Gitiles
Code Review Sign In
review.jami.net / dhtnet / 125f5b34ac3495b036b7f587fb3b050091e2133e / . / tests / certstore.cpp
blob: 886b852ef8f7d17233e3514817705d955576ebfe [file] [log] [blame]
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]1/*
2 * Copyright (C) 2004-2023 Savoir-faire Linux Inc.
3 *
Adrien Béraudcb753622023-07-17 22:32:49 -0400[diff] [blame]4 * This program is free software: you can redistribute it and/or modify
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]5 * it under the terms of the GNU General Public License as published by
Adrien Béraudcb753622023-07-17 22:32:49 -0400[diff] [blame]6 * the Free Software Foundation, either version 3 of the License, or
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Adrien Béraudcb753622023-07-17 22:32:49 -0400[diff] [blame]11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
Adrien Béraudcb753622023-07-17 22:32:49 -0400[diff] [blame]15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]16 */
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]17#include <cppunit/TestAssert.h>
18#include <cppunit/TestFixture.h>
19#include <cppunit/extensions/HelperMacros.h>
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]20#include <filesystem>
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]21
22#include "test_runner.h"
23#include "certstore.h"
24
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]25namespace dhtnet {
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]26namespace test {
27
28class CertStoreTest : public CppUnit::TestFixture
29{
30public:
31 CertStoreTest()
32 {
33 }
34 ~CertStoreTest() { }
35 static std::string name() { return "certstore"; }
36 void setUp();
37 void tearDown();
38
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]39 std::shared_ptr<tls::CertificateStore> aliceCertStore;
40 std::shared_ptr<tls::TrustStore> aliceTrustStore;
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]41private:
42 void trustStoreTest();
43 void getCertificateWithSplitted();
Sébastien Blin57928252023-08-08 14:22:03 -0400[diff] [blame]44 void testBannedParent();
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]45
46 CPPUNIT_TEST_SUITE(CertStoreTest);
47 CPPUNIT_TEST(trustStoreTest);
48 CPPUNIT_TEST(getCertificateWithSplitted);
Sébastien Blin57928252023-08-08 14:22:03 -0400[diff] [blame]49 CPPUNIT_TEST(testBannedParent);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]50 CPPUNIT_TEST_SUITE_END();
51};
52
53CPPUNIT_TEST_SUITE_NAMED_REGISTRATION(CertStoreTest, CertStoreTest::name());
54
55void
56CertStoreTest::setUp()
57{
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]58 aliceCertStore = std::make_shared<tls::CertificateStore>("aliceCertStore", nullptr);
59 aliceTrustStore = std::make_shared<tls::TrustStore>(*aliceCertStore);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]60}
61
62void
63CertStoreTest::tearDown()
64{
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]65 std::filesystem::remove_all("aliceCertStore");
66 aliceCertStore.reset();
67 aliceTrustStore.reset();
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]68}
69
70void
71CertStoreTest::trustStoreTest()
72{
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]73 auto ca = dht::crypto::generateIdentity("test CA");
74 auto account = dht::crypto::generateIdentity("test account", ca, 4096, true);
75 auto device = dht::crypto::generateIdentity("test device", account);
76 auto device2 = dht::crypto::generateIdentity("test device 2", account);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]77 auto storeSize = aliceCertStore->getPinnedCertificates().size();
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]78 auto id = ca.second->getId().toString();
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]79 auto pinned = aliceCertStore->getPinnedCertificates();
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]80 CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
81 == pinned.end());
82
83 // Test certificate status
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]84 auto certAllowed = aliceTrustStore->getCertificatesByStatus(
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]85 dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]86 CPPUNIT_ASSERT(
87 std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; })
88 == certAllowed.end());
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]89 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(id)
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]90 == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]91 aliceTrustStore->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
92 certAllowed = aliceTrustStore->getCertificatesByStatus(
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]93 dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]94 CPPUNIT_ASSERT(
95 std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; })
96 != certAllowed.end());
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]97 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(id)
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]98 == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]99 aliceTrustStore->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED);
100 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(id)
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]101 == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]102 aliceTrustStore->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
103 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(id)
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]104 == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]105
106 // Test getPinnedCertificates
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]107 pinned = aliceCertStore->getPinnedCertificates();
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]108 CPPUNIT_ASSERT(pinned.size() == storeSize + 2);
109 CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
110 != pinned.end());
111
112 // Test findCertificateByUID & findIssuer
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]113 CPPUNIT_ASSERT(!aliceCertStore->findCertificateByUID("NON_EXISTING_ID"));
114 auto cert = aliceCertStore->findCertificateByUID(id);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]115 CPPUNIT_ASSERT(cert);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]116 auto issuer = aliceCertStore->findIssuer(cert);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]117 CPPUNIT_ASSERT(issuer);
118 CPPUNIT_ASSERT(issuer->getId().toString() == id);
119
120 // Test is allowed
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]121 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*ca.second));
122 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*account.second));
123 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*device.second));
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]124
125 // Ban device
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]126 aliceTrustStore->setCertificateStatus(device.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED);
127 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(device.second->getId().toString())
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]128 == dhtnet::tls::TrustStore::PermissionStatus::BANNED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]129 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(id)
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]130 == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]131
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]132 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*ca.second));
133 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*account.second));
134 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*device.second));
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]135
136 // Ban account
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]137 aliceTrustStore->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED);
138 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(account.second->getId().toString())
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]139 == dhtnet::tls::TrustStore::PermissionStatus::BANNED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]140 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*ca.second));
141 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*account.second));
142 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*device2.second));
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]143
144 // Unban account
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]145 aliceTrustStore->setCertificateStatus(account.second,
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]146 dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]147 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(account.second->getId().toString())
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]148 == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]149 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*ca.second));
150 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*account.second));
151 CPPUNIT_ASSERT(aliceTrustStore->isAllowed(*device2.second));
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]152
153 // Ban CA
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]154 aliceTrustStore->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED);
155 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(ca.second->getId().toString())
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]156 == dhtnet::tls::TrustStore::PermissionStatus::BANNED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]157 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*ca.second));
158 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*account.second));
159 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*device2.second));
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]160
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]161 aliceTrustStore->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED);
162 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(ca.second->getId().toString())
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]163 == dhtnet::tls::TrustStore::PermissionStatus::BANNED);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]164
165 // Test unpin
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]166 aliceCertStore->unpinCertificate(id);
167 pinned = aliceCertStore->getPinnedCertificates();
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]168 CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
169 == pinned.end());
170
171 // Test statusToStr
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]172 /*CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::TRUSTED),
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]173 libdhtnet::Certificate::TrustStatus::TRUSTED)
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]174 == 0);
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]175 CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::UNTRUSTED),
176 libdhtnet::Certificate::TrustStatus::UNTRUSTED)
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]177 == 0);*/
178}
179
180void
181CertStoreTest::getCertificateWithSplitted()
182{
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]183 auto ca = dht::crypto::generateIdentity("test CA");
184 auto account = dht::crypto::generateIdentity("test account", ca, 4096, true);
185 auto device = dht::crypto::generateIdentity("test device", account);
186
187 auto caCert = std::make_shared<dht::crypto::Certificate>(ca.second->toString(false));
188 auto accountCert = std::make_shared<dht::crypto::Certificate>(account.second->toString(false));
189 auto devicePartialCert = std::make_shared<dht::crypto::Certificate>(
190 device.second->toString(false));
191
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]192 aliceCertStore->pinCertificate(caCert);
193 aliceCertStore->pinCertificate(accountCert);
194 aliceCertStore->pinCertificate(devicePartialCert);
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]195
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]196 auto fullCert = aliceCertStore->getCertificate(device.second->getId().toString());
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]197 CPPUNIT_ASSERT(fullCert->issuer && fullCert->issuer->getUID() == accountCert->getUID());
198 CPPUNIT_ASSERT(fullCert->issuer->issuer
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]199 && fullCert->issuer->issuer->getUID() == caCert->getUID());
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]200}
201
Sébastien Blin57928252023-08-08 14:22:03 -0400[diff] [blame]202void
203CertStoreTest::testBannedParent()
204{
Sébastien Blin57928252023-08-08 14:22:03 -0400[diff] [blame]205 auto ca = dht::crypto::generateIdentity("test CA");
206 auto account = dht::crypto::generateIdentity("test account", ca, 4096, true);
207 auto device = dht::crypto::generateIdentity("test device", account);
208 auto device2 = dht::crypto::generateIdentity("test device 2", account);
209 auto id = ca.second->getId().toString();
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]210 auto pinned = aliceCertStore ->getPinnedCertificates();
Sébastien Blin57928252023-08-08 14:22:03 -0400[diff] [blame]211 CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
212 == pinned.end());
213
214 // Ban account
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]215 aliceTrustStore->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED);
216 CPPUNIT_ASSERT(aliceTrustStore->getCertificateStatus(account.second->getId().toString())
Sébastien Blin57928252023-08-08 14:22:03 -0400[diff] [blame]217 == dhtnet::tls::TrustStore::PermissionStatus::BANNED);
Amna27b82672024-02-13 11:51:48 -0500[diff] [blame]218 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*account.second));
219 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*device2.second));
220 CPPUNIT_ASSERT(not aliceTrustStore->isAllowed(*device.second));
Sébastien Blin57928252023-08-08 14:22:03 -0400[diff] [blame]221}
222
223
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]224} // namespace test
Sébastien Blin464bdff2023-07-19 08:02:53 -0400[diff] [blame]225} // namespace dhtnet
Adrien Béraudefe27372023-05-27 18:56:29 -0400[diff] [blame]226
Adrien Béraud1ae60aa2023-07-07 09:55:09 -0400[diff] [blame]227JAMI_TEST_RUNNER(dhtnet::test::CertStoreTest::name());