src/third_party/libjingle/source/talk/base/sslidentity_unittest.cc

   1 /*
   2  * libjingle
   3  * Copyright 2011, Google Inc.
   4  * Portions Copyright 2011, RTFM, Inc.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions are met:
   8  *
   9  *  1. Redistributions of source code must retain the above copyright notice,
  10  *     this list of conditions and the following disclaimer.
  11  *  2. Redistributions in binary form must reproduce the above copyright notice,
  12  *     this list of conditions and the following disclaimer in the documentation
  13  *     and/or other materials provided with the distribution.
  14  *  3. The name of the author may not be used to endorse or promote products
  15  *     derived from this software without specific prior written permission.
  16  *
  17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
  18  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
  20  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  21  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  22  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  23  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  24  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  25  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  26  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  27  */
  28
  29 #include <string>
  30
  31 #include "talk/base/gunit.h"
  32 #include "talk/base/ssladapter.h"
  33 #include "talk/base/sslidentity.h"
  34
  35 using talk_base::SSLIdentity;
  36
  37 const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n"
  38     "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n"
  39     "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n"
  40     "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n"
  41     "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n"
  42     "A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl\n"
  43     "cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP\n"
  44     "Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//\n"
  45     "Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4\n"
  46     "GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM\n"
  47     "k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz\n"
  48     "itAE+OjGF+PFKbwX8Q==\n"
  49     "-----END CERTIFICATE-----\n";
  50
  51 const unsigned char kTestCertSha1[] = {0xA6, 0xC8, 0x59, 0xEA,
  52                                        0xC3, 0x7E, 0x6D, 0x33,
  53                                        0xCF, 0xE2, 0x69, 0x9D,
  54                                        0x74, 0xE6, 0xF6, 0x8A,
  55                                        0x9E, 0x47, 0xA7, 0xCA};
  56
  57 class SSLIdentityTest : public testing::Test {
  58  public:
  59   SSLIdentityTest() :
  60       identity1_(), identity2_() {
  61   }
  62
  63   ~SSLIdentityTest() {
  64   }
  65
  66   static void SetUpTestCase() {
  67     talk_base::InitializeSSL();
  68   }
  69
  70   static void TearDownTestCase() {
  71     talk_base::CleanupSSL();
  72   }
  73
  74   virtual void SetUp() {
  75     identity1_.reset(SSLIdentity::Generate("test1"));
  76     identity2_.reset(SSLIdentity::Generate("test2"));
  77
  78     ASSERT_TRUE(identity1_);
  79     ASSERT_TRUE(identity2_);
  80
  81     test_cert_.reset(
  82         talk_base::SSLCertificate::FromPEMString(kTestCertificate));
  83     ASSERT_TRUE(test_cert_);
  84   }
  85
  86   void TestGetSignatureDigestAlgorithm() {
  87     std::string digest_algorithm;
  88     // Both NSSIdentity::Generate and OpenSSLIdentity::Generate are
  89     // hard-coded to generate RSA-SHA1 certificates.
  90     ASSERT_TRUE(identity1_->certificate().GetSignatureDigestAlgorithm(
  91         &digest_algorithm));
  92     ASSERT_EQ(talk_base::DIGEST_SHA_1, digest_algorithm);
  93     ASSERT_TRUE(identity2_->certificate().GetSignatureDigestAlgorithm(
  94         &digest_algorithm));
  95     ASSERT_EQ(talk_base::DIGEST_SHA_1, digest_algorithm);
  96
  97     // The test certificate has an MD5-based signature.
  98     ASSERT_TRUE(test_cert_->GetSignatureDigestAlgorithm(&digest_algorithm));
  99     ASSERT_EQ(talk_base::DIGEST_MD5, digest_algorithm);
 100   }
 101
 102   void TestDigest(const std::string &algorithm, size_t expected_len,
 103                   const unsigned char *expected_digest = NULL) {
 104     unsigned char digest1[64];
 105     unsigned char digest1b[64];
 106     unsigned char digest2[64];
 107     size_t digest1_len;
 108     size_t digest1b_len;
 109     size_t digest2_len;
 110     bool rv;
 111
 112     rv = identity1_->certificate().ComputeDigest(algorithm,
 113                                                  digest1, sizeof(digest1),
 114                                                  &digest1_len);
 115     EXPECT_TRUE(rv);
 116     EXPECT_EQ(expected_len, digest1_len);
 117
 118     rv = identity1_->certificate().ComputeDigest(algorithm,
 119                                                  digest1b, sizeof(digest1b),
 120                                                  &digest1b_len);
 121     EXPECT_TRUE(rv);
 122     EXPECT_EQ(expected_len, digest1b_len);
 123     EXPECT_EQ(0, memcmp(digest1, digest1b, expected_len));
 124
 125
 126     rv = identity2_->certificate().ComputeDigest(algorithm,
 127                                                  digest2, sizeof(digest2),
 128                                                  &digest2_len);
 129     EXPECT_TRUE(rv);
 130     EXPECT_EQ(expected_len, digest2_len);
 131     EXPECT_NE(0, memcmp(digest1, digest2, expected_len));
 132
 133     // If we have an expected hash for the test cert, check it.
 134     if (expected_digest) {
 135       unsigned char digest3[64];
 136       size_t digest3_len;
 137
 138       rv = test_cert_->ComputeDigest(algorithm, digest3, sizeof(digest3),
 139                                     &digest3_len);
 140       EXPECT_TRUE(rv);
 141       EXPECT_EQ(expected_len, digest3_len);
 142       EXPECT_EQ(0, memcmp(digest3, expected_digest, expected_len));
 143     }
 144   }
 145
 146  private:
 147   talk_base::scoped_ptr<SSLIdentity> identity1_;
 148   talk_base::scoped_ptr<SSLIdentity> identity2_;
 149   talk_base::scoped_ptr<talk_base::SSLCertificate> test_cert_;
 150 };
 151
 152 TEST_F(SSLIdentityTest, DigestSHA1) {
 153   TestDigest(talk_base::DIGEST_SHA_1, 20, kTestCertSha1);
 154 }
 155
 156 // HASH_AlgSHA224 is not supported in the chromium linux build.
 157 #if SSL_USE_NSS
 158 TEST_F(SSLIdentityTest, DISABLED_DigestSHA224) {
 159 #else
 160 TEST_F(SSLIdentityTest, DigestSHA224) {
 161 #endif
 162   TestDigest(talk_base::DIGEST_SHA_224, 28);
 163 }
 164
 165 TEST_F(SSLIdentityTest, DigestSHA256) {
 166   TestDigest(talk_base::DIGEST_SHA_256, 32);
 167 }
 168
 169 TEST_F(SSLIdentityTest, DigestSHA384) {
 170   TestDigest(talk_base::DIGEST_SHA_384, 48);
 171 }
 172
 173 TEST_F(SSLIdentityTest, DigestSHA512) {
 174   TestDigest(talk_base::DIGEST_SHA_512, 64);
 175 }
 176
 177 TEST_F(SSLIdentityTest, FromPEMStrings) {
 178   static const char kRSA_PRIVATE_KEY_PEM[] =
 179       "-----BEGIN RSA PRIVATE KEY-----\n"
 180       "MIICXQIBAAKBgQDCueE4a9hDMZ3sbVZdlXOz9ZA+cvzie3zJ9gXnT/BCt9P4b9HE\n"
 181       "vD/tr73YBqD3Wr5ZWScmyGYF9EMn0r3rzBxv6oooLU5TdUvOm4rzUjkCLQaQML8o\n"
 182       "NxXq+qW/j3zUKGikLhaaAl/amaX2zSWUsRQ1CpngQ3+tmDNH4/25TncNmQIDAQAB\n"
 183       "AoGAUcuU0Id0k10fMjYHZk4mCPzot2LD2Tr4Aznl5vFMQipHzv7hhZtx2xzMSRcX\n"
 184       "vG+Qr6VkbcUWHgApyWubvZXCh3+N7Vo2aYdMAQ8XqmFpBdIrL5CVdVfqFfEMlgEy\n"
 185       "LSZNG5klnrIfl3c7zQVovLr4eMqyl2oGfAqPQz75+fecv1UCQQD6wNHch9NbAG1q\n"
 186       "yuFEhMARB6gDXb+5SdzFjjtTWW5uJfm4DcZLoYyaIZm0uxOwsUKd0Rsma+oGitS1\n"
 187       "CXmuqfpPAkEAxszyN3vIdpD44SREEtyKZBMNOk5pEIIGdbeMJC5/XHvpxww9xkoC\n"
 188       "+39NbvUZYd54uT+rafbx4QZKc0h9xA/HlwJBAL37lYVWy4XpPv1olWCKi9LbUCqs\n"
 189       "vvQtyD1N1BkEayy9TQRsO09WKOcmigRqsTJwOx7DLaTgokEuspYvhagWVPUCQE/y\n"
 190       "0+YkTbYBD1Xbs9SyBKXCU6uDJRWSdO6aZi2W1XloC9gUwDMiSJjD1Wwt/YsyYPJ+\n"
 191       "/Hyc5yFL2l0KZimW/vkCQQCjuZ/lPcH46EuzhdbRfumDOG5N3ld7UhGI1TIRy17W\n"
 192       "dGF90cG33/L6BfS8Ll+fkkW/2AMRk8FDvF4CZi2nfW4L\n"
 193       "-----END RSA PRIVATE KEY-----\n";
 194
 195   static const char kCERT_PEM[] =
 196       "-----BEGIN CERTIFICATE-----\n"
 197       "MIIBmTCCAQICCQCPNJORW/M13DANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZ3\n"
 198       "ZWJydGMwHhcNMTMwNjE0MjIzMDAxWhcNMTQwNjE0MjIzMDAxWjARMQ8wDQYDVQQD\n"
 199       "DAZ3ZWJydGMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMK54Thr2EMxnext\n"
 200       "Vl2Vc7P1kD5y/OJ7fMn2BedP8EK30/hv0cS8P+2vvdgGoPdavllZJybIZgX0QyfS\n"
 201       "vevMHG/qiigtTlN1S86bivNSOQItBpAwvyg3Fer6pb+PfNQoaKQuFpoCX9qZpfbN\n"
 202       "JZSxFDUKmeBDf62YM0fj/blOdw2ZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAECMt\n"
 203       "UZb35H8TnjGx4XPzco/kbnurMLFFWcuve/DwTsuf10Ia9N4md8LY0UtgIgtyNqWc\n"
 204       "ZwyRMwxONF6ty3wcaIiPbGqiAa55T3YRuPibkRmck9CjrmM9JAtyvqHnpHd2TsBD\n"
 205       "qCV42aXS3onOXDQ1ibuWq0fr0//aj0wo4KV474c=\n"
 206       "-----END CERTIFICATE-----\n";
 207
 208   talk_base::scoped_ptr<SSLIdentity> identity(
 209       SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kCERT_PEM));
 210   EXPECT_TRUE(identity);
 211   EXPECT_EQ(kCERT_PEM, identity->certificate().ToPEMString());
 212 }
 213
 214 TEST_F(SSLIdentityTest, PemDerConversion) {
 215   std::string der;
 216   EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der));
 217
 218   EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem(
 219       "CERTIFICATE",
 220       reinterpret_cast<const unsigned char*>(der.data()), der.length()));
 221 }
 222
 223 TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) {
 224   TestGetSignatureDigestAlgorithm();
 225 }