# HG changeset patch # User Andre Heinecke # Date 1403539245 -7200 # Node ID 2fd4f9980a2a757b1e76a56c4f363ada29e6b0f9 # Parent ed1887be5170d746ed4be0918629bc85101f4ae9 Add test for authenticode verificate (binverify) Still incomplete diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/CMakeLists.txt --- a/ui/tests/CMakeLists.txt Mon Jun 23 17:24:00 2014 +0200 +++ b/ui/tests/CMakeLists.txt Mon Jun 23 18:00:45 2014 +0200 @@ -15,13 +15,18 @@ find_package(Qt5Test) include_directories(${Qt5Test_INCLUDE_DIRS}) find_program(HIAWATHA_EXECUTABLE hiawatha) +find_program(OSSLSIGNCODE_EXECUTABLE osslsigncode) if (NOT HIAWATHA_EXECUTABLE) - message (STATUS "WARNING: hiawatha webserver not found. Downloader tests will fail.") + message (STATUS "WARNING: hiawatha webserver not found. Downloader will not be run.") else() add_definitions(-DHIAWATHA_EXECUTABLE="${HIAWATHA_EXECUTABLE}") endif() +if (WIN32 AND NOT OSSLSIGNCODE_EXECUTABLE) + message (STATUS "WARNING: osslsigncode not found. Authenticode tests will not be run.") +endif() + macro(add_custom_test _source _additional_sources) set(_test ${_source}) get_filename_component(_name ${_source} NAME_WE) @@ -65,7 +70,21 @@ if (WIN32) add_custom_test(windowsstoretest.cpp "${CMAKE_SOURCE_DIR}/cinst/windowsstore.c") -endif (WIN32) + + if (OSSLSIGNCODE_EXECUTABLE) + add_custom_test (binverifytest.cpp "") + add_custom_command( + TARGET binverifytest + POST_BUILD + COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem + -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key + -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe + -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-signed.exe + ) + endif() +else () + add_custom_test (binverifytest.cpp "") +endif () if (NSS_FOUND) include_directories(${NSS_INCLUDE_DIRS}) diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/binverifytest.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ui/tests/binverifytest.cpp Mon Jun 23 18:00:45 2014 +0200 @@ -0,0 +1,51 @@ +/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=2) + * and comes with ABSOLUTELY NO WARRANTY! + * See LICENSE.txt for details. + */ +#include "binverify.h" +#include "binverifytest.h" + +#include + +#ifdef Q_OS_WIN +# define EXE_SUFFIX ".exe" +#else +# define EXE_SUFFIX "" +#endif + +/* Some general robustness checks */ +void BinVerifyTest::testMiscErrors() +{ + QVERIFY (verify_binary (NULL, 10) != VerifyValid); + QVERIFY (verify_binary ("foo", 10) != VerifyValid); + QVERIFY (verify_binary ("bar", -1) != VerifyValid); + /* On windows the next line will check that a valid microsoft + * signed executable is not valid for us (pinning). On linux + * it will just fail with a read error. */ + QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe", + strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyValid); + QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid); +} + +/* Check that no signature is not validated */ +/* Check that an invalid signature is not validated */ +/* Check that a signature with only a different key (of the same size) + * is not validated */ +/* Check that a signature with a different certificate is not validated */ +void BinVerifyTest::testNoSignature() +{ + QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst" EXE_SUFFIX, + strlen("fakeinst" EXE_SUFFIX))); +} + +/* Check that a valid signed executable is verified */ +void BinVerifyTest::testValidBinary() +{ + QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX, + strlen("fakeinst-signed" EXE_SUFFIX))); +} + +QTEST_GUILESS_MAIN (BinVerifyTest); diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/binverifytest.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ui/tests/binverifytest.h Mon Jun 23 18:00:45 2014 +0200 @@ -0,0 +1,23 @@ +/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=2) + * and comes with ABSOLUTELY NO WARRANTY! + * See LICENSE.txt for details. + */ +#ifndef COMMONTEST_H +#define COMMONTEST_H + +#include + +class BinVerifyTest: public QObject +{ + Q_OBJECT + +private Q_SLOTS: + void testNoSignature(); + void testMiscErrors(); + void testValidBinary(); +}; +#endif + diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/mainwindowtest.cpp --- a/ui/tests/mainwindowtest.cpp Mon Jun 23 17:24:00 2014 +0200 +++ b/ui/tests/mainwindowtest.cpp Mon Jun 23 18:00:45 2014 +0200 @@ -23,10 +23,6 @@ emit closeCalled(); } -void MainWindowTest::testInvalidUpdate() { - // TODO -} - void MainWindowTest::testValidUpdate() { QSignalSpy closed(this, SIGNAL(closeCalled())); #ifdef Q_OS_WIN diff -r ed1887be5170 -r 2fd4f9980a2a ui/tests/mainwindowtest.h --- a/ui/tests/mainwindowtest.h Mon Jun 23 17:24:00 2014 +0200 +++ b/ui/tests/mainwindowtest.h Mon Jun 23 18:00:45 2014 +0200 @@ -23,7 +23,6 @@ void closeApp(); private Q_SLOTS: - void testInvalidUpdate(); void testValidUpdate(); Q_SIGNALS: