1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #include <openssl/pem.h>
19
20 #include "cert_crl_common.h"
21 #include "cf_blob.h"
22 #include "cf_log.h"
23 #include "cf_mock.h"
24 #include "cf_object_base.h"
25 #include "cf_result.h"
26 #include "crypto_x509_test_common.h"
27 #include "memory_mock.h"
28 #include "securec.h"
29 #include "string"
30 #include "x509_cert_chain.h"
31 #include "x509_cert_chain_openssl.h"
32 #include "x509_certificate_openssl.h"
33
34 using namespace std;
35 using namespace testing::ext;
36 using namespace CFMock;
37
38 using ::testing::_;
39 using ::testing::AnyNumber;
40 using ::testing::Invoke;
41 using ::testing::Return;
42
43 #ifdef __cplusplus
44 extern "C" {
45 #endif
46
47 int __real_OPENSSL_sk_num(const OPENSSL_STACK *st);
48 void *__real_OPENSSL_sk_value(const OPENSSL_STACK *st, int i);
49 int __real_OPENSSL_sk_push(OPENSSL_STACK *st, const void *data);
50 OPENSSL_STACK *__real_OPENSSL_sk_new_null(void);
51 void *__real_X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
52 X509_CRL *__real_X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
53 OCSP_REQUEST *__real_OCSP_REQUEST_new(void);
54 struct stack_st_OPENSSL_STRING *__real_X509_get1_ocsp(X509 *x);
55 int __real_OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
56 char **ppath, char **pquery, char **pfrag);
57 BIO *__real_BIO_new_mem_buf(const void *buf, int len);
58 CfResult __real_HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj);
59 int __real_i2d_X509(X509 *a, unsigned char **out);
60 int __real_X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
61 X509_STORE_CTX *__real_X509_STORE_CTX_new(void);
62 X509_STORE *__real_X509_STORE_new(void);
63 int __real_X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) * chain);
64 int __real_X509_verify_cert(X509_STORE_CTX *ctx);
65 int __real_i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
66 int __real_i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out);
67 int __real_i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **out);
68 CfResult __real_DeepCopyDataToBlob(const unsigned char *data, uint32_t len, CfBlob *outBlob);
69 ASN1_TIME *__real_ASN1_TIME_new(void);
70 EVP_PKEY *__real_X509_get_pubkey(X509 *x);
71 ASN1_OBJECT *__real_OBJ_nid2obj(int n);
72 int __real_OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
73 BIGNUM *__real_BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
74 const ASN1_INTEGER *__real_X509_get0_serialNumber(const X509 *x);
75 int __real_i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out);
76 int __real_ASN1_TIME_normalize(ASN1_TIME *s);
77 ASN1_TIME *__real_X509_getm_notBefore(const X509 *x);
78 ASN1_TIME *__real_X509_getm_notAfter(const X509 *x);
79 void __real_X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor);
80 ASN1_TYPE *__real_ASN1_TYPE_new(void);
81 int __real_ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
82 int __real_i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out);
83 long __real_ASN1_INTEGER_get(const ASN1_INTEGER *a);
84 const unsigned char *__real_ASN1_STRING_get0_data(const ASN1_STRING *x);
85 int __real_i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out);
86 X509_EXTENSION *__real_X509_get_ext(const X509 *x, X509_EXTENSION *loc);
87 void *__real_X509V3_EXT_d2i(X509_EXTENSION *ext);
88 void *__real_GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype);
89 int __real_X509_verify(X509 *a, EVP_PKEY *r);
90 CfResult __real_DeepCopyBlobToBlob(const CfBlob *inBlob, CfBlob **outBlob);
91 char *__real_X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
92 int __real_i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out);
93 int __real_i2d_X509_CRL(X509_CRL *a, unsigned char **out);
94 OPENSSL_STACK *__real_OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f);
95 int __real_OBJ_obj2nid(const ASN1_OBJECT *o);
96 X509 *__real_X509_dup(X509 *x509);
97 int __real_i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out);
98 int __real_X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername);
99 int __real_X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen);
100 const char *__real_OBJ_nid2sn(int n);
101 int __real_ASN1_STRING_length(const ASN1_STRING *x);
102 CfResult __real_DeepCopyDataToOut(const char *data, uint32_t len, CfBlob *out);
103 char *__real_CRYPTO_strdup(const char *str, const char *file, int line);
104 X509_NAME *__real_X509_NAME_new(void);
105 int __real_OBJ_txt2nid(const char *s);
106 int __real_X509_NAME_add_entry_by_NID(
107 X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set);
108 BIO *__real_BIO_new(const BIO_METHOD *type);
109 int __real_X509_print(BIO *bp, X509 *x);
110 long __real_BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
111 int __real_i2d_X509_bio(BIO *bp, X509 *x509);
112 int __real_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
113 bool __real_CheckIsSelfSigned(const X509 *cert);
114
PKCS12_parse_mock(PKCS12 * p12,const char * pass,EVP_PKEY ** pkey,X509 ** cert,STACK_OF (X509)** ca)115 int PKCS12_parse_mock(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) {
116 CF_LOG_I("PKCS12_parse_mock");
117 *cert = X509_new();
118 if (*cert == nullptr) {
119 CF_LOG_E("Failed to malloc cert.");
120 return 0;
121 }
122 return 1;
123 }
124
125 #ifdef __cplusplus
126 }
127 #endif
128
ResetMockFunctionPartOne(void)129 void ResetMockFunctionPartOne(void)
130 {
131 EXPECT_CALL(X509OpensslMock::GetInstance(),
132 OPENSSL_sk_num(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OPENSSL_sk_num));
133 EXPECT_CALL(X509OpensslMock::GetInstance(),
134 OPENSSL_sk_value(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
135 EXPECT_CALL(X509OpensslMock::GetInstance(),
136 BIO_new_mem_buf(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_BIO_new_mem_buf));
137 EXPECT_CALL(X509OpensslMock::GetInstance(),
138 HcfX509CertificateCreate(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_HcfX509CertificateCreate));
139 EXPECT_CALL(X509OpensslMock::GetInstance(),
140 OPENSSL_sk_new_null()).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OPENSSL_sk_new_null));
141 EXPECT_CALL(X509OpensslMock::GetInstance(),
142 i2d_X509(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_X509));
143 EXPECT_CALL(X509OpensslMock::GetInstance(),
144 X509_STORE_add_cert(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_STORE_add_cert));
145 EXPECT_CALL(X509OpensslMock::GetInstance(),
146 X509_STORE_CTX_new()).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_STORE_CTX_new));
147 EXPECT_CALL(X509OpensslMock::GetInstance(),
148 X509_STORE_new()).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_STORE_new));
149 EXPECT_CALL(X509OpensslMock::GetInstance(),
150 X509_STORE_CTX_init(_, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_STORE_CTX_init));
151 EXPECT_CALL(X509OpensslMock::GetInstance(),
152 X509_verify_cert(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_verify_cert));
153 EXPECT_CALL(X509OpensslMock::GetInstance(),
154 i2d_PUBKEY(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_PUBKEY));
155 EXPECT_CALL(X509OpensslMock::GetInstance(),
156 X509_get_ext_d2i(_, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_get_ext_d2i));
157 EXPECT_CALL(X509OpensslMock::GetInstance(),
158 i2d_ASN1_OCTET_STRING(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_ASN1_OCTET_STRING));
159 EXPECT_CALL(X509OpensslMock::GetInstance(),
160 i2d_AUTHORITY_KEYID(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_AUTHORITY_KEYID));
161 EXPECT_CALL(X509OpensslMock::GetInstance(),
162 DeepCopyDataToBlob(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_DeepCopyDataToBlob));
163 EXPECT_CALL(X509OpensslMock::GetInstance(),
164 ASN1_TIME_new()).Times(AnyNumber()).WillRepeatedly(Invoke(__real_ASN1_TIME_new));
165 EXPECT_CALL(X509OpensslMock::GetInstance(),
166 X509_get_pubkey(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_get_pubkey));
167 EXPECT_CALL(X509OpensslMock::GetInstance(),
168 OBJ_nid2obj(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OBJ_nid2obj));
169 EXPECT_CALL(X509OpensslMock::GetInstance(),
170 OBJ_obj2txt(_, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OBJ_obj2txt));
171 }
172
ResetMockFunctionPartTwo(void)173 void ResetMockFunctionPartTwo(void)
174 {
175 EXPECT_CALL(X509OpensslMock::GetInstance(),
176 BN_bin2bn(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_BN_bin2bn));
177 EXPECT_CALL(X509OpensslMock::GetInstance(),
178 X509_get0_serialNumber(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_get0_serialNumber));
179 EXPECT_CALL(X509OpensslMock::GetInstance(),
180 i2d_ASN1_INTEGER(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_ASN1_INTEGER));
181 EXPECT_CALL(X509OpensslMock::GetInstance(),
182 ASN1_TIME_normalize(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_ASN1_TIME_normalize));
183 EXPECT_CALL(X509OpensslMock::GetInstance(),
184 X509_getm_notBefore(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_getm_notBefore));
185 EXPECT_CALL(X509OpensslMock::GetInstance(),
186 X509_getm_notAfter(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_getm_notAfter));
187 EXPECT_CALL(X509OpensslMock::GetInstance(),
188 X509_ALGOR_get0(_, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_ALGOR_get0));
189 EXPECT_CALL(X509OpensslMock::GetInstance(),
190 ASN1_TYPE_new()).Times(AnyNumber()).WillRepeatedly(Invoke(__real_ASN1_TYPE_new));
191 EXPECT_CALL(X509OpensslMock::GetInstance(),
192 ASN1_TYPE_set1(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_ASN1_TYPE_set1));
193 EXPECT_CALL(X509OpensslMock::GetInstance(),
194 i2d_ASN1_TYPE(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_ASN1_TYPE));
195 EXPECT_CALL(X509OpensslMock::GetInstance(),
196 ASN1_INTEGER_get(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_ASN1_INTEGER_get));
197 EXPECT_CALL(X509OpensslMock::GetInstance(),
198 ASN1_STRING_get0_data(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_ASN1_STRING_get0_data));
199 EXPECT_CALL(X509OpensslMock::GetInstance(),
200 i2d_GENERAL_NAME(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_GENERAL_NAME));
201 EXPECT_CALL(X509OpensslMock::GetInstance(),
202 X509_get_ext(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_get_ext));
203 EXPECT_CALL(X509OpensslMock::GetInstance(),
204 X509V3_EXT_d2i(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509V3_EXT_d2i));
205 EXPECT_CALL(X509OpensslMock::GetInstance(),
206 GENERAL_NAME_get0_value(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_GENERAL_NAME_get0_value));
207 EXPECT_CALL(X509OpensslMock::GetInstance(),
208 X509_verify(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_verify));
209 EXPECT_CALL(X509OpensslMock::GetInstance(),
210 DeepCopyBlobToBlob(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_DeepCopyBlobToBlob));
211 }
212
ResetMockFunctionPartThree(void)213 void ResetMockFunctionPartThree(void)
214 {
215 EXPECT_CALL(X509OpensslMock::GetInstance(),
216 X509_NAME_oneline(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_NAME_oneline));
217 EXPECT_CALL(X509OpensslMock::GetInstance(),
218 OPENSSL_sk_push(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OPENSSL_sk_push));
219 EXPECT_CALL(X509OpensslMock::GetInstance(),
220 i2d_X509_REVOKED(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_X509_REVOKED));
221 EXPECT_CALL(X509OpensslMock::GetInstance(),
222 i2d_X509_CRL(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_X509_CRL));
223 EXPECT_CALL(X509OpensslMock::GetInstance(),
224 OPENSSL_sk_deep_copy(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OPENSSL_sk_deep_copy));
225 EXPECT_CALL(X509OpensslMock::GetInstance(),
226 OBJ_obj2nid(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OBJ_obj2nid));
227 EXPECT_CALL(X509OpensslMock::GetInstance(),
228 X509_dup(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_dup));
229 EXPECT_CALL(X509OpensslMock::GetInstance(),
230 i2d_X509_EXTENSIONS(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_X509_EXTENSIONS));
231 EXPECT_CALL(X509OpensslMock::GetInstance(),
232 X509_check_host(_, _, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_check_host));
233 EXPECT_CALL(X509OpensslMock::GetInstance(),
234 OCSP_REQUEST_new()).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OCSP_REQUEST_new));
235 EXPECT_CALL(X509OpensslMock::GetInstance(),
236 X509_CRL_load_http(_, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_CRL_load_http));
237 EXPECT_CALL(X509OpensslMock::GetInstance(),
238 X509_get1_ocsp(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_get1_ocsp));
239 EXPECT_CALL(X509OpensslMock::GetInstance(),
240 OSSL_HTTP_parse_url(_, _, _, _, _, _, _, _, _)).
241 Times(AnyNumber()).WillRepeatedly(Invoke(__real_OSSL_HTTP_parse_url));
242 }
243
ResetMockFunctionPartFour(void)244 void ResetMockFunctionPartFour(void)
245 {
246 EXPECT_CALL(X509OpensslMock::GetInstance(),
247 X509_NAME_get0_der(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_NAME_get0_der));
248 EXPECT_CALL(X509OpensslMock::GetInstance(),
249 OBJ_nid2sn(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OBJ_nid2sn));
250 EXPECT_CALL(X509OpensslMock::GetInstance(),
251 ASN1_STRING_length(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_ASN1_STRING_length));
252 EXPECT_CALL(X509OpensslMock::GetInstance(),
253 DeepCopyDataToOut(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_DeepCopyDataToOut));
254 EXPECT_CALL(X509OpensslMock::GetInstance(),
255 CRYPTO_strdup(_, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_CRYPTO_strdup));
256 EXPECT_CALL(X509OpensslMock::GetInstance(),
257 X509_NAME_new()).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_NAME_new));
258 EXPECT_CALL(X509OpensslMock::GetInstance(),
259 OBJ_txt2nid(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_OBJ_txt2nid));
260 EXPECT_CALL(X509OpensslMock::GetInstance(),
261 X509_NAME_add_entry_by_NID(_, _, _, _, _, _, _)).
262 Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_NAME_add_entry_by_NID));
263 EXPECT_CALL(X509OpensslMock::GetInstance(),
264 BIO_new(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_BIO_new));
265 EXPECT_CALL(X509OpensslMock::GetInstance(),
266 X509_print(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_X509_print));
267 EXPECT_CALL(X509OpensslMock::GetInstance(),
268 BIO_ctrl(_, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_BIO_ctrl));
269 EXPECT_CALL(X509OpensslMock::GetInstance(),
270 i2d_X509_bio(_, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_i2d_X509_bio));
271 EXPECT_CALL(X509OpensslMock::GetInstance(),
272 PKCS12_parse(_, _, _, _, _)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_PKCS12_parse));
273 EXPECT_CALL(X509OpensslMock::GetInstance(),
274 CheckIsSelfSigned(_)).Times(AnyNumber()).WillRepeatedly(Invoke(__real_CheckIsSelfSigned));
275 }
276
ResetMockFunction(void)277 void ResetMockFunction(void)
278 {
279 ResetMockFunctionPartOne();
280 ResetMockFunctionPartTwo();
281 ResetMockFunctionPartThree();
282 ResetMockFunctionPartFour();
283 }
284
285 namespace {
286 class CryptoX509CertChainTestPart2 : public testing::Test {
287 public:
288 static void SetUpTestCase();
289 static void TearDownTestCase();
290 void SetUp();
291 void TearDown();
292 };
293
294 static HcfX509CertChainSpi *g_certChainPemSpi = nullptr;
295 static HcfX509CertChainSpi *g_certChainPemSpi163 = nullptr;
296
297 static CfBlob g_blobDownloadURI = { .size = strlen(g_crlDownloadURI) + 1,
298 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_crlDownloadURI)) };
299
300 static CfBlob g_ocspDigest = { .size = strlen(g_digest) + 1,
301 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_digest)) };
302
FreeHcfRevocationCheckParam(HcfRevocationCheckParam * param)303 static void FreeHcfRevocationCheckParam(HcfRevocationCheckParam *param)
304 {
305 if (param == nullptr) {
306 return;
307 }
308
309 if (param->options != nullptr) {
310 if (param->options->data != nullptr) {
311 CfFree(param->options->data);
312 }
313
314 CfFree(param->options);
315 }
316
317 if (param->ocspResponses != nullptr) {
318 CfFree(param->ocspResponses);
319 }
320
321 if (param->ocspResponderCert != nullptr) {
322 CfObjDestroy(param->ocspResponderCert);
323 }
324
325 CfFree(param);
326 }
327
ConstructHcfRevocationCheckParam(HcfRevChkOption * data,size_t size,CfBlob * ocspResponderURI=NULL,CfBlob * crlDownloadURI=NULL,const CfEncodingBlob * ocspResponderCertStream=NULL)328 static HcfRevocationCheckParam *ConstructHcfRevocationCheckParam(HcfRevChkOption *data, size_t size,
329 CfBlob *ocspResponderURI = NULL, CfBlob *crlDownloadURI = NULL,
330 const CfEncodingBlob *ocspResponderCertStream = NULL)
331 {
332 HcfRevChkOpArray *revChkOpArray = (HcfRevChkOpArray *)CfMalloc(sizeof(HcfRevChkOpArray), 0);
333 if (revChkOpArray == nullptr) {
334 return nullptr;
335 }
336
337 revChkOpArray->count = size;
338 revChkOpArray->data = (HcfRevChkOption *)CfMalloc(revChkOpArray->count * sizeof(HcfRevChkOption), 0);
339 if (revChkOpArray->data == nullptr) {
340 CfFree(revChkOpArray);
341 return nullptr;
342 }
343
344 for (size_t i = 0; i < revChkOpArray->count; i++) {
345 revChkOpArray->data[i] = data[i];
346 }
347
348 CfBlob *resp = (CfBlob *)CfMalloc(sizeof(CfBlob), 0);
349 if (resp == nullptr) {
350 CfFree(revChkOpArray->data);
351 CfFree(revChkOpArray);
352 return nullptr;
353 }
354 resp->data = (uint8_t *)(&g_testOcspResponses[0]);
355 resp->size = sizeof(g_testOcspResponses);
356
357 HcfRevocationCheckParam *param = (HcfRevocationCheckParam *)CfMalloc(sizeof(HcfRevocationCheckParam), 0);
358 if (param == nullptr) {
359 CfFree(revChkOpArray->data);
360 CfFree(revChkOpArray);
361 return nullptr;
362 }
363
364 param->options = revChkOpArray;
365 param->ocspResponses = resp;
366 param->ocspResponderURI = ocspResponderURI;
367 param->crlDownloadURI = crlDownloadURI;
368 param->ocspDigest = &g_ocspDigest;
369
370 if (ocspResponderCertStream != NULL) {
371 (void)HcfX509CertificateCreate(&g_inStreamOcspResponderCert, &(param->ocspResponderCert));
372 if (param->ocspResponderCert == nullptr) {
373 FreeHcfRevocationCheckParam(param);
374 return nullptr;
375 }
376 }
377
378 return param;
379 }
380
SetUpTestCase()381 void CryptoX509CertChainTestPart2::SetUpTestCase()
382 {
383 CfResult ret;
384
385 HcfX509CertChainSpi *certChainSpi = nullptr;
386 ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPem, &certChainSpi);
387 ASSERT_EQ(ret, CF_SUCCESS);
388 ASSERT_NE(certChainSpi, nullptr);
389 g_certChainPemSpi = certChainSpi;
390
391 certChainSpi = nullptr;
392 ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPem163, &certChainSpi);
393 ASSERT_EQ(ret, CF_SUCCESS);
394 ASSERT_NE(certChainSpi, nullptr);
395 g_certChainPemSpi163 = certChainSpi;
396 }
397
TearDownTestCase()398 void CryptoX509CertChainTestPart2::TearDownTestCase()
399 {
400 CfObjDestroy(g_certChainPemSpi);
401 CfObjDestroy(g_certChainPemSpi163);
402 }
403
SetUp()404 void CryptoX509CertChainTestPart2::SetUp() {}
405
TearDown()406 void CryptoX509CertChainTestPart2::TearDown() {}
407
408 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslPolicyTest001, TestSize.Level0)
409 {
410 CF_LOG_I("ValidateOpensslPolicyTest001");
411 ASSERT_NE(g_certChainPemSpi, nullptr);
412
413 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
414 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
415
416 HcfX509CertChainValidateParams params = { 0 };
417 params.trustAnchors = &trustAnchorArray;
418
419 HcfX509CertChainValidateResult result = { 0 };
420 CfResult ret;
421
422 // test ValidatePolicy failed case
423 params.policy = (HcfValPolicyType)-1;
424 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
425 EXPECT_EQ(ret, CF_INVALID_PARAMS);
426
427 params.policy = VALIDATION_POLICY_TYPE_SSL;
428 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
429 EXPECT_EQ(ret, CF_INVALID_PARAMS);
430
431 CfBlob sslHostname = { 0 };
432 params.sslHostname = &sslHostname;
433 X509OpensslMock::SetMockFlag(true);
434 EXPECT_CALL(X509OpensslMock::GetInstance(), X509_check_host(_, _, _, _, _)).WillRepeatedly(Return(0));
435 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
436 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
437 X509OpensslMock::SetMockFlag(false);
438
439 FreeTrustAnchorArr(trustAnchorArray);
440 }
441
442 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslUseageTest001, TestSize.Level0)
443 {
444 CF_LOG_I("ValidateOpensslUseageTest001");
445 ASSERT_NE(g_certChainPemSpi, nullptr);
446
447 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
448 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
449
450 HcfX509CertChainValidateParams params = { 0 };
451 params.trustAnchors = &trustAnchorArray;
452
453 HcfKuArray kuArray = { 0 };
454 kuArray.count = 9;
455 kuArray.data = (HcfKeyUsageType *)CfMalloc(kuArray.count * sizeof(HcfKeyUsageType), 0);
456 kuArray.data[0] = KEYUSAGE_DIGITAL_SIGNATURE;
457 kuArray.data[1] = KEYUSAGE_NON_REPUDIATION;
458 kuArray.data[2] = KEYUSAGE_KEY_ENCIPHERMENT;
459 kuArray.data[3] = KEYUSAGE_DATA_ENCIPHERMENT;
460 kuArray.data[4] = KEYUSAGE_KEY_AGREEMENT;
461 kuArray.data[5] = KEYUSAGE_KEY_CERT_SIGN;
462 kuArray.data[6] = KEYUSAGE_CRL_SIGN;
463 kuArray.data[7] = KEYUSAGE_ENCIPHER_ONLY;
464 kuArray.data[8] = KEYUSAGE_DECIPHER_ONLY;
465
466 params.keyUsage = &kuArray;
467
468 HcfX509CertChainValidateResult result = { 0 };
469 CfResult ret;
470
471 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
472 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
473
474 kuArray.data[8] = (HcfKeyUsageType)-1;
475 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
476 EXPECT_EQ(ret, CF_INVALID_PARAMS);
477
478 // test ValidatePolicy failed case
479 X509OpensslMock::SetMockFlag(true);
480 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
481 .WillOnce(Return(nullptr))
482 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
483 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
484 EXPECT_EQ(ret, CF_INVALID_PARAMS);
485 X509OpensslMock::SetMockFlag(false);
486
487 CfFree(kuArray.data);
488 FreeTrustAnchorArr(trustAnchorArray);
489 }
490
491 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslPart2Test001, TestSize.Level0)
492 {
493 CF_LOG_I("ValidateOpensslPart2Test001");
494 ASSERT_NE(g_certChainPemSpi, nullptr);
495
496 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
497 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
498
499 HcfX509CertChainValidateParams params = { 0 };
500 params.trustAnchors = &trustAnchorArray;
501
502 HcfX509CertChainValidateResult result = { 0 };
503 CfResult ret;
504
505 X509OpensslMock::SetMockFlag(true);
506 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
507 .WillOnce(Return(nullptr))
508 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
509 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
510 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
511 X509OpensslMock::SetMockFlag(false);
512
513 FreeTrustAnchorArr(trustAnchorArray);
514 }
515
516 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslInvaidCertId, TestSize.Level0)
517 {
518 CF_LOG_I("ValidateOpensslInvaidCertId");
519 ASSERT_NE(g_certChainPemSpi, nullptr);
520
521 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
522 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
523
524 HcfX509CertChainValidateParams params = { 0 };
525 params.trustAnchors = &trustAnchorArray;
526
527 HcfRevChkOpArray revChkOpArray = { 0 };
528 revChkOpArray.count = 1;
529 revChkOpArray.data = (HcfRevChkOption *)CfMalloc(revChkOpArray.count * sizeof(HcfRevChkOption), 0);
530 ASSERT_NE(revChkOpArray.data, nullptr);
531 revChkOpArray.data[0] = REVOCATION_CHECK_OPTION_PREFER_OCSP;
532
533 HcfRevocationCheckParam rcp = { 0 };
534 rcp.options = &revChkOpArray;
535 params.revocationCheckParam = &rcp;
536
537 HcfX509CertChainValidateResult result = { 0 };
538 CfResult ret;
539
540 // test ValidateOcspLocal failed case
541 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
542 EXPECT_EQ(ret, CF_INVALID_PARAMS);
543 FreeValidateResult(result);
544
545 // test VerifyOcspSigner failed case
546 CfBlob resp;
547 resp.data = (uint8_t *)(&g_testOcspResponses[0]);
548 resp.size = sizeof(g_testOcspResponses);
549 rcp.ocspResponses = &resp;
550
551 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
552 EXPECT_EQ(ret, CF_INVALID_PARAMS);
553 FreeValidateResult(result);
554
555 FreeTrustAnchorArr(trustAnchorArray);
556 CfFree(revChkOpArray.data);
557 }
558
559 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationLocalTest001, TestSize.Level0)
560 {
561 CF_LOG_I("ValidateOpensslRevocationLocalTest001");
562 ASSERT_NE(g_certChainPemSpi163, nullptr);
563
564 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
565 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
566
567 HcfX509CertChainValidateParams params = { 0 };
568 params.trustAnchors = &trustAnchorArray;
569
570 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_PREFER_OCSP };
571 params.revocationCheckParam = ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]));
572 ASSERT_NE(params.revocationCheckParam, nullptr);
573
574 HcfX509CertChainValidateResult result = { 0 };
575
576 // test ValidateOcspLocal failed case
577 CfResult ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
578 EXPECT_EQ(ret, CF_SUCCESS);
579 FreeValidateResult(result);
580
581 FreeTrustAnchorArr(trustAnchorArray);
582 FreeHcfRevocationCheckParam(params.revocationCheckParam);
583 }
584
585 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationOnLineTest006, TestSize.Level0)
586 {
587 CF_LOG_I("ValidateOpensslRevocationOnLineTest006");
588 ASSERT_NE(g_certChainPemSpi163, nullptr);
589
590 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
591 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
592
593 HcfX509CertChainValidateParams params = { 0 };
594 params.trustAnchors = &trustAnchorArray;
595
596 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_ACCESS_NETWORK };
597 params.revocationCheckParam =
598 ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]), &g_blobDownloadURI, nullptr);
599 ASSERT_NE(params.revocationCheckParam, nullptr);
600
601 FreeTrustAnchorArr(trustAnchorArray);
602 FreeHcfRevocationCheckParam(params.revocationCheckParam);
603 }
604
605 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationOnLineTest009, TestSize.Level0)
606 {
607 CF_LOG_I("ValidateOpensslRevocationOnLineTest009");
608 ASSERT_NE(g_certChainPemSpi163, nullptr);
609
610 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
611 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
612
613 HcfX509CertChainValidateParams params = { 0 };
614 params.trustAnchors = &trustAnchorArray;
615
616 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_PREFER_OCSP, REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER,
617 REVOCATION_CHECK_OPTION_FALLBACK_LOCAL };
618 params.revocationCheckParam =
619 ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]), &g_blobDownloadURI);
620 ASSERT_NE(params.revocationCheckParam, nullptr);
621
622 HcfX509CertChainValidateResult result = { 0 };
623 CfResult ret;
624
625 CF_LOG_I("ValidateOpensslRevocationOnLineTest009 - 1");
626 // test ValidateOcspLocal failed case
627 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
628 EXPECT_EQ(ret, CF_SUCCESS);
629 FreeValidateResult(result);
630
631 CF_LOG_I("ValidateOpensslRevocationOnLineTest009 - 2");
632 (void)HcfX509CertificateCreate(&g_inStreamOcspResponderCert, &(params.revocationCheckParam->ocspResponderCert));
633 ASSERT_NE(params.revocationCheckParam->ocspResponderCert, nullptr);
634 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
635 EXPECT_EQ(ret, CF_SUCCESS);
636 FreeValidateResult(result);
637
638 FreeTrustAnchorArr(trustAnchorArray);
639 FreeHcfRevocationCheckParam(params.revocationCheckParam);
640 CF_LOG_I("ValidateOpensslRevocationOnLineTest009 - ok");
641 }
642
643 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationOnLineTest010, TestSize.Level0)
644 {
645 CF_LOG_I("ValidateOpensslRevocationOnLineTest010");
646 ASSERT_NE(g_certChainPemSpi163, nullptr);
647
648 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
649 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
650
651 HcfX509CertChainValidateParams params = { 0 };
652 params.trustAnchors = &trustAnchorArray;
653
654 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER, REVOCATION_CHECK_OPTION_FALLBACK_LOCAL };
655 params.revocationCheckParam =
656 ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]), &g_blobDownloadURI);
657 ASSERT_NE(params.revocationCheckParam, nullptr);
658
659 HcfX509CertChainValidateResult result = { 0 };
660 CfResult ret;
661
662 CF_LOG_I("ValidateOpensslRevocationOnLineTest010 - 1");
663 // test ValidateOcspLocal failed case
664 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
665 EXPECT_EQ(ret, CF_SUCCESS);
666 FreeValidateResult(result);
667
668 CF_LOG_I("ValidateOpensslRevocationOnLineTest010 - 2");
669 (void)HcfX509CertificateCreate(&g_inStreamOcspResponderCert, &(params.revocationCheckParam->ocspResponderCert));
670 ASSERT_NE(params.revocationCheckParam->ocspResponderCert, nullptr);
671 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
672 EXPECT_EQ(ret, CF_SUCCESS);
673 FreeValidateResult(result);
674
675 FreeTrustAnchorArr(trustAnchorArray);
676 FreeHcfRevocationCheckParam(params.revocationCheckParam);
677 CF_LOG_I("ValidateOpensslRevocationOnLineTest010 - ok");
678 }
679
BuildX509CertMatchParamsData(const CfEncodingBlob * certInStream,const CfEncodingBlob * crlInStream,HcfX509CertChainValidateParams * params)680 static void BuildX509CertMatchParamsData(
681 const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream, HcfX509CertChainValidateParams *params)
682 {
683 if (certInStream == nullptr || params == nullptr) {
684 return;
685 }
686
687 CfBlob *blob = (CfBlob *)CfMalloc(sizeof(CfBlob), 0);
688 ASSERT_NE(blob, nullptr);
689 blob->data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testUpdateDateTime));
690 blob->size = strlen(g_testUpdateDateTime) + 1;
691 params->date = blob;
692
693 HcfX509TrustAnchorArray *trustAnchorArray =
694 (HcfX509TrustAnchorArray *)CfMalloc(sizeof(HcfX509TrustAnchorArray), 0);
695 ASSERT_NE(trustAnchorArray, nullptr);
696 BuildAnchorArr(*certInStream, *trustAnchorArray);
697
698 HcfCertCRLCollectionArray *certCRLCollections =
699 (HcfCertCRLCollectionArray *)CfMalloc(sizeof(HcfCertCRLCollectionArray), 0);
700 ASSERT_NE(certCRLCollections, nullptr);
701 BuildCollectionArr(certInStream, crlInStream, *certCRLCollections);
702
703 params->trustAnchors = trustAnchorArray;
704 params->certCRLCollections = certCRLCollections;
705 }
706
FreeX509CertMatchParamsData(HcfX509CertChainValidateParams * params)707 static void FreeX509CertMatchParamsData(HcfX509CertChainValidateParams *params)
708 {
709 if (params == nullptr) {
710 return;
711 }
712
713 if (params->date != nullptr) {
714 CfFree(params->date);
715 params->date = nullptr;
716 }
717
718 if (params->trustAnchors != nullptr) {
719 FreeTrustAnchorArr(*(params->trustAnchors));
720 CfFree(params->trustAnchors);
721 params->trustAnchors = nullptr;
722 }
723
724 if (params->certCRLCollections != nullptr) {
725 FreeCertCrlCollectionArr(*(params->certCRLCollections));
726 CfFree(params->certCRLCollections);
727 params->certCRLCollections = nullptr;
728 }
729 }
730
731 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CertChainByParamsSpiCreateTest001, TestSize.Level0)
732 {
733 CF_LOG_I("HcfX509CertChainByParamsSpiCreateTest001");
734 HcfX509CertChainBuildParameters inParams;
735 memset_s(&inParams, sizeof(HcfX509CertChainBuildParameters), 0, sizeof(HcfX509CertChainBuildParameters));
736 HcfX509CertChainSpi *spi = nullptr;
737
738 CfResult result;
739
740 inParams.maxlength = -1;
741
742 CfEncodingBlob inStream = { 0 };
743 inStream.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCertValid));
744 inStream.encodingFormat = CF_FORMAT_PEM;
745 inStream.len = strlen(g_testSelfSignedCaCertValid) + 1;
746
747 BuildX509CertMatchParamsData(&inStream, NULL, &inParams.validateParameters);
748
749 CfBlob issue;
750 issue.data = const_cast<uint8_t *>(g_testIssuerValid);
751 issue.size = sizeof(g_testIssuerValid);
752 inParams.certMatchParameters.issuer = &issue;
753 inParams.certMatchParameters.minPathLenConstraint = -1;
754
755 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
756 EXPECT_EQ(result, CF_SUCCESS);
757 EXPECT_NE(spi, nullptr);
758 CfObjDestroy(spi);
759
760 // test inParams.maxlength
761 inParams.maxlength = 2;
762 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
763 EXPECT_EQ(result, CF_SUCCESS);
764 EXPECT_NE(spi, nullptr);
765 CfObjDestroy(spi);
766
767 FreeX509CertMatchParamsData(&inParams.validateParameters);
768 }
769
770 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CertChainByParamsSpiCreateInvalidParamTest, TestSize.Level0)
771 {
772 CF_LOG_I("HcfX509CertChainByParamsSpiCreateInvalidParamTest");
773 HcfX509CertChainBuildParameters inParams;
774 memset_s(&inParams, sizeof(HcfX509CertChainBuildParameters), 0, sizeof(HcfX509CertChainBuildParameters));
775 HcfX509CertChainSpi *spi = nullptr;
776
777 CfResult result = HcfX509CertChainByParamsSpiCreate(NULL, &spi);
778 EXPECT_EQ(result, CF_INVALID_PARAMS);
779
780 result = HcfX509CertChainByParamsSpiCreate(&inParams, NULL);
781 EXPECT_EQ(result, CF_INVALID_PARAMS);
782
783 result = HcfX509CertChainByParamsSpiCreate(NULL, NULL);
784 EXPECT_EQ(result, CF_INVALID_PARAMS);
785 }
786
787 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CertChainByParamsSpiCreateTest002, TestSize.Level0)
788 {
789 CF_LOG_I("HcfX509CertChainByParamsSpiCreateTest002");
790 HcfX509CertChainBuildParameters inParams;
791 memset_s(&inParams, sizeof(HcfX509CertChainBuildParameters), 0, sizeof(HcfX509CertChainBuildParameters));
792 HcfX509CertChainSpi *spi = nullptr;
793
794 inParams.maxlength = -1;
795
796 CfEncodingBlob inStream = { 0 };
797 inStream.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCertValid));
798 inStream.encodingFormat = CF_FORMAT_PEM;
799 inStream.len = strlen(g_testSelfSignedCaCertValid) + 1;
800
801 BuildX509CertMatchParamsData(&inStream, NULL, &inParams.validateParameters);
802
803 CfBlob issue;
804 issue.data = const_cast<uint8_t *>(g_testIssuerValid);
805 issue.size = sizeof(g_testIssuerValid);
806 inParams.certMatchParameters.issuer = &issue;
807 inParams.certMatchParameters.minPathLenConstraint = -1;
808
809 // test HcfX509CertChainByParamsSpiCreate failed case
810 X509OpensslMock::SetMockFlag(true);
811 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null())
812 .WillOnce(Return(nullptr))
813 .WillRepeatedly(Invoke(__real_OPENSSL_sk_new_null));
814 CfResult result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
815 EXPECT_EQ(result, CF_ERR_MALLOC);
816 X509OpensslMock::SetMockFlag(false);
817
818 X509OpensslMock::SetMockFlag(true);
819 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null())
820 .WillOnce(Invoke(__real_OPENSSL_sk_new_null))
821 .WillOnce(Return(nullptr))
822 .WillRepeatedly(Invoke(__real_OPENSSL_sk_new_null));
823 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
824 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
825 X509OpensslMock::SetMockFlag(false);
826
827 X509OpensslMock::SetMockFlag(true);
828 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null())
829 .WillOnce(Invoke(__real_OPENSSL_sk_new_null))
830 .WillOnce(Invoke(__real_OPENSSL_sk_new_null))
831 .WillOnce(Return(nullptr))
832 .WillRepeatedly(Invoke(__real_OPENSSL_sk_new_null));
833 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
834 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
835 X509OpensslMock::SetMockFlag(false);
836
837 // test CfMalloc failed case in HcfX509CertChainByParamsSpiCreate
838 SetMockFlag(true);
839 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
840 EXPECT_EQ(result, CF_ERR_MALLOC);
841 SetMockFlag(false);
842
843 FreeX509CertMatchParamsData(&inParams.validateParameters);
844 }
845
846 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CertChainByParamsSpiCreateTest003, TestSize.Level0)
847 {
848 CF_LOG_I("HcfX509CertChainByParamsSpiCreateTest003");
849 HcfX509CertChainBuildParameters inParams;
850 memset_s(&inParams, sizeof(HcfX509CertChainBuildParameters), 0, sizeof(HcfX509CertChainBuildParameters));
851 HcfX509CertChainSpi *spi = nullptr;
852
853 CfResult result;
854
855 inParams.maxlength = -1;
856
857 CfEncodingBlob inStream = { 0 };
858 inStream.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCertValid));
859 inStream.encodingFormat = CF_FORMAT_PEM;
860 inStream.len = strlen(g_testSelfSignedCaCertValid) + 1;
861
862 BuildX509CertMatchParamsData(&inStream, NULL, &inParams.validateParameters);
863
864 CfBlob issue;
865 issue.data = const_cast<uint8_t *>(g_testIssuerValid);
866 issue.size = sizeof(g_testIssuerValid);
867 inParams.certMatchParameters.issuer = &issue;
868 inParams.certMatchParameters.minPathLenConstraint = -1;
869
870 X509OpensslMock::SetMockFlag(true);
871 ResetMockFunction();
872 EXPECT_CALL(X509OpensslMock::GetInstance(), X509_dup(_))
873 .WillOnce(Return(nullptr))
874 .WillRepeatedly(Invoke(__real_X509_dup));
875 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
876 EXPECT_EQ(result, CF_ERR_MALLOC);
877
878 ResetMockFunction();
879 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_push(_, _))
880 .WillOnce(Return(-1))
881 .WillRepeatedly(Invoke(__real_OPENSSL_sk_push));
882 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
883 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
884 X509OpensslMock::SetMockFlag(false);
885
886
887 X509OpensslMock::SetHcfMockFlag(true);
888 EXPECT_CALL(X509OpensslMock::GetInstance(), CheckIsSelfSigned(_))
889 .WillRepeatedly(Return(true))
890 .RetiresOnSaturation();
891 result = HcfX509CertChainByParamsSpiCreate(&inParams, &spi);
892 EXPECT_EQ(result, CF_INVALID_PARAMS);
893 X509OpensslMock::SetHcfMockFlag(false);
894
895 FreeX509CertMatchParamsData(&inParams.validateParameters);
896 }
897
FreeHcfX509CertChainBuildResult(HcfX509CertChainBuildResult * result)898 static void FreeHcfX509CertChainBuildResult(HcfX509CertChainBuildResult *result)
899 {
900 if (result == nullptr) {
901 return;
902 }
903
904 CfObjDestroy(result->certChain);
905 CfFree(result);
906 }
907
908 HWTEST_F(CryptoX509CertChainTestPart2, HcfCertChainBuildResultCreateTest001, TestSize.Level0)
909 {
910 CF_LOG_I("HcfCertChainBuildResultCreateTest001");
911 HcfX509CertChainBuildParameters inParams;
912 memset_s(&inParams, sizeof(HcfX509CertChainBuildParameters), 0, sizeof(HcfX509CertChainBuildParameters));
913 HcfX509CertChainBuildResult *returnObj = nullptr;
914 CfEncodingBlob inStream = { 0 };
915 inStream.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCertValid));
916 inStream.encodingFormat = CF_FORMAT_PEM;
917 inStream.len = strlen(g_testSelfSignedCaCertValid) + 1;
918
919 BuildX509CertMatchParamsData(&inStream, NULL, &inParams.validateParameters);
920
921 inParams.maxlength = 100;
922
923 CfBlob issue;
924 issue.data = const_cast<uint8_t *>(g_testIssuerValid);
925 issue.size = sizeof(g_testIssuerValid);
926 inParams.certMatchParameters.issuer = &issue;
927 inParams.certMatchParameters.minPathLenConstraint = -1;
928
929 CfResult result = HcfCertChainBuildResultCreate(&inParams, &returnObj);
930 EXPECT_EQ(result, CF_SUCCESS);
931 EXPECT_NE(returnObj, nullptr);
932 FreeHcfX509CertChainBuildResult(returnObj);
933 returnObj = nullptr;
934
935 result = HcfCertChainBuildResultCreate(NULL, &returnObj);
936 EXPECT_EQ(result, CF_INVALID_PARAMS);
937
938 result = HcfCertChainBuildResultCreate(&inParams, NULL);
939 EXPECT_EQ(result, CF_INVALID_PARAMS);
940
941 result = HcfCertChainBuildResultCreate(NULL, NULL);
942 EXPECT_EQ(result, CF_INVALID_PARAMS);
943
944 FreeX509CertMatchParamsData(&inParams.validateParameters);
945 }
946
947 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CreateTrustAnchorWithKeyStoreFuncTest001, TestSize.Level0)
948 {
949 CF_LOG_I("HcfX509CreateTrustAnchorWithKeyStoreFuncTest001");
950 CfBlob keyStore;
951 CfBlob pwd;
952 HcfX509TrustAnchorArray *trustAnchorArray = NULL;
953
954 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
955 keyStore.size = sizeof(g_testChainKeystore);
956 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
957 pwd.size = strlen(g_testKeystorePwd) + 1;
958 CfResult result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
959 EXPECT_EQ(result, CF_SUCCESS);
960 EXPECT_EQ(trustAnchorArray != NULL, true);
961 assert(trustAnchorArray->count > 0);
962 FreeTrustAnchorArr(*trustAnchorArray);
963 CfFree(trustAnchorArray);
964 trustAnchorArray = NULL;
965
966 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(NULL, &pwd, &trustAnchorArray);
967 EXPECT_EQ(result, CF_INVALID_PARAMS);
968
969 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, NULL, &trustAnchorArray);
970 EXPECT_EQ(result, CF_INVALID_PARAMS);
971
972 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, NULL);
973 EXPECT_EQ(result, CF_INVALID_PARAMS);
974
975 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(NULL, NULL, &trustAnchorArray);
976 EXPECT_EQ(result, CF_INVALID_PARAMS);
977
978 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(NULL, NULL, NULL);
979 EXPECT_EQ(result, CF_INVALID_PARAMS);
980
981 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, NULL, NULL);
982 EXPECT_EQ(result, CF_INVALID_PARAMS);
983
984 keyStore.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCert));
985 keyStore.size = strlen(g_testSelfSignedCaCert) + 1;
986
987 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
988 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
989 }
990
991 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CreateTrustAnchorWithKeyStoreFuncTest002, TestSize.Level0)
992 {
993 CF_LOG_I("HcfX509CreateTrustAnchorWithKeyStoreFuncTest002");
994 CfBlob keyStore;
995 CfBlob pwd;
996 HcfX509TrustAnchorArray *trustAnchorArray = NULL;
997
998 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
999 keyStore.size = sizeof(g_testChainKeystore);
1000 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1001 pwd.size = strlen(g_testKeystorePwd) + 1;
1002
1003 X509OpensslMock::SetMockFlag(true);
1004 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1005 .WillOnce(Return(0))
1006 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1007 CfResult result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1008 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1009 X509OpensslMock::SetMockFlag(false);
1010
1011 X509OpensslMock::SetMockFlag(true);
1012 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1013 .WillOnce(Return(1))
1014 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1015 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1016 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1017 X509OpensslMock::SetMockFlag(false);
1018
1019 X509OpensslMock::SetMockFlag(true);
1020 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1021 .WillOnce(Return(1))
1022 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1023 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1024 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1025 X509OpensslMock::SetMockFlag(false);
1026
1027 X509OpensslMock::SetMockFlag(true);
1028 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1029 .WillOnce(Invoke(PKCS12_parse_mock))
1030 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1031 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1032 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1033 X509OpensslMock::SetMockFlag(false);
1034 }
1035
1036 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CreateTrustAnchorWithKeyStoreFuncTest003, TestSize.Level0)
1037 {
1038 CF_LOG_I("HcfX509CreateTrustAnchorWithKeyStoreFuncTest003");
1039 CfBlob keyStore;
1040 CfBlob pwd;
1041 HcfX509TrustAnchorArray *trustAnchorArray = NULL;
1042
1043 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1044 keyStore.size = sizeof(g_testChainKeystore);
1045 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1046 pwd.size = strlen(g_testKeystorePwd) + 1;
1047
1048 X509OpensslMock::SetMockFlag(true);
1049 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_))
1050 .WillOnce(Return(-1))
1051 .WillRepeatedly(Invoke(__real_OPENSSL_sk_num));
1052 CfResult result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1053 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1054 X509OpensslMock::SetMockFlag(false);
1055
1056 SetMockFlag(true);
1057 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1058 EXPECT_EQ(result, CF_ERR_MALLOC);
1059 SetMockFlag(false);
1060
1061 StartRecordMallocNum();
1062 SetMockMallocIndex(1);
1063 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1064 EXPECT_EQ(result, CF_ERR_MALLOC);
1065 EndRecordMallocNum();
1066
1067 StartRecordMallocNum();
1068 SetMockMallocIndex(2);
1069 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1070 EXPECT_EQ(result, CF_ERR_MALLOC);
1071 EndRecordMallocNum();
1072 }
1073
1074 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CreateTrustAnchorWithKeyStoreFuncTest004, TestSize.Level0)
1075 {
1076 CF_LOG_I("HcfX509CreateTrustAnchorWithKeyStoreFuncTest004");
1077 CfBlob keyStore;
1078 CfBlob pwd;
1079 HcfX509TrustAnchorArray *trustAnchorArray = NULL;
1080
1081 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1082 keyStore.size = sizeof(g_testChainKeystore);
1083 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1084 pwd.size = strlen(g_testKeystorePwd) + 1;
1085
1086 X509OpensslMock::SetMockFlag(true);
1087 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_))
1088 .WillOnce(Invoke(__real_OPENSSL_sk_num))
1089 .WillOnce(Return(-1))
1090 .WillRepeatedly(Invoke(__real_OPENSSL_sk_num));
1091 CfResult result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1092 EXPECT_EQ(result, CF_SUCCESS);
1093 X509OpensslMock::SetMockFlag(false);
1094 FreeTrustAnchorArr(*trustAnchorArray);
1095 CfFree(trustAnchorArray);
1096 trustAnchorArray = NULL;
1097
1098 X509OpensslMock::SetMockFlag(true);
1099 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
1100 .WillOnce(Return(nullptr))
1101 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
1102 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1103 EXPECT_EQ(result, CF_SUCCESS);
1104 X509OpensslMock::SetMockFlag(false);
1105 FreeTrustAnchorArr(*trustAnchorArray);
1106 CfFree(trustAnchorArray);
1107 trustAnchorArray = NULL;
1108 }
1109
1110 HWTEST_F(CryptoX509CertChainTestPart2, HcfX509CreateTrustAnchorWithKeyStoreFuncTest005, TestSize.Level0)
1111 {
1112 CF_LOG_I("HcfX509CreateTrustAnchorWithKeyStoreFuncTest005");
1113 CfBlob keyStore;
1114 CfBlob pwd;
1115 HcfX509TrustAnchorArray *trustAnchorArray = NULL;
1116
1117 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1118 keyStore.size = sizeof(g_testChainKeystore);
1119 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1120 pwd.size = strlen(g_testKeystorePwd) + 1;
1121
1122 X509OpensslMock::SetMockFlag(true);
1123 EXPECT_CALL(X509OpensslMock::GetInstance(), i2d_X509(_, _))
1124 .WillOnce(Return(-1))
1125 .WillRepeatedly(Invoke(__real_i2d_X509));
1126 CfResult result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1127 EXPECT_EQ(result, CF_SUCCESS);
1128 X509OpensslMock::SetMockFlag(false);
1129 FreeTrustAnchorArr(*trustAnchorArray);
1130 CfFree(trustAnchorArray);
1131 trustAnchorArray = NULL;
1132
1133 X509OpensslMock::SetMockFlag(true);
1134 EXPECT_CALL(X509OpensslMock::GetInstance(), HcfX509CertificateCreate(_, _))
1135 .WillOnce(Return(CF_INVALID_PARAMS))
1136 .WillRepeatedly(Invoke(__real_HcfX509CertificateCreate));
1137 result = HcfX509CreateTrustAnchorWithKeyStoreFunc(&keyStore, &pwd, &trustAnchorArray);
1138 EXPECT_EQ(result, CF_SUCCESS);
1139 X509OpensslMock::SetMockFlag(false);
1140 FreeTrustAnchorArr(*trustAnchorArray);
1141 CfFree(trustAnchorArray);
1142 trustAnchorArray = NULL;
1143 }
1144
1145 HWTEST_F(CryptoX509CertChainTestPart2, HcfCreateTrustAnchorWithKeyStoreTest001, TestSize.Level0)
1146 {
1147 CF_LOG_I("HcfCreateTrustAnchorWithKeyStoreTest001");
1148 CfBlob keyStore;
1149 CfBlob pwd;
1150 HcfX509TrustAnchorArray *trustAnchorArray = NULL;
1151
1152 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1153 keyStore.size = sizeof(g_testChainKeystore);
1154 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1155 pwd.size = sizeof(g_testKeystorePwd);
1156 CfResult result = HcfCreateTrustAnchorWithKeyStore(&keyStore, &pwd, &trustAnchorArray);
1157 EXPECT_EQ(result, CF_SUCCESS);
1158 ASSERT_TRUE(trustAnchorArray != NULL);
1159 assert(trustAnchorArray->count > 0);
1160 FreeTrustAnchorArr(*trustAnchorArray);
1161 CfFree(trustAnchorArray);
1162 trustAnchorArray = NULL;
1163
1164 result = HcfCreateTrustAnchorWithKeyStore(NULL, &pwd, &trustAnchorArray);
1165 EXPECT_EQ(result, CF_INVALID_PARAMS);
1166
1167 result = HcfCreateTrustAnchorWithKeyStore(&keyStore, NULL, &trustAnchorArray);
1168 EXPECT_EQ(result, CF_INVALID_PARAMS);
1169
1170 result = HcfCreateTrustAnchorWithKeyStore(&keyStore, &pwd, NULL);
1171 EXPECT_EQ(result, CF_INVALID_PARAMS);
1172
1173 result = HcfCreateTrustAnchorWithKeyStore(NULL, NULL, &trustAnchorArray);
1174 EXPECT_EQ(result, CF_INVALID_PARAMS);
1175
1176 result = HcfCreateTrustAnchorWithKeyStore(NULL, NULL, NULL);
1177 EXPECT_EQ(result, CF_INVALID_PARAMS);
1178
1179 result = HcfCreateTrustAnchorWithKeyStore(&keyStore, NULL, NULL);
1180 EXPECT_EQ(result, CF_INVALID_PARAMS);
1181
1182 keyStore.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCert));
1183 keyStore.size = strlen(g_testSelfSignedCaCert) + 1;
1184
1185 result = HcfCreateTrustAnchorWithKeyStore(&keyStore, &pwd, &trustAnchorArray);
1186 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1187 }
1188
FreeHcfX509P12Collection(HcfX509P12Collection * p12Collection)1189 static void FreeHcfX509P12Collection(HcfX509P12Collection *p12Collection)
1190 {
1191 if (p12Collection == NULL) {
1192 return;
1193 }
1194 if (p12Collection->cert != NULL) {
1195 CfFree(p12Collection->cert);
1196 }
1197 if (p12Collection->prikey != NULL && p12Collection->prikey->data != NULL) {
1198 CfFree(p12Collection->prikey->data);
1199 CfFree(p12Collection->prikey);
1200 }
1201 if (p12Collection->otherCerts != NULL && p12Collection->otherCertsCount != 0) {
1202 for (uint32_t i = 0; i < p12Collection->otherCertsCount; i++) {
1203 if (p12Collection->otherCerts[i] != NULL) {
1204 CfFree(p12Collection->otherCerts[i]);
1205 }
1206 }
1207 CfFree(p12Collection->otherCerts);
1208 }
1209 CfFree(p12Collection);
1210 }
1211
1212 HWTEST_F(CryptoX509CertChainTestPart2, HcfParsePKCS12Test001, TestSize.Level0)
1213 {
1214 CF_LOG_I("HcfParsePKCS12Test001");
1215 CfBlob keyStore;
1216 CfBlob pwd;
1217 HcfX509P12Collection *p12Collection = NULL;
1218 HcfParsePKCS12Conf conf = { 0 };
1219
1220 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1221 keyStore.size = sizeof(g_testChainKeystore);
1222 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1223 pwd.size = strlen(g_testKeystorePwd) + 1;
1224 conf.pwd = &pwd;
1225 CfResult result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1226 EXPECT_EQ(result, CF_SUCCESS);
1227 EXPECT_EQ(p12Collection != NULL, true);
1228 FreeHcfX509P12Collection(p12Collection);
1229 p12Collection = NULL;
1230
1231 result = HcfParsePKCS12(NULL, &conf, &p12Collection);
1232 EXPECT_EQ(result, CF_INVALID_PARAMS);
1233
1234 result = HcfParsePKCS12(&keyStore, NULL, &p12Collection);
1235 EXPECT_EQ(result, CF_INVALID_PARAMS);
1236
1237 result = HcfParsePKCS12(&keyStore, &conf, NULL);
1238 EXPECT_EQ(result, CF_INVALID_PARAMS);
1239
1240 result = HcfParsePKCS12(NULL, NULL, &p12Collection);
1241 EXPECT_EQ(result, CF_INVALID_PARAMS);
1242
1243 result = HcfParsePKCS12(NULL, NULL, NULL);
1244 EXPECT_EQ(result, CF_INVALID_PARAMS);
1245
1246 result = HcfParsePKCS12(&keyStore, NULL, NULL);
1247 EXPECT_EQ(result, CF_INVALID_PARAMS);
1248
1249 keyStore.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCert));
1250 keyStore.size = strlen(g_testSelfSignedCaCert) + 1;
1251
1252 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1253 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1254 }
1255
1256 HWTEST_F(CryptoX509CertChainTestPart2, HcfParsePKCS12Test002, TestSize.Level0)
1257 {
1258 CF_LOG_I("HcfParsePKCS12Test002");
1259 CfBlob keyStore;
1260 CfBlob pwd;
1261 HcfX509P12Collection *p12Collection = NULL;
1262 HcfParsePKCS12Conf conf = { 0 };
1263
1264 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1265 keyStore.size = sizeof(g_testChainKeystore);
1266 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1267 pwd.size = strlen(g_testKeystorePwd) + 1;
1268 conf.pwd = &pwd;
1269
1270 X509OpensslMock::SetMockFlag(true);
1271 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1272 .WillOnce(Return(0))
1273 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1274 CfResult result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1275 EXPECT_EQ(result, CF_ERR_CRYPTO_OPERATION);
1276 X509OpensslMock::SetMockFlag(false);
1277
1278 X509OpensslMock::SetMockFlag(true);
1279 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1280 .WillOnce(Return(1))
1281 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1282 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1283 EXPECT_EQ(result, CF_SUCCESS);
1284 FreeHcfX509P12Collection(p12Collection);
1285 p12Collection = NULL;
1286 X509OpensslMock::SetMockFlag(false);
1287
1288 X509OpensslMock::SetMockFlag(true);
1289 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1290 .WillOnce(Return(1))
1291 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1292 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1293 EXPECT_EQ(result, CF_SUCCESS);
1294 FreeHcfX509P12Collection(p12Collection);
1295 p12Collection = NULL;
1296 X509OpensslMock::SetMockFlag(false);
1297
1298 X509OpensslMock::SetMockFlag(true);
1299 EXPECT_CALL(X509OpensslMock::GetInstance(), PKCS12_parse(_, _, _, _, _))
1300 .WillOnce(Invoke(PKCS12_parse_mock))
1301 .WillRepeatedly(Invoke(__real_PKCS12_parse));
1302 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1303 EXPECT_EQ(result, CF_SUCCESS);
1304 FreeHcfX509P12Collection(p12Collection);
1305 p12Collection = NULL;
1306 X509OpensslMock::SetMockFlag(false);
1307 }
1308
1309 HWTEST_F(CryptoX509CertChainTestPart2, HcfParsePKCS12Test003, TestSize.Level0)
1310 {
1311 CF_LOG_I("HcfParsePKCS12Test003");
1312 CfBlob keyStore;
1313 CfBlob pwd;
1314 HcfX509P12Collection *p12Collection = NULL;
1315 HcfParsePKCS12Conf conf = { 0 };
1316
1317 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1318 keyStore.size = sizeof(g_testChainKeystore);
1319 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1320 pwd.size = strlen(g_testKeystorePwd) + 1;
1321 conf.pwd = &pwd;
1322
1323 X509OpensslMock::SetMockFlag(true);
1324 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_))
1325 .WillOnce(Return(-1))
1326 .WillRepeatedly(Invoke(__real_OPENSSL_sk_num));
1327 CfResult result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1328 EXPECT_EQ(result, CF_SUCCESS);
1329 FreeHcfX509P12Collection(p12Collection);
1330 p12Collection = NULL;
1331 X509OpensslMock::SetMockFlag(false);
1332
1333 SetMockFlag(true);
1334 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1335 EXPECT_EQ(result, CF_ERR_MALLOC);
1336 SetMockFlag(false);
1337
1338 StartRecordMallocNum();
1339 SetMockMallocIndex(1);
1340 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1341 EXPECT_EQ(result, CF_SUCCESS);
1342 FreeHcfX509P12Collection(p12Collection);
1343 p12Collection = NULL;
1344 EndRecordMallocNum();
1345
1346 StartRecordMallocNum();
1347 SetMockMallocIndex(2);
1348 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1349 EXPECT_EQ(result, CF_SUCCESS);
1350 FreeHcfX509P12Collection(p12Collection);
1351 p12Collection = NULL;
1352 EndRecordMallocNum();
1353 }
1354
1355 HWTEST_F(CryptoX509CertChainTestPart2, HcfParsePKCS12Test004, TestSize.Level0)
1356 {
1357 CF_LOG_I("HcfParsePKCS12Test004");
1358 CfBlob keyStore;
1359 CfBlob pwd;
1360 HcfX509P12Collection *p12Collection = NULL;
1361 HcfParsePKCS12Conf conf = { 0 };
1362
1363 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1364 keyStore.size = sizeof(g_testChainKeystore);
1365 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1366 pwd.size = strlen(g_testKeystorePwd) + 1;
1367 conf.pwd = &pwd;
1368
1369 X509OpensslMock::SetMockFlag(true);
1370 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_num(_))
1371 .WillOnce(Invoke(__real_OPENSSL_sk_num))
1372 .WillOnce(Return(-1))
1373 .WillRepeatedly(Invoke(__real_OPENSSL_sk_num));
1374 CfResult result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1375 EXPECT_EQ(result, CF_SUCCESS);
1376 X509OpensslMock::SetMockFlag(false);
1377 FreeHcfX509P12Collection(p12Collection);
1378 p12Collection = NULL;
1379
1380 X509OpensslMock::SetMockFlag(true);
1381 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
1382 .WillOnce(Return(nullptr))
1383 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
1384 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1385 EXPECT_EQ(result, CF_SUCCESS);
1386 X509OpensslMock::SetMockFlag(false);
1387 FreeHcfX509P12Collection(p12Collection);
1388 p12Collection = NULL;
1389 }
1390
1391 HWTEST_F(CryptoX509CertChainTestPart2, HcfParsePKCS12Test005, TestSize.Level0)
1392 {
1393 CF_LOG_I("HcfParsePKCS12Test005");
1394 CfBlob keyStore;
1395 CfBlob pwd;
1396 HcfX509P12Collection *p12Collection = NULL;
1397 HcfParsePKCS12Conf conf = { 0 };
1398
1399 keyStore.data = const_cast<uint8_t *>(g_testChainKeystore);
1400 keyStore.size = sizeof(g_testChainKeystore);
1401 pwd.data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_testKeystorePwd));
1402 pwd.size = strlen(g_testKeystorePwd) + 1;
1403 conf.pwd = &pwd;
1404
1405 X509OpensslMock::SetMockFlag(true);
1406 EXPECT_CALL(X509OpensslMock::GetInstance(), i2d_X509(_, _))
1407 .WillOnce(Return(-1))
1408 .WillRepeatedly(Invoke(__real_i2d_X509));
1409 CfResult result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1410 EXPECT_EQ(result, CF_SUCCESS);
1411 X509OpensslMock::SetMockFlag(false);
1412 FreeHcfX509P12Collection(p12Collection);
1413 p12Collection = NULL;
1414
1415 X509OpensslMock::SetMockFlag(true);
1416 EXPECT_CALL(X509OpensslMock::GetInstance(), HcfX509CertificateCreate(_, _))
1417 .WillOnce(Return(CF_INVALID_PARAMS))
1418 .WillRepeatedly(Invoke(__real_HcfX509CertificateCreate));
1419 result = HcfParsePKCS12(&keyStore, &conf, &p12Collection);
1420 EXPECT_EQ(result, CF_SUCCESS);
1421 X509OpensslMock::SetMockFlag(false);
1422 FreeHcfX509P12Collection(p12Collection);
1423 p12Collection = NULL;
1424 }
1425 } // namespace
1426