proxygen
ZlibCertificateCompressorTest.cpp
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree.
7  */
8 
9 #include <gtest/gtest.h>
10 
11 #include <fizz/protocol/ZlibCertificateCompressor.h>
12 #include <fizz/protocol/ZlibCertificateDecompressor.h>
13 #include <fizz/protocol/test/Matchers.h>
14 #include <fizz/protocol/test/Utilities.h>
15 #include <fizz/record/Extensions.h>
16 
17 using namespace folly;
18 using namespace testing;
19 
20 namespace fizz {
21 namespace test {
22 
23 static const std::string exampleCompressedCertificate =
24  "000100042c0003eb789c636060d1606051366862913768626267e26498f93f39"
25  "7e8f605ebf012f1ba7569b47db775e46466e56068360436e034e36e650163661"
26  "a6d0604351036110879d87c725352db134a744c139b3a4d250c6400a24ccc523"
27  "0c17cecf2d48ccab54f0294931e4071a0a9465e6614bcbcf4f4a2c329013e735"
28  "b4303031303332323030348b02722d0d2c0c2da15c83002a58ca63c005b19439"
29  "29b1caa0895109d9678cac0ccc4d8cfc0c40712ea626464686ad0725bf5ebfe9"
30  "ea73f57070b2b8d0269302d9cf070d4c97337c9db7c286bdaa5dd1a5cb7c51e7"
31  "dfbeb83b8f336c77aaadfe2ab76daea18bad81eac3c7f2066d754725b938b7f1"
32  "4fbf9bf04c216f82b56fd62fe1da45afcba2b2f403a719bb097a2838ac57b14a"
33  "7bdb646575eee1e48f9f2a35038c37d42dd22bf4894ff97afde59bc6b0b0b2e7"
34  "3d126c31778fbf48fe16d23677c3f1e507c5a424984a6f3a36ee5cd45a74e161"
35  "c19590a6f4a79b2b84f61c9bc8a82439a32c7a57aa5aceae2f96caf7967f68e7"
36  "e44c0f2a5da3f8fef9de9947a7cffa1f94f5769f87a6b666fc8408a5067bf60f"
37  "da7bd5b8a33ecc9e79de78fad7d58a8f7e6f5a70e9cf59cbbdced7add504bb82"
38  "db5ed96eeb886762666460448b7be626264606d349c1b3b62edb93dd7babebda"
39  "63e92d2e4eaa6e17b51eef2967e8abe4c8cf9870d9d35abfb7b3d88ec9741dbf"
40  "c0535fe16975eaccebca5872b50c0355677bd5599f5c70746af204dbbff27b1e"
41  "efd835ffebcafef7ecdb5e3489d4fc5c5a74c82dc14eabbea0d0db3db130f71c"
42  "9b9c1ceb92b3bde61f0f0a54f855feaf9ba8c4f7f9a6b44de0bc76fdd01b7526"
43  "27f2597244eb6e1e4a51fbf8efa6884c42e26cb139130d6f4c381054f5fad9df"
44  "e22f37d8aab772db8b484c39e7d1313565c1bf747b3bf7927576295b1718d9f7"
45  "5ede1477e9cbc323fb7eba7eeede10dbefd1fe8eb158c2eb7d74e776eb9a39e9"
46  "73271cd0d4e9b8e97f6ac2a97d3f6fe932ca4ebeba7db14ed9f6d9afaee884b4"
47  "cab9996d2aebbc72ef6f6394d3a7b6df223921ae513273cf7dea7b5ffb82fba8"
48  "2bdb3481f86a69ebda34e987ab93184ae51f3b78b847ac2fe37e3bedfcde94f3"
49  "8b8f31771d14b73349709badbddbc7dcc6c8343de6e2d73d9f9ff1bfbbb62fd0"
50  "99b995a7777e7a641097c2939a392afff3ef46d847b95f3a3f215fabc4b23a67"
51  "cb258f4e45075ff5fff78ea6e464aed2f8a598eed2e11522afed159a3529dc27"
52  "3ae0fe5f0581f3f7e4f3fb9f5efc3d4f243b93e7c1e660bb45f6567f0fffeee5"
53  "fb5e1729f6537b91c6a4e5b1b681a577b9ab4495b2367589da3d3bf5ab6555db"
54  "8ef697afdf74f5cfd7e959909df6b765dfbf6f337ff64b593f0fb7086869d5d5"
55  "bd6acc5ddbc6343df756f7060606001965b3f9";
56 
57 static const std::string tooLargeCompressedCertificate =
58  "0001400000000FF778daedc18100000000c320cff9831ce45501000000000000"
59  "0000000000000000000000000000000000000000000000000000000000000000"
60  "0000000000000000000000000000000000000000000000000000000000000000"
61  "0000000000000000000000000000000000000000000000000000000000000000"
62  "0000000000000000000000000000000000000000000000000000000000000000"
63  "0000000000000000000000000000000000000000000000000000000000000000"
64  "0000000000000000000000000000000000000000000000000000000000000000"
65  "0000000000000000000000000000000000000000000000000000000000000000"
66  "0000000000000000000000000000000000000000000000000000000000000000"
67  "0000000000000000000000000000000000000000000000000000000000000000"
68  "0000000000000000000000000000000000000000000000000000000000000000"
69  "0000000000000000000000000000000000000000000000000000000000000000"
70  "0000000000000000000000000000000000000000000000000000000000000000"
71  "0000000000000000000000000000000000000000000000000000000000000000"
72  "0000000000000000000000000000000000000000000000000000000000000000"
73  "0000000000000000000000000000000000000000000000000000000000000000"
74  "0000000000000000000000000000000000000000000000000000000000000000"
75  "0000000000000000000000000000000000000000000000000000000000000000"
76  "0000000000000000000000000000000000000000000000000000000000000000"
77  "0000000000000000000000000000000000000000000000000000000000000000"
78  "0000000000000000000000000000000000000000000000000000000000000000"
79  "0000000000000000000000000000000000000000000000000000000000000000"
80  "0000000000000000000000000000000000000000000000000000000000000000"
81  "0000000000000000000000000000000000000000000000000000000000000000"
82  "0000000000000000000000000000000000000000000000000000000000000000"
83  "0000000000000000000000000000000000000000000000000000000000000000"
84  "0000000000000000000000000000000000000000000000000000000000000000"
85  "0000000000000000000000000000000000000000000000000000000000000000"
86  "0000000000000000000000000000000000000000000000000000000000000000"
87  "0000000000000000000000000000000000000000000000000000000000000000"
88  "0000000000000000000000000000000000000000000000000000000000000000"
89  "0000000000000000000000000000000000000000000000000000000000000000"
90  "0000000000000000000000000000000000000000000000000000000000000000"
91  "0000000000000000000000000000000000000000000000000000000000000000"
92  "0000000000000000000000000000000000000000000000000000000000000000"
93  "0000000000000000000000000000000000000000000000000000000000000000"
94  "0000000000000000000000000000000000000000000000000000000000000000"
95  "0000000000000000000000000000000000000000000000000000000000000000"
96  "0000000000000000000000000000000000000000000000000000000000000000"
97  "0000000000000000000000000000000000000000000000000000000000000000"
98  "0000000000000000000000000000000000000000000000000000000000000000"
99  "0000000000000000000000000000000000000000000000000000000000000000"
100  "0000000000000000000000000000000000000000000000000000000000000000"
101  "0000000000000000000000000000000000000000000000000000000000000000"
102  "0000000000000000000000000000000000000000000000000000000000000000"
103  "0000000000000000000000000000000000000000000000000000000000000000"
104  "0000000000000000000000000000000000000000000000000000000000000000"
105  "0000000000000000000000000000000000000000000000000000000000000000"
106  "0000000000000000000000000000000000000000000000000000000000000000"
107  "0000000000000000000000000000000000000000000000000000000000000000"
108  "0000000000000000000000000000000000000000000000000000000000000000"
109  "0000000000000000000000000000000000000000000000000000000000000000"
110  "0000000000000000000000000000000000000000000000000000000000000000"
111  "0000000000000000000000000000000000000000000000000000000000000000"
112  "0000000000000000000000000000000000000000000000000000000000000000"
113  "0000000000000000000000000000000000000000000000000000000000000000"
114  "0000000000000000000000000000000000000000000000000000000000000000"
115  "0000000000000000000000000000000000000000000000000000000000000000"
116  "0000000000000000000000000000000000000000000000000000000000000000"
117  "0000000000000000000000000000000000000000000000000000000000000000"
118  "0000000000000000000000000000000000000000000000000000000000000000"
119  "0000000000000000000000000000000000000000000000000000000000000000"
120  "0000000000000000000000000000000000000000000000000000000000000000"
121  "0000000000000000000000000000000000000000000000000000000000000000"
122  "0000000000000000000000000000000000000000000000000000000000000000"
123  "0000000000000000000000000000000000000000000000000000000000000000"
124  "0000000000000000000000000000000000000000000000000000000000000000"
125  "0000000000000000000000000000000000000000000000000000000000000000"
126  "0000000000000000000000000000000000000000000000000000000000000000"
127  "0000000000000000000000000000000000000000000000000000000000000000"
128  "0000000000000000000000000000000000000000000000000000000000000000"
129  "0000000000000000000000000000000000000000000000000000000000000000"
130  "0000000000000000000000000000000000000000000000000000000000000000"
131  "0000000000000000000000000000000000000000000000000000000000000000"
132  "0000000000000000000000000000000000000000000000000000000000000000"
133  "0000000000000000000000000000000000000000000000000000000000000000"
134  "0000000000000000000000000000000000000000000000000000000000000000"
135  "0000000000000000000000000000000000000000000000000000000000000000"
136  "0000000000000000000000000000000000000000000000000000000000000000"
137  "0000000000000000000000000000000000000000000000000000000000000000"
138  "0000000000000000000000000000000000000000000000000000000000000000"
139  "0000000000000000000000000000000000000000000000000000000000000000"
140  "0000000000000000000000000000000000000000000000000000000000000000"
141  "0000000000000000000000000000000000000000000000000000000000000000"
142  "0000000000000000000000000000000000000000000000000000000000000000"
143  "0000000000000000000000000000000000000000000000000000000000000000"
144  "0000000000000000000000000000000000000000000000000000000000000000"
145  "0000000000000000000000000000000000000000000000000000000000000000"
146  "0000000000000000000000000000000000000000000000000000000000000000"
147  "0000000000000000000000000000000000000000000000000000000000000000"
148  "0000000000000000000000000000000000000000000000000000000000000000"
149  "0000000000000000000000000000000000000000000000000000000000000000"
150  "0000000000000000000000000000000000000000000000000000000000000000"
151  "0000000000000000000000000000000000000000000000000000000000000000"
152  "0000000000000000000000000000000000000000000000000000000000000000"
153  "0000000000000000000000000000000000000000000000000000000000000000"
154  "0000000000000000000000000000000000000000000000000000000000000000"
155  "0000000000000000000000000000000000000000000000000000000000000000"
156  "0000000000000000000000000000000000000000000000000000000000000000"
157  "0000000000000000000000000000000000000000000000000000000000000000"
158  "0000000000000000000000000000000000000000000000000000000000000000"
159  "0000000000000000000000000000000000000000000000000000000000000000"
160  "0000000000000000000000000000000000000000000000000000000000000000"
161  "0000000000000000000000000000000000000000000000000000000000000000"
162  "0000000000000000000000000000000000000000000000000000000000000000"
163  "0000000000000000000000000000000000000000000000000000000000000000"
164  "0000000000000000000000000000000000000000000000000000000000000000"
165  "0000000000000000000000000000000000000000000000000000000000000000"
166  "0000000000000000000000000000000000000000000000000000000000000000"
167  "0000000000000000000000000000000000000000000000000000000000000000"
168  "0000000000000000000000000000000000000000000000000000000000000000"
169  "0000000000000000000000000000000000000000000000000000000000000000"
170  "0000000000000000000000000000000000000000000000000000000000000000"
171  "0000000000000000000000000000000000000000000000000000000000000000"
172  "0000000000000000000000000000000000000000000000000000000000000000"
173  "0000000000000000000000000000000000000000000000000000000000000000"
174  "0000000000000000000000000000000000000000000000000000000000000000"
175  "0000000000000000000000000000000000000000000000000000000000000000"
176  "0000000000000000000000000000000000000000000000000000000000000000"
177  "0000000000000000000000000000000000000000000000000000000000000000"
178  "0000000000000000000000000000000000000000000000000000000000000000"
179  "0000000000000000000000000000000000000000000000000000000000000000"
180  "0000000000000000000000000000000000000000000000000000000000000000"
181  "0000000000000000000000000000000000000000000000000000000000000000"
182  "0000000000000000000000000000000000000000000000000000000000000000"
183  "0000000000000000000000000000000000000000000000000000000000000000"
184  "0000000000000000000000000000000000000000000000000000000000000000"
185  "000000000000000000000000000000000000000000000000007c1ba1975190";
186 class ZlibCertificateCompressorTest : public testing::Test {
187  public:
188  void SetUp() override {
189  OpenSSL_add_all_algorithms();
190  compressor_ = std::make_unique<ZlibCertificateCompressor>(9);
191  decompressor_ = std::make_unique<ZlibCertificateDecompressor>();
192  }
193 
194  void TearDown() override {}
195 
196  protected:
197  template <class T>
198  T decodeHex(const std::string& hex) {
199  auto data = unhexlify(hex);
200  auto buf = IOBuf::copyBuffer(data.data(), data.size());
201  return decode<T>(std::move(buf));
202  }
203 
204  template <class T>
205  std::string encodeHex(T&& msg) {
206  auto buf = encode(std::forward<T>(msg));
207  auto str = buf->moveToFbString().toStdString();
208  return hexlify(str);
209  }
210  std::unique_ptr<ZlibCertificateCompressor> compressor_;
211  std::unique_ptr<ZlibCertificateDecompressor> decompressor_;
212 };
213 
214 TEST_F(ZlibCertificateCompressorTest, TestCompressDecompress) {
215  auto certAndKey = createCert("fizz-selfsigned", false, nullptr);
216  std::vector<folly::ssl::X509UniquePtr> certs;
217  certs.push_back(std::move(certAndKey.cert));
218  auto cert =
219  CertUtils::makeSelfCert(std::move(certs), std::move(certAndKey.key));
220  auto certMsg = cert->getCertMessage();
221 
222  // Add extension
223  CertificateAuthorities auth;
224  DistinguishedName dn;
225  dn.encoded_name = IOBuf::copyBuffer("DistinguishedName");
226  auth.authorities.push_back(std::move(dn));
227  certMsg.certificate_list[0].extensions.push_back(encodeExtension(auth));
228 
229  auto compressedCertMsg = compressor_->compress(certMsg);
230  EXPECT_EQ(compressedCertMsg.algorithm, CertificateCompressionAlgorithm::zlib);
231 
232  auto decompressedCertMsg = decompressor_->decompress(compressedCertMsg);
233  EXPECT_TRUE(decompressedCertMsg.certificate_request_context->empty());
234  EXPECT_EQ(decompressedCertMsg.certificate_list.size(), 1);
235  auto& certEntry = decompressedCertMsg.certificate_list.at(0);
236  EXPECT_EQ(certEntry.extensions.size(), 1);
237  auto decompressedPeer = CertUtils::makePeerCert(certEntry.cert_data->clone());
238  EXPECT_EQ(decompressedPeer->getIdentity(), cert->getIdentity());
239 
240  EXPECT_TRUE(IOBufEqualTo()(encode(certMsg), encode(decompressedCertMsg)));
241 }
242 
243 TEST_F(ZlibCertificateCompressorTest, TestHugeCompressedCert) {
244  auto cc = decodeHex<CompressedCertificate>(tooLargeCompressedCertificate);
245 
246  try {
247  decompressor_->decompress(cc);
248  FAIL() << "Decompressor decompressed excessively large cert";
249  } catch (const std::exception& e) {
250  EXPECT_THAT(
251  e.what(), HasSubstr("exceeds maximum certificate message size"));
252  }
253 
254  // Lie about size, should still error.
255  cc.uncompressed_length = 64;
256 
257  try {
258  decompressor_->decompress(cc);
259  FAIL() << "Decompressor decompressed cert erroneously";
260  } catch (const std::exception& e) {
261  EXPECT_THAT(e.what(), HasSubstr("uncompressed length given is too small"));
262  }
263 }
264 
265 TEST_F(ZlibCertificateCompressorTest, TestBadMessages) {
266  auto compressedCert =
267  decodeHex<CompressedCertificate>(exampleCompressedCertificate);
268  auto actual = compressedCert.uncompressed_length;
269 
270  // Lie about having a larger cert.
271  compressedCert.uncompressed_length = actual + 1;
272  try {
273  decompressor_->decompress(compressedCert);
274  FAIL() << "Decompressor decompressed cert erroneously";
275  } catch (const std::exception& e) {
276  EXPECT_THAT(e.what(), HasSubstr("Uncompressed length incorrect"));
277  }
278 
279  // Truncate length
280  compressedCert.uncompressed_length = actual - 1;
281  try {
282  decompressor_->decompress(compressedCert);
283  FAIL() << "Decompressor decompressed cert erroneously";
284  } catch (const std::exception& e) {
285  EXPECT_THAT(e.what(), HasSubstr("uncompressed length given is too small"));
286  }
287 
288  // Bad algorithm value
289  compressedCert.uncompressed_length = actual;
290  compressedCert.algorithm = (CertificateCompressionAlgorithm)0xdead;
291  try {
292  decompressor_->decompress(compressedCert);
293  FAIL() << "Decompressor decompressed cert erroneously";
294  } catch (const std::exception& e) {
295  EXPECT_THAT(e.what(), HasSubstr("non-zlib algorithm"));
296  }
297 }
298 
299 } // namespace test
300 } // namespace fizz
fizz::test::ZlibCertificateCompressorTest::decompressor_
std::unique_ptr< ZlibCertificateDecompressor > decompressor_
Definition: ZlibCertificateCompressorTest.cpp:211
folly::unhexlify
bool unhexlify(const InputString &input, OutputString &output)
Definition: String-inl.h:616
encode
unique_ptr< IOBuf > encode(vector< HPACKHeader > &headers, HPACKEncoder &encoder)
Definition: HPACKBenchmark.cpp:22
FAIL
#define FAIL()
Definition: gtest.h:1822
fizz::CertificateCompressionAlgorithm
CertificateCompressionAlgorithm
Definition: Types.h:167
EXPECT_EQ
#define EXPECT_EQ(val1, val2)
Definition: gtest.h:1922
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
folly::T
folly::std T
cc
The non test part of the code is expected to have failures gtest_output_test_ cc
Definition: gtest_output_test_golden_lin.txt:10
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
fizz::test::ZlibCertificateCompressorTest::compressor_
std::unique_ptr< ZlibCertificateCompressor > compressor_
Definition: ZlibCertificateCompressorTest.cpp:210
testing::HasSubstr
PolymorphicMatcher< internal::HasSubstrMatcher< internal::string > > HasSubstr(const internal::string &substring)
Definition: gmock-matchers.h:3984
folly::data
constexpr auto data(C &c) -> decltype(c.data())
Definition: Access.h:71
fizz
Definition: Actions.h:16
folly::TEST_F
TEST_F(AsyncSSLSocketWriteTest, write_coalescing1)
Definition: AsyncSSLSocketWriteTest.cpp:120
EXPECT_TRUE
#define EXPECT_TRUE(condition)
Definition: gtest.h:1859
EXPECT_THAT
#define EXPECT_THAT(value, matcher)
Definition: gmock-matchers.h:4390
fizz::test::createCert
CertAndKey createCert(std::string cn, bool ca, CertAndKey *issuer)
Definition: Utilities.h:35
string
const char * string
Definition: Conv.cpp:212
fizz::test::exampleCompressedCertificate
static const std::string exampleCompressedCertificate
Definition: ZlibCertificateCompressorTest.cpp:23
fizz::CertificateAuthorities::authorities
std::vector< DistinguishedName > authorities
Definition: Extensions.h:137
fizz::encodeExtension
Extension encodeExtension(const TokenBindingParameters &params)
Definition: Types.cpp:113
folly::hexlify
bool hexlify(const InputString &input, OutputString &output, bool append_output)
Definition: String-inl.h:596
folly::IOBuf::copyBuffer
static std::unique_ptr< IOBuf > copyBuffer(const void *buf, std::size_t size, std::size_t headroom=0, std::size_t minTailroom=0)
Definition: IOBuf.h:1587
fizz::test::tooLargeCompressedCertificate
static const std::string tooLargeCompressedCertificate
Definition: ZlibCertificateCompressorTest.cpp:57