Skip to content

Commit

Permalink
Band aid (#3435)
Browse files Browse the repository at this point in the history
  • Loading branch information
@msftrubengu
msftrubengu authored Jul 14, 2023
1 parent 0a0eebf commit 2287ad2
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 39 deletions.
66 changes: 33 additions & 33 deletions src/AppInstallerCLITests/Certificates.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,76 +13,76 @@ using namespace AppInstaller::Certificates;
TEST_CASE("Certificates_NoPinningSucceeds", "[certificates]")
{
PinningDetails expected;
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::None);
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::None);

PinningDetails actual;
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(expected.Validate(actual.GetCertificate()));
}

TEST_CASE("Certificates_PublicKeyMismatch", "[certificates]")
{
PinningDetails expected;
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);

PinningDetails actual;
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(!expected.Validate(actual.GetCertificate()));
}

TEST_CASE("Certificates_PublicKeyMatch", "[certificates]")
{
PinningDetails expected;
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);

PinningDetails actual;
actual.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1);
actual.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2);

REQUIRE(expected.Validate(actual.GetCertificate()));
}

TEST_CASE("Certificates_SubjectMismatch", "[certificates]")
{
PinningDetails expected;
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::Subject);
expected.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::Subject);

PinningDetails actual;
actual.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1);
actual.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2);

REQUIRE(!expected.Validate(actual.GetCertificate()));
}

TEST_CASE("Certificates_SubjectMatch", "[certificates]")
{
PinningDetails expected;
expected.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1).SetPinning(PinningVerificationType::Subject);
expected.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2).SetPinning(PinningVerificationType::Subject);

PinningDetails actual;
actual.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1);
actual.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2);

REQUIRE(expected.Validate(actual.GetCertificate()));
}

TEST_CASE("Certificates_IssuerMismatch", "[certificates]")
{
PinningDetails expected;
expected.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1).SetPinning(PinningVerificationType::Issuer);
expected.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2).SetPinning(PinningVerificationType::Issuer);

PinningDetails actual;
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(!expected.Validate(actual.GetCertificate()));
}

TEST_CASE("Certificates_IssuerMatch", "[certificates]")
{
PinningDetails expected;
expected.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1).SetPinning(PinningVerificationType::Issuer);
expected.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2).SetPinning(PinningVerificationType::Issuer);

PinningDetails actual;
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
actual.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(expected.Validate(actual.GetCertificate()));
}
Expand All @@ -91,15 +91,15 @@ TEST_CASE("Certificates_ChainLengthDiffers", "[certificates]")
{
PinningChain chain;
auto chainElement = chain.Root();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);

PinningConfiguration config;
config.AddChain(chain);

PinningDetails details;
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(!config.Validate(details.GetCertificate()));
}
Expand All @@ -112,7 +112,7 @@ TEST_CASE("Certificates_EmptyChainRejects", "[certificates]")
config.AddChain(chain);

PinningDetails details;
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(!config.Validate(details.GetCertificate()));
}
Expand All @@ -121,17 +121,17 @@ TEST_CASE("Certificates_ChainOrderDiffers", "[certificates]")
{
PinningChain chain;
auto chainElement = chain.Root();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);

PinningConfiguration config;
config.AddChain(chain);

PinningDetails details;
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(!config.Validate(details.GetCertificate()));
}
Expand All @@ -140,17 +140,17 @@ TEST_CASE("Certificates_StoreChain_BuiltInTest", "[certificates]")
{
PinningChain chain;
auto chainElement = chain.Root();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);

PinningConfiguration config;
config.AddChain(chain);

PinningDetails details;
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(config.Validate(details.GetCertificate()));
}
Expand All @@ -159,27 +159,27 @@ TEST_CASE("Certificates_MultipleChains_Success", "[certificates]")
{
PinningChain chainOutOfOrder;
auto chainElement = chainOutOfOrder.Root();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);

PinningConfiguration config;
config.AddChain(chainOutOfOrder);

PinningChain chain;
chainElement = chain.Root();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);

config.AddChain(chain);

PinningDetails details;
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
details.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

REQUIRE(config.Validate(details.GetCertificate()));
}
6 changes: 3 additions & 3 deletions src/AppInstallerCLITests/GroupPolicy.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,11 +280,11 @@ TEST_CASE("GroupPolicy_Sources", "[groupPolicy]")
auto additionalSourcesKey = RegCreateVolatileSubKey(policiesKey.get(), AdditionalSourcesPolicyKeyName);

PinningDetails rootCert;
rootCert.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1);
rootCert.LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2);
PinningDetails intermediateCert;
intermediateCert.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1);
intermediateCert.LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2);
PinningDetails leafCert;
leafCert.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1);
leafCert.LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2);

auto getBytesString = [](const PinningDetails& details)
{
Expand Down
6 changes: 3 additions & 3 deletions src/AppInstallerCLITests/HttpClientHelper.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,11 @@ TEST_CASE("HttpClientHelper_PinningConfiguration", "[RestSource]")
// Create the Store chain config
PinningChain chain;
auto chainElement = chain.Root();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_1).SetPinning(PinningVerificationType::PublicKey);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_ROOT_2).SetPinning(PinningVerificationType::PublicKey);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_INTERMEDIATE_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement = chainElement.Next();
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_1).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);
chainElement->LoadCertificate(IDX_CERTIFICATE_STORE_LEAF_2).SetPinning(PinningVerificationType::Subject | PinningVerificationType::Issuer);

PinningConfiguration config;
config.AddChain(chain);
Expand Down

0 comments on commit 2287ad2

Please sign in to comment.