Files
softbus_OPC/third_party/open62541/tests/encryption/check_crl_validation.c
2026-06-09 17:27:24 +08:00

338 lines
12 KiB
C

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* Copyright 2024 (c) Fraunhofer IOSB (Author: Noel Graf)
*
*/
#include <open62541/client.h>
#include <open62541/client_config_default.h>
#include <open62541/client_highlevel.h>
#include <open62541/plugin/pki_default.h>
#include <open62541/server.h>
#include <open62541/server_config_default.h>
#include "certificates.h"
#include "check.h"
#include "thread_wrapper.h"
UA_Server *server;
UA_Boolean running;
THREAD_HANDLE server_thread;
THREAD_CALLBACK(serverloop) {
while(running)
UA_Server_run_iterate(server, true);
return 0;
}
static void setup1(void) {
running = true;
/* Load certificate and private key */
UA_ByteString certificate;
certificate.length = CERT_DER_LENGTH;
certificate.data = CERT_DER_DATA;
UA_ByteString privateKey;
privateKey.length = KEY_DER_LENGTH;
privateKey.data = KEY_DER_DATA;
UA_ByteString rootCa;
rootCa.length = ROOT_CERT_DER_LENGTH;
rootCa.data = ROOT_CERT_DER_DATA;
UA_ByteString rootCaCrl;
rootCaCrl.length = ROOT_EMPTY_CRL_PEM_LENGTH;
rootCaCrl.data = ROOT_EMPTY_CRL_PEM_DATA;
UA_ByteString intermediateCa;
intermediateCa.length = INTERMEDIATE_CERT_DER_LENGTH;
intermediateCa.data = INTERMEDIATE_CERT_DER_DATA;
UA_ByteString intermediateCaCrl;
intermediateCaCrl.length = INTERMEDIATE_EMPTY_CRL_PEM_LENGTH;
intermediateCaCrl.data = INTERMEDIATE_EMPTY_CRL_PEM_DATA;
/* Load the trustlist */
size_t trustListSize = 2;
UA_STACKARRAY(UA_ByteString, trustList, trustListSize);
trustList[0] = intermediateCa;
trustList[1] = rootCa;
/* Load the issuerList */
size_t issuerListSize = 2;
UA_STACKARRAY(UA_ByteString, issuerList, issuerListSize);
issuerList[0] = intermediateCa;
issuerList[1] = rootCa;
/* Loading of a revocation list currently unsupported */
size_t revocationListSize = 2;
UA_STACKARRAY(UA_ByteString, revocationList, revocationListSize);
revocationList[0] = rootCaCrl;
revocationList[1] = intermediateCaCrl;
server = UA_Server_new();
ck_assert(server != NULL);
UA_ServerConfig *config = UA_Server_getConfig(server);
UA_ServerConfig_setDefaultWithSecurityPolicies(config, 4840, &certificate, &privateKey,
trustList, trustListSize,
issuerList, issuerListSize,
revocationList, revocationListSize);
/* Set the ApplicationUri used in the certificate */
UA_String_clear(&config->applicationDescription.applicationUri);
config->applicationDescription.applicationUri =
UA_STRING_ALLOC("urn:unconfigured:application");
UA_Server_run_startup(server);
THREAD_CREATE(server_thread, serverloop);
}
static void setup2(void) {
running = true;
/* Load certificate and private key */
UA_ByteString certificate;
certificate.length = CERT_DER_LENGTH;
certificate.data = CERT_DER_DATA;
UA_ByteString privateKey;
privateKey.length = KEY_DER_LENGTH;
privateKey.data = KEY_DER_DATA;
UA_ByteString rootCa;
rootCa.length = ROOT_CERT_DER_LENGTH;
rootCa.data = ROOT_CERT_DER_DATA;
UA_ByteString rootCaCrl;
rootCaCrl.length = ROOT_EMPTY_CRL_PEM_LENGTH;
rootCaCrl.data = ROOT_EMPTY_CRL_PEM_DATA;
UA_ByteString intermediateCa;
intermediateCa.length = INTERMEDIATE_CERT_DER_LENGTH;
intermediateCa.data = INTERMEDIATE_CERT_DER_DATA;
UA_ByteString intermediateCaCrl;
intermediateCaCrl.length = INTERMEDIATE_CRL_PEM_LENGTH;
intermediateCaCrl.data = INTERMEDIATE_CRL_PEM_DATA;
/* Load the trustlist */
size_t trustListSize = 2;
UA_STACKARRAY(UA_ByteString, trustList, trustListSize);
trustList[0] = intermediateCa;
trustList[1] = rootCa;
/* Load the issuerList */
size_t issuerListSize = 2;
UA_STACKARRAY(UA_ByteString, issuerList, issuerListSize);
issuerList[0] = intermediateCa;
issuerList[1] = rootCa;
/* Loading of a revocation list currently unsupported */
size_t revocationListSize = 2;
UA_STACKARRAY(UA_ByteString, revocationList, revocationListSize);
revocationList[0] = rootCaCrl;
revocationList[1] = intermediateCaCrl;
server = UA_Server_new();
ck_assert(server != NULL);
UA_ServerConfig *config = UA_Server_getConfig(server);
UA_ServerConfig_setDefaultWithSecurityPolicies(config, 4840, &certificate, &privateKey,
trustList, trustListSize,
issuerList, issuerListSize,
revocationList, revocationListSize);
/* Set the ApplicationUri used in the certificate */
UA_String_clear(&config->applicationDescription.applicationUri);
config->applicationDescription.applicationUri =
UA_STRING_ALLOC("urn:unconfigured:application");
UA_Server_run_startup(server);
THREAD_CREATE(server_thread, serverloop);
}
static void setup3(void) {
running = true;
/* Load certificate and private key */
UA_ByteString certificate;
certificate.length = CERT_DER_LENGTH;
certificate.data = CERT_DER_DATA;
UA_ByteString privateKey;
privateKey.length = KEY_DER_LENGTH;
privateKey.data = KEY_DER_DATA;
UA_ByteString rootCa;
rootCa.length = ROOT_CERT_DER_LENGTH;
rootCa.data = ROOT_CERT_DER_DATA;
UA_ByteString rootCaCrl;
rootCaCrl.length = ROOT_CRL_PEM_LENGTH;
rootCaCrl.data = ROOT_CRL_PEM_DATA;
UA_ByteString intermediateCa;
intermediateCa.length = INTERMEDIATE_CERT_DER_LENGTH;
intermediateCa.data = INTERMEDIATE_CERT_DER_DATA;
UA_ByteString intermediateCaCrl;
intermediateCaCrl.length = INTERMEDIATE_EMPTY_CRL_PEM_LENGTH;
intermediateCaCrl.data = INTERMEDIATE_EMPTY_CRL_PEM_DATA;
/* Load the trustlist */
size_t trustListSize = 2;
UA_STACKARRAY(UA_ByteString, trustList, trustListSize);
trustList[0] = intermediateCa;
trustList[1] = rootCa;
/* Load the issuerList */
size_t issuerListSize = 2;
UA_STACKARRAY(UA_ByteString, issuerList, issuerListSize);
issuerList[0] = rootCa;
issuerList[1] = intermediateCa;
/* Loading of a revocation list currently unsupported */
size_t revocationListSize = 2;
UA_STACKARRAY(UA_ByteString, revocationList, revocationListSize);
revocationList[0] = rootCaCrl;
revocationList[1] = intermediateCaCrl;
server = UA_Server_new();
ck_assert(server != NULL);
UA_ServerConfig *config = UA_Server_getConfig(server);
UA_ServerConfig_setDefaultWithSecurityPolicies(config, 4840, &certificate, &privateKey,
trustList, trustListSize,
issuerList, issuerListSize,
revocationList, revocationListSize);
/* Set the ApplicationUri used in the certificate */
UA_String_clear(&config->applicationDescription.applicationUri);
config->applicationDescription.applicationUri =
UA_STRING_ALLOC("urn:unconfigured:application");
UA_Server_run_startup(server);
THREAD_CREATE(server_thread, serverloop);
}
static void teardown(void) {
running = false;
THREAD_JOIN(server_thread);
UA_Server_run_shutdown(server);
UA_Server_delete(server);
}
START_TEST(encryption_connect_valid) {
/* Load certificate and private key */
UA_ByteString certificate;
certificate.length = APPLICATION_CERT_DER_LENGTH;
certificate.data = APPLICATION_CERT_DER_DATA;
ck_assert_uint_ne(certificate.length, 0);
UA_ByteString privateKey;
privateKey.length = APPLICATION_KEY_DER_LENGTH;
privateKey.data = APPLICATION_KEY_DER_DATA;
ck_assert_uint_ne(privateKey.length, 0);
/* Load the trustlist */
UA_ByteString *trustList = NULL;
size_t trustListSize = 0;
UA_ByteString *revocationList = NULL;
size_t revocationListSize = 0;
/* Secure client initialization */
UA_Client *client = UA_Client_new();
UA_ClientConfig *cc = UA_Client_getConfig(client);
UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey,
trustList, trustListSize,
revocationList, revocationListSize);
cc->certificateVerification.clear(&cc->certificateVerification);
UA_CertificateVerification_AcceptAll(&cc->certificateVerification);
cc->securityPolicyUri =
UA_STRING_ALLOC("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
ck_assert(client != NULL);
/* Secure client connect */
UA_StatusCode retval = UA_Client_connect(client, "opc.tcp://localhost:4840");
ck_assert_uint_eq(retval, UA_STATUSCODE_GOOD);
UA_Variant val;
UA_Variant_init(&val);
UA_NodeId nodeId = UA_NODEID_NUMERIC(0, UA_NS0ID_SERVER_SERVERSTATUS_STATE);
retval = UA_Client_readValueAttribute(client, nodeId, &val);
ck_assert_uint_eq(retval, UA_STATUSCODE_GOOD);
UA_Variant_clear(&val);
UA_Client_disconnect(client);
UA_Client_delete(client);
}
END_TEST
START_TEST(encryption_connect_revoked) {
UA_ByteString certificate;
certificate.length = APPLICATION_CERT_DER_LENGTH;
certificate.data = APPLICATION_CERT_DER_DATA;
ck_assert_uint_ne(certificate.length, 0);
UA_ByteString privateKey;
privateKey.length = APPLICATION_KEY_DER_LENGTH;
privateKey.data = APPLICATION_KEY_DER_DATA;
ck_assert_uint_ne(privateKey.length, 0);
/* Load the trustlist */
UA_ByteString *trustList = NULL;
size_t trustListSize = 0;
UA_ByteString *revocationList = NULL;
size_t revocationListSize = 0;
/* Secure client initialization */
UA_Client *client = UA_Client_new();
UA_ClientConfig *cc = UA_Client_getConfig(client);
UA_ClientConfig_setDefaultEncryption(cc, certificate, privateKey,
trustList, trustListSize,
revocationList, revocationListSize);
cc->certificateVerification.clear(&cc->certificateVerification);
UA_CertificateVerification_AcceptAll(&cc->certificateVerification);
cc->securityPolicyUri =
UA_STRING_ALLOC("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
ck_assert(client != NULL);
/* Secure client connect */
UA_StatusCode retval = UA_Client_connect(client, "opc.tcp://localhost:4840");
ck_assert_uint_eq(retval, UA_STATUSCODE_BADSECURITYCHECKSFAILED);
UA_Client_disconnect(client);
UA_Client_delete(client);
}
END_TEST
static Suite* testSuite_encryption(void) {
Suite *s = suite_create("Certificate Revocation List");
TCase *tc_encryption_valid = tcase_create("Certificate Revocation Valid");
tcase_add_checked_fixture(tc_encryption_valid, setup1, teardown);
TCase *tc_encryption_revoked = tcase_create("Certificate Revocation Revoked");
tcase_add_checked_fixture(tc_encryption_revoked, setup2, teardown);
TCase *tc_encryption_revoked2 = tcase_create("Certificate Revocation Revoked2");
tcase_add_checked_fixture(tc_encryption_revoked2, setup3, teardown);
#ifdef UA_ENABLE_ENCRYPTION
tcase_add_test(tc_encryption_valid, encryption_connect_valid);
tcase_add_test(tc_encryption_revoked, encryption_connect_revoked);
tcase_add_test(tc_encryption_revoked2, encryption_connect_revoked);
#endif /* UA_ENABLE_ENCRYPTION */
suite_add_tcase(s,tc_encryption_valid);
suite_add_tcase(s,tc_encryption_revoked);
suite_add_tcase(s,tc_encryption_revoked2);
return s;
}
int main(void) {
Suite *s = testSuite_encryption();
SRunner *sr = srunner_create(s);
srunner_set_fork_status(sr, CK_NOFORK);
srunner_run_all(sr,CK_NORMAL);
int number_failed = srunner_ntests_failed(sr);
srunner_free(sr);
return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}