5111374265

Committed 29 May 2023 11:19AM UTC coverage: 92.227% (+0.5%) from 91.723%

Build # 5111374265

Build Type

push

github

Committed by

randombit

Commit Message

Next release will be 3.1.0. Update release notes

Run Details

75588 of 81959 relevant lines covered (92.23%)

11886470.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

87.28

/src/tests/test_certstor_system.cpp

/*
* (C) 1999-2021 Jack Lloyd
* (C) 2019,2021 René Meusel
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_CERTSTOR_SYSTEM)

   #include "test_certstor_utils.h"
   #include <botan/ber_dec.h>
   #include <botan/certstor_system.h>
   #include <botan/der_enc.h>
   #include <botan/hex.h>
   #include <memory>

namespace Botan_Tests {

namespace {

Test::Result find_certificate_by_pubkey_sha1(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find Certificate by SHA1(pubkey)");

   try {
      result.start_timer();
      auto cert = certstore.find_cert_by_pubkey_sha1(get_key_id());
      result.end_timer();

      if(result.test_not_nullopt("found certificate", cert)) {
         auto cns = cert->subject_dn().get_attribute("CN");
         result.test_is_eq("exactly one CN", cns.size(), size_t(1));
         result.test_eq("CN", cns.front(), get_subject_cn());
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   result.test_throws("on invalid SHA1 hash data", [&] { certstore.find_cert_by_pubkey_sha1({}); });

   return result;
}

Test::Result find_certificate_by_pubkey_sha1_with_unmatching_key_id(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find Certificate by SHA1(pubkey) - regression test for GH #2779");

   if(!certstore.find_cert(get_dn_of_cert_with_different_key_id(), {}).has_value()) {
      result.note_missing("OS does not trust the certificate used for this regression test, skipping");
      return result;
   }

   try {
      result.start_timer();
      auto cert = certstore.find_cert_by_pubkey_sha1(get_pubkey_sha1_of_cert_with_different_key_id());
      result.end_timer();

      if(result.test_not_nullopt("found certificate", cert)) {
         auto cns = cert->subject_dn().get_attribute("CN");
         result.test_is_eq("exactly one CN", cns.size(), size_t(1));
         result.test_eq("CN", cns.front(), "SecureTrust CA");
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

Test::Result find_cert_by_subject_dn(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find Certificate by subject DN");

   try {
      auto dn = get_dn();

      result.start_timer();
      auto cert = certstore.find_cert(dn, std::vector<uint8_t>());
      result.end_timer();

      if(result.test_not_nullopt("found certificate", cert)) {
         auto cns = cert->subject_dn().get_attribute("CN");
         result.test_is_eq("exactly one CN", cns.size(), size_t(1));
         result.test_eq("CN", cns.front(), get_subject_cn());
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

Test::Result find_cert_by_utf8_subject_dn(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find Certificate by UTF8 subject DN");

   try {
      auto dn = get_utf8_dn();

      result.start_timer();
      auto cert = certstore.find_cert(dn, std::vector<uint8_t>());
      result.end_timer();

      if(result.test_not_nullopt("found certificate", cert)) {
         auto cns = cert->subject_dn().get_attribute("CN");
         result.test_is_eq("exactly one CN", cns.size(), size_t(1));
         result.test_eq("CN", cns.front(), "D-TRUST Root Class 3 CA 2 EV 2009");
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

Test::Result find_cert_by_subject_dn_and_key_id(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find Certificate by subject DN and key ID");

   try {
      auto dn = get_dn();

      result.start_timer();
      auto cert = certstore.find_cert(dn, get_key_id());
      result.end_timer();

      if(result.test_not_nullopt("found certificate", cert)) {
         auto cns = cert->subject_dn().get_attribute("CN");
         result.test_is_eq("exactly one CN", cns.size(), size_t(1));
         result.test_eq("CN", cns.front(), get_subject_cn());
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

Test::Result find_certs_by_subject_dn_and_key_id(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find Certificates by subject DN and key ID");

   try {
      auto dn = get_dn();

      result.start_timer();
      auto certs = certstore.find_all_certs(dn, get_key_id());
      result.end_timer();

      if(result.confirm("result not empty", !certs.empty()) &&
         result.test_eq("exactly one certificate", certs.size(), 1)) {
         auto cns = certs.front().subject_dn().get_attribute("CN");
         result.test_is_eq("exactly one CN", cns.size(), size_t(1));
         result.test_eq("CN", cns.front(), get_subject_cn());
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

Test::Result find_all_certs_by_subject_dn(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find all Certificates by subject DN");

   try {
      auto dn = get_dn();

      result.start_timer();
      auto certs = certstore.find_all_certs(dn, std::vector<uint8_t>());
      result.end_timer();

      // check for duplications
      sort(certs.begin(), certs.end());
      for(size_t i = 1; i < certs.size(); ++i) {
         if(certs[i - 1] == certs[i]) {
            result.test_failure("find_all_certs produced duplicated result");
         }
      }

      if(result.confirm("result not empty", !certs.empty())) {
         auto cns = certs.front().subject_dn().get_attribute("CN");
         result.test_gte("at least one CN", cns.size(), size_t(1));
         result.test_eq("CN", cns.front(), get_subject_cn());
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

Test::Result find_all_subjects(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - Find all Certificate Subjects");

   try {
      result.start_timer();
      auto subjects = certstore.all_subjects();
      result.end_timer();

      if(result.confirm("result not empty", !subjects.empty())) {
         auto dn = get_dn();
         auto needle = std::find_if(
            subjects.cbegin(), subjects.cend(), [=](const Botan::X509_DN& subject) { return subject == dn; });

         if(result.confirm("found expected certificate", needle != subjects.end())) {
            result.confirm("expected certificate", *needle == dn);
         }
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

Test::Result no_certificate_matches(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - can deal with no matches (regression test)");

   try {
      auto dn = get_unknown_dn();
      auto kid = get_unknown_key_id();

      result.start_timer();
      auto certs = certstore.find_all_certs(dn, kid);
      auto cert = certstore.find_cert(dn, kid);
      auto pubk_cert = certstore.find_cert_by_pubkey_sha1(kid);
      result.end_timer();

      result.confirm("find_all_certs did not find the dummy", certs.empty());
      result.confirm("find_cert did not find the dummy", !cert);
      result.confirm("find_cert_by_pubkey_sha1 did not find the dummy", !pubk_cert);
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

   #if defined(BOTAN_HAS_CERTSTOR_MACOS)

Test::Result certificate_matching_with_dn_normalization(Botan::Certificate_Store& certstore) {
   Test::Result result("System Certificate Store - normalization of X.509 DN (regression test)");

   try {
      auto dn = get_skewed_dn();

      result.start_timer();
      auto certs = certstore.find_all_certs(dn, std::vector<uint8_t>());
      auto cert = certstore.find_cert(dn, std::vector<uint8_t>());
      result.end_timer();

      if(result.confirm("find_all_certs did find the skewed DN", !certs.empty()) &&
         result.confirm("find_cert did find the skewed DN", cert.has_value())) {
         result.test_eq(
            "it is the correct cert", certs.front().subject_dn().get_first_attribute("CN"), get_subject_cn());
         result.test_eq("it is the correct cert", cert->subject_dn().get_first_attribute("CN"), get_subject_cn());
      }
   } catch(std::exception& e) { result.test_failure(e.what()); }

   return result;
}

   #endif

class Certstor_System_Tests final : public Test {
   public:
      std::vector<Test::Result> run() override {
         Test::Result open_result("System Certificate Store - Open Keychain");

         std::unique_ptr<Botan::Certificate_Store> system;

         try {
            open_result.start_timer();
            system = std::make_unique<Botan::System_Certificate_Store>();
            open_result.end_timer();
         } catch(Botan::Not_Implemented& e) {
            BOTAN_UNUSED(e);
            open_result.test_note("Skipping due to not available in current build");
            return {open_result};
         } catch(std::exception& e) {
            open_result.test_failure(e.what());
            return {open_result};
         }

         open_result.test_success();

         std::vector<Test::Result> results;
         results.push_back(open_result);

         results.push_back(find_certificate_by_pubkey_sha1(*system));
         results.push_back(find_certificate_by_pubkey_sha1_with_unmatching_key_id(*system));
         results.push_back(find_cert_by_subject_dn(*system));
         results.push_back(find_cert_by_subject_dn_and_key_id(*system));
         results.push_back(find_all_certs_by_subject_dn(*system));
         results.push_back(find_certs_by_subject_dn_and_key_id(*system));
         results.push_back(find_all_subjects(*system));
         results.push_back(no_certificate_matches(*system));
         results.push_back(find_cert_by_utf8_subject_dn(*system));
   #if defined(BOTAN_HAS_CERTSTOR_MACOS)
         results.push_back(certificate_matching_with_dn_normalization(*system));
   #endif

         return results;
      }
};

BOTAN_REGISTER_TEST("x509", "certstor_system", Certstor_System_Tests);

}  // namespace

}  // namespace Botan_Tests

#endif

1	/*
2	* (C) 1999-2021 Jack Lloyd
3	* (C) 2019,2021 René Meusel
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "tests.h"
9
10	#if defined(BOTAN_HAS_CERTSTOR_SYSTEM)
11
12	#include "test_certstor_utils.h"
13	#include <botan/ber_dec.h>
14	#include <botan/certstor_system.h>
15	#include <botan/der_enc.h>
16	#include <botan/hex.h>
17	#include <memory>
18
19	namespace Botan_Tests {
20
21	namespace {
22
23	Test::Result find_certificate_by_pubkey_sha1(Botan::Certificate_Store& certstore) {	1✔
24	Test::Result result("System Certificate Store - Find Certificate by SHA1(pubkey)");	1✔
25
26	try {	1✔
27	result.start_timer();	1✔
28	auto cert = certstore.find_cert_by_pubkey_sha1(get_key_id());	1✔
29	result.end_timer();	1✔
30
31	if(result.test_not_nullopt("found certificate", cert)) {	4✔
32	auto cns = cert->subject_dn().get_attribute("CN");	1✔
33	result.test_is_eq("exactly one CN", cns.size(), size_t(1));	1✔
34	result.test_eq("CN", cns.front(), get_subject_cn());	2✔
35	}	1✔
36	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
37
38	result.test_throws("on invalid SHA1 hash data", [&] { certstore.find_cert_by_pubkey_sha1({}); });	3✔
39
40	return result;	1✔
41	}	×
42
43	Test::Result find_certificate_by_pubkey_sha1_with_unmatching_key_id(Botan::Certificate_Store& certstore) {	1✔
44	Test::Result result("System Certificate Store - Find Certificate by SHA1(pubkey) - regression test for GH #2779");	1✔
45
46	if(!certstore.find_cert(get_dn_of_cert_with_different_key_id(), {}).has_value()) {	2✔
47	result.note_missing("OS does not trust the certificate used for this regression test, skipping");	×
48	return result;	×
49	}
50
51	try {	1✔
52	result.start_timer();	1✔
53	auto cert = certstore.find_cert_by_pubkey_sha1(get_pubkey_sha1_of_cert_with_different_key_id());	1✔
54	result.end_timer();	1✔
55
56	if(result.test_not_nullopt("found certificate", cert)) {	4✔
57	auto cns = cert->subject_dn().get_attribute("CN");	1✔
58	result.test_is_eq("exactly one CN", cns.size(), size_t(1));	1✔
59	result.test_eq("CN", cns.front(), "SecureTrust CA");	2✔
60	}	1✔
61	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
62
63	return result;
64	}	×
65
66	Test::Result find_cert_by_subject_dn(Botan::Certificate_Store& certstore) {	1✔
67	Test::Result result("System Certificate Store - Find Certificate by subject DN");	1✔
68
69	try {	1✔
70	auto dn = get_dn();	1✔
71
72	result.start_timer();	1✔
73	auto cert = certstore.find_cert(dn, std::vector<uint8_t>());	1✔
74	result.end_timer();	1✔
75
76	if(result.test_not_nullopt("found certificate", cert)) {	4✔
77	auto cns = cert->subject_dn().get_attribute("CN");	1✔
78	result.test_is_eq("exactly one CN", cns.size(), size_t(1));	1✔
79	result.test_eq("CN", cns.front(), get_subject_cn());	2✔
80	}	1✔
81	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
82
83	return result;	1✔
84	}	×
85
86	Test::Result find_cert_by_utf8_subject_dn(Botan::Certificate_Store& certstore) {	1✔
87	Test::Result result("System Certificate Store - Find Certificate by UTF8 subject DN");	1✔
88
89	try {	1✔
90	auto dn = get_utf8_dn();	1✔
91
92	result.start_timer();	1✔
93	auto cert = certstore.find_cert(dn, std::vector<uint8_t>());	1✔
94	result.end_timer();	1✔
95
96	if(result.test_not_nullopt("found certificate", cert)) {	4✔
97	auto cns = cert->subject_dn().get_attribute("CN");	1✔
98	result.test_is_eq("exactly one CN", cns.size(), size_t(1));	1✔
99	result.test_eq("CN", cns.front(), "D-TRUST Root Class 3 CA 2 EV 2009");	2✔
100	}	1✔
101	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
102
103	return result;	1✔
104	}	×
105
106	Test::Result find_cert_by_subject_dn_and_key_id(Botan::Certificate_Store& certstore) {	1✔
107	Test::Result result("System Certificate Store - Find Certificate by subject DN and key ID");	1✔
108
109	try {	1✔
110	auto dn = get_dn();	1✔
111
112	result.start_timer();	1✔
113	auto cert = certstore.find_cert(dn, get_key_id());	1✔
114	result.end_timer();	1✔
115
116	if(result.test_not_nullopt("found certificate", cert)) {	4✔
117	auto cns = cert->subject_dn().get_attribute("CN");	1✔
118	result.test_is_eq("exactly one CN", cns.size(), size_t(1));	1✔
119	result.test_eq("CN", cns.front(), get_subject_cn());	2✔
120	}	1✔
121	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
122
123	return result;	1✔
124	}	×
125
126	Test::Result find_certs_by_subject_dn_and_key_id(Botan::Certificate_Store& certstore) {	1✔
127	Test::Result result("System Certificate Store - Find Certificates by subject DN and key ID");	1✔
128
129	try {	1✔
130	auto dn = get_dn();	1✔
131
132	result.start_timer();	1✔
133	auto certs = certstore.find_all_certs(dn, get_key_id());	1✔
134	result.end_timer();	1✔
135
136	if(result.confirm("result not empty", !certs.empty()) &&	3✔
137	result.test_eq("exactly one certificate", certs.size(), 1)) {	3✔
138	auto cns = certs.front().subject_dn().get_attribute("CN");	1✔
139	result.test_is_eq("exactly one CN", cns.size(), size_t(1));	1✔
140	result.test_eq("CN", cns.front(), get_subject_cn());	2✔
141	}	1✔
142	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
143
144	return result;	1✔
145	}	×
146
147	Test::Result find_all_certs_by_subject_dn(Botan::Certificate_Store& certstore) {	1✔
148	Test::Result result("System Certificate Store - Find all Certificates by subject DN");	1✔
149
150	try {	1✔
151	auto dn = get_dn();	1✔
152
153	result.start_timer();	1✔
154	auto certs = certstore.find_all_certs(dn, std::vector<uint8_t>());	1✔
155	result.end_timer();	1✔
156
157	// check for duplications
158	sort(certs.begin(), certs.end());	1✔
159	for(size_t i = 1; i < certs.size(); ++i) {	1✔
160	if(certs[i - 1] == certs[i]) {	×
161	result.test_failure("find_all_certs produced duplicated result");	×
162	}
163	}
164
165	if(result.confirm("result not empty", !certs.empty())) {	3✔
166	auto cns = certs.front().subject_dn().get_attribute("CN");	1✔
167	result.test_gte("at least one CN", cns.size(), size_t(1));	1✔
168	result.test_eq("CN", cns.front(), get_subject_cn());	2✔
169	}	1✔
170	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
171
172	return result;	1✔
173	}	×
174
175	Test::Result find_all_subjects(Botan::Certificate_Store& certstore) {	1✔
176	Test::Result result("System Certificate Store - Find all Certificate Subjects");	1✔
177
178	try {	1✔
179	result.start_timer();	1✔
180	auto subjects = certstore.all_subjects();	1✔
181	result.end_timer();	1✔
182
183	if(result.confirm("result not empty", !subjects.empty())) {	3✔
184	auto dn = get_dn();	1✔
185	auto needle = std::find_if(	1✔
186	subjects.cbegin(), subjects.cend(), [=](const Botan::X509_DN& subject) { return subject == dn; });	76✔
187
188	if(result.confirm("found expected certificate", needle != subjects.end())) {	3✔
189	result.confirm("expected certificate", *needle == dn);	3✔
190	}
191	}	1✔
192	} catch(std::exception& e) { result.test_failure(e.what()); }	1✔
193
194	return result;	1✔
195	}	×
196
197	Test::Result no_certificate_matches(Botan::Certificate_Store& certstore) {	1✔
198	Test::Result result("System Certificate Store - can deal with no matches (regression test)");	1✔
199
200	try {	1✔
201	auto dn = get_unknown_dn();	1✔
202	auto kid = get_unknown_key_id();	1✔
203
204	result.start_timer();	1✔
205	auto certs = certstore.find_all_certs(dn, kid);	1✔
206	auto cert = certstore.find_cert(dn, kid);	1✔
207	auto pubk_cert = certstore.find_cert_by_pubkey_sha1(kid);	1✔
208	result.end_timer();	1✔
209
210	result.confirm("find_all_certs did not find the dummy", certs.empty());	2✔
211	result.confirm("find_cert did not find the dummy", !cert);	2✔
212	result.confirm("find_cert_by_pubkey_sha1 did not find the dummy", !pubk_cert);	3✔
213	} catch(std::exception& e) { result.test_failure(e.what()); }	2✔
214
215	return result;	1✔
216	}	×
217
218	#if defined(BOTAN_HAS_CERTSTOR_MACOS)
219
220	Test::Result certificate_matching_with_dn_normalization(Botan::Certificate_Store& certstore) {
221	Test::Result result("System Certificate Store - normalization of X.509 DN (regression test)");
222
223	try {
224	auto dn = get_skewed_dn();
225
226	result.start_timer();
227	auto certs = certstore.find_all_certs(dn, std::vector<uint8_t>());
228	auto cert = certstore.find_cert(dn, std::vector<uint8_t>());
229	result.end_timer();
230
231	if(result.confirm("find_all_certs did find the skewed DN", !certs.empty()) &&
232	result.confirm("find_cert did find the skewed DN", cert.has_value())) {
233	result.test_eq(
234	"it is the correct cert", certs.front().subject_dn().get_first_attribute("CN"), get_subject_cn());
235	result.test_eq("it is the correct cert", cert->subject_dn().get_first_attribute("CN"), get_subject_cn());
236	}
237	} catch(std::exception& e) { result.test_failure(e.what()); }
238
239	return result;
240	}
241
242	#endif
243
244	class Certstor_System_Tests final : public Test {	×
245	public:
246	std::vector<Test::Result> run() override {	1✔
247	Test::Result open_result("System Certificate Store - Open Keychain");	1✔
248
249	std::unique_ptr<Botan::Certificate_Store> system;	1✔
250
251	try {	1✔
252	open_result.start_timer();	1✔
253	system = std::make_unique<Botan::System_Certificate_Store>();	1✔
254	open_result.end_timer();	1✔
255	} catch(Botan::Not_Implemented& e) {	×
256	BOTAN_UNUSED(e);	×
257	open_result.test_note("Skipping due to not available in current build");	×
258	return {open_result};	×
259	} catch(std::exception& e) {	×
260	open_result.test_failure(e.what());	×
261	return {open_result};	×
262	}	×
263
264	open_result.test_success();	1✔
265
266	std::vector<Test::Result> results;	1✔
267	results.push_back(open_result);	1✔
268
269	results.push_back(find_certificate_by_pubkey_sha1(*system));	2✔
270	results.push_back(find_certificate_by_pubkey_sha1_with_unmatching_key_id(*system));	2✔
271	results.push_back(find_cert_by_subject_dn(*system));	2✔
272	results.push_back(find_cert_by_subject_dn_and_key_id(*system));	2✔
273	results.push_back(find_all_certs_by_subject_dn(*system));	2✔
274	results.push_back(find_certs_by_subject_dn_and_key_id(*system));	2✔
275	results.push_back(find_all_subjects(*system));	2✔
276	results.push_back(no_certificate_matches(*system));	2✔
277	results.push_back(find_cert_by_utf8_subject_dn(*system));	2✔
278	#if defined(BOTAN_HAS_CERTSTOR_MACOS)
279	results.push_back(certificate_matching_with_dn_normalization(*system));
280	#endif
281
282	return results;	1✔
283	}	2✔
284	};
285
286	BOTAN_REGISTER_TEST("x509", "certstor_system", Certstor_System_Tests);
287
288	} // namespace
289
290	} // namespace Botan_Tests
291
292	#endif

randombit / botan / 5111374265

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous