mirror of
https://gitee.com/openharmony/security_certificate_framework
synced 2024-11-27 08:40:45 +00:00
!120 证书状态校验支持OCSP和CRL两种方式,支持在线获取CRL列表&证书链校验支持常用的校验策略和校验KeyUsage
Merge pull request !120 from hhhFun/req_cert_verify
This commit is contained in:
commit
d503d9947b
1
BUILD.gn
1
BUILD.gn
@ -31,6 +31,7 @@ group("certificate_framework_fuzztest") {
|
||||
deps += [
|
||||
"test/fuzztest/cfcreate_fuzzer:fuzztest",
|
||||
"test/fuzztest/cfgetandcheck_fuzzer:fuzztest",
|
||||
"test/fuzztest/v1.0/x509certchain_fuzzer:fuzztest",
|
||||
"test/fuzztest/v1.0/x509certificate_fuzzer:fuzztest",
|
||||
"test/fuzztest/v1.0/x509crl_fuzzer:fuzztest",
|
||||
]
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Copyright (c) 2023-2024 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
@ -54,5 +54,6 @@ ohos_static_library("certificate_openssl_plugin_lib") {
|
||||
"crypto_framework:crypto_framework_lib",
|
||||
"hilog:libhilog",
|
||||
"openssl:libcrypto_shared",
|
||||
"openssl:libssl_shared",
|
||||
]
|
||||
}
|
||||
|
@ -51,6 +51,11 @@ char *Asn1TimeToStr(const ASN1_GENERALIZEDTIME *time);
|
||||
bool CfArrayContains(const CfArray *self, const CfArray *sub);
|
||||
CfResult DeepCopyDataToOut(const char *data, uint32_t len, CfBlob *out);
|
||||
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array);
|
||||
bool CheckIsSelfSigned(const X509 *cert);
|
||||
bool CheckIsLeafCert(X509 *cert);
|
||||
CfResult IsOrderCertChain(STACK_OF(X509) * certsChain, bool *isOrder);
|
||||
CfResult CheckSelfPubkey(X509 *cert, const EVP_PKEY *pubKey);
|
||||
X509 *FindCertificateBySubject(STACK_OF(X509) * certs, X509_NAME *subjectName);
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -15,6 +15,8 @@
|
||||
|
||||
#include "certificate_openssl_common.h"
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <securec.h>
|
||||
#include <string.h>
|
||||
|
||||
@ -23,8 +25,6 @@
|
||||
#include "cf_result.h"
|
||||
#include "config.h"
|
||||
|
||||
#include <openssl/err.h>
|
||||
|
||||
#define TIME_MON_LEN 2
|
||||
#define TIME_HOUR_LEN 8
|
||||
#define TIME_MIN_LEN 10
|
||||
@ -333,3 +333,163 @@ CfResult DeepCopyDataToOut(const char *data, uint32_t len, CfBlob *out)
|
||||
out->size = len;
|
||||
return CF_SUCCESS;
|
||||
}
|
||||
|
||||
bool CheckIsSelfSigned(const X509 *cert)
|
||||
{
|
||||
bool ret = false;
|
||||
X509_NAME *issuer = X509_get_issuer_name(cert);
|
||||
if (issuer == NULL) {
|
||||
LOGE("x509 get issuer name failed!");
|
||||
CfPrintOpensslError();
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
|
||||
X509_NAME *subject = X509_get_subject_name(cert);
|
||||
if (subject == NULL) {
|
||||
LOGE("x509 get subject name failed!");
|
||||
CfPrintOpensslError();
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
|
||||
ret = (X509_NAME_cmp(issuer, subject) == 0);
|
||||
LOGI("CheckIsSelfSigned() ret: %d .", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
bool CheckIsLeafCert(X509 *cert)
|
||||
{
|
||||
if (cert == NULL) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bool ret = true;
|
||||
if (X509_check_ca(cert)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
CfResult IsOrderCertChain(STACK_OF(X509) * certsChain, bool *isOrder)
|
||||
{
|
||||
int num = sk_X509_num(certsChain);
|
||||
if (num == 1) {
|
||||
LOGI("1 certs is order chain.");
|
||||
return CF_SUCCESS;
|
||||
}
|
||||
|
||||
X509 *cert = NULL;
|
||||
X509 *certNext = NULL;
|
||||
X509_NAME *issuerName = NULL;
|
||||
X509_NAME *subjectName = NULL;
|
||||
for (int i = num - 1; i > 0; --i) {
|
||||
cert = sk_X509_value(certsChain, i);
|
||||
if (cert == NULL) {
|
||||
LOGE("sk X509 value is null, failed!");
|
||||
CfPrintOpensslError();
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
certNext = sk_X509_value(certsChain, i - 1);
|
||||
if (certNext == NULL) {
|
||||
LOGE("sk X509 value is null, failed!");
|
||||
CfPrintOpensslError();
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
|
||||
subjectName = X509_get_subject_name(cert);
|
||||
if (subjectName == NULL) {
|
||||
LOGE("x509 get subject name failed!");
|
||||
CfPrintOpensslError();
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
issuerName = X509_get_issuer_name(certNext);
|
||||
if (issuerName == NULL) {
|
||||
LOGE("x509 get subject name failed!");
|
||||
CfPrintOpensslError();
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
|
||||
if (X509_NAME_cmp(subjectName, issuerName) != 0) {
|
||||
*isOrder = false;
|
||||
LOGI("is a misOrder chain.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return CF_SUCCESS;
|
||||
}
|
||||
|
||||
CfResult CheckSelfPubkey(X509 *cert, const EVP_PKEY *pubKey)
|
||||
{
|
||||
EVP_PKEY *certPublicKey = X509_get_pubkey(cert);
|
||||
if (certPublicKey == NULL) {
|
||||
LOGE("get cert public key failed!");
|
||||
CfPrintOpensslError();
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
|
||||
int isMatch = EVP_PKEY_cmp(certPublicKey, pubKey);
|
||||
if (isMatch != CF_OPENSSL_SUCCESS) {
|
||||
LOGE("cmp cert public key failed!");
|
||||
CfPrintOpensslError();
|
||||
EVP_PKEY_free(certPublicKey);
|
||||
return CF_ERR_CRYPTO_OPERATION;
|
||||
}
|
||||
|
||||
EVP_PKEY_free(certPublicKey);
|
||||
return CF_SUCCESS;
|
||||
}
|
||||
|
||||
X509 *FindCertificateBySubject(STACK_OF(X509) * certs, X509_NAME *subjectName)
|
||||
{
|
||||
X509_STORE_CTX *ctx = NULL;
|
||||
X509 *cert = NULL;
|
||||
X509_OBJECT *obj;
|
||||
|
||||
X509_STORE *store = X509_STORE_new();
|
||||
if (store == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
for (int i = 0; i < sk_X509_num(certs); i++) {
|
||||
cert = sk_X509_value(certs, i);
|
||||
X509_STORE_add_cert(store, cert);
|
||||
}
|
||||
|
||||
if (!(ctx = X509_STORE_CTX_new())) {
|
||||
X509_STORE_free(store);
|
||||
return NULL;
|
||||
}
|
||||
if (X509_STORE_CTX_init(ctx, store, NULL, NULL) != 1) {
|
||||
X509_STORE_free(store);
|
||||
X509_STORE_CTX_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, subjectName);
|
||||
if (obj == NULL) {
|
||||
X509_STORE_free(store);
|
||||
X509_STORE_CTX_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
cert = X509_OBJECT_get0_X509(obj);
|
||||
X509_STORE_free(store);
|
||||
X509_OBJECT_free(obj);
|
||||
X509_STORE_CTX_free(ctx);
|
||||
|
||||
return cert;
|
||||
}
|
||||
|
||||
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array)
|
||||
{
|
||||
if (array == NULL) {
|
||||
LOGD("The input array is null, no need to free.");
|
||||
return;
|
||||
}
|
||||
if (array->data != NULL) {
|
||||
for (uint32_t i = 0; i < array->count; ++i) {
|
||||
CF_FREE_BLOB(array->data[i].name);
|
||||
}
|
||||
CfFree(array->data);
|
||||
array->data = NULL;
|
||||
array->count = 0;
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -15,7 +15,6 @@
|
||||
|
||||
#include "x509_crl_openssl.h"
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
|
@ -22,7 +22,6 @@
|
||||
#include "cf_blob.h"
|
||||
#include "cf_object_base.h"
|
||||
#include "object_base.h"
|
||||
#include "x509_cert_match_parameters.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
@ -32,7 +31,8 @@ bool IsStrValid(const char *str, uint32_t maxLen);
|
||||
bool IsBlobValid(const CfBlob *blob);
|
||||
bool IsClassMatch(const CfObjectBase *obj, const char *className);
|
||||
bool IsPubKeyClassMatch(const HcfObjectBase *obj, const char *className);
|
||||
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array);
|
||||
bool IsUrlValid(const char *url);
|
||||
bool IsHttp(const char *url);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -20,6 +20,10 @@
|
||||
#include "cf_log.h"
|
||||
#include "cf_memory.h"
|
||||
|
||||
#define MIN_URL_LEN 5
|
||||
#define HTTP_URL_LEN 7
|
||||
#define HTTPS_URL_LEN 8
|
||||
|
||||
bool IsStrValid(const char *str, uint32_t maxLen)
|
||||
{
|
||||
if (str == NULL) {
|
||||
@ -65,18 +69,49 @@ bool IsPubKeyClassMatch(const HcfObjectBase *obj, const char *className)
|
||||
}
|
||||
}
|
||||
|
||||
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array)
|
||||
bool IsUrlValid(const char *url)
|
||||
{
|
||||
if (array == NULL) {
|
||||
LOGD("The input array is null, no need to free.");
|
||||
return;
|
||||
if (url == NULL) {
|
||||
return false;
|
||||
}
|
||||
if (array->data != NULL) {
|
||||
for (uint32_t i = 0; i < array->count; ++i) {
|
||||
CF_FREE_BLOB(array->data[i].name);
|
||||
if (strlen(url) < MIN_URL_LEN) {
|
||||
return false;
|
||||
}
|
||||
CfFree(array->data);
|
||||
array->data = NULL;
|
||||
array->count = 0;
|
||||
if (strncmp(url, "http://", HTTP_URL_LEN) != 0 && strncmp(url, "https://", HTTPS_URL_LEN) != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
int httpHeaderLen = (strncmp(url, "http://", HTTP_URL_LEN) == 0) ? HTTP_URL_LEN : HTTPS_URL_LEN;
|
||||
const char *startDomain = url + httpHeaderLen;
|
||||
const char *endDomain = startDomain;
|
||||
while (*endDomain != '\0' && *endDomain != '/') {
|
||||
endDomain++;
|
||||
}
|
||||
if (endDomain == startDomain) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (*endDomain == '\0') {
|
||||
return true;
|
||||
} else {
|
||||
const char *startPath = endDomain;
|
||||
while (*startPath == '/') {
|
||||
startPath++;
|
||||
}
|
||||
if (*startPath == '\0') {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
bool IsHttp(const char *url)
|
||||
{
|
||||
if (url != NULL && strncmp(url, "http://", strlen("http://")) == 0) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
@ -100,6 +100,16 @@ const std::string CERT_CHAIN_TRUSTANCHOR_TAG_CASUBJECT = "CASubject";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_DATE = "date";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_TRUSTANCHORS = "trustAnchors";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_CERTCRLS = "certCRLs";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_REVOCATIONCHECKPARAM = "revocationCheckParam";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_REQ_EXTENSION = "ocspRequestExtension";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_URI = "ocspResponderURI";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_CERT = "ocspResponderCert";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_OCSP_RESPS = "ocspResponses";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_CRL_DOWNLOAD_URI = "crlDownloadURI";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_OPTIONS = "options";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_POLICY = "policy";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_SSLHOSTNAME = "sslHostname";
|
||||
const std::string CERT_CHAIN_VALIDATE_TAG_KEYUSAGE = "keyUsage";
|
||||
// CertChainValidateResult
|
||||
const std::string CERT_CHAIN_VALIDATE_RESULLT_TAG_TRUSTANCHOR = "trustAnchor";
|
||||
const std::string CERT_CHAIN_VALIDATE_RESULLT_TAG_X509CERT = "entityCert";
|
||||
|
@ -628,6 +628,22 @@ bool ParserArray(napi_env env, napi_value arg, uint32_t &arrayLen)
|
||||
return true;
|
||||
}
|
||||
|
||||
void SubAltNameArrayDataClearAndFree(SubAltNameArray *array)
|
||||
{
|
||||
if (array == NULL) {
|
||||
LOGD("The input array is null, no need to free.");
|
||||
return;
|
||||
}
|
||||
if (array->data != NULL) {
|
||||
for (uint32_t i = 0; i < array->count; ++i) {
|
||||
CF_FREE_BLOB(array->data[i].name);
|
||||
}
|
||||
CfFree(array->data);
|
||||
array->data = NULL;
|
||||
array->count = 0;
|
||||
}
|
||||
}
|
||||
|
||||
SubAltNameArray *CertGetSANArrFromArrUarrJSParams(napi_env env, napi_value arg)
|
||||
{
|
||||
uint32_t length = 0;
|
||||
|
@ -170,6 +170,76 @@ static void DefineGeneralNameTypeProperties(napi_env env, napi_value exports)
|
||||
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
|
||||
}
|
||||
|
||||
static napi_value CreateRevocationCheckOptions(napi_env env)
|
||||
{
|
||||
napi_value revocationCheckOptions = nullptr;
|
||||
napi_create_object(env, &revocationCheckOptions);
|
||||
|
||||
CertAddUint32Property(
|
||||
env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_PREFER_OCSP", CF_REVOCATION_CHECK_OPTION_PREFER_OCSP);
|
||||
CertAddUint32Property(env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_ACCESS_NETWORK",
|
||||
CF_REVOCATION_CHECK_OPTION_ACCESS_NETWORK);
|
||||
CertAddUint32Property(env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER",
|
||||
CF_REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER);
|
||||
CertAddUint32Property(env, revocationCheckOptions, "REVOCATION_CHECK_OPTION_FALLBACK_LOCAL",
|
||||
CF_REVOCATION_CHECK_OPTION_FALLBACK_LOCAL);
|
||||
|
||||
return revocationCheckOptions;
|
||||
}
|
||||
|
||||
static napi_value CreateValidationPolicyType(napi_env env)
|
||||
{
|
||||
napi_value ValidationPolicyType = nullptr;
|
||||
napi_create_object(env, &ValidationPolicyType);
|
||||
|
||||
CertAddUint32Property(env, ValidationPolicyType, "VALIDATION_POLICY_TYPE_X509", CF_VALIDATION_POLICY_TYPE_X509);
|
||||
CertAddUint32Property(env, ValidationPolicyType, "VALIDATION_POLICY_TYPE_SSL", CF_VALIDATION_POLICY_TYPE_SSL);
|
||||
|
||||
return ValidationPolicyType;
|
||||
}
|
||||
|
||||
static napi_value CreateValidationKeyUsageType(napi_env env)
|
||||
{
|
||||
napi_value ValidationKeyUsageType = nullptr;
|
||||
napi_create_object(env, &ValidationKeyUsageType);
|
||||
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_DIGITAL_SIGNATURE", CF_KEYUSAGE_DIGITAL_SIGNATURE);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_NON_REPUDIATION", CF_KEYUSAGE_NON_REPUDIATION);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_KEY_ENCIPHERMENT", CF_KEYUSAGE_KEY_ENCIPHERMENT);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_DATA_ENCIPHERMENT", CF_KEYUSAGE_DATA_ENCIPHERMENT);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_KEY_AGREEMENT", CF_KEYUSAGE_KEY_AGREEMENT);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_KEY_CERT_SIGN", CF_KEYUSAGE_KEY_CERT_SIGN);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_CRL_SIGN", CF_KEYUSAGE_CRL_SIGN);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_ENCIPHER_ONLY", CF_KEYUSAGE_ENCIPHER_ONLY);
|
||||
CertAddUint32Property(env, ValidationKeyUsageType, "KEYUSAGE_DECIPHER_ONLY", CF_KEYUSAGE_DECIPHER_ONLY);
|
||||
|
||||
return ValidationKeyUsageType;
|
||||
}
|
||||
|
||||
static void DefineOcspCheckOptionTypeProperties(napi_env env, napi_value exports)
|
||||
{
|
||||
napi_property_descriptor desc[] = {
|
||||
DECLARE_NAPI_PROPERTY("RevocationCheckOptions", CreateRevocationCheckOptions(env)),
|
||||
};
|
||||
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
|
||||
}
|
||||
|
||||
static void DefineValidationPolicyTypeProperties(napi_env env, napi_value exports)
|
||||
{
|
||||
napi_property_descriptor desc[] = {
|
||||
DECLARE_NAPI_PROPERTY("ValidationPolicyType", CreateValidationPolicyType(env)),
|
||||
};
|
||||
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
|
||||
}
|
||||
|
||||
static void DefineValidationKeyUsageTypeProperties(napi_env env, napi_value exports)
|
||||
{
|
||||
napi_property_descriptor desc[] = {
|
||||
DECLARE_NAPI_PROPERTY("KeyUsageType", CreateValidationKeyUsageType(env)),
|
||||
};
|
||||
napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc);
|
||||
}
|
||||
|
||||
/***********************************************
|
||||
* Module export and register
|
||||
***********************************************/
|
||||
@ -182,6 +252,9 @@ static napi_value CertModuleExport(napi_env env, napi_value exports)
|
||||
DefineExtensionOidTypeProperties(env, exports);
|
||||
DefineExtensionEntryTypeProperties(env, exports);
|
||||
DefineGeneralNameTypeProperties(env, exports);
|
||||
DefineOcspCheckOptionTypeProperties(env, exports);
|
||||
DefineValidationPolicyTypeProperties(env, exports);
|
||||
DefineValidationKeyUsageTypeProperties(env, exports);
|
||||
|
||||
NapiKey::DefineHcfKeyJSClass(env);
|
||||
NapiPubKey::DefinePubKeyJSClass(env);
|
||||
|
@ -163,6 +163,186 @@ static bool GetCertCRLCollectionArray(napi_env env, napi_value arg, HcfCertCRLCo
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool GetRevocationOptions(napi_env env, napi_value rckObj, HcfRevocationCheckParam *&out)
|
||||
{
|
||||
napi_value obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OPTIONS.c_str());
|
||||
if (obj == nullptr) {
|
||||
return true;
|
||||
}
|
||||
bool flag = false;
|
||||
napi_status status = napi_is_array(env, obj, &flag);
|
||||
if (status != napi_ok || !flag) {
|
||||
return false;
|
||||
}
|
||||
|
||||
uint32_t length = 0;
|
||||
status = napi_get_array_length(env, obj, &length);
|
||||
if (status != napi_ok || length == 0 || length > MAX_NAPI_ARRAY_OF_U8ARR) {
|
||||
return false;
|
||||
}
|
||||
out->options = static_cast<HcfRevChkOpArray *>(HcfMalloc(sizeof(HcfRevChkOpArray), 0));
|
||||
out->options->count = length;
|
||||
out->options->data = static_cast<HcfRevChkOption *>(HcfMalloc(length * sizeof(HcfRevChkOption), 0));
|
||||
for (uint32_t i = 0; i < length; i++) {
|
||||
napi_value element;
|
||||
if (napi_get_element(env, obj, i, &element) != napi_ok ||
|
||||
napi_get_value_int32(env, element, (int32_t *)&(out->options->data[i])) != napi_ok) {
|
||||
return false;
|
||||
}
|
||||
switch (out->options->data[i]) {
|
||||
case REVOCATION_CHECK_OPTION_PREFER_OCSP:
|
||||
case REVOCATION_CHECK_OPTION_ACCESS_NETWORK:
|
||||
case REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER:
|
||||
case REVOCATION_CHECK_OPTION_FALLBACK_LOCAL:
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool GetRevocationDetail(napi_env env, napi_value rckObj, HcfRevocationCheckParam *&out)
|
||||
{
|
||||
napi_value obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_REQ_EXTENSION.c_str());
|
||||
if (obj != nullptr) {
|
||||
out->ocspRequestExtension = CertGetBlobArrFromArrUarrJSParams(env, obj);
|
||||
if (out->ocspRequestExtension == nullptr) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_URI.c_str());
|
||||
if (obj != nullptr) {
|
||||
out->ocspResponderURI = CertGetBlobFromStringJSParams(env, obj);
|
||||
if (out->ocspResponderURI == nullptr) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_RESP_CERT.c_str());
|
||||
if (obj != nullptr) {
|
||||
NapiX509Certificate *napiX509Cert = nullptr;
|
||||
napi_unwrap(env, obj, reinterpret_cast<void **>(&napiX509Cert));
|
||||
if (napiX509Cert != nullptr) {
|
||||
out->ocspResponderCert = napiX509Cert->GetX509Cert();
|
||||
if (out->ocspResponderCert == nullptr) {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_OCSP_RESPS.c_str());
|
||||
if (obj != nullptr) {
|
||||
out->ocspResponses = CertGetBlobFromUint8ArrJSParams(env, obj);
|
||||
if (out->ocspResponses == nullptr) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
obj = GetProp(env, rckObj, CERT_CHAIN_VALIDATE_TAG_CRL_DOWNLOAD_URI.c_str());
|
||||
if (obj != nullptr) {
|
||||
out->crlDownloadURI = CertGetBlobFromStringJSParams(env, obj);
|
||||
if (out->crlDownloadURI == nullptr) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return GetRevocationOptions(env, rckObj, out);
|
||||
}
|
||||
|
||||
static bool GetRevocationCheckParam(napi_env env, napi_value arg, HcfRevocationCheckParam *&out)
|
||||
{
|
||||
napi_value rckObj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_REVOCATIONCHECKPARAM.c_str());
|
||||
if (rckObj == nullptr) {
|
||||
LOGI("RevocationCheckParam do not exist!");
|
||||
return true;
|
||||
}
|
||||
napi_valuetype valueType;
|
||||
napi_typeof(env, rckObj, &valueType);
|
||||
if (valueType == napi_null || valueType != napi_object) {
|
||||
LOGE("Failed to check input param!");
|
||||
return false;
|
||||
}
|
||||
|
||||
out = static_cast<HcfRevocationCheckParam *>(HcfMalloc(sizeof(HcfRevocationCheckParam), 0));
|
||||
if (out == nullptr) {
|
||||
LOGE("Failed to allocate out memory!");
|
||||
return false;
|
||||
}
|
||||
if (!GetRevocationDetail(env, rckObj, out)) {
|
||||
LOGE("Failed to get revocation detail!");
|
||||
CfFree(out);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool GetValidationPolicyType(napi_env env, napi_value arg, HcfValPolicyType &out)
|
||||
{
|
||||
napi_value obj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_POLICY.c_str());
|
||||
if (obj != nullptr) {
|
||||
napi_status status = napi_get_value_int32(env, obj, (int32_t *)&out);
|
||||
if (status != napi_ok) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool GetSSLHostname(napi_env env, napi_value arg, CfBlob *&out)
|
||||
{
|
||||
napi_value obj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_SSLHOSTNAME.c_str());
|
||||
if (obj == nullptr) {
|
||||
LOGI("Param type not SSLHostname!");
|
||||
return true;
|
||||
}
|
||||
out = CertGetBlobFromStringJSParams(env, obj);
|
||||
if (out == nullptr) {
|
||||
LOGE("SSLHostname is nullptr");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool GetKeyUsage(napi_env env, napi_value arg, HcfKuArray *&out)
|
||||
{
|
||||
out = nullptr;
|
||||
napi_value obj = GetProp(env, arg, CERT_CHAIN_VALIDATE_TAG_KEYUSAGE.c_str());
|
||||
if (obj == nullptr) {
|
||||
return true;
|
||||
}
|
||||
bool flag = false;
|
||||
napi_status status = napi_is_array(env, obj, &flag);
|
||||
if (status != napi_ok || !flag) {
|
||||
return false;
|
||||
}
|
||||
uint32_t length = 0;
|
||||
status = napi_get_array_length(env, obj, &length);
|
||||
if (status != napi_ok || length == 0 || length > MAX_NAPI_ARRAY_OF_U8ARR) {
|
||||
return false;
|
||||
}
|
||||
out = static_cast<HcfKuArray *>(HcfMalloc(sizeof(HcfKuArray), 0));
|
||||
if (out == nullptr) {
|
||||
return false;
|
||||
}
|
||||
out->count = length;
|
||||
out->data = static_cast<HcfKeyUsageType *>(HcfMalloc(length * sizeof(HcfKeyUsageType), 0));
|
||||
if (out->data == nullptr) {
|
||||
CfFree(out);
|
||||
out = nullptr;
|
||||
return false;
|
||||
}
|
||||
for (uint32_t i = 0; i < length; i++) {
|
||||
napi_value element;
|
||||
if (napi_get_element(env, obj, i, &element) != napi_ok ||
|
||||
napi_get_value_int32(env, element, (int32_t *)&(out->data[i])) != napi_ok) {
|
||||
CfFree(out);
|
||||
out = nullptr;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void FreeX509CertChainValidateParams(HcfX509CertChainValidateParams ¶m)
|
||||
{
|
||||
CfBlobFree(¶m.date);
|
||||
@ -223,6 +403,22 @@ bool BuildX509CertChainValidateParams(napi_env env, napi_value arg, HcfX509CertC
|
||||
LOGE("GetCertCRLCollectionArray failed");
|
||||
return false;
|
||||
}
|
||||
if (!GetRevocationCheckParam(env, arg, param.revocationCheckParam)) {
|
||||
LOGE("Get revocation check param failed!");
|
||||
return false;
|
||||
}
|
||||
if (!GetValidationPolicyType(env, arg, param.policy)) {
|
||||
LOGE("Get validation policy type failed!");
|
||||
return false;
|
||||
}
|
||||
if (!GetSSLHostname(env, arg, param.sslHostname)) {
|
||||
LOGE("Get SSLHostname failed!");
|
||||
return false;
|
||||
}
|
||||
if (!GetKeyUsage(env, arg, param.keyUsage)) {
|
||||
LOGE("Get key usage failed!");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
* Copyright (c) 2023-2024 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
@ -24,11 +24,59 @@
|
||||
#include "cf_blob.h"
|
||||
#include "x509_trust_anchor.h"
|
||||
|
||||
typedef enum {
|
||||
VALIDATION_POLICY_TYPE_X509 = 0,
|
||||
VALIDATION_POLICY_TYPE_SSL = 1,
|
||||
} HcfValPolicyType;
|
||||
|
||||
typedef enum {
|
||||
REVOCATION_CHECK_OPTION_PREFER_OCSP = 0,
|
||||
REVOCATION_CHECK_OPTION_ACCESS_NETWORK = 1,
|
||||
REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER = 2,
|
||||
REVOCATION_CHECK_OPTION_FALLBACK_LOCAL = 3,
|
||||
} HcfRevChkOption;
|
||||
|
||||
typedef enum {
|
||||
KEYUSAGE_DIGITAL_SIGNATURE = 0,
|
||||
KEYUSAGE_NON_REPUDIATION = 1,
|
||||
KEYUSAGE_KEY_ENCIPHERMENT = 2,
|
||||
KEYUSAGE_DATA_ENCIPHERMENT = 3,
|
||||
KEYUSAGE_KEY_AGREEMENT = 4,
|
||||
KEYUSAGE_KEY_CERT_SIGN = 5,
|
||||
KEYUSAGE_CRL_SIGN = 6,
|
||||
KEYUSAGE_ENCIPHER_ONLY = 7,
|
||||
KEYUSAGE_DECIPHER_ONLY = 8,
|
||||
} HcfKeyUsageType;
|
||||
|
||||
typedef struct {
|
||||
HcfKeyUsageType *data;
|
||||
uint32_t count;
|
||||
} HcfKuArray;
|
||||
|
||||
typedef struct {
|
||||
HcfRevChkOption *data;
|
||||
uint32_t count;
|
||||
} HcfRevChkOpArray;
|
||||
|
||||
typedef struct HcfRevocationCheckParam HcfRevocationCheckParam;
|
||||
struct HcfRevocationCheckParam {
|
||||
CfBlobArray *ocspRequestExtension;
|
||||
CfBlob *ocspResponderURI;
|
||||
HcfX509Certificate *ocspResponderCert;
|
||||
CfBlob *ocspResponses;
|
||||
CfBlob *crlDownloadURI;
|
||||
HcfRevChkOpArray *options;
|
||||
};
|
||||
|
||||
typedef struct HcfX509CertChainValidateParams HcfX509CertChainValidateParams;
|
||||
struct HcfX509CertChainValidateParams {
|
||||
CfBlob *date; // string
|
||||
HcfX509TrustAnchorArray *trustAnchors; // Array<X509TrustAnchor>
|
||||
HcfCertCRLCollectionArray *certCRLCollections; // Array<CertCRLCollection>;
|
||||
HcfRevocationCheckParam *revocationCheckParam;
|
||||
HcfValPolicyType policy;
|
||||
CfBlob *sslHostname;
|
||||
HcfKuArray *keyUsage;
|
||||
};
|
||||
|
||||
#endif // X509_CERT_CHAIN_VALIDATE_PARAMETERS_H
|
||||
|
@ -79,6 +79,30 @@ typedef enum {
|
||||
CF_GENERAL_NAME_TYPE_REGISTERED_ID
|
||||
} CfGeneralNameType;
|
||||
|
||||
typedef enum {
|
||||
CF_REVOCATION_CHECK_OPTION_PREFER_OCSP,
|
||||
CF_REVOCATION_CHECK_OPTION_ACCESS_NETWORK,
|
||||
CF_REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER,
|
||||
CF_REVOCATION_CHECK_OPTION_FALLBACK_LOCAL,
|
||||
} CfRevocationCheckOptionsType;
|
||||
|
||||
typedef enum {
|
||||
CF_VALIDATION_POLICY_TYPE_X509,
|
||||
CF_VALIDATION_POLICY_TYPE_SSL,
|
||||
} CfValidationPolicyType;
|
||||
|
||||
typedef enum {
|
||||
CF_KEYUSAGE_DIGITAL_SIGNATURE,
|
||||
CF_KEYUSAGE_NON_REPUDIATION,
|
||||
CF_KEYUSAGE_KEY_ENCIPHERMENT,
|
||||
CF_KEYUSAGE_DATA_ENCIPHERMENT,
|
||||
CF_KEYUSAGE_KEY_AGREEMENT,
|
||||
CF_KEYUSAGE_KEY_CERT_SIGN,
|
||||
CF_KEYUSAGE_CRL_SIGN,
|
||||
CF_KEYUSAGE_ENCIPHER_ONLY,
|
||||
CF_KEYUSAGE_DECIPHER_ONLY,
|
||||
} CfValidationKeyUsageType;
|
||||
|
||||
typedef enum {
|
||||
CF_GET_TYPE_CERT_ITEM,
|
||||
CF_GET_TYPE_EXT_ITEM,
|
||||
|
49
test/fuzztest/v1.0/x509certchain_fuzzer/BUILD.gn
Normal file
49
test/fuzztest/v1.0/x509certchain_fuzzer/BUILD.gn
Normal file
@ -0,0 +1,49 @@
|
||||
# Copyright (c) 2024 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#####################hydra-fuzz###################
|
||||
import("//build/config/features.gni")
|
||||
import("//build/test.gni")
|
||||
module_output_path = "certificate_framework/certificate_framework"
|
||||
|
||||
##############################fuzztest##########################################
|
||||
ohos_fuzztest("X509CertChainFuzzTest") {
|
||||
module_out_path = module_output_path
|
||||
fuzz_config_file = "../x509certchain_fuzzer"
|
||||
configs = [ "../../../../config/build:coverage_flag_cc" ]
|
||||
cflags = [
|
||||
"-g",
|
||||
"-O0",
|
||||
"-Wno-unused-variable",
|
||||
"-fno-omit-frame-pointer",
|
||||
]
|
||||
sources = [ "x509cert_chain_fuzzer.cpp" ]
|
||||
|
||||
external_deps = [
|
||||
"c_utils:utils",
|
||||
"certificate_framework:certificate_framework_core",
|
||||
"crypto_framework:crypto_framework_lib",
|
||||
"hilog:libhilog",
|
||||
]
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
group("fuzztest") {
|
||||
testonly = true
|
||||
deps = []
|
||||
deps += [
|
||||
# deps file
|
||||
":X509CertChainFuzzTest",
|
||||
]
|
||||
}
|
||||
###############################################################################
|
14
test/fuzztest/v1.0/x509certchain_fuzzer/corpus/init
Normal file
14
test/fuzztest/v1.0/x509certchain_fuzzer/corpus/init
Normal file
@ -0,0 +1,14 @@
|
||||
# Copyright (c) 2024 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
FUZZ
|
25
test/fuzztest/v1.0/x509certchain_fuzzer/project.xml
Normal file
25
test/fuzztest/v1.0/x509certchain_fuzzer/project.xml
Normal file
@ -0,0 +1,25 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Copyright (c) 2024 Huawei Device Co., Ltd.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
<fuzz_config>
|
||||
<fuzztest>
|
||||
<!-- maximum length of a test input -->
|
||||
<max_len>1000</max_len>
|
||||
<!-- maximum total time in seconds to run the fuzzer -->
|
||||
<max_total_time>300</max_total_time>
|
||||
<!-- memory usage limit in Mb -->
|
||||
<rss_limit_mb>4096</rss_limit_mb>
|
||||
</fuzztest>
|
||||
</fuzz_config>
|
@ -0,0 +1,218 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "x509cert_chain_fuzzer.h"
|
||||
|
||||
#include <cstddef>
|
||||
#include <cstdint>
|
||||
#include "securec.h"
|
||||
|
||||
#include "cf_blob.h"
|
||||
#include "cf_result.h"
|
||||
#include "x509_cert_chain.h"
|
||||
|
||||
namespace OHOS {
|
||||
static char g_fuzzCert[] =
|
||||
"-----BEGIN CERTIFICATE-----\r\n"
|
||||
"MIIEMjCCAxqgAwIBAgICARAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQ04x\r\n"
|
||||
"CzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjELMAkGA1UECgwCSEQxDDAKBgNVBAsM\r\n"
|
||||
"A2RldjELMAkGA1UEAwwCY2ExJTAjBgkqhkiG9w0BCQEWFmNhQGNyeXB0b2ZyYW1l\r\n"
|
||||
"d29yay5jb20wHhcNMjIwODE5MTI0OTA2WhcNMzIwODE2MTI0OTA2WjB2MQswCQYD\r\n"
|
||||
"VQQGEwJDTjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQswCQYDVQQKDAJIRDEM\r\n"
|
||||
"MAoGA1UECwwDZGV2MQswCQYDVQQDDAJjYTElMCMGCSqGSIb3DQEJARYWY2FAY3J5\r\n"
|
||||
"cHRvZnJhbWV3b3JrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\r\n"
|
||||
"AJ8p0IWE7WwwbtATg+AbYQj33WNBBktU+/AVf+Tl1aAa4TOeW2/ZARc4sdwLVTxd\r\n"
|
||||
"XCipFseuiGN30hwXrXFUHrcMf0w2sCkznJVZ/rQcfEO5Kb1vBz6DEEcgISYEhhqO\r\n"
|
||||
"BfYBit5qfpq5R2+2R/Th/ybV+kBrUl+GssXbDAe6oZCy56lGphDvmHMUO7a13j+S\r\n"
|
||||
"FmThMbI2yeyua1LagSoaBJfY1J+i7jWPmmEFR0dQ2p0EGjHTgQGhRo5VuwDHipNS\r\n"
|
||||
"v0XP8OUA/PYbL/SBj1Fq4C3gtfvjeswUbzVaMoq/wCuy1qcXI80ZLe3whR24c0cX\r\n"
|
||||
"YFO0uGi9egPp24fw7yYGqgECAwEAAaOByTCBxjAdBgNVHQ4EFgQUjKM7QmMBs01R\r\n"
|
||||
"9uQttYN/GDkvt7UwHwYDVR0jBBgwFoAUjKM7QmMBs01R9uQttYN/GDkvt7UwEgYD\r\n"
|
||||
"VR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH\r\n"
|
||||
"AwEGCCsGAQUFBwMCMCEGA1UdEQQaMBiBFmNhQGNyeXB0b2ZyYW1ld29yay5jb20w\r\n"
|
||||
"IQYDVR0SBBowGIEWY2FAY3J5cHRvZnJhbWV3b3JrLmNvbTANBgkqhkiG9w0BAQsF\r\n"
|
||||
"AAOCAQEAh+4RE6cJ62/gLYssLkc7ESg7exKwZlmisHyBicuy/+XagOZ3cTbgQNXl\r\n"
|
||||
"QoZKbw/ks/B/cInbQGYbpAm47Sudo+I/G9xj0X7gQB9wtSrbStOs6SjnLiYU0xFc\r\n"
|
||||
"Fsc0j6k2SrlyiwRQcjS4POKiUS0Cm3F3DHGdj55PlBkXxudXCq2V3J3VwKf2bVjQ\r\n"
|
||||
"bzz2+M/Q1m+P7FhB+JmeO8eemkqMQ0tFMU3EM441NpejC5iFVAGgownC8S0B+fxH\r\n"
|
||||
"9dBJuHM6vpxEWw3ckZFDZQ1kd91YRgr7jY8fc0v/T0tzHWbOEVzklEIBWL1mompL\r\n"
|
||||
"BCwe0/Gw+BO60bfi2MoJw8t2IcB1Qw==\r\n"
|
||||
"-----END CERTIFICATE-----\r\n";
|
||||
|
||||
static char g_fuzzDate[] = "20231212080000Z";
|
||||
static uint8_t g_fuzzPubKey[] = {
|
||||
0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
|
||||
0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd0, 0x35, 0x39, 0x92, 0x49, 0xb5,
|
||||
0x95, 0x08, 0xef, 0x38, 0xf8, 0xa8, 0x51, 0xd3, 0xef, 0xd8, 0x3e, 0x3a, 0xd9,
|
||||
0x2c, 0xe1, 0x31, 0x1f, 0x99, 0x41, 0x03, 0x86, 0xb3, 0x4a, 0x04, 0x41, 0x23,
|
||||
0x6f, 0xf8, 0xb6, 0xf4, 0x60, 0x5f, 0x9e, 0x9b, 0xc5, 0x75, 0x3d, 0xfa, 0x6b,
|
||||
0x30, 0xa0, 0xd9, 0x53, 0x83, 0x25, 0x14, 0xa3, 0x23, 0x31, 0x67, 0xe2, 0xa0,
|
||||
0x03, 0x71, 0xcf, 0x38, 0x12, 0x67, 0xca, 0x88, 0x31, 0x0c, 0xf7, 0xb1, 0xc5,
|
||||
0xb1, 0x03, 0xe9, 0xf5, 0x14, 0x64, 0xab, 0x11, 0xf9, 0x70, 0x1e, 0x75, 0x11,
|
||||
0x4d, 0x9e, 0x04, 0x4f, 0x54, 0x6b, 0xde, 0x71, 0xfb, 0x04, 0x29, 0xfc, 0xa4,
|
||||
0x9d, 0x0a, 0xa2, 0x13, 0x09, 0x0f, 0xef, 0xca, 0xf9, 0xb7, 0x27, 0x85, 0x29,
|
||||
0x8e, 0x5d, 0x30, 0x95, 0x6f, 0x30, 0x44, 0x23, 0xc2, 0x59, 0xc6, 0x30, 0xde,
|
||||
0x92, 0x82, 0x94, 0x64, 0x64, 0x37, 0x35, 0x6d, 0x23, 0x52, 0x97, 0x9d, 0xfa,
|
||||
0x67, 0xed, 0xf1, 0xb7, 0x37, 0xce, 0x27, 0xef, 0x09, 0x41, 0x6f, 0xd2, 0x06,
|
||||
0x28, 0x91, 0x5a, 0x73, 0xfe, 0xbe, 0x87, 0x1b, 0xd9, 0xc7, 0x6a, 0xa7, 0x7c,
|
||||
0xbb, 0x31, 0x74, 0x82, 0x91, 0xd1, 0x0f, 0xdb, 0x88, 0x6a, 0x14, 0xe9, 0x9f,
|
||||
0x08, 0xcb, 0xf4, 0x7f, 0xa7, 0xb1, 0xa8, 0x3c, 0xef, 0x2f, 0x6a, 0x65, 0x74,
|
||||
0xf7, 0x4f, 0x90, 0x1c, 0x42, 0xf9, 0x01, 0xd4, 0xb3, 0x2a, 0xd1, 0x21, 0x53,
|
||||
0xdb, 0xdd, 0xbd, 0xcb, 0x96, 0x8e, 0x32, 0xf1, 0x56, 0x76, 0x89, 0x2d, 0xf8,
|
||||
0xff, 0xe9, 0x6a, 0x06, 0x66, 0x3f, 0x14, 0x5a, 0x7d, 0xf3, 0x15, 0xb1, 0x28,
|
||||
0x4d, 0x56, 0x80, 0x7e, 0x9d, 0xb1, 0xa9, 0xdc, 0xd6, 0xef, 0x24, 0x6f, 0x8b,
|
||||
0x6a, 0xf5, 0xe3, 0xc9, 0xbd, 0x7a, 0xfe, 0xe5, 0x8c, 0x3a, 0x87, 0xa3, 0xc5,
|
||||
0x17, 0xeb, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01
|
||||
};
|
||||
static uint8_t g_fuzzSubject[] = {
|
||||
0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
|
||||
0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
|
||||
0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31,
|
||||
0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x47, 0x65, 0x6f,
|
||||
0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x4e, 0x20,
|
||||
0x43, 0x41, 0x20, 0x47, 0x32
|
||||
};
|
||||
static char g_fuzzSslHostName[] = "*.163.com";
|
||||
constexpr int TEST_DATA_LEN = 1;
|
||||
static bool g_testFlag = true;
|
||||
|
||||
static void FreeTrustAnchor(HcfX509TrustAnchor *trustAnchor)
|
||||
{
|
||||
if (trustAnchor == nullptr) {
|
||||
return;
|
||||
}
|
||||
CfBlobFree(&trustAnchor->CAPubKey);
|
||||
CfBlobFree(&trustAnchor->CASubject);
|
||||
CfObjDestroy(trustAnchor->CACert);
|
||||
trustAnchor->CACert = nullptr;
|
||||
free(trustAnchor);
|
||||
trustAnchor = nullptr;
|
||||
}
|
||||
|
||||
static void FreeValidateResult(HcfX509CertChainValidateResult *result)
|
||||
{
|
||||
if (result->entityCert != nullptr) {
|
||||
CfObjDestroy(result->entityCert);
|
||||
result->entityCert = nullptr;
|
||||
}
|
||||
|
||||
if (result->trustAnchor != nullptr) {
|
||||
FreeTrustAnchor(result->trustAnchor);
|
||||
}
|
||||
}
|
||||
|
||||
static void TestValidateParam(HcfX509CertChainValidateParams ¶ms, HcfCertChain *x509CertChainObj)
|
||||
{
|
||||
CfBlob date = { 0 };
|
||||
date.data = reinterpret_cast<uint8_t *>(g_fuzzDate);
|
||||
date.size = strlen(g_fuzzDate) + 1;
|
||||
HcfX509TrustAnchorArray trustAnchors = { 0 };
|
||||
HcfX509TrustAnchor anchor = { 0 };
|
||||
CfBlob caPubKey = { 0 };
|
||||
caPubKey.data = g_fuzzPubKey;
|
||||
caPubKey.size = strlen(reinterpret_cast<char *>(g_fuzzPubKey)) + 1;
|
||||
anchor.CAPubKey = &caPubKey;
|
||||
CfBlob caSubject = { 0 };
|
||||
caSubject.data = g_fuzzSubject;
|
||||
caSubject.size = strlen(reinterpret_cast<char *>(g_fuzzSubject)) + 1;
|
||||
anchor.CASubject = &caSubject;
|
||||
trustAnchors.data = static_cast<HcfX509TrustAnchor **>(
|
||||
calloc(TEST_DATA_LEN * sizeof(HcfX509TrustAnchor *), 0));
|
||||
if (trustAnchors.data == nullptr) {
|
||||
return;
|
||||
}
|
||||
trustAnchors.data[0] = &anchor;
|
||||
trustAnchors.count = TEST_DATA_LEN;
|
||||
|
||||
HcfRevocationCheckParam revocationCheckParam = { 0 };
|
||||
HcfRevChkOpArray optionData = { 0 };
|
||||
HcfRevChkOption option[TEST_DATA_LEN] = { REVOCATION_CHECK_OPTION_ACCESS_NETWORK };
|
||||
optionData.data = option;
|
||||
optionData.count = TEST_DATA_LEN;
|
||||
revocationCheckParam.options = &optionData;
|
||||
|
||||
CfBlob sslHostname = { 0 };
|
||||
sslHostname.data = reinterpret_cast<uint8_t *>(g_fuzzSslHostName);
|
||||
sslHostname.size = strlen(g_fuzzSslHostName) + 1;
|
||||
HcfKuArray keyUsage = { 0 };
|
||||
HcfKeyUsageType type[TEST_DATA_LEN] = { KEYUSAGE_DIGITAL_SIGNATURE };
|
||||
keyUsage.data = type;
|
||||
keyUsage.count = TEST_DATA_LEN;
|
||||
|
||||
params.date = &date;
|
||||
params.trustAnchors = &trustAnchors;
|
||||
params.sslHostname = &sslHostname;
|
||||
params.policy = HcfValPolicyType::VALIDATION_POLICY_TYPE_SSL;
|
||||
params.keyUsage = &keyUsage;
|
||||
params.revocationCheckParam = &revocationCheckParam;
|
||||
HcfX509CertChainValidateResult result = { 0 };
|
||||
(void)x509CertChainObj->validate(x509CertChainObj, ¶ms, &result);
|
||||
FreeValidateResult(&result);
|
||||
free(params.trustAnchors->data);
|
||||
}
|
||||
|
||||
static void TestQuery(HcfCertChain *x509CertChainObj)
|
||||
{
|
||||
HcfX509CertChainValidateParams params = { 0 };
|
||||
TestValidateParam(params, x509CertChainObj);
|
||||
}
|
||||
|
||||
static void CreateOneCert(void)
|
||||
{
|
||||
CfEncodingBlob inStream = { 0 };
|
||||
inStream.data = reinterpret_cast<uint8_t *>(g_fuzzCert);
|
||||
inStream.encodingFormat = CF_FORMAT_PEM;
|
||||
inStream.len = strlen(g_fuzzCert) + 1;
|
||||
HcfCertChain *x509CertChainObj = nullptr;
|
||||
CfResult res = HcfCertChainCreate(&inStream, nullptr, &x509CertChainObj);
|
||||
if (res != CF_SUCCESS) {
|
||||
return;
|
||||
}
|
||||
TestQuery(x509CertChainObj);
|
||||
CfObjDestroy(x509CertChainObj);
|
||||
}
|
||||
|
||||
bool X509CertChainFuzzTest(const uint8_t* data, size_t size)
|
||||
{
|
||||
if (g_testFlag) {
|
||||
CreateOneCert();
|
||||
g_testFlag = false;
|
||||
}
|
||||
if (data == nullptr) {
|
||||
return false;
|
||||
}
|
||||
CfEncodingBlob inStream = { 0 };
|
||||
inStream.data = const_cast<uint8_t *>(data);
|
||||
inStream.encodingFormat = CF_FORMAT_PEM;
|
||||
inStream.len = size;
|
||||
HcfCertChain *x509CertChainObj = nullptr;
|
||||
CfResult res = HcfCertChainCreate(&inStream, nullptr, &x509CertChainObj);
|
||||
if (res != CF_SUCCESS) {
|
||||
return false;
|
||||
}
|
||||
CfObjDestroy(x509CertChainObj);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/* Fuzzer entry point */
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
|
||||
{
|
||||
/* Run your code on data */
|
||||
OHOS::X509CertChainFuzzTest(data, size);
|
||||
return 0;
|
||||
}
|
@ -0,0 +1,21 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef X509_CERT_CHAIN_FUZZER_H
|
||||
#define X509_CERT_CHAIN_FUZZER_H
|
||||
|
||||
#define FUZZ_PROJECT_NAME "x509cert_chain_fuzzer"
|
||||
|
||||
#endif
|
@ -36,6 +36,7 @@ ohos_unittest("cf_version1_test") {
|
||||
sources = [
|
||||
"src/cf_mock.cpp",
|
||||
"src/crypto_x509_cert_chain_test.cpp",
|
||||
"src/crypto_x509_cert_chain_test_part2.cpp",
|
||||
"src/crypto_x509_cert_chain_validator_test.cpp",
|
||||
"src/crypto_x509_cert_crl_collection_test.cpp",
|
||||
"src/crypto_x509_certificate_test.cpp",
|
||||
@ -102,17 +103,22 @@ ohos_unittest("cf_version1_test") {
|
||||
"-Wl,--wrap=OBJ_obj2nid",
|
||||
"-Wl,--wrap=OBJ_nid2obj",
|
||||
"-Wl,--wrap=OBJ_obj2txt",
|
||||
"-Wl,--wrap=OCSP_REQUEST_new",
|
||||
"-Wl,--wrap=OSSL_HTTP_parse_url",
|
||||
"-Wl,--wrap=OPENSSL_sk_deep_copy",
|
||||
"-Wl,--wrap=OPENSSL_sk_num",
|
||||
"-Wl,--wrap=OPENSSL_sk_value",
|
||||
"-Wl,--wrap=OPENSSL_sk_new_null",
|
||||
"-Wl,--wrap=OPENSSL_sk_push",
|
||||
"-Wl,--wrap=X509_ALGOR_get0",
|
||||
"-Wl,--wrap=X509_check_host",
|
||||
"-Wl,--wrap=X509_CRL_load_http",
|
||||
"-Wl,--wrap=X509_dup",
|
||||
"-Wl,--wrap=X509_get_pubkey",
|
||||
"-Wl,--wrap=X509_get_ext",
|
||||
"-Wl,--wrap=X509_get_ext_d2i",
|
||||
"-Wl,--wrap=X509_get0_serialNumber",
|
||||
"-Wl,--wrap=X509_get1_ocsp",
|
||||
"-Wl,--wrap=X509_getm_notBefore",
|
||||
"-Wl,--wrap=X509_getm_notAfter",
|
||||
"-Wl,--wrap=X509_NAME_oneline",
|
||||
@ -139,5 +145,6 @@ ohos_unittest("cf_version1_test") {
|
||||
"googletest:gmock",
|
||||
"hilog:libhilog",
|
||||
"openssl:libcrypto_shared",
|
||||
"openssl:libssl_shared",
|
||||
]
|
||||
}
|
||||
|
@ -18,72 +18,83 @@
|
||||
#include <gmock/gmock.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/ocsp.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#include "certificate_openssl_common.h"
|
||||
#include "x509_certificate.h"
|
||||
#include "x509_certificate_openssl.h"
|
||||
|
||||
using ::testing::NiceMock;
|
||||
|
||||
namespace CFMock {
|
||||
class X509OpensslMock {
|
||||
public:
|
||||
MOCK_METHOD2(i2d_X509_EXTENSIONS, int(X509_EXTENSIONS *a, unsigned char **out));
|
||||
MOCK_METHOD1(OPENSSL_sk_num, int(const OPENSSL_STACK *st));
|
||||
MOCK_METHOD1(X509_getm_notBefore, ASN1_TIME *(const X509 *x));
|
||||
MOCK_METHOD1(X509_getm_notAfter, ASN1_TIME *(const X509 *x));
|
||||
MOCK_METHOD3(X509_NAME_oneline, char *(const X509_NAME *a, char *buf, int size));
|
||||
MOCK_METHOD2(i2d_X509, int(X509 *a, unsigned char **out));
|
||||
MOCK_METHOD2(BIO_new_mem_buf, BIO *(const void *buf, int len));
|
||||
MOCK_METHOD2(OPENSSL_sk_value, void *(const OPENSSL_STACK *st, int i));
|
||||
MOCK_METHOD2(HcfX509CertificateCreate, CfResult(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj));
|
||||
MOCK_METHOD0(OPENSSL_sk_new_null, OPENSSL_STACK *(void));
|
||||
MOCK_METHOD2(X509_STORE_add_cert, int(X509_STORE *ctx, X509 *x));
|
||||
MOCK_METHOD0(X509_STORE_CTX_new, X509_STORE_CTX *(void));
|
||||
MOCK_METHOD0(X509_STORE_new, X509_STORE *(void));
|
||||
MOCK_METHOD4(X509_STORE_CTX_init, int(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) * chain));
|
||||
MOCK_METHOD1(X509_verify_cert, int(X509_STORE_CTX *ctx));
|
||||
MOCK_METHOD2(i2d_PUBKEY, int(EVP_PKEY *a, unsigned char **pp));
|
||||
MOCK_METHOD4(X509_get_ext_d2i, void *(const X509 *x, int nid, int *crit, int *idx));
|
||||
MOCK_METHOD2(i2d_ASN1_OCTET_STRING, int(ASN1_OCTET_STRING *a, unsigned char **out));
|
||||
MOCK_METHOD2(i2d_AUTHORITY_KEYID, int(AUTHORITY_KEYID *a, unsigned char **out));
|
||||
MOCK_METHOD3(DeepCopyDataToBlob, CfResult(const unsigned char *data, uint32_t len, CfBlob *outBlob));
|
||||
MOCK_METHOD0(ASN1_TIME_new, ASN1_TIME *(void));
|
||||
MOCK_METHOD1(X509_get0_serialNumber, const ASN1_INTEGER *(const X509 *x));
|
||||
MOCK_METHOD2(i2d_ASN1_INTEGER, int(ASN1_INTEGER *a, unsigned char **out));
|
||||
MOCK_METHOD1(X509_get_pubkey, EVP_PKEY *(X509 *x));
|
||||
MOCK_METHOD1(OBJ_nid2obj, ASN1_OBJECT *(int n));
|
||||
MOCK_METHOD4(OBJ_obj2txt, int(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name));
|
||||
MOCK_METHOD3(BN_bin2bn, BIGNUM *(const unsigned char *s, int len, BIGNUM *ret));
|
||||
MOCK_METHOD1(ASN1_TIME_normalize, int(ASN1_TIME *s));
|
||||
MOCK_METHOD4(
|
||||
X509_ALGOR_get0, void(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor));
|
||||
MOCK_METHOD0(ASN1_TYPE_new, ASN1_TYPE *(void));
|
||||
MOCK_METHOD3(ASN1_TYPE_set1, int(ASN1_TYPE *a, int type, const void *value));
|
||||
MOCK_METHOD2(i2d_ASN1_TYPE, int(ASN1_TYPE *a, unsigned char **out));
|
||||
MOCK_METHOD1(ASN1_INTEGER_get, long(const ASN1_INTEGER *a));
|
||||
MOCK_METHOD1(ASN1_STRING_get0_data, const unsigned char *(const ASN1_STRING *x));
|
||||
MOCK_METHOD2(i2d_GENERAL_NAME, int(GENERAL_NAME *a, unsigned char **out));
|
||||
MOCK_METHOD2(X509_get_ext, X509_EXTENSION *(const X509 *x, X509_EXTENSION *loc));
|
||||
MOCK_METHOD1(X509V3_EXT_d2i, void *(X509_EXTENSION *ext));
|
||||
MOCK_METHOD2(GENERAL_NAME_get0_value, void *(const GENERAL_NAME *a, int *ptype));
|
||||
MOCK_METHOD2(X509_verify, int(X509 *a, EVP_PKEY *r));
|
||||
MOCK_METHOD2(DeepCopyBlobToBlob, CfResult(const CfBlob *inBlob, CfBlob **outBlob));
|
||||
MOCK_METHOD2(OPENSSL_sk_push, int(OPENSSL_STACK *st, const int data));
|
||||
MOCK_METHOD2(i2d_X509_REVOKED, int(X509_REVOKED *a, unsigned char **out));
|
||||
MOCK_METHOD2(i2d_X509_CRL, int(X509_CRL *a, unsigned char **out));
|
||||
MOCK_METHOD3(
|
||||
OPENSSL_sk_deep_copy, OPENSSL_STACK *(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f));
|
||||
MOCK_METHOD1(OBJ_obj2nid, int(const ASN1_OBJECT *o));
|
||||
MOCK_METHOD1(X509_dup, X509 *(X509 *x509));
|
||||
MOCK_METHOD(int, i2d_X509_EXTENSIONS, (X509_EXTENSIONS * a, unsigned char **out));
|
||||
MOCK_METHOD(int, OPENSSL_sk_num, (const OPENSSL_STACK *st));
|
||||
MOCK_METHOD(ASN1_TIME *, X509_getm_notBefore, (const X509 *x));
|
||||
MOCK_METHOD(ASN1_TIME *, X509_getm_notAfter, (const X509 *x));
|
||||
MOCK_METHOD(char *, X509_NAME_oneline, (const X509_NAME *a, char *buf, int size));
|
||||
MOCK_METHOD(int, i2d_X509, (X509 * a, unsigned char **out));
|
||||
MOCK_METHOD(BIO *, BIO_new_mem_buf, (const void *buf, int len));
|
||||
MOCK_METHOD(void *, OPENSSL_sk_value, (const OPENSSL_STACK *st, int i));
|
||||
MOCK_METHOD(CfResult, HcfX509CertificateCreate, (const CfEncodingBlob *inStream, HcfX509Certificate **returnObj));
|
||||
MOCK_METHOD(OPENSSL_STACK *, OPENSSL_sk_new_null, ());
|
||||
MOCK_METHOD(int, X509_STORE_add_cert, (X509_STORE * ctx, X509 *x));
|
||||
MOCK_METHOD(X509_STORE_CTX *, X509_STORE_CTX_new, ());
|
||||
MOCK_METHOD(X509_STORE *, X509_STORE_new, ());
|
||||
MOCK_METHOD(
|
||||
int, X509_STORE_CTX_init, (X509_STORE_CTX * ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) * chain));
|
||||
MOCK_METHOD(int, X509_verify_cert, (X509_STORE_CTX * ctx));
|
||||
MOCK_METHOD(int, i2d_PUBKEY, (EVP_PKEY * a, unsigned char **pp));
|
||||
MOCK_METHOD(void *, X509_get_ext_d2i, (const X509 *x, int nid, int *crit, int *idx));
|
||||
MOCK_METHOD(int, i2d_ASN1_OCTET_STRING, (ASN1_OCTET_STRING * a, unsigned char **out));
|
||||
MOCK_METHOD(int, i2d_AUTHORITY_KEYID, (AUTHORITY_KEYID * a, unsigned char **out));
|
||||
MOCK_METHOD(CfResult, DeepCopyDataToBlob, (const unsigned char *data, uint32_t len, CfBlob *outBlob));
|
||||
MOCK_METHOD(ASN1_TIME *, ASN1_TIME_new, ());
|
||||
MOCK_METHOD(const ASN1_INTEGER *, X509_get0_serialNumber, (const X509 *x));
|
||||
MOCK_METHOD(int, i2d_ASN1_INTEGER, (ASN1_INTEGER * a, unsigned char **out));
|
||||
MOCK_METHOD(EVP_PKEY *, X509_get_pubkey, (X509 * x));
|
||||
MOCK_METHOD(ASN1_OBJECT *, OBJ_nid2obj, (int n));
|
||||
MOCK_METHOD(int, OBJ_obj2txt, (char *buf, int buf_len, const ASN1_OBJECT *a, int no_name));
|
||||
MOCK_METHOD(BIGNUM *, BN_bin2bn, (const unsigned char *s, int len, BIGNUM *ret));
|
||||
MOCK_METHOD(int, ASN1_TIME_normalize, (ASN1_TIME * s));
|
||||
MOCK_METHOD(
|
||||
void, X509_ALGOR_get0, (const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor));
|
||||
MOCK_METHOD(ASN1_TYPE *, ASN1_TYPE_new, ());
|
||||
MOCK_METHOD(int, ASN1_TYPE_set1, (ASN1_TYPE * a, int type, const void *value));
|
||||
MOCK_METHOD(int, i2d_ASN1_TYPE, (ASN1_TYPE * a, unsigned char **out));
|
||||
MOCK_METHOD(long, ASN1_INTEGER_get, (const ASN1_INTEGER *a));
|
||||
MOCK_METHOD(const unsigned char *, ASN1_STRING_get0_data, (const ASN1_STRING *x));
|
||||
MOCK_METHOD(int, i2d_GENERAL_NAME, (GENERAL_NAME * a, unsigned char **out));
|
||||
MOCK_METHOD(X509_EXTENSION *, X509_get_ext, (const X509 *x, X509_EXTENSION *loc));
|
||||
MOCK_METHOD(void *, X509V3_EXT_d2i, (X509_EXTENSION * ext));
|
||||
MOCK_METHOD(void *, GENERAL_NAME_get0_value, (const GENERAL_NAME *a, int *ptype));
|
||||
MOCK_METHOD(int, X509_verify, (X509 * a, EVP_PKEY *r));
|
||||
MOCK_METHOD(CfResult, DeepCopyBlobToBlob, (const CfBlob *inBlob, CfBlob **outBlob));
|
||||
MOCK_METHOD(int, OPENSSL_sk_push, (OPENSSL_STACK * st, const int data));
|
||||
MOCK_METHOD(int, i2d_X509_REVOKED, (X509_REVOKED * a, unsigned char **out));
|
||||
MOCK_METHOD(int, i2d_X509_CRL, (X509_CRL * a, unsigned char **out));
|
||||
MOCK_METHOD(
|
||||
OPENSSL_STACK *, OPENSSL_sk_deep_copy, (const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f));
|
||||
MOCK_METHOD(int, OBJ_obj2nid, (const ASN1_OBJECT *o));
|
||||
MOCK_METHOD(X509 *, X509_dup, (X509 * x509));
|
||||
MOCK_METHOD(int, X509_check_host, (X509 * x, const char *chk, size_t chklen, unsigned int flags, char **peername));
|
||||
MOCK_METHOD(OCSP_REQUEST *, OCSP_REQUEST_new, ());
|
||||
MOCK_METHOD(X509_CRL *, X509_CRL_load_http, (const char *url, BIO *bio, BIO *rbio, int timeout));
|
||||
MOCK_METHOD(struct stack_st_OPENSSL_STRING *, X509_get1_ocsp, (X509 * x));
|
||||
MOCK_METHOD(int, OSSL_HTTP_parse_url,
|
||||
(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num, char **ppath,
|
||||
char **pquery, char **pfrag));
|
||||
|
||||
static X509OpensslMock &GetInstance(void);
|
||||
static NiceMock<X509OpensslMock> &GetInstance(void);
|
||||
static void SetMockFlag(bool flag);
|
||||
static bool GetMockFlag(void);
|
||||
|
||||
private:
|
||||
X509OpensslMock();
|
||||
virtual ~X509OpensslMock();
|
||||
~X509OpensslMock();
|
||||
|
||||
private:
|
||||
void SetMockFunDefaultBehaviorPartOne(void);
|
||||
void SetMockFunDefaultBehaviorPartTwo(void);
|
||||
void SetMockFunDefaultBehaviorPartThree(void);
|
||||
|
@ -22,6 +22,138 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
static const char g_testCertChainPem163[] =
|
||||
"-----BEGIN CERTIFICATE-----\r\n"
|
||||
"MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\r\n"
|
||||
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\r\n"
|
||||
"ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\r\n"
|
||||
"OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\r\n"
|
||||
"CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\r\n"
|
||||
"by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\r\n"
|
||||
"AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\r\n"
|
||||
"MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\r\n"
|
||||
"vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\r\n"
|
||||
"tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\r\n"
|
||||
"C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\r\n"
|
||||
"GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\r\n"
|
||||
"BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\r\n"
|
||||
"C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\r\n"
|
||||
"Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\r\n"
|
||||
"MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\r\n"
|
||||
"RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\r\n"
|
||||
"Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\r\n"
|
||||
"MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\r\n"
|
||||
"Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\r\n"
|
||||
"BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\r\n"
|
||||
"ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\r\n"
|
||||
"bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\r\n"
|
||||
"nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\r\n"
|
||||
"AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\r\n"
|
||||
"W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\r\n"
|
||||
"HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\r\n"
|
||||
"Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\r\n"
|
||||
"QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\r\n"
|
||||
"lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\r\n"
|
||||
"ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\r\n"
|
||||
"P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\r\n"
|
||||
"7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\r\n"
|
||||
"9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\r\n"
|
||||
"-----END CERTIFICATE-----\r\n"
|
||||
"-----BEGIN CERTIFICATE-----\r\n"
|
||||
"MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\r\n"
|
||||
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\n"
|
||||
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r\n"
|
||||
"QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\r\n"
|
||||
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\r\n"
|
||||
"TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\r\n"
|
||||
"7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\r\n"
|
||||
"4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\r\n"
|
||||
"yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\r\n"
|
||||
"c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\r\n"
|
||||
"U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\r\n"
|
||||
"jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\r\n"
|
||||
"T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\r\n"
|
||||
"BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\r\n"
|
||||
"MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\r\n"
|
||||
"cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\r\n"
|
||||
"ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\r\n"
|
||||
"BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\r\n"
|
||||
"LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\r\n"
|
||||
"Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\r\n"
|
||||
"IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\r\n"
|
||||
"cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\r\n"
|
||||
"FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\r\n"
|
||||
"O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\r\n"
|
||||
"sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\r\n"
|
||||
"3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\r\n"
|
||||
"lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\r\n"
|
||||
"tPO+\r\n"
|
||||
"-----END CERTIFICATE-----\r\n";
|
||||
|
||||
static const char g_testOcspResponderCert[] =
|
||||
"-----BEGIN CERTIFICATE-----\r\n"
|
||||
"MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\r\n"
|
||||
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\n"
|
||||
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r\n"
|
||||
"QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\r\n"
|
||||
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\r\n"
|
||||
"TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\r\n"
|
||||
"7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\r\n"
|
||||
"4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\r\n"
|
||||
"yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\r\n"
|
||||
"c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\r\n"
|
||||
"U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\r\n"
|
||||
"jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\r\n"
|
||||
"T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\r\n"
|
||||
"BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\r\n"
|
||||
"MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\r\n"
|
||||
"cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\r\n"
|
||||
"ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\r\n"
|
||||
"BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\r\n"
|
||||
"LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\r\n"
|
||||
"Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\r\n"
|
||||
"IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\r\n"
|
||||
"cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\r\n"
|
||||
"FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\r\n"
|
||||
"O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\r\n"
|
||||
"sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\r\n"
|
||||
"3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\r\n"
|
||||
"lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\r\n"
|
||||
"tPO+\r\n"
|
||||
"-----END CERTIFICATE-----\r\n";
|
||||
|
||||
static const char g_testCertChainPemRoot163[] =
|
||||
"-----BEGIN CERTIFICATE-----\r\n"
|
||||
"MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\r\n"
|
||||
"MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\n"
|
||||
"d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r\n"
|
||||
"QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\r\n"
|
||||
"MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\r\n"
|
||||
"TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\r\n"
|
||||
"7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\r\n"
|
||||
"4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\r\n"
|
||||
"yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\r\n"
|
||||
"c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\r\n"
|
||||
"U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\r\n"
|
||||
"jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\r\n"
|
||||
"T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\r\n"
|
||||
"BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\r\n"
|
||||
"MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\r\n"
|
||||
"cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\r\n"
|
||||
"ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\r\n"
|
||||
"BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\r\n"
|
||||
"LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\r\n"
|
||||
"Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\r\n"
|
||||
"IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\r\n"
|
||||
"cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\r\n"
|
||||
"FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\r\n"
|
||||
"O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\r\n"
|
||||
"sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\r\n"
|
||||
"3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\r\n"
|
||||
"lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\r\n"
|
||||
"tPO+\r\n"
|
||||
"-----END CERTIFICATE-----\r\n";
|
||||
|
||||
const uint8_t g_testChainKeystore[] = { 0x30, 0x82, 0x0D, 0xF1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0D, 0xB7, 0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x0D, 0xA8, 0x04, 0x82, 0x0D, 0xA4, 0x30, 0x82,
|
||||
0x0D, 0xA0, 0x30, 0x82, 0x08, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82,
|
||||
@ -217,6 +349,39 @@ static const char g_testKeystorePwd[] = "123456";
|
||||
const uint8_t g_testIssuerValid[] = { 0x30, 0x17, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0C,
|
||||
0x54, 0x65, 0x73, 0x74, 0x20, 0x4E, 0x43, 0x20, 0x43, 0x41, 0x20, 0x31 };
|
||||
|
||||
static const uint8_t g_testOcspResponses[] = { 0x30, 0x82, 0x01, 0xd3, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x01, 0xcc, 0x30,
|
||||
0x82, 0x01, 0xc8, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x01, 0xb9, 0x30,
|
||||
0x82, 0x01, 0xb5, 0x30, 0x81, 0x9e, 0xa2, 0x16, 0x04, 0x14, 0x24, 0x6f, 0x91, 0x3f, 0x89, 0x87, 0x87, 0x0e, 0x32,
|
||||
0xc2, 0x40, 0x18, 0xdf, 0xc5, 0x4c, 0xeb, 0x4f, 0xc8, 0x49, 0x32, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, 0x32,
|
||||
0x32, 0x31, 0x31, 0x33, 0x30, 0x30, 0x33, 0x31, 0x5a, 0x30, 0x73, 0x30, 0x71, 0x30, 0x49, 0x30, 0x09, 0x06, 0x05,
|
||||
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0xd1, 0x5d, 0xff, 0xaa, 0x00, 0x86, 0xa3, 0x32, 0x76, 0x5e,
|
||||
0x89, 0x07, 0x31, 0xdb, 0xba, 0x75, 0x0b, 0x31, 0x13, 0xdb, 0x04, 0x14, 0x24, 0x6f, 0x91, 0x3f, 0x89, 0x87, 0x87,
|
||||
0x0e, 0x32, 0xc2, 0x40, 0x18, 0xdf, 0xc5, 0x4c, 0xeb, 0x4f, 0xc8, 0x49, 0x32, 0x02, 0x10, 0x04, 0xc3, 0xb4, 0x5b,
|
||||
0x70, 0x94, 0xf4, 0xb5, 0x95, 0xc3, 0x56, 0xc4, 0xfe, 0x3a, 0x98, 0xa2, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32,
|
||||
0x34, 0x30, 0x32, 0x32, 0x31, 0x31, 0x32, 0x34, 0x35, 0x30, 0x31, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x32,
|
||||
0x34, 0x30, 0x32, 0x32, 0x38, 0x31, 0x31, 0x34, 0x35, 0x30, 0x31, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
|
||||
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xb0, 0xdf, 0x0f, 0x94, 0x4f, 0x25,
|
||||
0x05, 0xec, 0x59, 0x65, 0x15, 0xb7, 0x04, 0x91, 0x10, 0x45, 0xf5, 0xbd, 0x26, 0x16, 0xd1, 0x7d, 0x4e, 0x69, 0x2f,
|
||||
0xb3, 0xb2, 0xb5, 0x1c, 0xaa, 0x1d, 0xe5, 0xe9, 0x2a, 0x52, 0xdb, 0xde, 0x69, 0xed, 0xa0, 0x2e, 0x84, 0x18, 0x88,
|
||||
0xfd, 0x26, 0x9f, 0xe7, 0x1c, 0x09, 0xba, 0xe8, 0x18, 0x7c, 0x17, 0x5e, 0xfd, 0x1f, 0x52, 0x75, 0x7e, 0xec, 0x3c,
|
||||
0xf2, 0x1d, 0x55, 0xa4, 0xf7, 0x2c, 0xdf, 0x40, 0x06, 0x8c, 0x19, 0xc2, 0xbc, 0x72, 0xbb, 0xc2, 0xa1, 0xbb, 0xd7,
|
||||
0xd3, 0x79, 0xb3, 0x70, 0xcb, 0x4c, 0x07, 0x18, 0xbc, 0xd1, 0x4e, 0xe2, 0x3e, 0x18, 0xca, 0x08, 0x3d, 0x7f, 0xbc,
|
||||
0xf2, 0x0c, 0x1a, 0x2c, 0x10, 0x83, 0x59, 0xa0, 0xfb, 0x1f, 0xc2, 0x0e, 0x26, 0x17, 0x27, 0xa3, 0xba, 0x49, 0x9b,
|
||||
0x13, 0xdd, 0x55, 0xeb, 0xc8, 0xa2, 0x49, 0x76, 0xcd, 0x46, 0x5a, 0x78, 0x19, 0x26, 0xde, 0xff, 0x66, 0xac, 0x13,
|
||||
0x42, 0x89, 0x86, 0x7e, 0x5c, 0xa4, 0x67, 0xd7, 0x0d, 0xbb, 0x5f, 0xf4, 0x38, 0x91, 0x87, 0x99, 0xeb, 0xd3, 0x99,
|
||||
0x97, 0xd8, 0x0c, 0xae, 0xfa, 0x23, 0x2c, 0x4a, 0xbd, 0xd1, 0xe6, 0xa5, 0x31, 0xee, 0x8a, 0x88, 0xc2, 0x5d, 0x61,
|
||||
0x2c, 0x43, 0x04, 0x33, 0x57, 0x16, 0x98, 0xc2, 0x9a, 0x01, 0xd1, 0xad, 0x8b, 0xa5, 0x56, 0x0b, 0xd9, 0x4c, 0x81,
|
||||
0x88, 0x90, 0x92, 0x07, 0x38, 0xf3, 0xab, 0x38, 0xf8, 0xbc, 0x97, 0x59, 0xae, 0x71, 0xea, 0x25, 0x05, 0x75, 0x3f,
|
||||
0x35, 0x0b, 0x00, 0xcc, 0x1b, 0xe3, 0x32, 0x46, 0x01, 0x72, 0x4c, 0x46, 0x1a, 0x72, 0xd4, 0x7f, 0x4a, 0x94, 0x4f,
|
||||
0x82, 0xf8, 0x69, 0x86, 0x40, 0x32, 0x69, 0x79, 0xbd, 0x09, 0x16, 0x2b, 0xbb, 0x9a, 0x0a, 0x11, 0xa9, 0x65, 0xf0,
|
||||
0xac, 0xbe, 0xd8 };
|
||||
|
||||
static const char g_crlDownloadURI[] = "http://crl.digicert.cn/GeoTrustRSACNCAG2.crl";
|
||||
|
||||
static const char g_crlDownloadURIHttps[] = "https://ocsp.digicert.cn";
|
||||
|
||||
static const char g_crlDownloadURIHttpsInvalid[] = "https://www.123.com";
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -31,6 +31,7 @@
|
||||
#include "key_pair.h"
|
||||
#include "memory_mock.h"
|
||||
#include "securec.h"
|
||||
#include "x509_cert_chain.h"
|
||||
#include "x509_crl.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
@ -503,12 +504,23 @@ extern const CfEncodingBlob g_inStreamChainDataPemMidCRL;
|
||||
extern const CfEncodingBlob g_inStreamChainPemNoRootHasPubKey;
|
||||
extern const CfEncodingBlob g_inStreamChainPemNoRootLast;
|
||||
extern const CfEncodingBlob g_inStreamChainDataPemDisorder;
|
||||
extern const CfEncodingBlob g_inStreamChainDataPem163;
|
||||
extern const CfEncodingBlob g_inStreamChainDataPemRoot163;
|
||||
extern const CfEncodingBlob g_inStreamOcspResponderCert;
|
||||
|
||||
const char *GetInvalidCertClass(void);
|
||||
const char *GetInvalidCrlClass(void);
|
||||
SubAltNameArray *ConstructSubAltNameArrayData();
|
||||
CfArray *ConstructCertPolicyData();
|
||||
const char *GetValidCrlClass(void);
|
||||
const char *GetValidX509CertificateClass(void);
|
||||
void FreeTrustAnchor(HcfX509TrustAnchor *&trustAnchor);
|
||||
void BuildAnchorArr(const CfEncodingBlob &certInStream, HcfX509TrustAnchorArray &trustAnchorArray);
|
||||
void FreeTrustAnchorArr(HcfX509TrustAnchorArray &trustAnchorArray);
|
||||
void BuildCollectionArr(const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream,
|
||||
HcfCertCRLCollectionArray &certCRLCollections);
|
||||
void FreeCertCrlCollectionArr(HcfCertCRLCollectionArray &certCRLCollections);
|
||||
void FreeValidateResult(HcfX509CertChainValidateResult &result);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -70,6 +70,12 @@ OPENSSL_STACK *__real_OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_cop
|
||||
int __real_OBJ_obj2nid(const ASN1_OBJECT *o);
|
||||
X509 *__real_X509_dup(X509 *x509);
|
||||
int __real_i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out);
|
||||
int __real_X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername);
|
||||
OCSP_REQUEST *__real_OCSP_REQUEST_new(void);
|
||||
X509_CRL *__real_X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
|
||||
struct stack_st_OPENSSL_STRING *__real_X509_get1_ocsp(X509 *x);
|
||||
int __real_OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
|
||||
char **ppath, char **pquery, char **pfrag);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
@ -77,9 +83,9 @@ int __real_i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out);
|
||||
|
||||
static bool g_mockTagX509Openssl = false;
|
||||
|
||||
X509OpensslMock &X509OpensslMock::GetInstance(void)
|
||||
NiceMock<X509OpensslMock> &X509OpensslMock::GetInstance(void)
|
||||
{
|
||||
static X509OpensslMock gX509OpensslMock;
|
||||
static NiceMock<X509OpensslMock> gX509OpensslMock;
|
||||
return gX509OpensslMock;
|
||||
}
|
||||
|
||||
@ -233,6 +239,25 @@ void X509OpensslMock::SetMockFunDefaultBehaviorPartThree(void)
|
||||
ON_CALL(*this, i2d_ASN1_INTEGER).WillByDefault([this](ASN1_INTEGER *a, unsigned char **out) {
|
||||
return __real_i2d_ASN1_INTEGER(a, out);
|
||||
});
|
||||
|
||||
ON_CALL(*this, X509_check_host)
|
||||
.WillByDefault([this](X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername) {
|
||||
return __real_X509_check_host(x, chk, chklen, flags, peername);
|
||||
});
|
||||
|
||||
ON_CALL(*this, OCSP_REQUEST_new).WillByDefault([this](void) { return __real_OCSP_REQUEST_new(); });
|
||||
|
||||
ON_CALL(*this, X509_CRL_load_http).WillByDefault([this](const char *url, BIO *bio, BIO *rbio, int timeout) {
|
||||
return __real_X509_CRL_load_http(url, bio, rbio, timeout);
|
||||
});
|
||||
|
||||
ON_CALL(*this, X509_get1_ocsp).WillByDefault([this](X509 *x) { return __real_X509_get1_ocsp(x); });
|
||||
|
||||
ON_CALL(*this, OSSL_HTTP_parse_url)
|
||||
.WillByDefault([this](const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
|
||||
char **ppath, char **pquery, char **pfrag) {
|
||||
return __real_OSSL_HTTP_parse_url(url, pssl, puser, phost, pport, pport_num, ppath, pquery, pfrag);
|
||||
});
|
||||
}
|
||||
|
||||
X509OpensslMock::X509OpensslMock()
|
||||
@ -672,6 +697,53 @@ X509 *__wrap_X509_dup(X509 *x509)
|
||||
}
|
||||
}
|
||||
|
||||
int __wrap_X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername)
|
||||
{
|
||||
if (g_mockTagX509Openssl) {
|
||||
return X509OpensslMock::GetInstance().X509_check_host(x, chk, chklen, flags, peername);
|
||||
} else {
|
||||
return __real_X509_check_host(x, chk, chklen, flags, peername);
|
||||
}
|
||||
}
|
||||
|
||||
OCSP_REQUEST *__wrap_OCSP_REQUEST_new(void)
|
||||
{
|
||||
if (g_mockTagX509Openssl) {
|
||||
return X509OpensslMock::GetInstance().OCSP_REQUEST_new();
|
||||
} else {
|
||||
return __real_OCSP_REQUEST_new();
|
||||
}
|
||||
}
|
||||
|
||||
X509_CRL *__wrap_X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
|
||||
{
|
||||
if (g_mockTagX509Openssl) {
|
||||
return X509OpensslMock::GetInstance().X509_CRL_load_http(url, bio, rbio, timeout);
|
||||
} else {
|
||||
return __real_X509_CRL_load_http(url, bio, rbio, timeout);
|
||||
}
|
||||
}
|
||||
|
||||
struct stack_st_OPENSSL_STRING *__wrap_X509_get1_ocsp(X509 *x)
|
||||
{
|
||||
if (g_mockTagX509Openssl) {
|
||||
return X509OpensslMock::GetInstance().X509_get1_ocsp(x);
|
||||
} else {
|
||||
return __real_X509_get1_ocsp(x);
|
||||
}
|
||||
}
|
||||
|
||||
int __wrap_OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
|
||||
char **ppath, char **pquery, char **pfrag)
|
||||
{
|
||||
if (g_mockTagX509Openssl) {
|
||||
return X509OpensslMock::GetInstance().OSSL_HTTP_parse_url(
|
||||
url, pssl, puser, phost, pport, pport_num, ppath, pquery, pfrag);
|
||||
} else {
|
||||
return __real_OSSL_HTTP_parse_url(url, pssl, puser, phost, pport, pport_num, ppath, pquery, pfrag);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -53,6 +53,9 @@ void *__real_OPENSSL_sk_value(const OPENSSL_STACK *st, int i);
|
||||
CfResult __real_DeepCopyBlobToBlob(const CfBlob *inBlob, CfBlob **outBlob);
|
||||
CfResult __real_HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj);
|
||||
int __real_OPENSSL_sk_push(OPENSSL_STACK *st, const int data);
|
||||
OPENSSL_STACK *__real_OPENSSL_sk_new_null(void);
|
||||
int __real_OPENSSL_sk_push(OPENSSL_STACK *st, const int data);
|
||||
X509 *__real_X509_dup(X509 *x509);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
@ -100,93 +103,6 @@ static const char *GetInvalidCertChainClass(void)
|
||||
return "HcfInvalidCertChain";
|
||||
}
|
||||
|
||||
static void FreeTrustAnchor(HcfX509TrustAnchor *&trustAnchor)
|
||||
{
|
||||
if (trustAnchor == nullptr) {
|
||||
return;
|
||||
}
|
||||
CfBlobFree(&trustAnchor->CAPubKey);
|
||||
CfBlobFree(&trustAnchor->CASubject);
|
||||
CfObjDestroy(trustAnchor->CACert);
|
||||
trustAnchor->CACert = nullptr;
|
||||
CfFree(trustAnchor);
|
||||
trustAnchor = nullptr;
|
||||
}
|
||||
|
||||
static void BuildAnchorArr(const CfEncodingBlob &certInStream, HcfX509TrustAnchorArray &trustAnchorArray)
|
||||
{
|
||||
HcfX509TrustAnchor *anchor = static_cast<HcfX509TrustAnchor *>(HcfMalloc(sizeof(HcfX509TrustAnchor), 0));
|
||||
ASSERT_NE(anchor, nullptr);
|
||||
|
||||
(void)HcfX509CertificateCreate(&certInStream, &anchor->CACert);
|
||||
trustAnchorArray.data = static_cast<HcfX509TrustAnchor **>(HcfMalloc(1 * sizeof(HcfX509TrustAnchor *), 0));
|
||||
ASSERT_NE(trustAnchorArray.data, nullptr);
|
||||
trustAnchorArray.data[0] = anchor;
|
||||
trustAnchorArray.count = 1;
|
||||
}
|
||||
|
||||
static void FreeTrustAnchorArr(HcfX509TrustAnchorArray &trustAnchorArray)
|
||||
{
|
||||
for (uint32_t i = 0; i < trustAnchorArray.count; ++i) {
|
||||
HcfX509TrustAnchor *anchor = trustAnchorArray.data[i];
|
||||
FreeTrustAnchor(anchor);
|
||||
}
|
||||
CfFree(trustAnchorArray.data);
|
||||
trustAnchorArray.data = nullptr;
|
||||
trustAnchorArray.count = 0;
|
||||
}
|
||||
|
||||
static void BuildCollectionArr(const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream,
|
||||
HcfCertCRLCollectionArray &certCRLCollections)
|
||||
{
|
||||
CfResult ret = CF_SUCCESS;
|
||||
HcfX509CertificateArray *certArray = nullptr;
|
||||
if (certInStream != nullptr) {
|
||||
certArray = static_cast<HcfX509CertificateArray *>(HcfMalloc(sizeof(HcfX509CertificateArray), 0));
|
||||
ASSERT_NE(certArray, nullptr);
|
||||
|
||||
HcfX509Certificate *x509CertObj = nullptr;
|
||||
(void)HcfX509CertificateCreate(certInStream, &x509CertObj);
|
||||
ASSERT_NE(x509CertObj, nullptr);
|
||||
|
||||
certArray->data = static_cast<HcfX509Certificate **>(HcfMalloc(1 * sizeof(HcfX509Certificate *), 0));
|
||||
ASSERT_NE(certArray->data, nullptr);
|
||||
certArray->data[0] = x509CertObj;
|
||||
certArray->count = 1;
|
||||
}
|
||||
|
||||
HcfX509CrlArray *crlArray = nullptr;
|
||||
if (crlInStream != nullptr) {
|
||||
crlArray = static_cast<HcfX509CrlArray *>(HcfMalloc(sizeof(HcfX509CrlArray), 0));
|
||||
ASSERT_NE(crlArray, nullptr);
|
||||
|
||||
HcfX509Crl *x509Crl = nullptr;
|
||||
ret = HcfX509CrlCreate(crlInStream, &x509Crl);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
ASSERT_NE(x509Crl, nullptr);
|
||||
|
||||
crlArray->data = static_cast<HcfX509Crl **>(HcfMalloc(1 * sizeof(HcfX509Crl *), 0));
|
||||
ASSERT_NE(crlArray->data, nullptr);
|
||||
crlArray->data[0] = x509Crl;
|
||||
crlArray->count = 1;
|
||||
}
|
||||
|
||||
HcfCertCrlCollection *x509CertCrlCollection = nullptr;
|
||||
ret = HcfCertCrlCollectionCreate(certArray, crlArray, &x509CertCrlCollection);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
ASSERT_NE(x509CertCrlCollection, nullptr);
|
||||
|
||||
certCRLCollections.data = static_cast<HcfCertCrlCollection **>(HcfMalloc(1 * sizeof(HcfCertCrlCollection *), 0));
|
||||
ASSERT_NE(certCRLCollections.data, nullptr);
|
||||
certCRLCollections.data[0] = x509CertCrlCollection;
|
||||
certCRLCollections.count = 1;
|
||||
|
||||
FreeCertArrayData(certArray);
|
||||
CfFree(certArray);
|
||||
FreeCrlArrayData(crlArray);
|
||||
CfFree(crlArray);
|
||||
}
|
||||
|
||||
void CryptoX509CertChainTest::SetUpTestCase()
|
||||
{
|
||||
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataP7b, nullptr, &g_certChainP7b);
|
||||
@ -234,29 +150,6 @@ void CryptoX509CertChainTest::SetUp() {}
|
||||
|
||||
void CryptoX509CertChainTest::TearDown() {}
|
||||
|
||||
static void FreeCertCrlCollectionArr(HcfCertCRLCollectionArray &certCRLCollections)
|
||||
{
|
||||
for (uint32_t i = 0; i < certCRLCollections.count; ++i) {
|
||||
HcfCertCrlCollection *collection = certCRLCollections.data[i];
|
||||
CfObjDestroy(collection);
|
||||
}
|
||||
CfFree(certCRLCollections.data);
|
||||
certCRLCollections.data = nullptr;
|
||||
certCRLCollections.count = 0;
|
||||
}
|
||||
|
||||
static void FreeValidateResult(HcfX509CertChainValidateResult &result)
|
||||
{
|
||||
if (result.entityCert != nullptr) {
|
||||
CfObjDestroy(result.entityCert);
|
||||
result.entityCert = nullptr;
|
||||
}
|
||||
|
||||
if (result.trustAnchor != nullptr) {
|
||||
FreeTrustAnchor(result.trustAnchor);
|
||||
}
|
||||
}
|
||||
|
||||
/* invalid encodingBlob. */
|
||||
HWTEST_F(CryptoX509CertChainTest, CertChainByEncSpiCreateTest001, TestSize.Level0)
|
||||
{
|
||||
@ -694,6 +587,7 @@ HWTEST_F(CryptoX509CertChainTest, GetCertListCoreTest004, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest001, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest001");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataP7b, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -707,6 +601,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest001, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest002, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest002");
|
||||
ASSERT_NE(g_certChainP7bSpi, nullptr);
|
||||
CfResult ret = g_certChainP7bSpi->engineValidate(g_certChainP7bSpi, nullptr, nullptr);
|
||||
ASSERT_EQ(ret, CF_INVALID_PARAMS);
|
||||
@ -714,6 +609,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest002, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest003, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest003");
|
||||
ASSERT_NE(g_certChainP7bSpi, nullptr);
|
||||
HcfX509TrustAnchor anchor = { 0 };
|
||||
CfEncodingBlob inStream = { 0 };
|
||||
@ -742,6 +638,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest003, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest004, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest004");
|
||||
ASSERT_NE(g_certChainP7bSpi, nullptr);
|
||||
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
@ -767,6 +664,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest004, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest005, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest005");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -787,6 +685,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest005, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest006, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest006");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -804,6 +703,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest006, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest007, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest007");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchor anchor = { 0 };
|
||||
@ -826,6 +726,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest007, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest008, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest008");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
CfBlob pubkey = { 0, nullptr };
|
||||
@ -857,6 +758,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest008, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest009, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest009");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
CfBlob pubkey = { 0, nullptr };
|
||||
@ -877,13 +779,14 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest009, TestSize.Level0)
|
||||
|
||||
HcfX509CertChainValidateResult result = { 0 };
|
||||
CfResult ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, &pCertChainValidateParams, &result);
|
||||
ASSERT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
|
||||
ASSERT_EQ(ret, CF_INVALID_PARAMS);
|
||||
|
||||
CfFree(trustAnchorArray.data);
|
||||
}
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest010, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest010");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
CfBlob pubkey = { 0, nullptr };
|
||||
@ -919,6 +822,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest010, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest011, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest011");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
CfBlob pubkey = { 0, nullptr };
|
||||
@ -952,6 +856,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest011, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest012, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest012");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
CfBlob pubkey = { 0, nullptr };
|
||||
@ -973,13 +878,14 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest012, TestSize.Level0)
|
||||
|
||||
HcfX509CertChainValidateResult result = { 0 };
|
||||
CfResult ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, &pCertChainValidateParams, &result);
|
||||
ASSERT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
|
||||
ASSERT_EQ(ret, CF_INVALID_PARAMS);
|
||||
|
||||
CfFree(trustAnchorArray.data);
|
||||
}
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest013, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest013");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
CfBlob pubkey = { 0, nullptr };
|
||||
@ -1002,13 +908,14 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest013, TestSize.Level0)
|
||||
|
||||
HcfX509CertChainValidateResult result = { 0 };
|
||||
CfResult ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, &pCertChainValidateParams, &result);
|
||||
ASSERT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
|
||||
ASSERT_EQ(ret, CF_INVALID_PARAMS);
|
||||
|
||||
CfFree(trustAnchorArray.data);
|
||||
}
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest014, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest014");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPemNoRoot, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1033,6 +940,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest014, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest015, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest015");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1067,6 +975,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest015, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest016, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest016");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1085,6 +994,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest016, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest017, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest017");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPemRoot, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1121,6 +1031,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest017, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest018, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest018");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1148,6 +1059,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest018, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest019, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest019");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1175,6 +1087,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest019, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest020, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest020");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1202,6 +1115,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest020, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest021, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest021");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1226,6 +1140,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest021, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest022, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest022");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1250,6 +1165,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest022, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest023, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest023");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1275,6 +1191,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest023, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest024, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest024");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1299,6 +1216,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest024, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest025, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest025");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1324,6 +1242,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest025, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest026, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest026");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1346,6 +1265,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest026, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest027, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest027");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1378,6 +1298,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest027, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest028, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest028");
|
||||
for (unsigned int i = 0; i < 1000; i++) {
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
|
||||
@ -1398,6 +1319,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest028, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest029, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest029");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1422,6 +1344,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest029, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest030, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest030");
|
||||
ASSERT_NE(g_certChainPemSpi, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1447,6 +1370,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest030, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest031, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest031");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPemDisorder, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1468,6 +1392,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest031, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest032, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest032");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1502,6 +1427,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest032, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest033, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest033");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1538,6 +1464,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest033, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest034, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateOpensslTest034");
|
||||
HcfX509CertChainSpi *certChainSpi = nullptr;
|
||||
CfResult ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainPemNoRootHasPubKey, &certChainSpi);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1574,6 +1501,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateOpensslTest034, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest001, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateCoreTest001");
|
||||
HcfCertChain *pCertChain = nullptr;
|
||||
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataP7b, nullptr, &pCertChain);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1587,6 +1515,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest001, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest002, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateCoreTest002");
|
||||
HcfCertChain *pCertChain = nullptr;
|
||||
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataP7b, nullptr, &pCertChain);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1600,6 +1529,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest002, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest003, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateCoreTest003");
|
||||
ASSERT_NE(g_certChainP7b, nullptr);
|
||||
|
||||
HcfX509TrustAnchorArray trustAnchorArray = { 0 };
|
||||
@ -1616,6 +1546,7 @@ HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest003, TestSize.Level0)
|
||||
|
||||
HWTEST_F(CryptoX509CertChainTest, ValidateCoreTest004, TestSize.Level0)
|
||||
{
|
||||
CF_LOG_I("ValidateCoreTest004");
|
||||
HcfCertChain *pCertChain = nullptr;
|
||||
CfResult ret = HcfCertChainCreate(&g_inStreamChainDataPem, nullptr, &pCertChain);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
@ -1780,19 +1711,25 @@ HWTEST_F(CryptoX509CertChainTest, HcfX509CertChainByParamsSpiCreateTest002, Test
|
||||
|
||||
// test HcfX509CertChainByParamsSpiCreate failed case
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null()).Times(AnyNumber()).WillOnce(Return(NULL));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null())
|
||||
.WillOnce(Return(NULL))
|
||||
.WillRepeatedly(Invoke(__real_OPENSSL_sk_new_null));
|
||||
CfResult result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
|
||||
EXPECT_EQ(result, CF_ERR_MALLOC);
|
||||
X509OpensslMock::SetMockFlag(false);
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_dup(_)).Times(AnyNumber()).WillOnce(Return(NULL));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_dup(_))
|
||||
.WillOnce(Return(NULL))
|
||||
.WillRepeatedly(Invoke(__real_X509_dup));
|
||||
result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
|
||||
EXPECT_EQ(result, CF_ERR_MALLOC);
|
||||
X509OpensslMock::SetMockFlag(false);
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_push(_, _)).Times(AnyNumber()).WillOnce(Return(-1));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_push(_, _))
|
||||
.WillOnce(Return(-1))
|
||||
.WillRepeatedly(Invoke(__real_OPENSSL_sk_push));
|
||||
result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
|
||||
EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
|
||||
X509OpensslMock::SetMockFlag(false);
|
||||
|
1017
test/unittest/v1.0/src/crypto_x509_cert_chain_test_part2.cpp
Normal file
1017
test/unittest/v1.0/src/crypto_x509_cert_chain_test_part2.cpp
Normal file
File diff suppressed because it is too large
Load Diff
@ -40,6 +40,22 @@ using ::testing::AnyNumber;
|
||||
using ::testing::Invoke;
|
||||
using ::testing::Return;
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
int __real_OPENSSL_sk_num(const OPENSSL_STACK *st);
|
||||
void *__real_OPENSSL_sk_value(const OPENSSL_STACK *st, int i);
|
||||
long __real_ASN1_INTEGER_get(const ASN1_INTEGER *a);
|
||||
void *__real_X509V3_EXT_d2i(X509_EXTENSION *ext);
|
||||
X509_EXTENSION *__real_X509_get_ext(const X509 *x, X509_EXTENSION *loc);
|
||||
void *__real_X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
|
||||
CfResult __real_DeepCopyDataToBlob(const unsigned char *data, uint32_t len, CfBlob *outBlob);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
namespace {
|
||||
class CryptoX509CertificateTestPart3 : public testing::Test {
|
||||
public:
|
||||
@ -140,7 +156,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareSubjectAlternativeNamesTest002,
|
||||
|
||||
// test CompareSubAltNameX509Openssl failed case
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _)).Times(AnyNumber()).WillOnce(Return(NULL));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _))
|
||||
.WillOnce(Return(NULL))
|
||||
.WillRepeatedly(Invoke(__real_X509_get_ext_d2i));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &matchParams, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
@ -182,7 +200,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareMatchAllSubjectAltNamesTest001,
|
||||
|
||||
// add failed case ret != CF_SUCCESS
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_)).Times(AnyNumber()).WillOnce(Return(-1));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_))
|
||||
.WillOnce(Return(-1))
|
||||
.WillRepeatedly(Invoke(__real_OPENSSL_sk_num));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
|
||||
X509OpensslMock::SetMockFlag(false);
|
||||
@ -225,8 +245,8 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareAuthorityKeyIdentifierTest001, T
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), DeepCopyDataToBlob(_, _, _))
|
||||
.Times(AnyNumber())
|
||||
.WillOnce(Return(CF_INVALID_PARAMS));
|
||||
.WillOnce(Return(CF_INVALID_PARAMS))
|
||||
.WillRepeatedly(Invoke(__real_DeepCopyDataToBlob));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_INVALID_PARAMS);
|
||||
X509OpensslMock::SetMockFlag(false);
|
||||
@ -280,14 +300,18 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareMinPathLenConstraintTest002, Tes
|
||||
constraints->pathlen = pathlen;
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509V3_EXT_d2i(_)).Times(AnyNumber()).WillOnce(Return(constraints));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), ASN1_INTEGER_get(_)).Times(AnyNumber()).WillOnce(Return(10));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), ASN1_INTEGER_get(_))
|
||||
.WillOnce(Return(10))
|
||||
.WillRepeatedly(Invoke(__real_ASN1_INTEGER_get));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
X509OpensslMock::SetMockFlag(false);
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509V3_EXT_d2i(_)).Times(AnyNumber()).WillOnce(Return(NULL));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509V3_EXT_d2i(_))
|
||||
.WillOnce(Return(NULL))
|
||||
.WillRepeatedly(Invoke(__real_X509V3_EXT_d2i));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
@ -302,7 +326,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareMinPathLenConstraintTest002, Tes
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
certMatchParameters.minPathLenConstraint = 2;
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext(_, _)).Times(AnyNumber()).WillOnce(Return(NULL));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext(_, _))
|
||||
.WillOnce(Return(NULL))
|
||||
.WillRepeatedly(Invoke(__real_X509_get_ext));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
@ -374,7 +400,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize
|
||||
tree->base->d.otherName = OTHERNAME_new();
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _)).Times(AnyNumber()).WillOnce(Return(tree));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
|
||||
.WillOnce(Return(tree))
|
||||
.WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
|
||||
ret = g_testCertWithPrivateKeyValidObj->match(g_testCertWithPrivateKeyValidObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
@ -389,7 +417,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize
|
||||
tree->base->d.x400Address = ASN1_STRING_new();
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _)).Times(AnyNumber()).WillOnce(Return(tree));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
|
||||
.WillOnce(Return(tree))
|
||||
.WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
|
||||
ret = g_testCertWithPrivateKeyValidObj->match(g_testCertWithPrivateKeyValidObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
@ -508,7 +538,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest004, TestSize
|
||||
tree->base->d.registeredID = ASN1_OBJECT_new();
|
||||
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _)).Times(AnyNumber()).WillOnce(Return(tree));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
|
||||
.WillOnce(Return(tree))
|
||||
.WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
@ -550,7 +582,9 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest005, TestSize
|
||||
nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null();
|
||||
EXPECT_NE(nc, nullptr);
|
||||
X509OpensslMock::SetMockFlag(true);
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _)).Times(AnyNumber()).WillOnce(Return(nc));
|
||||
EXPECT_CALL(X509OpensslMock::GetInstance(), X509_get_ext_d2i(_, _, _, _))
|
||||
.WillOnce(Return(nc))
|
||||
.WillRepeatedly(Invoke(__real_X509_get_ext_d2i));
|
||||
ret = g_x509CertExtAttrObj->match(g_x509CertExtAttrObj, &certMatchParameters, &bResult);
|
||||
EXPECT_EQ(ret, CF_SUCCESS);
|
||||
EXPECT_EQ(bResult, false);
|
||||
|
@ -16,16 +16,17 @@
|
||||
#include "crypto_x509_test_common.h"
|
||||
|
||||
#include <gtest/gtest.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#include "cert_crl_common.h"
|
||||
#include "certificate_openssl_common.h"
|
||||
#include "cf_blob.h"
|
||||
#include "cf_log.h"
|
||||
#include "fwk_class.h"
|
||||
#include "memory_mock.h"
|
||||
#include "securec.h"
|
||||
#include "x509_certificate.h"
|
||||
#include "x509_certificate_openssl.h"
|
||||
#include "fwk_class.h"
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#define CONSTRUCT_CERTPOLICY_DATA_SIZE 1
|
||||
|
||||
@ -132,12 +133,18 @@ const int g_testCrlWhichEntryWithExtSize = sizeof(g_testCrlWhichEntryWithExt);
|
||||
|
||||
const int g_testCertChainPemSize = sizeof(g_testCertChainPem) / sizeof(char);
|
||||
|
||||
const int g_testCertChainPem163Size = sizeof(g_testCertChainPem163) / sizeof(char);
|
||||
|
||||
const int g_testOcspResponderCertSize = sizeof(g_testOcspResponderCert) / sizeof(char);
|
||||
|
||||
const int g_testCertChainPemMidSize = sizeof(g_testCertChainPemMid) / sizeof(char);
|
||||
|
||||
const int g_testCertChainPemMidCRLSize = sizeof(g_testCertChainPemMidCRL) / sizeof(char);
|
||||
|
||||
const int g_testCertChainPemRootSize = sizeof(g_testCertChainPemRoot) / sizeof(char);
|
||||
|
||||
const int g_testCertChainPemRoot163Size = sizeof(g_testCertChainPemRoot163) / sizeof(char);
|
||||
|
||||
const int g_testCertChainPemNoRootSize = sizeof(g_testCertChainPemNoRoot) / sizeof(char);
|
||||
|
||||
const int g_testCertChainPemNoRootHasPubKeySize = sizeof(g_testCertChainPemNoRootHasPubKey) / sizeof(char);
|
||||
@ -215,6 +222,14 @@ const CfEncodingBlob g_inStreamChainDataDer = { const_cast<uint8_t *>(g_testChai
|
||||
const CfEncodingBlob g_inStreamChainDataPem = { reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPem)),
|
||||
g_testCertChainPemSize, CF_FORMAT_PEM };
|
||||
|
||||
const CfEncodingBlob g_inStreamChainDataPem163 = {
|
||||
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPem163)), g_testCertChainPem163Size, CF_FORMAT_PEM
|
||||
};
|
||||
|
||||
const CfEncodingBlob g_inStreamOcspResponderCert = {
|
||||
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testOcspResponderCert)), g_testOcspResponderCertSize, CF_FORMAT_PEM
|
||||
};
|
||||
|
||||
const CfEncodingBlob g_inStreamChainDataPemMid = {
|
||||
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPemMid)), g_testCertChainPemMidSize, CF_FORMAT_PEM
|
||||
};
|
||||
@ -223,6 +238,10 @@ const CfEncodingBlob g_inStreamChainDataPemRoot = {
|
||||
reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPemRoot)), g_testCertChainPemRootSize, CF_FORMAT_PEM
|
||||
};
|
||||
|
||||
const CfEncodingBlob g_inStreamChainDataPemRoot163 = { reinterpret_cast<uint8_t *>(
|
||||
const_cast<char *>(g_testCertChainPemRoot163)),
|
||||
g_testCertChainPemRoot163Size, CF_FORMAT_PEM };
|
||||
|
||||
const CfEncodingBlob g_inStreamChainDataPemNoRoot = { reinterpret_cast<uint8_t *>(
|
||||
const_cast<char *>(g_testCertChainPemNoRoot)),
|
||||
g_testCertChainPemNoRootSize, CF_FORMAT_PEM };
|
||||
@ -311,3 +330,113 @@ const char *GetValidX509CertificateClass(void)
|
||||
{
|
||||
return HCF_X509_CERTIFICATE_CLASS;
|
||||
}
|
||||
|
||||
void FreeTrustAnchor(HcfX509TrustAnchor *&trustAnchor)
|
||||
{
|
||||
if (trustAnchor == nullptr) {
|
||||
return;
|
||||
}
|
||||
CfBlobFree(&trustAnchor->CAPubKey);
|
||||
CfBlobFree(&trustAnchor->CASubject);
|
||||
CfObjDestroy(trustAnchor->CACert);
|
||||
trustAnchor->CACert = nullptr;
|
||||
CfFree(trustAnchor);
|
||||
trustAnchor = nullptr;
|
||||
}
|
||||
|
||||
void BuildAnchorArr(const CfEncodingBlob &certInStream, HcfX509TrustAnchorArray &trustAnchorArray)
|
||||
{
|
||||
HcfX509TrustAnchor *anchor = static_cast<HcfX509TrustAnchor *>(HcfMalloc(sizeof(HcfX509TrustAnchor), 0));
|
||||
ASSERT_NE(anchor, nullptr);
|
||||
|
||||
(void)HcfX509CertificateCreate(&certInStream, &anchor->CACert);
|
||||
trustAnchorArray.data = static_cast<HcfX509TrustAnchor **>(HcfMalloc(1 * sizeof(HcfX509TrustAnchor *), 0));
|
||||
ASSERT_NE(trustAnchorArray.data, nullptr);
|
||||
trustAnchorArray.data[0] = anchor;
|
||||
trustAnchorArray.count = 1;
|
||||
}
|
||||
|
||||
void FreeTrustAnchorArr(HcfX509TrustAnchorArray &trustAnchorArray)
|
||||
{
|
||||
for (uint32_t i = 0; i < trustAnchorArray.count; ++i) {
|
||||
HcfX509TrustAnchor *anchor = trustAnchorArray.data[i];
|
||||
FreeTrustAnchor(anchor);
|
||||
}
|
||||
CfFree(trustAnchorArray.data);
|
||||
trustAnchorArray.data = nullptr;
|
||||
trustAnchorArray.count = 0;
|
||||
}
|
||||
|
||||
void BuildCollectionArr(const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream,
|
||||
HcfCertCRLCollectionArray &certCRLCollections)
|
||||
{
|
||||
CfResult ret = CF_SUCCESS;
|
||||
HcfX509CertificateArray *certArray = nullptr;
|
||||
if (certInStream != nullptr) {
|
||||
certArray = static_cast<HcfX509CertificateArray *>(HcfMalloc(sizeof(HcfX509CertificateArray), 0));
|
||||
ASSERT_NE(certArray, nullptr);
|
||||
|
||||
HcfX509Certificate *x509CertObj = nullptr;
|
||||
(void)HcfX509CertificateCreate(certInStream, &x509CertObj);
|
||||
ASSERT_NE(x509CertObj, nullptr);
|
||||
|
||||
certArray->data = static_cast<HcfX509Certificate **>(HcfMalloc(1 * sizeof(HcfX509Certificate *), 0));
|
||||
ASSERT_NE(certArray->data, nullptr);
|
||||
certArray->data[0] = x509CertObj;
|
||||
certArray->count = 1;
|
||||
}
|
||||
|
||||
HcfX509CrlArray *crlArray = nullptr;
|
||||
if (crlInStream != nullptr) {
|
||||
crlArray = static_cast<HcfX509CrlArray *>(HcfMalloc(sizeof(HcfX509CrlArray), 0));
|
||||
ASSERT_NE(crlArray, nullptr);
|
||||
|
||||
HcfX509Crl *x509Crl = nullptr;
|
||||
ret = HcfX509CrlCreate(crlInStream, &x509Crl);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
ASSERT_NE(x509Crl, nullptr);
|
||||
|
||||
crlArray->data = static_cast<HcfX509Crl **>(HcfMalloc(1 * sizeof(HcfX509Crl *), 0));
|
||||
ASSERT_NE(crlArray->data, nullptr);
|
||||
crlArray->data[0] = x509Crl;
|
||||
crlArray->count = 1;
|
||||
}
|
||||
|
||||
HcfCertCrlCollection *x509CertCrlCollection = nullptr;
|
||||
ret = HcfCertCrlCollectionCreate(certArray, crlArray, &x509CertCrlCollection);
|
||||
ASSERT_EQ(ret, CF_SUCCESS);
|
||||
ASSERT_NE(x509CertCrlCollection, nullptr);
|
||||
|
||||
certCRLCollections.data = static_cast<HcfCertCrlCollection **>(HcfMalloc(1 * sizeof(HcfCertCrlCollection *), 0));
|
||||
ASSERT_NE(certCRLCollections.data, nullptr);
|
||||
certCRLCollections.data[0] = x509CertCrlCollection;
|
||||
certCRLCollections.count = 1;
|
||||
|
||||
FreeCertArrayData(certArray);
|
||||
CfFree(certArray);
|
||||
FreeCrlArrayData(crlArray);
|
||||
CfFree(crlArray);
|
||||
}
|
||||
|
||||
void FreeCertCrlCollectionArr(HcfCertCRLCollectionArray &certCRLCollections)
|
||||
{
|
||||
for (uint32_t i = 0; i < certCRLCollections.count; ++i) {
|
||||
HcfCertCrlCollection *collection = certCRLCollections.data[i];
|
||||
CfObjDestroy(collection);
|
||||
}
|
||||
CfFree(certCRLCollections.data);
|
||||
certCRLCollections.data = nullptr;
|
||||
certCRLCollections.count = 0;
|
||||
}
|
||||
|
||||
void FreeValidateResult(HcfX509CertChainValidateResult &result)
|
||||
{
|
||||
if (result.entityCert != nullptr) {
|
||||
CfObjDestroy(result.entityCert);
|
||||
result.entityCert = nullptr;
|
||||
}
|
||||
|
||||
if (result.trustAnchor != nullptr) {
|
||||
FreeTrustAnchor(result.trustAnchor);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user