diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-08 13:48:30 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-12 09:49:23 +0200 |
commit | 0af3696105317eeca1bc6ded5298dc107e1fc2d3 (patch) | |
tree | b26f3cb356464e6b20dcefe99e44526d8a75ee57 | |
parent | e1431ce39813b2fa8971fe7faf4b320c058b3182 (diff) | |
download | gnutls-0af3696105317eeca1bc6ded5298dc107e1fc2d3.tar.gz |
tests: enhanced set_x509_key_file tests to include index verification
That is, verify that correct indexes are returned, and these
can be used with gnutls_certificate_get_crt_raw() afterwards.
-rw-r--r-- | tests/set_x509_key_file.c | 106 | ||||
-rw-r--r-- | tests/utils.c | 45 | ||||
-rw-r--r-- | tests/utils.h | 2 |
3 files changed, 123 insertions, 30 deletions
diff --git a/tests/set_x509_key_file.c b/tests/set_x509_key_file.c index f23683decb..b76e6d6377 100644 --- a/tests/set_x509_key_file.c +++ b/tests/set_x509_key_file.c @@ -36,7 +36,7 @@ static time_t mytime(time_t * t) { - time_t then = 1461671166; + time_t then = 1470002400; if (t) *t = then; @@ -62,18 +62,68 @@ static void compare(const gnutls_datum_t *der, const void *ipem) return; } +static unsigned set_cert(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *key, const gnutls_datum_t *cert) +{ + const char *certfile; + FILE *fp; + int ret; + + certfile = get_tmpname(NULL); + + fp = fopen(certfile, "w"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(cert->data, 1, cert->size, fp)>0); + assert(fwrite(key->data, 1, key->size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + /* return index */ + return ret; +} + +static void verify_written_cert(gnutls_certificate_credentials_t xcred, unsigned idx, const gnutls_datum_t *cert, unsigned ncerts) +{ + int ret; + gnutls_datum_t tcert = {NULL, 0}; + + /* verify whether the stored certificate match the ones we have */ + ret = gnutls_certificate_get_crt_raw(xcred, idx, 0, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + compare(&tcert, cert->data); + + if (ncerts > 1) { + ret = gnutls_certificate_get_crt_raw(xcred, idx, 1, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* skip headers of first cert */ + compare(&tcert, cert->data+2); + } +} + void doit(void) { int ret; gnutls_certificate_credentials_t xcred, clicred; const char *keyfile = "./certs/ecc256.pem"; const char *certfile = "does-not-exist.pem"; - gnutls_datum_t tcert; - FILE *fp; + unsigned idx, i; global_init(); assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); gnutls_global_set_time_function(mytime); + track_temp_files(); /* this will fail */ ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile, @@ -86,45 +136,41 @@ void doit(void) assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); - ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca_cert, GNUTLS_X509_FMT_PEM); + ret = gnutls_certificate_set_x509_trust_mem(clicred, &subca3_cert, GNUTLS_X509_FMT_PEM); if (ret < 0) fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); - certfile = get_tmpname(NULL); + success("Testing store of certificates\n"); - fp = fopen(certfile, "w"); - if (fp == NULL) - fail("error in fopen\n"); - assert(fwrite(server_cert_pem, 1, strlen((char*)server_cert_pem), fp)>0); - assert(fwrite(server_key_pem, 1, strlen((char*)server_key_pem), fp)>0); - fclose(fp); + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost6_cert_chain); + verify_written_cert(xcred, idx, &server_ca3_localhost6_cert_chain, 2); + assert(idx == 0); - ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile, - GNUTLS_X509_FMT_PEM, NULL, 0); - if (ret < 0) - fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + success("Tested store of %d\n", idx); - /* verify whether the stored certificate match the ones we have */ - ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert); - if (ret < 0) { - fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); - } + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost_cert); + verify_written_cert(xcred, idx, &server_ca3_localhost_cert, 1); + assert(idx == 1); - compare(&tcert, server_cert_pem); + success("Tested store of %d\n", idx); - ret = gnutls_certificate_get_crt_raw(xcred, 0, 1, &tcert); - if (ret < 0) { - fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); - exit(1); - } - compare(&tcert, server_cert_pem+2); + test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ - remove(certfile); + idx = set_cert(xcred, &server_key, &server_cert); + verify_written_cert(xcred, idx, &server_cert, 2); + assert(idx == 2); - test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ + success("Tested store of %d\n", idx); + + for (i=0;i<16;i++) { + idx = set_cert(xcred, &server_ecc_key, &server_ecc_cert); + verify_written_cert(xcred, idx, &server_ecc_cert, 1); + assert(idx == 3+i); + success("Tested store of %d\n", idx); + } gnutls_certificate_free_credentials(xcred); gnutls_certificate_free_credentials(clicred); gnutls_global_deinit(); + delete_temp_files(); } diff --git a/tests/utils.c b/tests/utils.c index 21ef9d641d..512c3d40fc 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -29,6 +29,7 @@ #include <stdarg.h> #include <time.h> #include <unistd.h> +#include <assert.h> #include <errno.h> #ifndef _WIN32 #include <netinet/in.h> @@ -259,6 +260,28 @@ int main(int argc, char *argv[]) return error_count ? 1 : 0; } +struct tmp_file_st { + char file[TMPNAME_SIZE]; + struct tmp_file_st *next; +}; + +static struct tmp_file_st *temp_files = (void*)-1; + +static void append(const char *file) +{ + struct tmp_file_st *p; + + if (temp_files == (void*)-1) + return; + + p = calloc(1, sizeof(*p)); + + assert(p != NULL); + strcpy(p->file, file); + p->next = temp_files; + temp_files = p; +} + char *get_tmpname(char s[TMPNAME_SIZE]) { unsigned char rnd[6]; @@ -283,5 +306,27 @@ char *get_tmpname(char s[TMPNAME_SIZE]) snprintf(p, TMPNAME_SIZE, "%s/tmpfile-%02x%02x%02x%02x%02x%02x.tmp", path, (unsigned)rnd[0], (unsigned)rnd[1], (unsigned)rnd[2], (unsigned)rnd[3], (unsigned)rnd[4], (unsigned)rnd[5]); + append(p); + return p; } + +void track_temp_files(void) +{ + temp_files = NULL; +} + +void delete_temp_files(void) +{ + struct tmp_file_st *p = temp_files; + struct tmp_file_st *next; + + if (p == (void*)-1) + return; + + while(p != NULL) { + next = p->next; + free(p); + p = next; + } +} diff --git a/tests/utils.h b/tests/utils.h index 7606a6dbb8..965a341dd0 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -79,6 +79,8 @@ void test_cli_serv(gnutls_certificate_credentials_t server_cred, #define TMPNAME_SIZE 128 char *get_tmpname(char s[TMPNAME_SIZE]); +void track_temp_files(void); +void delete_temp_files(void); /* This must be implemented elsewhere. */ extern void doit(void); |