18e920a95Sopenharmony_ci/* 28e920a95Sopenharmony_ci * Copyright (c) 2024-2024 Huawei Device Co., Ltd. 38e920a95Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 48e920a95Sopenharmony_ci * you may not use this file except in compliance with the License. 58e920a95Sopenharmony_ci * You may obtain a copy of the License at 68e920a95Sopenharmony_ci * 78e920a95Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 88e920a95Sopenharmony_ci * 98e920a95Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 108e920a95Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 118e920a95Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 128e920a95Sopenharmony_ci * See the License for the specific language governing permissions and 138e920a95Sopenharmony_ci * limitations under the License. 148e920a95Sopenharmony_ci */ 158e920a95Sopenharmony_ci 168e920a95Sopenharmony_ci#include <cstdlib> 178e920a95Sopenharmony_ci#include <fcntl.h> 188e920a95Sopenharmony_ci#include <gtest/gtest.h> 198e920a95Sopenharmony_ci#include <string> 208e920a95Sopenharmony_ci#include <openssl/pem.h> 218e920a95Sopenharmony_ci#include <openssl/x509.h> 228e920a95Sopenharmony_ci 238e920a95Sopenharmony_ci#include "access_token_setter.h" 248e920a95Sopenharmony_ci#include "byte_buffer.h" 258e920a95Sopenharmony_ci#include "huks_attest_verifier.h" 268e920a95Sopenharmony_ci#include "log.h" 278e920a95Sopenharmony_ci 288e920a95Sopenharmony_ciusing namespace OHOS::Security::CodeSign; 298e920a95Sopenharmony_ciusing namespace std; 308e920a95Sopenharmony_ciusing namespace testing::ext; 318e920a95Sopenharmony_ci 328e920a95Sopenharmony_cinamespace OHOS { 338e920a95Sopenharmony_cinamespace Security { 348e920a95Sopenharmony_cinamespace CodeSign { 358e920a95Sopenharmony_ciconst std::string SIGNING_CERT_CHAIN_PEM = 368e920a95Sopenharmony_ci"-----BEGIN CERTIFICATE-----\n" \ 378e920a95Sopenharmony_ci"MIIDgzCCAm2gAwIBAgIBATALBgkqhkiG9w0BAQswfzELMAkGA1UEBhMCQ04xEzAR\n" \ 388e920a95Sopenharmony_ci"BgNVBAgMCmhlbGxvd29ybGQxEzARBgNVBAoMCmhlbGxvd29ybGQxEzARBgNVBAsM\n" \ 398e920a95Sopenharmony_ci"CmhlbGxvd29ybGQxFjAUBgNVBAMMDWhlbGxvd29ybGQxMTExGTAXBgkqhkiG9w0B\n" \ 408e920a95Sopenharmony_ci"CQEWCmhlbGxvd29ybGQwHhcNMjQwODA5MDkzMDEyWhcNMzQwODA5MDkzMDEyWjAa\n" \ 418e920a95Sopenharmony_ci"MRgwFgYDVQQDEw9BIEtleW1hc3RlciBLZXkwWTATBgcqhkjOPQIBBggqhkjOPQMB\n" \ 428e920a95Sopenharmony_ci"BwNCAATJqTRIhGKhLmXuJbPI311/5gEljqPbpJpXNp6oe8dOmnyJ9SQQZmMomB5u\n" \ 438e920a95Sopenharmony_ci"lC5aZIoNrCuKHTAgY1PpNNcFSBBpo4IBPDCCATgwCwYDVR0PBAQDAgeAMAgGA1Ud\n" \ 448e920a95Sopenharmony_ci"HwQBADCCAR0GDCsGAQQBj1sCgngBAwSCAQswggEHAgEAMDQCAQAGDSsGAQQBj1sC\n" \ 458e920a95Sopenharmony_ci"gngCAQQEIOIC9EG2Dn3zqle0WWjiHwk2CIP3hJuPjjQwi7z4FaFFMCICAQIGDSsG\n" \ 468e920a95Sopenharmony_ci"AQQBj1sCgngCAQIEDkxPQ0FMX1NJR05fS0VZMFwCAQIGDSsGAQQBj1sCgngCAQMw\n" \ 478e920a95Sopenharmony_ci"SAYOKwYBBAGPWwKCeAIBAwEENnsicHJvY2Vzc05hbWUiOiJsb2NhbF9jb2RlX3Np\n" \ 488e920a95Sopenharmony_ci"Z24iLCJBUEwiOiJzeXN0ZW1fYmFzaWMifTAYAgECBg0rBgEEAY9bAoJ4AgELBAQA\n" \ 498e920a95Sopenharmony_ci"AAAAMBgCAQIGDSsGAQQBj1sCgngCAQUEBAIAAAAwFgIBAgYOKwYBBAGPWwKCeAIE\n" \ 508e920a95Sopenharmony_ci"AQUBAf8wCwYJKoZIhvcNAQELA4IBAQB8zqqeaXux3qkQF0GFax7I4YWtTpoeQeJU\n" \ 518e920a95Sopenharmony_ci"BjyMk/eGmeX+ZD9absOQDzH/wH6MddzPLjoaIuoR+oxDXn2yqQ5xyGQp6uN0E8IB\n" \ 528e920a95Sopenharmony_ci"OFCjeTbRBR86A+CulTGuitszOpfyKF7SvmzfGx+ij2OtQnZ7QZp+I2YEr1Jc4ESr\n" \ 538e920a95Sopenharmony_ci"xXXt0zPslidnf7qso+f09C6U9YOnaxISfjxEqFn25+yWX2tXBJ62L6R7+zpKU3ee\n" \ 548e920a95Sopenharmony_ci"0ljf4jYtlza7s5mYJ2+OHlwdXuF38cpS59cG48UpsL0DAqywqjs5uaGthkrWo2YB\n" \ 558e920a95Sopenharmony_ci"FlAL4bVfBj2FmcqNhz+j3dgLTNA3VczwkNbj/FIY1T+FDTqnsCED\n" \ 568e920a95Sopenharmony_ci"-----END CERTIFICATE-----"; 578e920a95Sopenharmony_ci 588e920a95Sopenharmony_ciconst std::string ISSUER_CERT_CHAIN_PEM = 598e920a95Sopenharmony_ci"-----BEGIN CERTIFICATE-----\n" \ 608e920a95Sopenharmony_ci"MIIDyzCCArOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJDTjET\n" \ 618e920a95Sopenharmony_ci"MBEGA1UECAwKaGVsbG93b3JsZDETMBEGA1UECgwKaGVsbG93b3JsZDETMBEGA1UE\n" \ 628e920a95Sopenharmony_ci"CwwKaGVsbG93b3JsZDEVMBMGA1UEAwwMaGVsbG93b3JsZDExMRkwFwYJKoZIhvcN\n" \ 638e920a95Sopenharmony_ci"AQkBFgpoZWxsb3dvcmxkMB4XDTIyMDEyMjA5MjUzM1oXDTMyMDEyMDA5MjUzM1ow\n" \ 648e920a95Sopenharmony_ci"fzELMAkGA1UEBhMCQ04xEzARBgNVBAgMCmhlbGxvd29ybGQxEzARBgNVBAoMCmhl\n" \ 658e920a95Sopenharmony_ci"bGxvd29ybGQxEzARBgNVBAsMCmhlbGxvd29ybGQxFjAUBgNVBAMMDWhlbGxvd29y\n" \ 668e920a95Sopenharmony_ci"bGQxMTExGTAXBgkqhkiG9w0BCQEWCmhlbGxvd29ybGQwggEiMA0GCSqGSIb3DQEB\n" \ 678e920a95Sopenharmony_ci"AQUAA4IBDwAwggEKAoIBAQC8HHhVEbY3uuriW3wAcAMFwIUd+VImAUKnWAYlsiHL\n" \ 688e920a95Sopenharmony_ci"Ps3BhpHHb67kjzP3rcQbZ2l1LSMWjoV8jXckVMOFqOlTlrYlGM3G80bVaWcEgw4c\n" \ 698e920a95Sopenharmony_ci"+nkSk+ApGmNUa69HK3h+5vfz81fVmJL1zX0VaYiA+wCzrFc1w5aGKhsFIcIY8FUo\n" \ 708e920a95Sopenharmony_ci"i15xrwAURQ+/EylzeF302qGwkCHYy4zQqn3ohku25rPLUOyOp6gJNs/3BVh76b9/\n" \ 718e920a95Sopenharmony_ci"1iTyP7ldDD7VV4UQCTDppFtrDQY/UrBhe9sPn0+6GWBfkkjz5n1aGE7JP2vmB3qM\n" \ 728e920a95Sopenharmony_ci"gxIpEkmVLVIxh6dwBOmtr+sT7xJ+UzmTWbbhNGCkzSPxAgMBAAGjUzBRMB0GA1Ud\n" \ 738e920a95Sopenharmony_ci"DgQWBBSDTqp6QOdxk9zF2H+7IGOckq/A1DAfBgNVHSMEGDAWgBRNYAEJlwxPOj5F\n" \ 748e920a95Sopenharmony_ci"B7M4mTsMpokRLzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB4\n" \ 758e920a95Sopenharmony_ci"CkKbJQWuC2pj0cS+zb4v8fRq8OPjRVPylqjHX4IMpmnl2VM0DkNXD0SYPC5IxkK4\n" \ 768e920a95Sopenharmony_ci"bgtglG0Rkr4blYf+PdNenbebWZvw4Y3JUoQgSasfdIA/rJXZtf3mVUNLmPlcRWZC\n" \ 778e920a95Sopenharmony_ci"OtGJmvlntp7/qWl7JCIaiD732baJU1DZchy3am2WWGpchBESBOtoSvdywG+T0xQQ\n" \ 788e920a95Sopenharmony_ci"cXzYQ+mHPsym30JCzChvZCKz+QJlIZUJ3XgoKH7MVviASXGcWLKOBYYUDt3J8/PM\n" \ 798e920a95Sopenharmony_ci"shbsqb+rm+VqU5ohV8Rr/nQ+QLvEFa8rrz7qY6/2QSbUy7QvFCv7MXFD1kCH92FL\n" \ 808e920a95Sopenharmony_ci"GwkmWDavM1kdVMXZmV54\n" \ 818e920a95Sopenharmony_ci"-----END CERTIFICATE-----"; 828e920a95Sopenharmony_ci 838e920a95Sopenharmony_ciconst std::string INTER_CA_CHAIN_PEM = 848e920a95Sopenharmony_ci"-----BEGIN CERTIFICATE-----\n" \ 858e920a95Sopenharmony_ci"MIID3zCCAsegAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCQ04x\n" \ 868e920a95Sopenharmony_ci"EzARBgNVBAgMCmhlbGxvd29ybGQxEzARBgNVBAcMCmhlbGxvd29ybGQxEzARBgNV\n" \ 878e920a95Sopenharmony_ci"BAoMCmhlbGxvd29ybGQxEzARBgNVBAsMCmhlbGxvd29ybGQxFDASBgNVBAMMC2hl\n" \ 888e920a95Sopenharmony_ci"bGxvd29ybGQxMRkwFwYJKoZIhvcNAQkBFgpoZWxsb3dvcmxkMB4XDTIyMDEyMjA5\n" \ 898e920a95Sopenharmony_ci"MjM0OFoXDTMyMDEyMDA5MjM0OFowfjELMAkGA1UEBhMCQ04xEzARBgNVBAgMCmhl\n" \ 908e920a95Sopenharmony_ci"bGxvd29ybGQxEzARBgNVBAoMCmhlbGxvd29ybGQxEzARBgNVBAsMCmhlbGxvd29y\n" \ 918e920a95Sopenharmony_ci"bGQxFTATBgNVBAMMDGhlbGxvd29ybGQxMTEZMBcGCSqGSIb3DQEJARYKaGVsbG93\n" \ 928e920a95Sopenharmony_ci"b3JsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTJF+SAh/ccmcxF\n" \ 938e920a95Sopenharmony_ci"+le0m8Wx7N9kclMYoUVGyJOPDv0L9kE/1hg9HEavCBWal9ZK69r+i1YiH18Y0F5o\n" \ 948e920a95Sopenharmony_ci"AuqP0teedDByPii8IaDquJKZ1hlMi13vPY1cgUcG77cKzC5TMlmNTLes0ddn9/lY\n" \ 958e920a95Sopenharmony_ci"4ajl4kgUr3bCEXlp4uhBQPYlntujctcjmEdMtcJQmhHpr2Js9cq2kZney59ae5kk\n" \ 968e920a95Sopenharmony_ci"LCzpFqpj7cunz5Rs3RZs1+Njw5oABS18qAy1CEBnecLOi6lIPvIckngBHduwczOM\n" \ 978e920a95Sopenharmony_ci"5YBBXeqOeNk7FWTiIf5MuXlqOSlZ57Wp8SqfDzwS49awwI9dvGpjgyGh3ZQA5TXX\n" \ 988e920a95Sopenharmony_ci"GGIsn5cCAwEAAaNTMFEwHQYDVR0OBBYEFE1gAQmXDE86PkUHsziZOwymiREvMB8G\n" \ 998e920a95Sopenharmony_ci"A1UdIwQYMBaAFJp3c+VFpGlC/r/UiPCozoH1UcgMMA8GA1UdEwEB/wQFMAMBAf8w\n" \ 1008e920a95Sopenharmony_ci"DQYJKoZIhvcNAQELBQADggEBAArLbWZWG3cHuCnMBGo28F0KVKctxjLVOCzDhKnH\n" \ 1018e920a95Sopenharmony_ci"IusLVqTnZ7AHeUU56NyoRfSRSIEJ2TNXkHO8MyxNN3lP4RapQavOvENLE99s269I\n" \ 1028e920a95Sopenharmony_ci"suLPCp3k6znJX1ZW7MIrSp7Bz+6rBTuh2H874H/BcvPXaCZB4X3Npjfu4tRcKEtS\n" \ 1038e920a95Sopenharmony_ci"JKdVmIlotjX1qM5eYHY5BDSR0MvRYvSlH7/wA9FEGJ8GHI7vaHxIMxf4+OOz+E4w\n" \ 1048e920a95Sopenharmony_ci"qKIZZfYeVBdEpZvfVGHRbS5dEofqc4NthlObTWlwAIhFgTzLqy8y2Y2jDWcJk91/\n" \ 1058e920a95Sopenharmony_ci"y9u8F1jQAuoemDCY5BalZ+Bn0eZQQHlXujwyZfoIK+oCuUo=\n" \ 1068e920a95Sopenharmony_ci"-----END CERTIFICATE-----"; 1078e920a95Sopenharmony_ci 1088e920a95Sopenharmony_ciconst uint8_t CHALLENGE[] = { 1098e920a95Sopenharmony_ci 0xe2, 0x2, 0xf4, 0x41, 0xb6, 0xe, 0x7d, 0xf3, 1108e920a95Sopenharmony_ci 0xaa, 0x57, 0xb4, 0x59, 0x68, 0xe2, 0x1f, 0x9, 1118e920a95Sopenharmony_ci 0x36, 0x8, 0x83, 0xf7, 0x84, 0x9b, 0x8f, 0x8e, 1128e920a95Sopenharmony_ci 0x34, 0x30, 0x8b, 0xbc, 0xf8, 0x15, 0xa1, 0x45 1138e920a95Sopenharmony_ci}; 1148e920a95Sopenharmony_ci 1158e920a95Sopenharmony_cistatic ByteBuffer g_issuerCert; 1168e920a95Sopenharmony_cistatic ByteBuffer g_signingCert; 1178e920a95Sopenharmony_cistatic ByteBuffer g_interCA; 1188e920a95Sopenharmony_cistatic ByteBuffer g_invalidCert; 1198e920a95Sopenharmony_cistatic ByteBuffer g_rootCA; 1208e920a95Sopenharmony_ci 1218e920a95Sopenharmony_cistatic inline uint8_t *CastToUint8Ptr(uint32_t *ptr) 1228e920a95Sopenharmony_ci{ 1238e920a95Sopenharmony_ci return reinterpret_cast<uint8_t *>(ptr); 1248e920a95Sopenharmony_ci} 1258e920a95Sopenharmony_ci 1268e920a95Sopenharmony_cistatic X509 *LoadPemString(const std::string &pemData) 1278e920a95Sopenharmony_ci{ 1288e920a95Sopenharmony_ci BIO *mem = BIO_new_mem_buf(pemData.c_str(), pemData.length()); 1298e920a95Sopenharmony_ci if (mem == nullptr) { 1308e920a95Sopenharmony_ci return nullptr; 1318e920a95Sopenharmony_ci } 1328e920a95Sopenharmony_ci 1338e920a95Sopenharmony_ci X509 *x509 = PEM_read_bio_X509(mem, nullptr, nullptr, nullptr); 1348e920a95Sopenharmony_ci EXPECT_NE(x509, nullptr); 1358e920a95Sopenharmony_ci BIO_free(mem); 1368e920a95Sopenharmony_ci return x509; 1378e920a95Sopenharmony_ci} 1388e920a95Sopenharmony_ci 1398e920a95Sopenharmony_civoid LoadDerFormPemString(const std::string &pemData, ByteBuffer &certBuffer) 1408e920a95Sopenharmony_ci{ 1418e920a95Sopenharmony_ci X509 *x509 = LoadPemString(pemData); 1428e920a95Sopenharmony_ci uint8_t *derTemp = nullptr; 1438e920a95Sopenharmony_ci int32_t derTempLen = i2d_X509(x509, &derTemp); 1448e920a95Sopenharmony_ci EXPECT_NE(derTemp, nullptr); 1458e920a95Sopenharmony_ci if (derTempLen < 0) { 1468e920a95Sopenharmony_ci X509_free(x509); 1478e920a95Sopenharmony_ci return; 1488e920a95Sopenharmony_ci } 1498e920a95Sopenharmony_ci 1508e920a95Sopenharmony_ci certBuffer.CopyFrom(derTemp, static_cast<uint32_t>(derTempLen)); 1518e920a95Sopenharmony_ci 1528e920a95Sopenharmony_ci X509_free(x509); 1538e920a95Sopenharmony_ci OPENSSL_free(derTemp); 1548e920a95Sopenharmony_ci} 1558e920a95Sopenharmony_ci 1568e920a95Sopenharmony_cistatic void FormattedCertChain(const std::vector<ByteBuffer> &certChain, ByteBuffer &buffer) 1578e920a95Sopenharmony_ci{ 1588e920a95Sopenharmony_ci uint32_t certsCount = certChain.size(); 1598e920a95Sopenharmony_ci uint32_t totalLen = sizeof(uint32_t); 1608e920a95Sopenharmony_ci for (uint32_t i = 0; i < certsCount; i++) { 1618e920a95Sopenharmony_ci totalLen += sizeof(uint32_t) + certChain[i].GetSize(); 1628e920a95Sopenharmony_ci } 1638e920a95Sopenharmony_ci buffer.Resize(totalLen); 1648e920a95Sopenharmony_ci if (!buffer.PutData(0, CastToUint8Ptr(&certsCount), sizeof(uint32_t))) { 1658e920a95Sopenharmony_ci return; 1668e920a95Sopenharmony_ci } 1678e920a95Sopenharmony_ci uint32_t pos = sizeof(uint32_t); 1688e920a95Sopenharmony_ci for (uint32_t i = 0; i < certsCount; i++) { 1698e920a95Sopenharmony_ci uint32_t size = certChain[i].GetSize(); 1708e920a95Sopenharmony_ci if (!buffer.PutData(pos, CastToUint8Ptr(&size), sizeof(uint32_t))) { 1718e920a95Sopenharmony_ci return; 1728e920a95Sopenharmony_ci } 1738e920a95Sopenharmony_ci pos += sizeof(uint32_t); 1748e920a95Sopenharmony_ci if (!buffer.PutData(pos, certChain[i].GetBuffer(), certChain[i].GetSize())) { 1758e920a95Sopenharmony_ci return; 1768e920a95Sopenharmony_ci } 1778e920a95Sopenharmony_ci pos += certChain[i].GetSize(); 1788e920a95Sopenharmony_ci } 1798e920a95Sopenharmony_ci} 1808e920a95Sopenharmony_ci 1818e920a95Sopenharmony_ciclass CertChainVerifierTest : public testing::Test { 1828e920a95Sopenharmony_cipublic: 1838e920a95Sopenharmony_ci CertChainVerifierTest() {}; 1848e920a95Sopenharmony_ci virtual ~CertChainVerifierTest() {}; 1858e920a95Sopenharmony_ci static void SetUpTestCase() 1868e920a95Sopenharmony_ci { 1878e920a95Sopenharmony_ci LoadDerFormPemString(SIGNING_CERT_CHAIN_PEM, g_signingCert); 1888e920a95Sopenharmony_ci LoadDerFormPemString(ISSUER_CERT_CHAIN_PEM, g_issuerCert); 1898e920a95Sopenharmony_ci LoadDerFormPemString(INTER_CA_CHAIN_PEM, g_interCA); 1908e920a95Sopenharmony_ci // fake root CA, no use in verifying 1918e920a95Sopenharmony_ci uint8_t tmp = 0; 1928e920a95Sopenharmony_ci g_rootCA.CopyFrom(&tmp, sizeof(tmp)); 1938e920a95Sopenharmony_ci g_invalidCert.CopyFrom(&tmp, sizeof(tmp)); 1948e920a95Sopenharmony_ci } 1958e920a95Sopenharmony_ci static void TearDownTestCase() {}; 1968e920a95Sopenharmony_ci void SetUp() {}; 1978e920a95Sopenharmony_ci void TearDown() {}; 1988e920a95Sopenharmony_ci}; 1998e920a95Sopenharmony_ci 2008e920a95Sopenharmony_ci/** 2018e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_001 2028e920a95Sopenharmony_ci * @tc.desc: Get chain from empty buffer 2038e920a95Sopenharmony_ci * @tc.type: Func 2048e920a95Sopenharmony_ci * @tc.require: IAJ4QG 2058e920a95Sopenharmony_ci */ 2068e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_001, TestSize.Level0) 2078e920a95Sopenharmony_ci{ 2088e920a95Sopenharmony_ci ByteBuffer cert, challenge, certBuffer; 2098e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(cert, challenge, certBuffer), false); 2108e920a95Sopenharmony_ci} 2118e920a95Sopenharmony_ci 2128e920a95Sopenharmony_ci/** 2138e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_0002 2148e920a95Sopenharmony_ci * @tc.desc: Get chain from empty cert chain 2158e920a95Sopenharmony_ci * @tc.type: Func 2168e920a95Sopenharmony_ci * @tc.require: IAJ4QG 2178e920a95Sopenharmony_ci */ 2188e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_002, TestSize.Level0) 2198e920a95Sopenharmony_ci{ 2208e920a95Sopenharmony_ci ByteBuffer cert, challenge, certBuffer; 2218e920a95Sopenharmony_ci uint32_t count = 0; 2228e920a95Sopenharmony_ci cert.CopyFrom(reinterpret_cast<uint8_t *>(&count), sizeof(count)); 2238e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(cert, challenge, certBuffer), false); 2248e920a95Sopenharmony_ci} 2258e920a95Sopenharmony_ci 2268e920a95Sopenharmony_ci 2278e920a95Sopenharmony_ci/** 2288e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_0003 2298e920a95Sopenharmony_ci * @tc.desc: Get chain from invalid formatted buffer 2308e920a95Sopenharmony_ci * @tc.type: Func 2318e920a95Sopenharmony_ci * @tc.require: IAJ4QG 2328e920a95Sopenharmony_ci */ 2338e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_003, TestSize.Level0) 2348e920a95Sopenharmony_ci{ 2358e920a95Sopenharmony_ci ByteBuffer cert, challenge, certBuffer; 2368e920a95Sopenharmony_ci std::vector<uint32_t> tmpBuffer = {0}; 2378e920a95Sopenharmony_ci cert.CopyFrom(reinterpret_cast<uint8_t *>(tmpBuffer.data()), tmpBuffer.size() * sizeof(uint32_t)); 2388e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(cert, challenge, certBuffer), false); 2398e920a95Sopenharmony_ci 2408e920a95Sopenharmony_ci // one cert in cert chain, classify as root CA 2418e920a95Sopenharmony_ci tmpBuffer[0] = 1; 2428e920a95Sopenharmony_ci // load issuer failed 2438e920a95Sopenharmony_ci cert.CopyFrom(reinterpret_cast<uint8_t *>(tmpBuffer.data()), tmpBuffer.size() * sizeof(uint32_t)); 2448e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(cert, challenge, certBuffer), false); 2458e920a95Sopenharmony_ci 2468e920a95Sopenharmony_ci // two certs in cert chain 2478e920a95Sopenharmony_ci tmpBuffer[0] = 2; 2488e920a95Sopenharmony_ci // cert size 2498e920a95Sopenharmony_ci tmpBuffer.push_back(sizeof(uint32_t)); 2508e920a95Sopenharmony_ci cert.CopyFrom(reinterpret_cast<uint8_t *>(tmpBuffer.data()), tmpBuffer.size() * sizeof(uint32_t)); 2518e920a95Sopenharmony_ci // no content to load cert, convert from formatted buffer failed 2528e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(cert, challenge, certBuffer), false); 2538e920a95Sopenharmony_ci 2548e920a95Sopenharmony_ci // fill issuer 2558e920a95Sopenharmony_ci tmpBuffer.push_back(0); 2568e920a95Sopenharmony_ci cert.CopyFrom(reinterpret_cast<uint8_t *>(tmpBuffer.data()), tmpBuffer.size() * sizeof(uint32_t)); 2578e920a95Sopenharmony_ci // invalid content, convert content to x509 failed 2588e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(cert, challenge, certBuffer), false); 2598e920a95Sopenharmony_ci} 2608e920a95Sopenharmony_ci 2618e920a95Sopenharmony_ci/** 2628e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_0004 2638e920a95Sopenharmony_ci * @tc.desc: Get verified failed with invalid issuer format 2648e920a95Sopenharmony_ci * @tc.type: Func 2658e920a95Sopenharmony_ci * @tc.require: IAJ4QG 2668e920a95Sopenharmony_ci */ 2678e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_004, TestSize.Level0) 2688e920a95Sopenharmony_ci{ 2698e920a95Sopenharmony_ci ByteBuffer formattedCert, challenge, certBuffer; 2708e920a95Sopenharmony_ci std::vector<ByteBuffer> certs; 2718e920a95Sopenharmony_ci certs.push_back(g_signingCert); 2728e920a95Sopenharmony_ci certs.push_back(g_invalidCert); 2738e920a95Sopenharmony_ci certs.push_back(g_interCA); 2748e920a95Sopenharmony_ci certs.push_back(g_rootCA); 2758e920a95Sopenharmony_ci FormattedCertChain(certs, formattedCert); 2768e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), false); 2778e920a95Sopenharmony_ci} 2788e920a95Sopenharmony_ci 2798e920a95Sopenharmony_ci/** 2808e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_0005 2818e920a95Sopenharmony_ci * @tc.desc: Get verified failed with invalid interCA format 2828e920a95Sopenharmony_ci * @tc.type: Func 2838e920a95Sopenharmony_ci * @tc.require: IAJ4QG 2848e920a95Sopenharmony_ci */ 2858e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_005, TestSize.Level0) 2868e920a95Sopenharmony_ci{ 2878e920a95Sopenharmony_ci ByteBuffer formattedCert, challenge, certBuffer; 2888e920a95Sopenharmony_ci std::vector<ByteBuffer> certs; 2898e920a95Sopenharmony_ci certs.push_back(g_signingCert); 2908e920a95Sopenharmony_ci certs.push_back(g_issuerCert); 2918e920a95Sopenharmony_ci certs.push_back(g_invalidCert); 2928e920a95Sopenharmony_ci certs.push_back(g_rootCA); 2938e920a95Sopenharmony_ci FormattedCertChain(certs, formattedCert); 2948e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), false); 2958e920a95Sopenharmony_ci} 2968e920a95Sopenharmony_ci 2978e920a95Sopenharmony_ci/** 2988e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_0006 2998e920a95Sopenharmony_ci * @tc.desc: verifying issuer cert failed 3008e920a95Sopenharmony_ci * @tc.type: Func 3018e920a95Sopenharmony_ci * @tc.require: IAJ4QG 3028e920a95Sopenharmony_ci */ 3038e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_006, TestSize.Level0) 3048e920a95Sopenharmony_ci{ 3058e920a95Sopenharmony_ci ByteBuffer formattedCert, challenge, certBuffer; 3068e920a95Sopenharmony_ci std::vector<ByteBuffer> certs; 3078e920a95Sopenharmony_ci certs.push_back(g_signingCert); 3088e920a95Sopenharmony_ci certs.push_back(g_signingCert); 3098e920a95Sopenharmony_ci certs.push_back(g_interCA); 3108e920a95Sopenharmony_ci certs.push_back(g_rootCA); 3118e920a95Sopenharmony_ci FormattedCertChain(certs, formattedCert); 3128e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), false); 3138e920a95Sopenharmony_ci} 3148e920a95Sopenharmony_ci 3158e920a95Sopenharmony_ci/** 3168e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_0007 3178e920a95Sopenharmony_ci * @tc.desc: verify signing cert failed 3188e920a95Sopenharmony_ci * @tc.type: Func 3198e920a95Sopenharmony_ci * @tc.require: IAJ4QG 3208e920a95Sopenharmony_ci */ 3218e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_007, TestSize.Level0) 3228e920a95Sopenharmony_ci{ 3238e920a95Sopenharmony_ci ByteBuffer challenge; 3248e920a95Sopenharmony_ci //parse pub key of failed 3258e920a95Sopenharmony_ci EXPECT_EQ(VerifyCertAndExtension(nullptr, nullptr, challenge), false); 3268e920a95Sopenharmony_ci 3278e920a95Sopenharmony_ci X509 *signingCert = LoadPemString(SIGNING_CERT_CHAIN_PEM); 3288e920a95Sopenharmony_ci X509 *issuerCert = LoadPemString(ISSUER_CERT_CHAIN_PEM); 3298e920a95Sopenharmony_ci // verify signature failed 3308e920a95Sopenharmony_ci EXPECT_EQ(VerifyCertAndExtension(issuerCert, signingCert, challenge), false); 3318e920a95Sopenharmony_ci 3328e920a95Sopenharmony_ci // verify extension failed 3338e920a95Sopenharmony_ci const char *invalidChallenge = "invalid"; 3348e920a95Sopenharmony_ci challenge.CopyFrom(reinterpret_cast<const uint8_t *>(invalidChallenge), 3358e920a95Sopenharmony_ci sizeof(invalidChallenge)); 3368e920a95Sopenharmony_ci EXPECT_EQ(VerifyCertAndExtension(signingCert, issuerCert, challenge), false); 3378e920a95Sopenharmony_ci 3388e920a95Sopenharmony_ci // verify extension success 3398e920a95Sopenharmony_ci challenge.CopyFrom(CHALLENGE, sizeof(CHALLENGE)); 3408e920a95Sopenharmony_ci EXPECT_EQ(VerifyCertAndExtension(signingCert, issuerCert, challenge), true); 3418e920a95Sopenharmony_ci X509_free(signingCert); 3428e920a95Sopenharmony_ci X509_free(issuerCert); 3438e920a95Sopenharmony_ci} 3448e920a95Sopenharmony_ci 3458e920a95Sopenharmony_ci/** 3468e920a95Sopenharmony_ci * @tc.name: CertChainVerifierTest_0008 3478e920a95Sopenharmony_ci * @tc.desc: verifying issuer cert success 3488e920a95Sopenharmony_ci * @tc.type: Func 3498e920a95Sopenharmony_ci * @tc.require: IAJ4QG 3508e920a95Sopenharmony_ci */ 3518e920a95Sopenharmony_ciHWTEST_F(CertChainVerifierTest, CertChainVerifierTest_008, TestSize.Level0) 3528e920a95Sopenharmony_ci{ 3538e920a95Sopenharmony_ci ByteBuffer formattedCert, challenge, certBuffer; 3548e920a95Sopenharmony_ci std::vector<ByteBuffer> certs; 3558e920a95Sopenharmony_ci certs.push_back(g_signingCert); 3568e920a95Sopenharmony_ci certs.push_back(g_issuerCert); 3578e920a95Sopenharmony_ci certs.push_back(g_interCA); 3588e920a95Sopenharmony_ci certs.push_back(g_rootCA); 3598e920a95Sopenharmony_ci FormattedCertChain(certs, formattedCert); 3608e920a95Sopenharmony_ci // verify extension success 3618e920a95Sopenharmony_ci challenge.CopyFrom(CHALLENGE, sizeof(CHALLENGE)); 3628e920a95Sopenharmony_ci#ifdef CODE_SIGNATURE_OH_ROOT_CA 3638e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), true); 3648e920a95Sopenharmony_ci#else 3658e920a95Sopenharmony_ci EXPECT_EQ(GetVerifiedCert(formattedCert, challenge, certBuffer), false); 3668e920a95Sopenharmony_ci#endif 3678e920a95Sopenharmony_ci} 3688e920a95Sopenharmony_ci 3698e920a95Sopenharmony_ci} // namespace CodeSign 3708e920a95Sopenharmony_ci} // namespace Security 3718e920a95Sopenharmony_ci} // namespace OHOS