diff options
| author | Valerii <vmalkov@luxoft.com> | 2018-03-22 19:36:57 +0200 |
|---|---|---|
| committer | Andrii Kalinich <AKalinich@luxoft.com> | 2018-06-18 20:18:46 +0300 |
| commit | a7eba255dff0581da32e682a585ae833559a4082 (patch) | |
| tree | dc635387a9def0eca214029627a1b86dfdc59024 | |
| parent | 361ffc4e5a2c1a081143cd7979fa7984c4158449 (diff) | |
| download | sdl_core-a7eba255dff0581da32e682a585ae833559a4082.tar.gz | |
Add UT for DTLS
- Correct initialization crypto manager with different protocols
- Handshake without protocol verification
- Handshake with CA verification only server side
- Handshake with CA verification only client side
- Handshake with CA verification both sides
- Handshake client side fail with certificate not signed error
- Handshake client side fail with certificate is expired error
- Handshake fail with application name and application ID are not valid
- Reset connection without verification
- Reset connection with verification both sides
- Test with correct protocol
- Test with uncorrect protocol
4 files changed, 91 insertions, 63 deletions
diff --git a/src/components/hmi_message_handler/src/websocket_session.cc b/src/components/hmi_message_handler/src/websocket_session.cc index 26f15695c9..a148f48661 100644 --- a/src/components/hmi_message_handler/src/websocket_session.cc +++ b/src/components/hmi_message_handler/src/websocket_session.cc @@ -319,4 +319,4 @@ void WebsocketSession::LoopThreadDelegate::SetShutdown() { message_queue_.Shutdown(); } } -}
\ No newline at end of file +} diff --git a/src/components/security_manager/test/crypto_manager_impl_test.cc b/src/components/security_manager/test/crypto_manager_impl_test.cc index ddc1bb67c5..46429ea0e9 100644 --- a/src/components/security_manager/test/crypto_manager_impl_test.cc +++ b/src/components/security_manager/test/crypto_manager_impl_test.cc @@ -128,6 +128,7 @@ class CryptoManagerTest : public testing::Test { std::vector<int> forced_protected_services_; std::vector<int> forced_unprotected_services_; }; + std::string CryptoManagerTest::certificate_data_base64_; TEST_F(CryptoManagerTest, UsingBeforeInit) { @@ -189,10 +190,18 @@ TEST_F(CryptoManagerTest, CorrectInit) { security_manager::CLIENT, security_manager::TLSv1_1, kFordCipher); EXPECT_TRUE(crypto_manager_->Init()); + SetInitialValues( + security_manager::CLIENT, security_manager::DTLSv1, kFordCipher); + EXPECT_TRUE(crypto_manager_->Init()); + // Cipher value SetInitialValues( security_manager::SERVER, security_manager::TLSv1_2, kAllCiphers); EXPECT_TRUE(crypto_manager_->Init()); + + SetInitialValues( + security_manager::SERVER, security_manager::DTLSv1, kAllCiphers); + EXPECT_TRUE(crypto_manager_->Init()); } // #endif // __QNX__ diff --git a/src/components/security_manager/test/ssl_certificate_handshake_test.cc b/src/components/security_manager/test/ssl_certificate_handshake_test.cc index 139c772cf2..2423ab00b7 100644 --- a/src/components/security_manager/test/ssl_certificate_handshake_test.cc +++ b/src/components/security_manager/test/ssl_certificate_handshake_test.cc @@ -67,8 +67,16 @@ const bool verify_peer = true; const bool skip_peer_verification = false; } // namespace +struct Protocol { + security_manager::Protocol server_protocol; + security_manager::Protocol client_protocol; -class SSLHandshakeTest : public testing::Test { + Protocol(security_manager::Protocol s_protocol, + security_manager::Protocol c_protocol) + : server_protocol(s_protocol), client_protocol(c_protocol) {} +}; + +class SSLHandshakeTest : public testing::TestWithParam<Protocol> { protected: void SetUp() OVERRIDE { mock_server_manager_settings_ = new testing::NiceMock< @@ -349,15 +357,24 @@ class SSLHandshakeTest : public testing::Test { const std::vector<int> forced_unprotected_service_; }; -TEST_F(SSLHandshakeTest, NoVerification) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +INSTANTIATE_TEST_CASE_P( + CorrectProtocol, + SSLHandshakeTest, + ::testing::Values( + Protocol(security_manager::TLSv1, security_manager::TLSv1), + Protocol(security_manager::TLSv1_1, security_manager::TLSv1_1), + Protocol(security_manager::TLSv1_2, security_manager::TLSv1_2), + Protocol(security_manager::DTLSv1, security_manager::DTLSv1))); + +TEST_P(SSLHandshakeTest, NoVerification) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", skip_peer_verification, "")) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, @@ -367,14 +384,14 @@ TEST_F(SSLHandshakeTest, NoVerification) { GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_ServerSide) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_ServerSide) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, @@ -384,11 +401,11 @@ TEST_F(SSLHandshakeTest, CAVerification_ServerSide) { GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_ServerSide_NoCACertificate) { +TEST_P(SSLHandshakeTest, CAVerification_ServerSide_NoCACertificate) { ASSERT_TRUE(InitServerManagers( - security_manager::TLSv1_2, "", "ALL", verify_peer, "unex")) + GetParam().server_protocol, "", "ALL", verify_peer, "unex")) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, @@ -396,7 +413,7 @@ TEST_F(SSLHandshakeTest, CAVerification_ServerSide_NoCACertificate) { << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_ServerSideFail()); - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, @@ -408,31 +425,14 @@ TEST_F(SSLHandshakeTest, CAVerification_ServerSide_NoCACertificate) { GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_ClientSide) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, - server_certificate, - "ALL", - verify_peer, - client_ca_cert_filename)) - << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, - client_certificate, - "ALL", - verify_peer, - server_ca_cert_filename)) - << client_manager_->LastError(); - - GTEST_TRACE(HandshakeProcedure_Success()); -} - -TEST_F(SSLHandshakeTest, CAVerification_ClientSide_NoCACertificate) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_ClientSide_NoCACertificate) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", skip_peer_verification, "")) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, "", "ALL", verify_peer, @@ -442,7 +442,7 @@ TEST_F(SSLHandshakeTest, CAVerification_ClientSide_NoCACertificate) { GTEST_TRACE(HandshakeProcedure_ClientSideFail( security_manager::SSLContext::Handshake_Result_Fail)); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, @@ -454,14 +454,14 @@ TEST_F(SSLHandshakeTest, CAVerification_ClientSide_NoCACertificate) { GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_BothSides) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_BothSides) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, @@ -471,14 +471,14 @@ TEST_F(SSLHandshakeTest, CAVerification_BothSides) { GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, UnsignedCert) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, UnsignedCert) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_unsigned_cert_file, "ALL", skip_peer_verification, "")) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, @@ -488,14 +488,14 @@ TEST_F(SSLHandshakeTest, UnsignedCert) { security_manager::SSLContext::Handshake_Result_CertNotSigned)); } -TEST_F(SSLHandshakeTest, ExpiredCert) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, ExpiredCert) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_expired_cert_file, "ALL", verify_peer, client_ca_cert_filename)) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, @@ -506,14 +506,14 @@ TEST_F(SSLHandshakeTest, ExpiredCert) { security_manager::SSLContext::Handshake_Result_CertExpired)); } -TEST_F(SSLHandshakeTest, AppNameAndAppIDInvalid) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, AppNameAndAppIDInvalid) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, @@ -538,14 +538,14 @@ TEST_F(SSLHandshakeTest, AppNameAndAppIDInvalid) { security_manager::SSLContext::Handshake_Result_AppIDMismatch)); } -TEST_F(SSLHandshakeTest, NoVerification_ResetConnection) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, NoVerification_ResetConnection) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", skip_peer_verification, "")) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, @@ -562,14 +562,14 @@ TEST_F(SSLHandshakeTest, NoVerification_ResetConnection) { } } -TEST_F(SSLHandshakeTest, CAVerification_BothSides_ResetConnection) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_BothSides_ResetConnection) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) << server_manager_->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, @@ -585,7 +585,6 @@ TEST_F(SSLHandshakeTest, CAVerification_BothSides_ResetConnection) { GTEST_TRACE(ResetConnections()); } } - // TODO(EZamakhov): add fail tests -broken or not full ca certificate chain } // namespace ssl_handshake_test diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index 6082a1b62b..7a4a9c3a87 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -261,12 +261,13 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { client_ctx_ = client_manager_->CreateSSLContext(); using custom_str::CustomString; - security_manager::SSLContext::HandshakeContext ctx(CustomString("SPT"), - CustomString("client")); - server_ctx_->SetHandshakeContext(ctx); - ctx.expected_cn = "server"; - client_ctx_->SetHandshakeContext(ctx); + server_ctx_->SetHandshakeContext( + security_manager::SSLContext::HandshakeContext(CustomString("SPT"), + CustomString("client"))); + client_ctx_->SetHandshakeContext( + security_manager::SSLContext::HandshakeContext(CustomString("SPT"), + CustomString("server"))); kServerBuf = NULL; kClientBuf = NULL; @@ -341,7 +342,7 @@ class SSLTestForTLS1_2 : public SSLTestParam {}; INSTANTIATE_TEST_CASE_P( CorrectProtocolAndCiphers, SSLTestParam, - ::testing::Values(ProtocolAndCipher(security_manager::TLSv1, + ::testing::Values(ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1, kFordCipher, kFordCipher), @@ -354,14 +355,13 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::SSLv3, security_manager::SSLv3, kFordCipher, - kFordCipher) + kFordCipher) #endif - , - ProtocolAndCipher(security_manager::DTLSv1, + , + ProtocolAndCipher(security_manager::DTLSv1, security_manager::DTLSv1, kFordCipher, kFordCipher))); - )); INSTANTIATE_TEST_CASE_P( IncorrectProtocolAndCiphers, @@ -392,6 +392,22 @@ INSTANTIATE_TEST_CASE_P( security_manager::SSLv3, kFordCipher, kFordCipher), + ProtocolAndCipher(security_manager::TLSv1, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::DTLSv1, + security_manager::TLSv1_1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_2, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_1, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::SSLv3, kFordCipher, @@ -410,6 +426,7 @@ INSTANTIATE_TEST_CASE_P( TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); + ASSERT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); // Broke 3 bytes for get abnormal fail of handshake @@ -575,9 +592,12 @@ TEST_P(SSLTestForTLS1_2, HandshakeFailed) { client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); EXPECT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); + ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, server_ctx_->DoHandshakeStep( - kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); + kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)) + << ERR_reason_error_string(ERR_get_error()); + EXPECT_TRUE(NULL == kServerBuf); EXPECT_EQ(0u, server_buf_len); |