proxygen
CertManagerTest.cpp
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree.
7  */
8 
9 #include <gmock/gmock.h>
10 #include <gtest/gtest.h>
11 
12 #include <fizz/server/CertManager.h>
13 
14 #include <fizz/protocol/test/Mocks.h>
15 
16 using namespace fizz::test;
17 using namespace folly;
18 using namespace testing;
19 
20 namespace fizz {
21 namespace server {
22 namespace test {
23 
24 static const std::vector<SignatureScheme> kRsa{SignatureScheme::rsa_pss_sha256};
25 
26 class CertManagerTest : public Test {
27  protected:
28  std::shared_ptr<MockSelfCert> getCert(
29  std::string identity,
30  std::vector<std::string> alts,
31  std::vector<SignatureScheme> schemes) {
32  auto cert = std::make_shared<MockSelfCert>();
33  ON_CALL(*cert, getIdentity()).WillByDefault(Return(identity));
34  ON_CALL(*cert, getAltIdentities()).WillByDefault(Return(alts));
35  ON_CALL(*cert, getSigSchemes()).WillByDefault(Return(schemes));
36  return cert;
37  }
38 
39  CertManager manager_;
40 };
41 
42 TEST_F(CertManagerTest, TestNoMatchDefault) {
43  auto cert = getCert("blah.com", {}, kRsa);
44  manager_.addCert(cert, true);
45  auto res = manager_.getCert(std::string("test.com"), kRsa, kRsa);
46  EXPECT_EQ(res->first, cert);
47 }
48 
49 TEST_F(CertManagerTest, TestNoSniDefault) {
50  auto cert = getCert("blah.com", {}, kRsa);
51  manager_.addCert(cert, true);
52  auto res = manager_.getCert(none, kRsa, kRsa);
53  EXPECT_EQ(res->first, cert);
54 }
55 
56 TEST_F(CertManagerTest, TestWildcardDefault) {
57  auto cert = getCert("*.blah.com", {}, kRsa);
58  manager_.addCert(cert, true);
59  auto res = manager_.getCert(none, kRsa, kRsa);
60  EXPECT_EQ(res->first, cert);
61 }
62 
63 TEST_F(CertManagerTest, TestUppercaseDefault) {
64  auto cert = getCert("BLAH.com", {}, kRsa);
65  manager_.addCert(cert, true);
66  auto res = manager_.getCert(none, kRsa, kRsa);
67  EXPECT_EQ(res->first, cert);
68 }
69 
70 TEST_F(CertManagerTest, TestNoDefault) {
71  EXPECT_FALSE(manager_.getCert(std::string("blah.com"), {}, {}).hasValue());
72 }
73 
74 TEST_F(CertManagerTest, TestSigSchemesServerPref) {
75  auto cert = getCert(
76  "www.test.com",
77  {},
78  {SignatureScheme::rsa_pss_sha256, SignatureScheme::rsa_pss_sha512});
79  manager_.addCert(cert);
80 
81  auto res = manager_.getCert(
82  std::string("www.test.com"),
83  {SignatureScheme::rsa_pss_sha256, SignatureScheme::rsa_pss_sha512},
84  {SignatureScheme::rsa_pss_sha256, SignatureScheme::rsa_pss_sha512});
85  EXPECT_EQ(res->first, cert);
86  EXPECT_EQ(res->second, SignatureScheme::rsa_pss_sha256);
87 
88  res = manager_.getCert(
89  std::string("www.test.com"),
90  {SignatureScheme::rsa_pss_sha512, SignatureScheme::rsa_pss_sha256},
91  {SignatureScheme::rsa_pss_sha256, SignatureScheme::rsa_pss_sha512});
92  EXPECT_EQ(res->first, cert);
93  EXPECT_EQ(res->second, SignatureScheme::rsa_pss_sha512);
94 }
95 
96 TEST_F(CertManagerTest, TestClientSigScheme) {
97  auto cert1 = getCert("www.test.com", {}, {SignatureScheme::rsa_pss_sha256});
98  auto cert2 = getCert("www.test.com", {}, {SignatureScheme::rsa_pss_sha512});
99  manager_.addCert(cert1);
100  manager_.addCert(cert2);
101 
102  auto res = manager_.getCert(
103  std::string("www.test.com"),
104  {SignatureScheme::rsa_pss_sha256, SignatureScheme::rsa_pss_sha512},
105  {SignatureScheme::rsa_pss_sha512});
106  EXPECT_EQ(res->first, cert2);
107  EXPECT_EQ(res->second, SignatureScheme::rsa_pss_sha512);
108 }
109 
110 TEST_F(CertManagerTest, TestClientSigSchemeWildcardMatch) {
111  auto cert1 = getCert("www.test.com", {}, {SignatureScheme::rsa_pss_sha256});
112  auto cert2 = getCert("*.test.com", {}, {SignatureScheme::rsa_pss_sha512});
113  manager_.addCert(cert1);
114  manager_.addCert(cert2);
115 
116  auto res = manager_.getCert(
117  std::string("www.test.com"),
118  {SignatureScheme::rsa_pss_sha256, SignatureScheme::rsa_pss_sha512},
119  {SignatureScheme::rsa_pss_sha512});
120  EXPECT_EQ(res->first, cert2);
121  EXPECT_EQ(res->second, SignatureScheme::rsa_pss_sha512);
122 }
123 
124 TEST_F(CertManagerTest, TestClientSigSchemeFallback) {
125  auto cert = getCert("www.test.com", {}, {SignatureScheme::rsa_pss_sha256});
126  manager_.addCert(cert);
127 
128  auto res = manager_.getCert(
129  std::string("www.test.com"),
130  {SignatureScheme::rsa_pss_sha256},
131  {SignatureScheme::rsa_pss_sha512});
132  EXPECT_EQ(res->first, cert);
133  EXPECT_EQ(res->second, SignatureScheme::rsa_pss_sha256);
134 }
135 
136 TEST_F(CertManagerTest, TestAlts) {
137  auto cert = getCert(
138  "www.test.com",
139  {"www.test.com", "www.example.com", "*.example.com"},
140  kRsa);
141  manager_.addCert(cert);
142 
143  auto res = manager_.getCert(std::string("www.test.com"), kRsa, kRsa);
144  EXPECT_EQ(res->first, cert);
145 
146  res = manager_.getCert(std::string("www.example.com"), kRsa, kRsa);
147  EXPECT_EQ(res->first, cert);
148 
149  res = manager_.getCert(std::string("foo.example.com"), kRsa, kRsa);
150  EXPECT_EQ(res->first, cert);
151 }
152 
153 TEST_F(CertManagerTest, TestWildcard) {
154  auto cert = getCert("*.test.com", {}, kRsa);
155  manager_.addCert(cert);
156 
157  auto res = manager_.getCert(std::string("bar.test.com"), kRsa, kRsa);
158  EXPECT_EQ(res->first, cert);
159 
160  EXPECT_FALSE(
161  manager_.getCert(std::string("foo.bar.test.com"), kRsa, kRsa).hasValue());
162 }
163 
164 TEST_F(CertManagerTest, TestExactMatch) {
165  auto cert1 = getCert("*.test.com", {}, kRsa);
166  auto cert2 = getCert("foo.test.com", {}, kRsa);
167  manager_.addCert(cert1);
168  manager_.addCert(cert2);
169 
170  auto res = manager_.getCert(std::string("foo.test.com"), kRsa, kRsa);
171  EXPECT_EQ(res->first, cert2);
172 }
173 
174 TEST_F(CertManagerTest, TestNoWildcard) {
175  auto cert = getCert("foo.test.com", {}, kRsa);
176  manager_.addCert(cert);
177 
178  EXPECT_FALSE(
179  manager_.getCert(std::string("blah.test.com"), kRsa, kRsa).hasValue());
180  EXPECT_FALSE(
181  manager_.getCert(std::string("test.com"), kRsa, kRsa).hasValue());
182 }
183 
184 TEST_F(CertManagerTest, TestGetByIdentity) {
185  auto cert = getCert("*.test.com", {"www.example.com"}, kRsa);
186  manager_.addCert(cert);
187 
188  EXPECT_EQ(manager_.getCert("*.test.com"), cert);
189  EXPECT_EQ(manager_.getCert("www.example.com"), nullptr);
190  EXPECT_EQ(manager_.getCert("foo.test.com"), nullptr);
191  EXPECT_EQ(manager_.getCert("www.blah.com"), nullptr);
192 }
193 } // namespace test
194 } // namespace server
195 } // namespace fizz
fizz::server::test::kRsa
static const std::vector< SignatureScheme > kRsa
Definition: CertManagerTest.cpp:24
EXPECT_EQ
#define EXPECT_EQ(val1, val2)
Definition: gtest.h:1922
fizz::server::test::CertManagerTest::getCert
std::shared_ptr< MockSelfCert > getCert(std::string identity, std::vector< std::string > alts, std::vector< SignatureScheme > schemes)
Definition: CertManagerTest.cpp:28
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
fizz::test::getCert
folly::ssl::X509UniquePtr getCert(folly::StringPiece cert)
Definition: TestUtil.cpp:48
fizz
Definition: Actions.h:16
ON_CALL
#define ON_CALL(obj, call)
Definition: gmock-spec-builders.h:1841
fizz::test::TEST_F
TEST_F(RSAPSSTest, TestSignVerify)
Definition: RSAPSSSignatureTest.cpp:38
string
const char * string
Definition: Conv.cpp:212
EXPECT_FALSE
#define EXPECT_FALSE(condition)
Definition: gtest.h:1862
folly::none
constexpr None none
Definition: Optional.h:87
testing::Return
internal::ReturnAction< R > Return(R value)
Definition: gmock-actions.h:1061