andre@636: /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik andre@636: * Software engineering by Intevation GmbH andre@636: * andre@636: * This file is Free Software under the GNU GPL (v>=2) andre@636: * and comes with ABSOLUTELY NO WARRANTY! andre@636: * See LICENSE.txt for details. andre@636: */ andre@636: #include "binverify.h" andre@636: #include "binverifytest.h" andre@869: #include "createinstallerdialog.h" andre@869: #include "common.h" andre@869: #include "mainwindow.h" andre@636: andre@869: #include andre@869: #include andre@869: #include andre@636: andre@636: #ifdef Q_OS_WIN andre@636: # define EXE_SUFFIX ".exe" andre@636: #else andre@636: # define EXE_SUFFIX "" andre@636: #endif andre@636: andre@869: #ifdef Q_OS_WIN andre@869: Q_IMPORT_PLUGIN(QWindowsIntegrationPlugin) andre@869: #else andre@869: Q_IMPORT_PLUGIN(QXcbIntegrationPlugin) andre@869: #endif andre@869: andre@636: /* Some general robustness checks */ andre@636: void BinVerifyTest::testMiscErrors() andre@636: { andre@636: QVERIFY (verify_binary (NULL, 10) != VerifyValid); andre@636: QVERIFY (verify_binary ("foo", 10) != VerifyValid); andre@636: QVERIFY (verify_binary ("bar", -1) != VerifyValid); andre@636: /* On windows the next line will check that a valid microsoft andre@636: * signed executable is not valid for us (pinning). On linux andre@637: * it will just fail with a read error which we tested above */ andre@637: #ifdef Q_OS_WIN andre@636: QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe", andre@637: strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyInvalidCertificate); andre@637: #endif andre@636: QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid); andre@636: } andre@636: andre@637: /* Check that a signature with only a different key (of the same size) andre@637: * is not validated (Invalid signature because key and cert don't match)*/ andre@637: void BinVerifyTest::testOtherKey() andre@637: { andre@637: QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst-other-key" EXE_SUFFIX, andre@637: strlen("fakeinst-other-key" EXE_SUFFIX))); andre@637: } andre@637: andre@637: /* Check that an invalid signature is not validated */ andre@637: void BinVerifyTest::testInvalidSig() andre@637: { andre@637: QVERIFY(VerifyValid != verify_binary ("fakeinst-invalid" EXE_SUFFIX, andre@637: strlen("fakeinst-invalid" EXE_SUFFIX))); andre@637: } andre@637: andre@774: #ifdef Q_OS_WIN andre@774: /* Check that a signature with a different (valid) certificate is not validated andre@774: * on Linux only the key is checked not the certificate */ andre@637: void BinVerifyTest::testOtherCert() andre@637: { andre@637: QVERIFY(VerifyInvalidCertificate == verify_binary ("fakeinst-other-cert" EXE_SUFFIX, andre@637: strlen("fakeinst-other-cert" EXE_SUFFIX))); andre@637: } andre@774: #endif andre@637: andre@636: /* Check that no signature is not validated */ andre@636: void BinVerifyTest::testNoSignature() andre@636: { andre@637: QVERIFY(VerifyValid != verify_binary ("fakeinst" EXE_SUFFIX, andre@637: strlen("fakeinst" EXE_SUFFIX))); andre@636: } andre@636: andre@636: /* Check that a valid signed executable is verified */ andre@636: void BinVerifyTest::testValidBinary() andre@636: { andre@636: QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX, andre@636: strlen("fakeinst-signed" EXE_SUFFIX))); andre@636: } andre@636: andre@869: void BinVerifyTest::testSignatureCreation() andre@869: { andre@869: QSettings testsettings; andre@869: testsettings.setValue("CodeSignCert", SOURCE_DIR"/data/codesign/codesigning-combined.pem"); andre@869: testsettings.sync(); andre@869: CreateInstallerDialog *theDialog = new CreateInstallerDialog(NULL); andre@869: QString garbage = getRandomDataFile(21*1024*1024); andre@869: QTemporaryFile outfile; andre@869: outfile.open(); andre@869: outfile.close(); andre@869: bool ret = theDialog->appendTextSignatureToFile (garbage, outfile.fileName()); andre@869: QVERIFY(QFile::remove(garbage)); andre@869: QVERIFY(ret == true); andre@869: QVERIFY(VerifyValid == verify_binary (outfile.fileName().toUtf8().constData(), andre@869: outfile.fileName().toUtf8().size())); andre@869: } andre@869: andre@869: QTEST_MAIN (BinVerifyTest);