add: Unit test for parsing X509-Req (CSR) and SPKAC

diff --git a/test/.gitignore b/test/.gitignore
new file mode 100644 (file)
index 0000000..ace1063
--- /dev/null
+++ b/test/.gitignore
@@ -0,0 +1 @@
+/testdata

diff --git a/test/Makefile b/test/Makefile
index a765a9a333d3888b2d566199c74d2e97daefd9b0..ed9ae6350fe44b27439f441c7028d03da08c4df7 100644 (file)
--- a/test/Makefile
+++ b/test/Makefile
@@ -25,13 +25,14 @@ ifneq (,$(filter debug,$(DEB_BUILD_OPTIONS)))
 ADDFLAGS=-DNO_DAEMON
 endif
 
-CFLAGS=-O3 -g -flto -Wall -Werror -Wextra -pedantic -std=c++11 ${ADDFLAGS}
+CFLAGS=-O3 -g -flto -Wall -Werror -Wextra -pedantic -std=c++11 -I../src ${ADDFLAGS}
 CXXFLAGS=$(CFLAGS)
 LDFLAGS=-O3 -g -flto -lmysqlclient -lssl -lcrypto -ldl -lboost_unit_test_framework
 
 SRC_DIR=src
 OBJ_DIR=obj
 DEP_DIR=dep
+TESTDATA_DIR=testdata
 
 FS_SRC=$(wildcard ${SRC_DIR}/*.cpp)
 FS_BIN=$(wildcard ${SRC_DIR}/app/*.cpp)
@@ -55,8 +56,13 @@ clean::
        -rm -rf *.so
        -rm -rf ${OBJ_DIR}
        -rm -rf ${DEP_DIR}
+       -rm -rf ${TESTDATA_DIR}
 
-build: cassiopeia-test
+.PHONY: testdata
+testdata:
+       ./genTestData.sh
+
+build: cassiopeia-test testdata
        ${BIN}
 
 .PHONY: install
@@ -78,7 +84,7 @@ collissiondetect:
 cassiopeia-test: bin/cassiopeia-test
 
 bin/cassiopeia-test: libs ${FS_OBJ}
-       ${MKDIR} $(shell dirname $@) && ${LT_LD} ${LDFLAGS} -o $@ ${FS_OBJ}
+       ${MKDIR} $(shell dirname $@) && ${LT_LD} ${LDFLAGS} -o $@ ${FS_OBJ} $(filter-out %/main.o,$(wildcard ../obj/*.o))
 
 ${DEP_DIR}/%.d: ${SRC_DIR}/%.cpp
        ${MKDIR} $(shell dirname $@) && $(CXX_DEP) $(CXXFLAGS) -M -MF $@ $<

diff --git a/test/genTestData.sh b/test/genTestData.sh
new file mode 100755 (executable)
index 0000000..ca44bc2
--- /dev/null
+++ b/test/genTestData.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+fake_sigalg (){
+    cat $1 | sed "s/IhvcNAQE/IhvcAAQE/" > $2
+}
+
+fake_sig (){
+    cat $1 | sed "s/[^a]=\$/c=/" | sed "s/a=/b=/" |sed "s/c=/a=/" > $2
+}
+
+mkdir -p testdata
+openssl req -new -newkey rsa:2048 -nodes -keyout testdata/tmppriv.key -out testdata/test.csr -subj "/CN=bla" 2>/dev/null
+openssl spkac -challenge a -key testdata/tmppriv.key -out testdata/test.spkac
+
+for alg in csr spkac; do
+    fake_sigalg testdata/test.$alg testdata/test_invalid_sig.$alg
+    fake_sig testdata/test.$alg testdata/test_false_sig.$alg
+done

diff --git a/test/src/X509Req.cpp b/test/src/X509Req.cpp
new file mode 100644 (file)
index 0000000..1d23062
--- /dev/null
+++ b/test/src/X509Req.cpp
@@ -0,0 +1,44 @@
+#include <iostream>
+
+#include <boost/test/unit_test.hpp>
+
+#include "X509.h"
+#include "util.h"
+
+BOOST_AUTO_TEST_SUITE( TestX509Req )
+
+BOOST_AUTO_TEST_CASE( CSR ) {
+    // Testing a valid CSR
+    std::shared_ptr<X509Req> req( X509Req::parse( readFile( "testdata/test.csr" ) ) );
+    BOOST_REQUIRE( req );
+    BOOST_CHECK( req->verify() == 1 );
+
+    // Testing a CSR, where the signature content has been tampered with
+    req = std::shared_ptr<X509Req>( X509Req::parse( readFile( "testdata/test_false_sig.csr" ) ) );
+    BOOST_REQUIRE( req );
+    BOOST_CHECK( req->verify() == 0 );
+
+    // Testing a CSR, where the signature OID is something strange
+    req = std::shared_ptr<X509Req>( X509Req::parse( readFile( "testdata/test_invalid_sig.csr" ) ) );
+    BOOST_REQUIRE( req );
+    BOOST_CHECK( req->verify() < 0 );
+}
+
+BOOST_AUTO_TEST_CASE( SPKAC ) {
+    // Testing a valid SPKAC
+    std::shared_ptr<X509Req> req( X509Req::parseSPKAC( readFile( "testdata/test.spkac" ) ) );
+    BOOST_REQUIRE( req );
+    BOOST_CHECK( req->verify() == 1 );
+
+    // Testing a SPKAC, where the signature content has been tampered with
+    req = std::shared_ptr<X509Req>( X509Req::parseSPKAC( readFile( "testdata/test_false_sig.spkac" ) ) );
+    BOOST_REQUIRE( req );
+    BOOST_CHECK( req->verify() == 0 );
+
+    // Testing a SPKAC, where the signature OID is something strange
+    req = std::shared_ptr<X509Req>( X509Req::parseSPKAC( readFile( "testdata/test_invalid_sig.spkac" ) ) );
+    BOOST_REQUIRE( req );
+    BOOST_CHECK( req->verify() < 0 );
+}
+
+BOOST_AUTO_TEST_SUITE_END()