Mercurial > trustbridge

view ui/tests/binverifytest.cpp @ 648:e41a2537b84d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement root installation We now iterate over all users that do not obviously have their login shell disabled and look for NSS directories in their home directory, dropping our privileges to do so.
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 25 Jun 2014 12:44:47 +0200
parents be30d50bc4f0
children 44fa5de02b52
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#include "binverify.h"
#include "binverifytest.h"

#include <QTest>

#ifdef Q_OS_WIN
# define EXE_SUFFIX ".exe"
#else
# define EXE_SUFFIX ""
#endif

/* Some general robustness checks */
void BinVerifyTest::testMiscErrors()
{
  QVERIFY (verify_binary (NULL, 10) != VerifyValid);
  QVERIFY (verify_binary ("foo", 10) != VerifyValid);
  QVERIFY (verify_binary ("bar", -1) != VerifyValid);
  /* On windows the next line will check that a valid microsoft
   * signed executable is not valid for us (pinning). On linux
   * it will just fail with a read error which we tested above */
#ifdef Q_OS_WIN
  QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
                          strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate);
#endif
  QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid);
}

/* Check that a signature with only a different key (of the same size)
 * is not validated (Invalid signature because key and cert don't match)*/
void BinVerifyTest::testOtherKey()
{
    QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX,
                strlen("fakeinst-other-key" EXE_SUFFIX)));
}

/* Check that an invalid signature is not validated */
void BinVerifyTest::testInvalidSig()
{
    QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX,
                strlen("fakeinst-invalid" EXE_SUFFIX)));
}

/* Check that a signature with a different (valid) certificate is not validated */
void BinVerifyTest::testOtherCert()
{
    QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX,
                strlen("fakeinst-other-cert" EXE_SUFFIX)));
}

/* Check that no signature is not validated */
void BinVerifyTest::testNoSignature()
{
    QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX,
                strlen("fakeinst" EXE_SUFFIX)));
}

/* Check that a valid signed executable is verified */
void BinVerifyTest::testValidBinary()
{
  QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX,
                                         strlen("fakeinst-signed" EXE_SUFFIX)));
}

QTEST_GUILESS_MAIN (BinVerifyTest);
http://wald.intevation.org/projects/trustbridge/