view ui/tests/binverifytest.cpp @ 1390:f3e2df6b49ba

(issue181) Fix hardcoded values for RSA codesigning key size.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 19 Jan 2015 15:42:20 +0100
parents 948f03bb5254
children
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#include "binverify.h"
#include "binverifytest.h"
#include "createinstallerdialog.h"
#include "common.h"
#include "mainwindow.h"

#include <QtTest>
#include <QSettings>
#include <QTemporaryFile>

#ifdef Q_OS_WIN
# define EXE_SUFFIX ".exe"
#else
# define EXE_SUFFIX ""
#endif

#ifdef Q_OS_WIN
 Q_IMPORT_PLUGIN(QWindowsIntegrationPlugin)
#else
 Q_IMPORT_PLUGIN(QXcbIntegrationPlugin)
#endif

/* Some general robustness checks */
void BinVerifyTest::testMiscErrors()
{
  QVERIFY (verify_binary (NULL, 10).result != VerifyValid);
  QVERIFY (verify_binary ("foo", 10).result != VerifyValid);
  QVERIFY (verify_binary ("bar", -1).result!= VerifyValid);
  /* On windows the next line will check that a valid microsoft
   * signed executable is not valid for us (pinning). On linux
   * it will just fail with a read error which we tested above */
#ifdef Q_OS_WIN
  QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe",
                          strlen("c:\\Windows\\System32\\mmc.exe")).result != VerifyInvalidCertificate);
#endif
  QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")).result != VerifyValid);
}

/* Check that a signature with only a different key (of the same size)
 * is not validated (Invalid signature because key and cert don't match)*/
void BinVerifyTest::testOtherKey()
{
    QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX,
                strlen("fakeinst-other-key" EXE_SUFFIX)).result);
}

/* Check that an invalid signature is not validated */
void BinVerifyTest::testInvalidSig()
{
    bin_verify_result res = verify_binary ("fakeinst-invalid" EXE_SUFFIX,
                strlen("fakeinst-invalid" EXE_SUFFIX));
    QVERIFY(VerifyValid != res.result);
    QVERIFY(res.fptr == NULL);
}

#ifdef Q_OS_WIN
/* Check that a signature with a different (valid) certificate is not validated
 * on Linux only the key is checked not the certificate */
void BinVerifyTest::testOtherCert()
{
    QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX,
                strlen("fakeinst-other-cert" EXE_SUFFIX)).result);
}
#endif

/* Check that no signature is not validated */
void BinVerifyTest::testNoSignature()
{
    bin_verify_result res = verify_binary ("fakeinst" EXE_SUFFIX,
                strlen("fakeinst" EXE_SUFFIX));
    QVERIFY(VerifyValid != res.result);
    QVERIFY(res.fptr == NULL);
}

/* Check that a valid signed executable is verified */
void BinVerifyTest::testValidBinary()
{
    bin_verify_result res = verify_binary ("fakeinst-signed" EXE_SUFFIX,
                                          strlen("fakeinst-signed" EXE_SUFFIX));
    QVERIFY (VerifyValid == res.result);
    QFile thefile ("fakeinst-signed" EXE_SUFFIX);
#ifdef WIN32
    /* Verifies the deny write open mode. But on linux we dont have it. */
    QVERIFY (!thefile.open(QIODevice::ReadWrite));
#endif
    QVERIFY (res.fptr != NULL);
    fclose(res.fptr);
    QVERIFY (thefile.open(QIODevice::ReadWrite));
    QVERIFY (res.sig_time != 0 && res.sig_time != -1);
    QDateTime sigDt = QDateTime::fromTime_t(res.sig_time);
    QVERIFY (sigDt.isValid());
    qDebug() << "Signature time: " << sigDt;
    thefile.close();
}

void BinVerifyTest::testSignatureCreation()
{
  QSettings testsettings;
  testsettings.setValue("CodeSignCert", SOURCE_DIR"/data/codesign/codesigning-combined.pem");
  testsettings.sync();
  CreateInstallerDialog *theDialog = new CreateInstallerDialog(NULL);
  QString garbage = getRandomDataFile(21*1024*1024);
  QTemporaryFile outfile;
  outfile.open();
  outfile.close();
  bool ret = theDialog->appendTextSignatureToFile (garbage, outfile.fileName());
  QVERIFY(QFile::remove(garbage));
  QVERIFY(ret == true);
  bin_verify_result res = verify_binary (outfile.fileName().toUtf8().constData(),
                                        outfile.fileName().toUtf8().size());
  QVERIFY(VerifyValid == res.result);
}
bool g_debug = true;

QTEST_MAIN (BinVerifyTest);

http://wald.intevation.org/projects/trustbridge/