xref: /aosp_15_r20/system/update_engine/certificate_checker_unittest.cc (revision 5a9231315b4521097b8dc3750bc806fcafe0c72f) 
1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include "update_engine/certificate_checker.h"
18 
19 #include <string>
20 
21 #include <android-base/stringprintf.h>
22 #include <gmock/gmock.h>
23 #include <gtest/gtest.h>
24 
25 #include "update_engine/common/constants.h"
26 #include "update_engine/common/mock_prefs.h"
27 #include "update_engine/mock_certificate_checker.h"
28 
29 using std::string;
30 using ::testing::_;
31 using ::testing::DoAll;
32 using ::testing::Return;
33 using ::testing::SetArgPointee;
34 using ::testing::SetArrayArgument;
35 
36 namespace chromeos_update_engine {
37 
38 class MockCertificateCheckObserver : public CertificateChecker::Observer {
39  public:
40   MOCK_METHOD2(CertificateChecked,
41                void(ServerToCheck server_to_check,
42                     CertificateCheckResult result));
43 };
44 
45 class CertificateCheckerTest : public testing::Test {
46  protected:
SetUp()47   void SetUp() override {
48     cert_key_ = android::base::StringPrintf("%s-%d-%d",
49                                             cert_key_prefix_.c_str(),
50                                             static_cast<int>(server_to_check_),
51                                             depth_);
52     cert_checker.Init();
53     cert_checker.SetObserver(&observer_);
54   }
55 
TearDown()56   void TearDown() override { cert_checker.SetObserver(nullptr); }
57 
58   MockPrefs prefs_;
59   MockOpenSSLWrapper openssl_wrapper_;
60   // Parameters of our mock certificate digest.
61   int depth_{0};
62   unsigned int length_{4};
63   uint8_t digest_[4]{0x17, 0x7D, 0x07, 0x5F};
64   string digest_hex_{"177D075F"};
65   string diff_digest_hex_{"1234ABCD"};
66   string cert_key_prefix_{kPrefsUpdateServerCertificate};
67   ServerToCheck server_to_check_{ServerToCheck::kUpdate};
68   string cert_key_;
69 
70   testing::StrictMock<MockCertificateCheckObserver> observer_;
71   CertificateChecker cert_checker{&prefs_, &openssl_wrapper_};
72 };
73 
74 // check certificate change, new
TEST_F(CertificateCheckerTest,NewCertificate)75 TEST_F(CertificateCheckerTest, NewCertificate) {
76   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
77       .WillOnce(DoAll(SetArgPointee<1>(depth_),
78                       SetArgPointee<2>(length_),
79                       SetArrayArgument<3>(digest_, digest_ + 4),
80                       Return(true)));
81   EXPECT_CALL(prefs_, GetString(cert_key_, _)).WillOnce(Return(false));
82   EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
83   EXPECT_CALL(
84       observer_,
85       CertificateChecked(server_to_check_, CertificateCheckResult::kValid));
86   ASSERT_TRUE(
87       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
88 }
89 
90 // check certificate change, unchanged
TEST_F(CertificateCheckerTest,SameCertificate)91 TEST_F(CertificateCheckerTest, SameCertificate) {
92   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
93       .WillOnce(DoAll(SetArgPointee<1>(depth_),
94                       SetArgPointee<2>(length_),
95                       SetArrayArgument<3>(digest_, digest_ + 4),
96                       Return(true)));
97   EXPECT_CALL(prefs_, GetString(cert_key_, _))
98       .WillOnce(DoAll(SetArgPointee<1>(digest_hex_), Return(true)));
99   EXPECT_CALL(prefs_, SetString(_, _)).Times(0);
100   EXPECT_CALL(
101       observer_,
102       CertificateChecked(server_to_check_, CertificateCheckResult::kValid));
103   ASSERT_TRUE(
104       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
105 }
106 
107 // check certificate change, changed
TEST_F(CertificateCheckerTest,ChangedCertificate)108 TEST_F(CertificateCheckerTest, ChangedCertificate) {
109   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(nullptr, _, _, _))
110       .WillOnce(DoAll(SetArgPointee<1>(depth_),
111                       SetArgPointee<2>(length_),
112                       SetArrayArgument<3>(digest_, digest_ + 4),
113                       Return(true)));
114   EXPECT_CALL(prefs_, GetString(cert_key_, _))
115       .WillOnce(DoAll(SetArgPointee<1>(diff_digest_hex_), Return(true)));
116   EXPECT_CALL(observer_,
117               CertificateChecked(server_to_check_,
118                                  CertificateCheckResult::kValidChanged));
119   EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
120   ASSERT_TRUE(
121       cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
122 }
123 
124 // check certificate change, failed
TEST_F(CertificateCheckerTest,FailedCertificate)125 TEST_F(CertificateCheckerTest, FailedCertificate) {
126   EXPECT_CALL(
127       observer_,
128       CertificateChecked(server_to_check_, CertificateCheckResult::kFailed));
129   EXPECT_CALL(prefs_, GetString(_, _)).Times(0);
130   EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(_, _, _, _)).Times(0);
131   ASSERT_FALSE(
132       cert_checker.CheckCertificateChange(0, nullptr, server_to_check_));
133 }
134 
135 }  // namespace chromeos_update_engine
136