1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include "update_engine/certificate_checker.h"
18 
19 #include <string>
20 
21 #include <base/strings/string_util.h>
22 #include <base/strings/stringprintf.h>
23 #include <gmock/gmock.h>
24 #include <gtest/gtest.h>
25 
26 #include "update_engine/common/constants.h"
27 #include "update_engine/common/mock_prefs.h"
28 #include "update_engine/mock_certificate_checker.h"
29 
30 using ::testing::DoAll;
31 using ::testing::Return;
32 using ::testing::SetArgumentPointee;
33 using ::testing::SetArrayArgument;
34 using ::testing::_;
35 using std::string;
36 
37 namespace chromeos_update_engine {
38 
39 class MockCertificateCheckObserver : public CertificateChecker::Observer {
40  public:
41   MOCK_METHOD2(CertificateChecked,
42                void(ServerToCheck server_to_check,
43                     CertificateCheckResult result));
44 };
45 
46 class CertificateCheckerTest : public testing::Test {
47  protected:
SetUp()48   void SetUp() override {
49     cert_key_ = base::StringPrintf("%s-%d-%d",
50                                    cert_key_prefix_.c_str(),
51                                    static_cast<int>(server_to_check_),
52                                    depth_);
53     cert_checker.Init();
54     cert_checker.SetObserver(&observer_);
55   }
56 
TearDown()57   void TearDown() override {
58     cert_checker.SetObserver(nullptr);
59   }
60 
61   MockPrefs prefs_;
62   MockOpenSSLWrapper openssl_wrapper_;
63   // Parameters of our mock certificate digest.
64   int depth_{0};
65   unsigned int length_{4};
66   uint8_t digest_[4]{0x17, 0x7D, 0x07, 0x5F};
67   string digest_hex_{"177D075F"};
68   string diff_digest_hex_{"1234ABCD"};
69   string cert_key_prefix_{kPrefsUpdateServerCertificate};
70   ServerToCheck server_to_check_{ServerToCheck::kUpdate};
71   string cert_key_;
72 
73   testing::StrictMock<MockCertificateCheckObserver> observer_;
74   CertificateChecker cert_checker{&prefs_, &openssl_wrapper_};
75 };
76 
77 // check certificate change, new
TEST_F(CertificateCheckerTest,NewCertificate)78 TEST_F(CertificateCheckerTest, NewCertificate) {
79   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
80       .WillOnce(DoAll(
81           SetArgumentPointee<1>(depth_),
82           SetArgumentPointee<2>(length_),
83           SetArrayArgument<3>(digest_, digest_ + 4),
84           Return(true)));
85   EXPECT_CALL(prefs_, GetString(cert_key_, _)).WillOnce(Return(false));
86   EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
87   EXPECT_CALL(observer_,
88               CertificateChecked(server_to_check_,
89                                  CertificateCheckResult::kValid));
90   ASSERT_TRUE(
91       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
92 }
93 
94 // check certificate change, unchanged
TEST_F(CertificateCheckerTest,SameCertificate)95 TEST_F(CertificateCheckerTest, SameCertificate) {
96   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
97       .WillOnce(DoAll(
98           SetArgumentPointee<1>(depth_),
99           SetArgumentPointee<2>(length_),
100           SetArrayArgument<3>(digest_, digest_ + 4),
101           Return(true)));
102   EXPECT_CALL(prefs_, GetString(cert_key_, _))
103       .WillOnce(DoAll(SetArgumentPointee<1>(digest_hex_), Return(true)));
104   EXPECT_CALL(prefs_, SetString(_, _)).Times(0);
105   EXPECT_CALL(observer_,
106               CertificateChecked(server_to_check_,
107                                  CertificateCheckResult::kValid));
108   ASSERT_TRUE(
109       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
110 }
111 
112 // check certificate change, changed
TEST_F(CertificateCheckerTest,ChangedCertificate)113 TEST_F(CertificateCheckerTest, ChangedCertificate) {
114   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
115       .WillOnce(DoAll(
116           SetArgumentPointee<1>(depth_),
117           SetArgumentPointee<2>(length_),
118           SetArrayArgument<3>(digest_, digest_ + 4),
119           Return(true)));
120   EXPECT_CALL(prefs_, GetString(cert_key_, _))
121       .WillOnce(DoAll(SetArgumentPointee<1>(diff_digest_hex_), Return(true)));
122   EXPECT_CALL(observer_,
123               CertificateChecked(server_to_check_,
124                                  CertificateCheckResult::kValidChanged));
125   EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
126   ASSERT_TRUE(
127       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
128 }
129 
130 // check certificate change, failed
TEST_F(CertificateCheckerTest,FailedCertificate)131 TEST_F(CertificateCheckerTest, FailedCertificate) {
132   EXPECT_CALL(observer_, CertificateChecked(server_to_check_,
133                                             CertificateCheckResult::kFailed));
134   EXPECT_CALL(prefs_, GetString(_, _)).Times(0);
135   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(_, _, _, _)).Times(0);
136   ASSERT_FALSE(
137       cert_checker.CheckCertificateChange(0, nullptr, server_to_check_));
138 }
139 
140 }  // namespace chromeos_update_engine
141