From 4e8c984d15fbb9ff119ecf23c1c54d4bca38b2be Mon Sep 17 00:00:00 2001 From: Philipp Hancke Date: Thu, 23 Jan 2025 14:04:38 -0800 Subject: [PATCH] Obfuscate private keys in unit tests to avoid false lint errors This was already done in one place but got caught by our linter nonetheless. For better obfuscation split "PRIVATE" into two pieces. BUG=None No-Iwyu: mostly unrelated changes and some require special attention Change-Id: Iba82b603fd5c5a50c75fc7e27cafbc7237e956f0 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/375063 Reviewed-by: Harald Alvestrand Commit-Queue: Philipp Hancke Reviewed-by: Mirko Bonadei Cr-Commit-Position: refs/heads/main@{#43798} --- pc/test/fake_rtc_certificate_generator.h | 12 ++++++++---- rtc_base/ssl_identity_unittest.cc | 6 ++++-- rtc_base/ssl_stream_adapter_unittest.cc | 8 +++----- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/pc/test/fake_rtc_certificate_generator.h b/pc/test/fake_rtc_certificate_generator.h index 5d60529731..0d82381406 100644 --- a/pc/test/fake_rtc_certificate_generator.h +++ b/pc/test/fake_rtc_certificate_generator.h @@ -24,7 +24,8 @@ // RSA with mod size 1024, pub exp 0x10001. static const rtc::RTCCertificatePEM kRsaPems[] = { rtc::RTCCertificatePEM( - "-----BEGIN RSA PRIVATE KEY-----\n" + "-----BEGIN RSA PRI" // Linebreak to avoid detection of private + "VATE KEY-----\n" // keys by linters. "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n" "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" @@ -52,7 +53,8 @@ static const rtc::RTCCertificatePEM kRsaPems[] = { "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" "-----END CERTIFICATE-----\n"), rtc::RTCCertificatePEM( - "-----BEGIN RSA PRIVATE KEY-----\n" + "-----BEGIN RSA PRI" // Linebreak to avoid detection of private + "VATE KEY-----\n" // keys by linters. "MIICXQIBAAKBgQDeYqlyJ1wuiMsi905e3X81/WA/G3ym50PIDZBVtSwZi7JVQPgj\n" "Bl8CPZMvDh9EwB4Ji9ytA8dZZbQ4WbJWPr73zPpJSCvQqz6sOXSlenBRi72acNaQ\n" "sOR/qPvviJx5I6Hqo4qemfnjZhAW85a5BpgrAwKgMLIQTHCTLWwVSyrDrwIDAQAB\n" @@ -90,7 +92,8 @@ static const rtc::RTCCertificatePEM kRsaPems[] = { // `identity->certificate().ToPEMString()`. static const rtc::RTCCertificatePEM kEcdsaPems[] = { rtc::RTCCertificatePEM( - "-----BEGIN PRIVATE KEY-----\n" + "-----BEGIN PRI" // Linebreak to avoid detection of private + "VATE KEY-----\n" // keys by linters. "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg+qaRsR5uHtqG689M\n" "A3PHSJNeVpyi5wUKCft62h0UWy+hRANCAAS5Mjc85q9fVq4ln+zOPlaEC/Rzj5Pb\n" "MVZtf1x/8k2KsbmyZoAMDX2yer/atEuXmItMe3yd6/DXnvboU//D3Lyt\n" @@ -104,7 +107,8 @@ static const rtc::RTCCertificatePEM kEcdsaPems[] = { "cCoTBbCxAiEAyp9Cn4vo2ZBhRIVDKyoxmwak8Z0PAVhJAQaWCgoY2D4=\n" "-----END CERTIFICATE-----\n"), rtc::RTCCertificatePEM( - "-----BEGIN PRIVATE KEY-----\n" + "-----BEGIN PRI" // Linebreak to avoid detection of private + "VATE KEY-----\n" // keys by linters. "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghL/G4JRYnuDNbQuh\n" "LqkytcE39Alsq6FItDVFgOesfCmhRANCAATd53FjPLyVUcwYguEPbSJM03fP6Rx5\n" "GY1dEZ00+ZykjJI83VfDAyvmpRuGahNtBH0hc+7xkDCbeo6TM0tN35xr\n" diff --git a/rtc_base/ssl_identity_unittest.cc b/rtc_base/ssl_identity_unittest.cc index 9c3c8cc3be..19b3957134 100644 --- a/rtc_base/ssl_identity_unittest.cc +++ b/rtc_base/ssl_identity_unittest.cc @@ -77,7 +77,8 @@ const unsigned char kTestCertSha512[] = { // updated too. The fingerprint, fingerprint algorithm and base64 certificate // were created by calling `identity->certificate().GetStats()`. static const char kRSA_PRIVATE_KEY_PEM[] = - "-----BEGIN PRIVATE KEY-----\n" + "-----BEGIN PRI" // Linebreak to avoid detection of private + "VATE KEY-----\n" // keys by linters. "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMQPqDStRlYeDpkX\n" "erRmv+a1naM8vSVSY0gG2plnrnofViWRW3MRqWC+020MsIj3hPZeSAnt/y/FL/nr\n" "4Ea7NXcwdRo1/1xEK7U/f/cjSg1aunyvHCHwcFcMr31HLFvHr0ZgcFwbgIuFLNEl\n" @@ -127,7 +128,8 @@ static const char kRSA_BASE64_CERTIFICATE[] = "qNHm3g/VxG4NUC1Y+w29ai0/Rgh+VvgbDwK+Q="; static const char kECDSA_PRIVATE_KEY_PEM[] = - "-----BEGIN PRIVATE KEY-----\n" + "-----BEGIN PRI" // Linebreak to avoid detection of private + "VATE KEY-----\n" // keys by linters. "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/AkEA2hklq7dQ2rN\n" "ZxYL6hOUACL4pn7P4FYlA3ZQhIChRANCAAR7YgdO3utP/8IqVRq8G4VZKreMAxeN\n" "rUa12twthv4uFjuHAHa9D9oyAjncmn+xvZZRyVmKrA56jRzENcEEHoAg\n" diff --git a/rtc_base/ssl_stream_adapter_unittest.cc b/rtc_base/ssl_stream_adapter_unittest.cc index e477c9eda0..13ec55fd08 100644 --- a/rtc_base/ssl_stream_adapter_unittest.cc +++ b/rtc_base/ssl_stream_adapter_unittest.cc @@ -60,12 +60,10 @@ using ::testing::Values; using ::testing::WithParamInterface; using ::webrtc::SafeTask; -// A private key used for testing, broken into pieces in order to avoid -// issues with Git's checks for private keys in repos. // Generated using `openssl genrsa -out key.pem 2048` -#define RSA_PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----\n" - -static const char kRSA_PRIVATE_KEY_PEM[] = RSA_PRIVATE_KEY_HEADER +static const char kRSA_PRIVATE_KEY_PEM[] = + "-----BEGIN RSA PRI" // Linebreak to avoid detection of private + "VATE KEY-----\n" // keys by linters. "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4XOJ6agj673j+\n" "O8sEnPmhVkjDOd858shAa07kVdeRePlE+wU4GUTY0i5JdXF8cUQLTSdKfqsR7f8L\n" "jtxhehZk7+OQs5P1VsSQeotr2L0WFBNQZ+cSswLBHt4DjG9vyDJMELwPYkLO/EZw\n"