|
Packit |
b00eeb |
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
|
|
Packit |
b00eeb |
/*
|
|
Packit |
b00eeb |
Copyright (C) 2010 Stefan Walter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The Gnome Keyring Library is free software; you can redistribute it and/or
|
|
Packit |
b00eeb |
modify it under the terms of the GNU Library General Public License as
|
|
Packit |
b00eeb |
published by the Free Software Foundation; either version 2 of the
|
|
Packit |
b00eeb |
License, or (at your option) any later version.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The Gnome Keyring Library is distributed in the hope that it will be useful,
|
|
Packit |
b00eeb |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
b00eeb |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
b00eeb |
Library General Public License for more details.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
You should have received a copy of the GNU Library General Public
|
|
Packit |
b00eeb |
License along with the Gnome Library; see the file COPYING.LIB. If not,
|
|
Packit |
b00eeb |
see <http://www.gnu.org/licenses/>.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Author: Stef Walter <stef@memberwebs.com>
|
|
Packit |
b00eeb |
*/
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include "config.h"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include "gcr/gcr-base.h"
|
|
Packit |
b00eeb |
#include "gcr/gcr-internal.h"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include "gck/gck-mock.h"
|
|
Packit |
b00eeb |
#include "gck/gck-test.h"
|
|
Packit |
b00eeb |
#include <p11-kit/pkcs11.h>
|
|
Packit |
b00eeb |
#include "gck/pkcs11n.h"
|
|
Packit |
b00eeb |
#include "gck/pkcs11x.h"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include "egg/egg-testing.h"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include <glib.h>
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#include <errno.h>
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
typedef struct {
|
|
Packit |
b00eeb |
CK_FUNCTION_LIST funcs;
|
|
Packit |
b00eeb |
GcrCertificate *certificate;
|
|
Packit |
b00eeb |
} Test;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
setup (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GList *modules = NULL;
|
|
Packit |
b00eeb |
CK_FUNCTION_LIST_PTR f;
|
|
Packit |
b00eeb |
GckModule *module;
|
|
Packit |
b00eeb |
gchar *contents;
|
|
Packit |
b00eeb |
const gchar *uris[2];
|
|
Packit |
b00eeb |
gsize len;
|
|
Packit |
b00eeb |
CK_RV rv;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
if (!g_file_get_contents (SRCDIR "/gcr/fixtures/der-certificate.crt", &contents, &len, NULL))
|
|
Packit |
b00eeb |
g_assert_not_reached ();
|
|
Packit |
b00eeb |
g_assert (contents);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
test->certificate = gcr_simple_certificate_new ((const guchar *)contents, len);
|
|
Packit |
b00eeb |
g_free (contents);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
rv = gck_mock_C_GetFunctionList (&f);
|
|
Packit |
b00eeb |
gck_assert_cmprv (rv, ==, CKR_OK);
|
|
Packit |
b00eeb |
memcpy (&test->funcs, f, sizeof (test->funcs));
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/* Open a session */
|
|
Packit |
b00eeb |
rv = (test->funcs.C_Initialize) (NULL);
|
|
Packit |
b00eeb |
gck_assert_cmprv (rv, ==, CKR_OK);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_assert (!modules);
|
|
Packit |
b00eeb |
module = gck_module_new (&test->funcs);
|
|
Packit |
b00eeb |
modules = g_list_prepend (modules, module);
|
|
Packit |
b00eeb |
gcr_pkcs11_set_modules (modules);
|
|
Packit |
b00eeb |
gck_list_unref_free (modules);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
uris[0] = GCK_MOCK_SLOT_ONE_URI;
|
|
Packit |
b00eeb |
uris[1] = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_pkcs11_set_trust_store_uri (GCK_MOCK_SLOT_ONE_URI);
|
|
Packit |
b00eeb |
gcr_pkcs11_set_trust_lookup_uris (uris);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
teardown (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
CK_RV rv;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_object_unref (test->certificate);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
rv = (test->funcs.C_Finalize) (NULL);
|
|
Packit |
b00eeb |
gck_assert_cmprv (rv, ==, CKR_OK);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
_gcr_uninitialize_library ();
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_is_pinned_none (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean trust;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert_cmpint (trust, ==, FALSE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_add_and_is_pinned (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean trust;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert_cmpint (trust, ==, FALSE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ret = gcr_trust_add_pinned_certificate (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert (ret == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert_cmpint (trust, ==, TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_add_certificate_pinned_fail (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/* Make this function fail */
|
|
Packit |
b00eeb |
test->funcs.C_CreateObject = gck_mock_fail_C_CreateObject;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ret = gcr_trust_add_pinned_certificate (test->certificate, GCR_PURPOSE_CLIENT_AUTH, "peer", NULL, &error);
|
|
Packit |
b00eeb |
g_assert (ret == FALSE);
|
|
Packit |
b00eeb |
g_assert_error (error, GCK_ERROR, CKR_FUNCTION_FAILED);
|
|
Packit |
b00eeb |
g_clear_error (&error);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_add_and_remov_pinned (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean trust;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ret = gcr_trust_add_pinned_certificate (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert (ret == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert_cmpint (trust, ==, TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ret = gcr_trust_remove_pinned_certificate (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert (ret == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, &error);
|
|
Packit |
b00eeb |
g_assert_cmpint (trust, ==, FALSE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
fetch_async_result (GObject *source, GAsyncResult *result, gpointer user_data)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
*((GAsyncResult**)user_data) = result;
|
|
Packit |
b00eeb |
g_object_ref (result);
|
|
Packit |
b00eeb |
egg_test_wait_stop ();
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_add_and_is_pinned_async (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GAsyncResult *result = NULL;
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean trust;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_is_certificate_pinned_async (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (trust == FALSE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
result = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_add_pinned_certificate_async (test->certificate, GCR_PURPOSE_EMAIL, "host",
|
|
Packit |
b00eeb |
NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
ret = gcr_trust_add_pinned_certificate_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (ret == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
result = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_is_certificate_pinned_async (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (trust == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
result = NULL;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_add_and_remov_pinned_async (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GAsyncResult *result = NULL;
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean trust;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_add_pinned_certificate_async (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
ret = gcr_trust_add_pinned_certificate_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (ret == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
result = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_is_certificate_pinned_async (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (trust == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
result = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_remove_pinned_certificate_async (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
ret = gcr_trust_remove_pinned_certificate_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (ret == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
result = NULL;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_is_certificate_pinned_async (test->certificate, GCR_PURPOSE_EMAIL, "host", NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
trust = gcr_trust_is_certificate_pinned_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (trust == FALSE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
result = NULL;
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_is_certificate_anchored_not (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ret = gcr_trust_is_certificate_anchored (test->certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
|
|
Packit |
b00eeb |
g_assert (ret == FALSE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_is_certificate_anchored_yes (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GckBuilder builder = GCK_BUILDER_INIT;
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gconstpointer der;
|
|
Packit |
b00eeb |
gsize n_der;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
/* Create a certificate root trust */
|
|
Packit |
b00eeb |
der = gcr_certificate_get_der_data (test->certificate, &n_der);
|
|
Packit |
b00eeb |
gck_builder_add_data (&builder, CKA_X_CERTIFICATE_VALUE, der, n_der);
|
|
Packit |
b00eeb |
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_X_TRUST_ASSERTION);
|
|
Packit |
b00eeb |
gck_builder_add_boolean (&builder, CKA_TOKEN, TRUE);
|
|
Packit |
b00eeb |
gck_builder_add_string (&builder, CKA_X_PURPOSE, GCR_PURPOSE_CLIENT_AUTH);
|
|
Packit |
b00eeb |
gck_builder_add_ulong (&builder, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
|
|
Packit |
b00eeb |
gck_mock_module_add_object (gck_builder_end (&builder));
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ret = gcr_trust_is_certificate_anchored (test->certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, &error);
|
|
Packit |
b00eeb |
g_assert (ret == TRUE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
static void
|
|
Packit |
b00eeb |
test_is_certificate_anchored_async (Test *test, gconstpointer unused)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
GAsyncResult *result = NULL;
|
|
Packit |
b00eeb |
GError *error = NULL;
|
|
Packit |
b00eeb |
gboolean ret;
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_trust_is_certificate_anchored_async (test->certificate, GCR_PURPOSE_CLIENT_AUTH, NULL, fetch_async_result, &result);
|
|
Packit |
b00eeb |
egg_test_wait_until (500);
|
|
Packit |
b00eeb |
g_assert (result);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ret = gcr_trust_is_certificate_anchored_finish (result, &error);
|
|
Packit |
b00eeb |
g_assert (ret == FALSE);
|
|
Packit |
b00eeb |
g_assert (error == NULL);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_object_unref (result);
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
int
|
|
Packit |
b00eeb |
main (int argc, char **argv)
|
|
Packit |
b00eeb |
{
|
|
Packit |
b00eeb |
g_test_init (&argc, &argv, NULL);
|
|
Packit |
b00eeb |
g_set_prgname ("test-trust");
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/is_pinned_none", Test, NULL, setup, test_is_pinned_none, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/add_and_is_pinned", Test, NULL, setup, test_add_and_is_pinned, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/add_certificate_pinned_fail", Test, NULL, setup, test_add_certificate_pinned_fail, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/add_and_remov_pinned", Test, NULL, setup, test_add_and_remov_pinned, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/add_and_is_pinned_async", Test, NULL, setup, test_add_and_is_pinned_async, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/add_and_remov_pinned_async", Test, NULL, setup, test_add_and_remov_pinned_async, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/is_certificate_anchored_not", Test, NULL, setup, test_is_certificate_anchored_not, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/is_certificate_anchored_yes", Test, NULL, setup, test_is_certificate_anchored_yes, teardown);
|
|
Packit |
b00eeb |
g_test_add ("/gcr/trust/is_certificate_anchored_async", Test, NULL, setup, test_is_certificate_anchored_async, teardown);
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
return egg_tests_run_with_loop ();
|
|
Packit |
b00eeb |
}
|