• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/ssl/ssl_platform_key_android.h"
6 
7 #include <string>
8 
9 #include "base/android/jni_android.h"
10 #include "base/android/jni_array.h"
11 #include "base/android/scoped_java_ref.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "net/android/keystore.h"
15 #include "net/cert/x509_certificate.h"
16 #include "net/ssl/ssl_private_key.h"
17 #include "net/ssl/ssl_private_key_test_util.h"
18 #include "net/test/cert_test_util.h"
19 #include "net/test/test_data_directory.h"
20 #include "net/test/test_with_task_environment.h"
21 #include "testing/gtest/include/gtest/gtest.h"
22 #include "third_party/boringssl/src/include/openssl/ssl.h"
23 
24 // Must come after all headers that specialize FromJniType() / ToJniType().
25 #include "net/android/net_tests_jni/AndroidKeyStoreTestUtil_jni.h"
26 
27 namespace net {
28 
29 namespace {
30 
31 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava;
32 
ReadTestFile(const char * filename,std::string * pkcs8)33 bool ReadTestFile(const char* filename, std::string* pkcs8) {
34   base::FilePath certs_dir = GetTestCertsDirectory();
35   base::FilePath file_path = certs_dir.AppendASCII(filename);
36   return base::ReadFileToString(file_path, pkcs8);
37 }
38 
39 // Retrieve a JNI local ref from encoded PKCS#8 data.
GetPKCS8PrivateKeyJava(android::PrivateKeyType key_type,const std::string & pkcs8_key)40 ScopedJava GetPKCS8PrivateKeyJava(android::PrivateKeyType key_type,
41                                   const std::string& pkcs8_key) {
42   JNIEnv* env = base::android::AttachCurrentThread();
43   base::android::ScopedJavaLocalRef<jbyteArray> bytes =
44       base::android::ToJavaByteArray(env, pkcs8_key);
45 
46   ScopedJava key(Java_AndroidKeyStoreTestUtil_createPrivateKeyFromPKCS8(
47       env, key_type, bytes));
48 
49   return key;
50 }
51 
52 struct TestKey {
53   const char* name;
54   const char* cert_file;
55   const char* key_file;
56   int type;
57   android::PrivateKeyType android_key_type;
58 };
59 
60 const TestKey kTestKeys[] = {
61     {"RSA", "client_1.pem", "client_1.pk8", EVP_PKEY_RSA,
62      android::PRIVATE_KEY_TYPE_RSA},
63     {"ECDSA_P256", "client_4.pem", "client_4.pk8", EVP_PKEY_EC,
64      android::PRIVATE_KEY_TYPE_ECDSA},
65     {"ECDSA_P384", "client_5.pem", "client_5.pk8", EVP_PKEY_EC,
66      android::PRIVATE_KEY_TYPE_ECDSA},
67     {"ECDSA_P521", "client_6.pem", "client_6.pk8", EVP_PKEY_EC,
68      android::PRIVATE_KEY_TYPE_ECDSA},
69 };
70 
TestKeyToString(const testing::TestParamInfo<TestKey> & params)71 std::string TestKeyToString(const testing::TestParamInfo<TestKey>& params) {
72   return params.param.name;
73 }
74 
75 }  // namespace
76 
77 class SSLPlatformKeyAndroidTest : public testing::TestWithParam<TestKey>,
78                                   public WithTaskEnvironment {};
79 
TEST_P(SSLPlatformKeyAndroidTest,Matches)80 TEST_P(SSLPlatformKeyAndroidTest, Matches) {
81   const TestKey& test_key = GetParam();
82 
83   scoped_refptr<X509Certificate> cert =
84       ImportCertFromFile(GetTestCertsDirectory(), test_key.cert_file);
85   ASSERT_TRUE(cert);
86 
87   std::string key_bytes;
88   ASSERT_TRUE(ReadTestFile(test_key.key_file, &key_bytes));
89   ScopedJava java_key =
90       GetPKCS8PrivateKeyJava(test_key.android_key_type, key_bytes);
91   ASSERT_FALSE(java_key.is_null());
92 
93   scoped_refptr<SSLPrivateKey> key = WrapJavaPrivateKey(cert.get(), java_key);
94   ASSERT_TRUE(key);
95 
96   EXPECT_EQ(SSLPrivateKey::DefaultAlgorithmPreferences(test_key.type,
97                                                        true /* supports_pss */),
98             key->GetAlgorithmPreferences());
99 
100   TestSSLPrivateKeyMatches(key.get(), key_bytes);
101 }
102 
103 INSTANTIATE_TEST_SUITE_P(All,
104                          SSLPlatformKeyAndroidTest,
105                          testing::ValuesIn(kTestKeys),
106                          TestKeyToString);
107 
TEST(SSLPlatformKeyAndroidSigAlgTest,SignatureAlgorithmsToJavaKeyTypes)108 TEST(SSLPlatformKeyAndroidSigAlgTest, SignatureAlgorithmsToJavaKeyTypes) {
109   const struct {
110     std::vector<uint16_t> algorithms;
111     std::vector<std::string> expected_key_types;
112   } kTests[] = {
113       {{SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_RSA_PSS_RSAE_SHA384,
114         SSL_SIGN_ECDSA_SECP256R1_SHA256, SSL_SIGN_RSA_PKCS1_SHA512,
115         SSL_SIGN_ED25519},
116        {"RSA", "EC"}},
117       {{SSL_SIGN_RSA_PSS_RSAE_SHA256}, {"RSA"}},
118       {{SSL_SIGN_RSA_PKCS1_SHA256}, {"RSA"}},
119       {{SSL_SIGN_ECDSA_SECP256R1_SHA256}, {"EC"}},
120       {{SSL_SIGN_ECDSA_SECP384R1_SHA384}, {"EC"}},
121       // Android doesn't document a Java key type corresponding to Ed25519, so
122       // for now we ignore it.
123       {{SSL_SIGN_ED25519}, {}},
124       // Unknown algorithm.
125       {{0xffff}, {}},
126       // Test the empty list.
127       {{}, {}},
128   };
129   for (const auto& t : kTests) {
130     EXPECT_EQ(SignatureAlgorithmsToJavaKeyTypes(t.algorithms),
131               t.expected_key_types);
132   }
133 }
134 
135 }  // namespace net
136