diff options
Diffstat (limited to 'src/components/security_manager/test/ssl_context_test.cc')
-rw-r--r-- | src/components/security_manager/test/ssl_context_test.cc | 174 |
1 files changed, 101 insertions, 73 deletions
diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index a77cd98b27..6082a1b62b 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -49,7 +49,6 @@ using ::testing::ReturnRef; using ::testing::NiceMock; namespace { -const size_t kUpdatesBeforeHour = 24; const std::string kCaPath = ""; const uint8_t* kServerBuf; const uint8_t* kClientBuf; @@ -70,19 +69,19 @@ namespace ssl_context_test { namespace custom_str = utils::custom_string; struct ProtocolAndCipher { - security_manager::Protocol server_protocol; - security_manager::Protocol client_protocol; - std::string server_ciphers_list; - std::string client_ciphers_list; + security_manager::Protocol server_protocol_; + security_manager::Protocol client_protocol_; + std::string server_ciphers_list_; + std::string client_ciphers_list_; ProtocolAndCipher(security_manager::Protocol s_protocol, security_manager::Protocol c_protocol, std::string s_ciphers_list, std::string c_ciphers_list) - : server_protocol(s_protocol) - , client_protocol(c_protocol) - , server_ciphers_list(s_ciphers_list) - , client_ciphers_list(c_ciphers_list) {} + : server_protocol_(s_protocol) + , client_protocol_(c_protocol) + , server_ciphers_list_(s_ciphers_list) + , client_ciphers_list_(c_ciphers_list) {} }; class SSLTest : public testing::Test { @@ -127,6 +126,12 @@ class SSLTest : public testing::Test { .WillRepeatedly(ReturnRef(kCaPath)); EXPECT_CALL(*mock_crypto_manager_settings_, verify_peer()) .WillOnce(Return(false)); + + ON_CALL(*mock_crypto_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_crypto_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + const bool crypto_manager_initialization = crypto_manager_->Init(); EXPECT_TRUE(crypto_manager_initialization); @@ -150,6 +155,12 @@ class SSLTest : public testing::Test { .WillRepeatedly(ReturnRef(kCaPath)); EXPECT_CALL(*mock_client_manager_settings_, verify_peer()) .WillOnce(Return(false)); + + ON_CALL(*mock_client_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_client_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); + const bool client_manager_initialization = client_manager_->Init(); EXPECT_TRUE(client_manager_initialization); @@ -159,19 +170,19 @@ class SSLTest : public testing::Test { .WillByDefault(Return(kMaximumPayloadSize)); EXPECT_CALL(*mock_crypto_manager_settings_, security_manager_mode()) .WillRepeatedly(Return(security_manager::SERVER)); - server_ctx = crypto_manager_->CreateSSLContext(); + server_ctx_ = crypto_manager_->CreateSSLContext(); EXPECT_CALL(*mock_client_manager_settings_, security_manager_mode()) .Times(2) .WillRepeatedly(Return(security_manager::CLIENT)); - client_ctx = client_manager_->CreateSSLContext(); + client_ctx_ = client_manager_->CreateSSLContext(); using custom_str::CustomString; security_manager::SSLContext::HandshakeContext ctx(CustomString("SPT"), CustomString("client")); - server_ctx->SetHandshakeContext(ctx); + server_ctx_->SetHandshakeContext(ctx); ctx.expected_cn = "server"; - client_ctx->SetHandshakeContext(ctx); + client_ctx_->SetHandshakeContext(ctx); kServerBuf = NULL; kClientBuf = NULL; @@ -180,8 +191,8 @@ class SSLTest : public testing::Test { } void TearDown() OVERRIDE { - crypto_manager_->ReleaseSSLContext(server_ctx); - client_manager_->ReleaseSSLContext(client_ctx); + crypto_manager_->ReleaseSSLContext(server_ctx_); + client_manager_->ReleaseSSLContext(client_ctx_); delete crypto_manager_; delete client_manager_; @@ -194,11 +205,14 @@ class SSLTest : public testing::Test { mock_crypto_manager_settings_; utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_client_manager_settings_; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::SSLContext* server_ctx_; + security_manager::SSLContext* client_ctx_; static std::string client_certificate_data_base64_; static std::string server_certificate_data_base64_; + + const std::vector<int> forced_unprotected_service_; + const std::vector<int> forced_protected_service_; }; std::string SSLTest::client_certificate_data_base64_; std::string SSLTest::server_certificate_data_base64_; @@ -222,37 +236,37 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { NiceMock<security_manager_test::MockCryptoManagerSettings> >(); utils::SharedPtr<security_manager::CryptoManagerSettings> server_crypto( mock_crypto_manager_settings_); - crypto_manager = new security_manager::CryptoManagerImpl(server_crypto); + crypto_manager_ = new security_manager::CryptoManagerImpl(server_crypto); - SetServerInitialValues(GetParam().server_protocol, - GetParam().server_ciphers_list); + SetServerInitialValues(GetParam().server_protocol_, + GetParam().server_ciphers_list_); - const bool crypto_manager_initialization = crypto_manager->Init(); - ASSERT_TRUE(crypto_manager_initialization); + const bool crypto_manager_initialization = crypto_manager_->Init(); + EXPECT_TRUE(crypto_manager_initialization); mock_client_manager_settings_ = utils::MakeShared< NiceMock<security_manager_test::MockCryptoManagerSettings> >(); utils::SharedPtr<security_manager::CryptoManagerSettings> client_crypto( mock_client_manager_settings_); - client_manager = new security_manager::CryptoManagerImpl(client_crypto); + client_manager_ = new security_manager::CryptoManagerImpl(client_crypto); - SetClientInitialValues(GetParam().client_protocol, - GetParam().client_ciphers_list); + SetClientInitialValues(GetParam().client_protocol_, + GetParam().client_ciphers_list_); - const bool client_manager_initialization = client_manager->Init(); - ASSERT_TRUE(client_manager_initialization); + const bool client_manager_initialization = client_manager_->Init(); + EXPECT_TRUE(client_manager_initialization); - server_ctx = crypto_manager->CreateSSLContext(); - client_ctx = client_manager->CreateSSLContext(); + server_ctx_ = crypto_manager_->CreateSSLContext(); + client_ctx_ = client_manager_->CreateSSLContext(); using custom_str::CustomString; security_manager::SSLContext::HandshakeContext ctx(CustomString("SPT"), CustomString("client")); - server_ctx->SetHandshakeContext(ctx); + server_ctx_->SetHandshakeContext(ctx); ctx.expected_cn = "server"; - client_ctx->SetHandshakeContext(ctx); + client_ctx_->SetHandshakeContext(ctx); kServerBuf = NULL; kClientBuf = NULL; @@ -261,18 +275,19 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { } void TearDown() OVERRIDE { - if (crypto_manager) { - crypto_manager->ReleaseSSLContext(server_ctx); - } - if (client_manager) { - client_manager->ReleaseSSLContext(client_ctx); - } - delete crypto_manager; - delete client_manager; + crypto_manager_->ReleaseSSLContext(server_ctx_); + client_manager_->ReleaseSSLContext(client_ctx_); + + delete crypto_manager_; + delete client_manager_; } void SetServerInitialValues(security_manager::Protocol protocol, const std::string& server_ciphers_list) { + ON_CALL(*mock_crypto_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_crypto_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); ON_CALL(*mock_crypto_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::SERVER)); ON_CALL(*mock_crypto_manager_settings_, security_manager_protocol_name()) @@ -286,8 +301,13 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { ON_CALL(*mock_crypto_manager_settings_, verify_peer()) .WillByDefault(Return(false)); } + void SetClientInitialValues(security_manager::Protocol protocol, const std::string& client_ciphers_list) { + ON_CALL(*mock_client_manager_settings_, force_unprotected_service()) + .WillByDefault(ReturnRef(forced_unprotected_service_)); + ON_CALL(*mock_client_manager_settings_, force_protected_service()) + .WillByDefault(ReturnRef(forced_protected_service_)); ON_CALL(*mock_client_manager_settings_, security_manager_mode()) .WillByDefault(Return(security_manager::CLIENT)); ON_CALL(*mock_client_manager_settings_, security_manager_protocol_name()) @@ -306,11 +326,13 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { mock_crypto_manager_settings_; utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_client_manager_settings_; - security_manager::CryptoManager* crypto_manager = NULL; - security_manager::CryptoManager* client_manager = NULL; - security_manager::SSLContext* server_ctx = NULL; - security_manager::SSLContext* client_ctx = NULL; + security_manager::CryptoManager* crypto_manager_; + security_manager::CryptoManager* client_manager_; + security_manager::SSLContext* server_ctx_; + security_manager::SSLContext* client_ctx_; std::string certificate_data_base64_; + const std::vector<int> forced_unprotected_service_; + const std::vector<int> forced_protected_service_; }; class SSLTestForTLS1_2 : public SSLTestParam {}; @@ -332,8 +354,13 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::SSLv3, security_manager::SSLv3, kFordCipher, - kFordCipher) + kFordCipher) #endif + , + ProtocolAndCipher(security_manager::DTLSv1, + security_manager::DTLSv1, + kFordCipher, + kFordCipher))); )); INSTANTIATE_TEST_CASE_P( @@ -382,7 +409,7 @@ INSTANTIATE_TEST_CASE_P( TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); ASSERT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); // Broke 3 bytes for get abnormal fail of handshake @@ -390,26 +417,26 @@ TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { const_cast<uint8_t*>(kClientBuf)[client_buf_len / 2] ^= 0xFF; const_cast<uint8_t*>(kClientBuf)[client_buf_len - 1] ^= 0xFF; ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); - EXPECT_EQ("Initialization is not completed", server_ctx->LastError()); - EXPECT_EQ("Initialization is not completed", client_ctx->LastError()); + EXPECT_EQ("Initialization is not completed", server_ctx_->LastError()); + EXPECT_EQ("Initialization is not completed", client_ctx_->LastError()); } // TODO {AKozoriz} : Unexpected uncomplited init of SSL component. // In this and next tests. // Must be fixed after merge to develop. TEST_F(SSLTest, OnTSL2Protocol_Positive) { - ASSERT_EQ(client_ctx->StartHandshake(&kClientBuf, &client_buf_len), + ASSERT_EQ(client_ctx_->StartHandshake(&kClientBuf, &client_buf_len), security_manager::SSLContext::Handshake_Result_Success); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); while (true) { ASSERT_TRUE(NULL != kClientBuf); ASSERT_LT(0u, client_buf_len); const security_manager::SSLContext::HandshakeResult server_result = - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, server_result); @@ -417,11 +444,11 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { ASSERT_LT(0u, server_buf_len); const security_manager::SSLContext::HandshakeResult client_result = - client_ctx->DoHandshakeStep( + client_ctx_->DoHandshakeStep( kServerBuf, server_buf_len, &kClientBuf, &client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, client_result); - if (server_ctx->IsInitCompleted()) { + if (server_ctx_->IsInitCompleted()) { break; } @@ -432,22 +459,22 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { ASSERT_TRUE(NULL == kClientBuf); ASSERT_EQ(0u, client_buf_len); // expect both side initialization complete - EXPECT_TRUE(client_ctx->IsInitCompleted()); - EXPECT_TRUE(server_ctx->IsInitCompleted()); + EXPECT_TRUE(client_ctx_->IsInitCompleted()); + EXPECT_TRUE(server_ctx_->IsInitCompleted()); // Encrypt text on client side const uint8_t* text = reinterpret_cast<const uint8_t*>("abra"); const uint8_t* encrypted_text = 0; size_t text_len = 4; size_t encrypted_text_len; - EXPECT_TRUE(client_ctx->Encrypt( + EXPECT_TRUE(client_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), encrypted_text); ASSERT_LT(0u, encrypted_text_len); // Decrypt text on server side - EXPECT_TRUE(server_ctx->Decrypt( + EXPECT_TRUE(server_ctx_->Decrypt( encrypted_text, encrypted_text_len, &text, &text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), text); ASSERT_LT(0u, text_len); @@ -457,34 +484,34 @@ TEST_F(SSLTest, OnTSL2Protocol_Positive) { TEST_F(SSLTest, OnTSL2Protocol_EcncryptionFail) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); - while (!server_ctx->IsInitCompleted()) { + while (!server_ctx_->IsInitCompleted()) { ASSERT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); ASSERT_FALSE(NULL == kServerBuf); ASSERT_LT(0u, server_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->DoHandshakeStep( + client_ctx_->DoHandshakeStep( kServerBuf, server_buf_len, &kClientBuf, &client_buf_len)); } // Expect empty buffers after init complete ASSERT_TRUE(NULL == kClientBuf); ASSERT_EQ(0u, client_buf_len); // Expect both side initialization complete - EXPECT_TRUE(client_ctx->IsInitCompleted()); - EXPECT_TRUE(server_ctx->IsInitCompleted()); + EXPECT_TRUE(client_ctx_->IsInitCompleted()); + EXPECT_TRUE(server_ctx_->IsInitCompleted()); // Encrypt text on client side const uint8_t* text = reinterpret_cast<const uint8_t*>("abra"); const uint8_t* encrypted_text = 0; size_t text_len = 4; size_t encrypted_text_len; - EXPECT_TRUE(client_ctx->Encrypt( + EXPECT_TRUE(client_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); ASSERT_NE(reinterpret_cast<void*>(NULL), encrypted_text); ASSERT_LT(0u, encrypted_text_len); @@ -497,29 +524,30 @@ TEST_F(SSLTest, OnTSL2Protocol_EcncryptionFail) { const uint8_t* out_text; size_t out_text_size; // Decrypt broken text on server side - EXPECT_FALSE(server_ctx->Decrypt( + EXPECT_FALSE(server_ctx_->Decrypt( &broken[0], broken.size(), &out_text, &out_text_size)); // Check after broken message that server encryption and decryption fail // Encrypte message on server side - EXPECT_FALSE(server_ctx->Decrypt( + EXPECT_FALSE(server_ctx_->Decrypt( encrypted_text, encrypted_text_len, &out_text, &out_text_size)); - EXPECT_FALSE(server_ctx->Encrypt( + EXPECT_FALSE(server_ctx_->Encrypt( text, text_len, &encrypted_text, &encrypted_text_len)); } TEST_P(SSLTestParam, ClientAndServerNotTLSv1_2_HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); + EXPECT_TRUE(NULL == kClientBuf); EXPECT_EQ(0u, client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); EXPECT_TRUE(NULL == kServerBuf); EXPECT_EQ(0u, server_buf_len); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); } INSTANTIATE_TEST_CASE_P( @@ -544,16 +572,16 @@ INSTANTIATE_TEST_CASE_P( TEST_P(SSLTestForTLS1_2, HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, - client_ctx->StartHandshake(&kClientBuf, &client_buf_len)); + client_ctx_->StartHandshake(&kClientBuf, &client_buf_len)); EXPECT_FALSE(NULL == kClientBuf); ASSERT_LT(0u, client_buf_len); ASSERT_EQ(security_manager::SSLContext::Handshake_Result_AbnormalFail, - server_ctx->DoHandshakeStep( + server_ctx_->DoHandshakeStep( kClientBuf, client_buf_len, &kServerBuf, &server_buf_len)); EXPECT_TRUE(NULL == kServerBuf); EXPECT_EQ(0u, server_buf_len); - EXPECT_FALSE(server_ctx->IsInitCompleted()); + EXPECT_FALSE(server_ctx_->IsInitCompleted()); } } // namespace ssl_context_test |