1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include "update_engine/certificate_checker.h"
18 
19 #include <string>
20 
21 #include <base/strings/string_util.h>
22 #include <base/strings/stringprintf.h>
23 #include <gmock/gmock.h>
24 #include <gtest/gtest.h>
25 
26 #include "update_engine/common/constants.h"
27 #include "update_engine/common/mock_prefs.h"
28 #include "update_engine/mock_certificate_checker.h"
29 
30 using std::string;
31 using ::testing::_;
32 using ::testing::DoAll;
33 using ::testing::Return;
34 using ::testing::SetArgPointee;
35 using ::testing::SetArrayArgument;
36 
37 namespace chromeos_update_engine {
38 
39 class MockCertificateCheckObserver : public CertificateChecker::Observer {
40  public:
41   MOCK_METHOD2(CertificateChecked,
42                void(ServerToCheck server_to_check,
43                     CertificateCheckResult result));
44 };
45 
46 class CertificateCheckerTest : public testing::Test {
47  protected:
48   void SetUp() override {
49     cert_key_ = base::StringPrintf("%s-%d-%d",
50                                    cert_key_prefix_.c_str(),
51                                    static_cast<int>(server_to_check_),
52                                    depth_);
53     cert_checker.Init();
54     cert_checker.SetObserver(&observer_);
55   }
56 
57   void TearDown() override { cert_checker.SetObserver(nullptr); }
58 
59   MockPrefs prefs_;
60   MockOpenSSLWrapper openssl_wrapper_;
61   // Parameters of our mock certificate digest.
62   int depth_{0};
63   unsigned int length_{4};
64   uint8_t digest_[4]{0x17, 0x7D, 0x07, 0x5F};
65   string digest_hex_{"177D075F"};
66   string diff_digest_hex_{"1234ABCD"};
67   string cert_key_prefix_{kPrefsUpdateServerCertificate};
68   ServerToCheck server_to_check_{ServerToCheck::kUpdate};
69   string cert_key_;
70 
71   testing::StrictMock<MockCertificateCheckObserver> observer_;
72   CertificateChecker cert_checker{&prefs_, &openssl_wrapper_};
73 };
74 
75 // check certificate change, new
76 TEST_F(CertificateCheckerTest, NewCertificate) {
77   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
78       .WillOnce(DoAll(SetArgPointee<1>(depth_),
79                       SetArgPointee<2>(length_),
80                       SetArrayArgument<3>(digest_, digest_ + 4),
81                       Return(true)));
82   EXPECT_CALL(prefs_, GetString(cert_key_, _)).WillOnce(Return(false));
83   EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
84   EXPECT_CALL(
85       observer_,
86       CertificateChecked(server_to_check_, CertificateCheckResult::kValid));
87   ASSERT_TRUE(
88       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
89 }
90 
91 // check certificate change, unchanged
92 TEST_F(CertificateCheckerTest, SameCertificate) {
93   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
94       .WillOnce(DoAll(SetArgPointee<1>(depth_),
95                       SetArgPointee<2>(length_),
96                       SetArrayArgument<3>(digest_, digest_ + 4),
97                       Return(true)));
98   EXPECT_CALL(prefs_, GetString(cert_key_, _))
99       .WillOnce(DoAll(SetArgPointee<1>(digest_hex_), Return(true)));
100   EXPECT_CALL(prefs_, SetString(_, _)).Times(0);
101   EXPECT_CALL(
102       observer_,
103       CertificateChecked(server_to_check_, CertificateCheckResult::kValid));
104   ASSERT_TRUE(
105       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
106 }
107 
108 // check certificate change, changed
109 TEST_F(CertificateCheckerTest, ChangedCertificate) {
110   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
111       .WillOnce(DoAll(SetArgPointee<1>(depth_),
112                       SetArgPointee<2>(length_),
113                       SetArrayArgument<3>(digest_, digest_ + 4),
114                       Return(true)));
115   EXPECT_CALL(prefs_, GetString(cert_key_, _))
116       .WillOnce(DoAll(SetArgPointee<1>(diff_digest_hex_), Return(true)));
117   EXPECT_CALL(observer_,
118               CertificateChecked(server_to_check_,
119                                  CertificateCheckResult::kValidChanged));
120   EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
121   ASSERT_TRUE(
122       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
123 }
124 
125 // check certificate change, failed
126 TEST_F(CertificateCheckerTest, FailedCertificate) {
127   EXPECT_CALL(
128       observer_,
129       CertificateChecked(server_to_check_, CertificateCheckResult::kFailed));
130   EXPECT_CALL(prefs_, GetString(_, _)).Times(0);
131   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(_, _, _, _)).Times(0);
132   ASSERT_FALSE(
133       cert_checker.CheckCertificateChange(0, nullptr, server_to_check_));
134 }
135 
136 }  // namespace chromeos_update_engine
137