diff --git a/test/unitTest/certstore.cpp b/test/unitTest/certstore.cpp
index 1c84112386bff9b337a4c966e80a8aa4b2aaeedf..6e59541e2d3ba99a2f763b5e9465ee2f26d8e732 100644
--- a/test/unitTest/certstore.cpp
+++ b/test/unitTest/certstore.cpp
@@ -26,9 +26,11 @@
#include "security/certstore.h"
-namespace jami { namespace test {
+namespace jami {
+namespace test {
-class CertStoreTest : public CppUnit::TestFixture {
+class CertStoreTest : public CppUnit::TestFixture
+{
public:
static std::string name() { return "certstore"; }
@@ -46,28 +48,66 @@ void
CertStoreTest::trustStoreTest()
{
jami::tls::TrustStore trustStore;
+ auto& certStore = jami::tls::CertificateStore::instance();
auto ca = dht::crypto::generateIdentity("test CA");
auto account = dht::crypto::generateIdentity("test account", ca, 4096, true);
auto device = dht::crypto::generateIdentity("test device", account);
auto device2 = dht::crypto::generateIdentity("test device 2", account);
-
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::UNDEFINED);
+ auto storeSize = certStore.getPinnedCertificates().size();
+ auto id = ca.second->getId().toString();
+ auto pinned = certStore.getPinnedCertificates();
+ CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
+ == pinned.end());
+
+ // Test certificate status
+ auto certAllowed = trustStore.getCertificatesByStatus(
+ jami::tls::TrustStore::PermissionStatus::ALLOWED);
+ CPPUNIT_ASSERT(
+ std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; })
+ == certAllowed.end());
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(id)
+ == jami::tls::TrustStore::PermissionStatus::UNDEFINED);
trustStore.setCertificateStatus(ca.second, jami::tls::TrustStore::PermissionStatus::ALLOWED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::ALLOWED);
+ certAllowed = trustStore.getCertificatesByStatus(
+ jami::tls::TrustStore::PermissionStatus::ALLOWED);
+ CPPUNIT_ASSERT(
+ std::find_if(certAllowed.begin(), certAllowed.end(), [&](auto v) { return v == id; })
+ != certAllowed.end());
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(id)
+ == jami::tls::TrustStore::PermissionStatus::ALLOWED);
trustStore.setCertificateStatus(ca.second, jami::tls::TrustStore::PermissionStatus::UNDEFINED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::UNDEFINED);
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(id)
+ == jami::tls::TrustStore::PermissionStatus::UNDEFINED);
trustStore.setCertificateStatus(ca.second, jami::tls::TrustStore::PermissionStatus::ALLOWED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::ALLOWED);
-
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(id)
+ == jami::tls::TrustStore::PermissionStatus::ALLOWED);
+
+ // Test getPinnedCertificates
+ pinned = certStore.getPinnedCertificates();
+ CPPUNIT_ASSERT(pinned.size() == storeSize + 2 /* account + device */);
+ CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
+ != pinned.end());
+
+ // Test findCertificateByUID & findIssuer
+ CPPUNIT_ASSERT(!certStore.findCertificateByUID("NON_EXISTING_ID"));
+ auto cert = certStore.findCertificateByUID(id);
+ CPPUNIT_ASSERT(cert);
+ auto issuer = certStore.findIssuer(cert);
+ CPPUNIT_ASSERT(issuer);
+ CPPUNIT_ASSERT(issuer->getId().toString() == id);
+
+ // Test is allowed
CPPUNIT_ASSERT(trustStore.isAllowed(*ca.second));
CPPUNIT_ASSERT(trustStore.isAllowed(*account.second));
CPPUNIT_ASSERT(trustStore.isAllowed(*device.second));
// Ban device
trustStore.setCertificateStatus(device.second, jami::tls::TrustStore::PermissionStatus::BANNED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(device.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::BANNED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::ALLOWED);
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(device.second->getId().toString())
+ == jami::tls::TrustStore::PermissionStatus::BANNED);
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(id)
+ == jami::tls::TrustStore::PermissionStatus::ALLOWED);
CPPUNIT_ASSERT(trustStore.isAllowed(*ca.second));
CPPUNIT_ASSERT(trustStore.isAllowed(*account.second));
@@ -75,29 +115,49 @@ CertStoreTest::trustStoreTest()
// Ban account
trustStore.setCertificateStatus(account.second, jami::tls::TrustStore::PermissionStatus::BANNED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(account.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::BANNED);
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(account.second->getId().toString())
+ == jami::tls::TrustStore::PermissionStatus::BANNED);
CPPUNIT_ASSERT(trustStore.isAllowed(*ca.second));
CPPUNIT_ASSERT(not trustStore.isAllowed(*account.second));
CPPUNIT_ASSERT(not trustStore.isAllowed(*device2.second));
// Unban account
- trustStore.setCertificateStatus(account.second, jami::tls::TrustStore::PermissionStatus::ALLOWED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(account.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::ALLOWED);
+ trustStore.setCertificateStatus(account.second,
+ jami::tls::TrustStore::PermissionStatus::ALLOWED);
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(account.second->getId().toString())
+ == jami::tls::TrustStore::PermissionStatus::ALLOWED);
CPPUNIT_ASSERT(trustStore.isAllowed(*ca.second));
CPPUNIT_ASSERT(trustStore.isAllowed(*account.second));
CPPUNIT_ASSERT(trustStore.isAllowed(*device2.second));
// Ban CA
trustStore.setCertificateStatus(ca.second, jami::tls::TrustStore::PermissionStatus::BANNED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::BANNED);
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString())
+ == jami::tls::TrustStore::PermissionStatus::BANNED);
CPPUNIT_ASSERT(not trustStore.isAllowed(*ca.second));
CPPUNIT_ASSERT(not trustStore.isAllowed(*account.second));
CPPUNIT_ASSERT(not trustStore.isAllowed(*device2.second));
trustStore.setCertificateStatus(ca.second, jami::tls::TrustStore::PermissionStatus::BANNED);
- CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString()) == jami::tls::TrustStore::PermissionStatus::BANNED);
+ CPPUNIT_ASSERT(trustStore.getCertificateStatus(ca.second->getId().toString())
+ == jami::tls::TrustStore::PermissionStatus::BANNED);
+
+ // Test unpin
+ certStore.unpinCertificate(id);
+ pinned = certStore.getPinnedCertificates();
+ CPPUNIT_ASSERT(std::find_if(pinned.begin(), pinned.end(), [&](auto v) { return v == id; })
+ == pinned.end());
+
+ // Test statusToStr
+ CPPUNIT_ASSERT(strcmp(jami::tls::statusToStr(jami::tls::TrustStatus::TRUSTED),
+ DRing::Certificate::TrustStatus::TRUSTED)
+ == 0);
+ CPPUNIT_ASSERT(strcmp(jami::tls::statusToStr(jami::tls::TrustStatus::UNTRUSTED),
+ DRing::Certificate::TrustStatus::UNTRUSTED)
+ == 0);
}
-}} // namespace jami::test
+} // namespace test
+} // namespace jami
RING_TEST_RUNNER(jami::test::CertStoreTest::name());