tests: enhanced set_x509_key_file tests to include index verification

That is, verify that correct indexes are returned, and these
can be used with gnutls_certificate_get_crt_raw() afterwards.

3 files changed, 123 insertions, 30 deletions

diff --git a/tests/set_x509_key_file.c b/tests/set_x509_key_file.c
index f23683decb..b76e6d6377 100644
--- a/tests/set_x509_key_file.c
+++ b/tests/set_x509_key_file.c
@@ -36,7 +36,7 @@
 
 static time_t mytime(time_t * t)
 {
-	time_t then = 1461671166;
+	time_t then = 1470002400;
 	if (t)
 		*t = then;
 
@@ -62,18 +62,68 @@ static void compare(const gnutls_datum_t *der, const void *ipem)
 	return;
 }
 
+static unsigned set_cert(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *key, const gnutls_datum_t *cert)
+{
+	const char *certfile;
+	FILE *fp;
+	int ret;
+
+	certfile = get_tmpname(NULL);
+
+	fp = fopen(certfile, "w");
+	if (fp == NULL)
+		fail("error in fopen\n");
+	assert(fwrite(cert->data, 1, cert->size, fp)>0);
+	assert(fwrite(key->data, 1, key->size, fp)>0);
+	fclose(fp);
+
+	ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile,
+						    GNUTLS_X509_FMT_PEM, NULL, 0);
+	if (ret < 0)
+		fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret));
+
+	/* return index */
+	return ret;
+}
+
+static void verify_written_cert(gnutls_certificate_credentials_t xcred, unsigned idx, const gnutls_datum_t *cert, unsigned ncerts)
+{
+	int ret;
+	gnutls_datum_t tcert = {NULL, 0};
+
+	/* verify whether the stored certificate match the ones we have */
+	ret = gnutls_certificate_get_crt_raw(xcred, idx, 0, &tcert);
+	if (ret < 0) {
+		fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
+		exit(1);
+	}
+
+	compare(&tcert, cert->data);
+
+	if (ncerts > 1) {
+		ret = gnutls_certificate_get_crt_raw(xcred, idx, 1, &tcert);
+		if (ret < 0) {
+			fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
+			exit(1);
+		}
+
+		/* skip headers of first cert */
+		compare(&tcert, cert->data+2);
+	}
+}
+
 void doit(void)
 {
 	int ret;
 	gnutls_certificate_credentials_t xcred, clicred;
 	const char *keyfile = "./certs/ecc256.pem";
 	const char *certfile = "does-not-exist.pem";
-	gnutls_datum_t tcert;
-	FILE *fp;
+	unsigned idx, i;
 
 	global_init();
 	assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
 	gnutls_global_set_time_function(mytime);
+	track_temp_files();
 
 	/* this will fail */
 	ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile,
@@ -86,45 +136,41 @@ void doit(void)
 	assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
 	assert(gnutls_certificate_allocate_credentials(&clicred) >= 0);
 
-	ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca_cert, GNUTLS_X509_FMT_PEM);
+	ret = gnutls_certificate_set_x509_trust_mem(clicred, &subca3_cert, GNUTLS_X509_FMT_PEM);
 	if (ret < 0)
 		fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret));
 
-	certfile = get_tmpname(NULL);
+	success("Testing store of certificates\n");
 
-	fp = fopen(certfile, "w");
-	if (fp == NULL)
-		fail("error in fopen\n");
-	assert(fwrite(server_cert_pem, 1, strlen((char*)server_cert_pem), fp)>0);
-	assert(fwrite(server_key_pem, 1, strlen((char*)server_key_pem), fp)>0);
-	fclose(fp);
+	idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost6_cert_chain);
+	verify_written_cert(xcred, idx, &server_ca3_localhost6_cert_chain, 2);
+	assert(idx == 0);
 
-	ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile,
-						    GNUTLS_X509_FMT_PEM, NULL, 0);
-	if (ret < 0)
-		fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret));
+	success("Tested store of %d\n", idx);
 
-	/* verify whether the stored certificate match the ones we have */
-	ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert);
-	if (ret < 0) {
-		fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
-		exit(1);
-	}
+	idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost_cert);
+	verify_written_cert(xcred, idx, &server_ca3_localhost_cert, 1);
+	assert(idx == 1);
 
-	compare(&tcert, server_cert_pem);
+	success("Tested store of %d\n", idx);
 
-	ret = gnutls_certificate_get_crt_raw(xcred, 0, 1, &tcert);
-	if (ret < 0) {
-		fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
-		exit(1);
-	}
-	compare(&tcert, server_cert_pem+2);
+	test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */
 
-	remove(certfile);
+	idx = set_cert(xcred, &server_key, &server_cert);
+	verify_written_cert(xcred, idx, &server_cert, 2);
+	assert(idx == 2);
 
-	test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */
+	success("Tested store of %d\n", idx);
+
+	for (i=0;i<16;i++) {
+		idx = set_cert(xcred, &server_ecc_key, &server_ecc_cert);
+		verify_written_cert(xcred, idx, &server_ecc_cert, 1);
+		assert(idx == 3+i);
+		success("Tested store of %d\n", idx);
+	}
 
 	gnutls_certificate_free_credentials(xcred);
 	gnutls_certificate_free_credentials(clicred);
 	gnutls_global_deinit();
+	delete_temp_files();
 }
diff --git a/tests/utils.c b/tests/utils.c
index 21ef9d641d..512c3d40fc 100644
--- a/tests/utils.c
+++ b/tests/utils.c
@@ -29,6 +29,7 @@
 #include <stdarg.h>
 #include <time.h>
 #include <unistd.h>
+#include <assert.h>
 #include <errno.h>
 #ifndef _WIN32
 #include <netinet/in.h>
@@ -259,6 +260,28 @@ int main(int argc, char *argv[])
 	return error_count ? 1 : 0;
 }
 
+struct tmp_file_st {
+	char file[TMPNAME_SIZE];
+	struct tmp_file_st *next;
+};
+
+static struct tmp_file_st *temp_files = (void*)-1;
+
+static void append(const char *file)
+{
+	struct tmp_file_st *p;
+
+	if (temp_files == (void*)-1)
+		return;
+
+	p = calloc(1, sizeof(*p));
+
+	assert(p != NULL);
+	strcpy(p->file, file);
+	p->next = temp_files;
+	temp_files = p;
+}
+
 char *get_tmpname(char s[TMPNAME_SIZE])
 {
 	unsigned char rnd[6];
@@ -283,5 +306,27 @@ char *get_tmpname(char s[TMPNAME_SIZE])
 	snprintf(p, TMPNAME_SIZE, "%s/tmpfile-%02x%02x%02x%02x%02x%02x.tmp", path, (unsigned)rnd[0], (unsigned)rnd[1],
 		(unsigned)rnd[2], (unsigned)rnd[3], (unsigned)rnd[4], (unsigned)rnd[5]);
 
+	append(p);
+
 	return p;
 }
+
+void track_temp_files(void)
+{
+	temp_files = NULL;
+}
+
+void delete_temp_files(void)
+{
+	struct tmp_file_st *p = temp_files;
+	struct tmp_file_st *next;
+
+	if (p == (void*)-1)
+		return;
+
+	while(p != NULL) {
+		next = p->next;
+		free(p);
+		p = next;
+	}
+}
diff --git a/tests/utils.h b/tests/utils.h
index 7606a6dbb8..965a341dd0 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -79,6 +79,8 @@ void test_cli_serv(gnutls_certificate_credentials_t server_cred,
 
 #define TMPNAME_SIZE 128
 char *get_tmpname(char s[TMPNAME_SIZE]);
+void track_temp_files(void);
+void delete_temp_files(void);
 
 /* This must be implemented elsewhere. */
 extern void doit(void);