1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include "securec.h"
18
19 #include "x509_certificate.h"
20 #include "blob.h"
21 #include "memory_mock.h"
22 #include "x509_certificate_openssl.h"
23
24 using namespace std;
25 using namespace testing::ext;
26
27 namespace {
28 class CryptoX509CertificateTest : public testing::Test {
29 public:
30 static void SetUpTestCase();
31 static void TearDownTestCase();
32 void SetUp();
33 void TearDown();
34 };
35
36 static char g_deviceTestCert[] =
37 "-----BEGIN CERTIFICATE-----\r\n"
38 "MIIEQDCCAyigAwIBAgIQICAIMRlDU0ytSEUfNeOUJTANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG\r\n"
39 "EwJDTjEPMA0GA1UECgwGSHVhd2VpMRMwEQYDVQQLDApIdWF3ZWkgQ0JHMScwJQYDVQQDDB5IdWF3\r\n"
40 "ZWkgQ0JHIE1vYmlsZSBFcXVpcG1lbnQgQ0EwHhcNMjAwODMxMTE0MzUzWhcNMzAwODI5MTE0MzUz\r\n"
41 "WjBvMQswCQYDVQQGEwJDTjEPMA0GA1UECgwGSHVhd2VpMRMwEQYDVQQLDApIdWF3ZWkgQ0JHMTow\r\n"
42 "OAYDVQQDDDFIVUFXRUlfSFdKQURfODE4ZjhjNDUtOGNmNC00ZTM2LTkxOTMtNTQ5OWMwNzM0YzM4\r\n"
43 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZcfL6ot4z6k3T4X3C26EI557Zvrx9Ci\r\n"
44 "hNx6RMy+vjXa3E4BkxwZ3r0ADbc+msJOq0IyQJNujaLq35oQvJgMIvBn1xFurBXdOzbygc7G9GKt\r\n"
45 "sb4rmKUP0QEPHM2/TrxAJT2LNPLrOE047ESe2X76FpDY6oZdsoGJ5I9m/mlfGsxR1l1TeUjwA/Rs\r\n"
46 "UtISR66aastBy2tU7IubP0B0Gceqy9DnjTQtY9OpkOql08H20C30iCVijK6BmP43X4OMz2MS0leV\r\n"
47 "K0AHmhiv6ufu166Xtc2JOXRk/MJ+53iprvVEUowKY/ZATUz6iDHDZYM3MdQV+VbFrOevUceOSweY\r\n"
48 "PaXCzwIDAQABo4HqMIHnMB8GA1UdIwQYMBaAFDXT2UhPcFFNI7Ey1dXdJSHOBS7dMB0GA1UdDgQW\r\n"
49 "BBSndBqCYYcTB1kMNhYMM4r/vDLteTARBglghkgBhvhCAQEEBAMCBsAwCwYDVR0PBAQDAgTwMGYG\r\n"
50 "A1UdHwRfMF0wW6BZoFeGVWh0dHA6Ly9jcGtpLWNhd2ViLmh1YXdlaS5jb20vY3BraS9zZXJ2bGV0\r\n"
51 "L2NybEZpbGVEb3duLmNybD9jZXJ0eXBlPTQmeWVhcj0vY3JsMjAyMC5jcmwwHQYDVR0lBBYwFAYI\r\n"
52 "KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCNTqZHRy7BJ+KFOflqwYkeD1Yd\r\n"
53 "K5XxcZUykw8AefX3SMYzSBzy7IIIhM5bvhWF6r5NnBJYqmyQfy+3K0Z0LQXfsY95U9JBkKl3nQPn\r\n"
54 "p1PzV8wLp/XYE7ePsbIbjQ1gQdC47sTDjoA73X4wEchdEVJBNUs2e15HRxbzaVJ6ABSKI9AHkxKv\r\n"
55 "o9iYKFozQaL4y+3Y+Yei/N1kiZZayJqC1uXq45kelc3SCJrVPE4g/Uspf2jjp7xsS+MkmxvSAT9X\r\n"
56 "OJeDWEeXyt7tvJeodRQgGZVhdtN78mtoaqWqD9Z6a6wpWdC4sZCWJfMjCu4Wd889Pn4MT5DBKBN3\r\n"
57 "f3+JpOzUJlM9\r\n"
58 "-----END CERTIFICATE-----\r\n";
59
60 static char g_rootCert[] =
61 "-----BEGIN CERTIFICATE-----\r\n"
62 "MIIGQDCCBCigAwIBAgIUKNQFxqguJbKjFXanBmC2ZwUv9dkwDQYJKoZIhvcNAQEL\r\n"
63 "BQAwejELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNIQU5HSEFJMREwDwYDVQQHDAhT\r\n"
64 "SEFOR0hBSTELMAkGA1UECgwCQUExCzAJBgNVBAsMAkJCMQswCQYDVQQDDAJDQzEe\r\n"
65 "MBwGCSqGSIb3DQEJARYPZmlyc3RAaGVsbG8uY29tMCAXDTIyMDgyMzExMjk0MVoY\r\n"
66 "DzIwNjIwODIzMTEyOTQxWjB6MQswCQYDVQQGEwJDTjERMA8GA1UECAwIU0hBTkdI\r\n"
67 "QUkxETAPBgNVBAcMCFNIQU5HSEFJMQswCQYDVQQKDAJBQTELMAkGA1UECwwCQkIx\r\n"
68 "CzAJBgNVBAMMAkNDMR4wHAYJKoZIhvcNAQkBFg9maXJzdEBoZWxsby5jb20wggIi\r\n"
69 "MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr4nXrmskgHytDYcp8/BRORk71\r\n"
70 "f2idSs6cxxSOycILA3fbhbCB3qA8Bj4k1bT592j99MsKm+djMFvUOW/mS6iEWcoS\r\n"
71 "sK1HvYX2d7y0GMDnltT9I/KlcYDHiwcq0UgHX4OSbB70EUt9vUmq/opYeUJFIbfq\r\n"
72 "QJvGu57PJw+lxdsq3mZvx8n04fIMxqJdQSXu2foh0fSIePthNIV5JNtO9tTmmKn9\r\n"
73 "b+L9Eb1IfhKnvxNVuq046+eUwRA3Qva4HQOkCplamfU+b2dQGXnpha/NzXfCVuZK\r\n"
74 "R13xhUXjuXADGAIoRl9BgxgONTVpy209xQ7W1UvVEbSVDf8r9OlPDf3olRoavTAv\r\n"
75 "+EaYyqrFoEtTzIRZDiLIhqjoqtpbrl5oVggfH/qn8qDyZ+a6puwa81+9Mad8CLwh\r\n"
76 "Q9sa0uT+AET86gCGgpOBPF31+xYgnznQjd2wRs5a2rrYjy5wqAYyGPNUy9lm2EaU\r\n"
77 "03jMv+JzgeSdyqly8g3oCxBhRENgtGWlMUzzqZoM+Z6/NUn+pebRr53z4lzQWFFV\r\n"
78 "M1M81OHIKnleuud5CTnuRNfX7jVX9O+iu/bHjU2YKKrB3L1+ZY0cf6RXUDsBFSxg\r\n"
79 "dRZXBVvjJ8Ag+PDYOGG4Cbh9NByhvNvoKa7eBDpWXkOcP6VqnlIL33AUNKk9NEZc\r\n"
80 "KpyN1Dbk3eN/c9pIBQIDAQABo4G7MIG4MB0GA1UdDgQWBBRn2V1KId/KpzEztYbH\r\n"
81 "PHbCFqIioTAfBgNVHSMEGDAWgBRn2V1KId/KpzEztYbHPHbCFqIioTASBgNVHRMB\r\n"
82 "Af8ECDAGAQH/AgEDMAsGA1UdDwQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\r\n"
83 "KwYBBQUHAwIwGgYDVR0RBBMwEYEPZmlyc3RAaGVsbG8uY29tMBoGA1UdEgQTMBGB\r\n"
84 "D2ZpcnN0QGhlbGxvLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAqbo9c3pEMfk4pmTL\r\n"
85 "Oays4RGZy9kZtZMOgdNvZ1gLbRow85x3mSOQ7ew8trt4PbjEp48EQzTFy4AxsBj/\r\n"
86 "Kw7p6Y9RAu/fBQMOMwIKzBUW9gayehpOyRTgnt27jDUBBXcq21HDy+WK9FTreqTG\r\n"
87 "R2CH/Yt75pfsHLWulq7Ou3s5sWvLyuYxohVDsIJfJHwgUSGPB33bFGqSxzN4qOMJ\r\n"
88 "4+M1OO0+hHVWzqESmYBaroX7XYoFeVOJsEDdjU9lccIZpfupbZ4ljjdBk3v45WSt\r\n"
89 "gbTS2NYauczjl3wT/p5EU7iGf1a8rSOjUqZS6cmDP7Tq0PL4+1iMCZlF1ZXLvPb4\r\n"
90 "dCAebIPMF7Pn1BLjANsQ94iKWHmPWdl8m6QmdCtSGgt7zNx3W0N6kF/7tRdshUQD\r\n"
91 "mPXFZed3U3vVVCOGPPY/KYnNvU2umJ4EsDSThlRPPafZ8GDuj1cF4OGdxfNx6bSQ\r\n"
92 "E6Zuj4oYR1k5+vAWbVS6F25KV0C6mXkrmL/pl2JQt+fyWIjGxP3pkBcxBYyP+OgQ\r\n"
93 "hX9yv+cUIkDPNa9yytVn2Z+9CFJbz3l/AxIxTqR5a3m9Qlls4otQKco0E9ArA3ce\r\n"
94 "v9YYMHEDo61jQYTd2rz7BvIdvQ+ds4V+GjmgDFa21tMvpNxC6LMy4gS4PmOSAbMu\r\n"
95 "jI6AaoTlr5I7zPhFbR8/XEs7DzI=\r\n"
96 "-----END CERTIFICATE-----\r\n";
97
98 static char g_secondCert[] =
99 "-----BEGIN CERTIFICATE-----\r\n"
100 "MIIFwjCCA6qgAwIBAgIUTUs0/9mQvlKZ67Q3nDR+5bwvyoowDQYJKoZIhvcNAQEL\r\n"
101 "BQAwejELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNIQU5HSEFJMREwDwYDVQQHDAhT\r\n"
102 "SEFOR0hBSTELMAkGA1UECgwCQUExCzAJBgNVBAsMAkJCMQswCQYDVQQDDAJDQzEe\r\n"
103 "MBwGCSqGSIb3DQEJARYPZmlyc3RAaGVsbG8uY29tMB4XDTIyMDgyMzExMzQwMFoX\r\n"
104 "DTQyMDgyMzExMzQwMFowezELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNIQU5HSEFJ\r\n"
105 "MREwDwYDVQQHDAhTSEFOR0hBSTELMAkGA1UECgwCQUExCzAJBgNVBAsMAkJCMQsw\r\n"
106 "CQYDVQQDDAJDQzEfMB0GCSqGSIb3DQEJARYQc2Vjb25kQGhlbGxvLmNvbTCCAiIw\r\n"
107 "DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJkLbBN8iHBWDHCdoMPpUwIeCSpW\r\n"
108 "nWdqJJ83Hmp3KQvm2sY9l2VOMFE+D9QJr3rRLuzQLYwcGjCcqcq+a7up7jfyB+wm\r\n"
109 "FR+H1d9Mnv3G4n1ljwBuGqYr7QQh/6tZ7OsMaSdj6hAQe6b2eFeB1qpTORA2smX+\r\n"
110 "uQZ6C47kKOVkna/P8ipSgnQZejX5f+O/SsystdCLbtkZCGXOahMhi9mmdbK0jNuy\r\n"
111 "ZhM2sea8NiQONQjSFQm1pC0wpMyvCsZt0Xucxgv9pBvcX/w2BV8DrJ67yD61Lac2\r\n"
112 "4x9u7FgBlJRHqBz8pdMo11dwXaBKLL0RHEJR5eZYivX9krRdWH5/8YUwAFnZ09HH\r\n"
113 "IajVxZMBRSuUcHmFrGFbQcNCEsERx1DnWzb6j2iNo55s6kYWbvuF2vdAdZEJPWWk\r\n"
114 "NKRn+OJYQR1t0micL+RRS0rvktc49AOa25xqHIDK9wV6kXlJA36mRa2x9/ijB2c8\r\n"
115 "ZSn5vKhWRZOYQAQpB9kG5H2cK4xx48EOCNDnQ74RSVsP/xq8yJx6NOHDFkXhOq4M\r\n"
116 "7daCtrY57GjyUgIEhhGi7DIAjfLqrwdihLWvUip1gS32lc9Qy806r+yQYHFzqImI\r\n"
117 "GACoP9i5MfZDq5TUbwx4Z9yDQ0Djraa9GCU+GHmaZc84hiXwh2PsPCswG3mme87G\r\n"
118 "OydzdjYF/KKO9P33AgMBAAGjPzA9MAwGA1UdEwQFMAMBAf8wLQYDVR0fBCYwJDAi\r\n"
119 "oCCgHoYcaHR0cHM6Ly9jYS5zZWNvbmQuY24vY3JsLnBlbTANBgkqhkiG9w0BAQsF\r\n"
120 "AAOCAgEASJmN9D3Nf5YHOSa28gZLKhGziwNG9ykRXK59vLNIeYYDuoR51m+zkqtm\r\n"
121 "I5SuYDb+IfjicJCyMnrMlP/d/Lv/YUi/rEF/BS0YF2YlnX+5JmG8RG1Sh2OSfp28\r\n"
122 "rmh5srMg76EuDXIPN1+qHeQqpbNj11DzKL3Z2Tv+ohj2+/WauJt2KTdRWbRU7AT7\r\n"
123 "xRlgFOofQUFUo78JG+Op1yfQnbDqJNBB04ASwEi4ru9yliBgS6Ves/zn5xAjwe98\r\n"
124 "1tGuGFhEYXEKzP3cPGShefdFgyI53YrsVxXy4+x5OdfyRiq9+ao/jAAezZc6fcBe\r\n"
125 "V6gADyhpt9vSDinTcI3xBRqwLIa+ujTd/HEqSu9Di8xYJ+RbKJ0wFRK1VJqMZXKu\r\n"
126 "HIo7mgfBUwojxFbIk+FSXWWvWBtaOQxy4BZxv5NjAFlYU2k3p0rJOhQ3CCpTd6Sf\r\n"
127 "HVd68XS0xK+RLCYxbTK0ejZ8gGN3DHpdtCWRcVXOo47mR3eCgIWAdkWeRO+xs2LV\r\n"
128 "5afFCeGtpITsNUkqh9YVTvMxLEBwSmNH4SHVzJN5Xj6hgfLg2ZhbI7r1DC8CaTr7\r\n"
129 "H56qZfZmrvZbBc1q9yIhqJNPwwOZ0N0QJnZObBE1E8PX7if3lPlOoGIlbYcyEyu4\r\n"
130 "neNdebXmjLY6R8J9/eLy36xX7vRdjDBT1gva9AIthH0dg0tpPJI=\r\n"
131 "-----END CERTIFICATE-----\r\n";
132
133 static char g_testInvalidCert[] =
134 "-----xxxx CERTIFICATE-----\r\n"
135 "MIIDpzCCAo+gAwIBAgICAQAwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCQ04x\r\n"
136 "CzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjELMAkGA1UECgwCSEQxDDAKBgNVBAsM\r\n"
137 "A2RldjELMAkGA1UEAwwCY2ExGzAZBgkqhkiG9w0BCQEWDGNhQHdvcmxkLmNvbTAe\r\n"
138 "Fw0yMjA4MTkwNTE2MTVaFw0yMzA4MTkwNTE2MTVaMGwxCzAJBgNVBAYTAkNOMQsw\r\n"
139 "CQYDVQQIDAJCSjELMAkGA1UEBwwCQkoxCzAJBgNVBAoMAkhEMQwwCgYDVQQLDANk\r\n"
140 "ZXYxCzAJBgNVBAMMAmNhMRswGQYJKoZIhvcNAQkBFgxjYUB3b3JsZC5jb20wggEi\r\n"
141 "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuvLoVT5em7ApBma8xtgpcFcaU\r\n"
142 "CbXBJSUl2NpFW2sriucbEOvKRdw9KvLa/tSP6CupPZVKIzHAP2oeW88aFBr23miG\r\n"
143 "iR49M52c73Iw3H3EG2ckK8M1mxEzXSqynivqiNZDKG+bA5cFzcfmk6Th1bJan9w9\r\n"
144 "Ci8HPSBvgg7Rc6pqNM4HjTHl3Bb6cf4Xh3/GgpjypTd9jAAEyq+l/+1pnTYVlIJA\r\n"
145 "WGh0Z26RosXfzwfFKH77ysTjoj9ambvGmFsMXvNXEyYmBCeYND6xGj4pa2lylsra\r\n"
146 "kfYmGxcFQ45Lj5oWdNQQVdvrQiYWu3SJOC/WqB5UIAq92PPrq1apznxfjqABAgMB\r\n"
147 "AAGjUzBRMB0GA1UdDgQWBBRI5iWwjBMAOCcgcUjUCYJdsvwEMjAfBgNVHSMEGDAW\r\n"
148 "gBRI5iWwjBMAOCcgcUjUCYJdsvwEMjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\r\n"
149 "DQEBCwUAA4IBAQABop7EJgS2czHKWVzdEwjbi9m5ZUPy6aOV9paV1e/5IyFNHwun\r\n"
150 "B64iwcg03+FmIWNuynb1mglHHrUoXygXu9GIR8cWfOI3W+Pnn8fDi8MxQMn/e/Jj\r\n"
151 "BuGcnRwKynRhyLdkyWYn1YwqenMuFJu9yzkhfAPltGFEuPYCWDatdhm6zhFdu1PE\r\n"
152 "EMErHpQOT45z5cgC4XqgKlE+n8L4/5RfZnbuUJ3bV+FuI+VApLGXJQlJQAOTqBDg\r\n"
153 "k7DMSgPUUxYYa6AGMFy6vqQ6hcgCMK08ko8LdjVd1MobKzM9Oh480GFZA/ubR3QW\r\n"
154 "lv3OuOhmnIxNGcPUiqpSiWKqR5tf1KUImIR9\r\n"
155 "-----END CERTIFICATE-----\r\n";
156
157 /* g_testSelfSignedCaCert
158 Certificate:
159 Data:
160 Version: 3 (0x2)
161 Serial Number: 272 (0x110)
162 Signature Algorithm: sha256WithRSAEncryption
163 Issuer: C = CN, ST = BJ, L = BJ, O = HD, OU = dev, CN = ca, emailAddress = ca@cryptoframework.com
164 Validity
165 Not Before: Aug 19 12:49:06 2022 GMT
166 Not After : Aug 16 12:49:06 2032 GMT
167 Subject: C = CN, ST = BJ, L = BJ, O = HD, OU = dev, CN = ca, emailAddress = ca@cryptoframework.com
168 Subject Public Key Info:
169 Public Key Algorithm: rsaEncryption
170 RSA Public-Key: (2048 bit)
171 Modulus:
172 00:9f:29:d0:85:84:ed:6c:30:6e:d0:13:83:e0:1b:
173 61:08:f7:dd:63:41:06:4b:54:fb:f0:15:7f:e4:e5:
174 d5:a0:1a:e1:33:9e:5b:6f:d9:01:17:38:b1:dc:0b:
175 55:3c:5d:5c:28:a9:16:c7:ae:88:63:77:d2:1c:17:
176 ad:71:54:1e:b7:0c:7f:4c:36:b0:29:33:9c:95:59:
177 fe:b4:1c:7c:43:b9:29:bd:6f:07:3e:83:10:47:20:
178 21:26:04:86:1a:8e:05:f6:01:8a:de:6a:7e:9a:b9:
179 47:6f:b6:47:f4:e1:ff:26:d5:fa:40:6b:52:5f:86:
180 b2:c5:db:0c:07:ba:a1:90:b2:e7:a9:46:a6:10:ef:
181 98:73:14:3b:b6:b5:de:3f:92:16:64:e1:31:b2:36:
182 c9:ec:ae:6b:52:da:81:2a:1a:04:97:d8:d4:9f:a2:
183 ee:35:8f:9a:61:05:47:47:50:da:9d:04:1a:31:d3:
184 81:01:a1:46:8e:55:bb:00:c7:8a:93:52:bf:45:cf:
185 f0:e5:00:fc:f6:1b:2f:f4:81:8f:51:6a:e0:2d:e0:
186 b5:fb:e3:7a:cc:14:6f:35:5a:32:8a:bf:c0:2b:b2:
187 d6:a7:17:23:cd:19:2d:ed:f0:85:1d:b8:73:47:17:
188 60:53:b4:b8:68:bd:7a:03:e9:db:87:f0:ef:26:06:
189 aa:01
190 Exponent: 65537 (0x10001)
191 X509v3 extensions:
192 X509v3 Subject Key Identifier:
193 8C:A3:3B:42:63:01:B3:4D:51:F6:E4:2D:B5:83:7F:18:39:2F:B7:B5
194 X509v3 Authority Key Identifier:
195 keyid:8C:A3:3B:42:63:01:B3:4D:51:F6:E4:2D:B5:83:7F:18:39:2F:B7:B5
196
197 X509v3 Basic Constraints: critical
198 CA:TRUE, pathlen:2
199 X509v3 Key Usage:
200 Certificate Sign, CRL Sign
201 X509v3 Extended Key Usage:
202 TLS Web Server Authentication, TLS Web Client Authentication
203 X509v3 Subject Alternative Name:
204 email:ca@cryptoframework.com
205 X509v3 Issuer Alternative Name:
206 email:ca@cryptoframework.com
207 Signature Algorithm: sha256WithRSAEncryption
208 87:ee:11:13:a7:09:eb:6f:e0:2d:8b:2c:2e:47:3b:11:28:3b:
209 7b:12:b0:66:59:a2:b0:7c:81:89:cb:b2:ff:e5:da:80:e6:77:
210 71:36:e0:40:d5:e5:42:86:4a:6f:0f:e4:b3:f0:7f:70:89:db:
211 40:66:1b:a4:09:b8:ed:2b:9d:a3:e2:3f:1b:dc:63:d1:7e:e0:
212 40:1f:70:b5:2a:db:4a:d3:ac:e9:28:e7:2e:26:14:d3:11:5c:
213 16:c7:34:8f:a9:36:4a:b9:72:8b:04:50:72:34:b8:3c:e2:a2:
214 51:2d:02:9b:71:77:0c:71:9d:8f:9e:4f:94:19:17:c6:e7:57:
215 0a:ad:95:dc:9d:d5:c0:a7:f6:6d:58:d0:6f:3c:f6:f8:cf:d0:
216 d6:6f:8f:ec:58:41:f8:99:9e:3b:c7:9e:9a:4a:8c:43:4b:45:
217 31:4d:c4:33:8e:35:36:97:a3:0b:98:85:54:01:a0:a3:09:c2:
218 f1:2d:01:f9:fc:47:f5:d0:49:b8:73:3a:be:9c:44:5b:0d:dc:
219 91:91:43:65:0d:64:77:dd:58:46:0a:fb:8d:8f:1f:73:4b:ff:
220 4f:4b:73:1d:66:ce:11:5c:e4:94:42:01:58:bd:66:a2:6a:4b:
221 04:2c:1e:d3:f1:b0:f8:13:ba:d1:b7:e2:d8:ca:09:c3:cb:76:
222 21:c0:75:43
223 */
224 static char g_testSelfSignedCaCert[] =
225 "-----BEGIN CERTIFICATE-----\r\n"
226 "MIIEMjCCAxqgAwIBAgICARAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQ04x\r\n"
227 "CzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjELMAkGA1UECgwCSEQxDDAKBgNVBAsM\r\n"
228 "A2RldjELMAkGA1UEAwwCY2ExJTAjBgkqhkiG9w0BCQEWFmNhQGNyeXB0b2ZyYW1l\r\n"
229 "d29yay5jb20wHhcNMjIwODE5MTI0OTA2WhcNMzIwODE2MTI0OTA2WjB2MQswCQYD\r\n"
230 "VQQGEwJDTjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQswCQYDVQQKDAJIRDEM\r\n"
231 "MAoGA1UECwwDZGV2MQswCQYDVQQDDAJjYTElMCMGCSqGSIb3DQEJARYWY2FAY3J5\r\n"
232 "cHRvZnJhbWV3b3JrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\r\n"
233 "AJ8p0IWE7WwwbtATg+AbYQj33WNBBktU+/AVf+Tl1aAa4TOeW2/ZARc4sdwLVTxd\r\n"
234 "XCipFseuiGN30hwXrXFUHrcMf0w2sCkznJVZ/rQcfEO5Kb1vBz6DEEcgISYEhhqO\r\n"
235 "BfYBit5qfpq5R2+2R/Th/ybV+kBrUl+GssXbDAe6oZCy56lGphDvmHMUO7a13j+S\r\n"
236 "FmThMbI2yeyua1LagSoaBJfY1J+i7jWPmmEFR0dQ2p0EGjHTgQGhRo5VuwDHipNS\r\n"
237 "v0XP8OUA/PYbL/SBj1Fq4C3gtfvjeswUbzVaMoq/wCuy1qcXI80ZLe3whR24c0cX\r\n"
238 "YFO0uGi9egPp24fw7yYGqgECAwEAAaOByTCBxjAdBgNVHQ4EFgQUjKM7QmMBs01R\r\n"
239 "9uQttYN/GDkvt7UwHwYDVR0jBBgwFoAUjKM7QmMBs01R9uQttYN/GDkvt7UwEgYD\r\n"
240 "VR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH\r\n"
241 "AwEGCCsGAQUFBwMCMCEGA1UdEQQaMBiBFmNhQGNyeXB0b2ZyYW1ld29yay5jb20w\r\n"
242 "IQYDVR0SBBowGIEWY2FAY3J5cHRvZnJhbWV3b3JrLmNvbTANBgkqhkiG9w0BAQsF\r\n"
243 "AAOCAQEAh+4RE6cJ62/gLYssLkc7ESg7exKwZlmisHyBicuy/+XagOZ3cTbgQNXl\r\n"
244 "QoZKbw/ks/B/cInbQGYbpAm47Sudo+I/G9xj0X7gQB9wtSrbStOs6SjnLiYU0xFc\r\n"
245 "Fsc0j6k2SrlyiwRQcjS4POKiUS0Cm3F3DHGdj55PlBkXxudXCq2V3J3VwKf2bVjQ\r\n"
246 "bzz2+M/Q1m+P7FhB+JmeO8eemkqMQ0tFMU3EM441NpejC5iFVAGgownC8S0B+fxH\r\n"
247 "9dBJuHM6vpxEWw3ckZFDZQ1kd91YRgr7jY8fc0v/T0tzHWbOEVzklEIBWL1mompL\r\n"
248 "BCwe0/Gw+BO60bfi2MoJw8t2IcB1Qw==\r\n"
249 "-----END CERTIFICATE-----\r\n";
250
251 constexpr int TEST_CERT_VERSION = 3;
252 constexpr int TEST_CERT_CHAIN_LEN = 2;
253 constexpr int TEST_CERT_SERIAL_NUMBER = 272;
254
255 static HcfX509Certificate *g_x509CertObj = nullptr;
256
SetUpTestCase()257 void CryptoX509CertificateTest::SetUpTestCase()
258 {
259 HcfEncodingBlob inStream = { 0 };
260 inStream.data = (uint8_t *)g_testSelfSignedCaCert;
261 inStream.encodingFormat = HCF_FORMAT_PEM;
262 inStream.len = strlen(g_testSelfSignedCaCert) + 1;
263 (void)HcfX509CertificateCreate(&inStream, &g_x509CertObj);
264 }
265
TearDownTestCase()266 void CryptoX509CertificateTest::TearDownTestCase()
267 {
268 HcfObjDestroy(g_x509CertObj);
269 }
270
SetUp()271 void CryptoX509CertificateTest::SetUp() {}
272
TearDown()273 void CryptoX509CertificateTest::TearDown() {}
274
275 /**
276 * @tc.name: CryptoX509CertificateTest.GenerateCert001
277 * @tc.desc: Generate valid PEM format certificate.
278 * @tc.type: FUNC
279 * @tc.require: I5QDNN
280 */
281 HWTEST_F(CryptoX509CertificateTest, GenerateCert001, TestSize.Level0)
282 {
283 HcfX509Certificate *x509Cert = nullptr;
284 HcfEncodingBlob inStream = { 0 };
285 inStream.data = (uint8_t *)g_testSelfSignedCaCert;
286 inStream.encodingFormat = HCF_FORMAT_PEM;
287 inStream.len = strlen(g_testSelfSignedCaCert) + 1;
288 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
289 EXPECT_EQ(ret, HCF_SUCCESS);
290 EXPECT_NE(x509Cert, nullptr);
291 HcfObjDestroy(x509Cert);
292 }
293
294 /* Invalid input. */
295 HWTEST_F(CryptoX509CertificateTest, GenerateCert002, TestSize.Level0)
296 {
297 HcfX509Certificate *x509Cert = nullptr;
298 HcfEncodingBlob inStream = { 0 };
299 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
300 EXPECT_NE(ret, HCF_SUCCESS);
301 EXPECT_EQ(x509Cert, nullptr);
302 HcfObjDestroy(x509Cert);
303 }
304
305 /* Invalid PEM format. */
306 HWTEST_F(CryptoX509CertificateTest, GenerateCert003, TestSize.Level0)
307 {
308 HcfX509Certificate *x509Cert = nullptr;
309 HcfEncodingBlob inStream = { 0 };
310 inStream.data = (uint8_t *)g_testInvalidCert;
311 inStream.encodingFormat = HCF_FORMAT_PEM;
312 inStream.len = strlen(g_testInvalidCert) + 1;
313 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
314 EXPECT_NE(ret, HCF_SUCCESS);
315 EXPECT_EQ(x509Cert, nullptr);
316 HcfObjDestroy(x509Cert);
317 }
318
319 /* Valid DER format. */
320 HWTEST_F(CryptoX509CertificateTest, GenerateCert004, TestSize.Level0)
321 {
322 HcfEncodingBlob derBlob = { 0 };
323 HcfResult ret = g_x509CertObj->base.getEncoded((HcfCertificate *)g_x509CertObj, &derBlob);
324 EXPECT_EQ(ret, HCF_SUCCESS);
325 EXPECT_NE(derBlob.data, nullptr);
326 EXPECT_EQ(derBlob.encodingFormat, HCF_FORMAT_DER);
327 HcfX509Certificate *certFromDerData = nullptr;
328 ret = HcfX509CertificateCreate(&derBlob, &certFromDerData);
329 EXPECT_EQ(ret, HCF_SUCCESS);
330 EXPECT_NE(certFromDerData, nullptr);
331
332 free(derBlob.data);
333 HcfObjDestroy(certFromDerData);
334 }
335
336 /* verify self signed cert. */
337 HWTEST_F(CryptoX509CertificateTest, Verify001, TestSize.Level0)
338 {
339 HcfPubKey *keyOut = nullptr;
340 HcfResult ret = g_x509CertObj->base.getPublicKey((HcfCertificate *)g_x509CertObj, &keyOut);
341 EXPECT_EQ(ret, HCF_SUCCESS);
342 EXPECT_NE(keyOut, nullptr);
343 ret = g_x509CertObj->base.verify((HcfCertificate *)g_x509CertObj, keyOut);
344 EXPECT_EQ(ret, HCF_SUCCESS);
345 HcfObjDestroy(keyOut);
346 }
347
348 /* use root ca cert's public key to verify next cert. */
349 HWTEST_F(CryptoX509CertificateTest, Verify002, TestSize.Level0)
350 {
351 HcfX509Certificate *rootCert = nullptr;
352 HcfEncodingBlob root = { 0 };
353 root.data = (uint8_t *)g_rootCert;
354 root.encodingFormat = HCF_FORMAT_PEM;
355 root.len = strlen(g_rootCert) + 1;
356 HcfResult ret = HcfX509CertificateCreate(&root, &rootCert);
357 EXPECT_EQ(ret, HCF_SUCCESS);
358 EXPECT_NE(rootCert, nullptr);
359 HcfPubKey *rootkeyOut = nullptr;
360 ret = rootCert->base.getPublicKey((HcfCertificate *)rootCert, &rootkeyOut);
361 EXPECT_EQ(ret, HCF_SUCCESS);
362 EXPECT_NE(rootkeyOut, nullptr);
363
364 HcfX509Certificate *secondCert = nullptr;
365 HcfEncodingBlob second = { 0 };
366 second.data = (uint8_t *)g_secondCert;
367 second.encodingFormat = HCF_FORMAT_PEM;
368 second.len = strlen(g_secondCert) + 1;
369 ret = HcfX509CertificateCreate(&root, &secondCert);
370 EXPECT_EQ(ret, HCF_SUCCESS);
371 EXPECT_NE(rootCert, nullptr);
372 ret = secondCert->base.verify((HcfCertificate *)secondCert, rootkeyOut);
373 EXPECT_EQ(ret, HCF_SUCCESS);
374 HcfObjDestroy(rootkeyOut);
375 HcfObjDestroy(rootCert);
376 HcfObjDestroy(secondCert);
377 }
378
379 /* verify cert with wrong pub key. */
380 HWTEST_F(CryptoX509CertificateTest, Verify003, TestSize.Level0)
381 {
382 HcfX509Certificate *rootCert = nullptr;
383 HcfEncodingBlob root = { 0 };
384 root.data = (uint8_t *)g_rootCert;
385 root.encodingFormat = HCF_FORMAT_PEM;
386 root.len = strlen(g_rootCert) + 1;
387 HcfResult ret = HcfX509CertificateCreate(&root, &rootCert);
388 EXPECT_EQ(ret, HCF_SUCCESS);
389 EXPECT_NE(rootCert, nullptr);
390 HcfPubKey *rootkeyOut = nullptr;
391 ret = rootCert->base.getPublicKey((HcfCertificate *)rootCert, &rootkeyOut);
392 EXPECT_EQ(ret, HCF_SUCCESS);
393 EXPECT_NE(rootkeyOut, nullptr);
394
395 ret = g_x509CertObj->base.verify((HcfCertificate *)g_x509CertObj, rootkeyOut);
396 EXPECT_NE(ret, HCF_SUCCESS);
397 HcfObjDestroy(rootkeyOut);
398 HcfObjDestroy(rootCert);
399 }
400
401 /* verify cert with invalid input pub key. */
402 HWTEST_F(CryptoX509CertificateTest, Verify004, TestSize.Level0)
403 {
404 HcfResult ret = g_x509CertObj->base.verify((HcfCertificate *)g_x509CertObj, nullptr);
405 EXPECT_NE(ret, HCF_SUCCESS);
406 }
407
408 HWTEST_F(CryptoX509CertificateTest, GetEncoded001, TestSize.Level0)
409 {
410 HcfEncodingBlob encodingBlob = { 0 };
411 HcfResult ret = g_x509CertObj->base.getEncoded((HcfCertificate *)g_x509CertObj, &encodingBlob);
412 EXPECT_EQ(ret, HCF_SUCCESS);
413 EXPECT_NE(encodingBlob.data, nullptr);
414 EXPECT_EQ(encodingBlob.encodingFormat, HCF_FORMAT_DER);
415 HcfEncodingBlobDataFree(&encodingBlob);
416 }
417
418 /* Invalid input. */
419 HWTEST_F(CryptoX509CertificateTest, GetEncoded002, TestSize.Level0)
420 {
421 HcfResult ret = g_x509CertObj->base.getEncoded((HcfCertificate *)g_x509CertObj, nullptr);
422 EXPECT_NE(ret, HCF_SUCCESS);
423 }
424
425 HWTEST_F(CryptoX509CertificateTest, GetPublicKey, TestSize.Level0)
426 {
427 HcfPubKey *keyOut = nullptr;
428 HcfResult ret = g_x509CertObj->base.getPublicKey((HcfCertificate *)g_x509CertObj, &keyOut);
429 EXPECT_EQ(ret, HCF_SUCCESS);
430 EXPECT_NE(keyOut, nullptr);
431 HcfObjDestroy(keyOut);
432 }
433
434 /* Input valid date. YYMMDDHHMMSSZ */
435 HWTEST_F(CryptoX509CertificateTest, CheckValidityWithDate001, TestSize.Level0)
436 {
437 const char *date = "231018162433Z";
438 // validatetime :2022/08/19 - 2032/08/16
439 HcfResult ret = g_x509CertObj->checkValidityWithDate(g_x509CertObj, date);
440 EXPECT_EQ(ret, HCF_SUCCESS);
441 }
442
443 /* Input valid date. time format: YYYYMMDDHHMMSSZ */
444 HWTEST_F(CryptoX509CertificateTest, CheckValidityWithDate002, TestSize.Level0)
445 {
446 const char *date = "20231018162433Z";
447 // validatetime :2022/08/19 - 2032/08/16
448 HcfResult ret = g_x509CertObj->checkValidityWithDate(g_x509CertObj, date);
449 EXPECT_EQ(ret, HCF_SUCCESS);
450 }
451
452 /* Input invalid date--expiered. */
453 HWTEST_F(CryptoX509CertificateTest, CheckValidityWithDate003, TestSize.Level0)
454 {
455 const char *date = "20991018162433Z";
456 // validatetime :2022/08/19 - 2032/08/16
457 HcfResult ret = g_x509CertObj->checkValidityWithDate(g_x509CertObj, date);
458 EXPECT_EQ(ret, HCF_ERR_CERT_HAS_EXPIRED);
459 }
460
461 /* Input invalid date. */
462 HWTEST_F(CryptoX509CertificateTest, CheckValidityWithDate004, TestSize.Level0)
463 {
464 const char *date = "20191018162433Z";
465 // validatetime :2022/08/19 - 2032/08/16
466 HcfResult ret = g_x509CertObj->checkValidityWithDate(g_x509CertObj, date);
467 EXPECT_EQ(ret, HCF_ERR_CERT_NOT_YET_VALID);
468 }
469
470 /* Input invalid date form. */
471 HWTEST_F(CryptoX509CertificateTest, CheckValidityWithDate005, TestSize.Level0)
472 {
473 const char *date = "20191018";
474 // validatetime :2022/08/19 - 2032/08/16
475 HcfResult ret = g_x509CertObj->checkValidityWithDate(g_x509CertObj, date);
476 EXPECT_NE(ret, HCF_SUCCESS);
477 }
478
479 HWTEST_F(CryptoX509CertificateTest, GetVersion, TestSize.Level0)
480 {
481 long ver = g_x509CertObj->getVersion(g_x509CertObj);
482 EXPECT_EQ(ver, TEST_CERT_VERSION);
483 }
484
485 HWTEST_F(CryptoX509CertificateTest, GetSerialNumber, TestSize.Level0)
486 {
487 long serialNumber = g_x509CertObj->getSerialNumber(g_x509CertObj);
488 EXPECT_EQ(serialNumber, TEST_CERT_SERIAL_NUMBER);
489 }
490
491 HWTEST_F(CryptoX509CertificateTest, GetIssuerName001, TestSize.Level0)
492 {
493 HcfBlob out = { 0 };
494 HcfResult ret = g_x509CertObj->getIssuerName(g_x509CertObj, &out);
495 EXPECT_EQ(ret, HCF_SUCCESS);
496 EXPECT_NE(out.data, nullptr);
497 HcfBlobDataClearAndFree(&out);
498 }
499
500 /* invalid input. */
501 HWTEST_F(CryptoX509CertificateTest, GetIssuerName002, TestSize.Level0)
502 {
503 HcfResult ret = g_x509CertObj->getIssuerName(g_x509CertObj, nullptr);
504 EXPECT_NE(ret, HCF_SUCCESS);
505 }
506
507 HWTEST_F(CryptoX509CertificateTest, GetSubjectName001, TestSize.Level0)
508 {
509 HcfBlob out = { 0 };
510 HcfResult ret = g_x509CertObj->getSubjectName(g_x509CertObj, &out);
511 EXPECT_EQ(ret, HCF_SUCCESS);
512 EXPECT_NE(out.data, nullptr);
513 HcfBlobDataClearAndFree(&out);
514 }
515
516 /* invalid input. */
517 HWTEST_F(CryptoX509CertificateTest, GetSubjectName002, TestSize.Level0)
518 {
519 HcfResult ret = g_x509CertObj->getSubjectName(g_x509CertObj, nullptr);
520 EXPECT_NE(ret, HCF_SUCCESS);
521 }
522
523 HWTEST_F(CryptoX509CertificateTest, GetNotBeforeTime001, TestSize.Level0)
524 {
525 HcfBlob out = { 0 };
526 HcfResult ret = g_x509CertObj->getNotBeforeTime(g_x509CertObj, &out);
527 EXPECT_EQ(ret, HCF_SUCCESS);
528 EXPECT_NE(out.data, nullptr);
529 HcfBlobDataClearAndFree(&out);
530 }
531
532 /* invalid input. */
533 HWTEST_F(CryptoX509CertificateTest, GetNotBeforeTime002, TestSize.Level0)
534 {
535 HcfResult ret = g_x509CertObj->getNotBeforeTime(g_x509CertObj, nullptr);
536 EXPECT_NE(ret, HCF_SUCCESS);
537 }
538
539 HWTEST_F(CryptoX509CertificateTest, GetNotAfterTime001, TestSize.Level0)
540 {
541 HcfBlob out = { 0 };
542 HcfResult ret = g_x509CertObj->getNotAfterTime(g_x509CertObj, &out);
543 EXPECT_EQ(ret, HCF_SUCCESS);
544 EXPECT_NE(out.data, nullptr);
545 HcfBlobDataClearAndFree(&out);
546 }
547
548 /* invalid input. */
549 HWTEST_F(CryptoX509CertificateTest, GetNotAfterTime002, TestSize.Level0)
550 {
551 HcfResult ret = g_x509CertObj->getNotAfterTime(g_x509CertObj, nullptr);
552 EXPECT_NE(ret, HCF_SUCCESS);
553 }
554
555 HWTEST_F(CryptoX509CertificateTest, GetSignature001, TestSize.Level0)
556 {
557 HcfBlob sigOut = { 0 };
558 HcfResult ret = g_x509CertObj->getSignature(g_x509CertObj, &sigOut);
559 EXPECT_EQ(ret, HCF_SUCCESS);
560 EXPECT_NE(sigOut.data, nullptr);
561 HcfBlobDataClearAndFree(&sigOut);
562 }
563
564 /* invalid input. */
565 HWTEST_F(CryptoX509CertificateTest, GetSignature002, TestSize.Level0)
566 {
567 HcfResult ret = g_x509CertObj->getSignature(g_x509CertObj, nullptr);
568 EXPECT_NE(ret, HCF_SUCCESS);
569 }
570
571 HWTEST_F(CryptoX509CertificateTest, GetSignatureAlgName001, TestSize.Level0)
572 {
573 HcfBlob sigAlgName = { 0 };
574 HcfResult ret = g_x509CertObj->getSignatureAlgName(g_x509CertObj, &sigAlgName);
575 EXPECT_EQ(ret, HCF_SUCCESS);
576 EXPECT_NE(sigAlgName.data, nullptr);
577 HcfBlobDataClearAndFree(&sigAlgName);
578 }
579
580 /* invalid input. */
581 HWTEST_F(CryptoX509CertificateTest, GetSignatureAlgName002, TestSize.Level0)
582 {
583 HcfResult ret = g_x509CertObj->getSignatureAlgName(g_x509CertObj, nullptr);
584 EXPECT_NE(ret, HCF_SUCCESS);
585 }
586
587 HWTEST_F(CryptoX509CertificateTest, GetSignatureAlgOid001, TestSize.Level0)
588 {
589 HcfBlob sigAlgOid = { 0 };
590 HcfResult ret = g_x509CertObj->getSignatureAlgOid(g_x509CertObj, &sigAlgOid);
591 EXPECT_EQ(ret, HCF_SUCCESS);
592 EXPECT_NE(sigAlgOid.data, nullptr);
593 HcfBlobDataClearAndFree(&sigAlgOid);
594 }
595
596 /* invalid input. */
597 HWTEST_F(CryptoX509CertificateTest, GetSignatureAlgOid002, TestSize.Level0)
598 {
599 HcfResult ret = g_x509CertObj->getSignatureAlgOid(g_x509CertObj, nullptr);
600 EXPECT_NE(ret, HCF_SUCCESS);
601 }
602
603 HWTEST_F(CryptoX509CertificateTest, GetSignatureAlgParams001, TestSize.Level0)
604 {
605 HcfBlob sigAlgParamsOut = { 0 };
606 HcfResult ret = g_x509CertObj->getSignatureAlgParams(g_x509CertObj, &sigAlgParamsOut);
607 EXPECT_EQ(ret, HCF_SUCCESS);
608 EXPECT_NE(sigAlgParamsOut.data, nullptr);
609 HcfBlobDataClearAndFree(&sigAlgParamsOut);
610 }
611
612 /* invalid input. */
613 HWTEST_F(CryptoX509CertificateTest, GetSignatureAlgParams002, TestSize.Level0)
614 {
615 HcfResult ret = g_x509CertObj->getSignatureAlgParams(g_x509CertObj, nullptr);
616 EXPECT_NE(ret, HCF_SUCCESS);
617 }
618
619 HWTEST_F(CryptoX509CertificateTest, GetKeyUsage, TestSize.Level0)
620 {
621 HcfBlob out = { 0 };
622 HcfResult ret = g_x509CertObj->getKeyUsage(g_x509CertObj, &out);
623 EXPECT_EQ(ret, HCF_SUCCESS);
624 EXPECT_NE(out.data, nullptr);
625 HcfBlobDataClearAndFree(&out);
626 }
627
628 HWTEST_F(CryptoX509CertificateTest, GetExtKeyUsage001, TestSize.Level0)
629 {
630 HcfArray keyUsageOut = { 0 };
631 HcfResult ret = g_x509CertObj->getExtKeyUsage(g_x509CertObj, &keyUsageOut);
632 EXPECT_EQ(ret, HCF_SUCCESS);
633 EXPECT_NE(keyUsageOut.data, nullptr);
634 HcfArrayDataClearAndFree(&keyUsageOut);
635 }
636
637 /* Cert which has no extended key usage. */
638 HWTEST_F(CryptoX509CertificateTest, GetExtKeyUsage002, TestSize.Level0)
639 {
640 HcfArray keyUsageOut = { 0 };
641 HcfX509Certificate *x509Cert = nullptr;
642 HcfEncodingBlob inStream = { 0 };
643 inStream.data = (uint8_t *)g_secondCert;
644 inStream.encodingFormat = HCF_FORMAT_PEM;
645 inStream.len = strlen(g_secondCert) + 1;
646 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
647 EXPECT_EQ(ret, HCF_SUCCESS);
648 EXPECT_NE(x509Cert, nullptr);
649 ret = x509Cert->getExtKeyUsage(x509Cert, &keyUsageOut);
650 EXPECT_EQ(ret, HCF_ERR_CRYPTO_OPERATION);
651 EXPECT_EQ(keyUsageOut.data, nullptr);
652 HcfObjDestroy(x509Cert);
653 }
654
655 /* not a CA cert */
656 HWTEST_F(CryptoX509CertificateTest, GetBasicConstraints001, TestSize.Level0)
657 {
658 HcfX509Certificate *x509Cert = nullptr;
659 HcfEncodingBlob inStream = { 0 };
660 inStream.data = (uint8_t *)g_deviceTestCert;
661 inStream.encodingFormat = HCF_FORMAT_PEM;
662 inStream.len = strlen(g_deviceTestCert) + 1;
663 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
664 EXPECT_EQ(ret, HCF_SUCCESS);
665 EXPECT_NE(x509Cert, nullptr);
666 int32_t pathLen = x509Cert->getBasicConstraints(x509Cert);
667 EXPECT_EQ(pathLen, -1); /* cert path len is only valid for CA. */
668 HcfObjDestroy(x509Cert);
669 }
670
671 /* CA cert */
672 HWTEST_F(CryptoX509CertificateTest, GetBasicConstraints002, TestSize.Level0)
673 {
674 int32_t pathLen = g_x509CertObj->getBasicConstraints(g_x509CertObj);
675 EXPECT_EQ(pathLen, TEST_CERT_CHAIN_LEN); /* g_testSelfSignedCaCert is CA and it's path len is 2. */
676 }
677
678 /* invalid input. */
679 HWTEST_F(CryptoX509CertificateTest, GetBasicConstraints003, TestSize.Level0)
680 {
681 int32_t pathLen = g_x509CertObj->getBasicConstraints(nullptr);
682 EXPECT_EQ(pathLen, -1);
683 }
684
685 HWTEST_F(CryptoX509CertificateTest, GetSubjectAltNames001, TestSize.Level0)
686 {
687 HcfArray outName = { 0 };
688 HcfResult ret = g_x509CertObj->getSubjectAltNames(g_x509CertObj, &outName);
689 EXPECT_EQ(ret, HCF_SUCCESS);
690 EXPECT_NE(outName.data, nullptr);
691 HcfArrayDataClearAndFree(&outName);
692 }
693
694 /* cert without subject alternative names. */
695 HWTEST_F(CryptoX509CertificateTest, GetSubjectAltNames002, TestSize.Level0)
696 {
697 HcfArray outName = { 0 };
698 HcfX509Certificate *x509Cert = nullptr;
699 HcfEncodingBlob inStream = { 0 };
700 inStream.data = (uint8_t *)g_secondCert;
701 inStream.encodingFormat = HCF_FORMAT_PEM;
702 inStream.len = strlen(g_secondCert) + 1;
703 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
704 EXPECT_EQ(ret, HCF_SUCCESS);
705 EXPECT_NE(x509Cert, nullptr);
706 ret = x509Cert->getSubjectAltNames(x509Cert, &outName);
707 EXPECT_EQ(ret, HCF_ERR_CRYPTO_OPERATION);
708 EXPECT_EQ(outName.data, nullptr);
709 HcfObjDestroy(x509Cert);
710 }
711
712 /* invalid input. */
713 HWTEST_F(CryptoX509CertificateTest, GetSubjectAltNames003, TestSize.Level0)
714 {
715 HcfX509Certificate *x509Cert = nullptr;
716 HcfEncodingBlob inStream = { 0 };
717 inStream.data = (uint8_t *)g_secondCert;
718 inStream.encodingFormat = HCF_FORMAT_PEM;
719 inStream.len = strlen(g_secondCert) + 1;
720 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
721 EXPECT_EQ(ret, HCF_SUCCESS);
722 EXPECT_NE(x509Cert, nullptr);
723 ret = x509Cert->getSubjectAltNames(x509Cert, nullptr);
724 EXPECT_EQ(ret, HCF_INVALID_PARAMS);
725 HcfObjDestroy(x509Cert);
726 }
727
728 HWTEST_F(CryptoX509CertificateTest, GetIssuerAltNames001, TestSize.Level0)
729 {
730 HcfArray outName = { 0 };
731 HcfResult ret = g_x509CertObj->getIssuerAltNames(g_x509CertObj, &outName);
732 EXPECT_EQ(ret, HCF_SUCCESS);
733 EXPECT_NE(outName.data, nullptr);
734 HcfArrayDataClearAndFree(&outName);
735 }
736
737 /* cert without issuer alternative names. */
738 HWTEST_F(CryptoX509CertificateTest, GetIssuerAltNames002, TestSize.Level0)
739 {
740 HcfArray outName = { 0 };
741 HcfX509Certificate *x509Cert = nullptr;
742 HcfEncodingBlob inStream = { 0 };
743 inStream.data = (uint8_t *)g_secondCert;
744 inStream.encodingFormat = HCF_FORMAT_PEM;
745 inStream.len = strlen(g_secondCert) + 1;
746 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
747 EXPECT_EQ(ret, HCF_SUCCESS);
748 EXPECT_NE(x509Cert, nullptr);
749 ret = x509Cert->getIssuerAltNames(x509Cert, &outName);
750 EXPECT_EQ(ret, HCF_ERR_CRYPTO_OPERATION);
751 EXPECT_EQ(outName.data, nullptr);
752 HcfObjDestroy(x509Cert);
753 }
754
755 /* invalid input. */
756 HWTEST_F(CryptoX509CertificateTest, GetIssuerAltNames003, TestSize.Level0)
757 {
758 HcfX509Certificate *x509Cert = nullptr;
759 HcfEncodingBlob inStream = { 0 };
760 inStream.data = (uint8_t *)g_secondCert;
761 inStream.encodingFormat = HCF_FORMAT_PEM;
762 inStream.len = strlen(g_secondCert) + 1;
763 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
764 EXPECT_EQ(ret, HCF_SUCCESS);
765 EXPECT_NE(x509Cert, nullptr);
766 ret = x509Cert->getIssuerAltNames(x509Cert, nullptr);
767 EXPECT_EQ(ret, HCF_INVALID_PARAMS);
768 HcfObjDestroy(x509Cert);
769 }
770
771 HWTEST_F(CryptoX509CertificateTest, NullInput, TestSize.Level0)
772 {
773 (void)HcfX509CertificateCreate(nullptr, nullptr);
774 HcfPubKey *keyOut = nullptr;
775 HcfResult ret = g_x509CertObj->base.getPublicKey((HcfCertificate *)g_x509CertObj, &keyOut);
776 EXPECT_EQ(ret, HCF_SUCCESS);
777 EXPECT_NE(keyOut, nullptr);
778 (void)g_x509CertObj->base.base.destroy(nullptr);
779 (void)keyOut->base.getAlgorithm(&(keyOut->base));
780 (void)keyOut->base.getEncoded(&(keyOut->base), nullptr);
781 (void)keyOut->base.getFormat(&(keyOut->base));
782 ret = g_x509CertObj->base.verify(nullptr, nullptr);
783 EXPECT_NE(ret, HCF_SUCCESS);
784 ret = g_x509CertObj->base.getEncoded(nullptr, nullptr);
785 EXPECT_NE(ret, HCF_SUCCESS);
786 ret = g_x509CertObj->base.getPublicKey(nullptr, nullptr);
787 EXPECT_NE(ret, HCF_SUCCESS);
788 (void)g_x509CertObj->checkValidityWithDate(nullptr, nullptr);
789 (void)g_x509CertObj->getVersion(nullptr);
790 (void)g_x509CertObj->getSerialNumber(nullptr);
791 (void)g_x509CertObj->getIssuerName(nullptr, nullptr);
792 (void)g_x509CertObj->getSubjectName(nullptr, nullptr);
793 (void)g_x509CertObj->getNotBeforeTime(nullptr, nullptr);
794 (void)g_x509CertObj->getNotAfterTime(nullptr, nullptr);
795 (void)g_x509CertObj->getSignature(nullptr, nullptr);
796 (void)g_x509CertObj->getSignatureAlgName(nullptr, nullptr);
797 (void)g_x509CertObj->getSignatureAlgOid(nullptr, nullptr);
798 (void)g_x509CertObj->getSignatureAlgParams(nullptr, nullptr);
799 (void)g_x509CertObj->getKeyUsage(nullptr, nullptr);
800 (void)g_x509CertObj->getExtKeyUsage(nullptr, nullptr);
801 (void)g_x509CertObj->getBasicConstraints(nullptr);
802 (void)g_x509CertObj->getSubjectAltNames(nullptr, nullptr);
803 (void)g_x509CertObj->getIssuerAltNames(nullptr, nullptr);
804 HcfObjDestroy(keyOut);
805 }
806
807 HWTEST_F(CryptoX509CertificateTest, NullSpiInput, TestSize.Level0)
808 {
809 HcfX509CertificateSpi *spiObj = nullptr;
810 HcfEncodingBlob inStream = { 0 };
811 inStream.data = (uint8_t *)g_testSelfSignedCaCert;
812 inStream.encodingFormat = HCF_FORMAT_PEM;
813 inStream.len = strlen(g_testSelfSignedCaCert) + 1;
814 (void)OpensslX509CertSpiCreate(nullptr, nullptr);
815 HcfResult ret = OpensslX509CertSpiCreate(&inStream, &spiObj);
816 EXPECT_EQ(ret, HCF_SUCCESS);
817 EXPECT_NE(spiObj, nullptr);
818 (void)spiObj->base.destroy(nullptr);
819 ret = spiObj->engineVerify(nullptr, nullptr);
820 ret = spiObj->engineGetEncoded(nullptr, nullptr);
821 ret = spiObj->engineGetPublicKey(nullptr, nullptr);
822 EXPECT_NE(ret, HCF_SUCCESS);
823 ret = spiObj->engineCheckValidityWithDate(nullptr, nullptr);
824 EXPECT_NE(ret, HCF_SUCCESS);
825 long ver = spiObj->engineGetVersion(nullptr);
826 EXPECT_EQ(ver, -1);
827 long serial = spiObj->engineGetSerialNumber(nullptr);
828 EXPECT_EQ(serial, -1);
829 ret = spiObj->engineGetIssuerName(nullptr, nullptr);
830 ret = spiObj->engineGetSubjectName(nullptr, nullptr);
831 ret = spiObj->engineGetNotBeforeTime(nullptr, nullptr);
832 ret = spiObj->engineGetNotAfterTime(nullptr, nullptr);
833 ret = spiObj->engineGetSignature(nullptr, nullptr);
834 ret = spiObj->engineGetSignatureAlgName(nullptr, nullptr);
835 ret = spiObj->engineGetSignatureAlgOid(nullptr, nullptr);
836 ret = spiObj->engineGetSignatureAlgParams(nullptr, nullptr);
837 ret = spiObj->engineGetKeyUsage(nullptr, nullptr);
838 ret = spiObj->engineGetExtKeyUsage(nullptr, nullptr);
839 EXPECT_NE(ret, HCF_SUCCESS);
840 long basicLen = spiObj->engineGetBasicConstraints(nullptr);
841 EXPECT_EQ(basicLen, -1);
842 ret = spiObj->engineGetSubjectAltNames(nullptr, nullptr);
843 EXPECT_NE(ret, HCF_SUCCESS);
844 ret = spiObj->engineGetIssuerAltNames(nullptr, nullptr);
845 EXPECT_NE(ret, HCF_SUCCESS);
846 HcfObjDestroy(spiObj);
847 }
848
GetInvalidCertClass(void)849 static const char *GetInvalidCertClass(void)
850 {
851 return "INVALID_CERT_CLASS";
852 }
853
854 HWTEST_F(CryptoX509CertificateTest, InvalidSpiClass, TestSize.Level0)
855 {
856 HcfX509CertificateSpi *spiObj = nullptr;
857 HcfX509CertificateSpi invalidSpi = { {0} };
858 invalidSpi.base.getClass = GetInvalidCertClass;
859 HcfBlob invalidOut = { 0 };
860 HcfEncodingBlob inStream = { 0 };
861 inStream.data = (uint8_t *)g_testSelfSignedCaCert;
862 inStream.encodingFormat = HCF_FORMAT_PEM;
863 inStream.len = strlen(g_testSelfSignedCaCert) + 1;
864 HcfResult ret = OpensslX509CertSpiCreate(&inStream, &spiObj);
865 EXPECT_EQ(ret, HCF_SUCCESS);
866 EXPECT_NE(spiObj, nullptr);
867 (void)spiObj->base.destroy(&(invalidSpi.base));
868 HcfPubKey pubKey;
869 ret = spiObj->engineVerify(&invalidSpi, &pubKey);
870 EXPECT_NE(ret, HCF_SUCCESS);
871 ret = spiObj->engineGetEncoded(&invalidSpi, &inStream);
872 EXPECT_NE(ret, HCF_SUCCESS);
873 HcfPubKey *pubKeyOut = nullptr;
874 ret = spiObj->engineGetPublicKey(&invalidSpi, &pubKeyOut);
875 EXPECT_NE(ret, HCF_SUCCESS);
876 const char *date = "2020";
877 ret = spiObj->engineCheckValidityWithDate(&invalidSpi, date);
878 EXPECT_NE(ret, HCF_SUCCESS);
879 long ver = spiObj->engineGetVersion(&invalidSpi);
880 EXPECT_EQ(ver, -1);
881 long serial = spiObj->engineGetSerialNumber(&invalidSpi);
882 EXPECT_EQ(serial, -1);
883 ret = spiObj->engineGetIssuerName(&invalidSpi, &invalidOut);
884 ret = spiObj->engineGetSubjectName(&invalidSpi, &invalidOut);
885 ret = spiObj->engineGetNotBeforeTime(&invalidSpi, &invalidOut);
886 ret = spiObj->engineGetNotAfterTime(&invalidSpi, &invalidOut);
887 ret = spiObj->engineGetSignature(&invalidSpi, &invalidOut);
888 ret = spiObj->engineGetSignatureAlgName(&invalidSpi, &invalidOut);
889 ret = spiObj->engineGetSignatureAlgOid(&invalidSpi, &invalidOut);
890 ret = spiObj->engineGetSignatureAlgParams(&invalidSpi, &invalidOut);
891 ret = spiObj->engineGetKeyUsage(&invalidSpi, &invalidOut);
892 HcfArray invalidArr = { 0 };
893 ret = spiObj->engineGetExtKeyUsage(&invalidSpi, &invalidArr);
894 long basicLen = spiObj->engineGetBasicConstraints(&invalidSpi);
895 EXPECT_EQ(basicLen, -1);
896 ret = spiObj->engineGetSubjectAltNames(&invalidSpi, &invalidArr);
897 ret = spiObj->engineGetIssuerAltNames(&invalidSpi, &invalidArr);
898 EXPECT_NE(ret, HCF_SUCCESS);
899 HcfObjDestroy(spiObj);
900 }
901
902 HWTEST_F(CryptoX509CertificateTest, InvalidCertClass, TestSize.Level0)
903 {
904 HcfX509Certificate invalidCert;
905 invalidCert.base.base.getClass = GetInvalidCertClass;
906 HcfBlob invalidOut = { 0 };
907
908 HcfEncodingBlob inStream = { 0 };
909 HcfPubKey keyOut;
910 g_x509CertObj->base.base.destroy(&(invalidCert.base.base));
911 HcfResult ret = g_x509CertObj->base.verify(&(invalidCert.base), &keyOut);
912 EXPECT_NE(ret, HCF_SUCCESS);
913 ret = g_x509CertObj->base.getEncoded(&(invalidCert.base), &inStream);
914 EXPECT_NE(ret, HCF_SUCCESS);
915 HcfPubKey *pubKeyOut = nullptr;
916 ret = g_x509CertObj->base.getPublicKey(&(invalidCert.base), &pubKeyOut);
917 EXPECT_NE(ret, HCF_SUCCESS);
918 const char *date = "2020";
919 ret = g_x509CertObj->checkValidityWithDate(&invalidCert, date);
920 long ver = g_x509CertObj->getVersion(&invalidCert);
921 EXPECT_EQ(ver, -1);
922 long serial = g_x509CertObj->getSerialNumber(&invalidCert);
923 EXPECT_EQ(serial, -1);
924 ret = g_x509CertObj->getIssuerName(&invalidCert, &invalidOut);
925 ret = g_x509CertObj->getSubjectName(&invalidCert, &invalidOut);
926 ret = g_x509CertObj->getNotBeforeTime(&invalidCert, &invalidOut);
927 ret = g_x509CertObj->getNotAfterTime(&invalidCert, &invalidOut);
928 ret = g_x509CertObj->getSignature(&invalidCert, &invalidOut);
929 ret = g_x509CertObj->getSignatureAlgName(&invalidCert, &invalidOut);
930 ret = g_x509CertObj->getSignatureAlgOid(&invalidCert, &invalidOut);
931 ret = g_x509CertObj->getSignatureAlgParams(&invalidCert, &invalidOut);
932 ret = g_x509CertObj->getKeyUsage(&invalidCert, &invalidOut);
933 HcfArray invalidArr = { 0 };
934 ret = g_x509CertObj->getExtKeyUsage(&invalidCert, &invalidArr);
935 long basicLen = g_x509CertObj->getBasicConstraints(&invalidCert);
936 EXPECT_EQ(basicLen, -1);
937 ret = g_x509CertObj->getSubjectAltNames(&invalidCert, &invalidArr);
938 ret = g_x509CertObj->getIssuerAltNames(&invalidCert, &invalidArr);
939 EXPECT_NE(ret, HCF_SUCCESS);
940 }
941
942 HWTEST_F(CryptoX509CertificateTest, InvalidMalloc, TestSize.Level0)
943 {
944 SetMockFlag(true);
945 HcfX509Certificate *x509Cert = nullptr;
946 HcfEncodingBlob inStream = { 0 };
947 inStream.data = (uint8_t *)g_secondCert;
948 inStream.encodingFormat = HCF_FORMAT_PEM;
949 inStream.len = strlen(g_secondCert) + 1;
950 HcfResult ret = HcfX509CertificateCreate(&inStream, &x509Cert);
951 EXPECT_NE(ret, HCF_SUCCESS);
952 HcfBlob out = { 0 };
953 HcfArray arr = { 0 };
954 ret = g_x509CertObj->base.getEncoded(&(g_x509CertObj->base), &inStream);
955 EXPECT_NE(ret, HCF_SUCCESS);
956 HcfPubKey *pubKeyOut = nullptr;
957 ret = g_x509CertObj->base.getPublicKey(&(g_x509CertObj->base), &pubKeyOut);
958 EXPECT_NE(ret, HCF_SUCCESS);
959 const char *date = "2020";
960 ret = g_x509CertObj->checkValidityWithDate(g_x509CertObj, date);
961 ret = g_x509CertObj->getIssuerName(g_x509CertObj, &out);
962 ret = g_x509CertObj->getSubjectName(g_x509CertObj, &out);
963 ret = g_x509CertObj->getNotBeforeTime(g_x509CertObj, &out);
964 ret = g_x509CertObj->getNotAfterTime(g_x509CertObj, &out);
965 ret = g_x509CertObj->getSignature(g_x509CertObj, &out);
966 ret = g_x509CertObj->getSignatureAlgName(g_x509CertObj, &out);
967 ret = g_x509CertObj->getSignatureAlgOid(g_x509CertObj, &out);
968 EXPECT_NE(ret, HCF_SUCCESS);
969 ret = g_x509CertObj->getSignatureAlgParams(g_x509CertObj, &out);
970 ret = g_x509CertObj->getKeyUsage(g_x509CertObj, &out);
971 EXPECT_NE(ret, HCF_SUCCESS);
972 ret = g_x509CertObj->getExtKeyUsage(g_x509CertObj, &arr);
973 ret = g_x509CertObj->getSubjectAltNames(g_x509CertObj, &arr);
974 ret = g_x509CertObj->getIssuerAltNames(g_x509CertObj, &arr);
975 EXPECT_NE(ret, HCF_SUCCESS);
976 SetMockFlag(false);
977 }
978 }