annotate ui/tests/binverifytest.cpp @ 999:daa9448b64f5

(issue90) Use certificate pinning and forced ciphersuites for curl
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 01 Sep 2014 19:49:54 +0200
parents b1df9621c89c
children 317ee9dc4684
rev   line source
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
2 * Software engineering by Intevation GmbH
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
3 *
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
6 * See LICENSE.txt for details.
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
7 */
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
8 #include "binverify.h"
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
9 #include "binverifytest.h"
869
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
10 #include "createinstallerdialog.h"
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
11 #include "common.h"
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
12 #include "mainwindow.h"
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
13
869
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
14 #include <QtTest>
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
15 #include <QSettings>
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
16 #include <QTemporaryFile>
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
17
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
18 #ifdef Q_OS_WIN
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
19 # define EXE_SUFFIX ".exe"
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
20 #else
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
21 # define EXE_SUFFIX ""
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
22 #endif
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
23
869
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
24 #ifdef Q_OS_WIN
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
25 Q_IMPORT_PLUGIN(QWindowsIntegrationPlugin)
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
26 #else
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
27 Q_IMPORT_PLUGIN(QXcbIntegrationPlugin)
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
28 #endif
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
29
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
30 /* Some general robustness checks */
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
31 void BinVerifyTest::testMiscErrors()
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
32 {
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
33 QVERIFY (verify_binary (NULL, 10) != VerifyValid);
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
34 QVERIFY (verify_binary ("foo", 10) != VerifyValid);
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
35 QVERIFY (verify_binary ("bar", -1) != VerifyValid);
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
36 /* On windows the next line will check that a valid microsoft
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
37 * signed executable is not valid for us (pinning). On linux
637
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
38 * it will just fail with a read error which we tested above */
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
39 #ifdef Q_OS_WIN
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
40 QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
637
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
41 strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate);
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
42 #endif
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
43 QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid);
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
44 }
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
45
637
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
46 /* Check that a signature with only a different key (of the same size)
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
47 * is not validated (Invalid signature because key and cert don't match)*/
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
48 void BinVerifyTest::testOtherKey()
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
49 {
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
50 QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX,
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
51 strlen("fakeinst-other-key" EXE_SUFFIX)));
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
52 }
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
53
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
54 /* Check that an invalid signature is not validated */
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
55 void BinVerifyTest::testInvalidSig()
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
56 {
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
57 QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX,
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
58 strlen("fakeinst-invalid" EXE_SUFFIX)));
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
59 }
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
60
774
44fa5de02b52 (issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 637
diff changeset
61 #ifdef Q_OS_WIN
44fa5de02b52 (issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 637
diff changeset
62 /* Check that a signature with a different (valid) certificate is not validated
44fa5de02b52 (issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 637
diff changeset
63 * on Linux only the key is checked not the certificate */
637
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
64 void BinVerifyTest::testOtherCert()
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
65 {
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
66 QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX,
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
67 strlen("fakeinst-other-cert" EXE_SUFFIX)));
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
68 }
774
44fa5de02b52 (issue43) Finalize and verify binary verification for linux.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 637
diff changeset
69 #endif
637
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
70
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
71 /* Check that no signature is not validated */
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
72 void BinVerifyTest::testNoSignature()
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
73 {
637
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
74 QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX,
be30d50bc4f0 Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents: 636
diff changeset
75 strlen("fakeinst" EXE_SUFFIX)));
636
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
76 }
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
77
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
78 /* Check that a valid signed executable is verified */
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
79 void BinVerifyTest::testValidBinary()
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
80 {
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
81 QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX,
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
82 strlen("fakeinst-signed" EXE_SUFFIX)));
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
83 }
2fd4f9980a2a Add test for authenticode verificate (binverify)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
84
869
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
85 void BinVerifyTest::testSignatureCreation()
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
86 {
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
87 QSettings testsettings;
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
88 testsettings.setValue("CodeSignCert", SOURCE_DIR"/data/codesign/codesigning-combined.pem");
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
89 testsettings.sync();
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
90 CreateInstallerDialog *theDialog = new CreateInstallerDialog(NULL);
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
91 QString garbage = getRandomDataFile(21*1024*1024);
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
92 QTemporaryFile outfile;
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
93 outfile.open();
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
94 outfile.close();
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
95 bool ret = theDialog->appendTextSignatureToFile (garbage, outfile.fileName());
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
96 QVERIFY(QFile::remove(garbage));
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
97 QVERIFY(ret == true);
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
98 QVERIFY(VerifyValid == verify_binary (outfile.fileName().toUtf8().constData(),
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
99 outfile.fileName().toUtf8().size()));
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
100 }
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
101
b1df9621c89c Add a test for text signature creation with createinstallerdialog
Andre Heinecke <andre.heinecke@intevation.de>
parents: 774
diff changeset
102 QTEST_MAIN (BinVerifyTest);

http://wald.intevation.org/projects/trustbridge/