Mercurial > trustbridge
view ui/tests/certlistparsertest.cpp @ 359:f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
This currently fails because polarssl rejects keys with
a public exponent larger then 64 bit.
With the following patch all tests pass. But this
currently awaits upstream comment.
https://polarssl.org/discussions/bug-report-issues/rsa-keys-with-large-public-exponents-are-rejected
--- rsa.c.orig 2014-04-10 17:22:32.727290031 +0200
+++ rsa.c 2014-04-10 17:22:38.847410225 +0200
@@ -154,7 +154,7 @@
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
if( mpi_msb( &ctx->E ) < 2 ||
- mpi_msb( &ctx->E ) > 64 )
+ mpi_msb( &ctx->E ) > POLARSSL_MPI_MAX_BITS )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
return( 0 );
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Thu, 10 Apr 2014 17:50:44 +0200 |
| parents | ee59ab0eb7ff |
| children | 17e1c8f37d72 |
line wrap: on
line source
#include "certlistparsertest.h" #include "certificatelist.h" #include "certificate.h" #include "common.h" #include <QDebug> void CertListTest::testValidList() { #ifdef RELEASE_BUILD const char *fname = "list-valid-signed-release.txt"; #else const char *fname = "list-valid-signed.txt"; #endif QDir dataDir = QDir(SOURCE_DIR"/data/"); QString fileName = dataDir.absoluteFilePath(fname); QFile validList(fileName); validList.open(QIODevice::ReadOnly); QString validData = QString::fromLatin1(validList.readAll()); QStringList instLines; QStringList remoLines; CertificateList *certList = testWithFile(fname); QCOMPARE(certList->getStatus(), Valid); QVERIFY(certList->isValid()); QVERIFY(certList->rawData() == validData.toLatin1()); const QList<Certificate> cList = certList->getCertificates(); foreach (QString act, validData.split("\r\n")) { if (act.startsWith("I:")) { instLines << act; continue; } if (act.startsWith("R:")) { remoLines << act; continue; } } int instCnt = 0, remoCnt = 0; foreach (const Certificate& cert, cList) { QVERIFY(cert.isValid()); if (cert.isInstallCert()) { QVERIFY(instLines.contains(cert.base64Line())); instCnt++; } else { QVERIFY(remoLines.contains(cert.base64Line())); remoCnt++; } } /* Be variable if test data changes later */ QVERIFY(instCnt >= 1); QVERIFY(remoCnt >= 1); QVERIFY(instLines.size() == instCnt); QVERIFY(remoLines.size() == remoCnt); /* Check that a default certificate is invalid */ Certificate cert; QVERIFY(!cert.isValid()); certList->readList(fileName.toLocal8Bit().data()); const QList<Certificate> cList2 = certList->getCertificates(); QVERIFY(instLines.size() + remoLines.size() == cList2.size()); delete certList; } void CertListTest::testInvalidSig() { const char *fnames[] = {"list-invalid-signed.txt", "list-valid-other-signature.txt", "list-valid-sha1-signature.txt", NULL}; for (int i=0; fnames[i] != NULL; i++) { CertificateList *certList = testWithFile(fnames[i]); QCOMPARE (certList->getStatus(), InvalidSignature); delete certList; } } void verifyInvalidFile(const char *fName) { CertificateList *certList = new CertificateList(fName); QVERIFY (certList->getStatus() != Valid); delete certList; } void CertListTest::testInvalidFileNames() { verifyInvalidFile("/dev/random"); verifyInvalidFile("/tmp/"); verifyInvalidFile(NULL); verifyInvalidFile("ä"); verifyInvalidFile("💩 "); } void CertListTest::testEmptyFile() { const char *fname = "empty_file"; CertificateList *certList = testWithFile(fname); QCOMPARE (certList->getStatus(), SeekFailed); delete certList; } void CertListTest::testGarbage() { const char *fname = "list-with-null.txt"; QString fname2 = getRandomDataFile(200); CertificateList *certList = testWithFile(fname); QCOMPARE (certList->getStatus(), InvalidFormat); delete certList; certList = testWithFile(fname2.toLocal8Bit().constData()); QVERIFY(QFile::remove(fname2)); QCOMPARE (certList->getStatus(), InvalidFormat); delete certList; } void CertListTest::testTooLarge() { QString fname = getRandomDataFile(MAX_LINE_LENGTH * MAX_LINES + 1); CertificateList *certList = testWithFile(fname.toLocal8Bit().constData()); QVERIFY(QFile::remove(fname)); QCOMPARE(certList->getStatus(), TooLarge); QVERIFY(!certList->isValid()); delete certList; } void CertListTest::benchmarkValid() { const char *fname = "list-valid-signed.txt"; QBENCHMARK{ CertificateList *certList = testWithFile(fname); delete certList; } } CertificateList* CertListTest::testWithFile(const char *filename) { QDir dataDir = QDir(SOURCE_DIR"/data/"); QString fileName = dataDir.absoluteFilePath(filename); return new CertificateList(fileName.toLocal8Bit().data()); } void CertListTest::testCertificateFromFile() { QList<Certificate> result; /* Real certificates in the wild */ result = Certificate::fromFileName(":/Intevation-Root-CA-2010.crt"); QVERIFY(result.size() == 1); QVERIFY(result[0].isValid()); result = Certificate::fromFileName(":/Intevation-Root-CA-2010.der"); QVERIFY(result.size() == 1); QVERIFY(result[0].isValid()); /* We can handle ECC keys */ result = Certificate::fromFileName(":/valid_ssl_bp.pem"); QVERIFY(result.size() == 1); QVERIFY(result[0].isValid()); /* Basic stuff */ result = Certificate::fromFileName(":/valid_ssl_rsa.pem"); QVERIFY(result.size() == 1); QVERIFY(result[0].isValid()); /* Multiple certs */ result = Certificate::fromFileName(":/import_test.pem"); QVERIFY(result.size() == 15); QString lastCertB64; foreach (const Certificate& cert, result) { QVERIFY(cert.isValid()); /* Just to verify that it's not all the same */ QVERIFY(cert.base64Line() != lastCertB64); lastCertB64 = cert.base64Line(); } /* Some robustness */ QString fname = getRandomDataFile(MAX_LINE_LENGTH * MAX_LINES - 100); result = Certificate::fromFileName(fname); QVERIFY(QFile::remove(fname)); QVERIFY(result.isEmpty()); } int main( int argc, char **argv ) { CertListTest tc; return QTest::qExec( &tc, argc, argv ); }