view ui/tests/certlistparsertest.cpp @ 1119:5349e2354c48

(issue54) Merge branch runafterinstall There is now an NSIS Plugin that executes the Software after installation using COM in the shell of the current user. With the way over the shell there is no inheritance / token management required. As it is impossible to drop all privileges of a token granted by UAC and still be able to reelevate the Token again with another RunAs call later this round trip over the Shell was necessary.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 16 Sep 2014 19:48:22 +0200
parents 17e1c8f37d72
children e3772d2810b3
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#include "certlistparsertest.h"
#include "certificatelist.h"
#include "certificate.h"
#include "common.h"

#include <QDebug>

void CertListTest::testValidList()
{
#ifdef RELEASE_BUILD
    const char *fname = "list-valid-signed-release.txt";
#else
    const char *fname = "list-valid-signed.txt";
#endif

    QDir dataDir = QDir(SOURCE_DIR"/data/");
    QString fileName = dataDir.absoluteFilePath(fname);
    QFile validList(fileName);
    validList.open(QIODevice::ReadOnly);
    QString validData = QString::fromLatin1(validList.readAll());
    QStringList instLines;
    QStringList remoLines;

    CertificateList *certList = testWithFile(fname);
    QCOMPARE(certList->getStatus(), Valid);
    QVERIFY(certList->isValid());

    QVERIFY(certList->rawData() == validData.toLatin1());

    const QList<Certificate> cList = certList->getCertificates();

    foreach (QString act, validData.split("\r\n")) {
        if (act.startsWith("I:")) {
            instLines << act;
            continue;
        }
        if (act.startsWith("R:")) {
            remoLines << act;
            continue;
        }
    }

    int instCnt = 0,
        remoCnt = 0;
    foreach (const Certificate& cert, cList) {
        QVERIFY(cert.isValid());
        if (cert.isInstallCert()) {
            QVERIFY(instLines.contains(cert.base64Line()));
            instCnt++;
        } else {
            QVERIFY(remoLines.contains(cert.base64Line()));
            remoCnt++;
        }
    }

    /* Be variable if test data changes later */
    QVERIFY(instCnt >= 1);
    QVERIFY(remoCnt >= 1);
    QVERIFY(instLines.size() == instCnt);
    QVERIFY(remoLines.size() == remoCnt);

    /* Check that a default certificate is invalid */
    Certificate cert;
    QVERIFY(!cert.isValid());

    certList->readList(fileName.toLocal8Bit().data());

    const QList<Certificate> cList2 = certList->getCertificates();
    QVERIFY(instLines.size() + remoLines.size() == cList2.size());

    delete certList;
}

void CertListTest::testInvalidSig()
{
    const char *fnames[] = {"list-invalid-signed.txt",
        "list-valid-other-signature.txt",
        "list-valid-sha1-signature.txt",
        NULL};
    for (int i=0; fnames[i] != NULL; i++) {
        CertificateList *certList = testWithFile(fnames[i]);
        QCOMPARE (certList->getStatus(), InvalidSignature);
        delete certList;
    }
}

void verifyInvalidFile(const char *fName) {
    CertificateList *certList = new CertificateList(fName);
    QVERIFY (certList->getStatus() != Valid);
    delete certList;
}

void CertListTest::testInvalidFileNames()
{
    verifyInvalidFile("/dev/random");
    verifyInvalidFile("/tmp/");
    verifyInvalidFile(NULL);
    verifyInvalidFile("ä");
    verifyInvalidFile("💩 ");
}

void CertListTest::testEmptyFile()
{
    const char *fname = "empty_file";
    CertificateList *certList = testWithFile(fname);
    QCOMPARE (certList->getStatus(), SeekFailed);
    delete certList;
}

void CertListTest::testGarbage()
{
    const char *fname = "list-with-null.txt";
    QString fname2 = getRandomDataFile(200);
    CertificateList *certList = testWithFile(fname);
    QCOMPARE (certList->getStatus(), InvalidFormat);
    delete certList;
    certList = testWithFile(fname2.toLocal8Bit().constData());
    QVERIFY(QFile::remove(fname2));
    QCOMPARE (certList->getStatus(), InvalidFormat);
    delete certList;
}

void CertListTest::testTooLarge()
{
    QString fname = getRandomDataFile(MAX_LINE_LENGTH * MAX_LINES + 1);
    CertificateList *certList = testWithFile(fname.toLocal8Bit().constData());
    QVERIFY(QFile::remove(fname));
    QCOMPARE(certList->getStatus(), TooLarge);
    QVERIFY(!certList->isValid());
    delete certList;
}

void CertListTest::benchmarkValid()
{
    const char *fname = "list-valid-signed.txt";

    QBENCHMARK{
        CertificateList *certList = testWithFile(fname);
        delete certList;
    }
}

CertificateList* CertListTest::testWithFile(const char *filename)
{
    QDir dataDir = QDir(SOURCE_DIR"/data/");
    QString fileName = dataDir.absoluteFilePath(filename);
    return new CertificateList(fileName.toLocal8Bit().data());
}

void CertListTest::testCertificateFromFile()
{
    QList<Certificate> result;

    /* Real certificates in the wild */
    result = Certificate::fromFileName(":/Intevation-Root-CA-2010.crt");
    QVERIFY(result.size() == 1);
    QVERIFY(result[0].isValid());
    result = Certificate::fromFileName(":/Intevation-Root-CA-2010.der");
    QVERIFY(result.size() == 1);
    QVERIFY(result[0].isValid());

    /* We can handle ECC keys */
    result = Certificate::fromFileName(":/valid_ssl_bp.pem");
    QVERIFY(result.size() == 1);
    QVERIFY(result[0].isValid());

    /* Basic stuff */
    result = Certificate::fromFileName(":/valid_ssl_rsa.pem");
    QVERIFY(result.size() == 1);
    QVERIFY(result[0].isValid());

    /* Multiple certs */
    result = Certificate::fromFileName(":/import_test.pem");
    QVERIFY(result.size() == 15);

    QString lastCertB64;
    foreach (const Certificate& cert, result) {
        QVERIFY(cert.isValid());
        /* Just to verify that it's not all the same */
        QVERIFY(cert.base64Line() != lastCertB64);
        lastCertB64 = cert.base64Line();
    }

    /* Some robustness */
    QString fname = getRandomDataFile(MAX_LINE_LENGTH * MAX_LINES - 100);
    result = Certificate::fromFileName(fname);
    QVERIFY(QFile::remove(fname));
    QVERIFY(result.isEmpty());
}

int main( int argc, char **argv )
{
  CertListTest tc;
  return QTest::qExec( &tc, argc, argv );
}


http://wald.intevation.org/projects/trustbridge/