summaryrefslogtreecommitdiff
path: root/app/src/test
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2021-12-16 23:45:41 +0100
committercyBerta <cyberta@riseup.net>2021-12-17 01:09:57 +0100
commit8411cd82c0572e0e871c1cf93e0d4c05b35fb999 (patch)
treecb659af65a1b3baef5285a395c3cdfa2251c8187 /app/src/test
parent8e5ce3e312f03035314b6ab036c625f83a515fc7 (diff)
allow to parse and handle multiple certs in a pem file
Diffstat (limited to 'app/src/test')
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java2
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java69
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java5
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java26
-rw-r--r--app/src/test/resources/float.hexacab.org.pem42
5 files changed, 141 insertions, 3 deletions
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
index d6ee0def..f3fd5dbb 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java
@@ -322,6 +322,7 @@ public class ProviderApiManagerTest {
public void test_handleIntentSetupProvider_preseededProviderAndCA_outdatedCertificate() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, JSONException {
Provider provider = getProvider(null ,null, null, null, "outdated_cert.pem", null, null, null);
mockProviderApiConnector(NO_ERROR);
+ mockConfigHelper("a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494");
providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback());
Bundle expectedResult = mockBundle();
@@ -343,6 +344,7 @@ public class ProviderApiManagerTest {
public void test_handleIntentSetupProvider_storedProviderAndCAFromPreviousSetup_outdatedCertificate() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, JSONException {
Provider provider = getConfiguredProvider(); //new Provider("https://riseup.net");
mockProviderApiConnector(NO_ERROR);
+ mockConfigHelper("a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494");
mockPreferences.edit().putString(Provider.KEY + ".riseup.net", getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.json"))).apply();
mockPreferences.edit().putString(Provider.CA_CERT + ".riseup.net", getInputAsString(getClass().getClassLoader().getResourceAsStream("outdated_cert.pem"))).apply();
providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback());
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java
new file mode 100644
index 00000000..32c0d0e4
--- /dev/null
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java
@@ -0,0 +1,69 @@
+package se.leap.bitmaskclient.eip;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Calendar;
+
+import se.leap.bitmaskclient.base.utils.ConfigHelper;
+import se.leap.bitmaskclient.testutils.TestCalendarProvider;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static se.leap.bitmaskclient.testutils.MockHelper.mockConfigHelper;
+import static se.leap.bitmaskclient.testutils.TestSetupHelper.getInputAsString;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ConfigHelper.class})
+public class VpnCertificateValidatorTest {
+
+ @Before
+ public void setup() {
+ }
+
+ @Test
+ public void test_isValid() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
+ String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.pem"));
+ Calendar c = new Calendar.Builder().setDate(2018, 1, 1).setCalendarType("gregorian").build();
+ mockConfigHelper("falseFingerPrint");
+ VpnCertificateValidator validator = new VpnCertificateValidator(cert);
+ validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
+ assertTrue( validator.isValid());
+ }
+
+ @Test
+ public void test_isValid_lessThan15days_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
+ String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.pem"));
+ Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build();
+ mockConfigHelper("falseFingerPrint");
+ VpnCertificateValidator validator = new VpnCertificateValidator(cert);
+ validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
+ assertFalse( validator.isValid());
+ }
+
+ @Test
+ public void test_isValid_multipleCerts_failIfOneExpires() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
+ String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem"));
+ Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build();
+ mockConfigHelper("falseFingerPrint");
+ VpnCertificateValidator validator = new VpnCertificateValidator(cert);
+ validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
+ assertFalse(validator.isValid());
+ }
+
+ @Test
+ public void test_isValid_multipleCerts_allValid() throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
+ String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem"));
+ Calendar c = new Calendar.Builder().setDate(2024, 4, 13).setCalendarType("gregorian").build();
+ mockConfigHelper("falseFingerPrint");
+ VpnCertificateValidator validator = new VpnCertificateValidator(cert);
+ validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis()));
+ assertFalse(validator.isValid());
+ }
+} \ No newline at end of file
diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java
index dd3053df..f80f41ed 100644
--- a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java
+++ b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java
@@ -38,7 +38,6 @@ import java.util.Vector;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
-import okhttp3.Connection;
import okhttp3.OkHttpClient;
import se.leap.bitmaskclient.R;
import se.leap.bitmaskclient.base.models.Provider;
@@ -413,7 +412,7 @@ public class MockHelper {
mockStatic(ConfigHelper.class);
when(ConfigHelper.getFingerprintFromCertificate(any(X509Certificate.class), anyString())).thenReturn(mockedFingerprint);
when(ConfigHelper.checkErroneousDownload(anyString())).thenCallRealMethod();
- when(ConfigHelper.parseX509CertificateFromString(anyString())).thenCallRealMethod();
+ when(ConfigHelper.parseX509CertificatesFromString(anyString())).thenCallRealMethod();
when(ConfigHelper.getProviderFormattedString(any(Resources.class), anyInt())).thenCallRealMethod();
when(ConfigHelper.timezoneDistance(anyInt(), anyInt())).thenCallRealMethod();
when(ConfigHelper.isIPv4(anyString())).thenCallRealMethod();
@@ -507,7 +506,7 @@ public class MockHelper {
mockStatic(ConfigHelper.class);
when(ConfigHelper.getFingerprintFromCertificate(any(X509Certificate.class), anyString())).thenReturn(mockedFingerprint);
when(ConfigHelper.checkErroneousDownload(anyString())).thenCallRealMethod();
- when(ConfigHelper.parseX509CertificateFromString(anyString())).thenCallRealMethod();
+ when(ConfigHelper.parseX509CertificatesFromString(anyString())).thenCallRealMethod();
when(ConfigHelper.getProviderFormattedString(any(Resources.class), anyInt())).thenCallRealMethod();
}
diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java b/app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java
new file mode 100644
index 00000000..ea202ab4
--- /dev/null
+++ b/app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java
@@ -0,0 +1,26 @@
+package se.leap.bitmaskclient.testutils;
+
+import java.util.Calendar;
+
+import se.leap.bitmaskclient.eip.CalendarProviderInterface;
+
+/**
+ * Created by cyberta on 13.09.17.
+ */
+
+public class TestCalendarProvider implements CalendarProviderInterface {
+
+ private long currentTimeInMillis = 0;
+
+ public TestCalendarProvider(long currentTimeInMillis) {
+ this.currentTimeInMillis = currentTimeInMillis;
+ }
+
+ @Override
+ public Calendar getCalendar() {
+ Calendar calendar = Calendar.getInstance();
+ calendar.setTimeInMillis(currentTimeInMillis);
+ return calendar;
+ }
+
+}
diff --git a/app/src/test/resources/float.hexacab.org.pem b/app/src/test/resources/float.hexacab.org.pem
new file mode 100644
index 00000000..96306a8c
--- /dev/null
+++ b/app/src/test/resources/float.hexacab.org.pem
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl
+dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE
+AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw
+NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM
+Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv
+b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m
+TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a
+7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE
+LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY
+iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK
+5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx
+HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58
+m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF
+PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q
+hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj
+shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k
+ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu
+f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD
+VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB
+AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v
+qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/
+3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ
+4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7
+3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch
+Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf
+Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg
+tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF
+tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ
+UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp
+0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBYjCCAQigAwIBAgIBATAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxMRUFQIFJv
+b3QgQ0EwHhcNMjExMTAyMTkwNTM3WhcNMjYxMTAyMTkxMDM3WjAXMRUwEwYDVQQD
+EwxMRUFQIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQxOXBGu+gf
+pjHzVteGTWL6XnFxtEnKMFpKaJkA/VOHmESzoLsZRQxt88GssxaqC01J17idQiqv
+zgNpedmtvFtyo0UwQzAOBgNVHQ8BAf8EBAMCAqQwEgYDVR0TAQH/BAgwBgEB/wIB
+ATAdBgNVHQ4EFgQUZdoUlJrCIUNFrpffAq+LQjnwEz4wCgYIKoZIzj0EAwIDSAAw
+RQIgfr3w4tnRG+NdI3LsGPlsRktGK20xHTzsB3orB0yC6cICIQCB+/9y8nmSStfN
+VUMUyk2hNd7/kC8nL222TTD7VZUtsg==
+-----END CERTIFICATE----- \ No newline at end of file