xref: /aosp_15_r20/external/cronet/net/ssl/ssl_platform_key_android_unittest.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/ssl/ssl_platform_key_android.h"
6 
7 #include <string>
8 
9 #include "base/android/jni_android.h"
10 #include "base/android/jni_array.h"
11 #include "base/android/scoped_java_ref.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "net/android/keystore.h"
15 #include "net/android/net_tests_jni/AndroidKeyStoreTestUtil_jni.h"
16 #include "net/cert/x509_certificate.h"
17 #include "net/ssl/ssl_private_key.h"
18 #include "net/ssl/ssl_private_key_test_util.h"
19 #include "net/test/cert_test_util.h"
20 #include "net/test/test_data_directory.h"
21 #include "net/test/test_with_task_environment.h"
22 #include "testing/gtest/include/gtest/gtest.h"
23 #include "third_party/boringssl/src/include/openssl/ssl.h"
24 
25 namespace net {
26 
27 namespace {
28 
29 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava;
30 
ReadTestFile(const char * filename,std::string * pkcs8)31 bool ReadTestFile(const char* filename, std::string* pkcs8) {
32   base::FilePath certs_dir = GetTestCertsDirectory();
33   base::FilePath file_path = certs_dir.AppendASCII(filename);
34   return base::ReadFileToString(file_path, pkcs8);
35 }
36 
37 // Retrieve a JNI local ref from encoded PKCS#8 data.
GetPKCS8PrivateKeyJava(android::PrivateKeyType key_type,const std::string & pkcs8_key)38 ScopedJava GetPKCS8PrivateKeyJava(android::PrivateKeyType key_type,
39                                   const std::string& pkcs8_key) {
40   JNIEnv* env = base::android::AttachCurrentThread();
41   base::android::ScopedJavaLocalRef<jbyteArray> bytes =
42       base::android::ToJavaByteArray(env, pkcs8_key);
43 
44   ScopedJava key(Java_AndroidKeyStoreTestUtil_createPrivateKeyFromPKCS8(
45       env, key_type, bytes));
46 
47   return key;
48 }
49 
50 struct TestKey {
51   const char* name;
52   const char* cert_file;
53   const char* key_file;
54   int type;
55   android::PrivateKeyType android_key_type;
56 };
57 
58 const TestKey kTestKeys[] = {
59     {"RSA", "client_1.pem", "client_1.pk8", EVP_PKEY_RSA,
60      android::PRIVATE_KEY_TYPE_RSA},
61     {"ECDSA_P256", "client_4.pem", "client_4.pk8", EVP_PKEY_EC,
62      android::PRIVATE_KEY_TYPE_ECDSA},
63     {"ECDSA_P384", "client_5.pem", "client_5.pk8", EVP_PKEY_EC,
64      android::PRIVATE_KEY_TYPE_ECDSA},
65     {"ECDSA_P521", "client_6.pem", "client_6.pk8", EVP_PKEY_EC,
66      android::PRIVATE_KEY_TYPE_ECDSA},
67 };
68 
TestKeyToString(const testing::TestParamInfo<TestKey> & params)69 std::string TestKeyToString(const testing::TestParamInfo<TestKey>& params) {
70   return params.param.name;
71 }
72 
73 }  // namespace
74 
75 class SSLPlatformKeyAndroidTest : public testing::TestWithParam<TestKey>,
76                                   public WithTaskEnvironment {};
77 
TEST_P(SSLPlatformKeyAndroidTest,Matches)78 TEST_P(SSLPlatformKeyAndroidTest, Matches) {
79   const TestKey& test_key = GetParam();
80 
81   scoped_refptr<X509Certificate> cert =
82       ImportCertFromFile(GetTestCertsDirectory(), test_key.cert_file);
83   ASSERT_TRUE(cert);
84 
85   std::string key_bytes;
86   ASSERT_TRUE(ReadTestFile(test_key.key_file, &key_bytes));
87   ScopedJava java_key =
88       GetPKCS8PrivateKeyJava(test_key.android_key_type, key_bytes);
89   ASSERT_FALSE(java_key.is_null());
90 
91   scoped_refptr<SSLPrivateKey> key = WrapJavaPrivateKey(cert.get(), java_key);
92   ASSERT_TRUE(key);
93 
94   EXPECT_EQ(SSLPrivateKey::DefaultAlgorithmPreferences(test_key.type,
95                                                        true /* supports_pss */),
96             key->GetAlgorithmPreferences());
97 
98   TestSSLPrivateKeyMatches(key.get(), key_bytes);
99 }
100 
101 INSTANTIATE_TEST_SUITE_P(All,
102                          SSLPlatformKeyAndroidTest,
103                          testing::ValuesIn(kTestKeys),
104                          TestKeyToString);
105 
TEST(SSLPlatformKeyAndroidSigAlgTest,SignatureAlgorithmsToJavaKeyTypes)106 TEST(SSLPlatformKeyAndroidSigAlgTest, SignatureAlgorithmsToJavaKeyTypes) {
107   const struct {
108     std::vector<uint16_t> algorithms;
109     std::vector<std::string> expected_key_types;
110   } kTests[] = {
111       {{SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_RSA_PSS_RSAE_SHA384,
112         SSL_SIGN_ECDSA_SECP256R1_SHA256, SSL_SIGN_RSA_PKCS1_SHA512,
113         SSL_SIGN_ED25519},
114        {"RSA", "EC"}},
115       {{SSL_SIGN_RSA_PSS_RSAE_SHA256}, {"RSA"}},
116       {{SSL_SIGN_RSA_PKCS1_SHA256}, {"RSA"}},
117       {{SSL_SIGN_ECDSA_SECP256R1_SHA256}, {"EC"}},
118       {{SSL_SIGN_ECDSA_SECP384R1_SHA384}, {"EC"}},
119       // Android doesn't document a Java key type corresponding to Ed25519, so
120       // for now we ignore it.
121       {{SSL_SIGN_ED25519}, {}},
122       // Unknown algorithm.
123       {{0xffff}, {}},
124       // Test the empty list.
125       {{}, {}},
126   };
127   for (const auto& t : kTests) {
128     EXPECT_EQ(SignatureAlgorithmsToJavaKeyTypes(t.algorithms),
129               t.expected_key_types);
130   }
131 }
132 
133 }  // namespace net
134