Mercurial > trustbridge
changeset 636:2fd4f9980a2a
Add test for authenticode verificate (binverify)
Still incomplete
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 23 Jun 2014 18:00:45 +0200 |
parents | ed1887be5170 |
children | be30d50bc4f0 |
files | ui/tests/CMakeLists.txt ui/tests/binverifytest.cpp ui/tests/binverifytest.h ui/tests/mainwindowtest.cpp ui/tests/mainwindowtest.h |
diffstat | 5 files changed, 95 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/ui/tests/CMakeLists.txt Mon Jun 23 17:24:00 2014 +0200 +++ b/ui/tests/CMakeLists.txt Mon Jun 23 18:00:45 2014 +0200 @@ -15,13 +15,18 @@ find_package(Qt5Test) include_directories(${Qt5Test_INCLUDE_DIRS}) find_program(HIAWATHA_EXECUTABLE hiawatha) +find_program(OSSLSIGNCODE_EXECUTABLE osslsigncode) if (NOT HIAWATHA_EXECUTABLE) - message (STATUS "WARNING: hiawatha webserver not found. Downloader tests will fail.") + message (STATUS "WARNING: hiawatha webserver not found. Downloader will not be run.") else() add_definitions(-DHIAWATHA_EXECUTABLE="${HIAWATHA_EXECUTABLE}") endif() +if (WIN32 AND NOT OSSLSIGNCODE_EXECUTABLE) + message (STATUS "WARNING: osslsigncode not found. Authenticode tests will not be run.") +endif() + macro(add_custom_test _source _additional_sources) set(_test ${_source}) get_filename_component(_name ${_source} NAME_WE) @@ -65,7 +70,21 @@ if (WIN32) add_custom_test(windowsstoretest.cpp "${CMAKE_SOURCE_DIR}/cinst/windowsstore.c") -endif (WIN32) + + if (OSSLSIGNCODE_EXECUTABLE) + add_custom_test (binverifytest.cpp "") + add_custom_command( + TARGET binverifytest + POST_BUILD + COMMAND ${OSSLSIGNCODE_EXECUTABLE} sign -certs ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.pem + -key ${CMAKE_CURRENT_SOURCE_DIR}/data/codesign/codesigning.key + -h sha256 -in ${CMAKE_CURRENT_BINARY_DIR}/fakeinst.exe + -out ${CMAKE_CURRENT_BINARY_DIR}/fakeinst-signed.exe + ) + endif() +else () + add_custom_test (binverifytest.cpp "") +endif () if (NSS_FOUND) include_directories(${NSS_INCLUDE_DIRS})
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ui/tests/binverifytest.cpp Mon Jun 23 18:00:45 2014 +0200 @@ -0,0 +1,51 @@ +/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=2) + * and comes with ABSOLUTELY NO WARRANTY! + * See LICENSE.txt for details. + */ +#include "binverify.h" +#include "binverifytest.h" + +#include <QTest> + +#ifdef Q_OS_WIN +# define EXE_SUFFIX ".exe" +#else +# define EXE_SUFFIX "" +#endif + +/* Some general robustness checks */ +void BinVerifyTest::testMiscErrors() +{ + QVERIFY (verify_binary (NULL, 10) != VerifyValid); + QVERIFY (verify_binary ("foo", 10) != VerifyValid); + QVERIFY (verify_binary ("bar", -1) != VerifyValid); + /* On windows the next line will check that a valid microsoft + * signed executable is not valid for us (pinning). On linux + * it will just fail with a read error. */ + QVERIFY (verify_binary ("c:\\Windows\\System32\\mmc.exe", + strlen("c:\\Windows\\System32\\mmc.exe")) != VerifyValid); + QVERIFY (verify_binary ("/dev/null", strlen("/dev/null")) != VerifyValid); +} + +/* Check that no signature is not validated */ +/* Check that an invalid signature is not validated */ +/* Check that a signature with only a different key (of the same size) + * is not validated */ +/* Check that a signature with a different certificate is not validated */ +void BinVerifyTest::testNoSignature() +{ + QVERIFY(VerifyInvalidSignature == verify_binary ("fakeinst" EXE_SUFFIX, + strlen("fakeinst" EXE_SUFFIX))); +} + +/* Check that a valid signed executable is verified */ +void BinVerifyTest::testValidBinary() +{ + QVERIFY (VerifyValid == verify_binary ("fakeinst-signed" EXE_SUFFIX, + strlen("fakeinst-signed" EXE_SUFFIX))); +} + +QTEST_GUILESS_MAIN (BinVerifyTest);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ui/tests/binverifytest.h Mon Jun 23 18:00:45 2014 +0200 @@ -0,0 +1,23 @@ +/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=2) + * and comes with ABSOLUTELY NO WARRANTY! + * See LICENSE.txt for details. + */ +#ifndef COMMONTEST_H +#define COMMONTEST_H + +#include <QObject> + +class BinVerifyTest: public QObject +{ + Q_OBJECT + +private Q_SLOTS: + void testNoSignature(); + void testMiscErrors(); + void testValidBinary(); +}; +#endif +
--- a/ui/tests/mainwindowtest.cpp Mon Jun 23 17:24:00 2014 +0200 +++ b/ui/tests/mainwindowtest.cpp Mon Jun 23 18:00:45 2014 +0200 @@ -23,10 +23,6 @@ emit closeCalled(); } -void MainWindowTest::testInvalidUpdate() { - // TODO -} - void MainWindowTest::testValidUpdate() { QSignalSpy closed(this, SIGNAL(closeCalled())); #ifdef Q_OS_WIN