Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / 97077a3ab27259164eb121034b6e0ebe9ba592df / . / talk / base / sslidentity_unittest.cc
blob: b63b8b9d439b9caf8ec7d94a391f1a9c4b59ba3f [file] [log] [blame]
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]1/*
2 * libjingle
3 * Copyright 2011, Google Inc.
4 * Portions Copyright 2011, RTFM, Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
20 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
23 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
24 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
26 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29#include <string>
30
31#include "talk/base/gunit.h"
32#include "talk/base/ssladapter.h"
33#include "talk/base/sslidentity.h"
34
wu@webrtc.org91053e72013-08-10 07:18:04 +0000[diff] [blame]35using talk_base::SSLIdentity;
36
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]37const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n"
38 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n"
39 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n"
40 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n"
41 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n"
42 "A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl\n"
43 "cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP\n"
44 "Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//\n"
45 "Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4\n"
46 "GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM\n"
47 "k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz\n"
48 "itAE+OjGF+PFKbwX8Q==\n"
49 "-----END CERTIFICATE-----\n";
50
51const unsigned char kTestCertSha1[] = {0xA6, 0xC8, 0x59, 0xEA,
52 0xC3, 0x7E, 0x6D, 0x33,
53 0xCF, 0xE2, 0x69, 0x9D,
54 0x74, 0xE6, 0xF6, 0x8A,
55 0x9E, 0x47, 0xA7, 0xCA};
56
57class SSLIdentityTest : public testing::Test {
58 public:
59 SSLIdentityTest() :
wu@webrtc.org97077a32013-10-25 21:18:33 +0000[diff] [blame^]60 identity1_(), identity2_() {
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]61 }
62
63 ~SSLIdentityTest() {
64 }
65
66 static void SetUpTestCase() {
67 talk_base::InitializeSSL();
68 }
69
henrike@webrtc.org1e09a712013-07-26 19:17:59 +0000[diff] [blame]70 static void TearDownTestCase() {
71 talk_base::CleanupSSL();
72 }
73
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]74 virtual void SetUp() {
wu@webrtc.org91053e72013-08-10 07:18:04 +0000[diff] [blame]75 identity1_.reset(SSLIdentity::Generate("test1"));
76 identity2_.reset(SSLIdentity::Generate("test2"));
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]77
78 ASSERT_TRUE(identity1_);
79 ASSERT_TRUE(identity2_);
80
81 test_cert_.reset(
82 talk_base::SSLCertificate::FromPEMString(kTestCertificate));
83 ASSERT_TRUE(test_cert_);
84 }
85
mallinath@webrtc.org19f27e62013-10-13 17:18:27 +0000[diff] [blame]86 void TestGetSignatureDigestAlgorithm() {
87 std::string digest_algorithm;
88 // Both NSSIdentity::Generate and OpenSSLIdentity::Generate are
89 // hard-coded to generate RSA-SHA1 certificates.
90 ASSERT_TRUE(identity1_->certificate().GetSignatureDigestAlgorithm(
91 &digest_algorithm));
92 ASSERT_EQ(talk_base::DIGEST_SHA_1, digest_algorithm);
93 ASSERT_TRUE(identity2_->certificate().GetSignatureDigestAlgorithm(
94 &digest_algorithm));
95 ASSERT_EQ(talk_base::DIGEST_SHA_1, digest_algorithm);
96
97 // The test certificate has an MD5-based signature.
98 ASSERT_TRUE(test_cert_->GetSignatureDigestAlgorithm(&digest_algorithm));
99 ASSERT_EQ(talk_base::DIGEST_MD5, digest_algorithm);
100 }
101
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]102 void TestDigest(const std::string &algorithm, size_t expected_len,
103 const unsigned char *expected_digest = NULL) {
104 unsigned char digest1[64];
105 unsigned char digest1b[64];
106 unsigned char digest2[64];
107 size_t digest1_len;
108 size_t digest1b_len;
109 size_t digest2_len;
110 bool rv;
111
112 rv = identity1_->certificate().ComputeDigest(algorithm,
113 digest1, sizeof(digest1),
114 &digest1_len);
115 EXPECT_TRUE(rv);
116 EXPECT_EQ(expected_len, digest1_len);
117
118 rv = identity1_->certificate().ComputeDigest(algorithm,
119 digest1b, sizeof(digest1b),
120 &digest1b_len);
121 EXPECT_TRUE(rv);
122 EXPECT_EQ(expected_len, digest1b_len);
123 EXPECT_EQ(0, memcmp(digest1, digest1b, expected_len));
124
125
126 rv = identity2_->certificate().ComputeDigest(algorithm,
127 digest2, sizeof(digest2),
128 &digest2_len);
129 EXPECT_TRUE(rv);
130 EXPECT_EQ(expected_len, digest2_len);
131 EXPECT_NE(0, memcmp(digest1, digest2, expected_len));
132
133 // If we have an expected hash for the test cert, check it.
134 if (expected_digest) {
135 unsigned char digest3[64];
136 size_t digest3_len;
137
138 rv = test_cert_->ComputeDigest(algorithm, digest3, sizeof(digest3),
139 &digest3_len);
140 EXPECT_TRUE(rv);
141 EXPECT_EQ(expected_len, digest3_len);
142 EXPECT_EQ(0, memcmp(digest3, expected_digest, expected_len));
143 }
144 }
145
146 private:
wu@webrtc.org91053e72013-08-10 07:18:04 +0000[diff] [blame]147 talk_base::scoped_ptr<SSLIdentity> identity1_;
148 talk_base::scoped_ptr<SSLIdentity> identity2_;
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]149 talk_base::scoped_ptr<talk_base::SSLCertificate> test_cert_;
150};
151
152TEST_F(SSLIdentityTest, DigestSHA1) {
153 TestDigest(talk_base::DIGEST_SHA_1, 20, kTestCertSha1);
154}
155
156// HASH_AlgSHA224 is not supported in the chromium linux build.
157#if SSL_USE_NSS
158TEST_F(SSLIdentityTest, DISABLED_DigestSHA224) {
159#else
160TEST_F(SSLIdentityTest, DigestSHA224) {
161#endif
162 TestDigest(talk_base::DIGEST_SHA_224, 28);
163}
164
165TEST_F(SSLIdentityTest, DigestSHA256) {
166 TestDigest(talk_base::DIGEST_SHA_256, 32);
167}
168
169TEST_F(SSLIdentityTest, DigestSHA384) {
170 TestDigest(talk_base::DIGEST_SHA_384, 48);
171}
172
173TEST_F(SSLIdentityTest, DigestSHA512) {
174 TestDigest(talk_base::DIGEST_SHA_512, 64);
175}
176
177TEST_F(SSLIdentityTest, FromPEMStrings) {
178 static const char kRSA_PRIVATE_KEY_PEM[] =
179 "-----BEGIN RSA PRIVATE KEY-----\n"
180 "MIICXQIBAAKBgQDCueE4a9hDMZ3sbVZdlXOz9ZA+cvzie3zJ9gXnT/BCt9P4b9HE\n"
181 "vD/tr73YBqD3Wr5ZWScmyGYF9EMn0r3rzBxv6oooLU5TdUvOm4rzUjkCLQaQML8o\n"
182 "NxXq+qW/j3zUKGikLhaaAl/amaX2zSWUsRQ1CpngQ3+tmDNH4/25TncNmQIDAQAB\n"
183 "AoGAUcuU0Id0k10fMjYHZk4mCPzot2LD2Tr4Aznl5vFMQipHzv7hhZtx2xzMSRcX\n"
184 "vG+Qr6VkbcUWHgApyWubvZXCh3+N7Vo2aYdMAQ8XqmFpBdIrL5CVdVfqFfEMlgEy\n"
185 "LSZNG5klnrIfl3c7zQVovLr4eMqyl2oGfAqPQz75+fecv1UCQQD6wNHch9NbAG1q\n"
186 "yuFEhMARB6gDXb+5SdzFjjtTWW5uJfm4DcZLoYyaIZm0uxOwsUKd0Rsma+oGitS1\n"
187 "CXmuqfpPAkEAxszyN3vIdpD44SREEtyKZBMNOk5pEIIGdbeMJC5/XHvpxww9xkoC\n"
188 "+39NbvUZYd54uT+rafbx4QZKc0h9xA/HlwJBAL37lYVWy4XpPv1olWCKi9LbUCqs\n"
189 "vvQtyD1N1BkEayy9TQRsO09WKOcmigRqsTJwOx7DLaTgokEuspYvhagWVPUCQE/y\n"
190 "0+YkTbYBD1Xbs9SyBKXCU6uDJRWSdO6aZi2W1XloC9gUwDMiSJjD1Wwt/YsyYPJ+\n"
191 "/Hyc5yFL2l0KZimW/vkCQQCjuZ/lPcH46EuzhdbRfumDOG5N3ld7UhGI1TIRy17W\n"
192 "dGF90cG33/L6BfS8Ll+fkkW/2AMRk8FDvF4CZi2nfW4L\n"
193 "-----END RSA PRIVATE KEY-----\n";
194
195 static const char kCERT_PEM[] =
196 "-----BEGIN CERTIFICATE-----\n"
197 "MIIBmTCCAQICCQCPNJORW/M13DANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZ3\n"
198 "ZWJydGMwHhcNMTMwNjE0MjIzMDAxWhcNMTQwNjE0MjIzMDAxWjARMQ8wDQYDVQQD\n"
199 "DAZ3ZWJydGMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMK54Thr2EMxnext\n"
200 "Vl2Vc7P1kD5y/OJ7fMn2BedP8EK30/hv0cS8P+2vvdgGoPdavllZJybIZgX0QyfS\n"
201 "vevMHG/qiigtTlN1S86bivNSOQItBpAwvyg3Fer6pb+PfNQoaKQuFpoCX9qZpfbN\n"
202 "JZSxFDUKmeBDf62YM0fj/blOdw2ZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAECMt\n"
203 "UZb35H8TnjGx4XPzco/kbnurMLFFWcuve/DwTsuf10Ia9N4md8LY0UtgIgtyNqWc\n"
204 "ZwyRMwxONF6ty3wcaIiPbGqiAa55T3YRuPibkRmck9CjrmM9JAtyvqHnpHd2TsBD\n"
205 "qCV42aXS3onOXDQ1ibuWq0fr0//aj0wo4KV474c=\n"
206 "-----END CERTIFICATE-----\n";
207
wu@webrtc.org91053e72013-08-10 07:18:04 +0000[diff] [blame]208 talk_base::scoped_ptr<SSLIdentity> identity(
209 SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kCERT_PEM));
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]210 EXPECT_TRUE(identity);
211 EXPECT_EQ(kCERT_PEM, identity->certificate().ToPEMString());
212}
wu@webrtc.org91053e72013-08-10 07:18:04 +0000[diff] [blame]213
214TEST_F(SSLIdentityTest, PemDerConversion) {
215 std::string der;
216 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der));
217
218 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem(
219 "CERTIFICATE",
220 reinterpret_cast<const unsigned char*>(der.data()), der.length()));
221}
mallinath@webrtc.org19f27e62013-10-13 17:18:27 +0000[diff] [blame]222
223TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) {
224 TestGetSignatureDigestAlgorithm();
225}