search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
event-manager: ignore StreamedMedia
[empathy-mirror.git] / tests / empathy-tls-test.c
blobd48bfccfd065da46b51c5cd82a1205b21999885d
1 #include "config.h"
2
3 #include <gnutls/gnutls.h>
4 #include <telepathy-glib/telepathy-glib.h>
5 #include <telepathy-glib/telepathy-glib-dbus.h>
6
7 #include "empathy-tls-verifier.h"
8 #include "mock-pkcs11.h"
9 #include "test-helper.h"
10
11 #define MOCK_TLS_CERTIFICATE_PATH "/mock/certificate"
12
13 /* Forward decl */
14 GType mock_tls_certificate_get_type (void);
15
16 #define MOCK_TLS_CERTIFICATE(obj) \
17 (G_TYPE_CHECK_INSTANCE_CAST((obj), mock_tls_certificate_get_type (), \
18 MockTLSCertificate))
19
20 typedef struct _MockTLSCertificate {
21 GObject parent;
22 guint state;
23 GPtrArray *rejections;
24 gchar *cert_type;
25 GPtrArray *cert_data;
26 } MockTLSCertificate;
27
28 typedef struct _MockTLSCertificateClass {
29 GObjectClass parent;
30 TpDBusPropertiesMixinClass dbus_props_class;
31 } MockTLSCertificateClass;
32
33 enum {
34 PROP_0,
35 PROP_STATE,
36 PROP_REJECTIONS,
37 PROP_CERTIFICATE_TYPE,
38 PROP_CERTIFICATE_CHAIN_DATA
39 };
40
41 static void mock_tls_certificate_iface_init (gpointer, gpointer);
42
43 G_DEFINE_TYPE_WITH_CODE(MockTLSCertificate, mock_tls_certificate, G_TYPE_OBJECT,
44 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_AUTHENTICATION_TLS_CERTIFICATE,
45 mock_tls_certificate_iface_init)
46 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_DBUS_PROPERTIES,
47 tp_dbus_properties_mixin_iface_init)
48 )
49
50 static void
51 mock_tls_certificate_init (MockTLSCertificate *self)
52 {
53 self->state = TP_TLS_CERTIFICATE_STATE_PENDING;
54 self->cert_type = g_strdup ("x509");
55 self->cert_data = g_ptr_array_new_with_free_func((GDestroyNotify) g_array_unref);
56 self->rejections = g_ptr_array_new ();
57 }
58
59 static void
60 mock_tls_certificate_get_property (GObject *object,
61 guint property_id,
62 GValue *value,
63 GParamSpec *pspec)
64 {
65 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (object);
66
67 switch (property_id)
68 {
69 case PROP_STATE:
70 g_value_set_uint (value, self->state);
71 break;
72 case PROP_REJECTIONS:
73 g_value_set_boxed (value, self->rejections);
74 break;
75 case PROP_CERTIFICATE_TYPE:
76 g_value_set_string (value, self->cert_type);
77 break;
78 case PROP_CERTIFICATE_CHAIN_DATA:
79 g_value_set_boxed (value, self->cert_data);
80 break;
81 default:
82 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
83 break;
84 }
85 }
86
87 static void
88 mock_tls_certificate_finalize (GObject *object)
89 {
90 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (object);
91
92 tp_clear_boxed (TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST,
93 &self->rejections);
94 g_free (self->cert_type);
95 self->cert_type = NULL;
96 g_ptr_array_unref (self->cert_data);
97 self->cert_data = NULL;
98
99 G_OBJECT_CLASS (mock_tls_certificate_parent_class)->finalize (object);
100 }
101
102 static void
103 mock_tls_certificate_class_init (MockTLSCertificateClass *klass)
104 {
105 GObjectClass *oclass = G_OBJECT_CLASS (klass);
106 GParamSpec *pspec;
107
108 static TpDBusPropertiesMixinPropImpl object_props[] = {
109 { "State", "state", NULL },
110 { "Rejections", "rejections", NULL },
111 { "CertificateType", "certificate-type", NULL },
112 { "CertificateChainData", "certificate-chain-data", NULL },
113 { NULL }
114 };
115
116 static TpDBusPropertiesMixinIfaceImpl prop_interfaces[] = {
117 { TP_IFACE_AUTHENTICATION_TLS_CERTIFICATE,
118 tp_dbus_properties_mixin_getter_gobject_properties,
119 NULL,
120 object_props,
121 },
122 { NULL }
123 };
124
125 oclass->get_property = mock_tls_certificate_get_property;
126 oclass->finalize = mock_tls_certificate_finalize;
127
128 pspec = g_param_spec_uint ("state",
129 "State of this certificate",
130 "The state of this TLS certificate.",
131 0, TP_NUM_TLS_CERTIFICATE_STATES - 1,
132 TP_TLS_CERTIFICATE_STATE_PENDING,
133 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
134 g_object_class_install_property (oclass, PROP_STATE, pspec);
135
136 pspec = g_param_spec_boxed ("rejections",
137 "The reject reasons",
138 "The reasons why this TLS certificate has been rejected",
139 TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST,
140 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
141 g_object_class_install_property (oclass, PROP_REJECTIONS, pspec);
142
143 pspec = g_param_spec_string ("certificate-type",
144 "The certificate type",
145 "The type of this certificate.",
146 NULL,
147 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
148 g_object_class_install_property (oclass, PROP_CERTIFICATE_TYPE, pspec);
149
150 pspec = g_param_spec_boxed ("certificate-chain-data",
151 "The certificate chain data",
152 "The raw PEM-encoded trust chain of this certificate.",
153 TP_ARRAY_TYPE_UCHAR_ARRAY_LIST,
154 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
155 g_object_class_install_property (oclass, PROP_CERTIFICATE_CHAIN_DATA, pspec);
156
157 klass->dbus_props_class.interfaces = prop_interfaces;
158 tp_dbus_properties_mixin_class_init (oclass,
159 G_STRUCT_OFFSET (MockTLSCertificateClass, dbus_props_class));
160 }
161
162 static void
163 mock_tls_certificate_accept (TpSvcAuthenticationTLSCertificate *base,
164 DBusGMethodInvocation *context)
165 {
166 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (base);
167 self->state = TP_TLS_CERTIFICATE_STATE_ACCEPTED;
168 tp_svc_authentication_tls_certificate_emit_accepted (self);
169 tp_svc_authentication_tls_certificate_return_from_accept (context);
170 }
171
172 static void
173 mock_tls_certificate_reject (TpSvcAuthenticationTLSCertificate *base,
174 const GPtrArray *in_Rejections,
175 DBusGMethodInvocation *context)
176 {
177 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (base);
178 self->state = TP_TLS_CERTIFICATE_STATE_REJECTED;
179 tp_svc_authentication_tls_certificate_emit_rejected (self, in_Rejections);
180 tp_svc_authentication_tls_certificate_return_from_reject (context);
181 }
182
183 static void
184 mock_tls_certificate_iface_init (gpointer g_iface,
185 gpointer iface_data)
186 {
187 TpSvcAuthenticationTLSCertificateClass *klass =
188 (TpSvcAuthenticationTLSCertificateClass*)g_iface;
189
190 tp_svc_authentication_tls_certificate_implement_accept (klass,
191 mock_tls_certificate_accept);
192 tp_svc_authentication_tls_certificate_implement_reject (klass,
193 mock_tls_certificate_reject);
194 }
195
196 #if 0
197 static void
198 mock_tls_certificate_assert_rejected (MockTLSCertificate *self,
199 TpTLSCertificateRejectReason reason)
200 {
201 GValueArray *rejection;
202 TpTLSCertificateRejectReason rejection_reason;
203 gchar *rejection_error;
204 GHashTable *rejection_details;
205 guint i;
206
207 g_assert (self->state == TP_TLS_CERTIFICATE_STATE_REJECTED);
208 g_assert (self->rejections);
209 g_assert (self->rejections->len > 0);
210
211 for (i = 0; i < self->rejections->len; ++i)
212 {
213 rejection = g_ptr_array_index (self->rejections, i);
214 tp_value_array_unpack (rejection, 3,
215 G_TYPE_UINT, &rejection_reason,
216 G_TYPE_STRING, &rejection_error,
217 TP_HASH_TYPE_STRING_VARIANT_MAP, &rejection_details,
218 NULL);
219 g_free (rejection_error);
220 g_hash_table_unref (rejection_details);
221
222 if (rejection_reason == reason)
223 return;
224 }
225
226 g_assert ("Certificate was not rejected for right reason" && 0);
227 }
228 #endif
229
230 static MockTLSCertificate*
231 mock_tls_certificate_new_and_register (TpDBusDaemon *dbus,
232 const gchar *path,
233 ...)
234 {
235 MockTLSCertificate *cert;
236 GError *error = NULL;
237 gchar *filename, *contents;
238 GArray *der;
239 gsize length;
240 va_list va;
241
242 cert = g_object_new (mock_tls_certificate_get_type (), NULL);
243
244 va_start (va, path);
245 while (path != NULL) {
246 filename = g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
247 "tests", "certificates", path, NULL);
248 g_file_get_contents (filename, &contents, &length, &error);
249 g_assert_no_error (error);
250
251 der = g_array_sized_new (TRUE, TRUE, sizeof (guchar), length);
252 g_array_append_vals (der, contents, length);
253 g_ptr_array_add (cert->cert_data, der);
254
255 g_free (contents);
256 g_free (filename);
257
258 path = va_arg (va, gchar*);
259 }
260 va_end (va);
261
262 tp_dbus_daemon_register_object (dbus, MOCK_TLS_CERTIFICATE_PATH, cert);
263 return cert;
264 }
265
266 /* ----------------------------------------------------------------------------
267 * TESTS
268 */
269
270 typedef struct {
271 GMainLoop *loop;
272 TpDBusDaemon *dbus;
273 const gchar *dbus_name;
274 MockTLSCertificate *mock;
275 TpTLSCertificate *cert;
276 GAsyncResult *result;
277 } Test;
278
279 static void
280 setup (Test *test, gconstpointer data)
281 {
282 GError *error = NULL;
283 GckModule *module;
284 const gchar *trust_uris[2] = { MOCK_SLOT_ONE_URI, NULL };
285
286 test->loop = g_main_loop_new (NULL, FALSE);
287
288 test->dbus = tp_dbus_daemon_dup (&error);
289 g_assert_no_error (error);
290
291 test->dbus_name = tp_dbus_daemon_get_unique_name (test->dbus);
292
293 test->result = NULL;
294 test->cert = NULL;
295
296 /* Add our mock module as the only PKCS#11 module */
297 module = gck_module_new (&mock_default_functions);
298 mock_C_Initialize (NULL);
299
300 gcr_pkcs11_set_modules (NULL);
301 gcr_pkcs11_add_module (module);
302 gcr_pkcs11_set_trust_lookup_uris (trust_uris);
303 }
304
305 static void
306 teardown (Test *test, gconstpointer data)
307 {
308 mock_C_Finalize (NULL);
309
310 test->dbus_name = NULL;
311
312 if (test->mock)
313 {
314 tp_dbus_daemon_unregister_object (test->dbus, test->mock);
315 g_object_unref (test->mock);
316 test->mock = NULL;
317 }
318
319 if (test->result)
320 g_object_unref (test->result);
321 test->result = NULL;
322
323 if (test->cert)
324 g_object_unref (test->cert);
325 test->cert = NULL;
326
327 g_main_loop_unref (test->loop);
328 test->loop = NULL;
329
330 g_object_unref (test->dbus);
331 test->dbus = NULL;
332 }
333
334 static void
335 add_certificate_to_mock (Test *test,
336 const gchar *certificate,
337 const gchar *peer)
338 {
339 GError *error = NULL;
340 GcrCertificate *cert;
341 gchar *contents;
342 gsize length;
343 gchar *path;
344
345 path = g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
346 "tests", "certificates", certificate, NULL);
347
348 g_file_get_contents (path, &contents, &length, &error);
349 g_assert_no_error (error);
350
351 cert = gcr_simple_certificate_new ((const guchar *)contents, length);
352 mock_module_add_certificate (cert);
353 mock_module_add_assertion (cert,
354 peer ? CKT_X_PINNED_CERTIFICATE : CKT_X_ANCHORED_CERTIFICATE,
355 GCR_PURPOSE_SERVER_AUTH, peer);
356 g_object_unref (cert);
357
358 g_free (contents);
359 g_free (path);
360 }
361
362 static void
363 fetch_callback_result (GObject *object,
364 GAsyncResult *res,
365 gpointer user_data)
366 {
367 Test *test = user_data;
368 g_assert (!test->result);
369 test->result = g_object_ref (res);
370 g_main_loop_quit (test->loop);
371 }
372
373 static void
374 ensure_certificate_proxy (Test *test)
375 {
376 GError *error = NULL;
377 GQuark features[] = { TP_TLS_CERTIFICATE_FEATURE_CORE, 0 };
378
379 if (test->cert)
380 return;
381
382 /* Create and prepare a certificate */
383 /* We don't use tp_tls_certificate_new() as we don't pass a parent */
384 test->cert = g_object_new (TP_TYPE_TLS_CERTIFICATE,
385 "dbus-daemon", test->dbus,
386 "bus-name", test->dbus_name,
387 "object-path", MOCK_TLS_CERTIFICATE_PATH,
388 NULL);
389
390 tp_proxy_prepare_async (test->cert, features, fetch_callback_result, test);
391 g_main_loop_run (test->loop);
392 tp_proxy_prepare_finish (test->cert, test->result, &error);
393 g_assert_no_error (error);
394
395 /* Clear for any future async stuff */
396 g_object_unref (test->result);
397 test->result = NULL;
398 }
399
400 /* A simple test to make sure the test infrastructure is working */
401 static void
402 test_certificate_mock_basics (Test *test,
403 gconstpointer data G_GNUC_UNUSED)
404 {
405 GError *error = NULL;
406
407 test->mock = mock_tls_certificate_new_and_register (test->dbus,
408 "server-cert.cer", NULL);
409
410 ensure_certificate_proxy (test);
411
412 tp_tls_certificate_accept_async (test->cert, fetch_callback_result, test);
413 g_main_loop_run (test->loop);
414 tp_tls_certificate_accept_finish (test->cert, test->result, &error);
415 g_assert_no_error (error);
416
417 g_assert (test->mock->state == TP_TLS_CERTIFICATE_STATE_ACCEPTED);
418 }
419
420 static void
421 test_certificate_verify_success_with_pkcs11_lookup (Test *test,
422 gconstpointer data G_GNUC_UNUSED)
423 {
424 TpTLSCertificateRejectReason reason = 0;
425 GError *error = NULL;
426 EmpathyTLSVerifier *verifier;
427 const gchar *reference_identities[] = {
428 "test-server.empathy.gnome.org",
429 NULL
430 };
431
432 /*
433 * In this test the mock TLS connection only has one certificate
434 * not a full certificat echain. The root anchor certificate is
435 * retrieved from PKCS#11 storage.
436 */
437
438 test->mock = mock_tls_certificate_new_and_register (test->dbus,
439 "server-cert.cer", NULL);
440
441 /* We add the collabora directory with the collabora root */
442 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
443
444 ensure_certificate_proxy (test);
445
446 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
447 reference_identities);
448 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
449 g_main_loop_run (test->loop);
450
451 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
452 NULL, &error);
453 g_assert_no_error (error);
454
455 /* Yay the verification was a success! */
456
457 g_clear_error (&error);
458 g_object_unref (verifier);
459 }
460
461 static void
462 test_certificate_verify_success_with_full_chain (Test *test,
463 gconstpointer data G_GNUC_UNUSED)
464 {
465 TpTLSCertificateRejectReason reason = 0;
466 GError *error = NULL;
467 EmpathyTLSVerifier *verifier;
468 const gchar *reference_identities[] = {
469 "test-server.empathy.gnome.org",
470 NULL
471 };
472
473 /*
474 * In this test the mock TLS connection has a full certificate
475 * chain. We look for an anchor certificate in the chain.
476 */
477
478 test->mock = mock_tls_certificate_new_and_register (test->dbus,
479 "server-cert.cer", "certificate-authority.cer", NULL);
480
481 /* We add the collabora directory with the collabora root */
482 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
483
484 ensure_certificate_proxy (test);
485
486 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
487 reference_identities);
488 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
489 g_main_loop_run (test->loop);
490 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
491 NULL, &error);
492 g_assert_no_error (error);
493
494 /* Yay the verification was a success! */
495
496 g_clear_error (&error);
497 g_object_unref (verifier);
498 }
499
500 static void
501 test_certificate_verify_root_not_found (Test *test,
502 gconstpointer data G_GNUC_UNUSED)
503 {
504 TpTLSCertificateRejectReason reason = 0;
505 GError *error = NULL;
506 EmpathyTLSVerifier *verifier;
507 const gchar *reference_identities[] = {
508 "test-server.empathy.gnome.org",
509 NULL
510 };
511
512 test->mock = mock_tls_certificate_new_and_register (test->dbus,
513 "server-cert.cer", NULL);
514
515 /* Note that we're not adding any place to find root certs */
516
517 ensure_certificate_proxy (test);
518
519 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
520 reference_identities);
521 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
522 g_main_loop_run (test->loop);
523
524 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
525 NULL, &error);
526
527 /* And it should say we're self-signed (oddly enough) */
528 g_assert_error (error, G_IO_ERROR,
529 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED);
530
531 g_clear_error (&error);
532 g_object_unref (verifier);
533 }
534
535 static void
536 test_certificate_verify_root_not_anchored (Test *test,
537 gconstpointer data G_GNUC_UNUSED)
538 {
539 TpTLSCertificateRejectReason reason = 0;
540 GError *error = NULL;
541 EmpathyTLSVerifier *verifier;
542 const gchar *reference_identities[] = {
543 "test-server.empathy.gnome.org",
544 NULL
545 };
546
547 test->mock = mock_tls_certificate_new_and_register (test->dbus,
548 "server-cert.cer", "certificate-authority.cer", NULL);
549
550 /* Note that we're not adding any place to find root certs */
551
552 ensure_certificate_proxy (test);
553
554 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
555 reference_identities);
556 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
557 g_main_loop_run (test->loop);
558
559 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
560 NULL, &error);
561
562 /* And it should say we're self-signed (oddly enough) */
563 g_assert_error (error, G_IO_ERROR,
564 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED);
565
566 g_clear_error (&error);
567 g_object_unref (verifier);
568 }
569
570 static void
571 test_certificate_verify_identities_invalid (Test *test,
572 gconstpointer data G_GNUC_UNUSED)
573 {
574 TpTLSCertificateRejectReason reason = 0;
575 GError *error = NULL;
576 EmpathyTLSVerifier *verifier;
577 const gchar *reference_identities[] = {
578 "invalid.host.name",
579 NULL
580 };
581
582 test->mock = mock_tls_certificate_new_and_register (test->dbus,
583 "server-cert.cer", "certificate-authority.cer", NULL);
584
585 /* We add the collabora directory with the collabora root */
586 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
587
588 ensure_certificate_proxy (test);
589
590 verifier = empathy_tls_verifier_new (test->cert, "invalid.host.name",
591 reference_identities);
592 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
593 g_main_loop_run (test->loop);
594
595 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
596 NULL, &error);
597
598 /* And it should say we're self-signed (oddly enough) */
599 g_assert_error (error, G_IO_ERROR,
600 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
601
602 g_clear_error (&error);
603 g_object_unref (verifier);
604 }
605
606 static void
607 test_certificate_verify_uses_reference_identities (Test *test,
608 gconstpointer data G_GNUC_UNUSED)
609 {
610 TpTLSCertificateRejectReason reason = 0;
611 GError *error = NULL;
612 EmpathyTLSVerifier *verifier;
613 const gchar *reference_identities[] = {
614 "invalid.host.name",
615 NULL
616 };
617
618 test->mock = mock_tls_certificate_new_and_register (test->dbus,
619 "server-cert.cer", "certificate-authority.cer", NULL);
620
621 /* We add the collabora directory with the collabora root */
622 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
623
624 ensure_certificate_proxy (test);
625
626 /* Should be using the reference_identities and not host name for checks */
627 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
628 reference_identities);
629 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
630 g_main_loop_run (test->loop);
631
632 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
633 NULL, &error);
634
635 /* And it should say we're self-signed (oddly enough) */
636 g_assert_error (error, G_IO_ERROR,
637 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
638
639 g_clear_error (&error);
640 g_object_unref (verifier);
641 }
642
643 static void
644 test_certificate_verify_success_with_pinned (Test *test,
645 gconstpointer data G_GNUC_UNUSED)
646 {
647 TpTLSCertificateRejectReason reason = 0;
648 GError *error = NULL;
649 EmpathyTLSVerifier *verifier;
650 const gchar *reference_identities[] = {
651 "test-server.empathy.gnome.org",
652 NULL
653 };
654
655 /*
656 * In this test the mock TLS connection has a full certificate
657 * chain. We look for an anchor certificate in the chain.
658 */
659
660 test->mock = mock_tls_certificate_new_and_register (test->dbus,
661 "server-cert.cer", NULL);
662
663 /* We add the collabora directory with the collabora root */
664 add_certificate_to_mock (test, "server-cert.cer", "test-server.empathy.gnome.org");
665
666 ensure_certificate_proxy (test);
667
668 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
669 reference_identities);
670 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
671 g_main_loop_run (test->loop);
672 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
673 NULL, &error);
674 g_assert_no_error (error);
675
676 /* Yay the verification was a success! */
677
678 g_clear_error (&error);
679 g_object_unref (verifier);
680 }
681
682 static void
683 test_certificate_verify_pinned_wrong_host (Test *test,
684 gconstpointer data G_GNUC_UNUSED)
685 {
686 TpTLSCertificateRejectReason reason = 0;
687 GError *error = NULL;
688 EmpathyTLSVerifier *verifier;
689 const gchar *reference_identities[] = {
690 "test-server.empathy.gnome.org",
691 NULL
692 };
693
694 test->mock = mock_tls_certificate_new_and_register (test->dbus,
695 "server-cert.cer", NULL);
696
697 /* Note that we're not adding any place to find root certs */
698
699 ensure_certificate_proxy (test);
700
701 verifier = empathy_tls_verifier_new (test->cert, "another.gnome.org",
702 reference_identities);
703 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
704 g_main_loop_run (test->loop);
705
706 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
707 NULL, &error);
708
709 /* And it should say we're self-signed */
710 g_assert_error (error, G_IO_ERROR,
711 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED);
712
713 g_clear_error (&error);
714 g_object_unref (verifier);
715 }
716
717 int
718 main (int argc,
719 char **argv)
720 {
721 int result;
722
723 test_init (argc, argv);
724 gnutls_global_init ();
725
726 g_test_add ("/tls/certificate_basics", Test, NULL,
727 setup, test_certificate_mock_basics, teardown);
728 g_test_add ("/tls/certificate_verify_success_with_pkcs11_lookup", Test, NULL,
729 setup, test_certificate_verify_success_with_pkcs11_lookup, teardown);
730 g_test_add ("/tls/certificate_verify_success_with_full_chain", Test, NULL,
731 setup, test_certificate_verify_success_with_full_chain, teardown);
732 g_test_add ("/tls/certificate_verify_root_not_found", Test, NULL,
733 setup, test_certificate_verify_root_not_found, teardown);
734 g_test_add ("/tls/certificate_verify_root_not_anchored", Test, NULL,
735 setup, test_certificate_verify_root_not_anchored, teardown);
736 g_test_add ("/tls/certificate_verify_identities_invalid", Test, NULL,
737 setup, test_certificate_verify_identities_invalid, teardown);
738 g_test_add ("/tls/certificate_verify_uses_reference_identities", Test, NULL,
739 setup, test_certificate_verify_uses_reference_identities, teardown);
740 g_test_add ("/tls/certificate_verify_success_with_pinned", Test, NULL,
741 setup, test_certificate_verify_success_with_pinned, teardown);
742 g_test_add ("/tls/certificate_verify_pinned_wrong_host", Test, NULL,
743 setup, test_certificate_verify_pinned_wrong_host, teardown);
744
745 result = g_test_run ();
746 test_deinit ();
747 return result;
748 }
empathy mirror