/* * Copyright (c) 2010-2016 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ #include #include #include #include #include #include #include #include using namespace Swift; class ServerIdentityVerifierTest : public CppUnit::TestFixture { CPPUNIT_TEST_SUITE(ServerIdentityVerifierTest); CPPUNIT_TEST(testCertificateVerifies_WithoutMatchingDNSName); CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSName); CPPUNIT_TEST(testCertificateVerifies_WithSecondMatchingDNSName); CPPUNIT_TEST(testCertificateVerifies_WithMatchingInternationalDNSName); CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSNameWithWildcard); CPPUNIT_TEST(testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents); CPPUNIT_TEST(testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents); CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithoutService); CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithService); CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard); CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithDifferentService); CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddr); CPPUNIT_TEST(testCertificateVerifies_WithMatchingXmppAddrWithWildcard); CPPUNIT_TEST(testCertificateVerifies_WithMatchingInternationalXmppAddr); CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithoutSAN); CPPUNIT_TEST(testCertificateVerifies_WithMatchingCNWithSAN); CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithServerExpected); CPPUNIT_TEST(testCertificateVerifies_WithMatchingSRVNameWithClientUnexpected); CPPUNIT_TEST_SUITE_END(); public: void setUp() { idnConverter = std::shared_ptr(PlatformIDNConverter::create()); } void testCertificateVerifies_WithoutMatchingDNSName() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addDNSName("foo.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingDNSName() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addDNSName("bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithSecondMatchingDNSName() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addDNSName("foo.com"); certificate->addDNSName("bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingInternationalDNSName() { ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7on.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addDNSName("xn--tronon-zua.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingDNSNameWithWildcard() { ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addDNSName("*.bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addDNSName("*.bar.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents() { ServerIdentityVerifier testling(JID("foo@xmpp.im.bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addDNSName("*.bar.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingSRVNameWithoutService() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addSRVName("bar.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingSRVNameWithService() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addSRVName("_xmpp-client.bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard() { ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addSRVName("_xmpp-client.*.bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingSRVNameWithDifferentService() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addSRVName("_xmpp-server.bar.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingSRVNameWithServerExpected() { // Server-mode test which gets cert with "xmpp-server" SRV name ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get(), true); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addSRVName("_xmpp-server.bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingSRVNameWithClientUnexpected() { // Server-mode test which gets cert with "xmpp-client" SRV name ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get(), true); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addSRVName("_xmpp-client.bar.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingXmppAddr() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addXMPPAddress("bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() { ServerIdentityVerifier testling(JID("foo@im.bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addXMPPAddress("*.bar.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingInternationalXmppAddr() { ServerIdentityVerifier testling(JID("foo@tron\xc3\xa7.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addXMPPAddress("tron\xc3\xa7.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingCNWithoutSAN() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addCommonName("bar.com"); CPPUNIT_ASSERT(testling.certificateVerifies(certificate)); } void testCertificateVerifies_WithMatchingCNWithSAN() { ServerIdentityVerifier testling(JID("foo@bar.com/baz"), idnConverter.get()); SimpleCertificate::ref certificate(new SimpleCertificate()); certificate->addSRVName("foo.com"); certificate->addCommonName("bar.com"); CPPUNIT_ASSERT(!testling.certificateVerifies(certificate)); } std::shared_ptr idnConverter; }; CPPUNIT_TEST_SUITE_REGISTRATION(ServerIdentityVerifierTest);