diff options
author | Stef Walter <stefw@collabora.co.uk> | 2010-11-26 20:25:48 +0000 |
---|---|---|
committer | Stef Walter <stefw@collabora.co.uk> | 2010-11-26 20:25:48 +0000 |
commit | a53afd7173f3f41d17db6f55d41f7fdc2c8bc787 (patch) | |
tree | 6226167e792db1d3daa13ed7ef5ee9505d95d4b4 /pkcs11 | |
parent | 0dff075a4470947bdf36341955d37fd578957d39 (diff) | |
download | gnome-keyring-a53afd7173f3f41d17db6f55d41f7fdc2c8bc787.tar.gz |
[xdg-store] Test remaining netscape trust assertion mappings.
Diffstat (limited to 'pkcs11')
-rw-r--r-- | pkcs11/xdg-store/tests/test-xdg-trust.c | 125 |
1 files changed, 124 insertions, 1 deletions
diff --git a/pkcs11/xdg-store/tests/test-xdg-trust.c b/pkcs11/xdg-store/tests/test-xdg-trust.c index 2832722c..d2c24718 100644 --- a/pkcs11/xdg-store/tests/test-xdg-trust.c +++ b/pkcs11/xdg-store/tests/test-xdg-trust.c @@ -620,16 +620,97 @@ _assert_positive_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpos gkm_assert_cmpulong (check, ==, netscape_trust); } +static void +_assert_negative_netscape (CK_ASSERTION_TYPE assertion_type, const gchar *purpose, + CK_ATTRIBUTE_TYPE netscape_type, CK_TRUST netscape_trust, + const gchar *description) +{ + CK_OBJECT_CLASS aklass = CKO_G_TRUST_ASSERTION; + CK_OBJECT_CLASS nklass = CKO_NETSCAPE_TRUST; + CK_OBJECT_HANDLE object = 0; + CK_OBJECT_HANDLE results[256]; + CK_ULONG n_results = 0; + CK_ATTRIBUTE attr; + CK_TRUST check; + CK_BBOOL fval = CK_FALSE; + CK_RV rv; + + CK_ATTRIBUTE attrs[] = { + { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) }, + { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) }, + { CKA_CLASS, &aklass, sizeof (aklass) }, + { CKA_G_ASSERTION_TYPE, &assertion_type, sizeof (assertion_type) }, + { CKA_G_PURPOSE, (void*)purpose, strlen (purpose) }, + { CKA_TOKEN, &fval, sizeof (fval) }, + }; + + CK_ATTRIBUTE lookup[] = { + { CKA_CLASS, &nklass, sizeof (nklass) }, + { CKA_TOKEN, &fval, sizeof (fval) }, + { CKA_SERIAL_NUMBER, (void*)SERIAL_NUMBER, XL (SERIAL_NUMBER) }, + { CKA_ISSUER, (void*)DER_ISSUER, XL (DER_ISSUER) }, + }; + + rv = gkm_session_C_CreateObject (session, attrs, G_N_ELEMENTS (attrs), &object); + gkm_assert_cmprv (rv, ==, CKR_OK); + gkm_assert_cmpulong (object, !=, 0); + + rv = gkm_session_C_FindObjectsInit (session, lookup, G_N_ELEMENTS (lookup)); + gkm_assert_cmprv (rv, ==, CKR_OK); + rv = gkm_session_C_FindObjects (session, results, G_N_ELEMENTS (results), &n_results); + gkm_assert_cmprv (rv, ==, CKR_OK); + rv = gkm_session_C_FindObjectsFinal (session); + gkm_assert_cmprv (rv, ==, CKR_OK); + + gkm_assert_cmpulong (n_results, ==, 1); + + check = (CK_ULONG)-1; + attr.type = netscape_type; + attr.pValue = ✓ + attr.ulValueLen = sizeof (check); + + rv = gkm_session_C_GetAttributeValue (session, results[0], &attr, 1); + gkm_assert_cmprv (rv, ==, CKR_OK); + + if (check != netscape_trust) + g_warning ("netscape trust was not mapped correctly: \"%s\"", description); + gkm_assert_cmpulong (check, ==, netscape_trust); +} + /* Some macros for intelligent failure messages */ #define assert_positive_netscape(a, b, c, d) \ _assert_positive_netscape (a, b, c, d, #a ", " #b ", " #c ", " #d) +#define assert_negative_netscape(a, b, c, d) \ + _assert_negative_netscape (a, b, c, d, #a ", " #b ", " #c ", " #d) -TESTING_TEST (trust_netscape_map_server_aunth) +TESTING_TEST (trust_netscape_map_server_auth) { assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.1", CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_TRUSTED); assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.1", CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.1", + CKA_TRUST_SERVER_AUTH, CKT_NETSCAPE_UNTRUSTED); +} + +TESTING_TEST (trust_netscape_map_client_auth) +{ + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.2", + CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_TRUSTED); + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.2", + CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.2", + CKA_TRUST_CLIENT_AUTH, CKT_NETSCAPE_UNTRUSTED); +} + +TESTING_TEST (trust_netscape_map_code_signing) +{ + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.3", + CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_TRUSTED); + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.3", + CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.3", + CKA_TRUST_CODE_SIGNING, CKT_NETSCAPE_UNTRUSTED); } TESTING_TEST (trust_netscape_map_email) @@ -638,4 +719,46 @@ TESTING_TEST (trust_netscape_map_email) CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_TRUSTED); assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.4", CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.4", + CKA_TRUST_EMAIL_PROTECTION, CKT_NETSCAPE_UNTRUSTED); +} + +TESTING_TEST (trust_netscape_map_ipsec_endpoint) +{ + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.5", + CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_TRUSTED); + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.5", + CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.5", + CKA_TRUST_IPSEC_END_SYSTEM, CKT_NETSCAPE_UNTRUSTED); +} + +TESTING_TEST (trust_netscape_map_ipsec_tunnel) +{ + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.6", + CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_TRUSTED); + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.6", + CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.6", + CKA_TRUST_IPSEC_TUNNEL, CKT_NETSCAPE_UNTRUSTED); +} + +TESTING_TEST (trust_netscape_map_ipsec_user) +{ + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.7", + CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_TRUSTED); + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.7", + CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.7", + CKA_TRUST_IPSEC_USER, CKT_NETSCAPE_UNTRUSTED); +} + +TESTING_TEST (trust_netscape_map_time_stamping) +{ + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_EXCEPTION, "1.3.6.1.5.5.7.3.8", + CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_TRUSTED); + assert_positive_netscape (CKT_G_CERTIFICATE_TRUST_ANCHOR, "1.3.6.1.5.5.7.3.8", + CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_TRUSTED_DELEGATOR); + assert_negative_netscape (CKT_G_CERTIFICATE_UNTRUSTED, "1.3.6.1.5.5.7.3.8", + CKA_TRUST_TIME_STAMPING, CKT_NETSCAPE_UNTRUSTED); } |