proxygen
TicketCodecTest.cpp
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree.
7  */
8 
9 #include <gmock/gmock.h>
10 #include <gtest/gtest.h>
11 
12 #include <fizz/server/TicketCodec.h>
13 
14 #include <fizz/crypto/test/TestUtil.h>
15 #include <fizz/protocol/test/Mocks.h>
16 
17 using namespace fizz::test;
18 using namespace folly;
19 using namespace testing;
20 
21 static constexpr StringPiece ticket{
22  "03041301000673656372657400056964656e74004444444400000000000000190268320000"};
23 static constexpr StringPiece ticketWithAppToken{
24  "03041301000673656372657400056964656e7400444444440000000000000019026832000b68656c6c6f20776f726c64"};
25 static constexpr StringPiece ticketWithoutAppToken{
26  "03041301000673656372657400056964656e7400444444440000000000000019026832"};
27 static constexpr StringPiece ticketNoAlpn{
28  "03041301000673656372657400056964656e7400444444440000000000000019000000"};
29 static constexpr StringPiece ticketClientAuthX509{
30  "03041301000673656372657400056964656e740103653082036130820249a003020102020900c3420836ac1ca26f300d06092a864886f70d01010b0500304b310b3009060355040613025553310b300906035504080c024e593111300f06035504070c084e657720596f726b310d300b060355040b0c0446697a7a310d300b06035504030c0446697a7a301e170d3136313232393036323431385a170d3431303832303036323431385a304b310b3009060355040613025553310b300906035504080c024e593111300f06035504070c084e657720596f726b310d300b060355040b0c0446697a7a310d300b06035504030c0446697a7a30820122300d06092a864886f70d01010105000382010f003082010a0282010100c564999066687e557e86734a655b8252bd1e39e758b45204535ea60113cfdca3ea1c5adc117b9d039ff8ea1a2881f49bd9662a11a09e96d6371a23c6f963dd8610c48b98788489af2fe83f89353b2cb988866931e212b3018c74d76d35d87c72ee9bc4249cba4bbc047098f403136c585a3c4b2b087cee51c39ec24c7a25c7071bb82b1faba09c6b73c4d2073d51767629a4c936ea61f2058f0dd8a8f00bb9627629bc8632d105ede9e505007f21b8d4413942be5c79e0fbfcc0217400b462445bfaf1fef2835169b49f364a9485173c874248c0933baaa3f9416fca977448de0f5d6ffa0d425e1a2ddb5c5aa5f5717ccaccba66085e1cab2f80f0e54a438ee50203010001a348304630090603551d1304023000300b0603551d0f0404030205e0302c0603551d1104253023820a2a2e66697a7a2e636f6d820866697a7a2e636f6d820b6578616d706c652e6e6574300d06092a864886f70d01010b050003820101008a48bf0c71489acb196f08af3e0fa4a2e878a7ad2c25b71d856bacc17c9c62cac25cde58b6b406940deb7f03b832ceb1a1995f43ac86c3ac3c273d156b9bf1576ee69035cee0cb4b4dda2f61780c1332bcabc39aa6b4f89b23f92b88934e78a05d50e23bf1f551342419b1d457c7679520f9ff032d662f2cc37a1bd3fa618ce810d9f9f3da1afff2476160e82629add8807cd11d64e3b808bc675e5b80a794d1f58d83b5fe6af5c951cdae976439a6f622d744c9c753c3cce2fd038646115ebe3711fa9e9cf8d2abdbf3928aff7e2dfbdb68596f771924286af79abb1bd848330752e24874e5940fb24bcf10cf1712461cd279283f6ef2fec6c593c5c1a0d70d4444444400000000000000190268320000"};
31 static constexpr StringPiece ticketClientAuthIdentityOnly{
32  "03041301000673656372657400056964656e74020008636c69656e7469644444444400000000000000190268320000"};
33 
34 namespace fizz {
35 namespace server {
36 namespace test {
37 
38 static ResumptionState getTestResumptionState(
39  std::shared_ptr<SelfCert> cert,
40  std::shared_ptr<PeerCert> peerCert) {
41  ResumptionState rs;
42  rs.version = ProtocolVersion::tls_1_3;
43  rs.cipher = CipherSuite::TLS_AES_128_GCM_SHA256;
44  rs.resumptionSecret = IOBuf::copyBuffer("secret");
45  rs.serverCert = cert;
46  rs.clientCert = peerCert;
47  rs.ticketAgeAdd = 0x44444444;
48  rs.ticketIssueTime = std::chrono::time_point<std::chrono::system_clock>(
49  std::chrono::seconds(25));
50  rs.alpn = "h2";
51  return rs;
52 }
53 
54 TEST(TicketCodecTest, TestEncode) {
55  auto cert = std::make_shared<MockSelfCert>();
56  auto rs = getTestResumptionState(cert, nullptr);
57  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
58  EXPECT_FALSE(rs.appToken);
59  auto encoded = TicketCodec<CertificateStorage::X509>::encode(std::move(rs));
60  EXPECT_TRUE(IOBufEqualTo()(encoded, toIOBuf(ticket)))
61  << folly::hexlify(encoded->coalesce());
62 }
63 
64 TEST(TicketCodecTest, TestEncodeWithAppToken) {
65  auto cert = std::make_shared<MockSelfCert>();
66  auto rs = getTestResumptionState(cert, nullptr);
67  rs.appToken = IOBuf::copyBuffer("hello world");
68  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
69  auto encoded = TicketCodec<CertificateStorage::X509>::encode(std::move(rs));
70  EXPECT_TRUE(IOBufEqualTo()(encoded, toIOBuf(ticketWithAppToken)))
71  << folly::hexlify(encoded->coalesce());
72 }
73 
74 TEST(TicketCodecTest, TestEncodeNoAlpn) {
75  auto cert = std::make_shared<MockSelfCert>();
76  auto rs = getTestResumptionState(cert, nullptr);
77  rs.alpn = none;
78  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
79  auto encoded = TicketCodec<CertificateStorage::X509>::encode(std::move(rs));
80  EXPECT_TRUE(IOBufEqualTo()(encoded, toIOBuf(ticketNoAlpn)))
81  << folly::hexlify(encoded->coalesce());
82 }
83 
84 TEST(TicketCodecTest, TestEncodeClientAuthX509) {
85  auto cert = std::make_shared<MockSelfCert>();
86  auto peerCert = std::make_shared<MockPeerCert>();
87  auto rs = getTestResumptionState(cert, peerCert);
88  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
89  EXPECT_CALL(*peerCert, getX509()).Times(2).WillRepeatedly(Invoke([]() {
90  return getCert(kRSACertificate);
91  }));
92  auto encoded = TicketCodec<CertificateStorage::X509>::encode(std::move(rs));
93  EXPECT_TRUE(IOBufEqualTo()(encoded, toIOBuf(ticketClientAuthX509)))
94  << folly::hexlify(encoded->coalesce());
95 }
96 
97 TEST(TicketCodecTest, TestEncodeClientAuthIdentityOnly) {
98  auto cert = std::make_shared<MockSelfCert>();
99  auto peerCert = std::make_shared<MockPeerCert>();
100  auto rs = getTestResumptionState(cert, peerCert);
101  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
102  EXPECT_CALL(*peerCert, getIdentity()).WillOnce(Return("clientid"));
103  auto encoded =
104  TicketCodec<CertificateStorage::IdentityOnly>::encode(std::move(rs));
105  EXPECT_TRUE(IOBufEqualTo()(encoded, toIOBuf(ticketClientAuthIdentityOnly)))
106  << folly::hexlify(encoded->coalesce());
107 }
108 
109 TEST(TicketCodecTest, TestEncodeNoX509) {
110  auto cert = std::make_shared<MockSelfCert>();
111  auto peerCert = std::make_shared<MockPeerCert>();
112  auto rs = getTestResumptionState(cert, peerCert);
113  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
114  EXPECT_CALL(*peerCert, getX509()).WillOnce(Invoke([]() { return nullptr; }));
115  EXPECT_CALL(*peerCert, getIdentity()).WillOnce(Return("clientid"));
116  auto encoded = TicketCodec<CertificateStorage::X509>::encode(std::move(rs));
117  auto drs = TicketCodec<CertificateStorage::X509>::decode(
118  std::move(encoded), nullptr);
119  EXPECT_TRUE(drs.clientCert);
120  EXPECT_EQ(drs.clientCert->getIdentity(), "clientid");
121  EXPECT_EQ(drs.clientCert->getX509(), nullptr);
122 }
123 
124 TEST(TicketCodecTest, TestDecodeDifferentStorage) {
125  auto cert = std::make_shared<MockSelfCert>();
126  auto peerCert = std::make_shared<MockPeerCert>();
127  auto rs = getTestResumptionState(cert, peerCert);
128  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
129  EXPECT_CALL(*peerCert, getX509()).Times(2).WillRepeatedly(Invoke([]() {
130  return getCert(kRSACertificate);
131  }));
132  auto encoded = TicketCodec<CertificateStorage::X509>::encode(std::move(rs));
133  auto drs = TicketCodec<CertificateStorage::IdentityOnly>::decode(
134  std::move(encoded), nullptr);
135  EXPECT_TRUE(drs.clientCert);
136  EXPECT_EQ(drs.clientCert->getIdentity(), "Fizz");
137  EXPECT_NE(drs.clientCert->getX509(), nullptr);
138 
139  rs = getTestResumptionState(cert, peerCert);
140  EXPECT_CALL(*cert, getIdentity()).WillOnce(Return("ident"));
141  EXPECT_CALL(*peerCert, getIdentity()).WillOnce(Return("FizzIdOnly"));
142  auto encodedIdOnly =
143  TicketCodec<CertificateStorage::IdentityOnly>::encode(std::move(rs));
144  auto drsX509 = TicketCodec<CertificateStorage::X509>::decode(
145  std::move(encodedIdOnly), nullptr);
146  EXPECT_TRUE(drsX509.clientCert);
147  EXPECT_EQ(drsX509.clientCert->getIdentity(), "FizzIdOnly");
148  EXPECT_EQ(drsX509.clientCert->getX509(), nullptr);
149 }
150 
151 TEST(TicketCodecTest, TestDecode) {
152  auto rs = TicketCodec<CertificateStorage::X509>::decode(
153  toIOBuf(ticketClientAuthX509), nullptr);
154  EXPECT_EQ(rs.version, ProtocolVersion::tls_1_3);
155  EXPECT_EQ(rs.cipher, CipherSuite::TLS_AES_128_GCM_SHA256);
156  EXPECT_TRUE(IOBufEqualTo()(rs.resumptionSecret, IOBuf::copyBuffer("secret")));
157  EXPECT_EQ(rs.ticketAgeAdd, 0x44444444);
158  EXPECT_EQ(
159  rs.ticketIssueTime,
160  std::chrono::time_point<std::chrono::system_clock>(
161  std::chrono::seconds(25)));
162  EXPECT_EQ(*rs.alpn, "h2");
163  EXPECT_TRUE(rs.clientCert);
164  EXPECT_EQ(rs.clientCert->getIdentity(), "Fizz");
165 }
166 
167 TEST(TicketCodecTest, TestDecodeNoAlpn) {
168  auto rs = TicketCodec<CertificateStorage::X509>::decode(
169  toIOBuf(ticketNoAlpn), nullptr);
170  EXPECT_FALSE(rs.alpn.hasValue());
171 }
172 
173 TEST(TicketCodecTest, TestDecodeTooShort) {
174  auto buf = toIOBuf(ticket);
175  buf->trimEnd(1);
176  EXPECT_THROW(
177  TicketCodec<CertificateStorage::X509>::decode(std::move(buf), nullptr),
178  std::exception);
179 }
180 
181 TEST(TicketCodecTest, TestDecodeWithAppToken) {
182  auto rs = TicketCodec<CertificateStorage::X509>::decode(
183  toIOBuf(ticketWithAppToken), nullptr);
184  EXPECT_EQ(rs.version, ProtocolVersion::tls_1_3);
185  EXPECT_EQ(rs.cipher, CipherSuite::TLS_AES_128_GCM_SHA256);
186  EXPECT_TRUE(IOBufEqualTo()(rs.resumptionSecret, IOBuf::copyBuffer("secret")));
187  EXPECT_EQ(rs.ticketAgeAdd, 0x44444444);
188  EXPECT_EQ(
189  rs.ticketIssueTime,
190  std::chrono::time_point<std::chrono::system_clock>(
191  std::chrono::seconds(25)));
192  EXPECT_EQ(*rs.alpn, "h2");
193  EXPECT_TRUE(IOBufEqualTo()(rs.appToken, IOBuf::copyBuffer("hello world")));
194 }
195 
196 TEST(TicketCodecTest, TestDecodeWithEmptyAppToken) {
197  auto rs =
198  TicketCodec<CertificateStorage::X509>::decode(toIOBuf(ticket), nullptr);
199  EXPECT_EQ(rs.version, ProtocolVersion::tls_1_3);
200  EXPECT_EQ(rs.cipher, CipherSuite::TLS_AES_128_GCM_SHA256);
201  EXPECT_TRUE(IOBufEqualTo()(rs.resumptionSecret, IOBuf::copyBuffer("secret")));
202  EXPECT_EQ(rs.ticketAgeAdd, 0x44444444);
203  EXPECT_EQ(
204  rs.ticketIssueTime,
205  std::chrono::time_point<std::chrono::system_clock>(
206  std::chrono::seconds(25)));
207  EXPECT_EQ(*rs.alpn, "h2");
208 }
209 
210 TEST(TicketCodecTest, TestDecodeWithoutAppToken) {
211  auto rs = TicketCodec<CertificateStorage::X509>::decode(
212  toIOBuf(ticketWithoutAppToken), nullptr);
213  EXPECT_EQ(rs.version, ProtocolVersion::tls_1_3);
214  EXPECT_EQ(rs.cipher, CipherSuite::TLS_AES_128_GCM_SHA256);
215  EXPECT_TRUE(IOBufEqualTo()(rs.resumptionSecret, IOBuf::copyBuffer("secret")));
216  EXPECT_EQ(rs.ticketAgeAdd, 0x44444444);
217  EXPECT_EQ(
218  rs.ticketIssueTime,
219  std::chrono::time_point<std::chrono::system_clock>(
220  std::chrono::seconds(25)));
221  EXPECT_EQ(*rs.alpn, "h2");
222 }
223 } // namespace test
224 } // namespace server
225 } // namespace fizz
ticketClientAuthIdentityOnly
static constexpr StringPiece ticketClientAuthIdentityOnly
Definition: TicketCodecTest.cpp:31
encode
unique_ptr< IOBuf > encode(vector< HPACKHeader > &headers, HPACKEncoder &encoder)
Definition: HPACKBenchmark.cpp:22
EXPECT_THROW
#define EXPECT_THROW(statement, expected_exception)
Definition: gtest.h:1843
fizz::test::kRSACertificate
constexpr folly::StringPiece kRSACertificate
Definition: TestUtil.h:159
EXPECT_EQ
#define EXPECT_EQ(val1, val2)
Definition: gtest.h:1922
fizz::decode
TokenBindingMessage decode(folly::io::Cursor &cursor)
Definition: Types.cpp:132
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
fizz::server::ResumptionState::alpn
folly::Optional< std::string > alpn
Definition: ResumptionState.h:26
fizz::server::ResumptionState::ticketIssueTime
std::chrono::system_clock::time_point ticketIssueTime
Definition: ResumptionState.h:28
fizz::test::getCert
folly::ssl::X509UniquePtr getCert(folly::StringPiece cert)
Definition: TestUtil.cpp:48
ticketWithoutAppToken
static constexpr StringPiece ticketWithoutAppToken
Definition: TicketCodecTest.cpp:25
ticket
static constexpr StringPiece ticket
Definition: TicketCodecTest.cpp:21
fizz::test::toIOBuf
std::unique_ptr< folly::IOBuf > toIOBuf(std::string hexData, size_t headroom, size_t tailroom)
Definition: TestUtil.cpp:24
fizz::test::TEST
TEST(IOBufUtilTest, TrimBytes)
Definition: IOBufUtilTest.cpp:19
ticketNoAlpn
static constexpr StringPiece ticketNoAlpn
Definition: TicketCodecTest.cpp:27
testing::Invoke
PolymorphicAction< internal::InvokeAction< FunctionImpl > > Invoke(FunctionImpl function_impl)
Definition: gmock-more-actions.h:114
fizz::server::test::getTestResumptionState
static ResumptionState getTestResumptionState(std::shared_ptr< SelfCert > cert, std::shared_ptr< PeerCert > peerCert)
Definition: TicketCodecTest.cpp:38
fizz
Definition: Actions.h:16
ticketClientAuthX509
static constexpr StringPiece ticketClientAuthX509
Definition: TicketCodecTest.cpp:29
EXPECT_TRUE
#define EXPECT_TRUE(condition)
Definition: gtest.h:1859
EXPECT_NE
#define EXPECT_NE(val1, val2)
Definition: gtest.h:1926
EXPECT_CALL
#define EXPECT_CALL(obj, call)
Definition: gmock-spec-builders.h:1845
EXPECT_FALSE
#define EXPECT_FALSE(condition)
Definition: gtest.h:1862
fizz::server::ResumptionState::serverCert
std::shared_ptr< const Cert > serverCert
Definition: ResumptionState.h:23
folly::hexlify
bool hexlify(const InputString &input, OutputString &output, bool append_output)
Definition: String-inl.h:596
folly::IOBuf::copyBuffer
static std::unique_ptr< IOBuf > copyBuffer(const void *buf, std::size_t size, std::size_t headroom=0, std::size_t minTailroom=0)
Definition: IOBuf.h:1587
fizz::server::ResumptionState::clientCert
std::shared_ptr< const Cert > clientCert
Definition: ResumptionState.h:24
ticketWithAppToken
static constexpr StringPiece ticketWithAppToken
Definition: TicketCodecTest.cpp:23
folly::none
constexpr None none
Definition: Optional.h:87
testing::Return
internal::ReturnAction< R > Return(R value)
Definition: gmock-actions.h:1061