Mercurial > trustbridge
annotate ui/tests/binverifytest.cpp @ 824:a511c1f45c70
(Issue47) Drop privileges before executing NSS process.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 21 Jul 2014 18:51:34 +0200 |
parents | 44fa5de02b52 |
children | b1df9621c89c |
rev | line source |
---|---|
636
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 * |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=2) |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 * See LICENSE.txt for details. |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 */ |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 #include "binverify.h" |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 #include "binverifytest.h" |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 #include <QTest> |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 #ifdef Q_OS_WIN |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 # define EXE_SUFFIX ".exe" |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 #else |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 # define EXE_SUFFIX "" |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 #endif |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 /* Some general robustness checks */ |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 void BinVerifyTest::testMiscErrors() |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 { |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 QVERIFY (verify_binary (NULL, 10) != VerifyValid); |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 QVERIFY (verify_binary ("foo", 10) != VerifyValid); |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 QVERIFY (verify_binary ("bar", -1) != VerifyValid); |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 /* On windows the next line will check that a valid microsoft |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 * signed executable is not valid for us (pinning). On linux |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
27 * it will just fail with a read error which we tested above */ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
28 #ifdef Q_OS_WIN |
636
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe", |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
30 strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate); |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
31 #endif |
636
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid); |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 } |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
35 /* Check that a signature with only a different key (of the same size) |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
36 * is not validated (Invalid signature because key and cert don't match)*/ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
37 void BinVerifyTest::testOtherKey() |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
38 { |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
39 QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX, |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
40 strlen("fakeinst-other-key" EXE_SUFFIX))); |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
41 } |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
42 |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
43 /* Check that an invalid signature is not validated */ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
44 void BinVerifyTest::testInvalidSig() |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
45 { |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
46 QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX, |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
47 strlen("fakeinst-invalid" EXE_SUFFIX))); |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
48 } |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
49 |
774
44fa5de02b52
(issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
50 #ifdef Q_OS_WIN |
44fa5de02b52
(issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
51 /* Check that a signature with a different (valid) certificate is not validated |
44fa5de02b52
(issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
52 * on Linux only the key is checked not the certificate */ |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
53 void BinVerifyTest::testOtherCert() |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
54 { |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
55 QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX, |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
56 strlen("fakeinst-other-cert" EXE_SUFFIX))); |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
57 } |
774
44fa5de02b52
(issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
58 #endif |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
59 |
636
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 /* Check that no signature is not validated */ |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 void BinVerifyTest::testNoSignature() |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 { |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
63 QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX, |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
636
diff
changeset
|
64 strlen("fakeinst" EXE_SUFFIX))); |
636
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 } |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 /* Check that a valid signed executable is verified */ |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 void BinVerifyTest::testValidBinary() |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 { |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX, |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 strlen("fakeinst-signed" EXE_SUFFIX))); |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 } |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 |
2fd4f9980a2a
Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 QTEST_GUILESS_MAIN (BinVerifyTest); |