Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2004-2023 Savoir-faire Linux Inc. |
| 3 | * |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 4 | * This program is free software: you can redistribute it and/or modify |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 5 | * it under the terms of the GNU General Public License as published by |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 6 | * the Free Software Foundation, either version 3 of the License, or |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License |
Adrien Béraud | cb75362 | 2023-07-17 22:32:49 -0400 | [diff] [blame] | 15 | * along with this program. If not, see <https://www.gnu.org/licenses/>. |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 16 | */ |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 17 | #include <cppunit/TestAssert.h> |
| 18 | #include <cppunit/TestFixture.h> |
| 19 | #include <cppunit/extensions/HelperMacros.h> |
| 20 | |
| 21 | #include "test_runner.h" |
| 22 | #include "certstore.h" |
| 23 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 24 | namespace dhtnet { |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 25 | namespace test { |
| 26 | |
| 27 | class CertStoreTest : public CppUnit::TestFixture |
| 28 | { |
| 29 | public: |
| 30 | CertStoreTest() |
| 31 | { |
| 32 | } |
| 33 | ~CertStoreTest() { } |
| 34 | static std::string name() { return "certstore"; } |
| 35 | void setUp(); |
| 36 | void tearDown(); |
| 37 | |
| 38 | std::string aliceId; |
| 39 | std::string bobId; |
| 40 | |
| 41 | private: |
| 42 | void trustStoreTest(); |
| 43 | void getCertificateWithSplitted(); |
| 44 | |
| 45 | CPPUNIT_TEST_SUITE(CertStoreTest); |
| 46 | CPPUNIT_TEST(trustStoreTest); |
| 47 | CPPUNIT_TEST(getCertificateWithSplitted); |
| 48 | CPPUNIT_TEST_SUITE_END(); |
| 49 | }; |
| 50 | |
| 51 | CPPUNIT_TEST_SUITE_NAMED_REGISTRATION(CertStoreTest, CertStoreTest::name()); |
| 52 | |
| 53 | void |
| 54 | CertStoreTest::setUp() |
| 55 | { |
| 56 | /*auto actors = load_actors_and_wait_for_announcement("actors/alice-bob.yml"); |
| 57 | aliceId = actors["alice"]; |
| 58 | bobId = actors["bob"];*/ |
| 59 | } |
| 60 | |
| 61 | void |
| 62 | CertStoreTest::tearDown() |
| 63 | { |
| 64 | //wait_for_removal_of({aliceId, bobId}); |
| 65 | } |
| 66 | |
| 67 | void |
| 68 | CertStoreTest::trustStoreTest() |
| 69 | { |
| 70 | //auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId); |
| 71 | |
| 72 | auto ca = dht::crypto::generateIdentity("test CA"); |
| 73 | auto account = dht::crypto::generateIdentity("test account", ca, 4096, true); |
| 74 | auto device = dht::crypto::generateIdentity("test device", account); |
| 75 | auto device2 = dht::crypto::generateIdentity("test device 2", account); |
| 76 | /*auto storeSize = aliceAccount->certStore().getPinnedCertificates().size(); |
| 77 | auto id = ca.second->getId().toString(); |
| 78 | auto pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 79 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 80 | == pinned.end()); |
| 81 | |
| 82 | // Test certificate status |
| 83 | auto certAllowed = aliceAccount->accountManager()->getCertificatesByStatus( |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 84 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 85 | CPPUNIT_ASSERT( |
| 86 | std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; }) |
| 87 | == certAllowed.end()); |
| 88 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 89 | == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
| 90 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 91 | certAllowed = aliceAccount->accountManager()->getCertificatesByStatus( |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 92 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 93 | CPPUNIT_ASSERT( |
| 94 | std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; }) |
| 95 | != certAllowed.end()); |
| 96 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 97 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
| 98 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 99 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 100 | == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
| 101 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 102 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 103 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 104 | |
| 105 | // Test getPinnedCertificates |
| 106 | pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 107 | CPPUNIT_ASSERT(pinned.size() == storeSize + 2); |
| 108 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 109 | != pinned.end()); |
| 110 | |
| 111 | // Test findCertificateByUID & findIssuer |
| 112 | CPPUNIT_ASSERT(!aliceAccount->certStore().findCertificateByUID("NON_EXISTING_ID")); |
| 113 | auto cert = aliceAccount->certStore().findCertificateByUID(id); |
| 114 | CPPUNIT_ASSERT(cert); |
| 115 | auto issuer = aliceAccount->certStore().findIssuer(cert); |
| 116 | CPPUNIT_ASSERT(issuer); |
| 117 | CPPUNIT_ASSERT(issuer->getId().toString() == id); |
| 118 | |
| 119 | // Test is allowed |
| 120 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 121 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 122 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*device.second)); |
| 123 | |
| 124 | // Ban device |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 125 | aliceAccount->setCertificateStatus(device.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 126 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(device.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 127 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 128 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 129 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 130 | |
| 131 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 132 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 133 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device.second)); |
| 134 | |
| 135 | // Ban account |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 136 | aliceAccount->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 137 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 138 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 139 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 140 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second)); |
| 141 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 142 | |
| 143 | // Unban account |
| 144 | aliceAccount->setCertificateStatus(account.second, |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 145 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 146 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 147 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 148 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 149 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 150 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 151 | |
| 152 | // Ban CA |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 153 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 154 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(ca.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 155 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 156 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 157 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second)); |
| 158 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 159 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 160 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 161 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(ca.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 162 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 163 | |
| 164 | // Test unpin |
| 165 | aliceAccount->certStore().unpinCertificate(id); |
| 166 | pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 167 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 168 | == pinned.end()); |
| 169 | |
| 170 | // Test statusToStr |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 171 | CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::TRUSTED), |
| 172 | libdhtnet::Certificate::TrustStatus::TRUSTED) |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 173 | == 0); |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 174 | CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::UNTRUSTED), |
| 175 | libdhtnet::Certificate::TrustStatus::UNTRUSTED) |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 176 | == 0);*/ |
| 177 | } |
| 178 | |
| 179 | void |
| 180 | CertStoreTest::getCertificateWithSplitted() |
| 181 | { |
| 182 | //auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId); |
| 183 | auto ca = dht::crypto::generateIdentity("test CA"); |
| 184 | auto account = dht::crypto::generateIdentity("test account", ca, 4096, true); |
| 185 | auto device = dht::crypto::generateIdentity("test device", account); |
| 186 | |
| 187 | auto caCert = std::make_shared<dht::crypto::Certificate>(ca.second->toString(false)); |
| 188 | auto accountCert = std::make_shared<dht::crypto::Certificate>(account.second->toString(false)); |
| 189 | auto devicePartialCert = std::make_shared<dht::crypto::Certificate>( |
| 190 | device.second->toString(false)); |
| 191 | |
| 192 | /*aliceAccount->certStore().pinCertificate(caCert); |
| 193 | aliceAccount->certStore().pinCertificate(accountCert); |
| 194 | aliceAccount->certStore().pinCertificate(devicePartialCert); |
| 195 | |
| 196 | auto fullCert = aliceAccount->certStore().getCertificate(device.second->getId().toString()); |
| 197 | CPPUNIT_ASSERT(fullCert->issuer && fullCert->issuer->getUID() == accountCert->getUID()); |
| 198 | CPPUNIT_ASSERT(fullCert->issuer->issuer |
| 199 | && fullCert->issuer->issuer->getUID() == caCert->getUID());*/ |
| 200 | } |
| 201 | |
| 202 | } // namespace test |
| 203 | } // namespace jami |
| 204 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 205 | JAMI_TEST_RUNNER(dhtnet::test::CertStoreTest::name()); |