1 /*
2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hap_cert_verify_openssl_utils_test.h"
17
18 #include <fstream>
19 #include <gtest/gtest.h>
20
21 #include "openssl/asn1.h"
22 #include "openssl/x509.h"
23 #include "verify_hap.h"
24 #include "verify_cert_openssl_utils.h"
25
26 using namespace testing::ext;
27 namespace OHOS {
28 namespace SignatureTools {
29 class VerifyCertOpensslUtilsTest : public testing::Test {
30 public:
31 static void SetUpTestCase(void);
32
33 static void TearDownTestCase(void);
34
35 void SetUp();
36
37 void TearDown();
38 };
39
SetUpTestCase(void)40 void VerifyCertOpensslUtilsTest::SetUpTestCase(void)
41 {
42 }
43
TearDownTestCase(void)44 void VerifyCertOpensslUtilsTest::TearDownTestCase(void)
45 {
46 }
SetUp()47 void VerifyCertOpensslUtilsTest::SetUp()
48 {
49 }
50
TearDown()51 void VerifyCertOpensslUtilsTest::TearDown()
52 {
53 }
54
55 /**
56 * @tc.name: Test GetSubjectFromX509 and GetIssuerFromX509 functions.
57 * @tc.desc: The static function will return false due to invalid input;
58 * @tc.type: FUNC
59 */
60 HWTEST_F(VerifyCertOpensslUtilsTest, GetIssuerAndSubjectTest001, TestSize.Level1)
61 {
62 /*
63 * @tc.steps: step1. Use nullptr as input to test GetSubjectFromX509.
64 * @tc.expected: step1. The return is false.
65 */
66 std::string subject;
67 ASSERT_FALSE(VerifyCertOpensslUtils::GetSubjectFromX509(nullptr, subject));
68 /*
69 * @tc.steps: step2. Use nullptr as input to test GetIssuerFromX509.
70 * @tc.expected: step2. The return is false.
71 */
72 std::string issuer;
73 ASSERT_FALSE(VerifyCertOpensslUtils::GetIssuerFromX509(nullptr, issuer));
74 }
75
76 /**
77 * @tc.name: Test VerifyCertChainPeriodOfValidity function.
78 * @tc.desc: Verify whether the VerifyCertChainPeriodOfValidity function can verify validity
79 * period of a certificate chain.
80 * @tc.type: FUNC
81 */
82 HWTEST_F(VerifyCertOpensslUtilsTest, VerifyCertChainPeriodOfValidityTest001, TestSize.Level1)
83 {
84 /*
85 * @tc.steps: step1. Input an empty certChain.
86 * @tc.expected: step1. The return is false.
87 */
88 CertChain certsChain;
89 ASSERT_FALSE(VerifyCertOpensslUtils::VerifyCertChainPeriodOfValidity(certsChain, nullptr));
90 /*
91 * @tc.steps: step3. Input a signTime which out of period of validity.
92 * @tc.expected: step3. The return is false.
93 */
94 ASN1_OCTET_STRING* asnString = ASN1_OCTET_STRING_new();
95 ASSERT_TRUE(asnString != nullptr);
96 ASSERT_TRUE(ASN1_OCTET_STRING_set(asnString, reinterpret_cast<const unsigned char*>(TEST_ANS_TIME.c_str()),
97 static_cast<int>(TEST_ANS_TIME.size())));
98 ASN1_TYPE* time = ASN1_TYPE_new();
99 ASSERT_TRUE(time != nullptr);
100 ASN1_TYPE_set(time, V_ASN1_UTCTIME, asnString);
101 ASSERT_FALSE(VerifyCertOpensslUtils::VerifyCertChainPeriodOfValidity(certsChain, time));
102 /*
103 * @tc.steps: step4. Input a certChain with two nullptr.
104 * @tc.expected: step4. The return iis false.
105 */
106 certsChain.clear();
107 certsChain.push_back(nullptr);
108 certsChain.push_back(nullptr);
109 ASSERT_FALSE(VerifyCertOpensslUtils::VerifyCertChainPeriodOfValidity(certsChain, time));
110 ASN1_TYPE_free(time);
111 }
112
113 /**
114 * @tc.name: Test VerifyCrl function.
115 * @tc.desc: Verify whether the VerifyCrl function can verify a crl.
116 * @tc.type: FUNC
117 */
118 HWTEST_F(VerifyCertOpensslUtilsTest, VerifyCrlTest001, TestSize.Level1)
119 {
120 /*
121 * @tc.steps: step1. Input an empty certChain.
122 * @tc.expected: step1. The return is false.
123 */
124 CertChain certsChain;
125 Pkcs7Context pkcs7Context;
126 VerifyCertOpensslUtils::VerifyCrl(certsChain, nullptr, pkcs7Context);
127 /*
128 * @tc.steps: step2. Input a certChain with two nullptr.
129 * @tc.expected: step2. the return is false.
130 */
131 STACK_OF(X509_CRL)* crls = sk_X509_CRL_new_null();
132 certsChain.push_back(nullptr);
133 certsChain.push_back(nullptr);
134 VerifyCertOpensslUtils::VerifyCrl(certsChain, crls, pkcs7Context);
135 /*
136 * @tc.steps: step5. Input right certChain and crls.
137 * @tc.expected: step5. The return is true.
138 */
139 certsChain.clear();
140 ASSERT_FALSE(VerifyCertOpensslUtils::VerifyCrl(certsChain, crls, pkcs7Context));
141 sk_X509_CRL_pop_free(crls, X509_CRL_free);
142 }
143
144 /**
145 * @tc.name: Test private function
146 * @tc.desc: The static function will return result of invalid input;
147 * @tc.type: FUNC
148 */
149 HWTEST_F(VerifyCertOpensslUtilsTest, PrivateFuncInvalidInputTest001, TestSize.Level1)
150 {
151 /*
152 * @tc.steps: step1. Use invalid input.
153 * @tc.expected: step1. The return is false.
154 */
155 CertSign certVisitSign;
156 VerifyCertOpensslUtils::GenerateCertSignFromCertStack(nullptr, certVisitSign);
157 ASSERT_TRUE(VerifyCertOpensslUtils::FindCertOfIssuer(nullptr, certVisitSign) == nullptr);
158 std::string str = VerifyCertOpensslUtils::GetDnToString(nullptr);
159 ASSERT_FALSE(str.size() > 0);
160 ASSERT_TRUE(VerifyCertOpensslUtils::GetCrlBySignedCertIssuer(nullptr, nullptr) == nullptr);
161 ASSERT_FALSE(VerifyCertOpensslUtils::X509NameCompare(nullptr, nullptr));
162 ASSERT_FALSE(VerifyCertOpensslUtils::CheckSignTimeInValidPeriod(nullptr, nullptr, nullptr));
163 ASSERT_FALSE(VerifyCertOpensslUtils::CheckAsn1TimeIsValid(nullptr));
164 ASSERT_FALSE(VerifyCertOpensslUtils::CheckAsn1TypeIsValid(nullptr));
165 }
166 } // namespace SignatureTools
167 } // namespace OHOS
168