Changeset 57677 in vbox for trunk/src/VBox/Frontends/VirtualBox

Timestamp:

Sep 9, 2015 5:28:16 PM (9 years ago)

Author:

vboxsync

Message:

tstSSLCertDownloads: Don't use friend, use a static class function instead as that is simpler and shorter. Test the refreshCertificates method too, expecting it succeed without downloading anything.

Location:

trunk/src/VBox/Frontends/VirtualBox/src/net

Files:

• UINetworkReply.cpp (modified) (11 diffs)
• tstSSLCertDownloads.cpp (modified) (8 diffs)

trunk/src/VBox/Frontends/VirtualBox/src/net/UINetworkReply.cpp

@@ -107 +107 @@
     static unsigned countCertsFound(bool const *pafFoundCerts);
     static bool areAllCertsFound(bool const *pafFoundCerts);
-    static void refreshCertificates(RTHTTP hHttp, RTCRSTORE hOldStore, bool *pafFoundCerts, const char *pszCaCertFile);
+    static int refreshCertificates(RTHTTP hHttp, PRTCRSTORE phStore, bool *pafFoundCerts, const char *pszCaCertFile);
     static void downloadMissingCertificates(RTCRSTORE hNewStore, bool *pafNewFoundCerts, RTHTTP hHttp,
                                             PRTERRINFOSTATIC pStaticErrInfo);
@@ -130 +130 @@
 
 #ifdef VBOX_GUI_IN_TST_SSL_CERT_DOWNLOADS
-    friend UINetworkReplyPrivateThreadTestcase;
+public:
+    static void testIt(RTTEST hTest);
 #endif
 };
@@ -308 +309 @@
          */
         if (fRefresh)
-            refreshCertificates(m_hHttp, hCurStore, afCertsFound, pszCaCertFile);
+            refreshCertificates(m_hHttp, &hCurStore, afCertsFound, pszCaCertFile);
 
         RTCrStoreRelease(hCurStore);
@@ -465 +466 @@
 }
 
-/*static*/ void
-UINetworkReplyPrivateThread::refreshCertificates(RTHTTP hHttp, RTCRSTORE hOldStore, bool *pafOldFoundCerts,
+/**
+ * Refresh the certificates.
+ *
+ * @return  IPRT status code for the testcase.
+ * @param   hHttp               The HTTP client instance.  (Can be NIL when
+ *                              running the testcase.)
+ * @param   phStore             On input, this holds the current store, so that
+ *                              we can fish out wanted certificates from it.
+ *                              On successful return, this is replaced with a
+ *                              new store reflecting the refrehsed content of
+ *                              @a pszCaCertFile.
+ * @param   pafFoundCerts       On input, this holds the certificates found in
+ *                              the current store.  On return, this reflects
+ *                              what is current in the @a pszCaCertFile.  The
+ *                              array runs parallel to s_aCerts.
+ * @param   pszCaCertFile       Where to write the refreshed certificates if
+ *                              we've managed to gather a collection that is at
+ *                              least as good as the old one.
+ */
+/*static*/ int
+UINetworkReplyPrivateThread::refreshCertificates(RTHTTP hHttp, PRTCRSTORE phStore, bool *pafFoundCerts,
                                                  const char *pszCaCertFile)
 {
@@ -472 +492 @@
      * Collect the standard assortment of SSL certificates.
      */
-    uint32_t  cHint = RTCrStoreCertCount(hOldStore);
+    uint32_t  cHint = RTCrStoreCertCount(*phStore);
     RTCRSTORE hNewStore;
     int rc = RTCrStoreCreateInMem(&hNewStore, cHint > 32 && cHint < _32K ? cHint + 16 : 256);
@@ -501 +521 @@
                 rc = RTCrStoreCertAddWantedFromStore(hNewStore,
                                                      RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR,
-                                                     hOldStore, s_aCerts, RT_ELEMENTS(s_aCerts), afNewFoundCerts);
+                                                     *phStore, s_aCerts, RT_ELEMENTS(s_aCerts), afNewFoundCerts);
                 AssertLogRelRC(rc);
                 Assert(rc != VINF_SUCCESS || areAllCertsFound(afNewFoundCerts));
@@ -525 +545 @@
              * If that didn't help, try download the certificates.
              */
-            if (rc != VINF_SUCCESS)
+            if (rc != VINF_SUCCESS && hHttp != NIL_RTHTTP)
                 downloadMissingCertificates(hNewStore, afNewFoundCerts, hHttp, &StaticErrInfo);
 
@@ -533 +553 @@
              */
             if (   areAllCertsFound(afNewFoundCerts)
-                || countCertsFound(afNewFoundCerts) >= countCertsFound(pafOldFoundCerts) )
+                || countCertsFound(afNewFoundCerts) >= countCertsFound(pafFoundCerts) )
             {
                 rc = RTCrStoreCertExportAsPem(hNewStore, 0 /*fFlags*/, pszCaCertFile);
                 if (RT_SUCCESS(rc))
                 {
-                    memcpy(pafOldFoundCerts, afNewFoundCerts, sizeof(afNewFoundCerts));
                     LogRel(("refreshCertificates/#3: Found %u/%u SSL certs we/you trust (previously %u/%u).\n",
                             countCertsFound(afNewFoundCerts), RTCrStoreCertCount(hNewStore),
-                            countCertsFound(pafOldFoundCerts), RTCrStoreCertCount(hOldStore) ));
+                            countCertsFound(pafFoundCerts), RTCrStoreCertCount(*phStore) ));
+
+                    memcpy(pafFoundCerts, afNewFoundCerts, sizeof(afNewFoundCerts));
+                    RTCrStoreRelease(*phStore);
+                    *phStore  = hNewStore;
+                    hNewStore = NIL_RTCRSTORE;
                 }
                 else
                 {
-                    RT_ZERO(pafOldFoundCerts);
+                    RT_ZERO(pafFoundCerts);
                     LogRel(("refreshCertificates/#3: RTCrStoreCertExportAsPem unexpectedly failed with %Rrc\n", rc));
                 }
@@ -554 +578 @@
         RTCrStoreRelease(hNewStore);
     }
+    return rc;
 }
 
@@ -697 +722 @@
 }
 
+#ifndef VBOX_GUI_IN_TST_SSL_CERT_DOWNLOADS
 
 /**
@@ -803 +829 @@
 
 
-
-/*
- *
- * Class UINetworkReply implementation.
- * Class UINetworkReply implementation.
- * Class UINetworkReply implementation.
- *
- */
-
-#ifndef VBOX_GUI_IN_TST_SSL_CERT_DOWNLOADS
+/*********************************************************************************************************************************
+*   Class UINetworkReply implementation.                                                                                         *
+*********************************************************************************************************************************/
 
 UINetworkReply::UINetworkReply(const QNetworkRequest &request, UINetworkRequestType requestType)

trunk/src/VBox/Frontends/VirtualBox/src/net/tstSSLCertDownloads.cpp

@@ -34 +34 @@
 
 
-class UINetworkReplyPrivateThreadTestcase
-{
-public:
-    UINetworkReplyPrivateThreadTestcase()
-    {
-    }
-
-    static void testIt(RTTEST hTest);
-};
-
-
 /*
  * It's a private class we're testing, so we must include the source.
@@ -53 +42 @@
 
 
-/*static*/ void UINetworkReplyPrivateThreadTestcase::testIt(RTTEST hTest)
+/*static*/ void UINetworkReplyPrivateThread::testIt(RTTEST hTest)
 {
     QNetworkRequest Dummy;
@@ -69 +58 @@
      * PEM URL (as the rest are currently busted).
      */
+    RTTestISub("SSL Cert downloading");
     RTCRSTORE hStore;
-    RTTESTI_CHECK_RC(RTCrStoreCreateInMem(&hStore, RT_ELEMENTS(TestObj.s_aCerts) * 2), VINF_SUCCESS);
+    RTTESTI_CHECK_RC(RTCrStoreCreateInMem(&hStore, RT_ELEMENTS(s_aCerts) * 2), VINF_SUCCESS);
 
     int rc;
 
     /* ZIP files: */
-    for (uint32_t iUrl = 0; iUrl < RT_ELEMENTS(TestObj.s_apszRootsZipUrls); iUrl++)
+    for (uint32_t iUrl = 0; iUrl < RT_ELEMENTS(s_apszRootsZipUrls); iUrl++)
     {
-        RTTestIPrintf(RTTESTLVL_ALWAYS, "URL: %s\n", TestObj.s_apszRootsZipUrls[iUrl]);
+        RTTestIPrintf(RTTESTLVL_ALWAYS, "URL: %s\n", s_apszRootsZipUrls[iUrl]);
         void   *pvRootsZip;
         size_t  cbRootsZip;
-        rc = RTHttpGetBinary(TestObj.m_hHttp, TestObj.s_apszRootsZipUrls[iUrl], &pvRootsZip, &cbRootsZip);
+        rc = RTHttpGetBinary(TestObj.m_hHttp, s_apszRootsZipUrls[iUrl], &pvRootsZip, &cbRootsZip);
         if (RT_SUCCESS(rc))
         {
-            for (uint32_t i = 0; i < RT_ELEMENTS(TestObj.s_aCerts); i++)
+            for (uint32_t i = 0; i < RT_ELEMENTS(s_aCerts); i++)
             {
-                UINetworkReplyPrivateThread::CERTINFO const *pInfo;
-                pInfo = (UINetworkReplyPrivateThread::CERTINFO const *)TestObj.s_aCerts[i].pvUser;
+                CERTINFO const *pInfo = (CERTINFO const *)s_aCerts[i].pvUser;
                 if (pInfo->pszZipFile)
                 {
@@ -93 +82 @@
                     RTTESTI_CHECK_RC_BREAK(RTZipPkzipMemDecompress(&pvFile, &cbFile, pvRootsZip, cbRootsZip, pInfo->pszZipFile),
                                            VINF_SUCCESS);
-                    RTTESTI_CHECK_RC(TestObj.convertVerifyAndAddPemCertificateToStore(hStore, pvFile, cbFile,
-                                                                                      &TestObj.s_aCerts[i]), VINF_SUCCESS);
+                    RTTESTI_CHECK_RC(convertVerifyAndAddPemCertificateToStore(hStore, pvFile, cbFile, &TestObj.s_aCerts[i]),
+                                     VINF_SUCCESS);
                     RTMemFree(pvFile);
                 }
@@ -102 +91 @@
         else if (   rc != VERR_HTTP_PROXY_NOT_FOUND
                  && rc != VERR_HTTP_COULDNT_CONNECT)
-            RTTestIFailed("%Rrc on '%s'", rc, TestObj.s_apszRootsZipUrls[iUrl]); /* code or link broken */
+            RTTestIFailed("%Rrc on '%s'", rc, s_apszRootsZipUrls[iUrl]); /* code or link broken */
     }
 
     /* PEM files: */
-    for (uint32_t i = 0; i < RT_ELEMENTS(TestObj.s_aCerts); i++)
+    for (uint32_t i = 0; i < RT_ELEMENTS(s_aCerts); i++)
     {
         uint32_t iUrl = 0; /* First URL must always work. */
         UINetworkReplyPrivateThread::CERTINFO const *pInfo;
-        pInfo = (UINetworkReplyPrivateThread::CERTINFO const *)TestObj.s_aCerts[i].pvUser;
+        pInfo = (UINetworkReplyPrivateThread::CERTINFO const *)s_aCerts[i].pvUser;
         if (pInfo->apszUrls[iUrl])
         {
@@ -119 +108 @@
             if (RT_SUCCESS(rc))
             {
-                RTTESTI_CHECK_RC_OK(TestObj.convertVerifyAndAddPemCertificateToStore(hStore, pvResponse, cbResponse,
-                                                                                     &TestObj.s_aCerts[i]));
+                RTTESTI_CHECK_RC_OK(convertVerifyAndAddPemCertificateToStore(hStore, pvResponse, cbResponse,
+                                                                             &TestObj.s_aCerts[i]));
                 RTHttpFreeResponse(pvResponse);
             }
@@ -128 +117 @@
         }
     }
+
+    RTTESTI_CHECK(RTCrStoreRelease(hStore) == 0);
+
+    /*
+     * Now check the gathering of certificates on the system doesn't crash.
+     */
+    RTTestISub("Refreshing certificates");
+
+    /* create an empty store and do the refresh operation, writing it to /dev/null. */
+    RTTESTI_CHECK_RC(RTCrStoreCreateInMem(&hStore, RT_ELEMENTS(s_aCerts) * 2), VINF_SUCCESS);
+    bool afFoundCerts[RT_ELEMENTS(s_aCerts)];
+    RT_ZERO(afFoundCerts);
+#if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)
+    RTTESTI_CHECK_RC_OK(TestObj.refreshCertificates(NIL_RTHTTP, &hStore, afFoundCerts, "nul"));
+#else
+    RTTESTI_CHECK_RC_OK(TestObj.refreshCertificates(NIL_RTHTTP, &hStore, afFoundCerts, "/dev/null"));
+#endif
+
+    /* Log how many certificates we found and require at least one. */
+    uint32_t cCerts = RTCrStoreCertCount(hStore);
+    RTTestIValue("certificates", cCerts, RTTESTUNIT_NONE);
+    RTTESTI_CHECK(cCerts > 0);
 
     RTTESTI_CHECK(RTCrStoreRelease(hStore) == 0);
@@ -143 +154 @@
 {
     RTTEST hTest;
-    RTEXITCODE rcExit = RTTestInitAndCreate("tstCertDownloads", &hTest);
+    RTEXITCODE rcExit = RTTestInitAndCreate("tstSSLCertDownloads", &hTest);
     if (rcExit != RTEXITCODE_SUCCESS)
         return rcExit;
     RTTestBanner(hTest);
 
-    UINetworkReplyPrivateThreadTestcase::testIt(hTest);
+    UINetworkReplyPrivateThread::testIt(hTest);
 
     return RTTestSummaryAndDestroy(hTest);