1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <fstream>
17 #include <gtest/gtest.h>
18 #include <iostream>
19 #include <openssl/rsa.h>
20 #include <openssl/ssl.h>
21 #include <sstream>
22 #include <string>
23 #include <string_view>
24 #include <unistd.h>
25 #include <vector>
26
27 #include "net_address.h"
28 #include "secure_data.h"
29 #include "socket_error.h"
30 #include "socket_state_base.h"
31 #include "tls.h"
32 #include "tls_certificate.h"
33 #include "tls_configuration.h"
34 #include "tls_key.h"
35 #include "tls_socket.h"
36
37 namespace OHOS {
38 namespace NetStack {
39 namespace {
40 const std::string_view PRIVATE_KEY_PEM_CHAIN = "/data/ClientCertChain/privekey.pem.unsecure";
41 const std::string_view CA_PATH_CHAIN = "/data/ClientCertChain/RootCa.pem";
42 const std::string_view MID_CA_PATH_CHAIN = "/data/ClientCertChain/MidCa.pem";
43 const std::string_view CLIENT_CRT_CHAIN = "/data/ClientCertChain/secondServer.crt";
44 const std::string_view IP_ADDRESS = "/data/Ip/address.txt";
45 const std::string_view PORT = "/data/Ip/port.txt";
46
CheckCaFileExistence(const char * function)47 inline bool CheckCaFileExistence(const char *function)
48 {
49 if (access(CA_PATH_CHAIN.data(), 0)) {
50 std::cout << "CA file does not exist! (" << function << ")";
51 return false;
52 }
53 return true;
54 }
55
ReadFileContent(const std::string_view fileName)56 std::string ReadFileContent(const std::string_view fileName)
57 {
58 std::ifstream file;
59 file.open(fileName);
60 std::stringstream ss;
61 ss << file.rdbuf();
62 std::string infos = ss.str();
63 file.close();
64 return infos;
65 }
66
GetIp(std::string ip)67 std::string GetIp(std::string ip)
68 {
69 return ip.substr(0, ip.length() - 1);
70 }
71 } // namespace
72
73 class TlsSocketTest : public testing::Test {
74 public:
SetUpTestCase()75 static void SetUpTestCase() {}
76
TearDownTestCase()77 static void TearDownTestCase() {}
78
SetUp()79 virtual void SetUp() {}
80
TearDown()81 virtual void TearDown() {}
82 };
83
84 HWTEST_F(TlsSocketTest, bindInterface, testing::ext::TestSize.Level2)
85 {
86 if (!CheckCaFileExistence("bindInterface")) {
87 return;
88 }
89
90 TLSSocket server;
91 NetAddress address;
92
93 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
94 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
95 address.SetFamilyBySaFamily(AF_INET);
96
__anon66d22c060202(int32_t errCode) 97 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
98 }
99
100 HWTEST_F(TlsSocketTest, connectInterface, testing::ext::TestSize.Level2)
101 {
102 if (!CheckCaFileExistence("connectInterface")) {
103 return;
104 }
105 TLSConnectOptions options;
106 TLSSocket server;
107
108 TLSSecureOptions secureOption;
109 NetAddress address;
110
111 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
112 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
113 address.SetFamilyBySaFamily(AF_INET);
114
115 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
116 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
117 secureOption.SetCaChain(caVec);
118 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
119
120 options.SetNetAddress(address);
121 options.SetTlsSecureOptions(secureOption);
122
__anon66d22c060302(int32_t errCode) 123 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
124
__anon66d22c060402(int32_t errCode) 125 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
126
127 const std::string data = "how do you do? this is connectInterface";
128 TCPSendOptions tcpSendOptions;
129 tcpSendOptions.SetData(data);
__anon66d22c060502(int32_t errCode) 130 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
131 sleep(60);
132
__anon66d22c060602(int32_t errCode) 133 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
134 }
135
136 HWTEST_F(TlsSocketTest, closeInterface, testing::ext::TestSize.Level2)
137 {
138 if (!CheckCaFileExistence("closeInterface")) {
139 return;
140 }
141
142 TLSConnectOptions options;
143 TLSSocket server;
144
145 TLSSecureOptions secureOption;
146 NetAddress address;
147
148 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
149 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
150 address.SetFamilyBySaFamily(AF_INET);
151
152 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
153 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
154 secureOption.SetCaChain(caVec);
155 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
156
157 options.SetNetAddress(address);
158 options.SetTlsSecureOptions(secureOption);
159
__anon66d22c060702(int32_t errCode) 160 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
161
__anon66d22c060802(int32_t errCode) 162 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
163
164 const std::string data = "how do you do? this is closeInterface";
165 TCPSendOptions tcpSendOptions;
166 tcpSendOptions.SetData(data);
167
__anon66d22c060902(int32_t errCode) 168 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
169 sleep(60);
170
__anon66d22c060a02(int32_t errCode) 171 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
172 }
173
174 HWTEST_F(TlsSocketTest, sendInterface, testing::ext::TestSize.Level2)
175 {
176 if (!CheckCaFileExistence("sendInterface")) {
177 return;
178 }
179 TLSConnectOptions options;
180 TLSSocket server;
181
182 TLSSecureOptions secureOption;
183 NetAddress address;
184
185 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
186 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
187 address.SetFamilyBySaFamily(AF_INET);
188
189 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
190 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
191 secureOption.SetCaChain(caVec);
192 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
193
194 options.SetNetAddress(address);
195 options.SetTlsSecureOptions(secureOption);
196
__anon66d22c060b02(int32_t errCode) 197 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
198
__anon66d22c060c02(int32_t errCode) 199 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
200
201 const std::string data = "how do you do? this is sendInterface";
202 TCPSendOptions tcpSendOptions;
203 tcpSendOptions.SetData(data);
204
__anon66d22c060d02(int32_t errCode) 205 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
206 sleep(60);
207
__anon66d22c060e02(int32_t errCode) 208 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
209 }
210
211 HWTEST_F(TlsSocketTest, getRemoteAddressInterface, testing::ext::TestSize.Level2)
212 {
213 if (!CheckCaFileExistence("getRemoteAddressInterface")) {
214 return;
215 }
216
217 TLSConnectOptions options;
218 TLSSocket server;
219 TLSSecureOptions secureOption;
220 NetAddress address;
221
222 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
223 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
224 address.SetFamilyBySaFamily(AF_INET);
225
226 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
227 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
228 secureOption.SetCaChain(caVec);
229 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
230
231 options.SetNetAddress(address);
232 options.SetTlsSecureOptions(secureOption);
233
__anon66d22c060f02(int32_t errCode) 234 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
235
__anon66d22c061002(int32_t errCode) 236 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
237
238 NetAddress netAddress;
__anon66d22c061102(int32_t errCode, const NetAddress &address) 239 server.GetRemoteAddress([&netAddress](int32_t errCode, const NetAddress &address) {
240 EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS);
241 netAddress.SetAddress(address.GetAddress());
242 netAddress.SetPort(address.GetPort());
243 netAddress.SetFamilyBySaFamily(address.GetSaFamily());
244 });
245 EXPECT_STREQ(netAddress.GetAddress().c_str(), GetIp(ReadFileContent(IP_ADDRESS)).c_str());
246 EXPECT_EQ(address.GetPort(), std::atoi(ReadFileContent(PORT).c_str()));
247 EXPECT_EQ(netAddress.GetSaFamily(), AF_INET);
248
249 const std::string data = "how do you do? this is getRemoteAddressInterface";
250 TCPSendOptions tcpSendOptions;
251 tcpSendOptions.SetData(data);
252
__anon66d22c061202(int32_t errCode) 253 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
254 sleep(60);
255
__anon66d22c061302(int32_t errCode) 256 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
257 }
258
259 HWTEST_F(TlsSocketTest, getStateInterface, testing::ext::TestSize.Level2)
260 {
261 if (!CheckCaFileExistence("getRemoteAddressInterface")) {
262 return;
263 }
264
265 TLSConnectOptions options;
266 TLSSocket server;
267 TLSSecureOptions secureOption;
268 NetAddress address;
269
270 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
271 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
272 address.SetFamilyBySaFamily(AF_INET);
273
274 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
275 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
276 secureOption.SetCaChain(caVec);
277 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
278
279 options.SetNetAddress(address);
280 options.SetTlsSecureOptions(secureOption);
281
__anon66d22c061402(int32_t errCode) 282 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
__anon66d22c061502(int32_t errCode) 283 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
284
285 SocketStateBase TlsSocketstate;
__anon66d22c061602(int32_t errCode, const SocketStateBase &state) 286 server.GetState([&TlsSocketstate](int32_t errCode, const SocketStateBase &state) {
287 EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS);
288 TlsSocketstate = state;
289 });
290 std::cout << "TlsSocketstate.IsClose(): " << TlsSocketstate.IsClose() << std::endl;
291 EXPECT_TRUE(TlsSocketstate.IsBound());
292 EXPECT_TRUE(!TlsSocketstate.IsClose());
293 EXPECT_TRUE(TlsSocketstate.IsConnected());
294
295 const std::string data = "how do you do? this is getStateInterface";
296 TCPSendOptions tcpSendOptions;
297 tcpSendOptions.SetData(data);
__anon66d22c061702(int32_t errCode) 298 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
299
300 sleep(60);
301
__anon66d22c061802(int32_t errCode) 302 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
303 }
304
305 HWTEST_F(TlsSocketTest, getRemoteCertificateInterface, testing::ext::TestSize.Level2)
306 {
307 if (!CheckCaFileExistence("getRemoteCertificateInterface")) {
308 return;
309 }
310 TLSSocket server;
311 TLSConnectOptions options;
312 TCPSendOptions tcpSendOptions;
313 TLSSecureOptions secureOption;
314 NetAddress address;
315 const std::string data = "how do you do? This is UT test getRemoteCertificateInterface";
316
317 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
318 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
319 address.SetFamilyBySaFamily(AF_INET);
320
321 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
322 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
323 secureOption.SetCaChain(caVec);
324 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
325
326 options.SetNetAddress(address);
327 options.SetTlsSecureOptions(secureOption);
328
__anon66d22c061902(int32_t errCode) 329 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
330
__anon66d22c061a02(int32_t errCode) 331 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
332
333 tcpSendOptions.SetData(data);
334
__anon66d22c061b02(int32_t errCode) 335 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
336
337 server.GetRemoteCertificate(
__anon66d22c061c02(int32_t errCode, const X509CertRawData &cert) 338 [](int32_t errCode, const X509CertRawData &cert) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
339
340 sleep(60);
__anon66d22c061d02(int32_t errCode) 341 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
342 }
343
344 HWTEST_F(TlsSocketTest, protocolInterface, testing::ext::TestSize.Level2)
345 {
346 if (!CheckCaFileExistence("protocolInterface")) {
347 return;
348 }
349 TLSConnectOptions options;
350 TLSSocket server;
351 TLSSecureOptions secureOption;
352 NetAddress address;
353
354 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
355 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
356 address.SetFamilyBySaFamily(AF_INET);
357
358 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
359 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
360 secureOption.SetCaChain(caVec);
361 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
362 std::string protocolV13 = "TLSv1.2";
363 std::vector<std::string> protocolVec = {protocolV13};
364 secureOption.SetProtocolChain(protocolVec);
365
366 options.SetNetAddress(address);
367 options.SetTlsSecureOptions(secureOption);
368
__anon66d22c061e02(int32_t errCode) 369 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
370
__anon66d22c061f02(int32_t errCode) 371 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
372
373 const std::string data = "how do you do? this is protocolInterface";
374 TCPSendOptions tcpSendOptions;
375 tcpSendOptions.SetData(data);
376
__anon66d22c062002(int32_t errCode) 377 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
378 std::string getProtocolVal;
__anon66d22c062102(int32_t errCode, const std::string &protocol) 379 server.GetProtocol([&getProtocolVal](int32_t errCode, const std::string &protocol) {
380 EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS);
381 getProtocolVal = protocol;
382 });
383 EXPECT_STREQ(getProtocolVal.c_str(), "TLSv1.2");
384 sleep(60);
385
__anon66d22c062202(int32_t errCode) 386 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
387 }
388
389 HWTEST_F(TlsSocketTest, getCipherSuiteInterface, testing::ext::TestSize.Level2)
390 {
391 if (!CheckCaFileExistence("getCipherSuiteInterface")) {
392 return;
393 }
394
395 TLSConnectOptions options;
396 TLSSocket server;
397 TLSSecureOptions secureOption;
398 NetAddress address;
399
400 address.SetAddress(GetIp(ReadFileContent(IP_ADDRESS)));
401 address.SetPort(std::atoi(ReadFileContent(PORT).c_str()));
402 address.SetFamilyBySaFamily(AF_INET);
403
404 secureOption.SetKey(SecureData(ReadFileContent(PRIVATE_KEY_PEM_CHAIN)));
405 std::vector<std::string> caVec = {ReadFileContent(CA_PATH_CHAIN), ReadFileContent(MID_CA_PATH_CHAIN)};
406 secureOption.SetCaChain(caVec);
407 secureOption.SetCert(ReadFileContent(CLIENT_CRT_CHAIN));
408 secureOption.SetCipherSuite("ECDHE-RSA-AES128-GCM-SHA256");
409
410 options.SetNetAddress(address);
411 options.SetTlsSecureOptions(secureOption);
412
413 bool flag = false;
__anon66d22c062302(int32_t errCode) 414 server.Bind(address, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
__anon66d22c062402(int32_t errCode) 415 server.Connect(options, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
416
417 const std::string data = "how do you do? This is getCipherSuiteInterface";
418 TCPSendOptions tcpSendOptions;
419 tcpSendOptions.SetData(data);
__anon66d22c062502(int32_t errCode) 420 server.Send(tcpSendOptions, [](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
421
422 std::vector<std::string> cipherSuite;
__anon66d22c062602(int32_t errCode, const std::vector<std::string> &suite) 423 server.GetCipherSuite([&cipherSuite](int32_t errCode, const std::vector<std::string> &suite) {
424 EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS);
425 cipherSuite = suite;
426 });
427
428 for (auto const &iter : cipherSuite) {
429 if (iter == "ECDHE-RSA-AES128-GCM-SHA256") {
430 flag = true;
431 }
432 }
433
434 EXPECT_TRUE(flag);
435 sleep(60);
436
__anon66d22c062702(int32_t errCode) 437 (void)server.Close([](int32_t errCode) { EXPECT_TRUE(errCode == TLSSOCKET_SUCCESS); });
438 }
439 } // namespace NetStack
440 } // namespace OHOS
441
442