCT_CERTPOLICY_DATA_SIZE 1
@ -132,12 +133,18 @@ const int g_testCrlWhichEntryWithExtSize = sizeof(g_testCrlWhichEntryWithExt);
const int g_testCertChainPemSize = sizeof(g_testCertChainPem) / sizeof(char);
const int g_testCertChainPem163Size = sizeof(g_testCertChainPem163) / sizeof(char);
const int g_testOcspResponderCertSize = sizeof(g_testOcspResponderCert) / sizeof(char);
const int g_testCertChainPemMidSize = sizeof(g_testCertChainPemMid) / sizeof(char);
const int g_testCertChainPemMidCRLSize = sizeof(g_testCertChainPemMidCRL) / sizeof(char);
const int g_testCertChainPemRootSize = sizeof(g_testCertChainPemRoot) / sizeof(char);
const int g_testCertChainPemRoot163Size = sizeof(g_testCertChainPemRoot163) / sizeof(char);
const int g_testCertChainPemNoRootSize = sizeof(g_testCertChainPemNoRoot) / sizeof(char);
const int g_testCertChainPemNoRootHasPubKeySize = sizeof(g_testCertChainPemNoRootHasPubKey) / sizeof(char);
@ -215,6 +222,14 @@ const CfEncodingBlob g_inStreamChainDataDer = { const_cast<uint8_t *>(g_testChai
const CfEncodingBlob g_inStreamChainDataPem = { reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPem)),
g_testCertChainPemSize, CF_FORMAT_PEM };
const CfEncodingBlob g_inStreamChainDataPem163 = {
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPem163)), g_testCertChainPem163Size, CF_FORMAT_PEM
};
const CfEncodingBlob g_inStreamOcspResponderCert = {
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testOcspResponderCert)), g_testOcspResponderCertSize, CF_FORMAT_PEM
};
const CfEncodingBlob g_inStreamChainDataPemMid = {
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPemMid)), g_testCertChainPemMidSize, CF_FORMAT_PEM
};
@ -223,6 +238,10 @@ const CfEncodingBlob g_inStreamChainDataPemRoot = {
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPemRoot)), g_testCertChainPemRootSize, CF_FORMAT_PEM
};
const CfEncodingBlob g_inStreamChainDataPemRoot163 = { reinterpret_cast<uint8_t *>(
const_cast<char *>(g_testCertChainPemRoot163)),
g_testCertChainPemRoot163Size, CF_FORMAT_PEM };
const CfEncodingBlob g_inStreamChainDataPemNoRoot = { reinterpret_cast<uint8_t *>(
const_cast<char *>(g_testCertChainPemNoRoot)),
g_testCertChainPemNoRootSize, CF_FORMAT_PEM };
@ -311,3 +330,113 @@ const char *GetValidX509CertificateClass(void)
{
return HCF_X509_CERTIFICATE_CLASS;
}
void FreeTrustAnchor(HcfX509TrustAnchor *&trustAnchor)
{
if (trustAnchor == nullptr) {
return;
}
CfBlobFree(&trustAnchor->CAPubKey);
CfBlobFree(&trustAnchor->CASubject);
CfObjDestroy(trustAnchor->CACert);
trustAnchor->CACert = nullptr;
CfFree(trustAnchor);
trustAnchor = nullptr;
}
void BuildAnchorArr(const CfEncodingBlob &certInStream, HcfX509TrustAnchorArray &trustAnchorArray)
{
HcfX509TrustAnchor *anchor = static_cast<HcfX509TrustAnchor *>(HcfMalloc(sizeof(HcfX509TrustAnchor), 0));
ASSERT_NE(anchor, nullptr);
(void)HcfX509CertificateCreate(&certInStream, &anchor->CACert);
trustAnchorArray.data = static_cast<HcfX509TrustAnchor **>(HcfMalloc(1 * sizeof(HcfX509TrustAnchor *), 0));
ASSERT_NE(trustAnchorArray.data, nullptr);
trustAnchorArray.data[0] = anchor;
trustAnchorArray.count = 1;
}
void FreeTrustAnchorArr(HcfX509TrustAnchorArray &trustAnchorArray)
{
for (uint32_t i = 0; i < trustAnchorArray.count; ++i) {
HcfX509TrustAnchor *anchor = trustAnchorArray.data[i];
FreeTrustAnchor(anchor);
}
CfFree(trustAnchorArray.data);
trustAnchorArray.data = nullptr;
trustAnchorArray.count = 0;
}
void BuildCollectionArr(const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream,
HcfCertCRLCollectionArray &certCRLCollections)
{
CfResult ret = CF_SUCCESS;
HcfX509CertificateArray *certArray = nullptr;
if (certInStream != nullptr) {
certArray = static_cast<HcfX509CertificateArray *>(HcfMalloc(sizeof(HcfX509CertificateArray), 0));
ASSERT_NE(certArray, nullptr);
HcfX509Certificate *x509CertObj = nullptr;
(void)HcfX509CertificateCreate(certInStream, &x509CertObj);
ASSERT_NE(x509CertObj, nullptr);
certArray->data = static_cast<HcfX509Certificate **>(HcfMalloc(1 * sizeof(HcfX509Certificate *), 0));
ASSERT_NE(certArray->data, nullptr);
certArray->data[0] = x509CertObj;
certArray->count = 1;
}
HcfX509CrlArray *crlArray = nullptr;
if (crlInStream != nullptr) {
crlArray = static_cast<HcfX509CrlArray *>(HcfMalloc(sizeof(HcfX509CrlArray), 0));
ASSERT_NE(crlArray, nullptr);
HcfX509Crl *x509Crl = nullptr;
ret = HcfX509CrlCreate(crlInStream, &x509Crl);
ASSERT_EQ(ret, CF_SUCCESS);
ASSERT_NE(x509Crl, nullptr);
crlArray->data = static_cast<HcfX509Crl **>(HcfMalloc(1 * sizeof(HcfX509Crl *), 0));
ASSERT_NE(crlArray->data, nullptr);
crlArray->data[0] = x509Crl;
crlArray->count = 1;
}
HcfCertCrlCollection *x509CertCrlCollection = nullptr;
ret = HcfCertCrlCollectionCreate(certArray, crlArray, &x509CertCrlCollection);
ASSERT_EQ(ret, CF_SUCCESS);
ASSERT_NE(x509CertCrlCollection, nullptr);
certCRLCollections.data = static_cast<HcfCertCrlCollection **>(HcfMalloc(1 * sizeof(HcfCertCrlCollection *), 0));
ASSERT_NE(certCRLCollections.data, nullptr);
certCRLCollections.data[0] = x509CertCrlCollection;
certCRLCollections.count = 1;
FreeCertArrayData(certArray);
CfFree(certArray);
FreeCrlArrayData(crlArray);
CfFree(crlArray);
}
void FreeCertCrlCollectionArr(HcfCertCRLCollectionArray &certCRLCollections)
{
for (uint32_t i = 0; i < certCRLCollections.count; ++i) {
HcfCertCrlCollection *collection = certCRLCollections.data[i];
CfObjDestroy(collection);
}
CfFree(certCRLCollections.data);
certCRLCollections.data = nullptr;
certCRLCollections.count = 0;
}
void FreeValidateResult(HcfX509CertChainValidateResult &result)
{
if (result.entityCert != nullptr) {
CfObjDestroy(result.entityCert);
result.entityCert = nullptr;
}
if (result.trustAnchor != nullptr) {
FreeTrustAnchor(result.trustAnchor);
}
}