Fix and adjust TLSTest to Windows SChannel backend

Test-Information: ./scons test=system Swiften/QA/TLSTest passes on Windows 8. Change-Id: I688ec5d0022c02879ff56029d724e6dd30b89a99
author: Tobias Markmann <tm@ayena.de> 2016-02-08 16:08:16 (GMT)
committer: Tobias Markmann <tm@ayena.de> 2016-02-08 16:08:16 (GMT)
commit: 915c0875428e73e9e41a5da05f9d80671da9533c (patch)
tree: 0df94c4bf3bc9cd0789121433385fa125e79879f
parent: 27211ac2ca11c6ac259bc09bb81a7ed297a9d07d (diff)
download: swift-915c0875428e73e9e41a5da05f9d80671da9533c.zip
swift-915c0875428e73e9e41a5da05f9d80671da9533c.tar.bz2
3 files changed, 22 insertions, 5 deletions
diff --git a/Swiften/QA/TLSTest/CertificateErrorTest.cpp b/Swiften/QA/TLSTest/CertificateErrorTest.cpp
index 3b33e8e..1d87994 100644
--- a/Swiften/QA/TLSTest/CertificateErrorTest.cpp
+++ b/Swiften/QA/TLSTest/CertificateErrorTest.cpp
@@ -97,61 +97,66 @@ class CertificateErrorTest : public CppUnit::TestFixture {
 		void connectToServer(boost::shared_ptr<TLSConnection> connection, const std::string& hostname, int port) {
 			connection->onConnectFinished.connect(boost::bind(&CertificateErrorTest::handleConnectFinished, this, _1));
 
 			HostAddress address = resolveName(hostname);
 
 			connection->connect(HostAddressPort(address, port));
 
 			while (!connectFinished_) {
 				eventLoop_->processEvents();
 			}
 		}
 
 		void testTLS_O_MaticTrusted() {
 			boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
 			TLSContext* context = connection->getTLSContext();
 
 			connectToServer(connection, "test1.tls-o-matic.com", 443);
 	
 			CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
 			CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::ref(), context->getPeerCertificateVerificationError());
 		}
 
 		void testTLS_O_MaticCertificateFromTheFuture() {
 			boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
 			TLSContext* context = connection->getTLSContext();
 
 			connectToServer(connection, "test5.tls-o-matic.com", 405);
 
 			CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
 			CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
+#if defined(HAVE_SCHANNEL)
+			// Windows SChannel API does not differentiate between expired and not yet valid.
+			CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Expired, context->getPeerCertificateVerificationError()->getType());
+#else
 			CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::NotYetValid, context->getPeerCertificateVerificationError()->getType());
+#endif
 		}
 
 		void testTLS_O_MaticCertificateFromThePast() {
 			boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
 			TLSContext* context = connection->getTLSContext();
 
 			connectToServer(connection, "test6.tls-o-matic.com", 406);
 
 			CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
 			CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
 			CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Expired, context->getPeerCertificateVerificationError()->getType());
 		}
 
 		void testTLS_O_MaticCertificateFromUnknownCA() {
 			boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
 			TLSContext* context = connection->getTLSContext();
 
 			connectToServer(connection, "test7.tls-o-matic.com", 407);
 
 			CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
 			CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
 			CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Untrusted, context->getPeerCertificateVerificationError()->getType());
 		}
 
 		// test14.tls-o-matic.com:414
 		void testTLS_O_MaticCertificateWrongPurpose() {
 			boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
 			TLSContext* context = connection->getTLSContext();
 
 			connectToServer(connection, "test14.tls-o-matic.com", 414);
diff --git a/Swiften/QA/TLSTest/SConscript b/Swiften/QA/TLSTest/SConscript
index c597ab1..0ac50e6 100644
--- a/Swiften/QA/TLSTest/SConscript
+++ b/Swiften/QA/TLSTest/SConscript
@@ -1,17 +1,24 @@
 import os
 
 Import("env")
 
 if env["TEST"] :
 	myenv = env.Clone()
 	myenv.MergeFlags(myenv["CHECKER_FLAGS"])
 	myenv.MergeFlags(myenv["SWIFTOOLS_FLAGS"])
 	myenv.MergeFlags(myenv["SWIFTEN_FLAGS"])
 	myenv.MergeFlags(myenv["SWIFTEN_DEP_FLAGS"])
 	myenv.MergeFlags(myenv["CPPUNIT_FLAGS"])
 	
+	if myenv.get("HAVE_OPENSSL", 0) :
+		myenv.Append(CPPDEFINES = "HAVE_OPENSSL")
+	elif myenv.get("HAVE_SCHANNEL", 0) :
+		myenv.Append(CPPDEFINES = "HAVE_SCHANNEL")
+	elif myenv.get("HAVE_SECURETRANSPORT", 0) :
+		myenv.Append(CPPDEFINES = "HAVE_SECURETRANSPORT")
+	
 	tester = myenv.Program("TLSTest", [
 			"CertificateTest.cpp",
 			"CertificateErrorTest.cpp"
 		])
-	myenv.Test(tester, "system")
+	myenv.Test(tester, "system")
+\ No newline at end of file
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 70ff7dd..62aa137 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -1,49 +1,51 @@
 /*
  * Copyright (c) 2011 Soren Dreijer
  * Licensed under the simplified BSD license.
  * See Documentation/Licenses/BSD-simplified.txt for more information.
  */
 
 /*
- * Copyright (c) 2012-2015 Isode Limited.
+ * Copyright (c) 2012-2016 Isode Limited.
  * All rights reserved.
  * See the COPYING file for more information.
  */
 
+#include <Swiften/TLS/Schannel/SchannelContext.h>
+
 #include <boost/bind.hpp>
 
-#include <Swiften/TLS/Schannel/SchannelContext.h>
-#include <Swiften/TLS/Schannel/SchannelCertificate.h>
-#include <Swiften/TLS/CAPICertificate.h>
 #include <WinHTTP.h> /* For SECURITY_FLAG_IGNORE_CERT_CN_INVALID */
 
+#include <Swiften/TLS/CAPICertificate.h>
+#include <Swiften/TLS/Schannel/SchannelCertificate.h>
+
 namespace Swift {
 
 //------------------------------------------------------------------------
 
 SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround), disconnectOnCardRemoval_(true) {
 	contextFlags_ = ISC_REQ_ALLOCATE_MEMORY |
 				ISC_REQ_CONFIDENTIALITY |
 				ISC_REQ_EXTENDED_ERROR |
 				ISC_REQ_INTEGRITY |
 				ISC_REQ_REPLAY_DETECT |
 				ISC_REQ_SEQUENCE_DETECT |
 				ISC_REQ_USE_SUPPLIED_CREDS |
 				ISC_REQ_STREAM;
 
 	ZeroMemory(&streamSizes_, sizeof(streamSizes_));
 }
 
 //------------------------------------------------------------------------
 
 SchannelContext::~SchannelContext() {
 	if (myCertStore_) CertCloseStore(myCertStore_, 0);
 }
 
 //------------------------------------------------------------------------
 
 void SchannelContext::determineStreamSizes() {
 	QueryContextAttributes(contextHandle_, SECPKG_ATTR_STREAM_SIZES, &streamSizes_);
 }
 
 //------------------------------------------------------------------------
@@ -365,60 +367,63 @@ void SchannelContext::continueHandshake(const SafeByteArray& data) {
 
 //------------------------------------------------------------------------
 
 void SchannelContext::handleCertError(SECURITY_STATUS status)
 {
 	if (status == SEC_E_UNTRUSTED_ROOT			||
 		status == CERT_E_UNTRUSTEDROOT			||
 		status == CRYPT_E_ISSUER_SERIALNUMBER	||
 		status == CRYPT_E_SIGNER_NOT_FOUND		||
 		status == CRYPT_E_NO_TRUSTED_SIGNER) {
 		verificationError_ = CertificateVerificationError::Untrusted;
 	}
 	else if (status == SEC_E_CERT_EXPIRED ||
 			 status == CERT_E_EXPIRED) {
 		verificationError_ = CertificateVerificationError::Expired;
 	}
 	else if (status == CRYPT_E_SELF_SIGNED) {
 		verificationError_ = CertificateVerificationError::SelfSigned;
 	}
 	else if (status == CRYPT_E_HASH_VALUE	||
 			 status == TRUST_E_CERT_SIGNATURE) {
 		verificationError_ = CertificateVerificationError::InvalidSignature;
 	}
 	else if (status == CRYPT_E_REVOKED) {
 		verificationError_ = CertificateVerificationError::Revoked;
 	}
 	else if (status == CRYPT_E_NO_REVOCATION_CHECK ||
 			 status == CRYPT_E_REVOCATION_OFFLINE) {
 		verificationError_ = CertificateVerificationError::RevocationCheckFailed;
 	}
+	else if (status == CERT_E_WRONG_USAGE) {
+		verificationError_ = CertificateVerificationError::InvalidPurpose;
+	}
 	else {
 		verificationError_ = CertificateVerificationError::UnknownError;
 	}
 }
 
 //------------------------------------------------------------------------
 
 void SchannelContext::sendDataOnNetwork(const void* pData, size_t dataSize) {
 	if (dataSize > 0 && pData) {
 		SafeByteArray byteArray(dataSize);
 		memcpy(&byteArray[0], pData, dataSize);
 
 		onDataForNetwork(byteArray);
 	}
 }
 
 //------------------------------------------------------------------------
 
 void SchannelContext::forwardDataToApplication(const void* pData, size_t dataSize) {
 	SafeByteArray byteArray(dataSize);
 	memcpy(&byteArray[0], pData, dataSize);
 
 	onDataForApplication(byteArray);
 }
 
 //------------------------------------------------------------------------
 
 void SchannelContext::handleDataFromApplication(const SafeByteArray& data) {
 	// Don't attempt to send data until we're fully connected
 	if (state_ == Connecting) {
author	Tobias Markmann <tm@ayena.de>	2016-02-08 16:08:16 (GMT)
committer	Tobias Markmann <tm@ayena.de>	2016-02-08 16:08:16 (GMT)
commit	915c0875428e73e9e41a5da05f9d80671da9533c (patch)
tree	0df94c4bf3bc9cd0789121433385fa125e79879f
parent	27211ac2ca11c6ac259bc09bb81a7ed297a9d07d (diff)
download	swift-915c0875428e73e9e41a5da05f9d80671da9533c.zip swift-915c0875428e73e9e41a5da05f9d80671da9533c.tar.bz2