1//
2// Copyright (C) 2012 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8//      http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17#include "update_engine/common/certificate_checker.h"
18
19#include <string>
20
21#include <base/strings/string_util.h>
22#include <base/strings/stringprintf.h>
23#include <gmock/gmock.h>
24#include <gtest/gtest.h>
25
26#include "update_engine/common/constants.h"
27#include "update_engine/common/mock_certificate_checker.h"
28#include "update_engine/common/mock_prefs.h"
29
30using ::testing::DoAll;
31using ::testing::Return;
32using ::testing::SetArgumentPointee;
33using ::testing::SetArrayArgument;
34using ::testing::_;
35using std::string;
36
37namespace chromeos_update_engine {
38
39class MockCertificateCheckObserver : public CertificateChecker::Observer {
40 public:
41  MOCK_METHOD2(CertificateChecked,
42               void(ServerToCheck server_to_check,
43                    CertificateCheckResult result));
44};
45
46class CertificateCheckerTest : public testing::Test {
47 protected:
48  void SetUp() override {
49    cert_key_ = base::StringPrintf("%s-%d-%d",
50                                   cert_key_prefix_.c_str(),
51                                   static_cast<int>(server_to_check_),
52                                   depth_);
53    cert_checker.Init();
54    cert_checker.SetObserver(&observer_);
55  }
56
57  void TearDown() override {
58    cert_checker.SetObserver(nullptr);
59  }
60
61  MockPrefs prefs_;
62  MockOpenSSLWrapper openssl_wrapper_;
63  // Parameters of our mock certificate digest.
64  int depth_{0};
65  unsigned int length_{4};
66  uint8_t digest_[4]{0x17, 0x7D, 0x07, 0x5F};
67  string digest_hex_{"177D075F"};
68  string diff_digest_hex_{"1234ABCD"};
69  string cert_key_prefix_{kPrefsUpdateServerCertificate};
70  ServerToCheck server_to_check_{ServerToCheck::kUpdate};
71  string cert_key_;
72
73  testing::StrictMock<MockCertificateCheckObserver> observer_;
74  CertificateChecker cert_checker{&prefs_, &openssl_wrapper_};
75};
76
77// check certificate change, new
78TEST_F(CertificateCheckerTest, NewCertificate) {
79  EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
80      .WillOnce(DoAll(
81          SetArgumentPointee<1>(depth_),
82          SetArgumentPointee<2>(length_),
83          SetArrayArgument<3>(digest_, digest_ + 4),
84          Return(true)));
85  EXPECT_CALL(prefs_, GetString(cert_key_, _)).WillOnce(Return(false));
86  EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
87  EXPECT_CALL(observer_,
88              CertificateChecked(server_to_check_,
89                                 CertificateCheckResult::kValid));
90  ASSERT_TRUE(
91      cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
92}
93
94// check certificate change, unchanged
95TEST_F(CertificateCheckerTest, SameCertificate) {
96  EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
97      .WillOnce(DoAll(
98          SetArgumentPointee<1>(depth_),
99          SetArgumentPointee<2>(length_),
100          SetArrayArgument<3>(digest_, digest_ + 4),
101          Return(true)));
102  EXPECT_CALL(prefs_, GetString(cert_key_, _))
103      .WillOnce(DoAll(SetArgumentPointee<1>(digest_hex_), Return(true)));
104  EXPECT_CALL(prefs_, SetString(_, _)).Times(0);
105  EXPECT_CALL(observer_,
106              CertificateChecked(server_to_check_,
107                                 CertificateCheckResult::kValid));
108  ASSERT_TRUE(
109      cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
110}
111
112// check certificate change, changed
113TEST_F(CertificateCheckerTest, ChangedCertificate) {
114  EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
115      .WillOnce(DoAll(
116          SetArgumentPointee<1>(depth_),
117          SetArgumentPointee<2>(length_),
118          SetArrayArgument<3>(digest_, digest_ + 4),
119          Return(true)));
120  EXPECT_CALL(prefs_, GetString(cert_key_, _))
121      .WillOnce(DoAll(SetArgumentPointee<1>(diff_digest_hex_), Return(true)));
122  EXPECT_CALL(observer_,
123              CertificateChecked(server_to_check_,
124                                 CertificateCheckResult::kValidChanged));
125  EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
126  ASSERT_TRUE(
127      cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
128}
129
130// check certificate change, failed
131TEST_F(CertificateCheckerTest, FailedCertificate) {
132  EXPECT_CALL(observer_, CertificateChecked(server_to_check_,
133                                            CertificateCheckResult::kFailed));
134  EXPECT_CALL(prefs_, GetString(_, _)).Times(0);
135  EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(_, _, _, _)).Times(0);
136  ASSERT_FALSE(
137      cert_checker.CheckCertificateChange(0, nullptr, server_to_check_));
138}
139
140}  // namespace chromeos_update_engine
141