2 files changed, 88 insertions, 48 deletions

diff --git a/test/libapt/CMakeLists.txt b/test/libapt/CMakeLists.txt
index f5cc91d44..11d4d22c7 100644
--- a/test/libapt/CMakeLists.txt
+++ b/test/libapt/CMakeLists.txt
@@ -1,28 +1,35 @@
-set(PROJECT_TEST_LIBRARIES apt-private)
-find_path(GTEST_ROOT src/gtest.cc
-   /usr/src/googletest
-   /usr/src/gtest
-)
-find_package(GTest)
-set(GTEST_DEPENDENCIES)
-
-if(NOT GTEST_FOUND AND EXISTS ${GTEST_ROOT})
-   include(ExternalProject)
-   ExternalProject_Add(gtest PREFIX ./gtest
-                             SOURCE_DIR ${GTEST_ROOT}
-                             INSTALL_COMMAND true)
-
-   link_directories(${CMAKE_CURRENT_BINARY_DIR}/gtest/src/gtest-build)
-
-   set(GTEST_LIBRARIES "-lgtest")
-   set(GTEST_DEPENDENCIES "gtest")
-   set(GTEST_FOUND TRUE)
-   find_path(GTEST_INCLUDE_DIRS NAMES gtest/gtest.h PATHS ${GTEST_ROOT}/include)
-
-   message(STATUS "Found GTest at ${GTEST_ROOT}, headers at ${GTEST_INCLUDE_DIRS}")
-endif()
+if (WITH_TESTS)
+   set(PROJECT_TEST_LIBRARIES apt-private)
+   find_path(GTEST_ROOT src/gtest.cc
+      /usr/src/googletest/googletest
+      /usr/src/googletest
+      /usr/src/gtest
+   )
+   find_package(GTest)
+   set(GTEST_DEPENDENCIES)
+
+   if(NOT GTEST_FOUND AND EXISTS ${GTEST_ROOT})
+      include(ExternalProject)
+      ExternalProject_Add(gtest PREFIX ./gtest
+                                SOURCE_DIR ${GTEST_ROOT}
+                                INSTALL_COMMAND true)
+
+      link_directories(${CMAKE_CURRENT_BINARY_DIR}/gtest/src/gtest-build)
+      link_directories(${CMAKE_CURRENT_BINARY_DIR}/gtest/src/gtest-build/lib)
+
+      set(GTEST_LIBRARIES "-lgtest")
+      set(GTEST_DEPENDENCIES "gtest")
+      set(GTEST_FOUND TRUE)
+      find_path(GTEST_INCLUDE_DIRS NAMES gtest/gtest.h PATHS ${GTEST_ROOT}/include)
+
+      message(STATUS "Found GTest at ${GTEST_ROOT}, headers at ${GTEST_INCLUDE_DIRS}")
+   endif()
+
+   if (NOT GTEST_FOUND)
+      message(FATAL_ERROR "Could not find GTest")
+   endif()
+
 
-if(GTEST_FOUND)
    # gtest produces some warnings with the set of warnings we activate,
    # so disable the offending warnings while compiling tests for now
    add_optional_compile_options(Wno-undef)
diff --git a/test/libapt/authconf_test.cc b/test/libapt/authconf_test.cc
index a7b2f2c98..04d54e9be 100644
--- a/test/libapt/authconf_test.cc
+++ b/test/libapt/authconf_test.cc
@@ -13,7 +13,7 @@
 TEST(NetRCTest, Parsing)
 {
    FileFd fd;
-   URI U("http://file.not/open");
+   URI U("https://file.not/open");
    EXPECT_FALSE(MaybeAddAuth(fd, U));
    EXPECT_TRUE(U.User.empty());
    EXPECT_TRUE(U.Password.empty());
@@ -38,8 +38,8 @@ machine example.com/bar password pass2 login user2
 		  unknown token
 machine example.com/user login user
 machine example.netter login unused password firstentry
-machine example.last/debian login debian password rules)apt");
-   U = URI("http://example.net/foo");
+machine socks5h://example.last/debian login debian password rules)apt");
+   U = URI("https://example.net/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo", U.User);
    EXPECT_EQ("bar", U.Password);
@@ -47,7 +47,7 @@ machine example.last/debian login debian password rules)apt");
    EXPECT_EQ("/foo", U.Path);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://user:pass@example.net/foo");
+   U = URI("https://user:pass@example.net/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("user", U.User);
    EXPECT_EQ("pass", U.Password);
@@ -55,7 +55,7 @@ machine example.last/debian login debian password rules)apt");
    EXPECT_EQ("/foo", U.Path);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.org:90/foo");
+   U = URI("https://example.org:90/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("apt", U.User);
    EXPECT_EQ("apt", U.Password);
@@ -64,55 +64,55 @@ machine example.last/debian login debian password rules)apt");
    EXPECT_EQ("/foo", U.Path);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.org:8080/foo");
+   U = URI("https://example.org:8080/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("example", U.User);
    EXPECT_EQ("foobar", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.net:42/foo");
+   U = URI("https://example.net:42/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo", U.User);
    EXPECT_EQ("bar", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.org/foo");
+   U = URI("https://example.org/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("anonymous", U.User);
    EXPECT_EQ("pass", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.com/apt");
+   U = URI("https://example.com/apt");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_TRUE(U.User.empty());
    EXPECT_TRUE(U.Password.empty());
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.com/foo");
+   U = URI("https://example.com/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("user1", U.User);
    EXPECT_EQ("pass1", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.com/fooo");
+   U = URI("https://example.com/fooo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("user1", U.User);
    EXPECT_EQ("pass1", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.com/fo");
+   U = URI("https://example.com/fo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_TRUE(U.User.empty());
    EXPECT_TRUE(U.Password.empty());
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.com/bar");
+   U = URI("https://example.com/bar");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("user2", U.User);
    EXPECT_EQ("pass2", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.com/user");
+   U = URI("https://example.com/user");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("user", U.User);
    EXPECT_TRUE(U.Password.empty());
@@ -144,7 +144,7 @@ machin example.org login foo2 password bar
 machine2 example.org login foo3 password bar
 )apt");
 
-   URI U("http://example.org/foo");
+   URI U("https://example.org/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_TRUE(U.User.empty());
    EXPECT_TRUE(U.Password.empty());
@@ -156,19 +156,19 @@ TEST(NetRCTest, BadFileEndsMachine)
 machine example.org login foo1 password bar
 machine)apt");
 
-   URI U("http://example.org/foo");
+   URI U("https://example.org/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo1", U.User);
    EXPECT_EQ("bar", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.net/foo");
+   U = URI("https://example.net/foo");
    EXPECT_FALSE(MaybeAddAuth(fd, U));
    EXPECT_TRUE(U.User.empty());
    EXPECT_TRUE(U.Password.empty());
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://foo:bar@example.net/foo");
+   U = URI("https://foo:bar@example.net/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo", U.User);
    EXPECT_EQ("bar", U.Password);
@@ -180,19 +180,19 @@ TEST(NetRCTest, BadFileEndsLogin)
 machine example.org login foo1 password bar
 machine example.net login)apt");
 
-   URI U("http://example.org/foo");
+   URI U("https://example.org/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo1", U.User);
    EXPECT_EQ("bar", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.net/foo");
+   U = URI("https://example.net/foo");
    EXPECT_FALSE(MaybeAddAuth(fd, U));
    EXPECT_TRUE(U.User.empty());
    EXPECT_TRUE(U.Password.empty());
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://foo:bar@example.net/foo");
+   U = URI("https://foo:bar@example.net/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo", U.User);
    EXPECT_EQ("bar", U.Password);
@@ -204,20 +204,53 @@ TEST(NetRCTest, BadFileEndsPassword)
 machine example.org login foo1 password bar
 machine example.net password)apt");
 
-   URI U("http://example.org/foo");
+   URI U("https://example.org/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo1", U.User);
    EXPECT_EQ("bar", U.Password);
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://example.net/foo");
+   U = URI("https://example.net/foo");
    EXPECT_FALSE(MaybeAddAuth(fd, U));
    EXPECT_TRUE(U.User.empty());
    EXPECT_TRUE(U.Password.empty());
 
    EXPECT_TRUE(fd.Seek(0));
-   U = URI("http://foo:bar@example.net/foo");
+   U = URI("https://foo:bar@example.net/foo");
    EXPECT_TRUE(MaybeAddAuth(fd, U));
    EXPECT_EQ("foo", U.User);
    EXPECT_EQ("bar", U.Password);
 }
+
+TEST(NetRCTest, MatchesOnlyHTTPS)
+{
+   FileFd fd;
+   createTemporaryFile("doublesignedfile", fd, nullptr, R"apt(
+machine https.example login foo1 password bar
+machine http://http.example login foo1 password bar
+)apt");
+
+   URI U("https://https.example/foo");
+   EXPECT_TRUE(MaybeAddAuth(fd, U));
+   EXPECT_EQ("foo1", U.User);
+   EXPECT_EQ("bar", U.Password);
+
+   EXPECT_TRUE(fd.Seek(0));
+   U = URI("http://https.example/foo");
+   EXPECT_TRUE(MaybeAddAuth(fd, U));
+   EXPECT_TRUE(U.User.empty());
+   EXPECT_TRUE(U.Password.empty());
+
+   EXPECT_TRUE(fd.Seek(0));
+   U = URI("http://http.example/foo");
+   EXPECT_TRUE(MaybeAddAuth(fd, U));
+   EXPECT_EQ("foo1", U.User);
+   EXPECT_EQ("bar", U.Password);
+
+   EXPECT_TRUE(fd.Seek(0));
+   U = URI("https://http.example/foo");
+   EXPECT_TRUE(MaybeAddAuth(fd, U));
+   EXPECT_TRUE(U.User.empty());
+   EXPECT_TRUE(U.Password.empty());
+
+}