Add test for connection error if certificate is not valid

Summary

caosdb-cpplib#97 (closed)

Test Environment

How to set up a test environment for manual testing?

Check List for the Author

Please, prepare your MR for a review. Be sure to write a summary and a focus and create gitlab comments for the reviewer. They should guide the reviewer through the changes, explain your changes and also point out open questions. For further good practices have a look at our review guidelines

• All automated tests pass
• Reference related issues
• Up-to-date CHANGELOG.md (or not necessary)
• Up-to-date JSON schema (or not necessary)
• Appropriate user and developer documentation (or not necessary)
  • How do I use the software? Assume "stupid" users.
  • How do I develop or debug the software? Assume novice developers.
• Annotations in code (Gitlab comments)
  • Intent of new code
  • Problems with old code
  • Why this implementation?

Check List for the Reviewer

• I understand the intent of this MR
• All automated tests pass
• Up-to-date CHANGELOG.md (or not necessary)
• Appropriate user and developer documentation (or not necessary)
• The test environment setup works and the intended behavior is reproducible in the test environment
• In-code documentation and comments are up-to-date.
• Check: Are there specifications? Are they satisfied?

For further good practices have a look at our review guidelines.

test/test_connection.cpp

@@ -78,6 +78,7 @@ TEST(test_connection, connection_ssl_authentication_error_anonymous) {
   auto port = std::stoi(port_str);
   const auto *const host = linkahead::utility::get_env_fallback("CAOSDB_SERVER_HOST", "localhost");
   const auto path = linkahead::utility::get_env_fallback("CAOSDB_SERVER_CERT", std::string());
+  EXPECT_FALSE(path.empty()) << "CAOSDB_SERVER_CERT must be set to run this test.";
 
   auto cert = PemFileCertificateProvider(path);
   auto config = TlsConnectionConfiguration(host, port, cert);
@@ -95,6 +96,8 @@ TEST(test_connection, connection_ssl_authentication_error_wrong_credentials) {
   auto port = std::stoi(port_str);
   const auto *const host = linkahead::utility::get_env_fallback("CAOSDB_SERVER_HOST", "localhost");
   const auto path = linkahead::utility::get_env_fallback("CAOSDB_SERVER_CERT", std::string());
+  EXPECT_FALSE(path.empty()) << "CAOSDB_SERVER_CERT must be set to run this test.";
+
   const auto *const user = "not-a-user-23461237";
   const auto *const password = "very-c-cred";
 
@@ -109,6 +112,56 @@ TEST(test_connection, connection_ssl_authentication_error_wrong_credentials) {
                        "Authentication failed. Username or password wrong.");
 }
 
+TEST(test_connection, connection_ssl_authentication_error_wrong_certificate) {
+  const auto *port_str =
+    linkahead::utility::get_env_fallback("CAOSDB_SERVER_GRPC_PORT_HTTPS", "8443");
+  auto port = std::stoi(port_str);
+  const auto *const host = linkahead::utility::get_env_fallback("CAOSDB_SERVER_HOST", "localhost");
+  const auto path = linkahead::utility::get_env_fallback("CAOSDB_SERVER_CERT", std::string());
+  EXPECT_FALSE(path.empty()) << "CAOSDB_SERVER_CERT must be set to run this test.";
+
+
+  // TODO (JTS): This is a hack. We should use the credentials in the linkahead-client.json
+  const auto *const user = "admin";
+  const auto *const password = "caosdb";
+
+  // first test successful connection
+  auto auth = PlainPasswordAuthenticator(user, password);
+  auto good_cert = PemFileCertificateProvider(path);
+  auto good_config = TlsConnectionConfiguration(host, port, good_cert, auth);
+  auto good_connection = Connection(good_config);
+  const auto good_status = good_connection.RetrieveVersionInfoNoExceptions();
+  EXPECT_EQ(good_status.GetCode(), StatusCode::SUCCESS);
+
+  // replace certificate with a wrong one
+  auto bad_cert = configuration::PemCertificateProvider(R"(-----BEGIN CERTIFICATE-----
+FOOOOOOOOOOOOOOIBAgIUZ8JU2geskYAjBMaBTxz6cOAm+P0wDQYJKoZIhvcNAQEL
+BQAwODEQMA4GA1UECgwHZXhhbXBsZTEQMA4GA1UECwwHZXhhbXBsZTESMBAGA1UE
+AwwJbG9jYWxob3N0MB4XDTI0MTAwODE4Mjc1MloXDTI1MTAwODE4Mjc1MlowODEQ
+MA4GA1UECgwHZXhhbXBsZTEQMA4GA1UECwwHZXhhbXBsZTESMBAGA1UEAwwJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCLNOAEhsB2k
+XZ1KS3Ys81Q3YIeLOhT3Es+qE54lIFrKjRngZ6vTyzkuXhOav3ZaOzWWaCxGhgDI
+9O7c4BYtrBHr0CyapqVCeyGoBvNXSWWxYl0sEegkuJ3VW7b80F02oLTzxO8CIQHL
+4SSEEVrUPpXJgPHi9fUbKQ9dZ4871yVEUvo1rsUNyyXYoYaK+kcE/7qCY1Q9Scmr
+ZbM9DqqSQAqbSxIjlgs34XsOhWhpGFrNvJmE/kjtvp9tXzS8y++QgfmMuPU6mfSv
+NONSENSE3xxBaO6EgTbMgTeVmR0ygXIer9y3hBDdYwB6LgjZIDin1fZR+8LmewN+
+fjaCQjJggwIDAQABo3sweTAdBgNVHQ4EFgQUlBvcjWiNs6MWGkhC46q4Dbg3TPQw
+HwYDVR0jBBgwFoAUlBvcjWiNs6MWGkhC46q4Dbg3TPQwDwYDVR0TAQH/BAUwAwEB
+/zAUBgNVHREEDTALgglsb2NhbGhvc3QwEAYDVR0gBAkwBzAFBgMqAwQwDQYJKoZI
+hvcNAQELBQADggEBALnH5F58Om+AWQ+kkAmsZnc33i+56VfZlRYFr+sEFN8ULDtZ
+l6D1+ILqUXGT/GG1cyQhrxn4VA0Ksz6e/7jJySjZ0Ltezs6gnkcV9ksZOOEH4nuA
+8r1VA7xQ9iN3gGQduk/gbDKa8r6Ucodz7+tZ+DGY1unJLoUrOLBt0rP9UpdIxk8X
+X+F/0oljKZKJ2SswKDLztD0CY3VZhdDHfWlfIls1ttax4eEN1HgMtTyZ0JYdr9Iy
+Dbc8hkR8vIDcwFu31jiHx/BWmv+pjzx4F2qX7tgTG8wM3WHJwqzgrA1IeLliQpo6
+yVMsKq9927ZJXZbL/ewiA1Mm6IBe+SpJ8IafmUk=
+-----END CERTIFICATE-----)");
+
+  auto bad_config = TlsConnectionConfiguration(host, port, bad_cert, auth);
+  auto bad_connection = Connection(bad_config);
+  auto bad_status = bad_connection.RetrieveVersionInfoNoExceptions();
+  EXPECT_EQ(bad_status.GetCode(), StatusCode::CONNECTION_ERROR);
+}
+
 TEST(test_connection, connection_ssl_authentication_success) {
   const auto &connection = ConnectionManager::GetDefaultConnection();