media_cas_packager_sdk_source/common/drm_root_certificate_test.cc

////////////////////////////////////////////////////////////////////////////////
// Copyright 2013 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////
//
// Description:
//   Unit tests for drm_root_certificate.cc

#include <memory>

#include "testing/gunit.h"
#include "common/drm_root_certificate.h"
#include "common/rsa_key.h"
#include "common/rsa_test_keys.h"
#include "protos/public/drm_certificate.pb.h"
#include "protos/public/errors.pb.h"
#include "protos/public/signed_drm_certificate.pb.h"

namespace widevine {

class DrmRootCertificateTest : public testing::Test {
 protected:
  DrmRootCertificateTest() {}
  util::Status DrmRootCertificateCreate(
      const std::string& signed_drm_certificate,
      std::unique_ptr<DrmRootCertificate>* cert) {
    return DrmRootCertificate::Create(signed_drm_certificate, cert);
  }
};

TEST_F(DrmRootCertificateTest, DrmRootCertificateCreation) {
  RsaTestKeys test_keys;
  std::unique_ptr<DrmRootCertificate> root_cert;

  // First, invalid serialized cert. Should fail.
  EXPECT_EQ(INVALID_DRM_CERTIFICATE,
            DrmRootCertificateCreate("bad_cert", &root_cert).error_code());
  SignedDrmCertificate signed_cert;
  std::string serialized;
  // Serialized empty cert. Should fail.
  ASSERT_TRUE(signed_cert.SerializeToString(&serialized));
  EXPECT_NE(util::OkStatus(),
            DrmRootCertificateCreate(serialized, &root_cert));
  // Add public key. Should still fail.
  DrmCertificate drm_cert;
  drm_cert.set_public_key(test_keys.public_test_key_1_3072_bits());
  ASSERT_TRUE(
      drm_cert.SerializeToString(signed_cert.mutable_drm_certificate()));
  ASSERT_TRUE(signed_cert.SerializeToString(&serialized));
  EXPECT_EQ(INVALID_DRM_CERTIFICATE,
            DrmRootCertificateCreate(serialized, &root_cert).error_code());
  // Now self-sign the cert. Should succeed.
  std::unique_ptr<RsaPrivateKey> private_key(
      RsaPrivateKey::Create(test_keys.private_test_key_1_3072_bits()));
  ASSERT_TRUE(private_key.get());
  ASSERT_TRUE(private_key->GenerateSignature(signed_cert.drm_certificate(),
                                             signed_cert.mutable_signature()));
  ASSERT_TRUE(signed_cert.SerializeToString(&serialized));
  EXPECT_EQ(util::OkStatus(),
            DrmRootCertificateCreate(serialized, &root_cert));
  ASSERT_TRUE(root_cert);
  // Verify the public key.
  EXPECT_EQ(test_keys.public_test_key_1_3072_bits(), root_cert->public_key());
}

TEST_F(DrmRootCertificateTest, DrmRootCertificateCreationByType) {
  std::unique_ptr<DrmRootCertificate> root_cert;
  EXPECT_EQ(util::OkStatus(), DrmRootCertificate::CreateByType(
                                    kCertificateTypeTesting, &root_cert));
  ASSERT_TRUE(root_cert != nullptr);
  EXPECT_EQ(util::OkStatus(), DrmRootCertificate::CreateByType(
                                    kCertificateTypeDevelopment, &root_cert));
  ASSERT_TRUE(root_cert != nullptr);
  EXPECT_EQ(util::OkStatus(), DrmRootCertificate::CreateByType(
                                    kCertificateTypeProduction, &root_cert));
  ASSERT_TRUE(root_cert != nullptr);
}

TEST_F(DrmRootCertificateTest, DrmRootCertificateDigest) {
  const std::string test_cert_hash(
      "49f917b1bdfed78002a58e799a58e940"
      "1fffaaed9d8d80752782b066757e2c8c");
  const std::string dev_cert_hash(
      "0e25ee95476a770f30b98ac5ef778b3f"
      "137b66c29385b84f547a361b4724b17d");
  const std::string prod_cert_hash(
      "d62fdabc9286648a81f7d3bedaf2f5a5"
      "27bbad39bc38da034ba98a21569adb9b");
  EXPECT_EQ(test_cert_hash,
            DrmRootCertificate::GetDigest(kCertificateTypeTesting));
  EXPECT_EQ(dev_cert_hash,
            DrmRootCertificate::GetDigest(kCertificateTypeDevelopment));
  EXPECT_EQ(prod_cert_hash,
            DrmRootCertificate::GetDigest(kCertificateTypeProduction));
}

}  // namespace widevine