5 files changed, 94 insertions, 97 deletions

diff --git a/lib/pluginloader/CMakeLists.txt b/lib/pluginloader/CMakeLists.txt
new file mode 100644
index 0000000..e0c8270
--- /dev/null
+++ b/lib/pluginloader/CMakeLists.txt
@@ -0,0 +1,54 @@
+find_program(SSL openssl)
+find_program(PYTHON python3)
+
+# generate a keypair
+add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/keypair.pem"
+    COMMAND ${SSL} genrsa -out "${CMAKE_CURRENT_BINARY_DIR}/keypair.pem" 4096)
+
+# export public key
+add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/pubkey.pem"
+    DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/keypair.pem"
+    COMMAND ${SSL} rsa -in "${CMAKE_CURRENT_BINARY_DIR}/keypair.pem" -pubout -out "${CMAKE_CURRENT_BINARY_DIR}/pubkey.pem")
+
+# turn the public key into a header
+add_custom_command(OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/publicKey.h"
+    DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/pubkey.pem"
+    COMMAND ${PYTHON} "${CMAKE_CURRENT_SOURCE_DIR}/ssl-keygen.py"
+      --private "${CMAKE_CURRENT_BINARY_DIR}/keypair.pem"
+      --public "${CMAKE_CURRENT_BINARY_DIR}/pubkey.pem"
+      --output "${CMAKE_CURRENT_BINARY_DIR}/publicKey.h" --array-name=publicKey_pem)
+
+add_library(pluginloader STATIC pluginloader.h pluginloader.cpp "${CMAKE_CURRENT_BINARY_DIR}/publicKey.h")
+target_link_libraries(pluginloader PUBLIC OpenSSL::SSL Qt5::Core)
+target_include_directories(pluginloader PUBLIC . PRIVATE "${CMAKE_CURRENT_BINARY_DIR}")
+
+## Testing
+# sigmatch
+add_executable(pluginloader_sigmatch test/pluginloader-sigmatch.cpp)
+target_link_libraries(pluginloader_sigmatch PRIVATE pluginloader Catch2::Catch2 fmt)
+#target_sanitize(pluginloader_sigmatch)
+
+# load
+add_executable(pluginloader_load test/pluginloader-load.cpp)
+target_link_libraries(pluginloader_load PRIVATE pluginloader Catch2::Catch2 fmt)
+target_sanitize(pluginloader_load)
+
+# generate a random file and properly sign it
+add_test(NAME good.dat COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/write-random.py --output=good.dat)
+add_test(NAME good.dat.sig COMMAND ${SSL} dgst -sha256 -sign=keypair.pem -out=good.dat.sig good.dat)
+set_tests_properties(good.dat.sig PROPERTIES DEPENDS good.dat)
+# generate a random file and improperly sign it
+add_test(NAME bad.dat COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/write-random.py --output=bad.dat)
+add_test(NAME bad.dat.sig COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/write-random.py --output=bad.dat.sig)
+# generate a random file and don't sign it
+add_test(NAME none.dat COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/write-random.py --output=none.dat)
+
+add_test(NAME pluginloader_sigmatch COMMAND pluginloader_sigmatch)
+set_tests_properties(pluginloader_sigmatch PROPERTIES
+    DEPENDS "good.dat;good.dat.sig;bad.dat;bad.dat.sig;none.dat"
+    REQUIRED_FILES "good.dat;good.dat.sig;bad.dat;bad.dat.sig;none.dat"
+    ENVIRONMENT "SIGNEDFILE=${CMAKE_CURRENT_BINARY_DIR}/good.dat;UNSIGNEDFILE=${CMAKE_CURRENT_BINARY_DIR}/none.dat;BADSIGNEDFILE=${CMAKE_CURRENT_BINARY_DIR}/bad.dat")
+
+# make sure this fails when no plugin or an invalid file is passed
+#test('load', poi_plugin_loader, suite: 'pluginloader', should_fail: true)
+#test('load', poi_plugin_loader, suite: 'pluginloader', args: files('meson.build'), should_fail: true)
diff --git a/lib/pluginloader/meson.build b/lib/pluginloader/meson.build
deleted file mode 100644
index 5e7c39c..0000000
--- a/lib/pluginloader/meson.build
+++ /dev/null
@@ -1,68 +0,0 @@
-python = import('python')
-python3 = python.find_installation('python3')
-
-openssl = find_program('openssl', required: true)
-
-private_pem = custom_target('privateKey.pem',
-  output: 'privateKey.pem',
-  command: [ openssl, 'genrsa', '-out', '@OUTPUT@', '4096' ]
-)
-
-public_pem = custom_target('publicKey.pem',
-  input: private_pem,
-  output: 'publicKey.pem',
-  command: [ openssl, 'rsa', '-in', '@INPUT@', '-pubout', '-out', '@OUTPUT@' ]
-)
-
-publicKey_h = custom_target('publicKey_h',
-  input: files('ssl-keygen.py'),
-  output: 'publicKey.h',
-  command: [python3, '@INPUT@',
-    '--private', private_pem, '--public', public_pem,
-    '--output=@OUTPUT@', '--array-name=publicKey_pem']
-)
-
-dep_pluginloader = declare_dependency(
-    include_directories: include_directories('.'),
-    link_with: static_library('plugin', 
-        ['pluginloader.cpp', publicKey_h],
-        include_directories: include_directories('.'),
-        dependencies: [dep_qt5, dependency('openssl', required: true)])
-)
-
-# generate a test file that would be signed
-unsignedfile_dat = custom_target('unsignedfile.dat', input: 'write-random.py', output: 'unsignedfile.dat', command: [ python3, '@INPUT@', '--output=@OUTPUT@' ])
-
-signedfile_dat = custom_target('signedfile.dat', input: 'write-random.py', output: 'signedfile.dat', command: [ python3, '@INPUT@', '--output=@OUTPUT@' ])
-
-badsignedfile_dat = custom_target('badsignedfile.dat', input: 'write-random.py', output: 'badsignedfile.dat', command: [ python3, '@INPUT@', '--output=@OUTPUT@' ])
-badsignedfile_sig = custom_target('badsignedfile.dat.sig', input: 'write-random.py', output: 'badsignedfile.dat.sig', command: [ python3, '@INPUT@', '--output=@OUTPUT@' ])
-
-# sign test file
-signedfile_sig = custom_target('signedfile.dat.sig',
-  input: signedfile_dat,
-  output: 'signedfile.dat.sig',
-  command: [ openssl, 'dgst', '-sha256', '-sign', private_pem, '-out', '@OUTPUT@', '@INPUT@' ]
-)
-
-signedfile_idep = declare_dependency(sources: [ unsignedfile_dat, signedfile_dat, signedfile_sig, badsignedfile_dat, badsignedfile_sig ])
-
-pluginloader_sigmatch = executable('pluginloader-sigmatch',
-  sources: [ 'test/pluginloader-sigmatch.cpp' ],
-  dependencies: [ dep_qt5, dep_catch, dep_pluginloader, signedfile_idep ]
-)
-
-test('signature matching', pluginloader_sigmatch, suite: 'pluginloader',
-  env: {
-    'SIGNEDFILE' : signedfile_dat.full_path(),
-    'UNSIGNEDFILE': unsignedfile_dat.full_path(),
-    'BADSIGNEDFILE': badsignedfile_dat.full_path()
-  },
-)
-
-poi_plugin_loader = executable('poi-plugin-load', dependencies: [ dep_qt5, dep_spdlog, dep_pluginloader ], sources: 'test/pluginloader-load.cpp')
-
-# make sure this fails when no plugin or an invalid file is passed
-test('load', poi_plugin_loader, suite: 'pluginloader', should_fail: true)
-test('load', poi_plugin_loader, suite: 'pluginloader', args: files('meson.build'), should_fail: true)
-
diff --git a/lib/pluginloader/pluginloader.cpp b/lib/pluginloader/pluginloader.cpp
index ce84c7a..d4c3dff 100644
--- a/lib/pluginloader/pluginloader.cpp
+++ b/lib/pluginloader/pluginloader.cpp
@@ -17,8 +17,8 @@
 bool PluginLoader::verify(const char *hashName)
 {
     const std::filesystem::path plugin_path(fileName().toStdString());
-    if(!std::filesystem::is_regular_file(plugin_path)) {
-        m_sigError = tr("A plugin is required, but none was found.");
+    if(!std::filesystem::exists(plugin_path)) {
+        m_sigError = tr("Plugin doesn't exist.");
         return false;
     }
 
diff --git a/lib/pluginloader/pluginloader.h b/lib/pluginloader/pluginloader.h
index cc67901..bb5e1e0 100644
--- a/lib/pluginloader/pluginloader.h
+++ b/lib/pluginloader/pluginloader.h
@@ -16,13 +16,12 @@ public:
         SigChecked = (1 << 1),
         SigEnforced = (1 << 2),
     };
-    typedef unsigned int signature_state_t;
-    static signature_state_t signature_state(bool ignore, bool check, bool enforce)
+    static constexpr signature_level signature_state(bool ignore, bool check, bool enforce)
     {
-        return (static_cast<unsigned int>(enforce) << 2) | (static_cast<unsigned int>(check) << 1) | static_cast<unsigned int>(ignore);
+        return enforce ? signature_level::SigEnforced : (check ? signature_level::SigChecked : signature_level::SigIgnored);
     }
 
-    PluginLoader(const QString &fileName, const signature_state_t state, QObject *parent = nullptr)
+    PluginLoader(const QString &fileName, const signature_level state, QObject *parent = nullptr)
         : QPluginLoader(fileName, parent)
         , m_state(state)
     {
@@ -45,6 +44,6 @@ public:
     bool verify(const char *hashName = "SHA256");
 
 private:
-    const signature_state_t m_state;
+    const signature_level m_state;
     QString m_sigError;
 };
diff --git a/lib/pluginloader/test/pluginloader-sigmatch.cpp b/lib/pluginloader/test/pluginloader-sigmatch.cpp
index 0f4789a..fab8b5a 100644
--- a/lib/pluginloader/test/pluginloader-sigmatch.cpp
+++ b/lib/pluginloader/test/pluginloader-sigmatch.cpp
@@ -23,28 +23,40 @@ TEST_CASE("PluginLoader::signature_state")
     REQUIRE(PluginLoader::signature_state(true, true, true) >= PluginLoader::SigEnforced);
 }
 
-TEST_CASE("files")
+SCENARIO("PluginLoader")
 {
-    REQUIRE(qEnvironmentVariableIsSet("UNSIGNEDFILE"));
-    REQUIRE(qEnvironmentVariableIsSet("SIGNEDFILE"));
-    REQUIRE(qEnvironmentVariableIsSet("BADSIGNEDFILE"));
-}
-
-TEST_CASE("PluginLoader::verify missing plugin")
-{
-    const auto state = PluginLoader::signature_state(false, false, false);
-    PluginLoader loader("", state);
-
-    REQUIRE_FALSE(loader.verify());
-    REQUIRE_FALSE(loader.errorString().isEmpty());
-}
-
-TEST_CASE("PluginLoader::verify signature ignored")
-{
-    const auto state = PluginLoader::signature_state(true, false, false);
-    PluginLoader loader(qgetenv("UNSIGNEDFILE"), state);
-
-    REQUIRE(loader.verify());
+    GIVEN("no plugin") {
+        const auto state = PluginLoader::signature_state(false, false, false);
+        PluginLoader loader("", state);
+
+        CHECK_FALSE(loader.verify());
+        CHECK_FALSE(loader.errorString().isEmpty());
+    }
+
+    GIVEN("A plugin with no signature")
+    {
+        const auto f = qgetenv("UNSIGNEDFILE");
+        REQUIRE(!f.isEmpty());
+
+        WHEN("sig is ignored") {
+            const auto state = PluginLoader::signature_state(true, false, false);
+            PluginLoader loader(f, state);
+
+            THEN("verify ok") {
+                REQUIRE(loader.verify());
+            }
+        }
+    }
+
+    GIVEN("A signed plugin")
+    {
+        REQUIRE(qEnvironmentVariableIsSet("SIGNEDFILE"));
+    }
+
+    GIVEN("A badly signed plugin")
+    {
+        REQUIRE(qEnvironmentVariableIsSet("BADSIGNEDFILE"));
+    }
 }
 
 TEST_CASE("PluginLoader::verify signature checked [avialable]")
@@ -96,4 +108,4 @@ TEST_CASE("PluginLoader::verify signature enforced [bad]")
 
     REQUIRE_FALSE(loader.verify());
     REQUIRE_FALSE(loader.errorString().isEmpty());
-}
+}
\ No newline at end of file