Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2004-2023 Savoir-faire Linux Inc. |
| 3 | * |
| 4 | * Author: florian Wiesweg <florian.wiesweg@campus.tu-berlin.de> |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License as published by |
| 8 | * the Free Software Foundation; either version 3 of the License, or |
| 9 | * (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License |
| 17 | * along with this program; if not, write to the Free Software |
| 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 19 | */ |
| 20 | |
| 21 | #include <cppunit/TestAssert.h> |
| 22 | #include <cppunit/TestFixture.h> |
| 23 | #include <cppunit/extensions/HelperMacros.h> |
| 24 | |
| 25 | #include "test_runner.h" |
| 26 | #include "certstore.h" |
| 27 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 28 | namespace dhtnet { |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 29 | namespace test { |
| 30 | |
| 31 | class CertStoreTest : public CppUnit::TestFixture |
| 32 | { |
| 33 | public: |
| 34 | CertStoreTest() |
| 35 | { |
| 36 | } |
| 37 | ~CertStoreTest() { } |
| 38 | static std::string name() { return "certstore"; } |
| 39 | void setUp(); |
| 40 | void tearDown(); |
| 41 | |
| 42 | std::string aliceId; |
| 43 | std::string bobId; |
| 44 | |
| 45 | private: |
| 46 | void trustStoreTest(); |
| 47 | void getCertificateWithSplitted(); |
| 48 | |
| 49 | CPPUNIT_TEST_SUITE(CertStoreTest); |
| 50 | CPPUNIT_TEST(trustStoreTest); |
| 51 | CPPUNIT_TEST(getCertificateWithSplitted); |
| 52 | CPPUNIT_TEST_SUITE_END(); |
| 53 | }; |
| 54 | |
| 55 | CPPUNIT_TEST_SUITE_NAMED_REGISTRATION(CertStoreTest, CertStoreTest::name()); |
| 56 | |
| 57 | void |
| 58 | CertStoreTest::setUp() |
| 59 | { |
| 60 | /*auto actors = load_actors_and_wait_for_announcement("actors/alice-bob.yml"); |
| 61 | aliceId = actors["alice"]; |
| 62 | bobId = actors["bob"];*/ |
| 63 | } |
| 64 | |
| 65 | void |
| 66 | CertStoreTest::tearDown() |
| 67 | { |
| 68 | //wait_for_removal_of({aliceId, bobId}); |
| 69 | } |
| 70 | |
| 71 | void |
| 72 | CertStoreTest::trustStoreTest() |
| 73 | { |
| 74 | //auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId); |
| 75 | |
| 76 | auto ca = dht::crypto::generateIdentity("test CA"); |
| 77 | auto account = dht::crypto::generateIdentity("test account", ca, 4096, true); |
| 78 | auto device = dht::crypto::generateIdentity("test device", account); |
| 79 | auto device2 = dht::crypto::generateIdentity("test device 2", account); |
| 80 | /*auto storeSize = aliceAccount->certStore().getPinnedCertificates().size(); |
| 81 | auto id = ca.second->getId().toString(); |
| 82 | auto pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 83 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 84 | == pinned.end()); |
| 85 | |
| 86 | // Test certificate status |
| 87 | auto certAllowed = aliceAccount->accountManager()->getCertificatesByStatus( |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 88 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 89 | CPPUNIT_ASSERT( |
| 90 | std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; }) |
| 91 | == certAllowed.end()); |
| 92 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 93 | == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
| 94 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 95 | certAllowed = aliceAccount->accountManager()->getCertificatesByStatus( |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 96 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 97 | CPPUNIT_ASSERT( |
| 98 | std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; }) |
| 99 | != certAllowed.end()); |
| 100 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 101 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
| 102 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 103 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 104 | == dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED); |
| 105 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 106 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 107 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 108 | |
| 109 | // Test getPinnedCertificates |
| 110 | pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 111 | CPPUNIT_ASSERT(pinned.size() == storeSize + 2); |
| 112 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 113 | != pinned.end()); |
| 114 | |
| 115 | // Test findCertificateByUID & findIssuer |
| 116 | CPPUNIT_ASSERT(!aliceAccount->certStore().findCertificateByUID("NON_EXISTING_ID")); |
| 117 | auto cert = aliceAccount->certStore().findCertificateByUID(id); |
| 118 | CPPUNIT_ASSERT(cert); |
| 119 | auto issuer = aliceAccount->certStore().findIssuer(cert); |
| 120 | CPPUNIT_ASSERT(issuer); |
| 121 | CPPUNIT_ASSERT(issuer->getId().toString() == id); |
| 122 | |
| 123 | // Test is allowed |
| 124 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 125 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 126 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*device.second)); |
| 127 | |
| 128 | // Ban device |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 129 | aliceAccount->setCertificateStatus(device.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 130 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(device.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 131 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 132 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(id) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 133 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 134 | |
| 135 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 136 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 137 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device.second)); |
| 138 | |
| 139 | // Ban account |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 140 | aliceAccount->setCertificateStatus(account.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 141 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 142 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 143 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 144 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second)); |
| 145 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 146 | |
| 147 | // Unban account |
| 148 | aliceAccount->setCertificateStatus(account.second, |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 149 | dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 150 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(account.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 151 | == dhtnet::tls::TrustStore::PermissionStatus::ALLOWED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 152 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 153 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*account.second)); |
| 154 | CPPUNIT_ASSERT(aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 155 | |
| 156 | // Ban CA |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 157 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 158 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(ca.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 159 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 160 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*ca.second)); |
| 161 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*account.second)); |
| 162 | CPPUNIT_ASSERT(not aliceAccount->accountManager()->isAllowed(*device2.second)); |
| 163 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 164 | aliceAccount->setCertificateStatus(ca.second, dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 165 | CPPUNIT_ASSERT(aliceAccount->accountManager()->getCertificateStatus(ca.second->getId().toString()) |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 166 | == dhtnet::tls::TrustStore::PermissionStatus::BANNED); |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 167 | |
| 168 | // Test unpin |
| 169 | aliceAccount->certStore().unpinCertificate(id); |
| 170 | pinned = aliceAccount->certStore().getPinnedCertificates(); |
| 171 | CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; }) |
| 172 | == pinned.end()); |
| 173 | |
| 174 | // Test statusToStr |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 175 | CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::TRUSTED), |
| 176 | libdhtnet::Certificate::TrustStatus::TRUSTED) |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 177 | == 0); |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 178 | CPPUNIT_ASSERT(strcmp(dhtnet::tls::statusToStr(dhtnet::tls::TrustStatus::UNTRUSTED), |
| 179 | libdhtnet::Certificate::TrustStatus::UNTRUSTED) |
Adrien Béraud | efe2737 | 2023-05-27 18:56:29 -0400 | [diff] [blame] | 180 | == 0);*/ |
| 181 | } |
| 182 | |
| 183 | void |
| 184 | CertStoreTest::getCertificateWithSplitted() |
| 185 | { |
| 186 | //auto aliceAccount = Manager::instance().getAccount<JamiAccount>(aliceId); |
| 187 | auto ca = dht::crypto::generateIdentity("test CA"); |
| 188 | auto account = dht::crypto::generateIdentity("test account", ca, 4096, true); |
| 189 | auto device = dht::crypto::generateIdentity("test device", account); |
| 190 | |
| 191 | auto caCert = std::make_shared<dht::crypto::Certificate>(ca.second->toString(false)); |
| 192 | auto accountCert = std::make_shared<dht::crypto::Certificate>(account.second->toString(false)); |
| 193 | auto devicePartialCert = std::make_shared<dht::crypto::Certificate>( |
| 194 | device.second->toString(false)); |
| 195 | |
| 196 | /*aliceAccount->certStore().pinCertificate(caCert); |
| 197 | aliceAccount->certStore().pinCertificate(accountCert); |
| 198 | aliceAccount->certStore().pinCertificate(devicePartialCert); |
| 199 | |
| 200 | auto fullCert = aliceAccount->certStore().getCertificate(device.second->getId().toString()); |
| 201 | CPPUNIT_ASSERT(fullCert->issuer && fullCert->issuer->getUID() == accountCert->getUID()); |
| 202 | CPPUNIT_ASSERT(fullCert->issuer->issuer |
| 203 | && fullCert->issuer->issuer->getUID() == caCert->getUID());*/ |
| 204 | } |
| 205 | |
| 206 | } // namespace test |
| 207 | } // namespace jami |
| 208 | |
Adrien Béraud | 1ae60aa | 2023-07-07 09:55:09 -0400 | [diff] [blame] | 209 | JAMI_TEST_RUNNER(dhtnet::test::CertStoreTest::name()); |