Mercurial > trustbridge
view ui/tests/binverifytest.cpp @ 1178:59b3c22a404c
(issue142) Only remove certificates if requested
Leave the TrustBridge.ini and the list-installed.txt around otherwise.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 22 Sep 2014 12:38:03 +0200 |
parents | edbf5e5e88f4 |
children | 948f03bb5254 |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #include "binverify.h" #include "binverifytest.h" #include "createinstallerdialog.h" #include "common.h" #include "mainwindow.h" #include <QtTest> #include <QSettings> #include <QTemporaryFile> #ifdef Q_OS_WIN # define EXE_SUFFIX ".exe" #else # define EXE_SUFFIX "" #endif #ifdef Q_OS_WIN Q_IMPORT_PLUGIN(QWindowsIntegrationPlugin) #else Q_IMPORT_PLUGIN(QXcbIntegrationPlugin) #endif /* Some general robustness checks */ void BinVerifyTest::testMiscErrors() { QVERIFY (verify_binary (NULL, 10).result != VerifyValid); QVERIFY (verify_binary ("foo", 10).result != VerifyValid); QVERIFY (verify_binary ("bar", -1).result!= VerifyValid); /* On windows the next line will check that a valid microsoft * signed executable is not valid for us (pinning). On linux * it will just fail with a read error which we tested above */ #ifdef Q_OS_WIN QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe", strlen("c:\\Windows\\System32\\mmc.exe")).result != VerifyInvalidCertificate); #endif QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")).result != VerifyValid); } /* Check that a signature with only a different key (of the same size) * is not validated (Invalid signature because key and cert don't match)*/ void BinVerifyTest::testOtherKey() { QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX, strlen("fakeinst-other-key" EXE_SUFFIX)).result); } /* Check that an invalid signature is not validated */ void BinVerifyTest::testInvalidSig() { bin_verify_result res = verify_binary ("fakeinst-invalid" EXE_SUFFIX, strlen("fakeinst-invalid" EXE_SUFFIX)); QVERIFY(VerifyValid != res.result); QVERIFY(res.fptr == NULL); } #ifdef Q_OS_WIN /* Check that a signature with a different (valid) certificate is not validated * on Linux only the key is checked not the certificate */ void BinVerifyTest::testOtherCert() { QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX, strlen("fakeinst-other-cert" EXE_SUFFIX)).result); } #endif /* Check that no signature is not validated */ void BinVerifyTest::testNoSignature() { bin_verify_result res = verify_binary ("fakeinst" EXE_SUFFIX, strlen("fakeinst" EXE_SUFFIX)); QVERIFY(VerifyValid != res.result); QVERIFY(res.fptr == NULL); } /* Check that a valid signed executable is verified */ void BinVerifyTest::testValidBinary() { bin_verify_result res = verify_binary ("fakeinst-signed" EXE_SUFFIX, strlen("fakeinst-signed" EXE_SUFFIX)); QVERIFY (VerifyValid == res.result); QFile thefile ("fakeinst-signed" EXE_SUFFIX); #ifdef WIN32 /* Verifies the deny write open mode. But on linuy we dont have it. */ QVERIFY (!thefile.open(QIODevice::ReadWrite)); #endif QVERIFY (res.fptr != NULL); fclose(res.fptr); QVERIFY (thefile.open(QIODevice::ReadWrite)); thefile.close(); } void BinVerifyTest::testSignatureCreation() { QSettings testsettings; testsettings.setValue("CodeSignCert", SOURCE_DIR"/data/codesign/codesigning-combined.pem"); testsettings.sync(); CreateInstallerDialog *theDialog = new CreateInstallerDialog(NULL); QString garbage = getRandomDataFile(21*1024*1024); QTemporaryFile outfile; outfile.open(); outfile.close(); bool ret = theDialog->appendTextSignatureToFile (garbage, outfile.fileName()); QVERIFY(QFile::remove(garbage)); QVERIFY(ret == true); bin_verify_result res = verify_binary (outfile.fileName().toUtf8().constData(), outfile.fileName().toUtf8().size()); QVERIFY(VerifyValid == res.result); } bool g_debug = true; QTEST_MAIN (BinVerifyTest);