1/* 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11#include <string> 12 13#include "webrtc/base/gunit.h" 14#include "webrtc/base/ssladapter.h" 15#include "webrtc/base/sslidentity.h" 16 17using rtc::SSLIdentity; 18 19const char kTestCertificate[] = "-----BEGIN CERTIFICATE-----\n" 20 "MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV\n" 21 "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD\n" 22 "VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0\n" 23 "MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG\n" 24 "A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl\n" 25 "cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP\n" 26 "Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//\n" 27 "Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4\n" 28 "GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM\n" 29 "k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz\n" 30 "itAE+OjGF+PFKbwX8Q==\n" 31 "-----END CERTIFICATE-----\n"; 32 33const unsigned char kTestCertSha1[] = {0xA6, 0xC8, 0x59, 0xEA, 34 0xC3, 0x7E, 0x6D, 0x33, 35 0xCF, 0xE2, 0x69, 0x9D, 36 0x74, 0xE6, 0xF6, 0x8A, 37 0x9E, 0x47, 0xA7, 0xCA}; 38 39class SSLIdentityTest : public testing::Test { 40 public: 41 SSLIdentityTest() : 42 identity1_(), identity2_() { 43 } 44 45 ~SSLIdentityTest() { 46 } 47 48 static void SetUpTestCase() { 49 rtc::InitializeSSL(); 50 } 51 52 static void TearDownTestCase() { 53 rtc::CleanupSSL(); 54 } 55 56 virtual void SetUp() { 57 identity1_.reset(SSLIdentity::Generate("test1")); 58 identity2_.reset(SSLIdentity::Generate("test2")); 59 60 ASSERT_TRUE(identity1_); 61 ASSERT_TRUE(identity2_); 62 63 test_cert_.reset( 64 rtc::SSLCertificate::FromPEMString(kTestCertificate)); 65 ASSERT_TRUE(test_cert_); 66 } 67 68 void TestGetSignatureDigestAlgorithm() { 69 std::string digest_algorithm; 70 // Both NSSIdentity::Generate and OpenSSLIdentity::Generate are 71 // hard-coded to generate RSA-SHA1 certificates. 72 ASSERT_TRUE(identity1_->certificate().GetSignatureDigestAlgorithm( 73 &digest_algorithm)); 74 ASSERT_EQ(rtc::DIGEST_SHA_1, digest_algorithm); 75 ASSERT_TRUE(identity2_->certificate().GetSignatureDigestAlgorithm( 76 &digest_algorithm)); 77 ASSERT_EQ(rtc::DIGEST_SHA_1, digest_algorithm); 78 79 // The test certificate has an MD5-based signature. 80 ASSERT_TRUE(test_cert_->GetSignatureDigestAlgorithm(&digest_algorithm)); 81 ASSERT_EQ(rtc::DIGEST_MD5, digest_algorithm); 82 } 83 84 void TestDigest(const std::string &algorithm, size_t expected_len, 85 const unsigned char *expected_digest = NULL) { 86 unsigned char digest1[64]; 87 unsigned char digest1b[64]; 88 unsigned char digest2[64]; 89 size_t digest1_len; 90 size_t digest1b_len; 91 size_t digest2_len; 92 bool rv; 93 94 rv = identity1_->certificate().ComputeDigest(algorithm, 95 digest1, sizeof(digest1), 96 &digest1_len); 97 EXPECT_TRUE(rv); 98 EXPECT_EQ(expected_len, digest1_len); 99 100 rv = identity1_->certificate().ComputeDigest(algorithm, 101 digest1b, sizeof(digest1b), 102 &digest1b_len); 103 EXPECT_TRUE(rv); 104 EXPECT_EQ(expected_len, digest1b_len); 105 EXPECT_EQ(0, memcmp(digest1, digest1b, expected_len)); 106 107 108 rv = identity2_->certificate().ComputeDigest(algorithm, 109 digest2, sizeof(digest2), 110 &digest2_len); 111 EXPECT_TRUE(rv); 112 EXPECT_EQ(expected_len, digest2_len); 113 EXPECT_NE(0, memcmp(digest1, digest2, expected_len)); 114 115 // If we have an expected hash for the test cert, check it. 116 if (expected_digest) { 117 unsigned char digest3[64]; 118 size_t digest3_len; 119 120 rv = test_cert_->ComputeDigest(algorithm, digest3, sizeof(digest3), 121 &digest3_len); 122 EXPECT_TRUE(rv); 123 EXPECT_EQ(expected_len, digest3_len); 124 EXPECT_EQ(0, memcmp(digest3, expected_digest, expected_len)); 125 } 126 } 127 128 private: 129 rtc::scoped_ptr<SSLIdentity> identity1_; 130 rtc::scoped_ptr<SSLIdentity> identity2_; 131 rtc::scoped_ptr<rtc::SSLCertificate> test_cert_; 132}; 133 134TEST_F(SSLIdentityTest, DigestSHA1) { 135 TestDigest(rtc::DIGEST_SHA_1, 20, kTestCertSha1); 136} 137 138// HASH_AlgSHA224 is not supported in the chromium linux build. 139#if SSL_USE_NSS 140TEST_F(SSLIdentityTest, DISABLED_DigestSHA224) { 141#else 142TEST_F(SSLIdentityTest, DigestSHA224) { 143#endif 144 TestDigest(rtc::DIGEST_SHA_224, 28); 145} 146 147TEST_F(SSLIdentityTest, DigestSHA256) { 148 TestDigest(rtc::DIGEST_SHA_256, 32); 149} 150 151TEST_F(SSLIdentityTest, DigestSHA384) { 152 TestDigest(rtc::DIGEST_SHA_384, 48); 153} 154 155TEST_F(SSLIdentityTest, DigestSHA512) { 156 TestDigest(rtc::DIGEST_SHA_512, 64); 157} 158 159TEST_F(SSLIdentityTest, FromPEMStrings) { 160 static const char kRSA_PRIVATE_KEY_PEM[] = 161 "-----BEGIN RSA PRIVATE KEY-----\n" 162 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n" 163 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" 164 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" 165 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n" 166 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n" 167 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n" 168 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n" 169 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n" 170 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n" 171 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n" 172 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n" 173 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n" 174 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n" 175 "UCXiYxSsu20QNVw=\n" 176 "-----END RSA PRIVATE KEY-----\n"; 177 178 static const char kCERT_PEM[] = 179 "-----BEGIN CERTIFICATE-----\n" 180 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n" 181 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" 182 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" 183 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" 184 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" 185 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" 186 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" 187 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" 188 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" 189 "-----END CERTIFICATE-----\n"; 190 191 rtc::scoped_ptr<SSLIdentity> identity( 192 SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kCERT_PEM)); 193 EXPECT_TRUE(identity); 194 EXPECT_EQ(kCERT_PEM, identity->certificate().ToPEMString()); 195} 196 197TEST_F(SSLIdentityTest, PemDerConversion) { 198 std::string der; 199 EXPECT_TRUE(SSLIdentity::PemToDer("CERTIFICATE", kTestCertificate, &der)); 200 201 EXPECT_EQ(kTestCertificate, SSLIdentity::DerToPem( 202 "CERTIFICATE", 203 reinterpret_cast<const unsigned char*>(der.data()), der.length())); 204} 205 206TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) { 207 TestGetSignatureDigestAlgorithm(); 208} 209