1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #include <openssl/pem.h>
19
20 #include "cert_crl_common.h"
21 #include "cf_blob.h"
22 #include "cf_log.h"
23 #include "cf_mock.h"
24 #include "cf_object_base.h"
25 #include "cf_result.h"
26 #include "crypto_x509_test_common.h"
27 #include "memory_mock.h"
28 #include "securec.h"
29 #include "string"
30 #include "x509_cert_chain.h"
31 #include "x509_cert_chain_openssl.h"
32 #include "x509_certificate_openssl.h"
33
34 using namespace std;
35 using namespace testing::ext;
36 using namespace CFMock;
37
38 using ::testing::_;
39 using ::testing::AnyNumber;
40 using ::testing::Invoke;
41 using ::testing::Return;
42
43 #ifdef __cplusplus
44 extern "C" {
45 #endif
46
47 int __real_OPENSSL_sk_num(const OPENSSL_STACK *st);
48 void *__real_OPENSSL_sk_value(const OPENSSL_STACK *st, int i);
49 int __real_OPENSSL_sk_push(OPENSSL_STACK *st, const int data);
50 OPENSSL_STACK *__real_OPENSSL_sk_new_null(void);
51 void *__real_X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
52 X509_CRL *__real_X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
53 OCSP_REQUEST *__real_OCSP_REQUEST_new(void);
54 struct stack_st_OPENSSL_STRING *__real_X509_get1_ocsp(X509 *x);
55 int __real_OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, char **pport, int *pport_num,
56 char **ppath, char **pquery, char **pfrag);
57
58 #ifdef __cplusplus
59 }
60 #endif
61
62 namespace {
63 class CryptoX509CertChainTestPart2 : public testing::Test {
64 public:
65 static void SetUpTestCase();
66 static void TearDownTestCase();
67 void SetUp();
68 void TearDown();
69 };
70
71 static HcfX509CertChainSpi *g_certChainPemSpi = nullptr;
72 static HcfX509CertChainSpi *g_certChainPemSpi163 = nullptr;
73
74 static CfBlob g_blobDownloadURI = { .size = strlen(g_crlDownloadURI) + 1,
75 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_crlDownloadURI)) };
76
77 static CfBlob g_ocspDigest = { .size = strlen(g_digest) + 1,
78 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(g_digest)) };
79
FreeHcfRevocationCheckParam(HcfRevocationCheckParam * param)80 static void FreeHcfRevocationCheckParam(HcfRevocationCheckParam *param)
81 {
82 if (param == nullptr) {
83 return;
84 }
85
86 if (param->options != nullptr) {
87 if (param->options->data != nullptr) {
88 CfFree(param->options->data);
89 }
90
91 CfFree(param->options);
92 }
93
94 if (param->ocspResponses != nullptr) {
95 CfFree(param->ocspResponses);
96 }
97
98 if (param->ocspResponderCert != nullptr) {
99 CfObjDestroy(param->ocspResponderCert);
100 }
101
102 CfFree(param);
103 }
104
ConstructHcfRevocationCheckParam(HcfRevChkOption * data,size_t size,CfBlob * ocspResponderURI=NULL,CfBlob * crlDownloadURI=NULL,const CfEncodingBlob * ocspResponderCertStream=NULL)105 static HcfRevocationCheckParam *ConstructHcfRevocationCheckParam(HcfRevChkOption *data, size_t size,
106 CfBlob *ocspResponderURI = NULL, CfBlob *crlDownloadURI = NULL,
107 const CfEncodingBlob *ocspResponderCertStream = NULL)
108 {
109 HcfRevChkOpArray *revChkOpArray = (HcfRevChkOpArray *)CfMalloc(sizeof(HcfRevChkOpArray), 0);
110 if (revChkOpArray == nullptr) {
111 return nullptr;
112 }
113
114 revChkOpArray->count = size;
115 revChkOpArray->data = (HcfRevChkOption *)CfMalloc(revChkOpArray->count * sizeof(HcfRevChkOption), 0);
116 if (revChkOpArray->data == nullptr) {
117 CfFree(revChkOpArray);
118 return nullptr;
119 }
120
121 for (size_t i = 0; i < revChkOpArray->count; i++) {
122 revChkOpArray->data[i] = data[i];
123 }
124
125 CfBlob *resp = (CfBlob *)CfMalloc(sizeof(CfBlob), 0);
126 if (resp == nullptr) {
127 CfFree(revChkOpArray->data);
128 CfFree(revChkOpArray);
129 return nullptr;
130 }
131 resp->data = (uint8_t *)(&g_testOcspResponses[0]);
132 resp->size = sizeof(g_testOcspResponses);
133
134 HcfRevocationCheckParam *param = (HcfRevocationCheckParam *)CfMalloc(sizeof(HcfRevocationCheckParam), 0);
135 if (param == nullptr) {
136 CfFree(revChkOpArray->data);
137 CfFree(revChkOpArray);
138 return nullptr;
139 }
140
141 param->options = revChkOpArray;
142 param->ocspResponses = resp;
143 param->ocspResponderURI = ocspResponderURI;
144 param->crlDownloadURI = crlDownloadURI;
145 param->ocspDigest = &g_ocspDigest;
146
147 if (ocspResponderCertStream != NULL) {
148 (void)HcfX509CertificateCreate(&g_inStreamOcspResponderCert, &(param->ocspResponderCert));
149 if (param->ocspResponderCert == nullptr) {
150 FreeHcfRevocationCheckParam(param);
151 return nullptr;
152 }
153 }
154
155 return param;
156 }
157
SetUpTestCase()158 void CryptoX509CertChainTestPart2::SetUpTestCase()
159 {
160 CfResult ret;
161
162 HcfX509CertChainSpi *certChainSpi = nullptr;
163 ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPem, &certChainSpi);
164 ASSERT_EQ(ret, CF_SUCCESS);
165 ASSERT_NE(certChainSpi, nullptr);
166 g_certChainPemSpi = certChainSpi;
167
168 certChainSpi = nullptr;
169 ret = HcfX509CertChainByEncSpiCreate(&g_inStreamChainDataPem163, &certChainSpi);
170 ASSERT_EQ(ret, CF_SUCCESS);
171 ASSERT_NE(certChainSpi, nullptr);
172 g_certChainPemSpi163 = certChainSpi;
173 }
174
TearDownTestCase()175 void CryptoX509CertChainTestPart2::TearDownTestCase()
176 {
177 CfObjDestroy(g_certChainPemSpi);
178 CfObjDestroy(g_certChainPemSpi163);
179 }
180
SetUp()181 void CryptoX509CertChainTestPart2::SetUp() {}
182
TearDown()183 void CryptoX509CertChainTestPart2::TearDown() {}
184
185 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslPolicyTest001, TestSize.Level0)
186 {
187 CF_LOG_I("ValidateOpensslPolicyTest001");
188 ASSERT_NE(g_certChainPemSpi, nullptr);
189
190 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
191 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
192
193 HcfX509CertChainValidateParams params = { 0 };
194 params.trustAnchors = &trustAnchorArray;
195
196 HcfX509CertChainValidateResult result = { 0 };
197 CfResult ret;
198
199 // test ValidatePolicy failed case
200 params.policy = (HcfValPolicyType)-1;
201 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
202 EXPECT_EQ(ret, CF_INVALID_PARAMS);
203
204 params.policy = VALIDATION_POLICY_TYPE_SSL;
205 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
206 EXPECT_EQ(ret, CF_INVALID_PARAMS);
207
208 CfBlob sslHostname = { 0 };
209 params.sslHostname = &sslHostname;
210 X509OpensslMock::SetMockFlag(true);
211 EXPECT_CALL(X509OpensslMock::GetInstance(), X509_check_host(_, _, _, _, _)).WillRepeatedly(Return(0));
212 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
213 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
214 X509OpensslMock::SetMockFlag(false);
215
216 FreeTrustAnchorArr(trustAnchorArray);
217 }
218
219 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslUseageTest001, TestSize.Level0)
220 {
221 CF_LOG_I("ValidateOpensslUseageTest001");
222 ASSERT_NE(g_certChainPemSpi, nullptr);
223
224 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
225 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
226
227 HcfX509CertChainValidateParams params = { 0 };
228 params.trustAnchors = &trustAnchorArray;
229
230 HcfKuArray kuArray = { 0 };
231 kuArray.count = 9;
232 kuArray.data = (HcfKeyUsageType *)CfMalloc(kuArray.count * sizeof(HcfKeyUsageType), 0);
233 kuArray.data[0] = KEYUSAGE_DIGITAL_SIGNATURE;
234 kuArray.data[1] = KEYUSAGE_NON_REPUDIATION;
235 kuArray.data[2] = KEYUSAGE_KEY_ENCIPHERMENT;
236 kuArray.data[3] = KEYUSAGE_DATA_ENCIPHERMENT;
237 kuArray.data[4] = KEYUSAGE_KEY_AGREEMENT;
238 kuArray.data[5] = KEYUSAGE_KEY_CERT_SIGN;
239 kuArray.data[6] = KEYUSAGE_CRL_SIGN;
240 kuArray.data[7] = KEYUSAGE_ENCIPHER_ONLY;
241 kuArray.data[8] = KEYUSAGE_DECIPHER_ONLY;
242
243 params.keyUsage = &kuArray;
244
245 HcfX509CertChainValidateResult result = { 0 };
246 CfResult ret;
247
248 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
249 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
250
251 kuArray.data[8] = (HcfKeyUsageType)-1;
252 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
253 EXPECT_EQ(ret, CF_INVALID_PARAMS);
254
255 // test ValidatePolicy failed case
256 X509OpensslMock::SetMockFlag(true);
257 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
258 .WillOnce(Return(NULL))
259 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
260 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
261 EXPECT_EQ(ret, CF_INVALID_PARAMS);
262 X509OpensslMock::SetMockFlag(false);
263
264 CfFree(kuArray.data);
265 FreeTrustAnchorArr(trustAnchorArray);
266 }
267
268 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslPart2Test001, TestSize.Level0)
269 {
270 CF_LOG_I("ValidateOpensslPart2Test001");
271 ASSERT_NE(g_certChainPemSpi, nullptr);
272
273 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
274 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
275
276 HcfX509CertChainValidateParams params = { 0 };
277 params.trustAnchors = &trustAnchorArray;
278
279 HcfX509CertChainValidateResult result = { 0 };
280 CfResult ret;
281
282 X509OpensslMock::SetMockFlag(true);
283 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
284 .WillOnce(Return(NULL))
285 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
286 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
287 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
288 X509OpensslMock::SetMockFlag(false);
289
290 FreeTrustAnchorArr(trustAnchorArray);
291 }
292
293 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslCRLLocalTest001, TestSize.Level0)
294 {
295 CF_LOG_I("ValidateOpensslCRLLocalTest001");
296 ASSERT_NE(g_certChainPemSpi, nullptr);
297
298 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
299 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
300
301 HcfX509CertChainValidateParams params = { 0 };
302 params.trustAnchors = &trustAnchorArray;
303
304 HcfX509CertChainValidateResult result = { 0 };
305 CfResult ret;
306
307 X509OpensslMock::SetMockFlag(true);
308 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_new_null())
309 .WillOnce(Return(NULL))
310 .WillRepeatedly(Invoke(__real_OPENSSL_sk_new_null));
311 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
312 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
313 X509OpensslMock::SetMockFlag(false);
314
315 FreeTrustAnchorArr(trustAnchorArray);
316 }
317
318 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslInvaidCertId, TestSize.Level0)
319 {
320 CF_LOG_I("ValidateOpensslInvaidCertId");
321 ASSERT_NE(g_certChainPemSpi, nullptr);
322
323 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
324 BuildAnchorArr(g_inStreamChainDataPemRoot, trustAnchorArray);
325
326 HcfX509CertChainValidateParams params = { 0 };
327 params.trustAnchors = &trustAnchorArray;
328
329 HcfRevChkOpArray revChkOpArray = { 0 };
330 revChkOpArray.count = 1;
331 revChkOpArray.data = (HcfRevChkOption *)CfMalloc(revChkOpArray.count * sizeof(HcfRevChkOption), 0);
332 ASSERT_NE(revChkOpArray.data, nullptr);
333 revChkOpArray.data[0] = REVOCATION_CHECK_OPTION_PREFER_OCSP;
334
335 HcfRevocationCheckParam rcp;
336 rcp.options = &revChkOpArray;
337 params.revocationCheckParam = &rcp;
338
339 HcfX509CertChainValidateResult result = { 0 };
340 CfResult ret;
341
342 // test ValidateOcspLocal failed case
343 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
344 EXPECT_EQ(ret, CF_INVALID_PARAMS);
345 FreeValidateResult(result);
346
347 // test VerifyOcspSigner failed case
348 CfBlob resp;
349 resp.data = (uint8_t *)(&g_testOcspResponses[0]);
350 resp.size = sizeof(g_testOcspResponses);
351 rcp.ocspResponses = &resp;
352
353 ret = g_certChainPemSpi->engineValidate(g_certChainPemSpi, ¶ms, &result);
354 EXPECT_EQ(ret, CF_INVALID_PARAMS);
355 FreeValidateResult(result);
356
357 FreeTrustAnchorArr(trustAnchorArray);
358 CfFree(revChkOpArray.data);
359 }
360
361 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationLocalTest001, TestSize.Level0)
362 {
363 CF_LOG_I("ValidateOpensslRevocationLocalTest001");
364 ASSERT_NE(g_certChainPemSpi163, nullptr);
365
366 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
367 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
368
369 HcfX509CertChainValidateParams params = { 0 };
370 params.trustAnchors = &trustAnchorArray;
371
372 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_PREFER_OCSP };
373 params.revocationCheckParam = ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]));
374 ASSERT_NE(params.revocationCheckParam, nullptr);
375
376 HcfX509CertChainValidateResult result = { 0 };
377
378 // test ValidateOcspLocal failed case
379 CfResult ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
380 EXPECT_EQ(ret, CF_SUCCESS);
381 FreeValidateResult(result);
382
383 FreeTrustAnchorArr(trustAnchorArray);
384 FreeHcfRevocationCheckParam(params.revocationCheckParam);
385 }
386
387 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationOnLineTest006, TestSize.Level0)
388 {
389 CF_LOG_I("ValidateOpensslRevocationOnLineTest006");
390 ASSERT_NE(g_certChainPemSpi163, nullptr);
391
392 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
393 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
394
395 HcfX509CertChainValidateParams params = { 0 };
396 params.trustAnchors = &trustAnchorArray;
397
398 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_ACCESS_NETWORK };
399 params.revocationCheckParam =
400 ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]), &g_blobDownloadURI, nullptr);
401 ASSERT_NE(params.revocationCheckParam, nullptr);
402
403 HcfX509CertChainValidateResult result = { 0 };
404 CfResult ret;
405
406 // test GetDpUrl failed case
407 CF_LOG_I("ValidateOpensslRevocationOnLineTest - 3");
408 DIST_POINT dp = { 0 };
409 X509OpensslMock::SetMockFlag(true);
410 dp.distpoint = nullptr;
411 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
412 .WillOnce(Invoke(__real_OPENSSL_sk_value))
413 .WillOnce(Invoke(__real_OPENSSL_sk_value))
414 .WillOnce(Invoke(__real_OPENSSL_sk_value))
415 .WillOnce(Invoke(__real_OPENSSL_sk_value))
416 .WillOnce(Return(&dp))
417 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
418 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
419 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
420
421 CF_LOG_I("ValidateOpensslRevocationOnLineTest - 4");
422 DIST_POINT_NAME dpn;
423 dpn.type = GEN_URI;
424 dp.distpoint = &dpn;
425 EXPECT_CALL(X509OpensslMock::GetInstance(), OPENSSL_sk_value(_, _))
426 .WillOnce(Invoke(__real_OPENSSL_sk_value))
427 .WillOnce(Invoke(__real_OPENSSL_sk_value))
428 .WillOnce(Invoke(__real_OPENSSL_sk_value))
429 .WillOnce(Invoke(__real_OPENSSL_sk_value))
430 .WillOnce(Return(&dp))
431 .WillRepeatedly(Invoke(__real_OPENSSL_sk_value));
432 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
433 EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
434 X509OpensslMock::SetMockFlag(false);
435
436 FreeTrustAnchorArr(trustAnchorArray);
437 FreeHcfRevocationCheckParam(params.revocationCheckParam);
438 }
439
440 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationOnLineTest009, TestSize.Level0)
441 {
442 CF_LOG_I("ValidateOpensslRevocationOnLineTest009");
443 ASSERT_NE(g_certChainPemSpi163, nullptr);
444
445 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
446 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
447
448 HcfX509CertChainValidateParams params = { 0 };
449 params.trustAnchors = &trustAnchorArray;
450
451 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_PREFER_OCSP, REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER,
452 REVOCATION_CHECK_OPTION_FALLBACK_LOCAL };
453 params.revocationCheckParam =
454 ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]), &g_blobDownloadURI);
455 ASSERT_NE(params.revocationCheckParam, nullptr);
456
457 HcfX509CertChainValidateResult result = { 0 };
458 CfResult ret;
459
460 CF_LOG_I("ValidateOpensslRevocationOnLineTest009 - 1");
461 // test ValidateOcspLocal failed case
462 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
463 EXPECT_EQ(ret, CF_SUCCESS);
464 FreeValidateResult(result);
465
466 CF_LOG_I("ValidateOpensslRevocationOnLineTest009 - 2");
467 (void)HcfX509CertificateCreate(&g_inStreamOcspResponderCert, &(params.revocationCheckParam->ocspResponderCert));
468 ASSERT_NE(params.revocationCheckParam->ocspResponderCert, nullptr);
469 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
470 EXPECT_EQ(ret, CF_INVALID_PARAMS);
471 FreeValidateResult(result);
472
473 FreeTrustAnchorArr(trustAnchorArray);
474 FreeHcfRevocationCheckParam(params.revocationCheckParam);
475 CF_LOG_I("ValidateOpensslRevocationOnLineTest009 - ok");
476 }
477
478 HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationOnLineTest010, TestSize.Level0)
479 {
480 CF_LOG_I("ValidateOpensslRevocationOnLineTest010");
481 ASSERT_NE(g_certChainPemSpi163, nullptr);
482
483 HcfX509TrustAnchorArray trustAnchorArray = { 0 };
484 BuildAnchorArr(g_inStreamChainDataPemRoot163, trustAnchorArray);
485
486 HcfX509CertChainValidateParams params = { 0 };
487 params.trustAnchors = &trustAnchorArray;
488
489 HcfRevChkOption data[] = { REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER, REVOCATION_CHECK_OPTION_FALLBACK_LOCAL };
490 params.revocationCheckParam =
491 ConstructHcfRevocationCheckParam(data, sizeof(data) / sizeof(data[0]), &g_blobDownloadURI);
492 ASSERT_NE(params.revocationCheckParam, nullptr);
493
494 HcfX509CertChainValidateResult result = { 0 };
495 CfResult ret;
496
497 CF_LOG_I("ValidateOpensslRevocationOnLineTest010 - 1");
498 // test ValidateOcspLocal failed case
499 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
500 EXPECT_EQ(ret, CF_SUCCESS);
501 FreeValidateResult(result);
502
503 CF_LOG_I("ValidateOpensslRevocationOnLineTest010 - 2");
504 (void)HcfX509CertificateCreate(&g_inStreamOcspResponderCert, &(params.revocationCheckParam->ocspResponderCert));
505 ASSERT_NE(params.revocationCheckParam->ocspResponderCert, nullptr);
506 ret = g_certChainPemSpi163->engineValidate(g_certChainPemSpi163, ¶ms, &result);
507 EXPECT_EQ(ret, CF_SUCCESS);
508 FreeValidateResult(result);
509
510 FreeTrustAnchorArr(trustAnchorArray);
511 FreeHcfRevocationCheckParam(params.revocationCheckParam);
512 CF_LOG_I("ValidateOpensslRevocationOnLineTest010 - ok");
513 }
514 } // namespace
515