Added server identity check.

author: Remko Tronçon <git@el-tramo.be> 2010-11-10 21:02:12 (GMT)
committer: Remko Tronçon <git@el-tramo.be> 2010-11-11 12:50:12 (GMT)
commit: 91b828a6e94f15c675e03baff4d45a7feb939eb9 (patch)
tree: 2ca432e79b05b58235b0f791fc8e4a6dd0e96db7 /Swiften/TLS/UnitTest
parent: 2fec654b2345ba974b843a0868d580f9c12fdfea (diff)
download: swift-91b828a6e94f15c675e03baff4d45a7feb939eb9.zip
swift-91b828a6e94f15c675e03baff4d45a7feb939eb9.tar.bz2
1 files changed, 170 insertions, 0 deletions
diff --git a/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
new file mode 100644
index 0000000..a7fdbad
--- /dev/null
+++ b/Swiften/TLS/UnitTest/ServerIdentityVerifierTest.cpp
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2010 Remko Tronçon
+ * Licensed under the GNU General Public License v3.
+ * See Documentation/Licenses/GPLv3.txt for more information.
+ */
+
+#include "Swiften/Base/ByteArray.h"
+
+#include <cppunit/extensions/HelperMacros.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+#include <vector>
+
+#include "Swiften/TLS/ServerIdentityVerifier.h"
+#include "Swiften/TLS/SimpleCertificate.h"
+
+using namespace Swift;
+
+class ServerIdentityVerifierTest : public CppUnit::TestFixture {
+		CPPUNIT_TEST_SUITE(ServerIdentityVerifierTest);
+		CPPUNIT_TEST(testCertificateVerifies_WithoutMatchingDNSName);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSName);
+		CPPUNIT_TEST(testCertificateVerifies_WithSecondMatchingDNSName);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingInternationalDNSName);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSNameWithWildcard);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents);
+		CPPUNIT_TEST(testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithoutService);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithService);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithDifferentService);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddr);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddrWithWildcard);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingInternationalXmppAddr);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithoutSAN);
+		CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithMatchingSAN);
+		CPPUNIT_TEST_SUITE_END();
+
+	public:
+		void testCertificateVerifies_WithoutMatchingDNSName() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addDNSName("foo.com");
+
+			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingDNSName() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addDNSName("bar.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithSecondMatchingDNSName() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addDNSName("foo.com");
+			certificate->addDNSName("bar.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingInternationalDNSName() {
+			ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7on.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addDNSName("xn--tronon-zua.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingDNSNameWithWildcard() {
+			ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addDNSName("*.bar.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addDNSName("*.bar.com");
+
+			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents() {
+			ServerIdentityVerifier testling(JID("foo@xmpp.im.bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addDNSName("*.bar.com");
+
+			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingSRVNameWithoutService() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addSRVName("bar.com");
+
+			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingSRVNameWithService() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addSRVName("_xmpp-client.bar.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard() {
+			ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addSRVName("_xmpp-client.*.bar.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingSRVNameWithDifferentService() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addSRVName("_xmpp-server.bar.com");
+
+			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingXmppAddr() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addXMPPAddress("bar.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() {
+			ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addXMPPAddress("*.bar.com");
+
+			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingInternationalXmppAddr() {
+			ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addXMPPAddress("tron\xc3\xa7.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingCNWithoutSAN() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addCommonName("bar.com");
+
+			CPPUNIT_ASSERT(testling.certificateVerifies(certificate));
+		}
+
+		void testCertificateVerifies_WithMatchingCNWithMatchingSAN() {
+			ServerIdentityVerifier testling(JID("foo@bar.com/baz"));
+			SimpleCertificate::ref certificate(new SimpleCertificate());
+			certificate->addSRVName("foo.com");
+			certificate->addCommonName("bar.com");
+
+			CPPUNIT_ASSERT(!testling.certificateVerifies(certificate));
+		}
+};
+
+CPPUNIT_TEST_SUITE_REGISTRATION(ServerIdentityVerifierTest);
author	Remko Tronçon <git@el-tramo.be>	2010-11-10 21:02:12 (GMT)
committer	Remko Tronçon <git@el-tramo.be>	2010-11-11 12:50:12 (GMT)
commit	91b828a6e94f15c675e03baff4d45a7feb939eb9 (patch)
tree	2ca432e79b05b58235b0f791fc8e4a6dd0e96db7 /Swiften/TLS/UnitTest
parent	2fec654b2345ba974b843a0868d580f9c12fdfea (diff)
download	swift-91b828a6e94f15c675e03baff4d45a7feb939eb9.zip swift-91b828a6e94f15c675e03baff4d45a7feb939eb9.tar.bz2