source-git / mingw-glib-networking

Clone
Source Code
GIT

Blame tls/tests/file-database.c

c8 master
  1.   c64c18f2d0e799070bdf7573c75710ab92488846
  2.   tls
  3.   tests
  4.   file-database.c
Blob History Raw
Packit 9bedce 
/* GIO TLS tests
Packit 9bedce 
 *
Packit 9bedce 
 * Copyright 2011 Collabora, Ltd.
Packit 9bedce 
 *
Packit 9bedce 
 * This library is free software; you can redistribute it and/or
Packit 9bedce 
 * modify it under the terms of the GNU Lesser General Public
Packit 9bedce 
 * License as published by the Free Software Foundation; either
Packit 9bedce 
 * version 2 of the License, or (at your option) any later version.
Packit 9bedce 
 *
Packit 9bedce 
 * This library is distributed in the hope that it will be useful,
Packit 9bedce 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit 9bedce 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit 9bedce 
 * Lesser General Public License for more details.
Packit 9bedce 
 *
Packit 9bedce 
 * You should have received a copy of the GNU Lesser General
Packit 9bedce 
 * Public License along with this library; if not, see
Packit 9bedce 
 * <http://www.gnu.org/licenses/>.
Packit 9bedce 
 *
Packit 9bedce 
 * In addition, when the library is used with OpenSSL, a special
Packit 9bedce 
 * exception applies. Refer to the LICENSE_EXCEPTION file for details.
Packit 9bedce 
 *
Packit 9bedce 
 * Author: Stef Walter <stefw@collabora.co.uk>
Packit 9bedce 
 */
Packit 9bedce
Packit 9bedce 
#include "config.h"
Packit 9bedce
Packit 9bedce 
#include <gio/gio.h>
Packit 9bedce
Packit 9bedce 
#include "gnutls/gtlscertificate-gnutls.h"
Packit 9bedce
Packit 9bedce 
#include <sys/types.h>
Packit 9bedce 
#include <string.h>
Packit 9bedce
Packit 9bedce 
static const gchar *
Packit 9bedce 
tls_test_file_path (const char *name)
Packit 9bedce 
{
Packit 9bedce 
  const gchar *const_path;
Packit 9bedce 
  gchar *path;
Packit 9bedce
Packit 9bedce 
  path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
Packit 9bedce 
  if (!g_path_is_absolute (path))
Packit 9bedce 
    {
Packit 9bedce 
      gchar *cwd, *abs;
Packit 9bedce
Packit 9bedce 
      cwd = g_get_current_dir ();
Packit 9bedce 
      abs = g_build_filename (cwd, path, NULL);
Packit 9bedce 
      g_free (cwd);
Packit 9bedce 
      g_free (path);
Packit 9bedce 
      path = abs;
Packit 9bedce 
    }
Packit 9bedce
Packit 9bedce 
  const_path = g_intern_string (path);
Packit 9bedce 
  g_free (path);
Packit 9bedce 
  return const_path;
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
/* -----------------------------------------------------------------------------
Packit 9bedce 
 * CERTIFICATE VERIFY
Packit 9bedce 
 */
Packit 9bedce
Packit 9bedce 
typedef struct {
Packit 9bedce 
  GTlsCertificate *cert;
Packit 9bedce 
  GSocketConnectable *identity;
Packit 9bedce 
  GTlsDatabase *database;
Packit 9bedce 
} TestVerify;
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
setup_verify (TestVerify     *test,
Packit 9bedce 
              gconstpointer   data)
Packit 9bedce 
{
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (test->cert));
Packit 9bedce
Packit 9bedce 
  test->identity = g_network_address_new ("server.example.com", 80);
Packit 9bedce
Packit 9bedce 
  test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_DATABASE (test->database));
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
teardown_verify (TestVerify      *test,
Packit 9bedce 
                 gconstpointer    data)
Packit 9bedce 
{
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (test->cert));
Packit 9bedce 
  g_object_add_weak_pointer (G_OBJECT (test->cert),
Packit 9bedce 
			     (gpointer *)&test->cert);
Packit 9bedce 
  g_object_unref (test->cert);
Packit 9bedce 
  g_assert (test->cert == NULL);
Packit 9bedce
Packit 9bedce 
  g_assert (G_IS_TLS_DATABASE (test->database));
Packit 9bedce 
  g_object_add_weak_pointer (G_OBJECT (test->database),
Packit 9bedce 
			     (gpointer *)&test->database);
Packit 9bedce 
  g_object_unref (test->database);
Packit 9bedce 
  g_assert (test->database == NULL);
Packit 9bedce
Packit 9bedce 
  g_object_add_weak_pointer (G_OBJECT (test->identity),
Packit 9bedce 
			     (gpointer *)&test->identity);
Packit 9bedce 
  g_object_unref (test->identity);
Packit 9bedce 
  g_assert (test->identity == NULL);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_verify_database_good (TestVerify      *test,
Packit 9bedce 
                           gconstpointer    data)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificateFlags errors;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (test->database, test->cert,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        test->identity, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert_cmpuint (errors, ==, 0);
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (test->database, test->cert,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        NULL, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_cmpuint (errors, ==, 0);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_verify_database_bad_identity (TestVerify      *test,
Packit 9bedce 
                                   gconstpointer    data)
Packit 9bedce 
{
Packit 9bedce 
  GSocketConnectable *identity;
Packit 9bedce 
  GTlsCertificateFlags errors;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  identity = g_network_address_new ("other.example.com", 80);
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (test->database, test->cert,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        identity, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
Packit 9bedce
Packit 9bedce 
  g_object_unref (identity);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_verify_database_bad_ca (TestVerify      *test,
Packit 9bedce 
                             gconstpointer    data)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificateFlags errors;
Packit 9bedce 
  GTlsCertificate *cert;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  /* Use another certificate which isn't in our CA list */
Packit 9bedce 
  cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (cert));
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (test->database, cert,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        test->identity, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA);
Packit 9bedce
Packit 9bedce 
  g_object_unref (cert);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_verify_database_bad_before (TestVerify      *test,
Packit 9bedce 
                                 gconstpointer    data)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificateFlags errors;
Packit 9bedce 
  GTlsCertificate *cert;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  /* This is a certificate in the future */
Packit 9bedce 
  cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (cert));
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (test->database, cert,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        NULL, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_NOT_ACTIVATED);
Packit 9bedce
Packit 9bedce 
  g_object_unref (cert);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_verify_database_bad_expired (TestVerify      *test,
Packit 9bedce 
                                  gconstpointer    data)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificateFlags errors;
Packit 9bedce 
  GTlsCertificate *cert;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  /* This is a certificate in the future */
Packit 9bedce 
  cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (cert));
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (test->database, cert,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        NULL, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_EXPIRED);
Packit 9bedce
Packit 9bedce 
  g_object_unref (cert);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_verify_database_bad_combo (TestVerify      *test,
Packit 9bedce 
                                gconstpointer    data)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificate *cert;
Packit 9bedce 
  GSocketConnectable *identity;
Packit 9bedce 
  GTlsCertificateFlags errors;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (cert));
Packit 9bedce
Packit 9bedce 
  /*
Packit 9bedce 
   * - Use is self signed
Packit 9bedce 
   * - Use wrong identity.
Packit 9bedce 
   */
Packit 9bedce
Packit 9bedce 
  identity = g_network_address_new ("other.example.com", 80);
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (test->database, cert,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        identity, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA |
Packit 9bedce 
                    G_TLS_CERTIFICATE_BAD_IDENTITY);
Packit 9bedce
Packit 9bedce 
  g_object_unref (cert);
Packit 9bedce 
  g_object_unref (identity);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static GTlsCertificate *
Packit 9bedce 
load_certificate_chain (const char  *filename,
Packit 9bedce 
                        GError     **error)
Packit 9bedce 
{
Packit 9bedce 
  GList *certificates;
Packit 9bedce 
  GTlsCertificate *chain = NULL, *prev_chain = NULL;
Packit 9bedce 
  GTlsBackend *backend;
Packit 9bedce 
  GByteArray *der;
Packit 9bedce 
  GList *l;
Packit 9bedce
Packit 9bedce 
  certificates = g_tls_certificate_list_new_from_file (filename, error);
Packit 9bedce 
  if (certificates == NULL)
Packit 9bedce 
    return NULL;
Packit 9bedce
Packit 9bedce 
  backend = g_tls_backend_get_default ();
Packit 9bedce 
  certificates = g_list_reverse (certificates);
Packit 9bedce 
  for (l = certificates; l != NULL; l = g_list_next (l))
Packit 9bedce 
    {
Packit 9bedce 
      prev_chain = chain;
Packit 9bedce 
      g_object_get (l->data, "certificate", &der, NULL);
Packit 9bedce 
      chain = g_object_new (g_tls_backend_get_certificate_type (backend),
Packit 9bedce 
                            "certificate", der,
Packit 9bedce 
                            "issuer", prev_chain,
Packit 9bedce 
                            NULL);
Packit 9bedce 
      g_byte_array_unref (der);
Packit 9bedce 
      g_clear_object (&prev_chain);
Packit 9bedce 
    }
Packit 9bedce
Packit 9bedce 
  g_list_free_full (certificates, g_object_unref);
Packit 9bedce 
  return chain;
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static gboolean
Packit 9bedce 
is_certificate_in_chain (GTlsCertificate *chain,
Packit 9bedce 
                         GTlsCertificate *cert)
Packit 9bedce 
{
Packit 9bedce 
  while (chain != NULL)
Packit 9bedce 
    {
Packit 9bedce 
      if (g_tls_certificate_is_same (chain, cert))
Packit 9bedce 
        return TRUE;
Packit 9bedce 
      chain = g_tls_certificate_get_issuer (chain);
Packit 9bedce 
    }
Packit 9bedce
Packit 9bedce 
  return FALSE;
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_verify_with_incorrect_root_in_chain (void)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificate *ca_verisign_sha1;
Packit 9bedce 
  GTlsDatabase *database;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce 
  GTlsCertificate *chain;
Packit 9bedce 
  GSocketConnectable *identity;
Packit 9bedce 
  GTlsCertificateFlags errors;
Packit 9bedce
Packit 9bedce 
  /*
Packit 9bedce 
   * This database contains a single anchor certificate of:
Packit 9bedce 
   * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
Packit 9bedce 
   */
Packit 9bedce 
  database = g_tls_file_database_new (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_DATABASE (database));
Packit 9bedce
Packit 9bedce 
  ca_verisign_sha1 = g_tls_certificate_new_from_file (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (ca_verisign_sha1));
Packit 9bedce
Packit 9bedce 
  /*
Packit 9bedce 
   * This certificate chain contains a root certificate with that same issuer, public key:
Packit 9bedce 
   * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
Packit 9bedce 
   *
Packit 9bedce 
   * But it is not the same certificate in our database. However our database should
Packit 9bedce 
   * verify this chain as valid, since the issuer fields and signatures should chain up
Packit 9bedce 
   * to the certificate in our database.
Packit 9bedce 
   */
Packit 9bedce 
  chain = load_certificate_chain (tls_test_file_path ("chain-with-verisign-md2.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (chain));
Packit 9bedce
Packit 9bedce 
  g_assert (g_tls_certificate_get_issuer (chain) != NULL);
Packit 9bedce 
  g_assert (g_tls_certificate_get_issuer (g_tls_certificate_get_issuer (chain)) != NULL);
Packit 9bedce 
  g_assert (is_certificate_in_chain (chain, chain));
Packit 9bedce 
  g_assert (!is_certificate_in_chain (chain, ca_verisign_sha1));
Packit 9bedce
Packit 9bedce
Packit 9bedce 
  identity = g_network_address_new ("secure-test.streamline-esolutions.com", 443);
Packit 9bedce
Packit 9bedce 
  errors = g_tls_database_verify_chain (database, chain,
Packit 9bedce 
                                        G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
Packit 9bedce 
                                        identity, NULL, 0, NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  errors &= ~G_TLS_CERTIFICATE_EXPIRED; /* so that this test doesn't expire */
Packit 9bedce 
  g_assert_cmpuint (errors, ==, 0);
Packit 9bedce
Packit 9bedce 
  g_object_unref (chain);
Packit 9bedce 
  g_object_unref (ca_verisign_sha1);
Packit 9bedce 
  g_object_unref (identity);
Packit 9bedce 
  g_object_unref (database);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
/* -----------------------------------------------------------------------------
Packit 9bedce 
 * FILE DATABASE
Packit 9bedce 
 */
Packit 9bedce
Packit 9bedce 
typedef struct {
Packit 9bedce 
  GTlsDatabase *database;
Packit 9bedce 
  const gchar *path;
Packit 9bedce 
} TestFileDatabase;
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
setup_file_database (TestFileDatabase *test,
Packit 9bedce 
                     gconstpointer     data)
Packit 9bedce 
{
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  test->path = tls_test_file_path ("ca-roots.pem");
Packit 9bedce 
  test->database = g_tls_file_database_new (test->path, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_DATABASE (test->database));
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
teardown_file_database (TestFileDatabase *test,
Packit 9bedce 
                        gconstpointer     data)
Packit 9bedce 
{
Packit 9bedce 
  g_assert (G_IS_TLS_DATABASE (test->database));
Packit 9bedce 
  g_object_add_weak_pointer (G_OBJECT (test->database),
Packit 9bedce 
			     (gpointer *)&test->database);
Packit 9bedce 
  g_object_unref (test->database);
Packit 9bedce 
  g_assert (test->database == NULL);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_file_database_handle (TestFileDatabase *test,
Packit 9bedce 
                           gconstpointer     unused)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificate *certificate;
Packit 9bedce 
  GTlsCertificate *check;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce 
  gchar *handle;
Packit 9bedce
Packit 9bedce 
  /*
Packit 9bedce 
   * ca.pem is in the ca-roots.pem that the test->database represents.
Packit 9bedce 
   * So it should be able to create a handle for it and treat it as if it
Packit 9bedce 
   * is 'in' the database.
Packit 9bedce 
   */
Packit 9bedce
Packit 9bedce 
  certificate = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (certificate));
Packit 9bedce
Packit 9bedce 
  handle = g_tls_database_create_certificate_handle (test->database, certificate);
Packit 9bedce 
  g_assert (handle != NULL);
Packit 9bedce 
  g_assert (g_str_has_prefix (handle, "file:///"));
Packit 9bedce
Packit 9bedce 
  check = g_tls_database_lookup_certificate_for_handle (test->database, handle,
Packit 9bedce 
                                                        NULL, G_TLS_DATABASE_LOOKUP_NONE,
Packit 9bedce 
                                                        NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (G_IS_TLS_CERTIFICATE (check));
Packit 9bedce
Packit 9bedce 
  g_free (handle);
Packit 9bedce 
  g_object_unref (check);
Packit 9bedce 
  g_object_unref (certificate);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_file_database_handle_invalid (TestFileDatabase *test,
Packit 9bedce 
                                   gconstpointer     unused)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificate *certificate;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  certificate = g_tls_database_lookup_certificate_for_handle (test->database, "blah:blah",
Packit 9bedce 
                                                              NULL, G_TLS_DATABASE_LOOKUP_NONE,
Packit 9bedce 
                                                              NULL, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce 
  g_assert (certificate == NULL);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
/* -----------------------------------------------------------------------------
Packit 9bedce 
 * DATABASE
Packit 9bedce 
 */
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_anchors_property (void)
Packit 9bedce 
{
Packit 9bedce 
  GTlsDatabase *database;
Packit 9bedce 
  gchar *anchor_filename = NULL;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce
Packit 9bedce 
  g_object_get (database, "anchors", &anchor_filename, NULL);
Packit 9bedce 
  g_assert_cmpstr (anchor_filename, ==, tls_test_file_path ("ca.pem"));
Packit 9bedce 
  g_free (anchor_filename);
Packit 9bedce
Packit 9bedce 
  g_object_unref (database);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static gboolean
Packit 9bedce 
certificate_is_in_list (GList *certificates,
Packit 9bedce 
                        const gchar *filename)
Packit 9bedce 
{
Packit 9bedce 
  GTlsCertificate *cert;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce 
  GList *l;
Packit 9bedce
Packit 9bedce 
  cert = g_tls_certificate_new_from_file (filename, &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce
Packit 9bedce 
  for (l = certificates; l != NULL; l = g_list_next (l))
Packit 9bedce 
    {
Packit 9bedce 
      if (g_tls_certificate_is_same (l->data, cert))
Packit 9bedce 
        break;
Packit 9bedce 
    }
Packit 9bedce
Packit 9bedce 
  g_object_unref (cert);
Packit 9bedce
Packit 9bedce 
  /* Had an early break from loop */
Packit 9bedce 
  return l != NULL;
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_lookup_certificates_issued_by (void)
Packit 9bedce 
{
Packit 9bedce 
  /* This data is generated from the frob-certificate test tool in gcr library.
Packit 9bedce 
   * To regenerate (from e.g. a directory containing gcr and glib-networking):
Packit 9bedce 
   *
Packit 9bedce 
   * $ gcr/frob-certificate glib-networking/tls/tests/files/ca.pem
Packit 9bedce 
   *
Packit 9bedce 
   * Then copy the hex that is printed after "subject" (not "issuer"!) and add
Packit 9bedce 
   * the missing 'x's.
Packit 9bedce 
   */
Packit 9bedce 
  const guchar ISSUER[] = "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2"
Packit 9bedce 
                          "\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A"
Packit 9bedce 
                          "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41"
Packit 9bedce 
                          "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15"
Packit 9bedce 
                          "\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74"
Packit 9bedce 
                          "\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03"
Packit 9bedce 
                          "\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
Packit 9bedce 
                          "\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09"
Packit 9bedce 
                          "\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63"
Packit 9bedce 
                          "\x6F\x6D";
Packit 9bedce
Packit 9bedce 
  GList *certificates;
Packit 9bedce 
  GByteArray *issuer_dn;
Packit 9bedce 
  GTlsDatabase *database;
Packit 9bedce 
  GError *error = NULL;
Packit 9bedce
Packit 9bedce 
  database = g_tls_file_database_new (tls_test_file_path ("non-ca.pem"), &error);
Packit 9bedce 
  g_assert_no_error (error);
Packit 9bedce
Packit 9bedce 
  issuer_dn = g_byte_array_new ();
Packit 9bedce 
  /* The null terminator is in the array/string above */
Packit 9bedce 
  g_byte_array_append (issuer_dn, ISSUER, G_N_ELEMENTS (ISSUER) - 1);
Packit 9bedce
Packit 9bedce 
  certificates = g_tls_database_lookup_certificates_issued_by (database, issuer_dn, NULL,
Packit 9bedce 
                                                               G_TLS_DATABASE_LOOKUP_NONE,
Packit 9bedce 
                                                               NULL, &error);
Packit 9bedce
Packit 9bedce 
  g_byte_array_unref (issuer_dn);
Packit 9bedce
Packit 9bedce 
  g_assert_cmpuint (g_list_length (certificates), ==, 4);
Packit 9bedce
Packit 9bedce 
  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client.pem")));
Packit 9bedce 
  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-future.pem")));
Packit 9bedce 
  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-past.pem")));
Packit 9bedce 
  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("server.pem")));
Packit 9bedce 
  g_assert (!certificate_is_in_list (certificates, tls_test_file_path ("server-self.pem")));
Packit 9bedce
Packit 9bedce 
  g_list_free_full (certificates, g_object_unref);
Packit 9bedce 
  g_object_unref (database);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
static void
Packit 9bedce 
test_default_database_is_singleton (void)
Packit 9bedce 
{
Packit 9bedce 
  GTlsBackend *backend;
Packit 9bedce 
  GTlsDatabase *database;
Packit 9bedce 
  GTlsDatabase *check;
Packit 9bedce
Packit 9bedce 
  backend = g_tls_backend_get_default ();
Packit 9bedce 
  g_assert (G_IS_TLS_BACKEND (backend));
Packit 9bedce
Packit 9bedce 
  database = g_tls_backend_get_default_database (backend);
Packit 9bedce 
  g_assert (G_IS_TLS_DATABASE (database));
Packit 9bedce
Packit 9bedce 
  check = g_tls_backend_get_default_database (backend);
Packit 9bedce 
  g_assert (database == check);
Packit 9bedce
Packit 9bedce 
  g_object_unref (database);
Packit 9bedce 
  g_object_unref (check);
Packit 9bedce 
}
Packit 9bedce
Packit 9bedce 
int
Packit 9bedce 
main (int   argc,
Packit 9bedce 
      char *argv[])
Packit 9bedce 
{
Packit 9bedce 
  g_test_init (&argc, &argv, NULL);
Packit 9bedce
Packit 9bedce 
  g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
Packit 9bedce 
  g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE);
Packit 9bedce 
  g_setenv ("GIO_USE_TLS", "gnutls", TRUE);
Packit 9bedce
Packit 9bedce 
  g_test_add_func ("/tls/backend/default-database-is-singleton",
Packit 9bedce 
                   test_default_database_is_singleton);
Packit 9bedce
Packit 9bedce 
  g_test_add ("/tls/database/verify-good", TestVerify, NULL,
Packit 9bedce 
              setup_verify, test_verify_database_good, teardown_verify);
Packit 9bedce 
  g_test_add ("/tls/database/verify-bad-identity", TestVerify, NULL,
Packit 9bedce 
              setup_verify, test_verify_database_bad_identity, teardown_verify);
Packit 9bedce 
  g_test_add ("/tls/database/verify-bad-ca", TestVerify, NULL,
Packit 9bedce 
              setup_verify, test_verify_database_bad_ca, teardown_verify);
Packit 9bedce 
  g_test_add ("/tls/database/verify-bad-before", TestVerify, NULL,
Packit 9bedce 
              setup_verify, test_verify_database_bad_before, teardown_verify);
Packit 9bedce 
  g_test_add ("/tls/database/verify-bad-expired", TestVerify, NULL,
Packit 9bedce 
              setup_verify, test_verify_database_bad_expired, teardown_verify);
Packit 9bedce 
  g_test_add ("/tls/database/verify-bad-combo", TestVerify, NULL,
Packit 9bedce 
              setup_verify, test_verify_database_bad_combo, teardown_verify);
Packit 9bedce 
  g_test_add_func ("/tls/database/verify-with-incorrect-root-in-chain",
Packit 9bedce 
                   test_verify_with_incorrect_root_in_chain);
Packit 9bedce
Packit 9bedce 
  g_test_add_func ("/tls/file-database/anchors-property",
Packit 9bedce 
                   test_anchors_property);
Packit 9bedce 
  g_test_add_func ("/tls/file-database/lookup-certificates-issued-by",
Packit 9bedce 
                   test_lookup_certificates_issued_by);
Packit 9bedce
Packit 9bedce 
  g_test_add ("/tls/file-database/test-handle", TestFileDatabase, NULL,
Packit 9bedce 
              setup_file_database, test_file_database_handle, teardown_file_database);
Packit 9bedce 
  g_test_add ("/tls/file-database/test-handle-invalid", TestFileDatabase, NULL,
Packit 9bedce 
              setup_file_database, test_file_database_handle_invalid, teardown_file_database);
Packit 9bedce
Packit 9bedce 
  return g_test_run();
Packit 9bedce 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation