net/ssl/ssl_platform_key_android_unittest.cc - Issue 2390493002: Tidy up ssl_platform_key_android_unittest.cc.

Unified Diff: net/ssl/ssl_platform_key_android_unittest.cc

Issue 2390493002: Tidy up ssl_platform_key_android_unittest.cc. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: net/ssl/ssl_platform_key_android_unittest.cc

diff --git a/net/ssl/ssl_platform_key_android_unittest.cc b/net/ssl/ssl_platform_key_android_unittest.cc

index bffccef879bd5a010020e08dda05e8dc31e75142..260597aaf8d3d1b6713e830fa6e59e53435afdcd 100644

--- a/net/ssl/ssl_platform_key_android_unittest.cc

+++ b/net/ssl/ssl_platform_key_android_unittest.cc

@@ -2,33 +2,30 @@

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.

+#include <openssl/bytestring.h>

#include <openssl/digest.h>

#include <openssl/ecdsa.h>

#include <openssl/err.h>

#include <openssl/evp.h>

#include <openssl/pem.h>

#include <openssl/rsa.h>

+#include <openssl/x509.h>

-#include "base/android/build_info.h"

#include "base/android/jni_android.h"

#include "base/android/jni_array.h"

#include "base/android/scoped_java_ref.h"

#include "base/bind.h"

-#include "base/callback.h"

-#include "base/compiler_specific.h"

#include "base/files/file_path.h"

#include "base/files/file_util.h"

-#include "base/files/scoped_file.h"

#include "base/run_loop.h"

#include "base/strings/string_number_conversions.h"

#include "base/strings/string_util.h"

-#include "crypto/auto_cbb.h"

#include "crypto/openssl_util.h"

-#include "crypto/scoped_openssl_types.h"

#include "net/android/keystore.h"

-#include "net/ssl/scoped_openssl_types.h"

+#include "net/cert/x509_certificate.h"

#include "net/ssl/ssl_platform_key_android.h"

#include "net/ssl/ssl_private_key.h"

+#include "net/test/cert_test_util.h"

#include "net/test/jni/AndroidKeyStoreTestUtil_jni.h"

#include "net/test/test_data_directory.h"

#include "testing/gtest/include/gtest/gtest.h"

@@ -49,72 +46,50 @@ unsigned char* OpenSSLWriteInto(std::string* str, size_t size) {

return reinterpret_cast<unsigned char*>(base::WriteInto(str, size + 1));

}

+bool ReadTestFile(const char* filename, std::string* pkcs8) {

+ base::FilePath certs_dir = GetTestCertsDirectory();

+ base::FilePath file_path = certs_dir.AppendASCII(filename);

+ return base::ReadFileToString(file_path, pkcs8);

// Load a given private key file into an EVP_PKEY.

// |filename| is the key file path.

// Returns a new EVP_PKEY on success, NULL on failure.

-EVP_PKEY* ImportPrivateKeyFile(const char* filename) {

- crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

+bssl::UniquePtr<EVP_PKEY> ImportPrivateKeyFile(const char* filename) {

+ std::string pkcs8;

+ if (!ReadTestFile(filename, &pkcs8))

+ return nullptr;

- // Load file in memory.

- base::FilePath certs_dir = GetTestCertsDirectory();

- base::FilePath file_path = certs_dir.AppendASCII(filename);

- base::ScopedFILE handle(base::OpenFile(file_path, "rb"));

- if (!handle) {

- LOG(ERROR) << "Could not open private key file: " << filename;

- return NULL;

- }

- // Assume it is PEM_encoded. Load it as an EVP_PKEY.

- EVP_PKEY* pkey = PEM_read_PrivateKey(handle.get(), NULL, NULL, NULL);

+ crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

+ CBS cbs;

+ CBS_init(&cbs, reinterpret_cast<const uint8_t*>(pkcs8.data()), pkcs8.size());

+ bssl::UniquePtr<EVP_PKEY> pkey(EVP_parse_private_key(&cbs));

if (!pkey) {

- LOG(ERROR) << "Could not load public key file: " << filename;

- return NULL;

+ LOG(ERROR) << "Could not load private key file: " << filename;

+ return nullptr;

}

- return pkey;

-// Convert a private key into its PKCS#8 encoded representation.

-// |pkey| is the EVP_PKEY handle for the private key.

-// |pkcs8| will receive the PKCS#8 bytes.

-// Returns true on success, false otherwise.

-bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey,

- std::string* pkcs8) {

- uint8_t* der;

- size_t der_len;

- crypto::AutoCBB cbb;

- if (!CBB_init(cbb.get(), 0) ||

- !EVP_marshal_private_key(cbb.get(), pkey.get()) ||

- !CBB_finish(cbb.get(), &der, &der_len)) {

- return false;

- }

- pkcs8->assign(reinterpret_cast<const char*>(der), der_len);

- OPENSSL_free(der);

- return true;

-bool ImportPrivateKeyFileAsPkcs8(const char* filename, std::string* pkcs8) {

- crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename));

- if (!pkey)

- return false;

- return GetPrivateKeyPkcs8Bytes(pkey, pkcs8);

+ return pkey;

}

-// Same as ImportPrivateKey, but for public ones.

-EVP_PKEY* ImportPublicKeyFile(const char* filename) {

+// Imports the public key from the specified test certificate.

+bssl::UniquePtr<EVP_PKEY> ImportPublicKeyFromCertificateFile(

+ const char* filename) {

crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

- // Load file as PEM data.

- base::FilePath certs_dir = GetTestCertsDirectory();

- base::FilePath file_path = certs_dir.AppendASCII(filename);

- base::ScopedFILE handle(base::OpenFile(file_path, "rb"));

- if (!handle) {

- LOG(ERROR) << "Could not open public key file: " << filename;

- return NULL;

+ scoped_refptr<X509Certificate> cert =

+ ImportCertFromFile(GetTestCertsDirectory(), filename);

+ if (!cert) {

+ LOG(ERROR) << "Could not open certificate file: " << filename;

+ return nullptr;

}

- EVP_PKEY* pkey = PEM_read_PUBKEY(handle.get(), NULL, NULL, NULL);

+ bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert->os_cert_handle()));

if (!pkey) {

- LOG(ERROR) << "Could not load public key file: " << filename;

- return NULL;

+ LOG(ERROR) << "Could not load public key from certificate: " << filename;

+ return nullptr;

}

return pkey;

}

@@ -133,23 +108,23 @@ ScopedJava GetPKCS8PrivateKeyJava(android::PrivateKeyType key_type,

return key;

}

-const char kTestRsaKeyFile[] = "android-test-key-rsa.pem";

+const char kTestRsaKeyFile[] = "client_1.pk8";

// Retrieve a JNI local ref for our test RSA key.

ScopedJava GetRSATestKeyJava() {

std::string key;

- if (!ImportPrivateKeyFileAsPkcs8(kTestRsaKeyFile, &key))

+ if (!ReadTestFile(kTestRsaKeyFile, &key))

return ScopedJava();

return GetPKCS8PrivateKeyJava(android::PRIVATE_KEY_TYPE_RSA, key);

}

-const char kTestEcdsaKeyFile[] = "android-test-key-ecdsa.pem";

-const char kTestEcdsaPublicKeyFile[] = "android-test-key-ecdsa-public.pem";

+const char kTestEcdsaKeyFile[] = "client_4.pk8";

+const char kTestEcdsaCertificateFile[] = "client_4.pem";

// Retrieve a JNI local ref for our test ECDSA key.

ScopedJava GetECDSATestKeyJava() {

std::string key;

- if (!ImportPrivateKeyFileAsPkcs8(kTestEcdsaKeyFile, &key))

+ if (!ReadTestFile(kTestEcdsaKeyFile, &key))

return ScopedJava();

return GetPKCS8PrivateKeyJava(android::PRIVATE_KEY_TYPE_ECDSA, key);

}

@@ -163,10 +138,12 @@ bool VerifyTestECDSASignature(const base::StringPiece& message,

const base::StringPiece& signature) {

crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

- crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile));

+ bssl::UniquePtr<EVP_PKEY> pkey =

+ ImportPublicKeyFromCertificateFile(kTestEcdsaCertificateFile);

if (!pkey)

return false;

- crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get()));

+ EC_KEY* pub_key = EVP_PKEY_get0_EC_KEY(pkey.get());

if (!pub_key) {

LOG(ERROR) << "Could not get ECDSA public key";

return false;

@@ -179,8 +156,7 @@ bool VerifyTestECDSASignature(const base::StringPiece& message,

reinterpret_cast<const unsigned char*>(signature.data());

int siglen = static_cast<int>(signature.size());

- int ret = ECDSA_verify(0, digest, digest_len, sigbuf, siglen, pub_key.get());

- if (ret != 1) {

+ if (!ECDSA_verify(0, digest, digest_len, sigbuf, siglen, pub_key)) {

LOG(ERROR) << "ECDSA_verify() failed";

return false;

}

@@ -197,37 +173,28 @@ bool SignWithOpenSSL(int hash_nid,

EVP_PKEY* openssl_key,

std::string* result) {

crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

+ RSA* rsa = EVP_PKEY_get0_RSA(openssl_key);

+ if (!rsa) {

+ LOG(ERROR) << "Could not get RSA from EVP_PKEY";

+ return false;

+ }

const unsigned char* digest =

reinterpret_cast<const unsigned char*>(message.data());

unsigned int digest_len = static_cast<unsigned int>(message.size());

+ // With RSA, the signature will always be RSA_size() bytes.

+ size_t max_signature_size = static_cast<size_t>(RSA_size(rsa));

std::string signature;

- size_t signature_size;

- size_t max_signature_size;

- int key_type = EVP_PKEY_id(openssl_key);

- switch (key_type) {

- case EVP_PKEY_RSA: {

- crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key));

- if (!rsa) {

- LOG(ERROR) << "Could not get RSA from EVP_PKEY";

- return false;

- }

- // With RSA, the signature will always be RSA_size() bytes.

- max_signature_size = static_cast<size_t>(RSA_size(rsa.get()));

- unsigned char* p = OpenSSLWriteInto(&signature, max_signature_size);

- unsigned int p_len = 0;

- int ret = RSA_sign(hash_nid, digest, digest_len, p, &p_len, rsa.get());

- if (ret != 1) {

- LOG(ERROR) << "RSA_sign() failed";

- return false;

- }

- signature_size = static_cast<size_t>(p_len);

- break;

- }

- default:

- LOG(WARNING) << "Invalid OpenSSL key type: " << key_type;

- return false;

+ unsigned char* p = OpenSSLWriteInto(&signature, max_signature_size);

+ unsigned int p_len = 0;

+ if (!RSA_sign(hash_nid, digest, digest_len, p, &p_len, rsa)) {

+ LOG(ERROR) << "RSA_sign() failed";

+ return false;

}

+ size_t signature_size = static_cast<size_t>(p_len);

if (signature_size == 0) {

LOG(ERROR) << "Signature is empty!";

return false;

@@ -326,7 +293,7 @@ TEST(SSLPlatformKeyAndroid, RSA) {

scoped_refptr<SSLPrivateKey> wrapper_key = WrapJavaPrivateKey(rsa_key);

ASSERT_TRUE(wrapper_key);

- crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));

+ bssl::UniquePtr<EVP_PKEY> openssl_key = ImportPrivateKeyFile(kTestRsaKeyFile);

ASSERT_TRUE(openssl_key);

// Check that the wrapper key returns the correct length and type.

@@ -358,7 +325,8 @@ TEST(SSLPlatformKeyAndroid, ECDSA) {

scoped_refptr<SSLPrivateKey> wrapper_key = WrapJavaPrivateKey(ecdsa_key);

ASSERT_TRUE(wrapper_key);

- crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));

+ bssl::UniquePtr<EVP_PKEY> openssl_key =

+ ImportPrivateKeyFile(kTestEcdsaKeyFile);

ASSERT_TRUE(openssl_key);

// Check that the wrapper key returns the correct length and type.

« net/data/ssl/scripts/generate-client-certificates.sh ('K') | « net/net.gypi ('k') | no next file » | no next file with comments »