From: Felix Dörre Date: Fri, 14 Nov 2014 11:12:17 +0000 (+0100) Subject: add: Unit test for parsing X509-Req (CSR) and SPKAC X-Git-Url: http://www.controwiki.de/?a=commitdiff_plain;h=4823112fb328b52b873b8aa693f33dc1c2c18fc8;p=cassiopeia.git add: Unit test for parsing X509-Req (CSR) and SPKAC --- diff --git a/test/.gitignore b/test/.gitignore new file mode 100644 index 0000000..ace1063 --- /dev/null +++ b/test/.gitignore @@ -0,0 +1 @@ +/testdata diff --git a/test/Makefile b/test/Makefile index a765a9a..ed9ae63 100644 --- a/test/Makefile +++ b/test/Makefile @@ -25,13 +25,14 @@ ifneq (,$(filter debug,$(DEB_BUILD_OPTIONS))) ADDFLAGS=-DNO_DAEMON endif -CFLAGS=-O3 -g -flto -Wall -Werror -Wextra -pedantic -std=c++11 ${ADDFLAGS} +CFLAGS=-O3 -g -flto -Wall -Werror -Wextra -pedantic -std=c++11 -I../src ${ADDFLAGS} CXXFLAGS=$(CFLAGS) LDFLAGS=-O3 -g -flto -lmysqlclient -lssl -lcrypto -ldl -lboost_unit_test_framework SRC_DIR=src OBJ_DIR=obj DEP_DIR=dep +TESTDATA_DIR=testdata FS_SRC=$(wildcard ${SRC_DIR}/*.cpp) FS_BIN=$(wildcard ${SRC_DIR}/app/*.cpp) @@ -55,8 +56,13 @@ clean:: -rm -rf *.so -rm -rf ${OBJ_DIR} -rm -rf ${DEP_DIR} + -rm -rf ${TESTDATA_DIR} -build: cassiopeia-test +.PHONY: testdata +testdata: + ./genTestData.sh + +build: cassiopeia-test testdata ${BIN} .PHONY: install @@ -78,7 +84,7 @@ collissiondetect: cassiopeia-test: bin/cassiopeia-test bin/cassiopeia-test: libs ${FS_OBJ} - ${MKDIR} $(shell dirname $@) && ${LT_LD} ${LDFLAGS} -o $@ ${FS_OBJ} + ${MKDIR} $(shell dirname $@) && ${LT_LD} ${LDFLAGS} -o $@ ${FS_OBJ} $(filter-out %/main.o,$(wildcard ../obj/*.o)) ${DEP_DIR}/%.d: ${SRC_DIR}/%.cpp ${MKDIR} $(shell dirname $@) && $(CXX_DEP) $(CXXFLAGS) -M -MF $@ $< diff --git a/test/genTestData.sh b/test/genTestData.sh new file mode 100755 index 0000000..ca44bc2 --- /dev/null +++ b/test/genTestData.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +fake_sigalg (){ + cat $1 | sed "s/IhvcNAQE/IhvcAAQE/" > $2 +} + +fake_sig (){ + cat $1 | sed "s/[^a]=\$/c=/" | sed "s/a=/b=/" |sed "s/c=/a=/" > $2 +} + +mkdir -p testdata +openssl req -new -newkey rsa:2048 -nodes -keyout testdata/tmppriv.key -out testdata/test.csr -subj "/CN=bla" 2>/dev/null +openssl spkac -challenge a -key testdata/tmppriv.key -out testdata/test.spkac + +for alg in csr spkac; do + fake_sigalg testdata/test.$alg testdata/test_invalid_sig.$alg + fake_sig testdata/test.$alg testdata/test_false_sig.$alg +done diff --git a/test/src/X509Req.cpp b/test/src/X509Req.cpp new file mode 100644 index 0000000..1d23062 --- /dev/null +++ b/test/src/X509Req.cpp @@ -0,0 +1,44 @@ +#include + +#include + +#include "X509.h" +#include "util.h" + +BOOST_AUTO_TEST_SUITE( TestX509Req ) + +BOOST_AUTO_TEST_CASE( CSR ) { + // Testing a valid CSR + std::shared_ptr req( X509Req::parse( readFile( "testdata/test.csr" ) ) ); + BOOST_REQUIRE( req ); + BOOST_CHECK( req->verify() == 1 ); + + // Testing a CSR, where the signature content has been tampered with + req = std::shared_ptr( X509Req::parse( readFile( "testdata/test_false_sig.csr" ) ) ); + BOOST_REQUIRE( req ); + BOOST_CHECK( req->verify() == 0 ); + + // Testing a CSR, where the signature OID is something strange + req = std::shared_ptr( X509Req::parse( readFile( "testdata/test_invalid_sig.csr" ) ) ); + BOOST_REQUIRE( req ); + BOOST_CHECK( req->verify() < 0 ); +} + +BOOST_AUTO_TEST_CASE( SPKAC ) { + // Testing a valid SPKAC + std::shared_ptr req( X509Req::parseSPKAC( readFile( "testdata/test.spkac" ) ) ); + BOOST_REQUIRE( req ); + BOOST_CHECK( req->verify() == 1 ); + + // Testing a SPKAC, where the signature content has been tampered with + req = std::shared_ptr( X509Req::parseSPKAC( readFile( "testdata/test_false_sig.spkac" ) ) ); + BOOST_REQUIRE( req ); + BOOST_CHECK( req->verify() == 0 ); + + // Testing a SPKAC, where the signature OID is something strange + req = std::shared_ptr( X509Req::parseSPKAC( readFile( "testdata/test_invalid_sig.spkac" ) ) ); + BOOST_REQUIRE( req ); + BOOST_CHECK( req->verify() < 0 ); +} + +BOOST_AUTO_TEST_SUITE_END()