From 8411cd82c0572e0e871c1cf93e0d4c05b35fb999 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Thu, 16 Dec 2021 23:45:41 +0100 Subject: allow to parse and handle multiple certs in a pem file --- .../bitmaskclient/eip/ProviderApiManagerTest.java | 2 + .../eip/VpnCertificateValidatorTest.java | 69 ++++++++++++++++++++++ .../leap/bitmaskclient/testutils/MockHelper.java | 5 +- .../testutils/TestCalendarProvider.java | 26 ++++++++ app/src/test/resources/float.hexacab.org.pem | 42 +++++++++++++ 5 files changed, 141 insertions(+), 3 deletions(-) create mode 100644 app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java create mode 100644 app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java create mode 100644 app/src/test/resources/float.hexacab.org.pem (limited to 'app/src/test') diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java index d6ee0def..f3fd5dbb 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java @@ -322,6 +322,7 @@ public class ProviderApiManagerTest { public void test_handleIntentSetupProvider_preseededProviderAndCA_outdatedCertificate() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, JSONException { Provider provider = getProvider(null ,null, null, null, "outdated_cert.pem", null, null, null); mockProviderApiConnector(NO_ERROR); + mockConfigHelper("a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494"); providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback()); Bundle expectedResult = mockBundle(); @@ -343,6 +344,7 @@ public class ProviderApiManagerTest { public void test_handleIntentSetupProvider_storedProviderAndCAFromPreviousSetup_outdatedCertificate() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, JSONException { Provider provider = getConfiguredProvider(); //new Provider("https://riseup.net"); mockProviderApiConnector(NO_ERROR); + mockConfigHelper("a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494"); mockPreferences.edit().putString(Provider.KEY + ".riseup.net", getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.json"))).apply(); mockPreferences.edit().putString(Provider.CA_CERT + ".riseup.net", getInputAsString(getClass().getClassLoader().getResourceAsStream("outdated_cert.pem"))).apply(); providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback()); diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java new file mode 100644 index 00000000..32c0d0e4 --- /dev/null +++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java @@ -0,0 +1,69 @@ +package se.leap.bitmaskclient.eip; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import java.io.IOException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateEncodingException; +import java.util.Calendar; + +import se.leap.bitmaskclient.base.utils.ConfigHelper; +import se.leap.bitmaskclient.testutils.TestCalendarProvider; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static se.leap.bitmaskclient.testutils.MockHelper.mockConfigHelper; +import static se.leap.bitmaskclient.testutils.TestSetupHelper.getInputAsString; + +@RunWith(PowerMockRunner.class) +@PrepareForTest({ConfigHelper.class}) +public class VpnCertificateValidatorTest { + + @Before + public void setup() { + } + + @Test + public void test_isValid() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { + String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.pem")); + Calendar c = new Calendar.Builder().setDate(2018, 1, 1).setCalendarType("gregorian").build(); + mockConfigHelper("falseFingerPrint"); + VpnCertificateValidator validator = new VpnCertificateValidator(cert); + validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); + assertTrue( validator.isValid()); + } + + @Test + public void test_isValid_lessThan15days_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { + String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.pem")); + Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build(); + mockConfigHelper("falseFingerPrint"); + VpnCertificateValidator validator = new VpnCertificateValidator(cert); + validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); + assertFalse( validator.isValid()); + } + + @Test + public void test_isValid_multipleCerts_failIfOneExpires() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { + String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem")); + Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build(); + mockConfigHelper("falseFingerPrint"); + VpnCertificateValidator validator = new VpnCertificateValidator(cert); + validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); + assertFalse(validator.isValid()); + } + + @Test + public void test_isValid_multipleCerts_allValid() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { + String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem")); + Calendar c = new Calendar.Builder().setDate(2024, 4, 13).setCalendarType("gregorian").build(); + mockConfigHelper("falseFingerPrint"); + VpnCertificateValidator validator = new VpnCertificateValidator(cert); + validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); + assertFalse(validator.isValid()); + } +} \ No newline at end of file diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java index dd3053df..f80f41ed 100644 --- a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java @@ -38,7 +38,6 @@ import java.util.Vector; import java.util.concurrent.TimeoutException; import java.util.concurrent.atomic.AtomicBoolean; -import okhttp3.Connection; import okhttp3.OkHttpClient; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.base.models.Provider; @@ -413,7 +412,7 @@ public class MockHelper { mockStatic(ConfigHelper.class); when(ConfigHelper.getFingerprintFromCertificate(any(X509Certificate.class), anyString())).thenReturn(mockedFingerprint); when(ConfigHelper.checkErroneousDownload(anyString())).thenCallRealMethod(); - when(ConfigHelper.parseX509CertificateFromString(anyString())).thenCallRealMethod(); + when(ConfigHelper.parseX509CertificatesFromString(anyString())).thenCallRealMethod(); when(ConfigHelper.getProviderFormattedString(any(Resources.class), anyInt())).thenCallRealMethod(); when(ConfigHelper.timezoneDistance(anyInt(), anyInt())).thenCallRealMethod(); when(ConfigHelper.isIPv4(anyString())).thenCallRealMethod(); @@ -507,7 +506,7 @@ public class MockHelper { mockStatic(ConfigHelper.class); when(ConfigHelper.getFingerprintFromCertificate(any(X509Certificate.class), anyString())).thenReturn(mockedFingerprint); when(ConfigHelper.checkErroneousDownload(anyString())).thenCallRealMethod(); - when(ConfigHelper.parseX509CertificateFromString(anyString())).thenCallRealMethod(); + when(ConfigHelper.parseX509CertificatesFromString(anyString())).thenCallRealMethod(); when(ConfigHelper.getProviderFormattedString(any(Resources.class), anyInt())).thenCallRealMethod(); } diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java b/app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java new file mode 100644 index 00000000..ea202ab4 --- /dev/null +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/TestCalendarProvider.java @@ -0,0 +1,26 @@ +package se.leap.bitmaskclient.testutils; + +import java.util.Calendar; + +import se.leap.bitmaskclient.eip.CalendarProviderInterface; + +/** + * Created by cyberta on 13.09.17. + */ + +public class TestCalendarProvider implements CalendarProviderInterface { + + private long currentTimeInMillis = 0; + + public TestCalendarProvider(long currentTimeInMillis) { + this.currentTimeInMillis = currentTimeInMillis; + } + + @Override + public Calendar getCalendar() { + Calendar calendar = Calendar.getInstance(); + calendar.setTimeInMillis(currentTimeInMillis); + return calendar; + } + +} diff --git a/app/src/test/resources/float.hexacab.org.pem b/app/src/test/resources/float.hexacab.org.pem new file mode 100644 index 00000000..96306a8c --- /dev/null +++ b/app/src/test/resources/float.hexacab.org.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl +dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE +AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw +NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM +Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv +b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m +TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a +7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE +LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY +iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK +5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx +HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58 +m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF +PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q +hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj +shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k +ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu +f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD +VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB +AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v +qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/ +3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ +4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7 +3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch +Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf +Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg +tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF +tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ +UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp +0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBYjCCAQigAwIBAgIBATAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxMRUFQIFJv +b3QgQ0EwHhcNMjExMTAyMTkwNTM3WhcNMjYxMTAyMTkxMDM3WjAXMRUwEwYDVQQD +EwxMRUFQIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQxOXBGu+gf +pjHzVteGTWL6XnFxtEnKMFpKaJkA/VOHmESzoLsZRQxt88GssxaqC01J17idQiqv +zgNpedmtvFtyo0UwQzAOBgNVHQ8BAf8EBAMCAqQwEgYDVR0TAQH/BAgwBgEB/wIB +ATAdBgNVHQ4EFgQUZdoUlJrCIUNFrpffAq+LQjnwEz4wCgYIKoZIzj0EAwIDSAAw +RQIgfr3w4tnRG+NdI3LsGPlsRktGK20xHTzsB3orB0yC6cICIQCB+/9y8nmSStfN +VUMUyk2hNd7/kC8nL222TTD7VZUtsg== +-----END CERTIFICATE----- \ No newline at end of file -- cgit v1.2.3