Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/QA/TLSTest/CertificateErrorTest.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/QA/TLSTest/CertificateErrorTest.cpp')
-rw-r--r--Swiften/QA/TLSTest/CertificateErrorTest.cpp14
1 files changed, 7 insertions, 7 deletions
diff --git a/Swiften/QA/TLSTest/CertificateErrorTest.cpp b/Swiften/QA/TLSTest/CertificateErrorTest.cpp
index e69af0b..3b33e8e 100644
--- a/Swiften/QA/TLSTest/CertificateErrorTest.cpp
+++ b/Swiften/QA/TLSTest/CertificateErrorTest.cpp
@@ -1,47 +1,47 @@
/*
- * Copyright (c) 2015 Isode Limited.
+ * Copyright (c) 2015-2016 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
/*
This file uses http://www.tls-o-matic.com/ to test the currently configured TLS backend for correct certificate validation behavior.
*/
#include <cppunit/extensions/HelperMacros.h>
#include <cppunit/extensions/TestFactoryRegistry.h>
#include <Swiften/Base/Log.h>
#include <Swiften/EventLoop/DummyEventLoop.h>
-#include <Swiften/IDN/PlatformIDNConverter.h>
#include <Swiften/IDN/IDNConverter.h>
+#include <Swiften/IDN/PlatformIDNConverter.h>
#include <Swiften/Network/BoostConnectionFactory.h>
#include <Swiften/Network/BoostIOServiceThread.h>
#include <Swiften/Network/HostAddressPort.h>
#include <Swiften/Network/PlatformDomainNameResolver.h>
#include <Swiften/Network/TLSConnection.h>
#include <Swiften/Network/TLSConnectionFactory.h>
#include <Swiften/TLS/CertificateVerificationError.h>
#include <Swiften/TLS/PlatformTLSFactories.h>
#include <Swiften/TLS/TLSContext.h>
#include <Swiften/TLS/TLSContextFactory.h>
using namespace Swift;
class CertificateErrorTest : public CppUnit::TestFixture {
CPPUNIT_TEST_SUITE(CertificateErrorTest);
// These test require the TLS-O-Matic testing CA to be trusted. For more info see https://www.tls-o-matic.com/https/test1 .
CPPUNIT_TEST(testTLS_O_MaticTrusted);
CPPUNIT_TEST(testTLS_O_MaticCertificateFromTheFuture);
CPPUNIT_TEST(testTLS_O_MaticCertificateFromThePast);
CPPUNIT_TEST(testTLS_O_MaticCertificateFromUnknownCA);
CPPUNIT_TEST(testTLS_O_MaticCertificateWrongPurpose);
#if !defined(HAVE_OPENSSL)
// Our OpenSSL backend does not support revocation. We excluded it from the revocation tests.
CPPUNIT_TEST(testRevokedCertificateRevocationDisabled);
CPPUNIT_TEST(testRevokedCertificateRevocationEnabled);
#endif
CPPUNIT_TEST_SUITE_END();
@@ -95,118 +95,118 @@ class CertificateErrorTest : public CppUnit::TestFixture {
}
void connectToServer(boost::shared_ptr<TLSConnection> connection, const std::string& hostname, int port) {
connection->onConnectFinished.connect(boost::bind(&CertificateErrorTest::handleConnectFinished, this, _1));
HostAddress address = resolveName(hostname);
connection->connect(HostAddressPort(address, port));
while (!connectFinished_) {
eventLoop_->processEvents();
}
}
void testTLS_O_MaticTrusted() {
boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
TLSContext* context = connection->getTLSContext();
connectToServer(connection, "test1.tls-o-matic.com", 443);
CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::ref(), context->getPeerCertificateVerificationError());
}
void testTLS_O_MaticCertificateFromTheFuture() {
boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
TLSContext* context = connection->getTLSContext();
connectToServer(connection, "test5.tls-o-matic.com", 405);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::NotYetValid, context->getPeerCertificateVerificationError()->getType());
}
void testTLS_O_MaticCertificateFromThePast() {
boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
TLSContext* context = connection->getTLSContext();
connectToServer(connection, "test6.tls-o-matic.com", 406);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Expired, context->getPeerCertificateVerificationError()->getType());
}
void testTLS_O_MaticCertificateFromUnknownCA() {
boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
TLSContext* context = connection->getTLSContext();
connectToServer(connection, "test7.tls-o-matic.com", 407);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Untrusted, context->getPeerCertificateVerificationError()->getType());
}
// test14.tls-o-matic.com:414
void testTLS_O_MaticCertificateWrongPurpose() {
boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
TLSContext* context = connection->getTLSContext();
connectToServer(connection, "test14.tls-o-matic.com", 414);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::InvalidPurpose, context->getPeerCertificateVerificationError()->getType());
}
void testRevokedCertificateRevocationDisabled() {
tlsContextFactory_->setCheckCertificateRevocation(false);
boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
TLSContext* context = connection->getTLSContext();
connectToServer(connection, "revoked.grc.com", 443);
CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(!context->getPeerCertificateVerificationError());
}
void testRevokedCertificateRevocationEnabled() {
tlsContextFactory_->setCheckCertificateRevocation(true);
boost::shared_ptr<TLSConnection> connection = boost::dynamic_pointer_cast<TLSConnection>(tlsConnectionFactory_->createConnection());
TLSContext* context = connection->getTLSContext();
connectToServer(connection, "revoked.grc.com", 443);
- CPPUNIT_ASSERT_EQUAL(true, connectFinishedWithError_);
+ CPPUNIT_ASSERT_EQUAL(false, connectFinishedWithError_);
CPPUNIT_ASSERT(context->getPeerCertificateVerificationError());
CPPUNIT_ASSERT_EQUAL(CertificateVerificationError::Revoked, context->getPeerCertificateVerificationError()->getType());
}
private:
void handleAddressQueryResult(const std::vector<HostAddress>& address, boost::optional<DomainNameResolveError> /* error */) {
if (address.size() > 0) {
lastResoverResult_ = address[0];
}
resolvingDone_ = true;
}
void handleConnectFinished(bool error) {
connectFinished_ = true;
connectFinishedWithError_ = error;
}
private:
BoostIOServiceThread* boostIOServiceThread_;
boost::shared_ptr<boost::asio::io_service> boostIOService_;
DummyEventLoop* eventLoop_;
ConnectionFactory* connectionFactory_;
PlatformTLSFactories* tlsFactories_;
TLSContextFactory* tlsContextFactory_;
TLSConnectionFactory* tlsConnectionFactory_;
IDNConverter* idnConverter_;
DomainNameResolver* domainNameResolver_;
HostAddress lastResoverResult_;
bool resolvingDone_;