Ghost552/FoxiGram
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions 1
FoxiGram/TMessagesProj/jni/boringssl/pki/ocsp_unittest.cc
instant992 8e79f2ee9c FoxiGram: Telegram client with built-in Xray VLESS proxy 
Based on Nekogram. Key additions:
- Rebrand to FoxiGram (app name, APK name, applicationId com.foxigram.app)
- Embedded Xray (VLESS+Reality) proxy client via JNI libxray.so
- Bundled hidden one-tap proxies (LTE + WiFi), read-only in UI
- Auto-restore proxy on restart, rebind to active network (LTE/WiFi)
- Server credentials externalized to git-ignored XrayServers.java (+ template)
- libxray Go source included; compiled .so, keystore, google-services.json ignored
2026-06-08 16:41:07 +04:00

252 lines
8.1 KiB
C++
Raw Blame History

// Copyright 2016 The Chromium Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "ocsp.h"
#include <gtest/gtest.h>
#include <openssl/base64.h>
#include <openssl/pool.h>
#include "encode_values.h"
#include "string_util.h"
#include "test_helpers.h"
BSSL_NAMESPACE_BEGIN
namespace {
constexpr int64_t kOCSPAgeOneWeek = 7 * 24 * 60 * 60;
std::string GetFilePath(const std::string &file_name) {
return std::string("testdata/ocsp_unittest/") + file_name;
}
std::shared_ptr<const ParsedCertificate> ParseCertificate(
std::string_view data) {
CertErrors errors;
return ParsedCertificate::Create(
bssl::UniquePtr<CRYPTO_BUFFER>(
CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t *>(data.data()),
data.size(), nullptr)),
{}, &errors);
}
struct TestParams {
const char *file_name;
OCSPRevocationStatus expected_revocation_status;
OCSPVerifyResult::ResponseStatus expected_response_status;
};
class CheckOCSPTest : public ::testing::TestWithParam<TestParams> {};
const TestParams kTestParams[] = {
{"good_response.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"good_response_sha256.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"no_response.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::NO_MATCHING_RESPONSE},
{"malformed_request.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::ERROR_RESPONSE},
{"bad_status.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::PARSE_RESPONSE_ERROR},
{"bad_ocsp_type.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::PARSE_RESPONSE_ERROR},
{"bad_signature.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::PROVIDED},
{"ocsp_sign_direct.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"ocsp_sign_indirect.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"ocsp_sign_indirect_missing.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::PROVIDED},
{"ocsp_sign_bad_indirect.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::PROVIDED},
{"ocsp_extra_certs.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"has_version.pem", OCSPRevocationStatus::GOOD, OCSPVerifyResult::PROVIDED},
{"responder_name.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"responder_id.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"has_extension.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"good_response_next_update.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"revoke_response.pem", OCSPRevocationStatus::REVOKED,
OCSPVerifyResult::PROVIDED},
{"revoke_response_reason.pem", OCSPRevocationStatus::REVOKED,
OCSPVerifyResult::PROVIDED},
{"unknown_response.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::PROVIDED},
{"multiple_response.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::PROVIDED},
{"other_response.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::NO_MATCHING_RESPONSE},
{"has_single_extension.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"has_critical_single_extension.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::UNHANDLED_CRITICAL_EXTENSION},
{"has_critical_response_extension.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::UNHANDLED_CRITICAL_EXTENSION},
{"has_critical_ct_extension.pem", OCSPRevocationStatus::GOOD,
OCSPVerifyResult::PROVIDED},
{"missing_response.pem", OCSPRevocationStatus::UNKNOWN,
OCSPVerifyResult::NO_MATCHING_RESPONSE},
};
// Parameterised test name generator for tests depending on RenderTextBackend.
struct PrintTestName {
std::string operator()(const testing::TestParamInfo<TestParams> &info) const {
std::string_view name(info.param.file_name);
// Strip ".pem" from the end as GTest names cannot contain period.
name.remove_suffix(4);
return std::string(name);
}
};
INSTANTIATE_TEST_SUITE_P(All, CheckOCSPTest, ::testing::ValuesIn(kTestParams),
PrintTestName());
TEST_P(CheckOCSPTest, FromFile) {
const TestParams &params = GetParam();
std::string ocsp_data;
std::string ca_data;
std::string cert_data;
std::string request_data;
const PemBlockMapping mappings[] = {
{"OCSP RESPONSE", &ocsp_data},
{"CA CERTIFICATE", &ca_data},
{"CERTIFICATE", &cert_data},
{"OCSP REQUEST", &request_data},
};
ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(params.file_name), mappings));
// Mar 5 00:00:00 2017 GMT
int64_t kVerifyTime = 1488672000;
// Test that CheckOCSP() works.
OCSPVerifyResult::ResponseStatus response_status;
OCSPRevocationStatus revocation_status =
CheckOCSP(ocsp_data, cert_data, ca_data, kVerifyTime, kOCSPAgeOneWeek,
&response_status);
EXPECT_EQ(params.expected_revocation_status, revocation_status);
EXPECT_EQ(params.expected_response_status, response_status);
// Check that CreateOCSPRequest() works.
std::shared_ptr<const ParsedCertificate> cert = ParseCertificate(cert_data);
ASSERT_TRUE(cert);
std::shared_ptr<const ParsedCertificate> issuer = ParseCertificate(ca_data);
ASSERT_TRUE(issuer);
std::vector<uint8_t> encoded_request;
ASSERT_TRUE(CreateOCSPRequest(cert.get(), issuer.get(), &encoded_request));
EXPECT_EQ(der::Input(encoded_request), der::Input(request_data));
}
std::string_view kGetURLTestParams[] = {
"http://www.example.com/",
"http://www.example.com/path/",
"http://www.example.com/path",
"http://www.example.com/path?query"
"http://user:pass@www.example.com/path?query",
};
class CreateOCSPGetURLTest : public ::testing::TestWithParam<std::string_view> {
};
INSTANTIATE_TEST_SUITE_P(All, CreateOCSPGetURLTest,
::testing::ValuesIn(kGetURLTestParams));
TEST_P(CreateOCSPGetURLTest, Basic) {
std::string ca_data;
std::string cert_data;
std::string request_data;
const PemBlockMapping mappings[] = {
{"CA CERTIFICATE", &ca_data},
{"CERTIFICATE", &cert_data},
{"OCSP REQUEST", &request_data},
};
// Load one of the test files. (Doesn't really matter which one as
// constructing the DER is tested elsewhere).
ASSERT_TRUE(
ReadTestDataFromPemFile(GetFilePath("good_response.pem"), mappings));
std::shared_ptr<const ParsedCertificate> cert = ParseCertificate(cert_data);
ASSERT_TRUE(cert);
std::shared_ptr<const ParsedCertificate> issuer = ParseCertificate(ca_data);
ASSERT_TRUE(issuer);
std::optional<std::string> url =
CreateOCSPGetURL(cert.get(), issuer.get(), GetParam());
ASSERT_TRUE(url);
// Try to extract the encoded data and compare against |request_data|.
//
// A known answer output test would be better as this just reverses the logic
// from the implementation file.
std::string b64 = url->substr(GetParam().size() + 1);
// Hex un-escape the data.
b64 = bssl::string_util::FindAndReplace(b64, "%2B", "+");
b64 = bssl::string_util::FindAndReplace(b64, "%2F", "/");
b64 = bssl::string_util::FindAndReplace(b64, "%3D", "=");
// Base64 decode the data.
size_t len;
EXPECT_TRUE(EVP_DecodedLength(&len, b64.size()));
std::vector<uint8_t> decoded(len);
EXPECT_TRUE(EVP_DecodeBase64(decoded.data(), &len, len,
reinterpret_cast<const uint8_t *>(b64.data()),
b64.size()));
std::string decoded_string(decoded.begin(), decoded.begin() + len);
EXPECT_EQ(request_data, decoded_string);
}
} // namespace
BSSL_NAMESPACE_END
Reference in a new issue View git blame Copy permalink