Add unit tests and fix rootcerts creation bug

5 files changed, 218 insertions, 0 deletions

diff --git a/tests/data/certificates/badCertificate.crt b/tests/data/certificates/badCertificate.crt
new file mode 100644
index 00000000000..dcb1895fbad
--- /dev/null
+++ b/tests/data/certificates/badCertificate.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICATCCAWoCCQDNdmb4pJrUeDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE0MDgyNzA4NDg1MVoXDTE1MDgyNzA4NDg1MVowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvrMe
+x5D45HVMV2U4kqTU0mzHAihHT6r+OtO6g7S9yIlJZGGVcEet6An78Ow7aYM141eI
+Jfbvqql7OIblHXSw7mvkw4bOQ1ee5lmJYOYCgaMNJ6mBLJfpK9xwidb0ZvhWOA8P
+DLIiBKA3T5ChXCzilD5GF2+H/BXBE9lL9tuDjM0CAwEAATANBgkqhkiG9w0BAQUF
+AAOBgQCJwfJe7j+aNkopw+P8uxobfOnMWU9XC4Pu+39TVLeakeSqu2Y8vJSHmkjF
+WK3VXAJr33Eul5VP/3SWGwuRPd9X4i4iLh1gJfYvi9MJf1lQNYncGCM+xtdrNu2O
+u0yexkOBRrapDYjcv58BiOaFgvFLquKvtVj9HlcYRfwfM77uKQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/tests/data/certificates/expiredCertificate.crt b/tests/data/certificates/expiredCertificate.crt
new file mode 100644
index 00000000000..5e7e5df2cbf
--- /dev/null
+++ b/tests/data/certificates/expiredCertificate.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICATCCAWoCCQCjCIB6tCZ2sDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE0MDgyNzA5MTI0M1oXDTE0MDgyODA5MTI0M1owRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvrMe
+x5D45HVMV2U4kqTU0mzHAihHT6r+OtO6g7S9yIlJZGGVcEet6An78Ow7aYM141eI
+Jfbvqql7OIblHXSw7mvkw4bOQ1ee5lmJYOYCgaMNJ6mBLJfpK9xwidb0ZvhWOA8P
+DLIiBKA3T5ChXCzilD5GF2+H/BXBE9lL9tuDjM0CAwEAATANBgkqhkiG9w0BAQUF
+AAOBgQBuNClmOj3wudlX86nygcZgQT2+ZS8f1iJgM9lbrrkenT6tgcT1/YjcrN9C
+BZR29Wz7htflpqverLUGZXh72K+gYercyR16Zu7zjt/NWuZldZmzJ3bUGq2HSoCX
+2sDykAEuaDxUlzdJrztlOH4vPlRaGbxUogpC2hB1BQfxA90CIA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/tests/data/certificates/goodCertificate.crt b/tests/data/certificates/goodCertificate.crt
new file mode 100644
index 00000000000..4a5d7bd32fe
--- /dev/null
+++ b/tests/data/certificates/goodCertificate.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICazCCAdQCCQCySF7HjQD78DANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJD
+SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFjAUBgNVBAoTDW93
+bkNsb3VkIEluYy4xETAPBgNVBAsTCFNlY3VyaXR5MR4wHAYDVQQDExVzZWN1cml0
+eS5vd25jbG91ZC5jb20wHhcNMTQwODI3MDg0NTUyWhcNMTUwODI3MDg0NTUyWjB6
+MQswCQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gx
+FjAUBgNVBAoTDW93bkNsb3VkIEluYy4xETAPBgNVBAsTCFNlY3VyaXR5MR4wHAYD
+VQQDExVzZWN1cml0eS5vd25jbG91ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAL55lB4RvU0pTyh7YsLCxPBq43xxkRZBxfZENoflCIUsBo7/mXNz2zVO
+476oQ4L47heUOX3j8kemOgPmWEqA34JB8rusijCy5WqFBLnm4HsRLa66i+Jgd+Yl
+QhcKvhGas1K/CVTG4oSLoAmA2coZUL94uxnRtd8aluflHMNGApIlAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADgYEADo08zWdOtIvCKFDnLbzRwIjSYTlAtQtQaULv7KQe3qIn
+iaFAi6fAynHfdC8/2tvmSeniw0OZBkrfVGIVtUbwCSrljNSUY/lWrUR0pE61lb4r
+DpX0JZjlk48XEaErRVDfu3wq6n/2nYg6HnaLOPwt8OSYYrxzvXlFPrKBH3q6R+M=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/tests/lib/security/certificate.php b/tests/lib/security/certificate.php
new file mode 100644
index 00000000000..694d1f27011
--- /dev/null
+++ b/tests/lib/security/certificate.php
@@ -0,0 +1,90 @@
+<?php
+/**
+ * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+*/
+
+use \OC\Security\Certificate;
+
+class CertificateTest extends \PHPUnit_Framework_TestCase {
+
+	/** @var Certificate That contains a valid certificate */
+	protected $goodCertificate;
+	/** @var Certificate That contains an invalid certificate */
+	protected $invalidCertificate;
+	/** @var Certificate That contains an expired certificate */
+	protected $expiredCertificate;
+
+	function setUp() {
+		$goodCertificate = file_get_contents(__DIR__.'/../../data/certificates/goodCertificate.crt');
+		$this->goodCertificate = new Certificate($goodCertificate, 'GoodCertificate');
+		$badCertificate = file_get_contents(__DIR__.'/../../data/certificates/badCertificate.crt');
+		$this->invalidCertificate = new Certificate($badCertificate, 'BadCertificate');
+		$expiredCertificate = file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt');
+		$this->expiredCertificate = new Certificate($expiredCertificate, 'ExpiredCertificate');
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage Certificate could not get parsed.
+	 */
+	function testBogusData() {
+		new Certificate('foo', 'bar');
+	}
+
+	function testGetName() {
+		$this->assertSame('GoodCertificate', $this->goodCertificate->getName());
+		$this->assertSame('BadCertificate', $this->invalidCertificate->getName());
+	}
+
+	function testGetCommonName() {
+		$this->assertSame('security.owncloud.com', $this->goodCertificate->getCommonName());
+		$this->assertSame(null, $this->invalidCertificate->getCommonName());
+	}
+
+	function testGetOrganization() {
+		$this->assertSame('ownCloud Inc.', $this->goodCertificate->getOrganization());
+		$this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getOrganization());
+	}
+
+	function testGetSerial() {
+		$this->assertSame('7F:FF:FF:FF:FF:FF:FF:FF', $this->goodCertificate->getSerial());
+		$this->assertSame('7F:FF:FF:FF:FF:FF:FF:FF', $this->invalidCertificate->getSerial());
+	}
+
+	function testGetIssueDate() {
+		$this->assertEquals(new DateTime('2014-08-27 08:45:52'), $this->goodCertificate->getIssueDate());
+		$this->assertEquals(new DateTime('2014-08-27 08:48:51'), $this->invalidCertificate->getIssueDate());
+	}
+
+	function testGetExpireDate() {
+		$this->assertEquals(new DateTime('2015-08-27 08:45:52'), $this->goodCertificate->getExpireDate());
+		$this->assertEquals(new DateTime('2015-08-27 08:48:51'), $this->invalidCertificate->getExpireDate());
+		$this->assertEquals(new DateTime('2014-08-28 09:12:43'), $this->expiredCertificate->getExpireDate());
+	}
+
+	/**
+	 * Obviously the following test case might fail after 2015-08-27, just create a new certificate with longer validity then
+	 */
+	function testIsExpired() {
+		$this->assertSame(false, $this->goodCertificate->isExpired());
+		$this->assertSame(false, $this->invalidCertificate->isExpired());
+
+		// TODO: Change to false after tomorrow
+		$this->assertSame(false, $this->expiredCertificate->isExpired());
+	}
+
+	function testGetIssuerName() {
+		$this->assertSame('security.owncloud.com', $this->goodCertificate->getIssuerName());
+		$this->assertSame(null, $this->invalidCertificate->getIssuerName());
+		$this->assertSame(null, $this->expiredCertificate->getIssuerName());
+	}
+
+	function testGetIssuerOrganization() {
+		$this->assertSame('ownCloud Inc.', $this->goodCertificate->getIssuerOrganization());
+		$this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getIssuerOrganization());
+		$this->assertSame('Internet Widgits Pty Ltd', $this->expiredCertificate->getIssuerOrganization());
+	}
+}
\ No newline at end of file
diff --git a/tests/lib/security/certificatemanager.php b/tests/lib/security/certificatemanager.php
new file mode 100644
index 00000000000..5baf9e16e81
--- /dev/null
+++ b/tests/lib/security/certificatemanager.php
@@ -0,0 +1,87 @@
+<?php
+/**
+ * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+use \OC\Security\CertificateManager;
+
+class CertificateManagerTest extends \PHPUnit_Framework_TestCase {
+
+	/** @var CertificateManager */
+	private $certificateManager;
+	/** @var String */
+	private $username;
+	/** @var  \OC\User\User */
+	private $user;
+
+	function setUp() {
+		$this->username = OC_Util::generateRandomBytes(20);
+		OC_User::createUser($this->username, OC_Util::generateRandomBytes(20));
+
+		\OC_Util::tearDownFS();
+		\OC_User::setUserId('');
+		\OC\Files\Filesystem::tearDown();
+		\OC_Util::setupFS($this->username);
+
+		$this->user = \OC::$server->getUserManager()->get($this->username);
+
+		$this->certificateManager = new CertificateManager($this->user);
+	}
+
+	function tearDown() {
+		\OC_User::deleteUser($this->username);
+	}
+
+	protected function assertEqualsArrays($expected, $actual) {
+		sort($expected);
+		sort($actual);
+
+		$this->assertEquals($expected, $actual);
+	}
+
+	function testListCertificates() {
+		// Test empty certificate bundle
+		$this->assertSame(array(), $this->certificateManager->listCertificates());
+
+		// Add some certificates
+		$this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
+		$certificateStore = array();
+		$certificateStore[] =  new \OC\Security\Certificate(file_get_contents(__DIR__.'/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
+		$this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
+
+		// Add another certificates
+		$this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
+		$certificateStore[] =  new \OC\Security\Certificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate');
+		$this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates());
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage Certificate could not get parsed.
+	 */
+	function testAddInvalidCertificate() {
+		$this->certificateManager->addCertificate('InvalidCertificate', 'invalidCertificate');
+	}
+
+	function testAddDangerousFile() {
+		$this->assertFalse($this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), '.htaccess'));
+		$this->assertFalse($this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), '../../foo.txt'));
+	}
+
+	function testRemoveDangerousFile() {
+		$this->assertFalse($this->certificateManager->removeCertificate('../../foo.txt'));
+	}
+
+	function testRemoveExistingFile() {
+		$this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/goodCertificate.crt'), 'GoodCertificate');
+		$this->assertTrue($this->certificateManager->removeCertificate('GoodCertificate'));
+	}
+
+	function testGetCertificateBundle() {
+		$this->assertSame($this->user->getHome().'/files_external/rootcerts.crt', $this->certificateManager->getCertificateBundle());
+	}
+
+}
\ No newline at end of file