1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #ifdef GTEST_API_
19 #define private public
20 #endif
21 #include "iservice_registry.h"
22 #include "system_ability_definition.h"
23 #include "bundle_mgr_proxy.h"
24 #include "net_mgr_log_wrapper.h"
25 #include "net_manager_constants.h"
26 #include "network_security_config.h"
27
28 namespace OHOS {
29 namespace NetManagerStandard {
30 namespace {
31 using namespace testing::ext;
32
33 const std::string TEST_TRUST_ANCHORS(R"([{"certificates": "@resource/raw/ca"}])");
34
35 const std::string TEST_DOMAINS(R"([{"include-subdomains": false, "name": "baidu.com"},
36 {"include-subdomains": true, "name": "taobao.com"}])");
37
38 const std::string TEST_PINSET(R"({
39 "expiration": "2024-8-6",
40 "pin": [
41 {"digest-algorithm": "sha256", "digest": "Q9TCQAWqP4t+eq41xnKaUgJdrPWqyG5L+Ni2YzMhqdY="},
42 {"digest-algorithm": "sha256", "digest": "Q6TCQAWqP4t+eq41xnKaUgJdrPWqyG5L+Ni2YzMhqdY="}
43 ]})");
44
45 const std::string TEST_CLEARTEXT_TRAFFIC_PERMITTED(R"([{"cleartextTrafficPermitted": false}])");
46 } // namespace
47
48 std::shared_ptr<NetworkSecurityConfig> g_networkSecurityConfig;
49
50 class NetworkSecurityConfigTest : public testing::Test {
51 public:
52 static void SetUpTestCase();
53 static void TearDownTestCase();
54 void SetUp();
55 void TearDown();
56 };
57
SetUpTestCase()58 void NetworkSecurityConfigTest::SetUpTestCase() {}
59
TearDownTestCase()60 void NetworkSecurityConfigTest::TearDownTestCase() {}
61
SetUp()62 void NetworkSecurityConfigTest::SetUp() {}
63
TearDown()64 void NetworkSecurityConfigTest::TearDown() {}
65
BuildTestJsonObject(std::string & content,cJSON * & json)66 void BuildTestJsonObject(std::string &content, cJSON* &json)
67 {
68 json = cJSON_Parse(content.c_str());
69 }
70
71 /**
72 * @tc.name: IsCACertFileNameTest001
73 * @tc.desc: Test NetworkSecurityConfig::IsCACertFileName
74 * @tc.type: FUNC
75 */
76 HWTEST_F(NetworkSecurityConfigTest, IsCACertFileNameTest001, TestSize.Level1)
77 {
78 std::string fileName("cafile.Pem");
79 std::cout << "IsCACertFileNameTest001 In" << std::endl;
80 auto ret = NetworkSecurityConfig::GetInstance().IsCACertFileName(fileName.c_str());
81 EXPECT_EQ(ret, true);
82 }
83
84 /**
85 * @tc.name: GetCAFilesFromPathTest001
86 * @tc.desc: Test NetworkSecurityConfig::GetCAFilesFromPath
87 * @tc.type: FUNC
88 */
89 HWTEST_F(NetworkSecurityConfigTest, GetCAFilesFromPathTest001, TestSize.Level1)
90 {
91 std::string caPath("/etc/security/certificates/test");
92 std::vector<std::string> caFiles;
93 std::cout << "GetCAFilesFromPathTest001 In" << std::endl;
94 NetworkSecurityConfig::GetInstance().GetCAFilesFromPath(caPath, caFiles);
95 EXPECT_EQ(caFiles.size(), 0);
96 }
97
98 /**
99 * @tc.name: AddSurfixToCACertFileNameTest001
100 * @tc.desc: Test NetworkSecurityConfig::AddSurfixToCACertFileName
101 * @tc.type: FUNC
102 */
103 HWTEST_F(NetworkSecurityConfigTest, AddSurfixToCACertFileNameTest001, TestSize.Level1)
104 {
105 std::string caPath("/etc/security/certificates/test");
106 std::set<std::string> allFileNames;
107 std::string caFile("cacert.pem");
108 std::cout << "AddSurfixToCACertFileNameTest001 In" << std::endl;
109 NetworkSecurityConfig::GetInstance().AddSurfixToCACertFileName(caPath, allFileNames, caFile);
110 EXPECT_EQ(allFileNames.size(), 1);
111 }
112
113 /**
114 * @tc.name: ReadCertFileTest001
115 * @tc.desc: Test NetworkSecurityConfig::ReadCertFile
116 * @tc.type: FUNC
117 */
118 HWTEST_F(NetworkSecurityConfigTest, ReadCertFileTest001, TestSize.Level1)
119 {
120 std::string caFile("cacert.pem");
121 std::cout << "ReadCertFileTest001 In" << std::endl;
122 auto ret = NetworkSecurityConfig::GetInstance().ReadCertFile(caFile);
123 EXPECT_EQ(ret, nullptr);
124 }
125
126 /**
127 * @tc.name: GetRehashedCADirName001
128 * @tc.desc: Test NetworkSecurityConfig::GetRehashedCADirName
129 * @tc.type: FUNC
130 */
131 HWTEST_F(NetworkSecurityConfigTest, GetRehashedCADirName001, TestSize.Level1)
132 {
133 std::string caPath("/etc/security/certificates/test");
134 std::string caPathHashValue = "eb6bf998a72433bdeb4eeb32cfa4bc15";
135 std::cout << "GetRehashedCADirName001 In" << std::endl;
136 auto ret = NetworkSecurityConfig::GetInstance().GetRehashedCADirName(caPath);
137 EXPECT_EQ(ret, caPathHashValue);
138 }
139
140 /**
141 * @tc.name: BuildRehasedCAPath001
142 * @tc.desc: Test NetworkSecurityConfig::BuildRehasedCAPath
143 * @tc.type: FUNC
144 */
145 HWTEST_F(NetworkSecurityConfigTest, BuildRehasedCAPath001, TestSize.Level1)
146 {
147 std::string caPath("/etc/security/certificates/test");
148 std::cout << "BuildRehasedCAPath001 In" << std::endl;
149 auto ret = NetworkSecurityConfig::GetInstance().BuildRehasedCAPath(caPath);
150 EXPECT_EQ(ret, "");
151 }
152
153 /**
154 * @tc.name: GetRehasedCAPath001
155 * @tc.desc: Test NetworkSecurityConfig::GetRehasedCAPath
156 * @tc.type: FUNC
157 */
158 HWTEST_F(NetworkSecurityConfigTest, GetRehasedCAPath001, TestSize.Level1)
159 {
160 std::string caPath("/etc/security/certificates/test");
161 std::cout << "GetRehasedCAPath001 In" << std::endl;
162 auto ret = NetworkSecurityConfig::GetInstance().GetRehasedCAPath(caPath);
163 EXPECT_EQ(ret, "");
164 }
165
166 /**
167 * @tc.name: ReHashCAPathForX509001
168 * @tc.desc: Test NetworkSecurityConfig::ReHashCAPathForX509
169 * @tc.type: FUNC
170 */
171 HWTEST_F(NetworkSecurityConfigTest, ReHashCAPathForX509001, TestSize.Level1)
172 {
173 std::string caPath("/etc/security/certificates/test");
174 std::cout << "ReHashCAPathForX509001 In" << std::endl;
175 auto ret = NetworkSecurityConfig::GetInstance().ReHashCAPathForX509(caPath);
176 EXPECT_EQ(ret, "");
177 }
178
179 /**
180 * @tc.name: ParseJsonTrustAnchorsTest001
181 * @tc.desc: Test NetworkSecurityConfig::ParseJsonTrustAnchors, not applying for
182 * permission,return NETMANAGER_ERR_PERMISSION_DENIED
183 * @tc.type: FUNC
184 */
185 HWTEST_F(NetworkSecurityConfigTest, ParseJsonTrustAnchorsTest001, TestSize.Level1)
186 {
187 cJSON *root = nullptr;
188 TrustAnchors trustAnchors;
189
190 std::string jsonTxt(TEST_TRUST_ANCHORS);
191 BuildTestJsonObject(jsonTxt, root);
192
193 std::cout << "ParseJsonTrustAnchorsTest001 In" << std::endl;
194 NetworkSecurityConfig::GetInstance().ParseJsonTrustAnchors(root, trustAnchors);
195 EXPECT_EQ(trustAnchors.certs_[0], "@resource/raw/ca");
196 }
197
198 /**
199 * @tc.name: ParseJsonDomainsTest001
200 * @tc.desc: Test NetworkSecurityConfig::ParseJsonDomains, not applying for
201 * permission,return NETMANAGER_ERR_PERMISSION_DENIED
202 * @tc.type: FUNC
203 */
204 HWTEST_F(NetworkSecurityConfigTest, ParseJsonDomainsTest001, TestSize.Level1)
205 {
206 cJSON *root = nullptr;
207 std::vector<Domain> domains;
208
209 std::string jsonTxt(TEST_DOMAINS);
210 BuildTestJsonObject(jsonTxt, root);
211
212 std::cout << "ParseJsonDomainsTest001 In" << std::endl;
213 NetworkSecurityConfig::GetInstance().ParseJsonDomains(root, domains);
214 ASSERT_EQ(domains[0].domainName_, "baidu.com");
215 ASSERT_EQ(domains[0].includeSubDomains_, false);
216 ASSERT_EQ(domains[1].domainName_, "taobao.com");
217 EXPECT_EQ(domains[1].includeSubDomains_, true);
218 }
219
220 /**
221 * @tc.name: ParseJsonPinSet001
222 * @tc.desc: Test NetworkSecurityConfig::ParseJsonPinSet, not applying for
223 * permission,return NETMANAGER_ERR_PERMISSION_DENIED
224 * @tc.type: FUNC
225 */
226 HWTEST_F(NetworkSecurityConfigTest, ParseJsonPinSet001, TestSize.Level1)
227 {
228 cJSON *root = nullptr;
229 PinSet pinSet;
230
231 std::string jsonTxt(TEST_PINSET);
232 BuildTestJsonObject(jsonTxt, root);
233
234 std::cout << "ParseJsonPinSet001 In" << std::endl;
235 NetworkSecurityConfig::GetInstance().ParseJsonPinSet(root, pinSet);
236 ASSERT_EQ(pinSet.expiration_, "2024-8-6");
237 ASSERT_EQ(pinSet.pins_[0].digestAlgorithm_, "sha256");
238 ASSERT_EQ(pinSet.pins_[0].digest_, "Q9TCQAWqP4t+eq41xnKaUgJdrPWqyG5L+Ni2YzMhqdY=");
239 ASSERT_EQ(pinSet.pins_[1].digestAlgorithm_, "sha256");
240 EXPECT_EQ(pinSet.pins_[1].digest_, "Q6TCQAWqP4t+eq41xnKaUgJdrPWqyG5L+Ni2YzMhqdY=");
241 }
242
243 /**
244 * @tc.name: HWTEST_F(NetworkSecurityConfigTest, GetPinSetForHostName001, TestSize.Level1)
245 * @tc.desc: Test NetworkSecurityConfig::GetPinSetForHostName, not applying for
246 * permission,return NETMANAGER_ERR_PERMISSION_DENIED
247 * @tc.type: FUNC
248 */
249 HWTEST_F(NetworkSecurityConfigTest, GetPinSetForHostName001, TestSize.Level1)
250 {
251 PinSet pinSet;
252
253 std::string hostname("www.example.com");
254 std::string pins;
255
256 std::cout << "GetPinSetForHostName001 In" << std::endl;
257 auto ret = NetworkSecurityConfig::GetInstance().GetPinSetForHostName(hostname, pins);
258 EXPECT_EQ(ret, NETMANAGER_SUCCESS);
259 }
260
261 /**
262 * @tc.name: HWTEST_F(NetworkSecurityConfigTest, ParseJsonCleartextPermitted001, TestSize.Level1)
263 * @tc.desc: Test NetworkSecurityConfig::ParseJsonCleartextPermitted, not applying for
264 * @tc.type: FUNC
265 */
266 HWTEST_F(NetworkSecurityConfigTest, ParseJsonCleartextPermitted001, TestSize.Level1)
267 {
268 cJSON *root = nullptr;
269 bool cleartextPermitted;
270
271 std::string jsonTxt(TEST_CLEARTEXT_TRAFFIC_PERMITTED);
272 BuildTestJsonObject(jsonTxt, root);
273
274 std::cout << "ParseJsonCleartextPermitted001 In" << std::endl;
275 NetworkSecurityConfig::GetInstance().ParseJsonCleartextPermitted(root, cleartextPermitted);
276 EXPECT_TRUE(cleartextPermitted);
277 }
278
279 /**
280 * @tc.name: HWTEST_F(NetworkSecurityConfigTest, IsCleartextPermitted001, TestSize.Level1)
281 * @tc.desc: Test NetworkSecurityConfig::IsCleartextPermitted, not applying for
282 * @tc.type: FUNC
283 */
284 HWTEST_F(NetworkSecurityConfigTest, IsCleartextPermitted001, TestSize.Level1)
285 {
286 NetworkSecurityConfig::GetInstance().baseConfig_.cleartextTrafficPermitted_ = true;
287 std::cout << "IsCleartextPermitted001 In" << std::endl;
288 bool isclearpermitted;
289 auto ret = NetworkSecurityConfig::GetInstance().IsCleartextPermitted(isclearpermitted);
290 EXPECT_NE(ret, NETMANAGER_ERR_PERMISSION_DENIED);
291 auto ret2 = NetworkSecurityConfig::GetInstance().IsCleartextPermitted("", isclearpermitted);
292 EXPECT_NE(ret, NETMANAGER_ERR_PERMISSION_DENIED);
293 }
294
295 /**
296 * @tc.name: HWTEST_F(NetworkSecurityConfigTest, IsCleartextPermitted002, TestSize.Level1)
297 * @tc.desc: Test NetworkSecurityConfig::IsCleartextPermitted, not applying for
298 * @tc.type: FUNC
299 */
300 HWTEST_F(NetworkSecurityConfigTest, IsCleartextPermitted002, TestSize.Level1)
301 {
302 NetworkSecurityConfig::GetInstance().baseConfig_.cleartextTrafficPermitted_ = false;
303 std::vector<DomainConfig> domainConfigs;
304 DomainConfig domainConfig;
305 domainConfig.cleartextTrafficPermitted_ = true;
306 std::vector<Domain> domains;
307 Domain domain;
308 domain.domainName_ = "www.text.com";
309 domains.push_back(domain);
310 domainConfig.domains_ = domains;
311 domainConfigs.push_back(domainConfig);
312 std::cout << "IsCleartextPermitted001 In" << std::endl;
313 bool isclearpermitted;
314 auto ret = NetworkSecurityConfig::GetInstance().IsCleartextPermitted("www.text.com", isclearpermitted);
315 EXPECT_NE(ret, NETMANAGER_ERR_PERMISSION_DENIED);
316 auto ret2 = NetworkSecurityConfig::GetInstance().IsCleartextPermitted("www.text2.com", isclearpermitted);
317 EXPECT_NE(ret, NETMANAGER_ERR_PERMISSION_DENIED);
318 }
319
320 }
321 }
322