Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2004-2023 Savoir-faire Linux Inc. |
| 3 | * |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 4 | * This program is free software: you can redistribute it and/or modify |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 5 | * it under the terms of the GNU General Public License as published by |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 6 | * the Free Software Foundation, either version 3 of the License, or |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 15 | * along with this program. If not, see <https://www.gnu.org/licenses/>. |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 16 | */ |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 17 | #include <cppunit/TestAssert.h> |
| 18 | #include <cppunit/TestFixture.h> |
| 19 | #include <cppunit/extensions/HelperMacros.h> |
| 20 | |
| 21 | #include "test_runner.h" |
| 22 | #include "certstore.h" |
| 23 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 24 | namespace dhtnet { |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 25 | namespace test { |
| 26 | |
| 27 | class CertStoreTest : public CppUnit::TestFixture |
| 28 | { |
| 29 | public: |
| 30 | CertStoreTest() |
| 31 | { |
| 32 | } |
| 33 | ~CertStoreTest() { } |
| 34 | static std::string name() { return "certstore"; } |
| 35 | void setUp(); |
| 36 | void tearDown(); |
| 37 | |
| 38 | std::string aliceId; |
| 39 | std::string bobId; |
| 40 | |
| 41 | private: |
| 42 | void trustStoreTest(); |
| 43 | void getCertificateWithSplitted(); |
Sébastien Blin | 5792825 | 2023-08-08 14:22:03 -0400 | [diff] [blame] | 44 | void testBannedParent(); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 45 | |
| 46 | CPPUNIT_TEST_SUITE(CertStoreTest); |
| 47 | CPPUNIT_TEST(trustStoreTest); |
| 48 | CPPUNIT_TEST(getCertificateWithSplitted); |
Sébastien Blin | 5792825 | 2023-08-08 14:22:03 -0400 | [diff] [blame] | 49 | CPPUNIT_TEST(testBannedParent); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 50 | CPPUNIT_TEST_SUITE_END(); |
| 51 | }; |
| 52 | |
| 53 | CPPUNIT_TEST_SUITE_NAMED_REGISTRATION(CertStoreTest, CertStoreTest::name()); |
| 54 | |
| 55 | void |
| 56 | CertStoreTest::setUp() |
| 57 | { |
| 58 | /*auto actors = load_actors_and_wait_for_announcement("actors/alice-bob.yml"); |
| 59 | aliceId = actors["alice"]; |
| 60 | bobId = actors["bob"];*/ |
| 61 | } |
| 62 | |
| 63 | void |
| 64 | CertStoreTest::tearDown() |
| 65 | { |
| 66 | //wait_for_removal_of({aliceId, bobId}); |
| 67 | } |
| 68 | |
| 69 | void |
| 70 | CertStoreTest::trustStoreTest() |
| 71 | { |
| 72 | //auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId); |
| 73 | |
| 74 | auto ca = dht::crypto::generateIdentity("test CA"); |
| 75 | auto account = dht::crypto::generateIdentity("test account", ca, 4096, true); |
| 76 | auto device = dht::crypto::generateIdentity("test device", account); |
| 77 | auto device2 = dht::crypto::generateIdentity("test device 2", account); |
| 78 | /*auto storeSize = aliceAccount->certStore().getPinnedCertificates().size(); |
| 79 | auto id = ca.second->getId().toString(); |
| 80 | auto pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 81 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 82 | == pinned.end()); |
| 83 | |
| 84 | // Test certificate status |
| 85 | auto certAllowed = aliceAccount->accountManager()->getCertificatesByStatus( |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 86 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 87 | CPPUNIT_ASSERT( |
| 88 | std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; }) |
| 89 | == certAllowed.end()); |
| 90 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 91 | == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
| 92 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 93 | certAllowed = aliceAccount->accountManager()->getCertificatesByStatus( |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 94 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 95 | CPPUNIT_ASSERT( |
| 96 | std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; }) |
| 97 | != certAllowed.end()); |
| 98 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 99 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
| 100 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 101 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 102 | == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
| 103 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 104 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 105 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 106 | |
| 107 | // Test getPinnedCertificates |
| 108 | pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 109 | CPPUNIT_ASSERT(pinned.size() == storeSize + 2); |
| 110 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 111 | != pinned.end()); |
| 112 | |
| 113 | // Test findCertificateByUID & findIssuer |
| 114 | CPPUNIT_ASSERT(!aliceAccount->certStore().findCertificateByUID("NON_EXISTING_ID")); |
| 115 | auto cert = aliceAccount->certStore().findCertificateByUID(id); |
| 116 | CPPUNIT_ASSERT(cert); |
| 117 | auto issuer = aliceAccount->certStore().findIssuer(cert); |
| 118 | CPPUNIT_ASSERT(issuer); |
| 119 | CPPUNIT_ASSERT(issuer->getId().toString() == id); |
| 120 | |
| 121 | // Test is allowed |
| 122 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 123 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 124 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*device.second)); |
| 125 | |
| 126 | // Ban device |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 127 | aliceAccount->setCertificateStatus(device.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 128 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(device.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 129 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 130 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 131 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 132 | |
| 133 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 134 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 135 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device.second)); |
| 136 | |
| 137 | // Ban account |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 138 | aliceAccount->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 139 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 140 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 141 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 142 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second)); |
| 143 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 144 | |
| 145 | // Unban account |
| 146 | aliceAccount->setCertificateStatus(account.second, |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 147 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 148 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 149 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 150 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 151 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 152 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 153 | |
| 154 | // Ban CA |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 155 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 156 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(ca.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 157 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 158 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 159 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second)); |
| 160 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 161 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 162 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 163 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(ca.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 164 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 165 | |
| 166 | // Test unpin |
| 167 | aliceAccount->certStore().unpinCertificate(id); |
| 168 | pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 169 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 170 | == pinned.end()); |
| 171 | |
| 172 | // Test statusToStr |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 173 | CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::TRUSTED), |
| 174 | libdhtnet::Certificate::TrustStatus::TRUSTED) |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 175 | == 0); |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 176 | CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::UNTRUSTED), |
| 177 | libdhtnet::Certificate::TrustStatus::UNTRUSTED) |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 178 | == 0);*/ |
| 179 | } |
| 180 | |
| 181 | void |
| 182 | CertStoreTest::getCertificateWithSplitted() |
| 183 | { |
| 184 | //auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId); |
| 185 | auto ca = dht::crypto::generateIdentity("test CA"); |
| 186 | auto account = dht::crypto::generateIdentity("test account", ca, 4096, true); |
| 187 | auto device = dht::crypto::generateIdentity("test device", account); |
| 188 | |
| 189 | auto caCert = std::make_shared<dht::crypto::Certificate>(ca.second->toString(false)); |
| 190 | auto accountCert = std::make_shared<dht::crypto::Certificate>(account.second->toString(false)); |
| 191 | auto devicePartialCert = std::make_shared<dht::crypto::Certificate>( |
| 192 | device.second->toString(false)); |
| 193 | |
| 194 | /*aliceAccount->certStore().pinCertificate(caCert); |
| 195 | aliceAccount->certStore().pinCertificate(accountCert); |
| 196 | aliceAccount->certStore().pinCertificate(devicePartialCert); |
| 197 | |
| 198 | auto fullCert = aliceAccount->certStore().getCertificate(device.second->getId().toString()); |
| 199 | CPPUNIT_ASSERT(fullCert->issuer && fullCert->issuer->getUID() == accountCert->getUID()); |
| 200 | CPPUNIT_ASSERT(fullCert->issuer->issuer |
| 201 | && fullCert->issuer->issuer->getUID() == caCert->getUID());*/ |
| 202 | } |
| 203 | |
Sébastien Blin | 5792825 | 2023-08-08 14:22:03 -0400 | [diff] [blame] | 204 | void |
| 205 | CertStoreTest::testBannedParent() |
| 206 | { |
| 207 | /*auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId); |
| 208 | |
| 209 | auto ca = dht::crypto::generateIdentity("test CA"); |
| 210 | auto account = dht::crypto::generateIdentity("test account", ca, 4096, true); |
| 211 | auto device = dht::crypto::generateIdentity("test device", account); |
| 212 | auto device2 = dht::crypto::generateIdentity("test device 2", account); |
| 213 | auto id = ca.second->getId().toString(); |
| 214 | auto pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 215 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 216 | == pinned.end()); |
| 217 | |
| 218 | // Ban account |
| 219 | aliceAccount->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
| 220 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString()) |
| 221 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
| 222 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second)); |
| 223 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 224 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device.second));*/ |
| 225 | } |
| 226 | |
| 227 | |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 228 | } // namespace test |
Sébastien Blin | 464bdff | 2023-07-19 08:02:53 -0400 | [diff] [blame] | 229 | } // namespace dhtnet |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 230 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 231 | JAMI_TEST_RUNNER(dhtnet::test::CertStoreTest::name()); |