|
1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 #include "TlsProvTestStep.h" |
|
17 #include <test/testexecutelog.h> |
|
18 #include <hash.h> |
|
19 |
|
20 extern TInt ReadTestDataL( CTlsCryptoAttributes*& aTlsCryptoAttributes, HBufC8*& aSrvCert, |
|
21 CTlsProvStep*& aTestStepPtr); |
|
22 |
|
23 extern TInt ReadDataFromFiles( CTlsCryptoAttributes* aTlsCryptoAttributes, |
|
24 HBufC8*& aSrvCert); |
|
25 |
|
26 |
|
27 /* |
|
28 Tests covered:Test for rejecting |
|
29 1.Unsupported protocol version |
|
30 2.Unsupported ciphersuite |
|
31 3.Wrong size server random number |
|
32 */ |
|
33 const TTLSProtocolVersion KTest_0 = {4,4}; |
|
34 TVerdict CTlsProvTestActive::TestProvider_3_0L( CTlsProvStep* ) |
|
35 { |
|
36 |
|
37 |
|
38 CTLSProvider* PtrProvider = CTLSProvider::ConnectL(); |
|
39 |
|
40 CTlsCryptoAttributes* TlsCryptoAttributes = PtrProvider->Attributes(); |
|
41 |
|
42 |
|
43 TlsCryptoAttributes->iNegotiatedProtocol = KTest_0; |
|
44 iStatus = KRequestPending; |
|
45 CTLSSession* aPtrTlsSession; |
|
46 PtrProvider->CreateL(aPtrTlsSession,iStatus); |
|
47 SetActive(); |
|
48 CActiveScheduler::Start(); |
|
49 |
|
50 |
|
51 if(iStatus.Int() == (TInt)KErrSSLAlertIllegalParameter) |
|
52 { |
|
53 |
|
54 TlsCryptoAttributes->iNegotiatedProtocol = KTLS1_0; |
|
55 TlsCryptoAttributes->iCurrentCipherSuite.iHiByte = 20; |
|
56 TlsCryptoAttributes->iCurrentCipherSuite.iLoByte = 20; |
|
57 iStatus = KRequestPending; |
|
58 PtrProvider->CreateL(aPtrTlsSession,iStatus); |
|
59 SetActive(); |
|
60 CActiveScheduler::Start(); |
|
61 |
|
62 if(iStatus.Int() == (TInt)KErrSSLAlertIllegalParameter) |
|
63 { |
|
64 TlsCryptoAttributes->iCurrentCipherSuite.iHiByte = 0; |
|
65 TlsCryptoAttributes->iCurrentCipherSuite.iLoByte = 3; |
|
66 iStatus = KRequestPending; |
|
67 PtrProvider->CreateL(aPtrTlsSession,iStatus); |
|
68 SetActive(); |
|
69 CActiveScheduler::Start(); |
|
70 if(iStatus.Int() == (TInt)KErrSSLAlertIllegalParameter) |
|
71 { |
|
72 return EPass; |
|
73 } |
|
74 |
|
75 } |
|
76 } |
|
77 return EFail; |
|
78 } |
|
79 |
|
80 /* |
|
81 Tests covered:Test for rejecting |
|
82 Select a token without client authentication, software token will always be selected |
|
83 */ |
|
84 |
|
85 TVerdict CTlsProvTestActive::TestProvider_3_1L( CTlsProvStep* aStep ) |
|
86 { |
|
87 |
|
88 CTLSProvider* PtrProvider = 0; |
|
89 CTLSSession* PtrSession; |
|
90 CTlsCryptoAttributes* PtrTlsCryptoAttributes; |
|
91 |
|
92 |
|
93 __UHEAP_MARK; |
|
94 InitProviderL(PtrProvider,PtrSession,PtrTlsCryptoAttributes,ETrue,EFalse,aStep); |
|
95 |
|
96 |
|
97 //Want client authentication? |
|
98 PtrTlsCryptoAttributes->iClientAuthenticate = EFalse; |
|
99 |
|
100 //Any dialogs? |
|
101 PtrTlsCryptoAttributes->iDialogNonAttendedMode = ETrue; |
|
102 |
|
103 //Required ciphersuite |
|
104 TTLSCipherSuite CipherSuite; |
|
105 CipherSuite.iHiByte = 0; |
|
106 CipherSuite.iLoByte = 3; |
|
107 PtrTlsCryptoAttributes->iCurrentCipherSuite = CipherSuite; |
|
108 PtrTlsCryptoAttributes->iNegotiatedProtocol = KTLS1_0; |
|
109 |
|
110 iStatus = KRequestPending; |
|
111 PtrProvider->CreateL(PtrSession,iStatus); |
|
112 SetActive(); |
|
113 CActiveScheduler::Start(); |
|
114 delete PtrProvider; |
|
115 if(PtrSession) |
|
116 { |
|
117 delete PtrSession; |
|
118 __UHEAP_MARKEND; |
|
119 return EPass; |
|
120 } |
|
121 else |
|
122 return EFail; |
|
123 } |
|
124 |
|
125 /* |
|
126 Tests covered: |
|
127 1.Use client authentication(Provider browses for matching certs and keys and then |
|
128 selects a token) |
|
129 Check the correct client cert is being selected |
|
130 */ |
|
131 TVerdict CTlsProvTestActive::TestProvider_3_2L(CTlsProvStep* aStep) |
|
132 { |
|
133 CTLSProvider* PtrProvider = 0; |
|
134 CTLSSession* PtrSession; |
|
135 CTLSProvider* tlsProvider = CTLSProvider::ConnectL(); |
|
136 CTlsCryptoAttributes* PtrTlsCryptoAttributes = tlsProvider->Attributes();; |
|
137 |
|
138 HBufC8* encServerCert = NULL; |
|
139 TInt res = StandardTestInitL(aStep, PtrTlsCryptoAttributes, encServerCert); |
|
140 if( res < 0 ) |
|
141 { |
|
142 iLogInfo.Copy( _L(" 3.2: problems with test data files") ); |
|
143 return EFail; |
|
144 } |
|
145 |
|
146 __UHEAP_MARK; |
|
147 InitProviderL(PtrProvider,PtrSession,PtrTlsCryptoAttributes,ETrue,EFalse,aStep); |
|
148 |
|
149 //Want client authentication? Yes!, Please. |
|
150 PtrTlsCryptoAttributes->iClientAuthenticate = ETrue; |
|
151 |
|
152 //Any dialogs? |
|
153 PtrTlsCryptoAttributes->iDialogNonAttendedMode = ETrue; |
|
154 |
|
155 //Required ciphersuite |
|
156 TTLSCipherSuite CipherSuite; |
|
157 CipherSuite.iHiByte = 0; |
|
158 CipherSuite.iLoByte = 3; |
|
159 PtrTlsCryptoAttributes->iCurrentCipherSuite = CipherSuite; |
|
160 PtrTlsCryptoAttributes->iNegotiatedProtocol = KTLS1_0; |
|
161 PtrTlsCryptoAttributes->isignatureAlgorithm = ERsaSigAlg; |
|
162 |
|
163 AddDNL(); |
|
164 const TDesC8& issuerName = reinterpret_cast<const TDesC8&>(*iDNs[0]); |
|
165 PtrTlsCryptoAttributes->iDistinguishedCANames.Append(&issuerName); |
|
166 |
|
167 iDNs.Close(); |
|
168 |
|
169 iStatus = KRequestPending; |
|
170 PtrProvider->CreateL(PtrSession,iStatus); |
|
171 SetActive(); |
|
172 CActiveScheduler::Start(); |
|
173 TVerdict ret=EFail; |
|
174 CX509Certificate* X509ClientCert = 0; |
|
175 if(PtrSession) |
|
176 { |
|
177 |
|
178 iStatus = KRequestPending; |
|
179 PtrSession->ClientCertificate(X509ClientCert,iStatus); |
|
180 SetActive(); |
|
181 CActiveScheduler::Start(); |
|
182 |
|
183 //to make ccover happy |
|
184 CTlsCryptoAttributes* tempAttributes = PtrProvider->Attributes(); |
|
185 if(tempAttributes->iNegotiatedProtocol != KTLS1_0) |
|
186 return EFail; |
|
187 |
|
188 PtrProvider->CancelRequest(); |
|
189 PtrSession->CancelRequest(); |
|
190 if(X509ClientCert) |
|
191 { |
|
192 ret=EPass; |
|
193 } |
|
194 else |
|
195 { |
|
196 iLogInfo.Copy( _L(" No Client certificate found") ); |
|
197 } |
|
198 //Check for the subject name too |
|
199 delete X509ClientCert; |
|
200 delete PtrProvider; |
|
201 //delete PtrSession; |
|
202 __UHEAP_MARKEND; |
|
203 |
|
204 } |
|
205 |
|
206 return ret; |
|
207 } |
|
208 |
|
209 |
|
210 /* |
|
211 Tests covered: |
|
212 1.Use client authentication, Create a connection, Store the session and emulate abbrevated connections |
|
213 |
|
214 Note: This step tests the provider on its behaviour on resuming sessions and these tests are NOT |
|
215 testing the actual session caching functionality of the token. They are only using the functionality. |
|
216 */ |
|
217 |
|
218 #define KServer1 _L8("192.168.30.2") |
|
219 #define KSessionId1 _L8("11111111112222222222333333333322") |
|
220 TVerdict CTlsProvTestActive::TestProvider_3_3L(CTlsProvStep* aStep) |
|
221 { |
|
222 |
|
223 CTlsTestRandom rnd; |
|
224 |
|
225 SetThreadRandomL( &rnd ); |
|
226 |
|
227 CTLSProvider* tlsProvider = CTLSProvider::ConnectL(); |
|
228 |
|
229 RArray<TTLSCipherSuite> userCipherSuiteList; |
|
230 iStatus = KRequestPending; |
|
231 tlsProvider->CipherSuitesL( userCipherSuiteList ,iStatus); |
|
232 |
|
233 SetActive(); |
|
234 CActiveScheduler::Start(); |
|
235 |
|
236 CTLSSession* sessionObj = NULL; |
|
237 |
|
238 CTlsCryptoAttributes* tlsCryptoAttributes = tlsProvider->Attributes(); |
|
239 |
|
240 HBufC8* encServerCert = NULL; |
|
241 |
|
242 TInt res = StandardTestInitL(aStep, tlsCryptoAttributes, encServerCert); |
|
243 if( res < 0 ) |
|
244 { |
|
245 iLogInfo.Copy( _L(" 3.3: problems with test data files") ); |
|
246 return EFail; |
|
247 } |
|
248 |
|
249 |
|
250 CX509Certificate* serverCert = NULL; |
|
251 iStatus = KRequestPending; |
|
252 tlsProvider->VerifyServerCertificate( encServerCert->Des(), serverCert, iStatus); |
|
253 SetActive(); |
|
254 CActiveScheduler::Start(); |
|
255 |
|
256 serverCert = CX509Certificate::NewL(encServerCert->Des()); //- remove when VerifyServerCertificate ready |
|
257 |
|
258 |
|
259 |
|
260 HBufC8* clientKeyExch = NULL; |
|
261 |
|
262 iStatus = KRequestPending; |
|
263 tlsProvider->CreateL( sessionObj, |
|
264 iStatus); |
|
265 SetActive(); |
|
266 CActiveScheduler::Start(); |
|
267 |
|
268 |
|
269 // check that ClientKeyExch is not NULL |
|
270 if ( (iStatus.Int() != KErrNone ) || (NULL == sessionObj) ) |
|
271 { |
|
272 iLogInfo.Copy( _L(" 4.0: CTLSProvider::Create failed") ); |
|
273 return EInconclusive; |
|
274 } |
|
275 |
|
276 iStatus = KRequestPending; |
|
277 sessionObj->ClientKeyExchange(clientKeyExch, iStatus); |
|
278 SetActive(); |
|
279 CActiveScheduler::Start(); |
|
280 |
|
281 // check that ClientKeyExch is not NULL |
|
282 if ( (NULL == clientKeyExch) || ( 0 == clientKeyExch->Length()) ) |
|
283 { |
|
284 iLogInfo.Copy( _L(" 4.0: CTLSSession::ClientKeyExchange failed") ); |
|
285 return EInconclusive; |
|
286 } |
|
287 |
|
288 if( EFalse == CacheSessionL( aStep, sessionObj) ) |
|
289 return EInconclusive; |
|
290 |
|
291 //Create a new object here..Try resuming the same session and get the same server cert back |
|
292 |
|
293 CTLSProvider* PtrProvider = CTLSProvider::ConnectL(); |
|
294 CTLSSession* PtrSession; |
|
295 CTlsCryptoAttributes* PtrTlsCryptoAttributes; |
|
296 |
|
297 |
|
298 iStatus = KRequestPending; |
|
299 userCipherSuiteList.Reset(); |
|
300 PtrProvider->CipherSuitesL( userCipherSuiteList ,iStatus); |
|
301 SetActive(); |
|
302 CActiveScheduler::Start(); |
|
303 if(userCipherSuiteList.Count() != KSupportedCipherCount) |
|
304 return EFail; |
|
305 |
|
306 |
|
307 iStatus = KRequestPending; |
|
308 TTLSServerAddr ServerName; |
|
309 TTLSSessionId SessionId; |
|
310 ServerName.iAddress.Copy( KServer1 ); |
|
311 ServerName.iPort = 10; |
|
312 PtrProvider->GetSessionL(ServerName,SessionId,iStatus); |
|
313 SetActive(); |
|
314 CActiveScheduler::Start(); |
|
315 |
|
316 //The same session id Should be returned here |
|
317 if(SessionId.Compare(KSessionId1) == 0) |
|
318 { |
|
319 PtrTlsCryptoAttributes = PtrProvider->Attributes(); |
|
320 InitProviderL(PtrProvider,PtrSession,PtrTlsCryptoAttributes,ETrue,EFalse,aStep); |
|
321 |
|
322 //Want client authentication? |
|
323 PtrTlsCryptoAttributes->iClientAuthenticate = EFalse; |
|
324 |
|
325 //Any dialogs? |
|
326 PtrTlsCryptoAttributes->iDialogNonAttendedMode = ETrue; |
|
327 |
|
328 //Required ciphersuite |
|
329 TTLSCipherSuite CipherSuite; |
|
330 CipherSuite.iHiByte = 0; |
|
331 CipherSuite.iLoByte = 3; |
|
332 PtrTlsCryptoAttributes->iCurrentCipherSuite = CipherSuite; |
|
333 PtrTlsCryptoAttributes->iNegotiatedProtocol = KTLS1_0; |
|
334 |
|
335 |
|
336 //Resume a session |
|
337 PtrTlsCryptoAttributes->iSessionNameAndID.iServerName.iAddress.Copy( KServer1 ); |
|
338 PtrTlsCryptoAttributes->iSessionNameAndID.iServerName.iPort = 10; |
|
339 PtrTlsCryptoAttributes->iSessionNameAndID.iSessionId.Copy(SessionId); |
|
340 iStatus = KRequestPending; |
|
341 PtrProvider->CreateL(PtrSession,iStatus); |
|
342 SetActive(); |
|
343 CActiveScheduler::Start(); |
|
344 |
|
345 iStatus = KRequestPending; |
|
346 CX509Certificate* ReceviedCert; |
|
347 ReceviedCert= 0; |
|
348 PtrSession->ServerCertificate( ReceviedCert, iStatus ); |
|
349 SetActive(); |
|
350 CActiveScheduler::Start(); |
|
351 |
|
352 |
|
353 //todo compare retrieved cert with original one: |
|
354 if(ReceviedCert && ReceviedCert->IsEqualL(*serverCert)) |
|
355 { |
|
356 return EPass; |
|
357 } |
|
358 else |
|
359 return EFail; |
|
360 |
|
361 } |
|
362 return EFail; |
|
363 |
|
364 } |
|
365 |
|
366 |
|
367 |
|
368 |
|
369 |