diff options
Diffstat (limited to 'src/components/security_manager/test/crypto_manager_impl_test.cc')
-rw-r--r-- | src/components/security_manager/test/crypto_manager_impl_test.cc | 588 |
1 files changed, 197 insertions, 391 deletions
diff --git a/src/components/security_manager/test/crypto_manager_impl_test.cc b/src/components/security_manager/test/crypto_manager_impl_test.cc index 52ac42b418..27f91866ac 100644 --- a/src/components/security_manager/test/crypto_manager_impl_test.cc +++ b/src/components/security_manager/test/crypto_manager_impl_test.cc @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, Ford Motor Company + * Copyright (c) 2016, Ford Motor Company * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,433 +30,239 @@ * POSSIBILITY OF SUCH DAMAGE. */ -#include <gtest/gtest.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> - -#include "security_manager/crypto_manager.h" -#include "security_manager/crypto_manager_impl.h" -#include "security_manager/ssl_context.h" - #ifdef __QNXNTO__ #include <openssl/ssl3.h> #else -#include <openssl/tls1.h> -#endif +#include <openssl/ssl.h> +#endif //__QNXNTO__ +#include <limits> +#include <fstream> +#include <sstream> + +#include "gtest/gtest.h" +#include "security_manager/crypto_manager_impl.h" +#include "security_manager/mock_security_manager_settings.h" + +using ::testing::Return; +using ::testing::ReturnRef; +using ::testing::NiceMock; + +namespace { +const size_t kUpdatesBeforeHour = 24; +const std::string kAllCiphers = "ALL"; +const std::string kCaCertPath = ""; #ifdef __QNXNTO__ -#define FORD_CIPHER SSL3_TXT_RSA_DES_192_CBC3_SHA +const std::string kFordCipher = SSL3_TXT_RSA_DES_192_CBC3_SHA; #else // Used cipher from ford protocol requirement -#define FORD_CIPHER TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 +const std::string kFordCipher = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384; #endif - -#define ALL_CIPHERS "ALL" +} namespace test { namespace components { -namespace security_manager_test { +namespace crypto_manager_test { -namespace { -bool isErrorFatal(SSL *connection, int res) { - const int error = SSL_get_error(connection, res); - return (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE); -} -} -// TODO(EZamakhov): May be split to SSLContext and Cryptomanager tests (separate files) -// TODO(EZamakhov): add test for EnsureBufferSizeEnough -class SSLTest : public testing::Test { +class CryptoManagerTest : public testing::Test { protected: static void SetUpTestCase() { - crypto_manager = new security_manager::CryptoManagerImpl(); - const bool crypto_manager_initialization = crypto_manager->Init( - security_manager::SERVER, security_manager::TLSv1_2, "mycert.pem", - "mykey.pem", FORD_CIPHER, false); - EXPECT_TRUE(crypto_manager_initialization); - - client_manager = new security_manager::CryptoManagerImpl(); - const bool client_manager_initialization = client_manager->Init( - security_manager::CLIENT, security_manager::TLSv1_2, "", "", - FORD_CIPHER, - false); - EXPECT_TRUE(client_manager_initialization); + std::ifstream certificate_file("server/spt_credential.p12.enc"); + ASSERT_TRUE(certificate_file.is_open()) + << "Could not open certificate data file"; + + const std::string certificate( + (std::istreambuf_iterator<char>(certificate_file)), + std::istreambuf_iterator<char>()); + ASSERT_FALSE(certificate.empty()) << "Certificate data file is empty"; + certificate_data_base64_ = certificate; } - static void TearDownTestCase() { - crypto_manager->Finish(); - client_manager->Finish(); - delete crypto_manager; - delete client_manager; + void SetUp() OVERRIDE { + ASSERT_FALSE(certificate_data_base64_.empty()); + mock_security_manager_settings_ = + new NiceMock<security_manager_test::MockCryptoManagerSettings>(); + utils::SharedPtr<security_manager::CryptoManagerSettings> scrypto = + utils::SharedPtr<security_manager::CryptoManagerSettings>:: + static_pointer_cast<security_manager::CryptoManagerSettings>( + mock_security_manager_settings_); + crypto_manager_ = new security_manager::CryptoManagerImpl(scrypto); } - virtual void SetUp() { - server_ctx = crypto_manager->CreateSSLContext(); - client_ctx = client_manager->CreateSSLContext(); + void TearDown() OVERRIDE { + delete mock_security_manager_settings_; + testing::Mock::AsyncVerifyAndClearExpectations(1000); } - virtual void TearDown() { - crypto_manager->ReleaseSSLContext(server_ctx); - client_manager->ReleaseSSLContext(client_ctx); + void InitSecurityManager() { + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_2, kAllCiphers); + const bool crypto_manager_initialization = crypto_manager_->Init(); + ASSERT_TRUE(crypto_manager_initialization); } - static security_manager::CryptoManager* crypto_manager; - static security_manager::CryptoManager* client_manager; - security_manager::SSLContext *server_ctx; - security_manager::SSLContext *client_ctx; -}; + void SetInitialValues(security_manager::Mode mode, + security_manager::Protocol protocol, + const std::string& cipher) { + ON_CALL(*mock_security_manager_settings_, security_manager_mode()) + .WillByDefault(Return(mode)); + ON_CALL(*mock_security_manager_settings_, security_manager_protocol_name()) + .WillByDefault(Return(protocol)); + ON_CALL(*mock_security_manager_settings_, certificate_data()) + .WillByDefault(ReturnRef(certificate_data_base64_)); + ON_CALL(*mock_security_manager_settings_, ciphers_list()) + .WillByDefault(ReturnRef(cipher)); + ON_CALL(*mock_security_manager_settings_, ca_cert_path()) + .WillByDefault(ReturnRef(kCaCertPath)); + ON_CALL(*mock_security_manager_settings_, verify_peer()) + .WillByDefault(Return(false)); + } + + security_manager::CryptoManager* crypto_manager_; + static std::string certificate_data_base64_; -security_manager::CryptoManager* SSLTest::crypto_manager; -security_manager::CryptoManager* SSLTest::client_manager; + NiceMock<security_manager_test::MockCryptoManagerSettings>* + mock_security_manager_settings_; +}; +std::string CryptoManagerTest::certificate_data_base64_; -TEST(CryptoManagerTest, UsingBeforeInit) { - security_manager::CryptoManager *crypto_manager = new security_manager::CryptoManagerImpl(); - EXPECT_TRUE(crypto_manager->CreateSSLContext() == NULL); - EXPECT_EQ(crypto_manager->LastError(), std::string ("Initialization is not completed")); - delete crypto_manager; +TEST_F(CryptoManagerTest, UsingBeforeInit) { + EXPECT_TRUE(crypto_manager_->CreateSSLContext() == NULL); + EXPECT_EQ(std::string("Initialization is not completed"), + crypto_manager_->LastError()); } -TEST(CryptoManagerTest, WrongInit) { - security_manager::CryptoManager *crypto_manager = new security_manager::CryptoManagerImpl(); +TEST_F(CryptoManagerTest, WrongInit) { + // We have to cast (-1) to security_manager::Protocol Enum to be accepted by + // crypto_manager_->Init(...) + // Unknown protocol version + security_manager::Protocol UNKNOWN = + static_cast<security_manager::Protocol>(-1); - //We have to cast (-1) to security_manager::Protocol Enum to be accepted by crypto_manager->Init(...) - security_manager::Protocol UNKNOWN = static_cast<security_manager::Protocol>(-1); + EXPECT_CALL(*mock_security_manager_settings_, security_manager_mode()) + .WillRepeatedly(Return(security_manager::SERVER)); + EXPECT_CALL(*mock_security_manager_settings_, + security_manager_protocol_name()).WillOnce(Return(UNKNOWN)); + EXPECT_FALSE(crypto_manager_->Init()); - // Unknown protocol version - EXPECT_FALSE(crypto_manager->Init(security_manager::SERVER, UNKNOWN, - "mycert.pem", "mykey.pem", FORD_CIPHER, false)); - - EXPECT_FALSE(crypto_manager->LastError().empty()); - // Unexistent cert file - EXPECT_FALSE(crypto_manager->Init(security_manager::SERVER, security_manager::TLSv1_2, - "unexists_file.pem", "mykey.pem", FORD_CIPHER, false)); - EXPECT_FALSE(crypto_manager->LastError().empty()); - // Unexistent key file - EXPECT_FALSE(crypto_manager->Init(security_manager::SERVER, security_manager::TLSv1_2, - "mycert.pem", "unexists_file.pem", FORD_CIPHER, false)); - EXPECT_FALSE(crypto_manager->LastError().empty()); + EXPECT_NE(std::string(), crypto_manager_->LastError()); // Unexistent cipher value - EXPECT_FALSE(crypto_manager->Init(security_manager::SERVER, security_manager::TLSv1_2, - "mycert.pem", "mykey.pem", "INVALID_UNKNOWN_CIPHER", false)); - EXPECT_FALSE(crypto_manager->LastError().empty()); + const std::string invalid_cipher = "INVALID_UNKNOWN_CIPHER"; + EXPECT_CALL(*mock_security_manager_settings_, + security_manager_protocol_name()) + .WillOnce(Return(security_manager::TLSv1_2)); + EXPECT_CALL(*mock_security_manager_settings_, certificate_data()) + .WillOnce(ReturnRef(certificate_data_base64_)); + EXPECT_CALL(*mock_security_manager_settings_, ciphers_list()) + .WillRepeatedly(ReturnRef(invalid_cipher)); + EXPECT_FALSE(crypto_manager_->Init()); + + EXPECT_NE(std::string(), crypto_manager_->LastError()); +} - delete crypto_manager; +// #ifndef __QNXNTO__ +TEST_F(CryptoManagerTest, CorrectInit) { + // Empty cert and key values for SERVER + SetInitialValues( + security_manager::SERVER, security_manager::TLSv1_2, kFordCipher); + EXPECT_TRUE(crypto_manager_->Init()); + + // Recall init + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_2, kFordCipher); + EXPECT_TRUE(crypto_manager_->Init()); + + // Recall init with other protocols + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_2, kFordCipher); + EXPECT_TRUE(crypto_manager_->Init()); + + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_1, kFordCipher); + EXPECT_TRUE(crypto_manager_->Init()); + + // Cipher value + SetInitialValues( + security_manager::SERVER, security_manager::TLSv1_2, kAllCiphers); + EXPECT_TRUE(crypto_manager_->Init()); } +// #endif // __QNX__ -//TEST(CryptoManagerTest, CorrectInit) { -// security_manager::CryptoManager *crypto_manager = new security_manager::CryptoManagerImpl(); -// // Empty cert and key values for SERVER -// EXPECT_TRUE(crypto_manager->Init(security_manager::SERVER, security_manager::TLSv1_2, -// "", "", FORD_CIPHER, false)); -// EXPECT_TRUE(crypto_manager->LastError().empty()); -// // Recall init -// EXPECT_TRUE(crypto_manager->Init(security_manager::CLIENT, security_manager::TLSv1_2, -// "", "", FORD_CIPHER, false)); -// EXPECT_TRUE(crypto_manager->LastError().empty()); -// // Recall init with other protocols -// EXPECT_TRUE(crypto_manager->Init(security_manager::CLIENT, security_manager::TLSv1_1, -// "", "", FORD_CIPHER, false)); -// EXPECT_TRUE(crypto_manager->LastError().empty()); -// EXPECT_TRUE(crypto_manager->Init(security_manager::CLIENT, security_manager::TLSv1, -// "", "", FORD_CIPHER, false)); -// EXPECT_TRUE(crypto_manager->LastError().empty()); - -// // Cipher value -// EXPECT_TRUE(crypto_manager->Init(security_manager::SERVER, security_manager::TLSv1_2, -// "mycert.pem", "mykey.pem", ALL_CIPHERS, false)); -// EXPECT_TRUE(crypto_manager->LastError().empty()); -// delete crypto_manager; -//} - -TEST(CryptoManagerTest, ReleaseNull) { - using security_manager::CryptoManager; - using security_manager::CryptoManagerImpl; - - CryptoManager *cm = new CryptoManagerImpl(); - EXPECT_NO_THROW(cm->ReleaseSSLContext(NULL)); - delete cm; +TEST_F(CryptoManagerTest, ReleaseSSLContext_Null) { + EXPECT_NO_THROW(crypto_manager_->ReleaseSSLContext(NULL)); } -TEST_F(SSLTest, BrokenHandshake) { - const uint8_t *server_buf; - const uint8_t *client_buf; - size_t server_buf_len; - size_t client_buf_len; - ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&client_buf, - &client_buf_len)); - ASSERT_FALSE(client_buf == NULL); - ASSERT_GT(client_buf_len, 0u); - // Broke 3 bytes for get abnormal fail of handshake - const_cast<uint8_t*>(client_buf)[0] ^= 0xFF; - const_cast<uint8_t*>(client_buf)[client_buf_len / 2] ^= 0xFF; - const_cast<uint8_t*>(client_buf)[client_buf_len - 1] ^= 0xFF; - ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - server_ctx->DoHandshakeStep(client_buf, - client_buf_len, - &server_buf, - &server_buf_len)); +TEST_F(CryptoManagerTest, CreateReleaseSSLContext) { + const size_t max_payload_size = 1000u; + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_2, kAllCiphers); + EXPECT_TRUE(crypto_manager_->Init()); + EXPECT_CALL(*mock_security_manager_settings_, security_manager_mode()) + .Times(2) + .WillRepeatedly(Return(security_manager::CLIENT)); + EXPECT_CALL(*mock_security_manager_settings_, maximum_payload_size()) + .Times(1) + .WillRepeatedly(Return(max_payload_size)); + + security_manager::SSLContext* context = crypto_manager_->CreateSSLContext(); + EXPECT_TRUE(context); + EXPECT_NO_THROW(crypto_manager_->ReleaseSSLContext(context)); } -// TODO(EZamakhov): split to SSL/TLS1/1.1/1.2 tests -// TODO{ALeshin}: APPLINK-10846 -//TEST_F(SSLTest, Positive) { - -// const uint8_t *server_buf; -// const uint8_t *client_buf; -// size_t server_buf_len; -// size_t client_buf_len; -// ASSERT_EQ(client_ctx->StartHandshake(&client_buf, -// &client_buf_len), -// security_manager::SSLContext::Handshake_Result_Success); -// ASSERT_FALSE(client_buf == NULL); -// ASSERT_GT(client_buf_len, 0u); - -// for (;;) { -// ASSERT_EQ(server_ctx->DoHandshakeStep(client_buf, -// client_buf_len, -// &server_buf, -// &server_buf_len), -// security_manager::SSLContext::Handshake_Result_Success); -// ASSERT_FALSE(server_buf == NULL); -// ASSERT_GT(server_buf_len, 0u); - -// ASSERT_EQ(client_ctx->DoHandshakeStep(server_buf, -// server_buf_len, -// &client_buf, -// &client_buf_len), -// security_manager::SSLContext::Handshake_Result_Success); -// if (server_ctx->IsInitCompleted()) { -// break; -// } - -// ASSERT_FALSE(client_buf == NULL); -// ASSERT_GT(client_buf_len, 0u); -// } -// // expect empty buffers after init complete -// ASSERT_TRUE(client_buf == NULL); -// ASSERT_EQ(client_buf_len, 0u); -// // expect both side initialization complete -// EXPECT_TRUE(client_ctx->IsInitCompleted()); -// EXPECT_TRUE(server_ctx->IsInitCompleted()); - -// // Encrypt text on client side -// const uint8_t *text = reinterpret_cast<const uint8_t*>("abra"); -// const uint8_t *encrypted_text = 0; -// size_t text_len = 4; -// size_t encrypted_text_len; -// EXPECT_TRUE(client_ctx->Encrypt(text, text_len, &encrypted_text, &encrypted_text_len)); - -// ASSERT_NE(encrypted_text, (void*)NULL); -// ASSERT_GT(encrypted_text_len, 0u); - -// // Decrypt text on server side -// EXPECT_TRUE(server_ctx->Decrypt(encrypted_text, encrypted_text_len, &text, &text_len)); -// ASSERT_NE(text, (void*)NULL); -// ASSERT_GT(text_len, 0u); - -// ASSERT_EQ(strncmp(reinterpret_cast<const char*>(text), -// "abra", -// 4), 0); -//} - -//TODO{Aleshin}: APPLINK-10846 -//TEST_F(SSLTest, EcncryptionFail) { - -// const uint8_t *server_buf; -// const uint8_t *client_buf; -// size_t server_buf_len; -// size_t client_buf_len; -// ASSERT_EQ(client_ctx->StartHandshake(&client_buf, -// &client_buf_len), -// security_manager::SSLContext::Handshake_Result_Success); - -// while (!server_ctx->IsInitCompleted()) { -// ASSERT_FALSE(client_buf == NULL); -// ASSERT_GT(client_buf_len, 0u); -// ASSERT_EQ(server_ctx->DoHandshakeStep(client_buf, client_buf_len, -// &server_buf, &server_buf_len), -// security_manager::SSLContext::Handshake_Result_Success); -// ASSERT_FALSE(server_buf == NULL); -// ASSERT_GT(server_buf_len, 0u); - -// ASSERT_EQ(client_ctx->DoHandshakeStep(server_buf, server_buf_len, -// &client_buf, &client_buf_len), -// security_manager::SSLContext::Handshake_Result_Success); -// } -// // expect empty buffers after init complete -// ASSERT_TRUE(client_buf == NULL); -// ASSERT_EQ(client_buf_len, 0u); -// // expect both side initialization complete -// EXPECT_TRUE(client_ctx->IsInitCompleted()); -// EXPECT_TRUE(server_ctx->IsInitCompleted()); - -// // Encrypt text on client side -// const uint8_t *text = reinterpret_cast<const uint8_t*>("abra"); -// const uint8_t *encrypted_text = 0; -// size_t text_len = 4; -// size_t encrypted_text_len; -// EXPECT_TRUE(client_ctx->Encrypt(text, text_len, &encrypted_text, &encrypted_text_len)); -// ASSERT_NE(encrypted_text, (void*)NULL); -// ASSERT_GT(encrypted_text_len, 0u); - -// std::vector<uint8_t> broken(encrypted_text, encrypted_text + encrypted_text_len); -// // Broke message -// broken[encrypted_text_len / 2] ^= 0xFF; - -// const uint8_t *out_text; -// size_t out_text_size; -// // Decrypt broken text on server side -// EXPECT_FALSE(server_ctx->Decrypt(&broken[0], broken.size(), &out_text, &out_text_size)); - -// // Check after broken message that server encryption and decryption fail -// // Encrypte message on server side -// EXPECT_FALSE(server_ctx->Decrypt(encrypted_text, encrypted_text_len, &out_text, &out_text_size)); -// EXPECT_FALSE(server_ctx->Encrypt(text, text_len, &encrypted_text, &encrypted_text_len)); -//} +TEST_F(CryptoManagerTest, OnCertificateUpdated) { + InitSecurityManager(); + EXPECT_TRUE(crypto_manager_->OnCertificateUpdated(certificate_data_base64_)); +} -/* - TEST_F(SSLTest, DISABLED_BadData) { - using security_manager::LastError; - int res = 0; - - uint8_t *outBuf = new uint8_t[1024 * 1024]; - const uint8_t *inBuf; - - for(;;) { - res = SSL_do_handshake(connection); - if (res >= 0) { - break; - } - - if (isErrorFatal(connection, res)) { - break; - } - - size_t outLen = BIO_ctrl_pending(bioOut); - if (outLen) { - BIO_read(bioOut, outBuf, outLen); - } - size_t inLen; - server_ctx->DoHandshakeStep(outBuf, outLen, &inBuf, &inLen); - EXPECT_TRUE(inBuf != NULL); - - if (inLen) { - BIO_write(bioIn, inBuf, inLen); - } - } - delete[] outBuf; - - EXPECT_EQ(res, 1); - - BIO *bioF = BIO_new(BIO_f_ssl()); - BIO_set_ssl(bioF, connection, BIO_NOCLOSE); - - const char *text = "Hello, it's the text to be encrypted"; - uint8_t *encryptedText = new uint8_t[1024]; - const uint8_t *decryptedText; - size_t text_len; - - // Encrypt text on client side - BIO_write(bioF, text, sizeof(text)); - text_len = BIO_ctrl_pending(bioOut); - size_t len = BIO_read(bioOut, encryptedText, text_len); - - // Make improvements - encryptedText[len / 3] ^= 0x80; - - // Decrypt text on server - server_ctx->Decrypt(encryptedText, len, &decryptedText, &text_len); - - delete[] encryptedText; - - EXPECT_FALSE(decryptedText == NULL); - EXPECT_GT(LastError().length(), 0u); - delete[] encryptedText; - } - - - - TEST_F(SSLTest, Positive2) { - using security_manager::LastError; - int res = 0; - - uint8_t *outBuf = new uint8_t[1024 * 1024]; - const uint8_t *inBuf; - - for(;;) { - res = SSL_do_handshake(connection); - if (res >= 0) { - break; - } - - if (isErrorFatal(connection, res)) { - break; - } - - size_t outLen = BIO_ctrl_pending(bioOut); - if (outLen) { - BIO_read(bioOut, outBuf, outLen); - } - size_t inLen; - server_ctx->DoHandshakeStep(outBuf, outLen, &inBuf, &inLen); - EXPECT_TRUE(inBuf != NULL); - - if (inLen) { - BIO_write(bioIn, inBuf, inLen); - } - } - delete[] outBuf; - - EXPECT_EQ(res, 1); - - EXPECT_NE(SSL_is_init_finished(connection), 0u); - - BIO *bioF = BIO_new(BIO_f_ssl()); - BIO_set_ssl(bioF, connection, BIO_NOCLOSE); - - const int N =1000; - int last_max = 0; - int min_oh = N , max_oh = 0; - for (int l = 1; l < N; ++l) { - char *text = new char[l+1]; - text[l]='\0'; - uint8_t *encryptedText = new uint8_t[1024*N]; - const uint8_t *decryptedText; - size_t text_len; - // Encrypt text on client side - BIO_write(bioF, text, l); - text_len = BIO_ctrl_pending(bioOut); - size_t len = BIO_read(bioOut, encryptedText, text_len); - const int temp = len - l; - min_oh = temp < min_oh ? temp : min_oh; - max_oh = temp > max_oh ? temp : max_oh; - if (last_max < len) { - std::cout << l << "->" << len; - if (l > 1) { - std::cout << ", last overhead = " << last_max << "-" << l-1 - << " = " << last_max - (l - 1) << "bytes || "; - std::cout << " overhead = " << len << "-" << l - << " = " << len - l << "bytes"; - } - std::cout << std::endl; - last_max = len; - - // Decrypt text on server - server_ctx->Decrypt(encryptedText, len, &decryptedText, &text_len); - const_cast<uint8_t*>(decryptedText)[text_len] = 0; - - EXPECT_TRUE(decryptedText != NULL); - EXPECT_EQ(strcmp(reinterpret_cast<const char*>(decryptedText), text), 0u); - delete[] text; - } - std::cout << " min = " << min_oh << ", max = " << max_oh << std::endl; - } - //*/ +TEST_F(CryptoManagerTest, OnCertificateUpdated_UpdateNotRequired) { + size_t updates_before = 0; + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_2, kAllCiphers); + ASSERT_TRUE(crypto_manager_->Init()); + + EXPECT_CALL(*mock_security_manager_settings_, update_before_hours()) + .WillOnce(Return(updates_before)); + + EXPECT_FALSE(crypto_manager_->IsCertificateUpdateRequired()); + size_t max_updates_ = std::numeric_limits<size_t>::max(); + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_2, kAllCiphers); + EXPECT_CALL(*mock_security_manager_settings_, update_before_hours()) + .WillOnce(Return(max_updates_)); + ASSERT_TRUE(crypto_manager_->Init()); + + EXPECT_TRUE(crypto_manager_->IsCertificateUpdateRequired()); } - // namespace crypto_manager_test -} // namespace components -} // namespace test +TEST_F(CryptoManagerTest, OnCertificateUpdated_NotInitialized) { + EXPECT_FALSE(crypto_manager_->OnCertificateUpdated(certificate_data_base64_)); +} + +TEST_F(CryptoManagerTest, OnCertificateUpdated_NullString) { + InitSecurityManager(); + EXPECT_FALSE(crypto_manager_->OnCertificateUpdated(std::string())); +} + +TEST_F(CryptoManagerTest, OnCertificateUpdated_MalformedSign) { + InitSecurityManager(); + // Corrupt the middle symbol + certificate_data_base64_[certificate_data_base64_.size() / 2] = '?'; + + EXPECT_FALSE(crypto_manager_->OnCertificateUpdated(certificate_data_base64_)); +} + +TEST_F(CryptoManagerTest, OnCertificateUpdated_WrongInitFolder) { + SetInitialValues( + security_manager::CLIENT, security_manager::TLSv1_2, kAllCiphers); + ASSERT_TRUE(crypto_manager_->Init()); + + const std::string certificate = "wrong_data"; + ASSERT_FALSE(certificate.empty()); + + EXPECT_FALSE(crypto_manager_->OnCertificateUpdated(certificate)); +} + +} // namespace crypto_manager_test +} // namespace components +} // namespace test |