Mercurial > trustbridge

view ui/tests/binverifytest.cpp @ 1371:23df332b2a4c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue179) Read install signature timestamp from config This also changes the way the sigDt is propgated to the MainWindow. It no longer uses the settings but hands it over as a parameter directly.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 24 Nov 2014 15:48:49 +0100
parents 948f03bb5254
children
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#include "binverify.h"
#include "binverifytest.h"
#include "createinstallerdialog.h"
#include "common.h"
#include "mainwindow.h"

#include <QtTest>
#include <QSettings>
#include <QTemporaryFile>

#ifdef Q_OS_WIN
# define EXE_SUFFIX ".exe"
#else
# define EXE_SUFFIX ""
#endif

#ifdef Q_OS_WIN
 Q_IMPORT_PLUGIN(QWindowsIntegrationPlugin)
#else
 Q_IMPORT_PLUGIN(QXcbIntegrationPlugin)
#endif

/* Some general robustness checks */
void BinVerifyTest::testMiscErrors()
{
  QVERIFY (verify_binary (NULL, 10).result != VerifyValid);
  QVERIFY (verify_binary ("foo", 10).result != VerifyValid);
  QVERIFY (verify_binary ("bar", -1).result!= VerifyValid);
  /* On windows the next line will check that a valid microsoft
   * signed executable is not valid for us (pinning). On linux
   * it will just fail with a read error which we tested above */
#ifdef Q_OS_WIN
  QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
                          strlen("c:\\Windows\\System32\\mmc.exe")).result != VerifyInvalidCertificate);
#endif
  QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")).result != VerifyValid);
}

/* Check that a signature with only a different key (of the same size)
 * is not validated (Invalid signature because key and cert don't match)*/
void BinVerifyTest::testOtherKey()
{
    QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX,
                strlen("fakeinst-other-key" EXE_SUFFIX)).result);
}

/* Check that an invalid signature is not validated */
void BinVerifyTest::testInvalidSig()
{
    bin_verify_result res = verify_binary ("fakeinst-invalid" EXE_SUFFIX,
                strlen("fakeinst-invalid" EXE_SUFFIX));
    QVERIFY(VerifyValid != res.result);
    QVERIFY(res.fptr == NULL);
}

#ifdef Q_OS_WIN
/* Check that a signature with a different (valid) certificate is not validated
 * on Linux only the key is checked not the certificate */
void BinVerifyTest::testOtherCert()
{
    QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX,
                strlen("fakeinst-other-cert" EXE_SUFFIX)).result);
}
#endif

/* Check that no signature is not validated */
void BinVerifyTest::testNoSignature()
{
    bin_verify_result res = verify_binary ("fakeinst" EXE_SUFFIX,
                strlen("fakeinst" EXE_SUFFIX));
    QVERIFY(VerifyValid != res.result);
    QVERIFY(res.fptr == NULL);
}

/* Check that a valid signed executable is verified */
void BinVerifyTest::testValidBinary()
{
    bin_verify_result res = verify_binary ("fakeinst-signed" EXE_SUFFIX,
                                          strlen("fakeinst-signed" EXE_SUFFIX));
    QVERIFY (VerifyValid == res.result);
    QFile thefile ("fakeinst-signed" EXE_SUFFIX);
#ifdef WIN32
    /* Verifies the deny write open mode. But on linux we dont have it. */
    QVERIFY (!thefile.open(QIODevice::ReadWrite));
#endif
    QVERIFY (res.fptr != NULL);
    fclose(res.fptr);
    QVERIFY (thefile.open(QIODevice::ReadWrite));
    QVERIFY (res.sig_time != 0 && res.sig_time != -1);
    QDateTime sigDt = QDateTime::fromTime_t(res.sig_time);
    QVERIFY (sigDt.isValid());
    qDebug() << "Signature time: " << sigDt;
    thefile.close();
}

void BinVerifyTest::testSignatureCreation()
{
  QSettings testsettings;
  testsettings.setValue("CodeSignCert", SOURCE_DIR"/data/codesign/codesigning-combined.pem");
  testsettings.sync();
  CreateInstallerDialog *theDialog = new CreateInstallerDialog(NULL);
  QString garbage = getRandomDataFile(21*1024*1024);
  QTemporaryFile outfile;
  outfile.open();
  outfile.close();
  bool ret = theDialog->appendTextSignatureToFile (garbage, outfile.fileName());
  QVERIFY(QFile::remove(garbage));
  QVERIFY(ret == true);
  bin_verify_result res = verify_binary (outfile.fileName().toUtf8().constData(),
                                        outfile.fileName().toUtf8().size());
  QVERIFY(VerifyValid == res.result);
}
bool g_debug = true;

QTEST_MAIN (BinVerifyTest);
http://wald.intevation.org/projects/trustbridge/