folly/ssl/test/OpenSSLCertUtilsTest.cpp

   1 /*
   2  * Copyright 2017 Facebook, Inc.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *   http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include <folly/ssl/OpenSSLCertUtils.h>
  18
  19 #include <openssl/bio.h>
  20 #include <openssl/evp.h>
  21
  22 #include <folly/Range.h>
  23 #include <folly/String.h>
  24 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
  25 #include <folly/portability/GTest.h>
  26 #include <folly/portability/OpenSSL.h>
  27
  28 using namespace testing;
  29 using namespace folly;
  30
  31 const char* kTestCertWithoutSan = "folly/io/async/test/certs/tests-cert.pem";
  32
  33 // Test key
  34 // -----BEGIN EC PRIVATE KEY-----
  35 // MHcCAQEEIBskFwVZ9miFN+SKCFZPe9WEuFGmP+fsecLUnsTN6bOcoAoGCCqGSM49
  36 // AwEHoUQDQgAE7/f4YYOYunAM/VkmjDYDg3AWUgyyTIraWmmQZsnu0bYNV/lLLfNz
  37 // CtHggxGSwEtEe40nNb9C8wQmHUvb7VBBlw==
  38 // -----END EC PRIVATE KEY-----
  39 const std::string kTestCertWithSan = folly::stripLeftMargin(R"(
  40   -----BEGIN CERTIFICATE-----
  41   MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEL
  42   MAkGA1UECAwCQ0ExDTALBgNVBAoMBEFzb3gxJTAjBgNVBAMMHEFzb3ggQ2VydGlm
  43   aWNhdGlvbiBBdXRob3JpdHkwHhcNMTcwMjEzMjMyMTAzWhcNNDQwNzAxMjMyMTAz
  44   WjAwMQswCQYDVQQGEwJVUzENMAsGA1UECgwEQXNveDESMBAGA1UEAwwJMTI3LjAu
  45   MC4xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7/f4YYOYunAM/VkmjDYDg3AW
  46   UgyyTIraWmmQZsnu0bYNV/lLLfNzCtHggxGSwEtEe40nNb9C8wQmHUvb7VBBl6OC
  47   ASowggEmMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJh
  48   dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRx1kmdZEfXHmWLHpSDI0Lh8hmfwzAf
  49   BgNVHSMEGDAWgBQX3ykJKb97nxp/6UZJyDvts7noezAxBgNVHREEKjAoghJhbm90
  50   aGVyZXhhbXBsZS5jb22CEioudGhpcmRleGFtcGxlLmNvbTB4BggrBgEFBQcBAQRs
  51   MGowaAYIKwYBBQUHMAKGXGh0dHBzOi8vcGhhYnJpY2F0b3IuZmIuY29tL2RpZmZ1
  52   c2lvbi9GQkNPREUvYnJvd3NlL21hc3Rlci90aS90ZXN0X2NlcnRzL2NhX2NlcnQu
  53   cGVtP3ZpZXc9cmF3MA0GCSqGSIb3DQEBCwUAA4IBAQCj3FLjLMLudaFDiYo9pAPQ
  54   NBYNpG27aajQCvnEsYaMAGnNBxUUhv/E4xpnJEhatiCJWlPgGebdjXkpXYkLxnFj
  55   38UmpfZbNcvPPKxXmjIlkpYeFwcHTAUpFmMXVHdr8FjkDSN+qWHLllMFNAAqp0U6
  56   4VWjDlq9xCjzNw+8fdcEpwylpPrbNyQHqSO1k+DhM2qPuQfiWPmHe2PbJv8JB3no
  57   HWGi9SNe0FjtJM3066L0Gj8g/bFDo/pnyKguQyGkS7PaepK5/u5Y2fMMBO/m4+U0
  58   b9Yb0TvatsqL688CoZcSn73A0yAjptwbD/4HmcVlG2j/y8eTVpXisugu6Xz+QQGu
  59   -----END CERTIFICATE-----
  60 )");
  61
  62 static folly::ssl::X509UniquePtr readCertFromFile(const std::string& filename) {
  63   folly::ssl::BioUniquePtr bio(BIO_new(BIO_s_file()));
  64   if (!bio) {
  65     throw std::runtime_error("Couldn't create BIO");
  66   }
  67
  68   if (BIO_read_filename(bio.get(), filename.c_str()) != 1) {
  69     throw std::runtime_error("Couldn't read cert file: " + filename);
  70   }
  71   return folly::ssl::X509UniquePtr(
  72       PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
  73 }
  74
  75 static folly::ssl::X509UniquePtr readCertFromData(
  76     const folly::StringPiece data) {
  77   folly::ssl::BioUniquePtr bio(BIO_new_mem_buf(data.data(), data.size()));
  78   if (!bio) {
  79     throw std::runtime_error("Couldn't create BIO");
  80   }
  81   return folly::ssl::X509UniquePtr(
  82       PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
  83 }
  84
  85 TEST(OpenSSLCertUtilsTest, TestX509CN) {
  86   OpenSSL_add_all_algorithms();
  87
  88   auto x509 = readCertFromFile(kTestCertWithoutSan);
  89   EXPECT_NE(x509, nullptr);
  90   auto identity = folly::ssl::OpenSSLCertUtils::getCommonName(*x509);
  91   EXPECT_EQ(identity.value(), "Asox Company");
  92   auto sans = folly::ssl::OpenSSLCertUtils::getSubjectAltNames(*x509);
  93   EXPECT_EQ(sans.size(), 0);
  94 }
  95
  96 TEST(OpenSSLCertUtilsTest, TestX509Sans) {
  97   OpenSSL_add_all_algorithms();
  98
  99   auto x509 = readCertFromData(kTestCertWithSan);
 100   EXPECT_NE(x509, nullptr);
 101   auto identity = folly::ssl::OpenSSLCertUtils::getCommonName(*x509);
 102   EXPECT_EQ(identity.value(), "127.0.0.1");
 103   auto altNames = folly::ssl::OpenSSLCertUtils::getSubjectAltNames(*x509);
 104   EXPECT_EQ(altNames.size(), 2);
 105   EXPECT_EQ(altNames[0], "anotherexample.com");
 106   EXPECT_EQ(altNames[1], "*.thirdexample.com");
 107 }