// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/ssl/ssl_platform_key_android.h"
#include <string>
#include "base/android/jni_android.h"
#include "base/android/jni_array.h"
#include "base/android/scoped_java_ref.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "net/android/keystore.h"
#include "net/cert/x509_certificate.h"
#include "net/ssl/ssl_private_key.h"
#include "net/ssl/ssl_private_key_test_util.h"
#include "net/test/cert_test_util.h"
#include "net/test/test_data_directory.h"
#include "net/test/test_with_task_environment.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"
// Must come after all headers that specialize FromJniType() / ToJniType().
#include "net/android/net_tests_jni/AndroidKeyStoreTestUtil_jni.h"
namespace net {
namespace {
typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava;
bool ReadTestFile(const char* filename, std::string* pkcs8) {
base::FilePath certs_dir = GetTestCertsDirectory();
base::FilePath file_path = certs_dir.AppendASCII(filename);
return base::ReadFileToString(file_path, pkcs8);
}
// Retrieve a JNI local ref from encoded PKCS#8 data.
ScopedJava GetPKCS8PrivateKeyJava(android::PrivateKeyType key_type,
const std::string& pkcs8_key) {
JNIEnv* env = base::android::AttachCurrentThread();
base::android::ScopedJavaLocalRef<jbyteArray> bytes =
base::android::ToJavaByteArray(env, pkcs8_key);
ScopedJava key(Java_AndroidKeyStoreTestUtil_createPrivateKeyFromPKCS8(
env, key_type, bytes));
return key;
}
struct TestKey {
const char* name;
const char* cert_file;
const char* key_file;
int type;
android::PrivateKeyType android_key_type;
};
const TestKey kTestKeys[] = {
{"RSA", "client_1.pem", "client_1.pk8", EVP_PKEY_RSA,
android::PRIVATE_KEY_TYPE_RSA},
{"ECDSA_P256", "client_4.pem", "client_4.pk8", EVP_PKEY_EC,
android::PRIVATE_KEY_TYPE_ECDSA},
{"ECDSA_P384", "client_5.pem", "client_5.pk8", EVP_PKEY_EC,
android::PRIVATE_KEY_TYPE_ECDSA},
{"ECDSA_P521", "client_6.pem", "client_6.pk8", EVP_PKEY_EC,
android::PRIVATE_KEY_TYPE_ECDSA},
};
std::string TestKeyToString(const testing::TestParamInfo<TestKey>& params) {
return params.param.name;
}
} // namespace
class SSLPlatformKeyAndroidTest : public testing::TestWithParam<TestKey>,
public WithTaskEnvironment {};
TEST_P(SSLPlatformKeyAndroidTest, Matches) {
const TestKey& test_key = GetParam();
scoped_refptr<X509Certificate> cert =
ImportCertFromFile(GetTestCertsDirectory(), test_key.cert_file);
ASSERT_TRUE(cert);
std::string key_bytes;
ASSERT_TRUE(ReadTestFile(test_key.key_file, &key_bytes));
ScopedJava java_key =
GetPKCS8PrivateKeyJava(test_key.android_key_type, key_bytes);
ASSERT_FALSE(java_key.is_null());
scoped_refptr<SSLPrivateKey> key = WrapJavaPrivateKey(cert.get(), java_key);
ASSERT_TRUE(key);
EXPECT_EQ(SSLPrivateKey::DefaultAlgorithmPreferences(test_key.type,
true /* supports_pss */),
key->GetAlgorithmPreferences());
TestSSLPrivateKeyMatches(key.get(), key_bytes);
}
INSTANTIATE_TEST_SUITE_P(All,
SSLPlatformKeyAndroidTest,
testing::ValuesIn(kTestKeys),
TestKeyToString);
TEST(SSLPlatformKeyAndroidSigAlgTest, SignatureAlgorithmsToJavaKeyTypes) {
const struct {
std::vector<uint16_t> algorithms;
std::vector<std::string> expected_key_types;
} kTests[] = {
{{SSL_SIGN_RSA_PKCS1_SHA256, SSL_SIGN_RSA_PSS_RSAE_SHA384,
SSL_SIGN_ECDSA_SECP256R1_SHA256, SSL_SIGN_RSA_PKCS1_SHA512,
SSL_SIGN_ED25519},
{"RSA", "EC"}},
{{SSL_SIGN_RSA_PSS_RSAE_SHA256}, {"RSA"}},
{{SSL_SIGN_RSA_PKCS1_SHA256}, {"RSA"}},
{{SSL_SIGN_ECDSA_SECP256R1_SHA256}, {"EC"}},
{{SSL_SIGN_ECDSA_SECP384R1_SHA384}, {"EC"}},
// Android doesn't document a Java key type corresponding to Ed25519, so
// for now we ignore it.
{{SSL_SIGN_ED25519}, {}},
// Unknown algorithm.
{{0xffff}, {}},
// Test the empty list.
{{}, {}},
};
for (const auto& t : kTests) {
EXPECT_EQ(SignatureAlgorithmsToJavaKeyTypes(t.algorithms),
t.expected_key_types);
}
}
} // namespace net
Codebase Browser
chromium