Index: rtc_base/sslstreamadapter_unittest.cc |
diff --git a/rtc_base/sslstreamadapter_unittest.cc b/rtc_base/sslstreamadapter_unittest.cc |
index 03aabd8a7975109ec5296ff1fbce444ff6af6adb..13f8e2968962b50b9b360c78af87ca82d57876cb 100644 |
--- a/rtc_base/sslstreamadapter_unittest.cc |
+++ b/rtc_base/sslstreamadapter_unittest.cc |
@@ -64,6 +64,87 @@ static const char kCERT_PEM[] = |
"UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" |
"-----END CERTIFICATE-----\n"; |
+static const char kLeafCert[] = |
+ "-----BEGIN CERTIFICATE-----\n" |
+ "MIIEUjCCAjqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCVVMx\n" |
+ "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS\n" |
+ "BgNVBAoMC0dvb2dsZSwgSW5jMQwwCgYDVQQLDANHVFAxFzAVBgNVBAMMDnRlbGVw\n" |
+ "aG9ueS5nb29nMR0wGwYJKoZIhvcNAQkBFg5ndHBAZ29vZ2xlLmNvbTAeFw0xNzA5\n" |
+ "MjYwNDA5MDNaFw0yMDA2MjIwNDA5MDNaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQI\n" |
+ "DAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEXMBUGA1UECgwOdGVsZXBob255\n" |
+ "Lmdvb2cxFzAVBgNVBAMMDnRlbGVwaG9ueS5nb29nMIGfMA0GCSqGSIb3DQEBAQUA\n" |
+ "A4GNADCBiQKBgQDJXWeeU1v1+wlqkVobzI3aN7Uh2iVQA9YCdq5suuabtiD/qoOD\n" |
+ "NKpmQqsx7WZGGWSZTDFEBaUpvIK7Hb+nzRqk6iioPCFOFuarm6GxO1xVneImMuE6\n" |
+ "tuWb3YZPr+ikChJbl11y5UcSbg0QsbeUc+jHl5umNvrL85Y+z8SP0rxbBwIDAQAB\n" |
+ "o2AwXjAdBgNVHQ4EFgQU7tdZobqlN8R8V72FQnRxmqq8tKswHwYDVR0jBBgwFoAU\n" |
+ "5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC\n" |
+ "AQYwDQYJKoZIhvcNAQELBQADggIBADObh9Z+z14FmP9zSenhFtq7hFnmNrSkklk8\n" |
+ "eyYWXKfOuIriEQQBZsz76ZcnzStih8Rj+yQ0AXydk4fJ5LOwC2cUqQBar17g6Pd2\n" |
+ "8g4SIL4azR9WvtiSvpuGlwp25b+yunaacDne6ebnf/MUiiKT5w61Xo3cEPVfl38e\n" |
+ "/Up2l0bioid5enUTmg6LY6RxDO6tnZQkz3XD+nNSwT4ehtkqFpHYWjErj0BbkDM2\n" |
+ "hiVc/JsYOZn3DmuOlHVHU6sKwqh3JEyvHO/d7DGzMGWHpHwv2mCTJq6l/sR95Tc2\n" |
+ "GaQZgGDVNs9pdEouJCDm9e/PbQWRYhnat82PTkXx/6mDAAwdZlIi/pACzq8K4p7e\n" |
+ "6hF0t8uKGnXJubHPXxlnJU6yxZ0yWmivAGjwWK4ur832gKlho4jeMDhiI/T3QPpl\n" |
+ "iMNsIvxRhdD+GxJkQP1ezayw8s+Uc9KwKglrkBSRRDLCJUfPOvMmXLUDSTMX7kp4\n" |
+ "/Ak1CA8dVLJIlfEjLBUuvAttlP7+7lsKNgxAjCxZkWLXIyGULzNPQwVWkGfCbrQs\n" |
+ "XyMvSbFsSIb7blV7eLlmf9a+2RprUUkc2ALXLLCI9YQXmxm2beBfMyNmmebwBJzT\n" |
+ "B0OR+5pFFNTJPoNlqpdrDsGrDu7JlUtk0ZLZzYyKXbgy2qXxfd4OWzXXjxpLMszZ\n" |
+ "LDIpOAkj\n" |
+ "-----END CERTIFICATE-----\n"; |
+static const char kLeafKey[] = |
+ "-----BEGIN RSA PRIVATE KEY-----\n" |
+ "MIICXAIBAAKBgQDJXWeeU1v1+wlqkVobzI3aN7Uh2iVQA9YCdq5suuabtiD/qoOD\n" |
+ "NKpmQqsx7WZGGWSZTDFEBaUpvIK7Hb+nzRqk6iioPCFOFuarm6GxO1xVneImMuE6\n" |
+ "tuWb3YZPr+ikChJbl11y5UcSbg0QsbeUc+jHl5umNvrL85Y+z8SP0rxbBwIDAQAB\n" |
+ "AoGAQuILcMMvYFypnAP7chBXbYvjVgMnMZSUmOzisqrBviaYf1Mbq5DqqFyskEDS\n" |
+ "H6Z/i4uLMZTObzZ2FcCj0BCIMHcMfsA/XDMG4G3xtxY3/5JhMKwXGHB1WR5Htl2n\n" |
+ "PPAHXfj/OLNOC1mMJE3podO6VMQ9ShGa5WwIk1seniTAqkECQQD8PgGlWg56QJym\n" |
+ "nNytUpTrrRZM50VLYtk/4a+6QlxbQtrV9oSoVcQTqbWZCxx/dhUaRHj30G0IPujp\n" |
+ "ycsPn+4rAkEAzF1dJf60h3GdD1Y/PuzNFk184OYNyu/gxhbJey57V9PCm/1xjF0M\n" |
+ "B4HFGpRi6UweCxl6aGjadoN3uYyVHdI0lQJBAN87wRklakqng/uwN1ztCP7KYEIP\n" |
+ "KzRcdwgiI/MjZ7kcoa9aTGzt+mmseBrJyp7DUkm875Hh05zIkDjXbe6WC6ECQEBa\n" |
+ "QgO94eEosJlswjuxW59jRSiYqM03niMid82XRHXSk9yFAWV+w1P11Dhbc44dTvSV\n" |
+ "0ErigbCCE4hVMXuTfsUCQC85JpCZS/z93HEMduNML0PCKyRwRVBcq3YH4s1M/9FO\n" |
+ "XVMbe7sm62x4wDbk2IJ5jId20qHkkuo2DtFZgr1U+qw=\n" |
+ "-----END RSA PRIVATE KEY-----\n"; |
+ |
+static const char kCACert[] = |
+ "-----BEGIN CERTIFICATE-----\n" |
+ "MIIGETCCA/mgAwIBAgIJAKN9r/BdbGUJMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD\n" |
+ "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g\n" |
+ "VmlldzEUMBIGA1UECgwLR29vZ2xlLCBJbmMxDDAKBgNVBAsMA0dUUDEXMBUGA1UE\n" |
+ "AwwOdGVsZXBob255Lmdvb2cxHTAbBgkqhkiG9w0BCQEWDmd0cEBnb29nbGUuY29t\n" |
+ "MB4XDTE3MDcyNzIzMDE0NVoXDTE3MDgyNjIzMDE0NVowgZYxCzAJBgNVBAYTAlVT\n" |
+ "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQw\n" |
+ "EgYDVQQKDAtHb29nbGUsIEluYzEMMAoGA1UECwwDR1RQMRcwFQYDVQQDDA50ZWxl\n" |
+ "cGhvbnkuZ29vZzEdMBsGCSqGSIb3DQEJARYOZ3RwQGdvb2dsZS5jb20wggIiMA0G\n" |
+ "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfvpF7aBV5Hp1EHsWoIlL3GeHwh8dS\n" |
+ "lv9VQCegN9rD06Ny7MgcED5AiK2vqXmUmOVS+7NbATkdVYN/eozDhKtN3Q3n87kJ\n" |
+ "Nt/TD/TcZZHOZIGsRPbrf2URK26E/5KzTzbzXVBOA1e+gSj+EBbltGqb01ZO5ErF\n" |
+ "iPGViPM/HpYKdq6mfz2bS5PhU67XZMM2zvToyReQ/Fjm/6PJhwKSRXSgZF5djPhk\n" |
+ "2LfOKMLS0AeZtd2C4DFsCU41lfLUkybioDgFuzTQ3TFi1K8A07KYTMmLY/yQppnf\n" |
+ "SpNX58shlVhM+Ed37K1Z0rU0OfVCZ5P+KKaSSfMranjlU7zeUIhZYjqq/EYrEhbS\n" |
+ "dLnNHwgJrqxzId3kq8uuLM6+VB7JZKnZLfT90GdAbX4+tutNe21smmogF9f80vEy\n" |
+ "gM4tOp9rXrvz9vCwWHXVY9kdKemdLAsREoO6MS9k2ctK4jj80o2dROuFC6Q3e7mz\n" |
+ "RjvZr5Tvi464c2o9o/jNlJ0O6q7V2eQzohD+7VnV5QPpRGXxlIeqpR2zoAg+WtRS\n" |
+ "4OgHOVYiD3M6uAlggJA5pcDjMfkEZ+pkhtVcT4qMCEoruk6GbyPxS565oSHu16bH\n" |
+ "EjeCqbZOVND5T3oA7nz6aQSs8sJabt0jmxUkGVnE+4ZDIuuRtkRma+0P/96Mtqor\n" |
+ "OlpNWY1OBDY64QIDAQABo2AwXjAdBgNVHQ4EFgQU5GgKMUtcxkQ2dJrtNR5YOlIA\n" |
+ "PDswHwYDVR0jBBgwFoAU5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUw\n" |
+ "AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAARQly5/bB6VUL2C\n" |
+ "ykDYgWt48go407pAra6tL2kjpdfxV5PdL7iMZRkeht00vj+BVahIqZKrNOa/f5Fx\n" |
+ "vlpahZFu0PDN436aQwRZ9qWut2qDOK0/z9Hhj6NWybquRFwMwqkPG/ivLMDU8Dmj\n" |
+ "CIplpngPYNwXCs0KzdjSXYxqxJbwMjQXELD+/RcurY0oTtJMM1/2vKQMzw24UJqe\n" |
+ "XLJAlsnd2AnWzWNUEviDZY89j9NdkHerBmV2gGzcU+X5lgOO5M8odBv0ZC9D+a6Z\n" |
+ "QPZAOfdGVw60hhGvTW5s/s0dHwCpegRidhs0MD0fTmwwjYFBSmUx3Gztr4JTzOOr\n" |
+ "7e5daJuak2ujQ5DqcGBvt1gePjSudb5brS7JQtN8tI/FyrnR4q/OuOwv1EvlC5RG\n" |
+ "hLX+TXaWqFxB1Hd8ebKRR40mboFG6KcUI3lLBthDvQE7jnq48QfZMjlMQK0ZF1l7\n" |
+ "SrlwRXWA74bU8CLJvnZKKo9p4TsTiDYGSYC6tNHKj5s3TGWL46oqGyZ0KdGNhrtC\n" |
+ "rIGenMhth1vPYjyy0XuGBndXT85yi+IM2l8g8oU845+plxIhgpSI8bbC0oLwnhQ5\n" |
+ "ARfsiYLkXDE7imSS0CSUmye76372mlzAIB1is4bBB/SzpPQtBuB9LDKtONgpSGHn\n" |
+ "dGaXBy+qbVXVyGXaeEbIRjtJ6m92\n" |
+ "-----END CERTIFICATE-----\n"; |
+ |
class SSLStreamAdapterTestBase; |
class SSLDummyStreamBase : public rtc::StreamInterface, |
@@ -865,6 +946,46 @@ class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS { |
} |
}; |
+class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLS { |
+ public: |
+ SSLStreamAdapterTestDTLSCertChain() : SSLStreamAdapterTestDTLS("", ""){}; |
+ void SetUp() override { |
+ CreateStreams(); |
+ |
+ client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); |
+ server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); |
+ |
+ // Set up the slots |
+ client_ssl_->SignalEvent.connect( |
+ reinterpret_cast<SSLStreamAdapterTestBase*>(this), |
+ &SSLStreamAdapterTestBase::OnEvent); |
+ server_ssl_->SignalEvent.connect( |
+ reinterpret_cast<SSLStreamAdapterTestBase*>(this), |
+ &SSLStreamAdapterTestBase::OnEvent); |
+ |
+ if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) { |
+ client_identity_ = rtc::SSLIdentity::FromPEMStrings( |
+ client_private_key_pem_, client_cert_pem_); |
+ } else { |
+ client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_); |
+ } |
+ |
+ client_ssl_->SetIdentity(client_identity_); |
+ server_identity_ = rtc::SSLIdentity::FromPEMStrings( |
+ kLeafKey, std::string(kLeafCert) + kCACert); |
+ server_ssl_->SetIdentity(server_identity_); |
+ } |
+}; |
+ |
+TEST_F(SSLStreamAdapterTestDTLSCertChain, Handshake) { |
+ TestHandshake(); |
+ std::unique_ptr<rtc::SSLCertificate> peer_cert = |
+ client_ssl_->GetPeerCertificate(); |
+ ASSERT_NE(peer_cert->GetChain(), nullptr); |
+ ASSERT_EQ(peer_cert->GetChain()->GetSize(), (size_t)1); |
+ ASSERT_EQ(peer_cert->GetChain()->Get(0).ToPEMString(), kCACert); |
+} |
+ |
// Basic tests: TLS |
// Test that we can make a handshake work |