1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include "securec.h"
18 #include "string"
19
20 #include "cert_chain_validator.h"
21 #include "blob.h"
22 #include "memory_mock.h"
23 #include "object_base.h"
24 #include "result.h"
25 #include "x509_cert_chain_validator_openssl.h"
26
27 using namespace std;
28 using namespace testing::ext;
29
30 namespace {
31 class CryptoX509CertChainValidatorTest : public testing::Test {
32 public:
33 static void SetUpTestCase();
34 static void TearDownTestCase();
35 void SetUp();
36 void TearDown();
37 };
38
39 constexpr int32_t CERT_HEADER_LEN = 2;
40 constexpr int32_t INVALID_MAX_CERT_LEN = 8194;
41
42 static char g_caCert[] =
43 "-----BEGIN CERTIFICATE-----\r\n"
44 "MIIFwTCCA6mgAwIBAgIUBfKGru//yxvdRovc8iW9U9dzgqMwDQYJKoZIhvcNAQEL\r\n"
45 "BQAwbzELMAkGA1UEBhMCQ0kxCzAJBgNVBAgMAmhuMQswCQYDVQQHDAJzaDELMAkG\r\n"
46 "A1UECgwCaGgxCzAJBgNVBAsMAmlpMQswCQYDVQQDDAJhYjEfMB0GCSqGSIb3DQEJ\r\n"
47 "ARYQY3J5cHRvQGhlbGxvLmNvbTAgFw0yMjA4MjAxMjIyMzZaGA8yMDYyMDgyMDEy\r\n"
48 "MjIzNlowbzELMAkGA1UEBhMCQ0kxCzAJBgNVBAgMAmhuMQswCQYDVQQHDAJzaDEL\r\n"
49 "MAkGA1UECgwCaGgxCzAJBgNVBAsMAmlpMQswCQYDVQQDDAJhYjEfMB0GCSqGSIb3\r\n"
50 "DQEJARYQY3J5cHRvQGhlbGxvLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\r\n"
51 "AgoCggIBAOXkcX7cHglTySl4XmjwMhiyxhMQUSTnZtAyjIiudyJmr9q6Ci8OXGTz\r\n"
52 "yPKmvDejwKcWqwYNpSJstwLUl7o8nFgIJmC9zkQ2ZwdEr5gDNehuR9nNjD55tVKD\r\n"
53 "68svuLGEWbyFI9AL8p578VPTex18KnLYTnJzYu2rVslFNBzQFVNyFPGhbN/ZEcnE\r\n"
54 "ICW4qFovuqNdWH/R9wuyilF08CJjBdXAfFvukooleM3Ip/FNSNb0ygs9N+GnxKuw\r\n"
55 "xybcgC/qZlPHtnl03ebI7/gRgL863E7SZR1lDIMFQ35+Z+TcM4SPqbokNr+nCiUV\r\n"
56 "hmTW56rZJSLDDKvzHzSbon1atd7bjjWWDA/FkUZtvjrP+IVHe+McOS1pDxUOyUv6\r\n"
57 "2YiRD6UkHADAqK0shEo/ejbd92CRbobVLapY9GJ0VOolE061PeNDiy/cMI1ihhbB\r\n"
58 "bq6S5YN/mnjgn0ylDD/6SA4rcc8Pep7ubXSVzhp/mugkJltDvYWoTO8rtZJryqP7\r\n"
59 "hehpJ8lZ1sGjlBE+1H4673wqx+HeGToGpBwrXM+3mKa27KDMtSRt0CvLuycR1SIW\r\n"
60 "FmZXy8n8eVemeA4d9flSYak2Mv5PPXttpSM58rylI2BoSTJgxN/j1tE1Lo8hadwp\r\n"
61 "i5g68H0Fd19HONd+LFxAhpgJ2ZUJb3qoGypEy1J322FCq6djIrIXAgMBAAGjUzBR\r\n"
62 "MB0GA1UdDgQWBBRH2csGuD+kwo6tU03rVbR5dtBhfjAfBgNVHSMEGDAWgBRH2csG\r\n"
63 "uD+kwo6tU03rVbR5dtBhfjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA\r\n"
64 "A4ICAQCovX+y4fN27gjPZuT1x8Lbm1c6UPcraWOUx5fQq7gpbxGhkWvcNWDEM6FD\r\n"
65 "9bNIT3oA0YiiUqPVOG+2pYiDEwsQJbwgrHZmQIYaufMZevO+a5I4u6FHttj05/ju\r\n"
66 "Z/j5xVECUWIpGFIl+q9U8B5dZ7GbI5zMNZ+k1/KWt+6x5zqRYU1ysxlxITokVfzq\r\n"
67 "Bu/DtMGqsrw36FqGEVUc0kYHGW9gwsNLXmw+YMpQMinAOE8uU0Pw8wtQeX9UcA+b\r\n"
68 "UdP4v9R7YkEtE3rfUCZ1pilEEB5XoklOPn6HYwAhrSB8gb1Ar8gmLUcbO0BT85yS\r\n"
69 "oPLJcw/m8XFC8Dj9ZFU25ux4lhvwmRs9HFFcBUJtYxB13UdfqlFTAlZdtPWi00IQ\r\n"
70 "C7MujV0ijoR6PnntwpBhLHIry1XZxzkrHmuJGQuZO7Taf9FyblrydIprkRyLZRSj\r\n"
71 "r3j1va/amhZZZeKZu1A8KLmTK/VF1IU8f9vMBbmrI6Rx0hgmwOr4kVexDdKyhuZw\r\n"
72 "U0u0HqJMJR1Vin93IFMRE63hjNno3NPL7d0mlhmwjEywrY0MmXYiQ6ag8o0PYAXg\r\n"
73 "Nr8NxOEvBY7ZOkWd2deJIyARDEc9nPcY46MiwowJ6bPMVPCXYGOxSfRpvY5SEjgj\r\n"
74 "llVnK3ULIM3AfVqDe7n3GnD4pHbHZQPLGpq0bQH9JUnCraB60g==\r\n"
75 "-----END CERTIFICATE-----\r\n";
76
77 static char g_secondCaCert[] =
78 "-----BEGIN CERTIFICATE-----\r\n"
79 "MIIFvDCCA6SgAwIBAgIUZDZSgan7tFvmeMmUD80kk+opOZwwDQYJKoZIhvcNAQEL\r\n"
80 "BQAwbzELMAkGA1UEBhMCQ0kxCzAJBgNVBAgMAmhuMQswCQYDVQQHDAJzaDELMAkG\r\n"
81 "A1UECgwCaGgxCzAJBgNVBAsMAmlpMQswCQYDVQQDDAJhYjEfMB0GCSqGSIb3DQEJ\r\n"
82 "ARYQY3J5cHRvQGhlbGxvLmNvbTAeFw0yMjA4MjAxMjI4MDhaFw00MjA4MjAxMjI4\r\n"
83 "MDhaMHwxCzAJBgNVBAYTAkNOMQ4wDAYDVQQIDAVIVU5BTjERMA8GA1UEBwwIU0hB\r\n"
84 "R05IQUkxCzAJBgNVBAoMAmhoMQswCQYDVQQLDAJpaTEPMA0GA1UEAwwGYXV0aG9y\r\n"
85 "MR8wHQYJKoZIhvcNAQkBFhBjcnlwdG9AaGVsbG8uY29tMIICIjANBgkqhkiG9w0B\r\n"
86 "AQEFAAOCAg8AMIICCgKCAgEAuSVyrlsC5nO+64mTYGAVJb1bdRJhz7ATMy2CE2AC\r\n"
87 "yo/RAl2p4Yoz8uJ6U23Ip4F+HmAGqXnIRGezwb+U1XaMkxX6WJQybngbYhdJX0As\r\n"
88 "rElz2CZsh0ZE9bsfAakpMtSrCm7RCucHxDD9R6WDWO2p3ARq8QbmLPk6M0tl9Ibo\r\n"
89 "4y/nJ84rvNfEkjgVNnWh3JLJ8a9OnaPBm+3j/1fPhzcTAo5VAXzEcUomxoV/JZdU\r\n"
90 "Dc0uFjqVeG9svMEx0dbn/xYrPm3OygmNjmbwuWkU9wx1aBDB0k5EwZ2pEagus7Wb\r\n"
91 "Qx37MryvLIMZIlOfqCnygwi478FLD2Ml0+1S/3VQR8S4MptlPrlpfNtkFuh5In/l\r\n"
92 "EgN340I8cdQfv4ZFlZ1BcFhz09MYJFo+toQm62umoZFBdH76wy634FGb1JlhJv6v\r\n"
93 "MguyM8QUTYsF9NBLXKqT5GtuiK4paqwwiNz/mu7ulfxAwKh2u5Jiw0xd+QCNNk3d\r\n"
94 "i3Kchx0ZtomjvmHQh57OZRRfO3lNplnujd9/4oloP+N4xGZ9Uknw9KH+Xx0VZy68\r\n"
95 "1luyaW2BtEKc3K5vcFBAt8FSSAYp9/bJbqfXNIDLPJogQ8EKsccOfs/IiMDP3Wgt\r\n"
96 "T3v1Cr76z+dbBo05fHew3n2Y5STCnxnxxth/jo59bO6IeUhN+kfnnKGA7uxwPppk\r\n"
97 "/CECAwEAAaNDMEEwDAYDVR0TBAUwAwEB/zAxBgNVHR8EKjAoMCagJKAihiBodHRw\r\n"
98 "czovL2NhLnhpZXhpYW5iaW4uY24vY3JsLnBlbTANBgkqhkiG9w0BAQsFAAOCAgEA\r\n"
99 "KVB7IIZ2WHSvRLnkMkaDdIu37l60VMhj79MfOTTI/0CcZ0p8G+fqOKGTCtOTFLfz\r\n"
100 "nXCgDOYH9F5tugLLd9B7FiLys5eBdXRym22BHs/jtzUXFrxSFWBhxvW0cwCwy59g\r\n"
101 "5c/vX3QcvliJfjaLq67CwHIdKlKocogJp1qeROy7HfLQMQJHE/Fc30QZXp5bJcmg\r\n"
102 "KDYGdvrgKGpzgf4zjOYH+OMhwB2G9Nd6en7TCihq3A8HiGj+M3OzrKgWR4qiHmPg\r\n"
103 "3SX7njPLPVerly+o8oh2pSwxSLQMKgPHpbvMHIr5vRIAklGg2TP7WV5+Wc+MC+Ls\r\n"
104 "fZ5M7WSZWD6BV2XIHA2iM3N7wYzvH0lNlgR1Pu8vhflPfSjFouILbEHnsokHPsUd\r\n"
105 "bxnNmOyMpCDCg3cjuZYIyjAIB/OoADAekAHX3cAitBBzzD9MBK/UXRkMded6JVwf\r\n"
106 "bZGq+2LLNzXzqMWQeCcGocRHiV+7uw3klLANfF9NyXvW6FYN50LhnoroGwsuGetY\r\n"
107 "22F/8s1N0oC7Ucn/JmZUA9xjaCDEeoTDoefv8/3zSr2sR6wR7hIHgvC9NNOTzdSS\r\n"
108 "Rqc3AfUz90kdsAoZowql7CrZy7LiqzaJMy1F+2H8jmzfCV6DBaCYgzlBGS/dq/Q7\r\n"
109 "A9kbZrfCeb/yEgz0h0LrWnBWww7r2T+Hk4LQ/jLtC1Q=\r\n"
110 "-----END CERTIFICATE-----\r\n";
111
112 static char g_invalidCaCert[] =
113 "-----BEGIN CERTIFICATE-----\r\n"
114 "MIIFwTCCA6mgAwIBAgIUBQorsmfkw1hrf85bkGSOiJLFCfYwDQYJKoZIhvcNAQEL\r\n"
115 "BQAwezELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNIQU5HSEFJMREwDwYDVQQHDAhT\r\n"
116 "SEFOR0hBSTELMAkGA1UECgwCQUExCzAJBgNVBAsMAkJCMQswCQYDVQQDDAJDQzEf\r\n"
117 "MB0GCSqGSIb3DQEJARYQc2Vjb25kQGhlbGxvLmNvbTAeFw0yMjA4MjMxMTM4NDNa\r\n"
118 "Fw00MjA4MjMxMTM4NDNaMHoxCzAJBgNVBAYTAkNBMREwDwYDVQQIDAhTSEFOR0hB\r\n"
119 "STERMA8GA1UEBwwIU0hBTkdIQUkxCzAJBgNVBAoMAkFBMQswCQYDVQQLDAJCQjEL\r\n"
120 "MAkGA1UEAwwCQ0MxHjAcBgkqhkiG9w0BCQEWD3RoaXJkQGhlbGxvLmNvbTCCAiIw\r\n"
121 "DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMoRJDPA4mVDVgO7TGQqFZh4OxbV\r\n"
122 "uGaYmlEIVMwadsjA16l7xKB25bX7WmzHVDgZaJ0zJIyxbXXKvlmELS4mqDVmHUhh\r\n"
123 "sDHM+N00LVjV70F0xjaMRb1s6hOWlQ8Y314iDjW+c1lcHhWFliXqIp2Y7/c2QNKH\r\n"
124 "cRd+cqBzR45a9axHQTxS5ajTmLBSSAuSi3u1uVnA7BE7e0i0WSiISOtWiKoqG/R4\r\n"
125 "o+6llKg68LY0zHdWPyHn6F3aTvP+OJN+NHM+2onovpujDI28sTMRKeT92h/Ubf+s\r\n"
126 "q+kD25ADBZbq5kOXKq2m2jyh3RHSrxoPRyVUCFfWeqJk2ZUyOleHqV+orOCvTM37\r\n"
127 "LfbgIG6vchwMRnZHNBYWIm0BYkyo+O9wFV2+wC9iQwk/k+st9sQYNNwH6C2gzNnQ\r\n"
128 "WHgEYbGRSiUYsyXvkoUjw2gsBZJHjtKBNEqVwUA+yapbVRPsIPnzMr2IcLj9K2LM\r\n"
129 "FxOtpuliUjg/pqb4r5m83ZJQDBT3mvJr3NWbzbFKhqIaZyjjacCWr0vaumRsryEz\r\n"
130 "FwOVUZoPvLz/CgTAOAoouxGPs7qJhXb5CtXLdC15U9IEtsP88SExFa4gvO9nZPHE\r\n"
131 "HW9rc8/kppulsPGEDeZxYonGnk8l55ORqjmxcUQnWxWG1sqz4oTwUifWf9cybwMS\r\n"
132 "PpDQ4piAyncWY2jbAgMBAAGjPjA8MAwGA1UdEwQFMAMBAf8wLAYDVR0fBCUwIzAh\r\n"
133 "oB+gHYYbaHR0cHM6Ly9jYS50aGlyZC5jbi9jcmwucGVtMA0GCSqGSIb3DQEBCwUA\r\n"
134 "A4ICAQA0CP5FEccMxxd83S0IL5uwNCPPBzN3qHGZWm1PJD4dvbzsB5AtWbhDvfvD\r\n"
135 "GQRvfH83t3701U2J7wAUuFgG8UCNVKLSLfSv3Gqo5wKhEnZcoE0KZot56IA+lwVe\r\n"
136 "LfwAYgrzPMOWl1pyQ/BE5BcKthS/7OTH7qdNHc0J59xsanKFU9jnGEjfZv14XSRo\r\n"
137 "/iCM9ZIb4tVETnGFVfjp3Rjgnw2OZjdJcfVLIF/zTlkkGOQLqfyJqoafy0MIuM/k\r\n"
138 "nosPXJHX7tqQs5+ckKhPRkBltGsoLv2HzoIGiiGLvFmulvkyUd9FDq8UwfetAKU6\r\n"
139 "BTO6ZkjeS0S+2SBZ29Hm5F2xMoQjTtzYkmxCxbhFkAF2SWvR+hVXoOsAgG2csU15\r\n"
140 "ef+IgUw1aX7RK2OxYEYvX9BFLaoc8zima+ZzUbScZznVsyPGLZl+7tiOkQVFUSOY\r\n"
141 "F2TJqRXT8Obb0gQ1rHfU+ilDuP3+eUuUFfmzInqXTkGDArDEkwKoHezXgHhsvLTu\r\n"
142 "vBYSV/GOZHduz4WmiPQri3CkntSe4/JWeYoJHD+IWBO/Czvh6nNOciRxZSif917h\r\n"
143 "FQ6og3z/5CyHLd7EWKX/CwUqZ0jmGUdGoaO5i7xTeVzYGpkPzoTTRUv2T/go3roE\r\n"
144 "3hd5yG48AaYNKhJ26auBrOARpJe/ktKZTMuU3zHuPRtv3Wtdiw==\r\n"
145 "-----END CERTIFICATE-----\r\n";
146
147 static HcfCertChainValidator *g_validator = nullptr;
148
SetUpTestCase()149 void CryptoX509CertChainValidatorTest::SetUpTestCase()
150 {
151 (void)HcfCertChainValidatorCreate("PKIX", &g_validator);
152 }
TearDownTestCase()153 void CryptoX509CertChainValidatorTest::TearDownTestCase()
154 {
155 HcfObjDestroy(g_validator);
156 }
157
SetUp()158 void CryptoX509CertChainValidatorTest::SetUp()
159 {
160 }
161
TearDown()162 void CryptoX509CertChainValidatorTest::TearDown()
163 {
164 }
165
166 HWTEST_F(CryptoX509CertChainValidatorTest, GetAlgorithm001, TestSize.Level0)
167 {
168 const char *algo = g_validator->getAlgorithm(g_validator);
169 EXPECT_NE(algo, nullptr);
170 if (algo == nullptr) {
171 HcfObjDestroy(g_validator);
172 return;
173 }
174 string st("PKIX");
175 ASSERT_STREQ(algo, st.c_str());
176 }
177
178 HWTEST_F(CryptoX509CertChainValidatorTest, GetAlgorithm002, TestSize.Level0)
179 {
180 HcfCertChainValidator *pathValidator = nullptr;
181 HcfResult res = HcfCertChainValidatorCreate("invalidPKIX", &pathValidator);
182 EXPECT_EQ(res, HCF_NOT_SUPPORT);
183 EXPECT_EQ(pathValidator, nullptr);
184 }
185
186 /* valid cert chain. */
187 HWTEST_F(CryptoX509CertChainValidatorTest, VerifyTest001, TestSize.Level0)
188 {
189 HcfResult res = HCF_SUCCESS;
190 HcfCertChainData certsData = { 0 };
191 certsData.format = HCF_FORMAT_PEM;
192 certsData.count = 2; /* level-2 cert chain. */
193 uint32_t caCertLen = strlen(g_caCert) + 1;
194 uint32_t secondCaCertLen = strlen(g_secondCaCert) + 1;
195 certsData.dataLen = CERT_HEADER_LEN + secondCaCertLen + CERT_HEADER_LEN + caCertLen;
196 certsData.data = (uint8_t *)malloc(certsData.dataLen);
197 if (certsData.data == nullptr) {
198 return;
199 }
200 if (memcpy_s(certsData.data, CERT_HEADER_LEN + secondCaCertLen + CERT_HEADER_LEN + caCertLen,
201 &secondCaCertLen, CERT_HEADER_LEN) != EOK) {
202 goto OUT;
203 }
204 if (memcpy_s(certsData.data + CERT_HEADER_LEN, secondCaCertLen + CERT_HEADER_LEN + caCertLen,
205 g_secondCaCert, secondCaCertLen) != EOK) {
206 goto OUT;
207 }
208 if (memcpy_s(certsData.data + CERT_HEADER_LEN + secondCaCertLen, CERT_HEADER_LEN + caCertLen,
209 &caCertLen, CERT_HEADER_LEN) != EOK) {
210 goto OUT;
211 }
212 if (memcpy_s(certsData.data + CERT_HEADER_LEN + secondCaCertLen + CERT_HEADER_LEN, caCertLen,
213 g_caCert, caCertLen) != EOK) {
214 goto OUT;
215 }
216
217 res = g_validator->validate(g_validator, &certsData);
218 EXPECT_EQ(res, HCF_SUCCESS);
219 OUT:
220 free(certsData.data);
221 }
222
223 /* invalid cert chain. */
224 HWTEST_F(CryptoX509CertChainValidatorTest, VerifyTest002, TestSize.Level0)
225 {
226 HcfResult res = HCF_SUCCESS;
227 HcfCertChainData certsData = { 0 };
228 certsData.format = HCF_FORMAT_PEM;
229 certsData.count = 3; /* level-3 cert chain. */
230 uint32_t caCertLen = strlen(g_caCert) + 1;
231 uint32_t secondCaCertLen = strlen(g_secondCaCert) + 1;
232 uint32_t thirdCertLen = strlen(g_invalidCaCert) + 1;
233 certsData.dataLen = CERT_HEADER_LEN + thirdCertLen + CERT_HEADER_LEN +
234 secondCaCertLen + CERT_HEADER_LEN + caCertLen;
235 certsData.data = (uint8_t *)malloc(certsData.dataLen);
236 EXPECT_NE(certsData.data, nullptr);
237 if (certsData.data == nullptr) {
238 return;
239 }
240 if (memcpy_s(certsData.data,
241 CERT_HEADER_LEN + thirdCertLen + CERT_HEADER_LEN + secondCaCertLen + CERT_HEADER_LEN + caCertLen,
242 &thirdCertLen, CERT_HEADER_LEN) != EOK) {
243 goto OUT;
244 }
245 if (memcpy_s(certsData.data + CERT_HEADER_LEN,
246 thirdCertLen + CERT_HEADER_LEN + secondCaCertLen + CERT_HEADER_LEN + caCertLen,
247 g_invalidCaCert, thirdCertLen) != EOK) {
248 return;
249 }
250 if (memcpy_s(certsData.data + CERT_HEADER_LEN + thirdCertLen,
251 CERT_HEADER_LEN + secondCaCertLen + CERT_HEADER_LEN + caCertLen, &secondCaCertLen, CERT_HEADER_LEN) != EOK) {
252 goto OUT;
253 }
254 if (memcpy_s(certsData.data + CERT_HEADER_LEN + thirdCertLen + CERT_HEADER_LEN,
255 secondCaCertLen + CERT_HEADER_LEN + caCertLen, g_secondCaCert, secondCaCertLen) != EOK) {
256 goto OUT;
257 }
258 if (memcpy_s(certsData.data + CERT_HEADER_LEN + thirdCertLen + CERT_HEADER_LEN + secondCaCertLen,
259 CERT_HEADER_LEN + caCertLen, &caCertLen, CERT_HEADER_LEN) != EOK) {
260 goto OUT;
261 }
262 if (memcpy_s(certsData.data + CERT_HEADER_LEN + thirdCertLen + CERT_HEADER_LEN + secondCaCertLen + CERT_HEADER_LEN,
263 caCertLen, g_caCert, caCertLen) != EOK) {
264 goto OUT;
265 }
266
267 res = g_validator->validate(g_validator, &certsData);
268 EXPECT_NE(res, HCF_SUCCESS);
269 OUT:
270 free(certsData.data);
271 }
272
273 /* invalid cert chain data len. */
274 HWTEST_F(CryptoX509CertChainValidatorTest, VerifyTest003, TestSize.Level0)
275 {
276 HcfCertChainData certsData = { 0 };
277 certsData.format = HCF_FORMAT_PEM;
278 certsData.count = 3; /* level-3 cert chain. */
279 certsData.dataLen = INVALID_MAX_CERT_LEN;
280 certsData.data = (uint8_t *)malloc(certsData.dataLen);
281 EXPECT_NE(certsData.data, nullptr);
282 if (certsData.data == nullptr) {
283 return;
284 }
285
286 HcfResult res = g_validator->validate(g_validator, &certsData);
287 EXPECT_NE(res, HCF_SUCCESS);
288 free(certsData.data);
289 }
290
291 /* invalid cert number(1). */
292 HWTEST_F(CryptoX509CertChainValidatorTest, VerifyTest004, TestSize.Level0)
293 {
294 HcfResult res = HCF_SUCCESS;
295 HcfCertChainData certsData = { 0 };
296 certsData.format = HCF_FORMAT_PEM;
297 certsData.count = 1; /* level-3 cert chain. */
298 uint32_t caCertLen = strlen(g_caCert) + 1;
299 certsData.dataLen = CERT_HEADER_LEN + caCertLen;
300 certsData.data = (uint8_t *)malloc(certsData.dataLen);
301 EXPECT_NE(certsData.data, nullptr);
302 if (certsData.data == nullptr) {
303 return;
304 }
305 if (memcpy_s(certsData.data,
306 CERT_HEADER_LEN + caCertLen, &caCertLen, CERT_HEADER_LEN) != EOK) {
307 goto OUT;
308 }
309 if (memcpy_s(certsData.data + CERT_HEADER_LEN,
310 caCertLen, g_caCert, caCertLen) != EOK) {
311 goto OUT;
312 }
313
314 res = g_validator->validate(g_validator, &certsData);
315 EXPECT_NE(res, HCF_SUCCESS);
316 OUT:
317 free(certsData.data);
318 }
319
GetInvalidValidatorClass(void)320 static const char *GetInvalidValidatorClass(void)
321 {
322 return "INVALID_VALIDATOR_CLASS";
323 }
324
325
326 HWTEST_F(CryptoX509CertChainValidatorTest, NullInput, TestSize.Level0)
327 {
328 HcfResult res = HcfCertChainValidatorCreate("PKIX", nullptr);
329 EXPECT_NE(res, HCF_SUCCESS);
330 res = g_validator->validate(g_validator, nullptr);
331 EXPECT_NE(res, HCF_SUCCESS);
332 const char *algo = g_validator->getAlgorithm(nullptr);
333 EXPECT_EQ(algo, nullptr);
334 (void)g_validator->base.destroy(nullptr);
335 }
336
337 HWTEST_F(CryptoX509CertChainValidatorTest, InvalidClass, TestSize.Level0)
338 {
339 HcfCertChainValidator invalidValidator;
340 invalidValidator.base.getClass = GetInvalidValidatorClass;
341 HcfCertChainData certsData = { 0 };
342 HcfResult res = g_validator->validate(&invalidValidator, &certsData);
343 EXPECT_NE(res, HCF_SUCCESS);
344 const char *algo = g_validator->getAlgorithm(&invalidValidator);
345 EXPECT_EQ(algo, nullptr);
346 (void)g_validator->base.destroy(&(invalidValidator.base));
347 }
348
349 HWTEST_F(CryptoX509CertChainValidatorTest, NullSpiInput, TestSize.Level0)
350 {
351 HcfCertChainValidatorSpi *spiObj = nullptr;
352 HcfResult res = HcfCertChainValidatorSpiCreate(nullptr);
353 EXPECT_NE(res, HCF_SUCCESS);
354 res = HcfCertChainValidatorSpiCreate(&spiObj);
355 EXPECT_EQ(res, HCF_SUCCESS);
356 res = spiObj->engineValidate(spiObj, nullptr);
357 EXPECT_NE(res, HCF_SUCCESS);
358 (void)spiObj->base.destroy(nullptr);
359 }
360
361 HWTEST_F(CryptoX509CertChainValidatorTest, InvalidSpiClass, TestSize.Level0)
362 {
363 HcfCertChainValidatorSpi *spiObj = nullptr;
364 HcfResult res = HcfCertChainValidatorSpiCreate(&spiObj);
365 HcfCertChainValidatorSpi invalidSpi;
366 invalidSpi.base.getClass = GetInvalidValidatorClass;
367 HcfArray data = { 0 };
368 res = spiObj->engineValidate(&invalidSpi, &data);
369 EXPECT_NE(res, HCF_SUCCESS);
370 (void)spiObj->base.destroy(&(invalidSpi.base));
371 }
372
373 HWTEST_F(CryptoX509CertChainValidatorTest, InvalidMalloc, TestSize.Level0)
374 {
375 SetMockFlag(true);
376 HcfCertChainValidator *pathValidator = nullptr;
377 HcfResult res = HcfCertChainValidatorCreate("PKIX", &pathValidator);
378 EXPECT_EQ(res, HCF_ERR_MALLOC);
379 HcfCertChainData certsData = { 0 };
380 certsData.dataLen = 1;
381 res = g_validator->validate(g_validator, &certsData);
382 EXPECT_NE(res, HCF_SUCCESS);
383 SetMockFlag(false);
384 }
385 }