certstore: follow chain for getCertificateStatus
If a certificate is banned in the trust store, every signed child
certificate should be banned too.
Change-Id: I13cf12ce12c7c94886a5d7b909325857ad01c9a9
diff --git a/tests/certstore.cpp b/tests/certstore.cpp
index 0bc7722..9f4fc81 100644
--- a/tests/certstore.cpp
+++ b/tests/certstore.cpp
@@ -41,10 +41,12 @@
private:
void trustStoreTest();
void getCertificateWithSplitted();
+ void testBannedParent();
CPPUNIT_TEST_SUITE(CertStoreTest);
CPPUNIT_TEST(trustStoreTest);
CPPUNIT_TEST(getCertificateWithSplitted);
+ CPPUNIT_TEST(testBannedParent);
CPPUNIT_TEST_SUITE_END();
};
@@ -199,6 +201,30 @@
&& fullCert->issuer->issuer->getUID() == caCert->getUID());*/
}
+void
+CertStoreTest::testBannedParent()
+{
+ /*auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId);
+
+ auto ca = dht::crypto::generateIdentity("test CA");
+ auto account = dht::crypto::generateIdentity("test account", ca, 4096, true);
+ auto device = dht::crypto::generateIdentity("test device", account);
+ auto device2 = dht::crypto::generateIdentity("test device 2", account);
+ auto id = ca.second->getId().toString();
+ auto pinned = aliceAccount->certStore().getPinnedCertificates();
+ CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
+ == pinned.end());
+
+ // Ban account
+ aliceAccount->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED);
+ CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString())
+ == dhtnet::tls::TrustStore::PermissionStatus::BANNED);
+ CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second));
+ CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second));
+ CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device.second));*/
+}
+
+
} // namespace test
} // namespace dhtnet