view ui/tests/nsstest.cpp @ 703:2c63bb63de76

(Issue26) Only show manually changed certificates if there are manually changed certificates
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 02 Jul 2014 11:49:39 +0200
parents c262ee333c56
children 344d15e23f6c
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#include <cert.h>
#include <certdb.h>
#include <certt.h>

#include <nss.h>
#include <pk11pub.h>

#include "nsstest.h"
#include "nssstore.h"
#include "strhelp.h"

#include <QTest>
#include <QTextCodec>

#ifdef WIN32
#define endl "\r\n"
#endif

QList<QByteArray> NSSTest::get_nss_certs (QTemporaryDir *nssDir)
{
  CERTCertList *list;
  CERTCertListNode *node;
  QList<QByteArray> retval;

  if (NSS_Initialize(nssDir->path().toLocal8Bit().constData(),
              "", "", "secmod.db", NSS_INIT_READONLY)
      == SECSuccess)
    {
      list = PK11_ListCerts(PK11CertListAll, NULL);
      for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
           node = CERT_LIST_NEXT(node)) {
        retval << QByteArray((const char*)node->cert->derCert.data,
                (int)node->cert->derCert.len);
      }
      CERT_DestroyCertList(list);
      NSS_Shutdown();
    }
  else
    {
      qDebug("Could not open nss certificate store!\n");
    }
  return retval;
}

void NSSTest::setupTestDir(QTemporaryDir *nssDir)
{
    /* Copy the empty nss db in the temporary dir */
    QVERIFY(QFile::copy(":/nss/cert8.db", nssDir->path() + "/" +"cert8.db"));
    QVERIFY(QFile::copy(":/nss/key3.db", nssDir->path() + "/" +"key3.db"));
    QVERIFY(QFile::copy(":/nss/secmod.db", nssDir->path() + "/" +"secmod.db"));

    QVERIFY(QFile::setPermissions(nssDir->path() + "/" +"cert8.db",
                QFileDevice::ReadOwner | QFileDevice::WriteOwner));
    QVERIFY(QFile::setPermissions(nssDir->path() + "/" +"key3.db",
                QFileDevice::ReadOwner | QFileDevice::WriteOwner));
    QVERIFY(QFile::setPermissions(nssDir->path() + "/" +"secmod.db",
                QFileDevice::ReadOwner | QFileDevice::WriteOwner));
//    nssDir->setAutoRemove(false);
}

void NSSTest::initTestCase() {
    QTextCodec::setCodecForLocale(QTextCodec::codecForName("UTF-8")); /* use system default */

    /* Set up a temporary list */
#ifdef RELEASE_BUILD
    QFile res(":/list-valid-signed-release.txt");
#else
    QFile res(":/list-valid-signed.txt");
#endif
    res.open(QIODevice::ReadOnly);
    validListFile.open();
    validListFile.write(res.readAll());
    validListFile.close();

    setupTestDir(&ffNSSDir);
    setupTestDir(&tbNSSDir);

    validList = CertificateList(validListFile.fileName().toLocal8Bit().data());

    QVERIFY(validList.isValid());

    /* Create the profiles.ini `s set environment variables*/
//    fakeHome.setAutoRemove(false);
#ifndef WIN32
    fakeFirefoxDir = QDir(fakeHome.path() + "/.mozilla/firefox");
    fakeThunderbirdDir = QDir(fakeHome.path() + "/.thunderbird");

    /* Copy the current systems NSSSHARED db in the fake home for benchmark tests */
    QDir fakeNSSSharedDir = fakeHome.path() + "/.pki/nssdb";
    QVERIFY(fakeNSSSharedDir.mkpath(fakeNSSSharedDir.path()));
    qDebug() << "Copying: " << QDir::homePath() + "/.pki/nssdb/cert9.db" <<
            " to " << fakeNSSSharedDir.path() + "cert9.db";
    QVERIFY(QFile::copy(QDir::homePath() + "/.pki/nssdb/cert9.db",
            fakeNSSSharedDir.path() + "cert9.db"));
    QVERIFY(QFile::copy(QDir::homePath() + "/.pki/nssdb/key4.db",
            fakeNSSSharedDir.path() + "key4.db"));
    QVERIFY(QFile::copy(QDir::homePath() + "/.pki/nssdb/pkcs11.txt",
            fakeNSSSharedDir.path() + "pkcs11.txt"));

    QVERIFY(!setenv ("HOME", fakeHome.path().toLocal8Bit().constData(), 1));
#else
    {
        char buf[fakeHome.path().toLocal8Bit().size() + 9];
        snprintf(buf, fakeHome.path().toLocal8Bit().size() + 9,
                "APPDATA=%s",fakeHome.path().toLocal8Bit().constData());
        QVERIFY(_putenv (buf) != -1);
    }
    fakeFirefoxDir = QDir(fakeHome.path() + "/Mozilla/firefox");
    fakeThunderbirdDir = QDir(fakeHome.path() + "/Thunderbird");
#endif
    QVERIFY(fakeFirefoxDir.mkpath(fakeFirefoxDir.path()));
    QVERIFY(fakeThunderbirdDir.mkpath(fakeThunderbirdDir.path()));

    QFile mozProfile(fakeFirefoxDir.absoluteFilePath("profiles.ini"));
    QFile tbProfile(fakeThunderbirdDir.absoluteFilePath("profiles.ini"));

    /* Write profiles */
    QVERIFY(mozProfile.open(QIODevice::WriteOnly));
    QTextStream ffStream(&mozProfile);
    ffStream << endl << "[General]"<<
        "StartWithLastProfile=1" << endl <<
        "[Profile0]" << endl <<
        "Name=default" << endl <<
        "IsRelative=1" << endl <<
        "Path=" << fakeFirefoxDir.relativeFilePath(ffNSSDir.path()) << endl;
    ffStream.flush();
    mozProfile.close();

    QVERIFY(tbProfile.open(QIODevice::WriteOnly));
    QTextStream tbStream(&tbProfile);
    tbStream << endl << "[General]"<<
        "StartWithLastProfile=1" << endl <<
        "[Profile102]" << endl <<
        "Name=default" << endl <<
        "IsRelative=0" << endl <<
        "Path=" << tbNSSDir.path() << endl;
    tbStream.flush();
    tbProfile.close();
}

void NSSTest::testInstRemove() {
    char ** to_install = NULL,
         ** to_remove = NULL;

    QList<Certificate> instList;

    /* Install all certificates */
    foreach (const Certificate &cert, validList.getCertificates()) {
        if (!cert.isInstallCert())
            continue;
        instList << cert;
        strv_append (&to_install, cert.base64Line().toLatin1().constData() + 2,
                cert.base64Line().size() - 2);
    }
    QVERIFY((size_t) instList.size() == strv_length(to_install));
    QVERIFY(strv_length(to_install) != 0);

    QVERIFY(write_stores_nss(to_install, to_remove) == 0);

    {
        /* Verify that everything is installed */
        QList<QByteArray> installedCertsFF = get_nss_certs(&ffNSSDir);
        QList<QByteArray> installedCertsTB = get_nss_certs(&tbNSSDir);

        QVERIFY(installedCertsFF.size() == instList.size());
        QVERIFY(installedCertsFF == installedCertsTB);

        for (int i = 0; to_install[i]; i++) {
            QByteArray bai = QByteArray::fromBase64(to_install[i]);
            QVERIFY(installedCertsFF.contains(bai));
        }
    }

    {
        /* Remove one certificate */
        QVERIFY(instList.size() > 2);
        strv_append (&to_remove, to_install[1], qstrlen(to_install[1]));

        QList<QByteArray> beforeFF = get_nss_certs(&ffNSSDir);
        QVERIFY(strv_length(to_remove) == 1);
        QVERIFY(write_stores_nss(NULL, to_remove) == 0);

        QList<QByteArray> installedCertsFF = get_nss_certs(&ffNSSDir);
        QList<QByteArray> installedCertsTB = get_nss_certs(&tbNSSDir);
        QVERIFY(beforeFF.size() > 0);
        QVERIFY(beforeFF.size() - 1 == installedCertsFF.size());

        QVERIFY(installedCertsFF == installedCertsTB);

        QByteArray bai = QByteArray::fromBase64(to_install[1]);
        QVERIFY(!installedCertsTB.contains(bai));

        QVERIFY((size_t)installedCertsTB.size() == strv_length(to_install) - 1);

        for (int i = 0; to_install[i]; i++) {
            if (i == 1) {
                continue;
            }
            QByteArray bai = QByteArray::fromBase64(to_install[i]);
            QVERIFY(installedCertsTB.contains(bai));
        }
    }

    {
        /* Readd all certificates check for duplication*/
        QVERIFY(write_stores_nss(to_install, NULL) == 0);

        QList<QByteArray> installedCertsFF = get_nss_certs(&ffNSSDir);
        QList<QByteArray> installedCertsTB = get_nss_certs(&tbNSSDir);

        QVERIFY(installedCertsFF == installedCertsTB);

        QVERIFY((size_t)installedCertsTB.size() == strv_length(to_install));

        for (int i = 0; to_install[i]; i++) {
            QByteArray bai = QByteArray::fromBase64(to_install[i]);
            QVERIFY(installedCertsTB.contains(bai));
        }
    }

    {
        /* Remove all certificates */
        QVERIFY(write_stores_nss(NULL, to_install) == 0);

        QList<QByteArray> installedCertsFF = get_nss_certs(&ffNSSDir);
        QList<QByteArray> installedCertsTB = get_nss_certs(&tbNSSDir);

        QVERIFY(installedCertsFF == installedCertsTB);

        QVERIFY(installedCertsTB.size() == 0);
    }
}

void NSSTest::benchmarkInstall()
{
    char ** to_install = NULL,
         ** to_remove = NULL;

    QList<Certificate> instList;

    /* Install all certificates */
    foreach (const Certificate &cert, validList.getCertificates()) {
        if (!cert.isInstallCert())
            continue;
        instList << cert;
        strv_append (&to_install, cert.base64Line().toLatin1().constData() + 2,
                cert.base64Line().size() - 2);
    }
    QVERIFY((size_t) instList.size() == strv_length(to_install));
    QVERIFY(strv_length(to_install) != 0);

    QBENCHMARK_ONCE {
        write_stores_nss(to_install, to_remove);
    }
}
QTEST_GUILESS_MAIN (NSSTest);

http://wald.intevation.org/projects/trustbridge/