diff options
author | JackLivio <jack@livio.io> | 2018-06-18 13:48:46 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-18 13:48:46 -0400 |
commit | 9651cdc35c3e62040d4fac996a8638b6eebe4015 (patch) | |
tree | f2e2c014eb287c495f5fe212db7a80f2ee2182e3 | |
parent | 7f4db1878dc618e3d8454d9b70b665bf79fea5ed (diff) | |
parent | e0c354e6bf83ee19db48b264e8878fff2c5427e8 (diff) | |
download | sdl_core-9651cdc35c3e62040d4fac996a8638b6eebe4015.tar.gz |
Merge pull request #2068 from smartdevicelink/feature/dtls_encryption
Feature/dtls encryption
17 files changed, 518 insertions, 344 deletions
diff --git a/src/appMain/smartDeviceLink.ini b/src/appMain/smartDeviceLink.ini index d201a0736e..e128bc1a2e 100644 --- a/src/appMain/smartDeviceLink.ini +++ b/src/appMain/smartDeviceLink.ini @@ -152,7 +152,8 @@ HelpCommand = Help AppInfoStorage = app_info.dat [Security Manager] -Protocol = TLSv1.2 +;Protocol = TLSv1.2 +Protocol = DTLSv1.0 ; Certificate and key path to pem file CertificatePath = mycert.pem KeyPath = mykey.pem diff --git a/src/components/hmi_message_handler/src/websocket_session.cc b/src/components/hmi_message_handler/src/websocket_session.cc index 26f15695c9..a148f48661 100644 --- a/src/components/hmi_message_handler/src/websocket_session.cc +++ b/src/components/hmi_message_handler/src/websocket_session.cc @@ -319,4 +319,4 @@ void WebsocketSession::LoopThreadDelegate::SetShutdown() { message_queue_.Shutdown(); } } -}
\ No newline at end of file +} diff --git a/src/components/include/security_manager/security_manager_settings.h b/src/components/include/security_manager/security_manager_settings.h index c6b97f85cc..f8eaadce3e 100644 --- a/src/components/include/security_manager/security_manager_settings.h +++ b/src/components/include/security_manager/security_manager_settings.h @@ -33,12 +33,16 @@ #ifndef SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_SETTINGS_H_ #define SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_SETTINGS_H_ +#include <stddef.h> +#include <string> +#include <vector> + namespace security_manager { enum Mode { CLIENT, SERVER }; -enum Protocol { SSLv3, TLSv1, TLSv1_1, TLSv1_2 }; +enum Protocol { SSLv3, TLSv1, TLSv1_1, TLSv1_2, DTLSv1 }; /** - * \class ConnectionHandlerSettings - * \brief Interface for connection handler component settings. + * \class CryptoManagerSettings + * \brief Interface for crypto manager component settings. */ class CryptoManagerSettings { public: @@ -52,6 +56,8 @@ class CryptoManagerSettings { virtual const std::string& ca_cert_path() const = 0; virtual size_t update_before_hours() const = 0; virtual size_t maximum_payload_size() const = 0; + virtual const std::vector<int>& force_protected_service() const = 0; + virtual const std::vector<int>& force_unprotected_service() const = 0; }; } // namespace security_manager diff --git a/src/components/include/test/security_manager/mock_security_manager_settings.h b/src/components/include/test/security_manager/mock_security_manager_settings.h index 6ac194ced4..961b5e2ff8 100644 --- a/src/components/include/test/security_manager/mock_security_manager_settings.h +++ b/src/components/include/test/security_manager/mock_security_manager_settings.h @@ -52,6 +52,8 @@ class MockCryptoManagerSettings MOCK_CONST_METHOD0(ca_cert_path, const std::string&()); MOCK_CONST_METHOD0(update_before_hours, size_t()); MOCK_CONST_METHOD0(maximum_payload_size, size_t()); + MOCK_CONST_METHOD0(force_protected_service, const std::vector<int>&()); + MOCK_CONST_METHOD0(force_unprotected_service, const std::vector<int>&()); }; } // namespace security_manager_test diff --git a/src/components/protocol_handler/include/protocol_handler/protocol_packet.h b/src/components/protocol_handler/include/protocol_handler/protocol_packet.h index 1c427533e6..b6c05d4c46 100644 --- a/src/components/protocol_handler/include/protocol_handler/protocol_packet.h +++ b/src/components/protocol_handler/include/protocol_handler/protocol_packet.h @@ -252,6 +252,12 @@ class ProtocolPacket { const size_t messageSize); /** + * @brief Calculates FIRST_FRAME data for further handling of consecutive + * frames + */ + void HandleRawFirstFrameData(const uint8_t* message); + + /** * \brief Getter of protocol version. */ uint8_t protocol_version() const; diff --git a/src/components/protocol_handler/src/multiframe_builder.cc b/src/components/protocol_handler/src/multiframe_builder.cc index 5a1fc6d205..cf8a23ddc1 100644 --- a/src/components/protocol_handler/src/multiframe_builder.cc +++ b/src/components/protocol_handler/src/multiframe_builder.cc @@ -91,6 +91,8 @@ bool MultiFrameBuilder::RemoveConnection(const ConnectionID connection_id) { ProtocolFramePtrList MultiFrameBuilder::PopMultiframes() { LOG4CXX_AUTO_TRACE(logger_); LOG4CXX_DEBUG(logger_, "Current state is: " << multiframes_map_); + LOG4CXX_DEBUG(logger_, + "Current multiframe map size is: " << multiframes_map_.size()); ProtocolFramePtrList outpute_frame_list; for (MultiFrameMap::iterator connection_it = multiframes_map_.begin(); connection_it != multiframes_map_.end(); diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc index e5bacdbf6f..5516af81c1 100644 --- a/src/components/protocol_handler/src/protocol_handler_impl.cc +++ b/src/components/protocol_handler/src/protocol_handler_impl.cc @@ -1425,11 +1425,11 @@ RESULT_CODE ProtocolHandlerImpl::HandleControlMessageStartSession( } #ifdef ENABLE_SECURITY + const uint8_t protocol_version = packet->protocol_version(); const bool protection = - // Protocol version 1 is not support protection - (packet->protocol_version() > PROTOCOL_VERSION_1) - ? packet->protection_flag() - : false; + // Protocol version 1 does not support protection + (protocol_version > PROTOCOL_VERSION_1) ? packet->protection_flag() + : false; #else const bool protection = false; #endif // ENABLE_SECURITY @@ -1712,6 +1712,7 @@ RESULT_CODE ProtocolHandlerImpl::HandleControlMessageHeartBeat( } void ProtocolHandlerImpl::PopValideAndExpirateMultiframes() { + LOG4CXX_AUTO_TRACE(logger_); const ProtocolFramePtrList& frame_list = multiframe_builder_.PopMultiframes(); for (ProtocolFramePtrList::const_iterator it = frame_list.begin(); it != frame_list.end(); @@ -1958,6 +1959,11 @@ RESULT_CODE ProtocolHandlerImpl::DecryptFrame(ProtocolFramePtr packet) { << out_data_size << " bytes"); DCHECK(out_data); DCHECK(out_data_size); + // Special handling for decrypted FIRST_FRAME + if (packet->frame_type() == FRAME_TYPE_FIRST && packet->protection_flag()) { + packet->HandleRawFirstFrameData(out_data); + return RESULT_OK; + } packet->set_data(out_data, out_data_size); return RESULT_OK; } diff --git a/src/components/protocol_handler/src/protocol_packet.cc b/src/components/protocol_handler/src/protocol_packet.cc index ae52849de6..a490916c99 100644 --- a/src/components/protocol_handler/src/protocol_packet.cc +++ b/src/components/protocol_handler/src/protocol_packet.cc @@ -520,6 +520,17 @@ bool ProtocolPacket::operator==(const ProtocolPacket& other) const { return false; } +void ProtocolPacket::HandleRawFirstFrameData(const uint8_t* message) { + LOG4CXX_AUTO_TRACE(logger_); + payload_size_ = 0; + const uint8_t* data = message; + uint32_t total_data_bytes = data[0] << 24; + total_data_bytes |= data[1] << 16; + total_data_bytes |= data[2] << 8; + total_data_bytes |= data[3]; + set_total_data_bytes(total_data_bytes); +} + RESULT_CODE ProtocolPacket::deserializePacket(const uint8_t* message, const size_t messageSize) { LOG4CXX_AUTO_TRACE(logger_); @@ -532,18 +543,15 @@ RESULT_CODE ProtocolPacket::deserializePacket(const uint8_t* message, packet_data_.totalDataBytes = packet_header_.dataSize; uint32_t dataPayloadSize = 0; - if ((offset < messageSize) && packet_header_.frameType != FRAME_TYPE_FIRST) { + if ((offset < messageSize)) { dataPayloadSize = messageSize - offset; } - if (packet_header_.frameType == FRAME_TYPE_FIRST) { + if (packet_header_.frameType == FRAME_TYPE_FIRST && + !packet_header_.protection_flag) { payload_size_ = 0; const uint8_t* data = message + offset; - uint32_t total_data_bytes = data[0] << 24; - total_data_bytes |= data[1] << 16; - total_data_bytes |= data[2] << 8; - total_data_bytes |= data[3]; - set_total_data_bytes(total_data_bytes); + HandleRawFirstFrameData(data); if (0 == packet_data_.data) { return RESULT_FAIL; } @@ -602,6 +610,8 @@ uint8_t* ProtocolPacket::data() const { } void ProtocolPacket::set_total_data_bytes(size_t dataBytes) { + LOG4CXX_AUTO_TRACE(logger_); + LOG4CXX_DEBUG(logger_, "Data bytes : " << dataBytes); if (dataBytes) { delete[] packet_data_.data; packet_data_.data = new (std::nothrow) uint8_t[dataBytes]; diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 228666d22f..be0d102a36 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -151,6 +151,7 @@ class CryptoManagerImpl : public CryptoManager { virtual const CryptoManagerSettings& get_settings() const OVERRIDE; private: + bool AreForceProtectionSettingsCorrect() const; bool set_certificate(const std::string& cert_data); const utils::SharedPtr<const CryptoManagerSettings> settings_; SSL_CTX* context_; diff --git a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h index 1e4699b77a..295a76680f 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h @@ -17,6 +17,7 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings { return profile_.ssl_mode() == "SERVER" ? security_manager::SERVER : security_manager::CLIENT; } + Protocol security_manager_protocol_name() const OVERRIDE { CREATE_LOGGERPTR_LOCAL(logger_, "SecurityManager") @@ -33,33 +34,51 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings { if (protocol_str == "SSLv3") { return security_manager::SSLv3; } + if (protocol_str == "DTLSv1.0") { + return security_manager::DTLSv1; + } + LOG4CXX_ERROR( logger_, "Unknown protocol: " << profile_.security_manager_protocol_name()); return static_cast<security_manager::Protocol>(-1); } + bool verify_peer() const OVERRIDE { return profile_.verify_peer(); } + const std::string& certificate_data() const OVERRIDE { return certificate_data_; } + const std::string& ciphers_list() const OVERRIDE { return profile_.ciphers_list(); } + const std::string& ca_cert_path() const OVERRIDE { return profile_.ca_cert_path(); } + size_t update_before_hours() const OVERRIDE { return profile_.update_before_hours(); } + size_t maximum_payload_size() const OVERRIDE { return profile_.maximum_payload_size(); } + const std::vector<int>& force_protected_service() const { + return profile_.force_protected_service(); + } + + const std::vector<int>& force_unprotected_service() const { + return profile_.force_unprotected_service(); + } + private: const profile::Profile& profile_; const std::string certificate_data_; }; -} +} // namespace security_manager #endif // SRC_COMPONENTS_SECURITY_MANAGER_INCLUDE_SECURITY_MANAGER_CRYPTO_MANAGER_SETTINGS_IMPL_H_ diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 1e1b4ef44a..f5908f8043 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -41,6 +41,7 @@ #include <iostream> #include <stdio.h> #include <ctime> +#include <algorithm> #include "security_manager/security_manager.h" #include "utils/logger.h" @@ -117,10 +118,35 @@ CryptoManagerImpl::~CryptoManagerImpl() { } } +bool CryptoManagerImpl::AreForceProtectionSettingsCorrect() const { + LOG4CXX_AUTO_TRACE(logger_); + const std::vector<int>& forced_unprotected_services = + get_settings().force_unprotected_service(); + const std::vector<int>& forced_protected_services = + get_settings().force_protected_service(); + + for (auto& item : forced_protected_services) { + if (0 == item) { + continue; + } + + if (std::find(forced_unprotected_services.begin(), + forced_unprotected_services.end(), + item) != forced_unprotected_services.end()) { + return false; + } + } + return true; +} + bool CryptoManagerImpl::Init() { LOG4CXX_AUTO_TRACE(logger_); const Mode mode = get_settings().security_manager_mode(); + if (!AreForceProtectionSettingsCorrect()) { + LOG4CXX_DEBUG(logger_, "Force protection settings of ini file are wrong!"); + return false; + } const bool is_server = (mode == SERVER); if (is_server) { LOG4CXX_DEBUG(logger_, "Server mode"); @@ -137,7 +163,7 @@ bool CryptoManagerImpl::Init() { #if OPENSSL_VERSION_NUMBER < CONST_SSL_METHOD_MINIMAL_VERSION SSL_METHOD* method; #else - const SSL_METHOD* method; + const SSL_METHOD* method = NULL; #endif switch (get_settings().security_manager_protocol_name()) { case SSLv3: @@ -145,13 +171,16 @@ bool CryptoManagerImpl::Init() { LOG4CXX_WARN(logger_, "OpenSSL does not support SSL3 protocol"); return false; #else + LOG4CXX_DEBUG(logger_, "SSLv3 is used"); method = is_server ? SSLv3_server_method() : SSLv3_client_method(); break; #endif case TLSv1: + LOG4CXX_DEBUG(logger_, "TLSv1 is used"); method = is_server ? TLSv1_server_method() : TLSv1_client_method(); break; case TLSv1_1: + LOG4CXX_DEBUG(logger_, "TLSv1_1 is used"); #if OPENSSL_VERSION_NUMBER < TLS1_1_MINIMAL_VERSION LOG4CXX_WARN( logger_, @@ -162,6 +191,7 @@ bool CryptoManagerImpl::Init() { #endif break; case TLSv1_2: + LOG4CXX_DEBUG(logger_, "TLSv1_2 is used"); #if OPENSSL_VERSION_NUMBER < TLS1_1_MINIMAL_VERSION LOG4CXX_WARN( logger_, @@ -171,6 +201,10 @@ bool CryptoManagerImpl::Init() { method = is_server ? TLSv1_2_server_method() : TLSv1_2_client_method(); #endif break; + case DTLSv1: + LOG4CXX_DEBUG(logger_, "DTLSv1 is used"); + method = is_server ? DTLSv1_server_method() : DTLSv1_client_method(); + break; default: LOG4CXX_ERROR(logger_, "Unknown protocol: " @@ -243,13 +277,14 @@ bool CryptoManagerImpl::OnCertificateUpdated(const std::string& data) { } SSLContext* CryptoManagerImpl::CreateSSLContext() { - if (context_ == NULL) { + if (NULL == context_) { return NULL; } SSL* conn = SSL_new(context_); - if (conn == NULL) + if (NULL == conn) { return NULL; + } if (get_settings().security_manager_mode() == SERVER) { SSL_set_accept_state(conn); diff --git a/src/components/security_manager/src/security_manager_impl.cc b/src/components/security_manager/src/security_manager_impl.cc index 401491c5dc..1faaddee1c 100644 --- a/src/components/security_manager/src/security_manager_impl.cc +++ b/src/components/security_manager/src/security_manager_impl.cc @@ -154,7 +154,6 @@ security_manager::SSLContext* SecurityManagerImpl::CreateSSLContext( DCHECK(session_observer_); DCHECK(crypto_manager_); - security_manager::SSLContext* ssl_context = NULL; if (kUseExisting == cc_strategy) { security_manager::SSLContext* ssl_context = session_observer_->GetSSLContext(connection_key, @@ -165,7 +164,8 @@ security_manager::SSLContext* SecurityManagerImpl::CreateSSLContext( } } - ssl_context = crypto_manager_->CreateSSLContext(); + security_manager::SSLContext* ssl_context = + crypto_manager_->CreateSSLContext(); if (!ssl_context) { const std::string error_text("CryptoManager could not create SSL context."); LOG4CXX_ERROR(logger_, error_text); diff --git a/src/components/security_manager/src/ssl_context_impl.cc b/src/components/security_manager/src/ssl_context_impl.cc index 75e2c8a4f8..756ec37164 100644 --- a/src/components/security_manager/src/ssl_context_impl.cc +++ b/src/components/security_manager/src/ssl_context_impl.cc @@ -500,25 +500,32 @@ bool CryptoManagerImpl::SSLContextImpl::Decrypt(const uint8_t* const in_data, size_t in_data_size, const uint8_t** const out_data, size_t* out_data_size) { + LOG4CXX_AUTO_TRACE(logger_); sync_primitives::AutoLock locker(bio_locker); if (!SSL_is_init_finished(connection_)) { + LOG4CXX_ERROR(logger_, "SSL initilization is not finished"); return false; } - if (!in_data || !in_data_size) { + if (!in_data || (0 == in_data_size)) { + LOG4CXX_ERROR(logger_, "IN data ptr or IN data size is 0"); return false; } + BIO_write(bioIn_, in_data, in_data_size); int len = BIO_ctrl_pending(bioFilter_); + ptrdiff_t offset = 0; *out_data_size = 0; - while (len) { + *out_data = NULL; + while (len > 0) { EnsureBufferSizeEnough(len + offset); len = BIO_read(bioFilter_, buffer_ + offset, len); // TODO(EZamakhov): investigate BIO_read return 0, -1 and -2 meanings if (len <= 0) { // Reset filter and connection deinitilization instead + LOG4CXX_ERROR(logger_, "Read error occured. Read data lenght : " << len); BIO_ctrl(bioFilter_, BIO_CTRL_RESET, 0, NULL); return false; } diff --git a/src/components/security_manager/test/crypto_manager_impl_test.cc b/src/components/security_manager/test/crypto_manager_impl_test.cc index fb645b175d..46429ea0e9 100644 --- a/src/components/security_manager/test/crypto_manager_impl_test.cc +++ b/src/components/security_manager/test/crypto_manager_impl_test.cc @@ -52,7 +52,8 @@ namespace { const size_t kUpdatesBeforeHour = 24; const std::string kAllCiphers = "ALL"; const std::string kCaCertPath = ""; - +const uint32_t kServiceNumber = 2u; +const size_t kMaxSizeVector = 1u; #ifdef __QNXNTO__ const std::string kFordCipher = SSL3_TXT_RSA_DES_192_CBC3_SHA; #else @@ -89,6 +90,8 @@ class CryptoManagerTest : public testing::Test { utils::MakeShared<MockCryptoManagerSettings>(); crypto_manager_ = utils::MakeShared<CryptoManagerImpl>(mock_security_manager_settings_); + forced_protected_services_.reserve(kMaxSizeVector); + forced_unprotected_services_.reserve(kMaxSizeVector); } void InitSecurityManager() { @@ -101,6 +104,10 @@ class CryptoManagerTest : public testing::Test { void SetInitialValues(security_manager::Mode mode, security_manager::Protocol protocol, const std::string& cipher) { + ON_CALL(*mock_security_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_services_)); + ON_CALL(*mock_security_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_services_)); ON_CALL(*mock_security_manager_settings_, security_manager_mode()) .WillByDefault(Return(mode)); ON_CALL(*mock_security_manager_settings_, security_manager_protocol_name()) @@ -118,7 +125,10 @@ class CryptoManagerTest : public testing::Test { utils::SharedPtr<CryptoManagerImpl> crypto_manager_; utils::SharedPtr<MockCryptoManagerSettings> mock_security_manager_settings_; static std::string certificate_data_base64_; + std::vector<int> forced_protected_services_; + std::vector<int> forced_unprotected_services_; }; + std::string CryptoManagerTest::certificate_data_base64_; TEST_F(CryptoManagerTest, UsingBeforeInit) { @@ -128,21 +138,26 @@ TEST_F(CryptoManagerTest, UsingBeforeInit) { } TEST_F(CryptoManagerTest, WrongInit) { - // We have to cast (-1) to security_manager::Protocol Enum to be accepted by - // crypto_manager_->Init(...) - // Unknown protocol version - security_manager::Protocol UNKNOWN = - static_cast<security_manager::Protocol>(-1); - + forced_protected_services_.push_back(kServiceNumber); + forced_unprotected_services_.push_back(kServiceNumber); EXPECT_CALL(*mock_security_manager_settings_, security_manager_mode()) - .WillRepeatedly(Return(security_manager::SERVER)); - EXPECT_CALL(*mock_security_manager_settings_, - security_manager_protocol_name()).WillOnce(Return(UNKNOWN)); + .WillOnce(Return(security_manager::SERVER)); + EXPECT_CALL(*mock_security_manager_settings_, force_unprotected_service()) + .WillOnce(ReturnRef(forced_unprotected_services_)); + EXPECT_CALL(*mock_security_manager_settings_, force_protected_service()) + .WillOnce(ReturnRef(forced_protected_services_)); EXPECT_FALSE(crypto_manager_->Init()); - + forced_protected_services_.pop_back(); + forced_unprotected_services_.pop_back(); EXPECT_NE(std::string(), crypto_manager_->LastError()); // Unexistent cipher value const std::string invalid_cipher = "INVALID_UNKNOWN_CIPHER"; + EXPECT_CALL(*mock_security_manager_settings_, security_manager_mode()) + .WillOnce(Return(security_manager::SERVER)); + EXPECT_CALL(*mock_security_manager_settings_, force_unprotected_service()) + .WillOnce(ReturnRef(forced_unprotected_services_)); + EXPECT_CALL(*mock_security_manager_settings_, force_protected_service()) + .WillOnce(ReturnRef(forced_protected_services_)); EXPECT_CALL(*mock_security_manager_settings_, security_manager_protocol_name()) .WillOnce(Return(security_manager::TLSv1_2)); @@ -151,7 +166,6 @@ TEST_F(CryptoManagerTest, WrongInit) { EXPECT_CALL(*mock_security_manager_settings_, ciphers_list()) .WillRepeatedly(ReturnRef(invalid_cipher)); EXPECT_FALSE(crypto_manager_->Init()); - EXPECT_NE(std::string(), crypto_manager_->LastError()); } @@ -176,10 +190,18 @@ TEST_F(CryptoManagerTest, CorrectInit) { security_manager::CLIENT, security_manager::TLSv1_1, kFordCipher); EXPECT_TRUE(crypto_manager_->Init()); + SetInitialValues( + security_manager::CLIENT, security_manager::DTLSv1, kFordCipher); + EXPECT_TRUE(crypto_manager_->Init()); + // Cipher value SetInitialValues( security_manager::SERVER, security_manager::TLSv1_2, kAllCiphers); EXPECT_TRUE(crypto_manager_->Init()); + + SetInitialValues( + security_manager::SERVER, security_manager::DTLSv1, kAllCiphers); + EXPECT_TRUE(crypto_manager_->Init()); } // #endif // __QNX__ @@ -198,7 +220,6 @@ TEST_F(CryptoManagerTest, CreateReleaseSSLContext) { EXPECT_CALL(*mock_security_manager_settings_, maximum_payload_size()) .Times(1) .WillRepeatedly(Return(max_payload_size)); - security_manager::SSLContext* context = crypto_manager_->CreateSSLContext(); EXPECT_TRUE(context); EXPECT_NO_THROW(crypto_manager_->ReleaseSSLContext(context)); diff --git a/src/components/security_manager/test/security_manager_test.cc b/src/components/security_manager/test/security_manager_test.cc index 4fe66498ea..3523bb7f44 100644 --- a/src/components/security_manager/test/security_manager_test.cc +++ b/src/components/security_manager/test/security_manager_test.cc @@ -77,11 +77,11 @@ using ::testing::_; namespace { // Sample data for handshake data emulation -const int32_t key = 0x1; -const int32_t seq_number = 0x2; -const ServiceType secureServiceType = kControl; -const uint32_t protocolVersion = PROTOCOL_VERSION_2; -const bool is_final = false; +const int32_t kKey = 0x1; +const int32_t kSeqNumber = 0x2; +const ServiceType kSecureServiceType = kControl; +const uint32_t kProtocolVersion = PROTOCOL_VERSION_2; +const bool kIsFinal = false; const uint8_t handshake_data[] = {0x1, 0x2, 0x3, 0x4, 0x5}; const size_t handshake_data_size = @@ -121,7 +121,7 @@ class SecurityManagerTest : public ::testing::Test { uint32_t dataSize, const ServiceType serviceType) { const RawMessagePtr rawMessagePtr(utils::MakeShared<RawMessage>( - key, protocolVersion, data, dataSize, serviceType)); + kKey, kProtocolVersion, data, dataSize, serviceType)); security_manager_->OnMessageReceived(rawMessagePtr); } /* @@ -152,7 +152,7 @@ class SecurityManagerTest : public ::testing::Test { const int repeat_count = 1) { const SecurityQuery::QueryHeader header(SecurityQuery::NOTIFICATION, SecurityQuery::SEND_HANDSHAKE_DATA, - seq_number); + kSeqNumber); for (int c = 0; c < repeat_count; ++c) { EmulateMobileMessage(header, data, data_size); } @@ -216,9 +216,9 @@ TEST_F(SecurityManagerTest, Listeners_NoListeners) { security_manager_->RemoveListener(&mock_listener2); security_manager_->NotifyListenersOnHandshakeDone( - key, SSLContext::Handshake_Result_Success); + kKey, SSLContext::Handshake_Result_Success); security_manager_->NotifyListenersOnHandshakeDone( - key, SSLContext::Handshake_Result_Fail); + kKey, SSLContext::Handshake_Result_Fail); } /* * Notifying two listeners @@ -235,11 +235,11 @@ TEST_F(SecurityManagerTest, Listeners_Notifying) { const SSLContext::HandshakeResult first_call_value = SSLContext::Handshake_Result_Success; // Expect call both listeners on 1st call - EXPECT_CALL(*mock_listener1, OnHandshakeDone(key, first_call_value)) + EXPECT_CALL(*mock_listener1, OnHandshakeDone(kKey, first_call_value)) . // Emulate false (reject) result WillOnce(Return(false)); - EXPECT_CALL(*mock_listener2, OnHandshakeDone(key, first_call_value)) + EXPECT_CALL(*mock_listener2, OnHandshakeDone(kKey, first_call_value)) . // Emulate true (accept) result WillOnce(Return(true)); @@ -251,7 +251,7 @@ TEST_F(SecurityManagerTest, Listeners_Notifying) { const SSLContext::HandshakeResult second_call_value = SSLContext::Handshake_Result_Fail; // Expect call last listener on 2d call - EXPECT_CALL(*mock_listener1, OnHandshakeDone(key, second_call_value)) + EXPECT_CALL(*mock_listener1, OnHandshakeDone(kKey, second_call_value)) . // Emulate false (reject) result WillOnce(Return(true)); @@ -261,14 +261,14 @@ TEST_F(SecurityManagerTest, Listeners_Notifying) { security_manager_->AddListener(mock_listener1); security_manager_->AddListener(mock_listener2); // 1st call - security_manager_->NotifyListenersOnHandshakeDone(key, first_call_value); + security_manager_->NotifyListenersOnHandshakeDone(kKey, first_call_value); security_manager_->NotifyOnCertificateUpdateRequired(); // 2nd call - security_manager_->NotifyListenersOnHandshakeDone(key, second_call_value); + security_manager_->NotifyListenersOnHandshakeDone(kKey, second_call_value); security_manager_->NotifyOnCertificateUpdateRequired(); // 3nd call security_manager_->NotifyListenersOnHandshakeDone( - key, SSLContext::Handshake_Result_Fail); + kKey, SSLContext::Handshake_Result_Fail); security_manager_->NotifyOnCertificateUpdateRequired(); } @@ -282,7 +282,7 @@ TEST_F(SecurityManagerTest, SecurityManager_NULLCryptoManager) { uint8_t session_id = 0; TestAsyncWaiter waiter; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); @@ -290,7 +290,7 @@ TEST_F(SecurityManagerTest, SecurityManager_NULLCryptoManager) { EXPECT_CALL(mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_NOT_SUPPORTED), - is_final)).WillOnce(NotifyTestAsyncWaiter(&waiter)); + kIsFinal)).WillOnce(NotifyTestAsyncWaiter(&waiter)); const SecurityQuery::QueryHeader header(SecurityQuery::REQUEST, // It could be any query id SecurityQuery::INVALID_QUERY_ID); @@ -305,7 +305,7 @@ TEST_F(SecurityManagerTest, SecurityManager_NULLCryptoManager) { TEST_F(SecurityManagerTest, OnMobileMessageSent) { const uint8_t* data_param = NULL; const RawMessagePtr rawMessagePtr( - utils::MakeShared<RawMessage>(key, protocolVersion, data_param, 0)); + utils::MakeShared<RawMessage>(kKey, kProtocolVersion, data_param, 0)); security_manager_->OnMobileMessageSent(rawMessagePtr); } /* @@ -326,7 +326,7 @@ TEST_F(SecurityManagerTest, GetEmptyQuery) { uint32_t connection_id = 0; uint8_t session_id = 0; // uint8_t protocol_version = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); @@ -335,9 +335,9 @@ TEST_F(SecurityManagerTest, GetEmptyQuery) { mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_INVALID_QUERY_SIZE), - is_final)); + kIsFinal)); // Call with NULL data - call_OnMessageReceived(NULL, 0, secureServiceType); + call_OnMessageReceived(NULL, 0, kSecureServiceType); } /* * Shall send InternallError on null data recieved @@ -347,7 +347,7 @@ TEST_F(SecurityManagerTest, GetWrongJSONSize) { uint32_t connection_id = 0; uint8_t session_id = 0; // uint8_t protocol_version = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); @@ -356,7 +356,7 @@ TEST_F(SecurityManagerTest, GetWrongJSONSize) { mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_INVALID_QUERY_SIZE), - is_final)); + kIsFinal)); SecurityQuery::QueryHeader header(SecurityQuery::REQUEST, SecurityQuery::INVALID_QUERY_ID); header.json_size = 0x0FFFFFFF; @@ -372,7 +372,7 @@ TEST_F(SecurityManagerTest, GetInvalidQueryId) { TestAsyncWaiter waiter; uint32_t times = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)) + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)) .WillOnce(NotifyTestAsyncWaiter(&waiter)); times++; EXPECT_CALL(mock_session_observer, @@ -385,7 +385,7 @@ TEST_F(SecurityManagerTest, GetInvalidQueryId) { mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_INVALID_QUERY_ID), - is_final)).WillOnce(NotifyTestAsyncWaiter(&waiter)); + kIsFinal)).WillOnce(NotifyTestAsyncWaiter(&waiter)); times++; const SecurityQuery::QueryHeader header(SecurityQuery::REQUEST, SecurityQuery::INVALID_QUERY_ID); @@ -402,11 +402,11 @@ TEST_F(SecurityManagerTest, CreateSSLContext_ServiceAlreadyProtected) { SetMockCryptoManager(); // Return mock SSLContext - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .WillOnce(Return(&mock_ssl_context_new)); const SSLContext* result = security_manager_->CreateSSLContext( - key, + kKey, security_manager::SecurityManager::ContextCreationStrategy::kUseExisting); EXPECT_EQ(&mock_ssl_context_new, result); } @@ -419,22 +419,22 @@ TEST_F(SecurityManagerTest, CreateSSLContext_ErrorCreateSSL) { uint32_t connection_id = 0; uint8_t session_id = 0; // uint8_t protocol_version = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); EXPECT_CALL( mock_protocol_handler, SendMessageToMobileApp( - InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), is_final)); + InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), kIsFinal)); // Emulate SessionObserver and CryptoManager result - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .WillOnce(ReturnNull()); EXPECT_CALL(mock_crypto_manager, CreateSSLContext()).WillOnce(ReturnNull()); const SSLContext* result = security_manager_->CreateSSLContext( - key, + kKey, security_manager::SecurityManager::ContextCreationStrategy::kUseExisting); EXPECT_EQ(NULL, result); } @@ -448,7 +448,7 @@ TEST_F(SecurityManagerTest, CreateSSLContext_SetSSLContextError) { uint32_t connection_id = 0; uint8_t session_id = 0; // uint8_t protocol_version = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); @@ -457,19 +457,19 @@ TEST_F(SecurityManagerTest, CreateSSLContext_SetSSLContextError) { mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_UNKNOWN_INTERNAL_ERROR), - is_final)); + kIsFinal)); // Emulate SessionObserver and CryptoManager result - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .WillOnce(ReturnNull()); EXPECT_CALL(mock_crypto_manager, CreateSSLContext()) .WillOnce(Return(&mock_ssl_context_new)); EXPECT_CALL(mock_crypto_manager, ReleaseSSLContext(&mock_ssl_context_new)); - EXPECT_CALL(mock_session_observer, SetSSLContext(key, &mock_ssl_context_new)) + EXPECT_CALL(mock_session_observer, SetSSLContext(kKey, &mock_ssl_context_new)) .WillOnce(Return(SecurityManager::ERROR_UNKNOWN_INTERNAL_ERROR)); const SSLContext* result = security_manager_->CreateSSLContext( - key, + kKey, security_manager::SecurityManager::ContextCreationStrategy::kUseExisting); EXPECT_EQ(NULL, result); } @@ -482,17 +482,15 @@ TEST_F(SecurityManagerTest, CreateSSLContext_Success) { // Expect no notifying listeners - it will be done after handshake // Emulate SessionObserver and CryptoManager result - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) - . - // additional check for debug code - WillOnce(Return(&mock_ssl_context_exists)); + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) + .WillOnce(Return(&mock_ssl_context_exists)); EXPECT_CALL(mock_crypto_manager, CreateSSLContext()) .WillOnce(Return(&mock_ssl_context_new)); - EXPECT_CALL(mock_session_observer, SetSSLContext(key, &mock_ssl_context_new)) + EXPECT_CALL(mock_session_observer, SetSSLContext(kKey, &mock_ssl_context_new)) .WillOnce(Return(SecurityManager::ERROR_SUCCESS)); const SSLContext* result = security_manager_->CreateSSLContext( - key, + kKey, security_manager::SecurityManager::ContextCreationStrategy:: kForceRecreation); EXPECT_EQ(&mock_ssl_context_new, result); @@ -505,7 +503,7 @@ TEST_F(SecurityManagerTest, StartHandshake_ServiceStillUnprotected) { uint32_t connection_id = 0; uint8_t session_id = 0; // uint8_t protocol_version = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); @@ -513,17 +511,17 @@ TEST_F(SecurityManagerTest, StartHandshake_ServiceStillUnprotected) { EXPECT_CALL( mock_protocol_handler, SendMessageToMobileApp( - InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), is_final)); + InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), kIsFinal)); // Expect notifying listeners (unsuccess) EXPECT_CALL(*mock_sm_listener, - OnHandshakeDone(key, SSLContext::Handshake_Result_Fail)) + OnHandshakeDone(kKey, SSLContext::Handshake_Result_Fail)) .WillOnce(Return(true)); // Emulate SessionObserver result - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .WillOnce(ReturnNull()); - security_manager_->StartHandshake(key); + security_manager_->StartHandshake(kKey); // Listener was destroyed after OnHandshakeDone call mock_sm_listener.release(); @@ -537,23 +535,23 @@ TEST_F(SecurityManagerTest, StartHandshake_SSLInternalError) { uint32_t connection_id = 0; uint8_t session_id = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); // Expect notifying listeners (unsuccess) EXPECT_CALL(*mock_sm_listener, - OnHandshakeDone(key, SSLContext::Handshake_Result_Fail)) + OnHandshakeDone(kKey, SSLContext::Handshake_Result_Fail)) .WillOnce(Return(true)); - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .WillOnce(ReturnNull()); // Expect InternalError with ERROR_ID EXPECT_CALL( mock_protocol_handler, SendMessageToMobileApp( - InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), is_final)); + InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), kIsFinal)); - security_manager_->StartHandshake(key); + security_manager_->StartHandshake(kKey); mock_sm_listener.release(); } @@ -567,7 +565,7 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_WrongDataSize) { uint8_t session_id = 0; TestAsyncWaiter waiter; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); @@ -577,7 +575,7 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_WrongDataSize) { mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_INVALID_QUERY_SIZE), - is_final)).WillOnce(NotifyTestAsyncWaiter(&waiter)); + kIsFinal)).WillOnce(NotifyTestAsyncWaiter(&waiter)); EmulateMobileMessageHandshake(NULL, 0); @@ -597,7 +595,7 @@ TEST_F(SecurityManagerTest, TestAsyncWaiter waiter; uint32_t times = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)) + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)) .WillOnce(NotifyTestAsyncWaiter(&waiter)); times++; EXPECT_CALL(mock_session_observer, @@ -608,17 +606,17 @@ TEST_F(SecurityManagerTest, mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_SERVICE_NOT_PROTECTED), - is_final)).WillOnce(NotifyTestAsyncWaiter(&waiter)); + kIsFinal)).WillOnce(NotifyTestAsyncWaiter(&waiter)); times++; // Expect notifying listeners (unsuccess) EXPECT_CALL(*mock_sm_listener, - OnHandshakeDone(key, SSLContext::Handshake_Result_Fail)) + OnHandshakeDone(kKey, SSLContext::Handshake_Result_Fail)) .WillOnce(DoAll(NotifyTestAsyncWaiter(&waiter), Return(true))); times++; // Emulate SessionObserver result - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .WillOnce(DoAll(NotifyTestAsyncWaiter(&waiter), ReturnNull())); times++; @@ -646,7 +644,7 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_InvalidData) { TestAsyncWaiter waiter; uint32_t times = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)) + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)) .Times(handshake_emulates) .WillRepeatedly(NotifyTestAsyncWaiter(&waiter)); times += handshake_emulates; @@ -661,18 +659,18 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_InvalidData) { mock_protocol_handler, SendMessageToMobileApp( InternalErrorWithErrId(SecurityManager::ERROR_SSL_INVALID_DATA), - is_final)) + kIsFinal)) .Times(handshake_emulates) .WillRepeatedly(NotifyTestAsyncWaiter(&waiter)); times += handshake_emulates; // Expect notifying listeners (unsuccess) EXPECT_CALL(*mock_sm_listener, - OnHandshakeDone(key, SSLContext::Handshake_Result_Fail)) + OnHandshakeDone(kKey, SSLContext::Handshake_Result_Fail)) .WillOnce(DoAll(NotifyTestAsyncWaiter(&waiter), Return(true))); times++; // Emulate SessionObserver and CryptoManager result - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .Times(handshake_emulates) .WillRepeatedly(Return(&mock_ssl_context_exists)); @@ -727,7 +725,7 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_Answer) { TestAsyncWaiter waiter; uint32_t times = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)) + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)) .Times(handshake_emulates) .WillRepeatedly(NotifyTestAsyncWaiter(&waiter)); times += handshake_emulates; @@ -741,14 +739,14 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_Answer) { const size_t raw_message_size = 15; EXPECT_CALL( mock_protocol_handler, - SendMessageToMobileApp(RawMessageEqSize(raw_message_size), is_final)) + SendMessageToMobileApp(RawMessageEqSize(raw_message_size), kIsFinal)) .Times(handshake_emulates) .WillRepeatedly(NotifyTestAsyncWaiter(&waiter)); times += handshake_emulates; // Expect notifying listeners (unsuccess) EXPECT_CALL(*mock_sm_listener, - OnHandshakeDone(key, SSLContext::Handshake_Result_Fail)) + OnHandshakeDone(kKey, SSLContext::Handshake_Result_Fail)) .WillOnce(DoAll(NotifyTestAsyncWaiter(&waiter), Return(true))); times++; @@ -757,7 +755,7 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_Answer) { .Times(handshake_emulates) .WillRepeatedly(DoAll(NotifyTestAsyncWaiter(&waiter), Return(false))); times += handshake_emulates; - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .Times(handshake_emulates) .WillRepeatedly(DoAll(NotifyTestAsyncWaiter(&waiter), Return(&mock_ssl_context_exists))); @@ -803,12 +801,12 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_HandshakeFinished) { // Expect no errors // Expect notifying listeners (success) EXPECT_CALL(*mock_sm_listener, - OnHandshakeDone(key, SSLContext::Handshake_Result_Success)) + OnHandshakeDone(kKey, SSLContext::Handshake_Result_Success)) .WillOnce(DoAll(NotifyTestAsyncWaiter(&waiter), Return(true))); times++; // Emulate SessionObserver and CryptoManager result - EXPECT_CALL(mock_session_observer, GetSSLContext(key, kControl)) + EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) .Times(handshake_emulates) .WillRepeatedly(DoAll(NotifyTestAsyncWaiter(&waiter), Return(&mock_ssl_context_exists))); @@ -861,14 +859,14 @@ TEST_F(SecurityManagerTest, ProccessHandshakeData_HandshakeFinished) { uint32_t connection_id = 0; uint8_t session_id = 0; // uint8_t protocol_version = 0; - EXPECT_CALL(mock_session_observer, PairFromKey(key, _, _)).Times(2); + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)).Times(2); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .Times(2) .WillRepeatedly(DoAll(NotifyTestAsyncWaiter(&waiter), Return(true))); times += 2; // matches to the number above - EXPECT_CALL(mock_protocol_handler, SendMessageToMobileApp(_, is_final)) + EXPECT_CALL(mock_protocol_handler, SendMessageToMobileApp(_, kIsFinal)) .Times(2) .WillRepeatedly(NotifyTestAsyncWaiter(&waiter)); times += 2; // matches to the number above diff --git a/src/components/security_manager/test/ssl_certificate_handshake_test.cc b/src/components/security_manager/test/ssl_certificate_handshake_test.cc index dc335c8da2..2423ab00b7 100644 --- a/src/components/security_manager/test/ssl_certificate_handshake_test.cc +++ b/src/components/security_manager/test/ssl_certificate_handshake_test.cc @@ -66,36 +66,42 @@ const std::string server_expired_cert_file = const bool verify_peer = true; const bool skip_peer_verification = false; -const size_t updates_before_hour = 24; - } // namespace +struct Protocol { + security_manager::Protocol server_protocol; + security_manager::Protocol client_protocol; + + Protocol(security_manager::Protocol s_protocol, + security_manager::Protocol c_protocol) + : server_protocol(s_protocol), client_protocol(c_protocol) {} +}; -class SSLHandshakeTest : public testing::Test { +class SSLHandshakeTest : public testing::TestWithParam<Protocol> { protected: void SetUp() OVERRIDE { - mock_server_manager_settings = new testing::NiceMock< + mock_server_manager_settings_ = new testing::NiceMock< security_manager_test::MockCryptoManagerSettings>(); - server_manager = new security_manager::CryptoManagerImpl( + server_manager_ = new security_manager::CryptoManagerImpl( utils::SharedPtr<security_manager::CryptoManagerSettings>( - mock_server_manager_settings)); - ASSERT_TRUE(server_manager); - mock_client_manager_settings = new testing::NiceMock< + mock_server_manager_settings_)); + ASSERT_TRUE(server_manager_); + mock_client_manager_settings_ = new testing::NiceMock< security_manager_test::MockCryptoManagerSettings>(); - client_manager = new security_manager::CryptoManagerImpl( + client_manager_ = new security_manager::CryptoManagerImpl( utils::SharedPtr<security_manager::CryptoManagerSettings>( - mock_client_manager_settings)); - ASSERT_TRUE(client_manager); - server_ctx = NULL; - client_ctx = NULL; + mock_client_manager_settings_)); + ASSERT_TRUE(client_manager_); + server_ctx_ = NULL; + client_ctx_ = NULL; } void TearDown() OVERRIDE { - server_manager->ReleaseSSLContext(server_ctx); - delete server_manager; - client_manager->ReleaseSSLContext(client_ctx); - delete client_manager; + server_manager_->ReleaseSSLContext(server_ctx_); + delete server_manager_; + client_manager_->ReleaseSSLContext(client_ctx_); + delete client_manager_; } void SetServerInitialValues(const security_manager::Protocol protocol, @@ -106,18 +112,21 @@ class SSLHandshakeTest : public testing::Test { server_certificate_ = cert; server_ciphers_list_ = server_ciphers_list; server_ca_certificate_path_ = ca_certificate_path; - - ON_CALL(*mock_server_manager_settings, security_manager_mode()) + ON_CALL(*mock_server_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_server_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + ON_CALL(*mock_server_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::SERVER)); - ON_CALL(*mock_server_manager_settings, security_manager_protocol_name()) + ON_CALL(*mock_server_manager_settings_, security_manager_protocol_name()) .WillByDefault(Return(protocol)); - ON_CALL(*mock_server_manager_settings, certificate_data()) + ON_CALL(*mock_server_manager_settings_, certificate_data()) .WillByDefault(ReturnRef(server_certificate_)); - ON_CALL(*mock_server_manager_settings, ciphers_list()) + ON_CALL(*mock_server_manager_settings_, ciphers_list()) .WillByDefault(ReturnRef(server_ciphers_list_)); - ON_CALL(*mock_server_manager_settings, ca_cert_path()) + ON_CALL(*mock_server_manager_settings_, ca_cert_path()) .WillByDefault(ReturnRef(server_ca_certificate_path_)); - ON_CALL(*mock_server_manager_settings, verify_peer()) + ON_CALL(*mock_server_manager_settings_, verify_peer()) .WillByDefault(Return(verify_peer)); } void SetClientInitialValues(const security_manager::Protocol protocol, @@ -129,17 +138,21 @@ class SSLHandshakeTest : public testing::Test { client_ciphers_list_ = client_ciphers_list; client_ca_certificate_path_ = ca_certificate_path; - ON_CALL(*mock_client_manager_settings, security_manager_mode()) + ON_CALL(*mock_client_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_client_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + ON_CALL(*mock_client_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::CLIENT)); - ON_CALL(*mock_client_manager_settings, security_manager_protocol_name()) + ON_CALL(*mock_client_manager_settings_, security_manager_protocol_name()) .WillByDefault(Return(protocol)); - ON_CALL(*mock_client_manager_settings, certificate_data()) + ON_CALL(*mock_client_manager_settings_, certificate_data()) .WillByDefault(ReturnRef(client_certificate_)); - ON_CALL(*mock_client_manager_settings, ciphers_list()) + ON_CALL(*mock_client_manager_settings_, ciphers_list()) .WillByDefault(ReturnRef(client_ciphers_list_)); - ON_CALL(*mock_client_manager_settings, ca_cert_path()) + ON_CALL(*mock_client_manager_settings_, ca_cert_path()) .WillByDefault(ReturnRef(client_ca_certificate_path_)); - ON_CALL(*mock_client_manager_settings, verify_peer()) + ON_CALL(*mock_client_manager_settings_, verify_peer()) .WillByDefault(Return(verify_peer)); } @@ -156,19 +169,19 @@ class SSLHandshakeTest : public testing::Test { cert.close(); SetServerInitialValues( protocol, ss.str(), ciphers_list, verify_peer, ca_certificate_path); - const bool initialized = server_manager->Init(); + const bool initialized = server_manager_->Init(); if (!initialized) { return false; } - server_ctx = server_manager->CreateSSLContext(); + server_ctx_ = server_manager_->CreateSSLContext(); - if (!server_ctx) { + if (!server_ctx_) { return false; } - server_ctx->SetHandshakeContext( + server_ctx_->SetHandshakeContext( security_manager::SSLContext::HandshakeContext( custom_str::CustomString("SPT"), custom_str::CustomString("client"))); @@ -192,17 +205,17 @@ class SSLHandshakeTest : public testing::Test { ciphers_list, verify_peer, ca_certificate_path); - const bool initialized = client_manager->Init(); + const bool initialized = client_manager_->Init(); if (!initialized) { return false; } - client_ctx = client_manager->CreateSSLContext(); - if (!client_ctx) { + client_ctx_ = client_manager_->CreateSSLContext(); + if (!client_ctx_) { return false; } - client_ctx->SetHandshakeContext( + client_ctx_->SetHandshakeContext( security_manager::SSLContext::HandshakeContext( custom_str::CustomString("SPT"), custom_str::CustomString("server"))); @@ -211,17 +224,17 @@ class SSLHandshakeTest : public testing::Test { } void ResetConnections() { - ASSERT_NO_THROW(server_ctx->ResetConnection()); - ASSERT_NO_THROW(client_ctx->ResetConnection()); + ASSERT_NO_THROW(server_ctx_->ResetConnection()); + ASSERT_NO_THROW(client_ctx_->ResetConnection()); } void StartHandshake() { using security_manager::SSLContext; ASSERT_EQ(SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&client_buf, &client_buf_len)); - ASSERT_FALSE(client_buf == NULL); - ASSERT_GT(client_buf_len, 0u); + client_ctx_->StartHandshake(&client_buf_, &client_buf_len_)); + ASSERT_FALSE(client_buf_ == NULL); + ASSERT_GT(client_buf_len_, 0u); } void HandshakeProcedure_Success() { @@ -229,23 +242,25 @@ class SSLHandshakeTest : public testing::Test { StartHandshake(); while (true) { - ASSERT_EQ(SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( - client_buf, client_buf_len, &server_buf, &server_buf_len)) + ASSERT_EQ( + SSLContext::Handshake_Result_Success, + server_ctx_->DoHandshakeStep( + client_buf_, client_buf_len_, &server_buf_, &server_buf_len_)) << ERR_reason_error_string(ERR_get_error()); - ASSERT_FALSE(server_buf == NULL); - ASSERT_GT(server_buf_len, 0u); + ASSERT_FALSE(server_buf_ == NULL); + ASSERT_GT(server_buf_len_, 0u); - ASSERT_EQ(SSLContext::Handshake_Result_Success, - client_ctx->DoHandshakeStep( - server_buf, server_buf_len, &client_buf, &client_buf_len)) + ASSERT_EQ( + SSLContext::Handshake_Result_Success, + client_ctx_->DoHandshakeStep( + server_buf_, server_buf_len_, &client_buf_, &client_buf_len_)) << ERR_reason_error_string(ERR_get_error()); - if (server_ctx->IsInitCompleted()) { + if (server_ctx_->IsInitCompleted()) { break; } - ASSERT_FALSE(client_buf == NULL); - ASSERT_GT(client_buf_len, 0u); + ASSERT_FALSE(client_buf_ == NULL); + ASSERT_GT(client_buf_len_, 0u); } } @@ -255,9 +270,9 @@ class SSLHandshakeTest : public testing::Test { StartHandshake(); while (true) { - const SSLContext::HandshakeResult result = server_ctx->DoHandshakeStep( - client_buf, client_buf_len, &server_buf, &server_buf_len); - ASSERT_FALSE(server_ctx->IsInitCompleted()) + const SSLContext::HandshakeResult result = server_ctx_->DoHandshakeStep( + client_buf_, client_buf_len_, &server_buf_, &server_buf_len_); + ASSERT_FALSE(server_ctx_->IsInitCompleted()) << "Expected server side handshake fail"; // First few handshake will be successful @@ -265,18 +280,19 @@ class SSLHandshakeTest : public testing::Test { // Test successfully passed with handshake fail return; } - ASSERT_FALSE(server_buf == NULL); - ASSERT_GT(server_buf_len, 0u); + ASSERT_FALSE(server_buf_ == NULL); + ASSERT_GT(server_buf_len_, 0u); - ASSERT_EQ(SSLContext::Handshake_Result_Success, - client_ctx->DoHandshakeStep( - server_buf, server_buf_len, &client_buf, &client_buf_len)) + ASSERT_EQ( + SSLContext::Handshake_Result_Success, + client_ctx_->DoHandshakeStep( + server_buf_, server_buf_len_, &client_buf_, &client_buf_len_)) << ERR_reason_error_string(ERR_get_error()); - ASSERT_FALSE(client_ctx->IsInitCompleted()) + ASSERT_FALSE(client_ctx_->IsInitCompleted()) << "Expected server side handshake fail"; - ASSERT_FALSE(client_buf == NULL); - ASSERT_GT(client_buf_len, 0u); + ASSERT_FALSE(client_buf_ == NULL); + ASSERT_GT(client_buf_len_, 0u); } FAIL() << "Expected server side handshake fail"; } @@ -288,17 +304,18 @@ class SSLHandshakeTest : public testing::Test { StartHandshake(); while (true) { - ASSERT_EQ(SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( - client_buf, client_buf_len, &server_buf, &server_buf_len)) + ASSERT_EQ( + SSLContext::Handshake_Result_Success, + server_ctx_->DoHandshakeStep( + client_buf_, client_buf_len_, &server_buf_, &server_buf_len_)) << ERR_reason_error_string(ERR_get_error()); - ASSERT_FALSE(server_buf == NULL); - ASSERT_GT(server_buf_len, 0u); + ASSERT_FALSE(server_buf_ == NULL); + ASSERT_GT(server_buf_len_, 0u); - const SSLContext::HandshakeResult result = client_ctx->DoHandshakeStep( - server_buf, server_buf_len, &client_buf, &client_buf_len); - ASSERT_FALSE(client_ctx->IsInitCompleted()) + const SSLContext::HandshakeResult result = client_ctx_->DoHandshakeStep( + server_buf_, server_buf_len_, &client_buf_, &client_buf_len_); + ASSERT_FALSE(client_ctx_->IsInitCompleted()) << "Expected client side handshake fail"; // First few handsahke will be successful @@ -308,25 +325,25 @@ class SSLHandshakeTest : public testing::Test { return; } - ASSERT_FALSE(client_buf == NULL); - ASSERT_GT(client_buf_len, 0u); + ASSERT_FALSE(client_buf_ == NULL); + ASSERT_GT(client_buf_len_, 0u); } FAIL() << "Expected client side handshake fail"; } - security_manager::CryptoManager* server_manager; - security_manager::CryptoManager* client_manager; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::CryptoManager* server_manager_; + security_manager::CryptoManager* client_manager_; + security_manager::SSLContext* server_ctx_; + security_manager::SSLContext* client_ctx_; testing::NiceMock<security_manager_test::MockCryptoManagerSettings>* - mock_server_manager_settings; + mock_server_manager_settings_; testing::NiceMock<security_manager_test::MockCryptoManagerSettings>* - mock_client_manager_settings; + mock_client_manager_settings_; - const uint8_t* server_buf; - const uint8_t* client_buf; - size_t server_buf_len; - size_t client_buf_len; + const uint8_t* server_buf_; + const uint8_t* client_buf_; + size_t server_buf_len_; + size_t client_buf_len_; std::string server_certificate_; std::string server_ciphers_list_; @@ -335,179 +352,175 @@ class SSLHandshakeTest : public testing::Test { std::string client_certificate_; std::string client_ciphers_list_; std::string client_ca_certificate_path_; + + const std::vector<int> forced_protected_service_; + const std::vector<int> forced_unprotected_service_; }; -TEST_F(SSLHandshakeTest, NoVerification) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +INSTANTIATE_TEST_CASE_P( + CorrectProtocol, + SSLHandshakeTest, + ::testing::Values( + Protocol(security_manager::TLSv1, security_manager::TLSv1), + Protocol(security_manager::TLSv1_1, security_manager::TLSv1_1), + Protocol(security_manager::TLSv1_2, security_manager::TLSv1_2), + Protocol(security_manager::DTLSv1, security_manager::DTLSv1))); + +TEST_P(SSLHandshakeTest, NoVerification) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", skip_peer_verification, "")) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, "")) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_ServerSide) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_ServerSide) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, "")) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_ServerSide_NoCACertificate) { +TEST_P(SSLHandshakeTest, CAVerification_ServerSide_NoCACertificate) { ASSERT_TRUE(InitServerManagers( - security_manager::TLSv1_2, "", "ALL", verify_peer, "unex")) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + GetParam().server_protocol, "", "ALL", verify_peer, "unex")) + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, "")) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_ServerSideFail()); - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) - << server_manager->LastError(); + << server_manager_->LastError(); GTEST_TRACE(ResetConnections()); GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_ClientSide) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, - server_certificate, - "ALL", - verify_peer, - client_ca_cert_filename)) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, - client_certificate, - "ALL", - verify_peer, - server_ca_cert_filename)) - << client_manager->LastError(); - - GTEST_TRACE(HandshakeProcedure_Success()); -} - -TEST_F(SSLHandshakeTest, CAVerification_ClientSide_NoCACertificate) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_ClientSide_NoCACertificate) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", skip_peer_verification, "")) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, "", "ALL", verify_peer, "client_ca_cert_filename")) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_ClientSideFail( security_manager::SSLContext::Handshake_Result_Fail)); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, server_ca_cert_filename)) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(ResetConnections()); GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, CAVerification_BothSides) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_BothSides) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, server_ca_cert_filename)) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_Success()); } -TEST_F(SSLHandshakeTest, UnsignedCert) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, UnsignedCert) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_unsigned_cert_file, "ALL", skip_peer_verification, "")) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, client_ca_cert_filename)) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_ClientSideFail( security_manager::SSLContext::Handshake_Result_CertNotSigned)); } -TEST_F(SSLHandshakeTest, ExpiredCert) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, ExpiredCert) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_expired_cert_file, "ALL", verify_peer, client_ca_cert_filename)) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, server_ca_cert_filename)) - << client_manager->LastError(); + << client_manager_->LastError(); GTEST_TRACE(HandshakeProcedure_ClientSideFail( security_manager::SSLContext::Handshake_Result_CertExpired)); } -TEST_F(SSLHandshakeTest, AppNameAndAppIDInvalid) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, AppNameAndAppIDInvalid) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", verify_peer, server_ca_cert_filename)) - << client_manager->LastError(); + << client_manager_->LastError(); - client_ctx->SetHandshakeContext( + client_ctx_->SetHandshakeContext( security_manager::SSLContext::HandshakeContext( custom_str::CustomString("server"), custom_str::CustomString("Wrong"))); @@ -516,7 +529,7 @@ TEST_F(SSLHandshakeTest, AppNameAndAppIDInvalid) { security_manager::SSLContext::Handshake_Result_AppNameMismatch)); ResetConnections(); - client_ctx->SetHandshakeContext( + client_ctx_->SetHandshakeContext( security_manager::SSLContext::HandshakeContext( custom_str::CustomString("Wrong"), custom_str::CustomString("server"))); @@ -525,19 +538,19 @@ TEST_F(SSLHandshakeTest, AppNameAndAppIDInvalid) { security_manager::SSLContext::Handshake_Result_AppIDMismatch)); } -TEST_F(SSLHandshakeTest, NoVerification_ResetConnection) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, NoVerification_ResetConnection) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", skip_peer_verification, "")) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, "")) - << client_manager->LastError(); + << client_manager_->LastError(); const int times = 100; for (int i = 0; i < times; ++i) { @@ -549,19 +562,19 @@ TEST_F(SSLHandshakeTest, NoVerification_ResetConnection) { } } -TEST_F(SSLHandshakeTest, CAVerification_BothSides_ResetConnection) { - ASSERT_TRUE(InitServerManagers(security_manager::TLSv1_2, +TEST_P(SSLHandshakeTest, CAVerification_BothSides_ResetConnection) { + ASSERT_TRUE(InitServerManagers(GetParam().server_protocol, server_certificate, "ALL", verify_peer, client_ca_cert_filename)) - << server_manager->LastError(); - ASSERT_TRUE(InitClientManagers(security_manager::TLSv1_2, + << server_manager_->LastError(); + ASSERT_TRUE(InitClientManagers(GetParam().client_protocol, client_certificate, "ALL", skip_peer_verification, server_ca_cert_filename)) - << client_manager->LastError(); + << client_manager_->LastError(); const int times = 100; for (int i = 0; i < times; ++i) { @@ -572,7 +585,6 @@ TEST_F(SSLHandshakeTest, CAVerification_BothSides_ResetConnection) { GTEST_TRACE(ResetConnections()); } } - // TODO(EZamakhov): add fail tests -broken or not full ca certificate chain } // namespace ssl_handshake_test diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index a77cd98b27..7a4a9c3a87 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -49,7 +49,6 @@ using ::testing::ReturnRef; using ::testing::NiceMock; namespace { -const size_t kUpdatesBeforeHour = 24; const std::string kCaPath = ""; const uint8_t* kServerBuf; const uint8_t* kClientBuf; @@ -70,19 +69,19 @@ namespace ssl_context_test { namespace custom_str = utils::custom_string; struct ProtocolAndCipher { - security_manager::Protocol server_protocol; - security_manager::Protocol client_protocol; - std::string server_ciphers_list; - std::string client_ciphers_list; + security_manager::Protocol server_protocol_; + security_manager::Protocol client_protocol_; + std::string server_ciphers_list_; + std::string client_ciphers_list_; ProtocolAndCipher(security_manager::Protocol s_protocol, security_manager::Protocol c_protocol, std::string s_ciphers_list, std::string c_ciphers_list) - : server_protocol(s_protocol) - , client_protocol(c_protocol) - , server_ciphers_list(s_ciphers_list) - , client_ciphers_list(c_ciphers_list) {} + : server_protocol_(s_protocol) + , client_protocol_(c_protocol) + , server_ciphers_list_(s_ciphers_list) + , client_ciphers_list_(c_ciphers_list) {} }; class SSLTest : public testing::Test { @@ -127,6 +126,12 @@ class SSLTest : public testing::Test { .WillRepeatedly(ReturnRef(kCaPath)); EXPECT_CALL(*mock_crypto_manager_settings_, verify_peer()) .WillOnce(Return(false)); + + ON_CALL(*mock_crypto_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_crypto_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + const bool crypto_manager_initialization = crypto_manager_->Init(); EXPECT_TRUE(crypto_manager_initialization); @@ -150,6 +155,12 @@ class SSLTest : public testing::Test { .WillRepeatedly(ReturnRef(kCaPath)); EXPECT_CALL(*mock_client_manager_settings_, verify_peer()) .WillOnce(Return(false)); + + ON_CALL(*mock_client_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_client_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + const bool client_manager_initialization = client_manager_->Init(); EXPECT_TRUE(client_manager_initialization); @@ -159,19 +170,19 @@ class SSLTest : public testing::Test { .WillByDefault(Return(kMaximumPayloadSize)); EXPECT_CALL(*mock_crypto_manager_settings_, security_manager_mode()) .WillRepeatedly(Return(security_manager::SERVER)); - server_ctx = crypto_manager_->CreateSSLContext(); + server_ctx_ = crypto_manager_->CreateSSLContext(); EXPECT_CALL(*mock_client_manager_settings_, security_manager_mode()) .Times(2) .WillRepeatedly(Return(security_manager::CLIENT)); - client_ctx = client_manager_->CreateSSLContext(); + client_ctx_ = client_manager_->CreateSSLContext(); using custom_str::CustomString; security_manager::SSLContext::HandshakeContext ctx(CustomString("SPT"), CustomString("client")); - server_ctx->SetHandshakeContext(ctx); + server_ctx_->SetHandshakeContext(ctx); ctx.expected_cn = "server"; - client_ctx->SetHandshakeContext(ctx); + client_ctx_->SetHandshakeContext(ctx); kServerBuf = NULL; kClientBuf = NULL; @@ -180,8 +191,8 @@ class SSLTest : public testing::Test { } void TearDown() OVERRIDE { - crypto_manager_->ReleaseSSLContext(server_ctx); - client_manager_->ReleaseSSLContext(client_ctx); + crypto_manager_->ReleaseSSLContext(server_ctx_); + client_manager_->ReleaseSSLContext(client_ctx_); delete crypto_manager_; delete client_manager_; @@ -194,11 +205,14 @@ class SSLTest : public testing::Test { mock_crypto_manager_settings_; utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_client_manager_settings_; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::SSLContext* server_ctx_; + security_manager::SSLContext* client_ctx_; static std::string client_certificate_data_base64_; static std::string server_certificate_data_base64_; + + const std::vector<int> forced_unprotected_service_; + const std::vector<int> forced_protected_service_; }; std::string SSLTest::client_certificate_data_base64_; std::string SSLTest::server_certificate_data_base64_; @@ -222,37 +236,38 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { NiceMock<security_manager_test::MockCryptoManagerSettings> >(); utils::SharedPtr<security_manager::CryptoManagerSettings> server_crypto( mock_crypto_manager_settings_); - crypto_manager = new security_manager::CryptoManagerImpl(server_crypto); + crypto_manager_ = new security_manager::CryptoManagerImpl(server_crypto); - SetServerInitialValues(GetParam().server_protocol, - GetParam().server_ciphers_list); + SetServerInitialValues(GetParam().server_protocol_, + GetParam().server_ciphers_list_); - const bool crypto_manager_initialization = crypto_manager->Init(); - ASSERT_TRUE(crypto_manager_initialization); + const bool crypto_manager_initialization = crypto_manager_->Init(); + EXPECT_TRUE(crypto_manager_initialization); mock_client_manager_settings_ = utils::MakeShared< NiceMock<security_manager_test::MockCryptoManagerSettings> >(); utils::SharedPtr<security_manager::CryptoManagerSettings> client_crypto( mock_client_manager_settings_); - client_manager = new security_manager::CryptoManagerImpl(client_crypto); + client_manager_ = new security_manager::CryptoManagerImpl(client_crypto); - SetClientInitialValues(GetParam().client_protocol, - GetParam().client_ciphers_list); + SetClientInitialValues(GetParam().client_protocol_, + GetParam().client_ciphers_list_); - const bool client_manager_initialization = client_manager->Init(); - ASSERT_TRUE(client_manager_initialization); + const bool client_manager_initialization = client_manager_->Init(); + EXPECT_TRUE(client_manager_initialization); - server_ctx = crypto_manager->CreateSSLContext(); - client_ctx = client_manager->CreateSSLContext(); + server_ctx_ = crypto_manager_->CreateSSLContext(); + client_ctx_ = client_manager_->CreateSSLContext(); using custom_str::CustomString; - security_manager::SSLContext::HandshakeContext ctx(CustomString("SPT"), - CustomString("client")); - server_ctx->SetHandshakeContext(ctx); - ctx.expected_cn = "server"; - client_ctx->SetHandshakeContext(ctx); + server_ctx_->SetHandshakeContext( + security_manager::SSLContext::HandshakeContext(CustomString("SPT"), + CustomString("client"))); + client_ctx_->SetHandshakeContext( + security_manager::SSLContext::HandshakeContext(CustomString("SPT"), + CustomString("server"))); kServerBuf = NULL; kClientBuf = NULL; @@ -261,18 +276,19 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { } void TearDown() OVERRIDE { - if (crypto_manager) { - crypto_manager->ReleaseSSLContext(server_ctx); - } - if (client_manager) { - client_manager->ReleaseSSLContext(client_ctx); - } - delete crypto_manager; - delete client_manager; + crypto_manager_->ReleaseSSLContext(server_ctx_); + client_manager_->ReleaseSSLContext(client_ctx_); + + delete crypto_manager_; + delete client_manager_; } void SetServerInitialValues(security_manager::Protocol protocol, const std::string& server_ciphers_list) { + ON_CALL(*mock_crypto_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_crypto_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); ON_CALL(*mock_crypto_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::SERVER)); ON_CALL(*mock_crypto_manager_settings_, security_manager_protocol_name()) @@ -286,8 +302,13 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { ON_CALL(*mock_crypto_manager_settings_, verify_peer()) .WillByDefault(Return(false)); } + void SetClientInitialValues(security_manager::Protocol protocol, const std::string& client_ciphers_list) { + ON_CALL(*mock_client_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_client_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); ON_CALL(*mock_client_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::CLIENT)); ON_CALL(*mock_client_manager_settings_, security_manager_protocol_name()) @@ -306,11 +327,13 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { mock_crypto_manager_settings_; utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_client_manager_settings_; - security_manager::CryptoManager* crypto_manager = NULL; - security_manager::CryptoManager* client_manager = NULL; - security_manager::SSLContext* server_ctx = NULL; - security_manager::SSLContext* client_ctx = NULL; + security_manager::CryptoManager* crypto_manager_; + security_manager::CryptoManager* client_manager_; + security_manager::SSLContext* server_ctx_; + security_manager::SSLContext* client_ctx_; std::string certificate_data_base64_; + const std::vector<int> forced_unprotected_service_; + const std::vector<int> forced_protected_service_; }; class SSLTestForTLS1_2 : public SSLTestParam {}; @@ -319,7 +342,7 @@ class SSLTestForTLS1_2 : public SSLTestParam {}; INSTANTIATE_TEST_CASE_P( CorrectProtocolAndCiphers, SSLTestParam, - ::testing::Values(ProtocolAndCipher(security_manager::TLSv1, + ::testing::Values(ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1, kFordCipher, kFordCipher), @@ -334,7 +357,11 @@ INSTANTIATE_TEST_CASE_P( kFordCipher, kFordCipher) #endif - )); + , + ProtocolAndCipher(security_manager::DTLSv1, + security_manager::DTLSv1, + kFordCipher, + kFordCipher))); INSTANTIATE_TEST_CASE_P( IncorrectProtocolAndCiphers, @@ -365,6 +392,22 @@ INSTANTIATE_TEST_CASE_P( security_manager::SSLv3, kFordCipher, kFordCipher), + ProtocolAndCipher(security_manager::TLSv1, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::DTLSv1, + security_manager::TLSv1_1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_2, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_1, + security_manager::DTLSv1, + kFordCipher, + kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::SSLv3, kFordCipher, @@ -382,7 +425,8 @@ INSTANTIATE_TEST_CASE_P( TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); + ASSERT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); // Broke 3 bytes for get abnormal fail of handshake @@ -390,26 +434,26 @@ TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { const_cast<uint8_t*>(kClientBuf)[client_buf_len / 2] ^= 0xFF; const_cast<uint8_t*>(kClientBuf)[client_buf_len - 1] ^= 0xFF; ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); - EXPECT_EQ("Initialization is not completed", server_ctx->LastError()); - EXPECT_EQ("Initialization is not completed", client_ctx->LastError()); + EXPECT_EQ("Initialization is not completed", server_ctx_->LastError()); + EXPECT_EQ("Initialization is not completed", client_ctx_->LastError()); } // TODO {AKozoriz} : Unexpected uncomplited init of SSL component. // In this and next tests. // Must be fixed after merge to develop. TEST_F(SSLTest, OnTSL2Protocol_Positive) { - ASSERT_EQ(client_ctx->StartHandshake(&kClientBuf, &client_buf_len), + ASSERT_EQ(client_ctx_->StartHandshake(&kClientBuf, &client_buf_len), security_manager::SSLContext::Handshake_Result_Success); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); while (true) { ASSERT_TRUE(NULL != kClientBuf); ASSERT_LT(0u, client_buf_len); const security_manager::SSLContext::HandshakeResult server_result = - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, server_result); @@ -417,11 +461,11 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { ASSERT_LT(0u, server_buf_len); const security_manager::SSLContext::HandshakeResult client_result = - client_ctx->DoHandshakeStep( + client_ctx_->DoHandshakeStep( kServerBuf, server_buf_len, &kClientBuf, &client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, client_result); - if (server_ctx->IsInitCompleted()) { + if (server_ctx_->IsInitCompleted()) { break; } @@ -432,22 +476,22 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { ASSERT_TRUE(NULL == kClientBuf); ASSERT_EQ(0u, client_buf_len); // expect both side initialization complete - EXPECT_TRUE(client_ctx->IsInitCompleted()); - EXPECT_TRUE(server_ctx->IsInitCompleted()); + EXPECT_TRUE(client_ctx_->IsInitCompleted()); + EXPECT_TRUE(server_ctx_->IsInitCompleted()); // Encrypt text on client side const uint8_t* text = reinterpret_cast<const uint8_t*>("abra"); const uint8_t* encrypted_text = 0; size_t text_len = 4; size_t encrypted_text_len; - EXPECT_TRUE(client_ctx->Encrypt( + EXPECT_TRUE(client_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), encrypted_text); ASSERT_LT(0u, encrypted_text_len); // Decrypt text on server side - EXPECT_TRUE(server_ctx->Decrypt( + EXPECT_TRUE(server_ctx_->Decrypt( encrypted_text, encrypted_text_len, &text, &text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), text); ASSERT_LT(0u, text_len); @@ -457,34 +501,34 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { TEST_F(SSLTest, OnTSL2Protocol_EcncryptionFail) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); - while (!server_ctx->IsInitCompleted()) { + while (!server_ctx_->IsInitCompleted()) { ASSERT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); ASSERT_FALSE(NULL == kServerBuf); ASSERT_LT(0u, server_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->DoHandshakeStep( + client_ctx_->DoHandshakeStep( kServerBuf, server_buf_len, &kClientBuf, &client_buf_len)); } // Expect empty buffers after init complete ASSERT_TRUE(NULL == kClientBuf); ASSERT_EQ(0u, client_buf_len); // Expect both side initialization complete - EXPECT_TRUE(client_ctx->IsInitCompleted()); - EXPECT_TRUE(server_ctx->IsInitCompleted()); + EXPECT_TRUE(client_ctx_->IsInitCompleted()); + EXPECT_TRUE(server_ctx_->IsInitCompleted()); // Encrypt text on client side const uint8_t* text = reinterpret_cast<const uint8_t*>("abra"); const uint8_t* encrypted_text = 0; size_t text_len = 4; size_t encrypted_text_len; - EXPECT_TRUE(client_ctx->Encrypt( + EXPECT_TRUE(client_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), encrypted_text); ASSERT_LT(0u, encrypted_text_len); @@ -497,29 +541,30 @@ TEST_F(SSLTest, OnTSL2Protocol_EcncryptionFail) { const uint8_t* out_text; size_t out_text_size; // Decrypt broken text on server side - EXPECT_FALSE(server_ctx->Decrypt( + EXPECT_FALSE(server_ctx_->Decrypt( &broken[0], broken.size(), &out_text, &out_text_size)); // Check after broken message that server encryption and decryption fail // Encrypte message on server side - EXPECT_FALSE(server_ctx->Decrypt( + EXPECT_FALSE(server_ctx_->Decrypt( encrypted_text, encrypted_text_len, &out_text, &out_text_size)); - EXPECT_FALSE(server_ctx->Encrypt( + EXPECT_FALSE(server_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); } TEST_P(SSLTestParam, ClientAndServerNotTLSv1_2_HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); + EXPECT_TRUE(NULL == kClientBuf); EXPECT_EQ(0u, client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); EXPECT_TRUE(NULL == kServerBuf); EXPECT_EQ(0u, server_buf_len); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); } INSTANTIATE_TEST_CASE_P( @@ -544,16 +589,19 @@ INSTANTIATE_TEST_CASE_P( TEST_P(SSLTestForTLS1_2, HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); EXPECT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); + ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - server_ctx->DoHandshakeStep( - kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); + server_ctx_->DoHandshakeStep( + kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)) + << ERR_reason_error_string(ERR_get_error()); + EXPECT_TRUE(NULL == kServerBuf); EXPECT_EQ(0u, server_buf_len); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); } } // namespace ssl_context_test |