commit 5792825a6d5c0ed40cc84d96cb489765e661358d
author Sébastien Blin <sebastien.blin@savoirfairelinux.com> Tue Aug 08 14:22:03 2023 -0400
committer Adrien Béraud <adrien.beraud@savoirfairelinux.com> Mon Sep 18 09:01:41 2023 -0400
tree 14301f8e49673d9f9302db73eb5dbfa61f18703d
parent c39f66721d683d24dc35cc2dc9a50f5147f50d46

certstore: follow chain for getCertificateStatus

If a certificate is banned in the trust store, every signed child
certificate should be banned too.

Change-Id: I13cf12ce12c7c94886a5d7b909325857ad01c9a9

tests/certstore.cpp

diff --git a/tests/certstore.cpp b/tests/certstore.cpp
index 0bc7722..9f4fc81 100644
--- a/tests/certstore.cpp
+++ b/tests/certstore.cpp
@@ -41,10 +41,12 @@
 private:
     void trustStoreTest();
     void getCertificateWithSplitted();
+    void testBannedParent();
 
     CPPUNIT_TEST_SUITE(CertStoreTest);
     CPPUNIT_TEST(trustStoreTest);
     CPPUNIT_TEST(getCertificateWithSplitted);
+    CPPUNIT_TEST(testBannedParent);
     CPPUNIT_TEST_SUITE_END();
 };
 
@@ -199,6 +201,30 @@
                    && fullCert->issuer->issuer->getUID() == caCert->getUID());*/
 }
 
+void
+CertStoreTest::testBannedParent()
+{
+    /*auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId);
+
+    auto ca = dht::crypto::generateIdentity("test CA");
+    auto account = dht::crypto::generateIdentity("test account", ca, 4096, true);
+    auto device = dht::crypto::generateIdentity("test device", account);
+    auto device2 = dht::crypto::generateIdentity("test device 2", account);
+    auto id = ca.second->getId().toString();
+    auto pinned = aliceAccount->certStore().getPinnedCertificates();
+    CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
+                   == pinned.end());
+
+    // Ban account
+    aliceAccount->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED);
+    CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString())
+                   == dhtnet::tls::TrustStore::PermissionStatus::BANNED);
+    CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second));
+    CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second));
+    CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device.second));*/
+}
+
+
 } // namespace test
 } // namespace dhtnet