| /* GLib testing framework examples and tests |
| * |
| * Copyright (C) 2011 Collabora Ltd. |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation; either |
| * version 2.1 of the License, or (at your option) any later version. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General |
| * Public License along with this library; if not, see <http://www.gnu.org/licenses/>. |
| * |
| * Author: Nicolas Dufresne <nicolas.dufresne@collabora.com> |
| */ |
| |
| #include "config.h" |
| |
| #include <gio/gio.h> |
| |
| #include "gtesttlsbackend.h" |
| |
| typedef struct |
| { |
| gchar *cert_pems[3]; |
| gchar *key_pem; |
| gchar *key8_pem; |
| } Reference; |
| |
| static void |
| pem_parser (const Reference *ref) |
| { |
| GTlsCertificate *cert; |
| gchar *pem; |
| gchar *parsed_cert_pem = NULL; |
| const gchar *parsed_key_pem = NULL; |
| GError *error = NULL; |
| |
| /* Check PEM parsing in certificate, private key order. */ |
| g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, NULL, &error); |
| g_assert_no_error (error); |
| g_assert (pem); |
| |
| cert = g_tls_certificate_new_from_pem (pem, -1, &error); |
| g_assert_no_error (error); |
| g_assert (cert); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); |
| g_free (parsed_cert_pem); |
| parsed_cert_pem = NULL; |
| g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem); |
| parsed_key_pem = NULL; |
| |
| g_object_unref (cert); |
| |
| /* Make sure length is respected and parser detect invalid (truncated) PEM. */ |
| cert = g_tls_certificate_new_from_pem (pem, 10, &error); |
| g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); |
| g_clear_error (&error); |
| g_free (pem); |
| |
| /* Check PEM parsing in private key, certificate order */ |
| g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), &pem, NULL, &error); |
| g_assert_no_error (error); |
| g_assert (pem); |
| |
| cert = g_tls_certificate_new_from_pem (pem, -1, &error); |
| g_assert_no_error (error); |
| g_assert (cert); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); |
| g_free (parsed_cert_pem); |
| parsed_cert_pem = NULL; |
| g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem); |
| parsed_key_pem = NULL; |
| |
| g_free (pem); |
| g_object_unref (cert); |
| |
| /* Check certificate only PEM */ |
| g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), &pem, NULL, &error); |
| g_assert_no_error (error); |
| g_assert (pem); |
| |
| cert = g_tls_certificate_new_from_pem (pem, -1, &error); |
| g_assert_no_error (error); |
| g_assert (cert); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); |
| g_free (parsed_cert_pem); |
| parsed_cert_pem = NULL; |
| g_assert (parsed_key_pem == NULL); |
| |
| g_free (pem); |
| g_object_unref (cert); |
| |
| /* Check error with private key only PEM */ |
| g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), &pem, NULL, &error); |
| g_assert_no_error (error); |
| g_assert (pem); |
| |
| cert = g_tls_certificate_new_from_pem (pem, -1, &error); |
| g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); |
| g_clear_error (&error); |
| g_assert (cert == NULL); |
| g_free (pem); |
| } |
| |
| static void |
| pem_parser_handles_chain (const Reference *ref) |
| { |
| GTlsCertificate *cert; |
| GTlsCertificate *issuer; |
| GTlsCertificate *original_cert; |
| gchar *pem; |
| gchar *parsed_cert_pem = NULL; |
| const gchar *parsed_key_pem = NULL; |
| GError *error = NULL; |
| |
| /* Check that a chain with exactly three certificates is returned */ |
| g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL, &error); |
| g_assert_no_error (error); |
| g_assert (pem); |
| |
| cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error); |
| g_free (pem); |
| g_assert_no_error (error); |
| g_assert (cert); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); |
| g_clear_pointer (&parsed_cert_pem, g_free); |
| |
| /* Make sure the private key was parsed */ |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem); |
| parsed_key_pem = NULL; |
| |
| /* Now test the second cert */ |
| issuer = g_tls_certificate_get_issuer (cert); |
| g_assert (issuer); |
| |
| cert = issuer; |
| issuer = g_tls_certificate_get_issuer (cert); |
| g_assert (issuer); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[1]); |
| g_clear_pointer (&parsed_cert_pem, g_free); |
| |
| /* Only the first cert should have a private key */ |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert (!parsed_key_pem); |
| |
| /* Now test the final cert */ |
| cert = issuer; |
| issuer = g_tls_certificate_get_issuer (cert); |
| g_assert (!issuer); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[2]); |
| g_clear_pointer (&parsed_cert_pem, g_free); |
| |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert (!parsed_key_pem); |
| |
| g_object_unref (original_cert); |
| } |
| |
| static void |
| from_file (const Reference *ref) |
| { |
| GTlsCertificate *cert; |
| gchar *parsed_cert_pem = NULL; |
| const gchar *parsed_key_pem = NULL; |
| GError *error = NULL; |
| |
| cert = g_tls_certificate_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), |
| &error); |
| g_assert_no_error (error); |
| g_assert (cert); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); |
| g_free (parsed_cert_pem); |
| parsed_cert_pem = NULL; |
| g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem); |
| parsed_key_pem = NULL; |
| |
| g_object_unref (cert); |
| } |
| |
| static void |
| from_files (const Reference *ref) |
| { |
| GTlsCertificate *cert; |
| gchar *parsed_cert_pem = NULL; |
| const gchar *parsed_key_pem = NULL; |
| GError *error = NULL; |
| |
| cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), |
| g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), |
| &error); |
| g_assert_no_error (error); |
| g_assert (cert); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); |
| g_free (parsed_cert_pem); |
| parsed_cert_pem = NULL; |
| g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem); |
| parsed_key_pem = NULL; |
| |
| g_object_unref (cert); |
| |
| /* Missing private key */ |
| cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), |
| g_test_get_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL), |
| &error); |
| g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); |
| g_clear_error (&error); |
| g_assert (cert == NULL); |
| |
| /* Missing certificate */ |
| cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), |
| g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), |
| &error); |
| g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); |
| g_clear_error (&error); |
| g_assert (cert == NULL); |
| |
| /* Using this method twice with a file containing both private key and |
| * certificate as a way to inforce private key presence is a fair use |
| */ |
| cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), |
| g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), |
| &error); |
| g_assert_no_error (error); |
| g_assert (cert); |
| g_object_unref (cert); |
| } |
| |
| |
| static void |
| from_files_pkcs8 (const Reference *ref) |
| { |
| GTlsCertificate *cert; |
| gchar *parsed_cert_pem = NULL; |
| const gchar *parsed_key_pem = NULL; |
| GError *error = NULL; |
| |
| cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), |
| g_test_get_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL), |
| &error); |
| g_assert_no_error (error); |
| g_assert (cert); |
| |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); |
| g_free (parsed_cert_pem); |
| parsed_cert_pem = NULL; |
| g_assert_cmpstr (parsed_key_pem, ==, ref->key8_pem); |
| parsed_key_pem = NULL; |
| |
| g_object_unref (cert); |
| } |
| |
| static void |
| list_from_file (const Reference *ref) |
| { |
| GList *list, *l; |
| GError *error = NULL; |
| int i; |
| |
| list = g_tls_certificate_list_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), |
| &error); |
| g_assert_no_error (error); |
| g_assert_cmpint (g_list_length (list), ==, 3); |
| |
| l = list; |
| for (i = 0; i < 3; i++) |
| { |
| GTlsCertificate *cert = l->data; |
| gchar *parsed_cert_pem = NULL; |
| g_object_get (cert, |
| "certificate-pem", &parsed_cert_pem, |
| NULL); |
| g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[i]); |
| g_free (parsed_cert_pem); |
| l = g_list_next (l); |
| } |
| |
| g_list_free_full (list, g_object_unref); |
| |
| /* Empty list is not an error */ |
| list = g_tls_certificate_list_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "nothing.pem", NULL), |
| &error); |
| g_assert_no_error (error); |
| g_assert_cmpint (g_list_length (list), ==, 0); |
| } |
| |
| int |
| main (int argc, |
| char *argv[]) |
| { |
| int rtv; |
| Reference ref; |
| GError *error = NULL; |
| gchar *path; |
| |
| g_test_init (&argc, &argv, NULL); |
| |
| _g_test_tls_backend_get_type (); |
| |
| /* Load reference PEM */ |
| path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL); |
| g_file_get_contents (path, &ref.cert_pems[0], NULL, &error); |
| g_assert_no_error (error); |
| g_assert (ref.cert_pems[0]); |
| g_free (path); |
| path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL); |
| g_file_get_contents (path, &ref.cert_pems[1], NULL, &error); |
| g_assert_no_error (error); |
| g_assert (ref.cert_pems[1]); |
| g_free (path); |
| path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert3.pem", NULL); |
| g_file_get_contents (path, &ref.cert_pems[2], NULL, &error); |
| g_assert_no_error (error); |
| g_assert (ref.cert_pems[2]); |
| g_free (path); |
| path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL); |
| g_file_get_contents (path, &ref.key_pem, NULL, &error); |
| g_assert_no_error (error); |
| g_assert (ref.key_pem); |
| g_free (path); |
| path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL); |
| g_file_get_contents (path, &ref.key8_pem, NULL, &error); |
| g_assert_no_error (error); |
| g_assert (ref.key8_pem); |
| g_free (path); |
| |
| g_test_add_data_func ("/tls-certificate/pem-parser", |
| &ref, (GTestDataFunc)pem_parser); |
| g_test_add_data_func ("/tls-certificate/pem-parser-handles-chain", |
| &ref, (GTestDataFunc)pem_parser_handles_chain); |
| g_test_add_data_func ("/tls-certificate/from_file", |
| &ref, (GTestDataFunc)from_file); |
| g_test_add_data_func ("/tls-certificate/from_files", |
| &ref, (GTestDataFunc)from_files); |
| g_test_add_data_func ("/tls-certificate/from_files_pkcs8", |
| &ref, (GTestDataFunc)from_files_pkcs8); |
| g_test_add_data_func ("/tls-certificate/list_from_file", |
| &ref, (GTestDataFunc)list_from_file); |
| |
| rtv = g_test_run(); |
| |
| g_free (ref.cert_pems[0]); |
| g_free (ref.cert_pems[1]); |
| g_free (ref.cert_pems[2]); |
| g_free (ref.key_pem); |
| g_free (ref.key8_pem); |
| |
| return rtv; |
| } |