search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
help: caution users about using Ignore SSL Errors
[empathy-mirror.git] / tests / empathy-tls-test.c
blob91b05761f9b9ebb44157bc40ffb4606c4f3650e7
1 #include "config.h"
2
3 #include <gnutls/gnutls.h>
4 #include <telepathy-glib/telepathy-glib.h>
5 #include <telepathy-glib/telepathy-glib-dbus.h>
6
7 #include "empathy-tls-verifier.h"
8 #include "mock-pkcs11.h"
9 #include "test-helper.h"
10
11 #define MOCK_TLS_CERTIFICATE_PATH "/mock/certificate"
12
13 /* Forward decl */
14 GType mock_tls_certificate_get_type (void);
15
16 #define MOCK_TLS_CERTIFICATE(obj) \
17 (G_TYPE_CHECK_INSTANCE_CAST((obj), mock_tls_certificate_get_type (), \
18 MockTLSCertificate))
19
20 typedef struct _MockTLSCertificate {
21 GObject parent;
22 guint state;
23 GPtrArray *rejections;
24 gchar *cert_type;
25 GPtrArray *cert_data;
26 } MockTLSCertificate;
27
28 typedef struct _MockTLSCertificateClass {
29 GObjectClass parent;
30 TpDBusPropertiesMixinClass dbus_props_class;
31 } MockTLSCertificateClass;
32
33 enum {
34 PROP_0,
35 PROP_STATE,
36 PROP_REJECTIONS,
37 PROP_CERTIFICATE_TYPE,
38 PROP_CERTIFICATE_CHAIN_DATA
39 };
40
41 static void mock_tls_certificate_iface_init (gpointer, gpointer);
42
43 G_DEFINE_TYPE_WITH_CODE(MockTLSCertificate, mock_tls_certificate, G_TYPE_OBJECT,
44 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_AUTHENTICATION_TLS_CERTIFICATE,
45 mock_tls_certificate_iface_init)
46 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_DBUS_PROPERTIES,
47 tp_dbus_properties_mixin_iface_init)
48 )
49
50 static void
51 mock_tls_certificate_init (MockTLSCertificate *self)
52 {
53 self->state = TP_TLS_CERTIFICATE_STATE_PENDING;
54 self->cert_type = g_strdup ("x509");
55 self->cert_data = g_ptr_array_new_with_free_func ((GDestroyNotify)
56 g_array_unref);
57 self->rejections = g_ptr_array_new ();
58 }
59
60 static void
61 mock_tls_certificate_get_property (GObject *object,
62 guint property_id,
63 GValue *value,
64 GParamSpec *pspec)
65 {
66 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (object);
67
68 switch (property_id)
69 {
70 case PROP_STATE:
71 g_value_set_uint (value, self->state);
72 break;
73 case PROP_REJECTIONS:
74 g_value_set_boxed (value, self->rejections);
75 break;
76 case PROP_CERTIFICATE_TYPE:
77 g_value_set_string (value, self->cert_type);
78 break;
79 case PROP_CERTIFICATE_CHAIN_DATA:
80 g_value_set_boxed (value, self->cert_data);
81 break;
82 default:
83 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
84 break;
85 }
86 }
87
88 static void
89 mock_tls_certificate_finalize (GObject *object)
90 {
91 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (object);
92
93 tp_clear_boxed (TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST,
94 &self->rejections);
95 g_free (self->cert_type);
96 self->cert_type = NULL;
97 g_ptr_array_unref (self->cert_data);
98 self->cert_data = NULL;
99
100 G_OBJECT_CLASS (mock_tls_certificate_parent_class)->finalize (object);
101 }
102
103 static void
104 mock_tls_certificate_class_init (MockTLSCertificateClass *klass)
105 {
106 GObjectClass *oclass = G_OBJECT_CLASS (klass);
107 GParamSpec *pspec;
108
109 static TpDBusPropertiesMixinPropImpl object_props[] = {
110 { "State", "state", NULL },
111 { "Rejections", "rejections", NULL },
112 { "CertificateType", "certificate-type", NULL },
113 { "CertificateChainData", "certificate-chain-data", NULL },
114 { NULL }
115 };
116
117 static TpDBusPropertiesMixinIfaceImpl prop_interfaces[] = {
118 { TP_IFACE_AUTHENTICATION_TLS_CERTIFICATE,
119 tp_dbus_properties_mixin_getter_gobject_properties,
120 NULL,
121 object_props,
122 },
123 { NULL }
124 };
125
126 oclass->get_property = mock_tls_certificate_get_property;
127 oclass->finalize = mock_tls_certificate_finalize;
128
129 pspec = g_param_spec_uint ("state",
130 "State of this certificate",
131 "The state of this TLS certificate.",
132 0, TP_NUM_TLS_CERTIFICATE_STATES - 1,
133 TP_TLS_CERTIFICATE_STATE_PENDING,
134 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
135 g_object_class_install_property (oclass, PROP_STATE, pspec);
136
137 pspec = g_param_spec_boxed ("rejections",
138 "The reject reasons",
139 "The reasons why this TLS certificate has been rejected",
140 TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST,
141 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
142 g_object_class_install_property (oclass, PROP_REJECTIONS, pspec);
143
144 pspec = g_param_spec_string ("certificate-type",
145 "The certificate type",
146 "The type of this certificate.",
147 NULL,
148 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
149 g_object_class_install_property (oclass, PROP_CERTIFICATE_TYPE, pspec);
150
151 pspec = g_param_spec_boxed ("certificate-chain-data",
152 "The certificate chain data",
153 "The raw PEM-encoded trust chain of this certificate.",
154 TP_ARRAY_TYPE_UCHAR_ARRAY_LIST,
155 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
156 g_object_class_install_property (oclass, PROP_CERTIFICATE_CHAIN_DATA, pspec);
157
158 klass->dbus_props_class.interfaces = prop_interfaces;
159 tp_dbus_properties_mixin_class_init (oclass,
160 G_STRUCT_OFFSET (MockTLSCertificateClass, dbus_props_class));
161 }
162
163 static void
164 mock_tls_certificate_accept (TpSvcAuthenticationTLSCertificate *base,
165 DBusGMethodInvocation *context)
166 {
167 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (base);
168 self->state = TP_TLS_CERTIFICATE_STATE_ACCEPTED;
169 tp_svc_authentication_tls_certificate_emit_accepted (self);
170 tp_svc_authentication_tls_certificate_return_from_accept (context);
171 }
172
173 static void
174 mock_tls_certificate_reject (TpSvcAuthenticationTLSCertificate *base,
175 const GPtrArray *in_Rejections,
176 DBusGMethodInvocation *context)
177 {
178 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (base);
179 self->state = TP_TLS_CERTIFICATE_STATE_REJECTED;
180 tp_svc_authentication_tls_certificate_emit_rejected (self, in_Rejections);
181 tp_svc_authentication_tls_certificate_return_from_reject (context);
182 }
183
184 static void
185 mock_tls_certificate_iface_init (gpointer g_iface,
186 gpointer iface_data)
187 {
188 TpSvcAuthenticationTLSCertificateClass *klass =
189 (TpSvcAuthenticationTLSCertificateClass *) g_iface;
190
191 tp_svc_authentication_tls_certificate_implement_accept (klass,
192 mock_tls_certificate_accept);
193 tp_svc_authentication_tls_certificate_implement_reject (klass,
194 mock_tls_certificate_reject);
195 }
196
197 #if 0
198 static void
199 mock_tls_certificate_assert_rejected (MockTLSCertificate *self,
200 TpTLSCertificateRejectReason reason)
201 {
202 GValueArray *rejection;
203 TpTLSCertificateRejectReason rejection_reason;
204 gchar *rejection_error;
205 GHashTable *rejection_details;
206 guint i;
207
208 g_assert (self->state == TP_TLS_CERTIFICATE_STATE_REJECTED);
209 g_assert (self->rejections);
210 g_assert (self->rejections->len > 0);
211
212 for (i = 0; i < self->rejections->len; ++i)
213 {
214 rejection = g_ptr_array_index (self->rejections, i);
215 tp_value_array_unpack (rejection, 3,
216 G_TYPE_UINT, &rejection_reason,
217 G_TYPE_STRING, &rejection_error,
218 TP_HASH_TYPE_STRING_VARIANT_MAP, &rejection_details,
219 NULL);
220 g_free (rejection_error);
221 g_hash_table_unref (rejection_details);
222
223 if (rejection_reason == reason)
224 return;
225 }
226
227 g_assert ("Certificate was not rejected for right reason" && 0);
228 }
229 #endif
230
231 static MockTLSCertificate *
232 mock_tls_certificate_new_and_register (TpDBusDaemon *dbus,
233 const gchar *path,
234 ...)
235 {
236 MockTLSCertificate *cert;
237 GError *error = NULL;
238 gchar *filename, *contents;
239 GArray *der;
240 gsize length;
241 va_list va;
242
243 cert = g_object_new (mock_tls_certificate_get_type (), NULL);
244
245 va_start (va, path);
246 while (path != NULL) {
247 filename = g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
248 "tests", "certificates", path, NULL);
249 g_file_get_contents (filename, &contents, &length, &error);
250 g_assert_no_error (error);
251
252 der = g_array_sized_new (TRUE, TRUE, sizeof (guchar), length);
253 g_array_append_vals (der, contents, length);
254 g_ptr_array_add (cert->cert_data, der);
255
256 g_free (contents);
257 g_free (filename);
258
259 path = va_arg (va, gchar*);
260 }
261 va_end (va);
262
263 tp_dbus_daemon_register_object (dbus, MOCK_TLS_CERTIFICATE_PATH, cert);
264 return cert;
265 }
266
267 /* ----------------------------------------------------------------------------
268 * TESTS
269 */
270
271 typedef struct {
272 GMainLoop *loop;
273 TpDBusDaemon *dbus;
274 const gchar *dbus_name;
275 MockTLSCertificate *mock;
276 TpTLSCertificate *cert;
277 GAsyncResult *result;
278 } Test;
279
280 static void
281 setup (Test *test, gconstpointer data)
282 {
283 GError *error = NULL;
284 GckModule *module;
285 const gchar *trust_uris[2] = { MOCK_SLOT_ONE_URI, NULL };
286
287 test->loop = g_main_loop_new (NULL, FALSE);
288
289 test->dbus = tp_dbus_daemon_dup (&error);
290 g_assert_no_error (error);
291
292 test->dbus_name = tp_dbus_daemon_get_unique_name (test->dbus);
293
294 test->result = NULL;
295 test->cert = NULL;
296
297 /* Add our mock module as the only PKCS#11 module */
298 module = gck_module_new (&mock_default_functions);
299 mock_C_Initialize (NULL);
300
301 gcr_pkcs11_set_modules (NULL);
302 gcr_pkcs11_add_module (module);
303 gcr_pkcs11_set_trust_lookup_uris (trust_uris);
304 }
305
306 static void
307 teardown (Test *test, gconstpointer data)
308 {
309 mock_C_Finalize (NULL);
310
311 test->dbus_name = NULL;
312
313 if (test->mock)
314 {
315 tp_dbus_daemon_unregister_object (test->dbus, test->mock);
316 g_object_unref (test->mock);
317 test->mock = NULL;
318 }
319
320 if (test->result)
321 g_object_unref (test->result);
322 test->result = NULL;
323
324 if (test->cert)
325 g_object_unref (test->cert);
326 test->cert = NULL;
327
328 g_main_loop_unref (test->loop);
329 test->loop = NULL;
330
331 g_object_unref (test->dbus);
332 test->dbus = NULL;
333 }
334
335 static void
336 add_certificate_to_mock (Test *test,
337 const gchar *certificate,
338 const gchar *peer)
339 {
340 GError *error = NULL;
341 GcrCertificate *cert;
342 gchar *contents;
343 gsize length;
344 gchar *path;
345
346 path = g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
347 "tests", "certificates", certificate, NULL);
348
349 g_file_get_contents (path, &contents, &length, &error);
350 g_assert_no_error (error);
351
352 cert = gcr_simple_certificate_new ((const guchar *)contents, length);
353 mock_module_add_certificate (cert);
354 mock_module_add_assertion (cert,
355 peer ? CKT_X_PINNED_CERTIFICATE : CKT_X_ANCHORED_CERTIFICATE,
356 GCR_PURPOSE_SERVER_AUTH, peer);
357 g_object_unref (cert);
358
359 g_free (contents);
360 g_free (path);
361 }
362
363 static void
364 fetch_callback_result (GObject *object,
365 GAsyncResult *res,
366 gpointer user_data)
367 {
368 Test *test = user_data;
369 g_assert (!test->result);
370 test->result = g_object_ref (res);
371 g_main_loop_quit (test->loop);
372 }
373
374 static void
375 ensure_certificate_proxy (Test *test)
376 {
377 GError *error = NULL;
378 GQuark features[] = { TP_TLS_CERTIFICATE_FEATURE_CORE, 0 };
379
380 if (test->cert)
381 return;
382
383 /* Create and prepare a certificate */
384 /* We don't use tp_tls_certificate_new() as we don't pass a parent */
385 test->cert = g_object_new (TP_TYPE_TLS_CERTIFICATE,
386 "dbus-daemon", test->dbus,
387 "bus-name", test->dbus_name,
388 "object-path", MOCK_TLS_CERTIFICATE_PATH,
389 NULL);
390
391 tp_proxy_prepare_async (test->cert, features, fetch_callback_result, test);
392 g_main_loop_run (test->loop);
393 tp_proxy_prepare_finish (test->cert, test->result, &error);
394 g_assert_no_error (error);
395
396 /* Clear for any future async stuff */
397 g_object_unref (test->result);
398 test->result = NULL;
399 }
400
401 /* A simple test to make sure the test infrastructure is working */
402 static void
403 test_certificate_mock_basics (Test *test,
404 gconstpointer data G_GNUC_UNUSED)
405 {
406 GError *error = NULL;
407
408 test->mock = mock_tls_certificate_new_and_register (test->dbus,
409 "server-cert.cer", NULL);
410
411 ensure_certificate_proxy (test);
412
413 tp_tls_certificate_accept_async (test->cert, fetch_callback_result, test);
414 g_main_loop_run (test->loop);
415 tp_tls_certificate_accept_finish (test->cert, test->result, &error);
416 g_assert_no_error (error);
417
418 g_assert (test->mock->state == TP_TLS_CERTIFICATE_STATE_ACCEPTED);
419 }
420
421 static void
422 test_certificate_verify_success_with_pkcs11_lookup (Test *test,
423 gconstpointer data G_GNUC_UNUSED)
424 {
425 TpTLSCertificateRejectReason reason = 0;
426 GError *error = NULL;
427 EmpathyTLSVerifier *verifier;
428 const gchar *reference_identities[] = {
429 "test-server.empathy.gnome.org",
430 NULL
431 };
432
433 /*
434 * In this test the mock TLS connection only has one certificate
435 * not a full certificat echain. The root anchor certificate is
436 * retrieved from PKCS#11 storage.
437 */
438
439 test->mock = mock_tls_certificate_new_and_register (test->dbus,
440 "server-cert.cer", NULL);
441
442 /* We add the collabora directory with the collabora root */
443 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
444
445 ensure_certificate_proxy (test);
446
447 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
448 reference_identities);
449 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
450 g_main_loop_run (test->loop);
451
452 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
453 NULL, &error);
454 g_assert_no_error (error);
455
456 /* Yay the verification was a success! */
457
458 g_clear_error (&error);
459 g_object_unref (verifier);
460 }
461
462 static void
463 test_certificate_verify_success_with_full_chain (Test *test,
464 gconstpointer data G_GNUC_UNUSED)
465 {
466 TpTLSCertificateRejectReason reason = 0;
467 GError *error = NULL;
468 EmpathyTLSVerifier *verifier;
469 const gchar *reference_identities[] = {
470 "test-server.empathy.gnome.org",
471 NULL
472 };
473
474 /*
475 * In this test the mock TLS connection has a full certificate
476 * chain. We look for an anchor certificate in the chain.
477 */
478
479 test->mock = mock_tls_certificate_new_and_register (test->dbus,
480 "server-cert.cer", "certificate-authority.cer", NULL);
481
482 /* We add the collabora directory with the collabora root */
483 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
484
485 ensure_certificate_proxy (test);
486
487 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
488 reference_identities);
489 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
490 g_main_loop_run (test->loop);
491 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
492 NULL, &error);
493 g_assert_no_error (error);
494
495 /* Yay the verification was a success! */
496
497 g_clear_error (&error);
498 g_object_unref (verifier);
499 }
500
501 static void
502 test_certificate_verify_root_not_found (Test *test,
503 gconstpointer data G_GNUC_UNUSED)
504 {
505 TpTLSCertificateRejectReason reason = 0;
506 GError *error = NULL;
507 EmpathyTLSVerifier *verifier;
508 const gchar *reference_identities[] = {
509 "test-server.empathy.gnome.org",
510 NULL
511 };
512
513 test->mock = mock_tls_certificate_new_and_register (test->dbus,
514 "server-cert.cer", NULL);
515
516 /* Note that we're not adding any place to find root certs */
517
518 ensure_certificate_proxy (test);
519
520 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
521 reference_identities);
522 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
523 g_main_loop_run (test->loop);
524
525 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
526 NULL, &error);
527
528 /* And it should say we're self-signed (oddly enough) */
529 g_assert_error (error, G_IO_ERROR,
530 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED);
531
532 g_clear_error (&error);
533 g_object_unref (verifier);
534 }
535
536 static void
537 test_certificate_verify_root_not_anchored (Test *test,
538 gconstpointer data G_GNUC_UNUSED)
539 {
540 TpTLSCertificateRejectReason reason = 0;
541 GError *error = NULL;
542 EmpathyTLSVerifier *verifier;
543 const gchar *reference_identities[] = {
544 "test-server.empathy.gnome.org",
545 NULL
546 };
547
548 test->mock = mock_tls_certificate_new_and_register (test->dbus,
549 "server-cert.cer", "certificate-authority.cer", NULL);
550
551 /* Note that we're not adding any place to find root certs */
552
553 ensure_certificate_proxy (test);
554
555 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
556 reference_identities);
557 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
558 g_main_loop_run (test->loop);
559
560 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
561 NULL, &error);
562
563 /* And it should say we're self-signed (oddly enough) */
564 g_assert_error (error, G_IO_ERROR,
565 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED);
566
567 g_clear_error (&error);
568 g_object_unref (verifier);
569 }
570
571 static void
572 test_certificate_verify_identities_invalid (Test *test,
573 gconstpointer data G_GNUC_UNUSED)
574 {
575 TpTLSCertificateRejectReason reason = 0;
576 GError *error = NULL;
577 EmpathyTLSVerifier *verifier;
578 const gchar *reference_identities[] = {
579 "invalid.host.name",
580 NULL
581 };
582
583 test->mock = mock_tls_certificate_new_and_register (test->dbus,
584 "server-cert.cer", "certificate-authority.cer", NULL);
585
586 /* We add the collabora directory with the collabora root */
587 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
588
589 ensure_certificate_proxy (test);
590
591 verifier = empathy_tls_verifier_new (test->cert, "invalid.host.name",
592 reference_identities);
593 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
594 g_main_loop_run (test->loop);
595
596 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
597 NULL, &error);
598
599 /* And it should say we're self-signed (oddly enough) */
600 g_assert_error (error, G_IO_ERROR,
601 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
602
603 g_clear_error (&error);
604 g_object_unref (verifier);
605 }
606
607 static void
608 test_certificate_verify_uses_reference_identities (Test *test,
609 gconstpointer data G_GNUC_UNUSED)
610 {
611 TpTLSCertificateRejectReason reason = 0;
612 GError *error = NULL;
613 EmpathyTLSVerifier *verifier;
614 const gchar *reference_identities[] = {
615 "invalid.host.name",
616 NULL
617 };
618
619 test->mock = mock_tls_certificate_new_and_register (test->dbus,
620 "server-cert.cer", "certificate-authority.cer", NULL);
621
622 /* We add the collabora directory with the collabora root */
623 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
624
625 ensure_certificate_proxy (test);
626
627 /* Should be using the reference_identities and not host name for checks */
628 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
629 reference_identities);
630 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
631 g_main_loop_run (test->loop);
632
633 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
634 NULL, &error);
635
636 /* And it should say we're self-signed (oddly enough) */
637 g_assert_error (error, G_IO_ERROR,
638 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
639
640 g_clear_error (&error);
641 g_object_unref (verifier);
642 }
643
644 static void
645 test_certificate_verify_success_with_pinned (Test *test,
646 gconstpointer data G_GNUC_UNUSED)
647 {
648 TpTLSCertificateRejectReason reason = 0;
649 GError *error = NULL;
650 EmpathyTLSVerifier *verifier;
651 const gchar *reference_identities[] = {
652 "test-server.empathy.gnome.org",
653 NULL
654 };
655
656 /*
657 * In this test the mock TLS connection has a full certificate
658 * chain. We look for an anchor certificate in the chain.
659 */
660
661 test->mock = mock_tls_certificate_new_and_register (test->dbus,
662 "server-cert.cer", NULL);
663
664 /* We add the collabora directory with the collabora root */
665 add_certificate_to_mock (test, "server-cert.cer", "test-server.empathy.gnome.org");
666
667 ensure_certificate_proxy (test);
668
669 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
670 reference_identities);
671 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
672 g_main_loop_run (test->loop);
673 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
674 NULL, &error);
675 g_assert_no_error (error);
676
677 /* Yay the verification was a success! */
678
679 g_clear_error (&error);
680 g_object_unref (verifier);
681 }
682
683 static void
684 test_certificate_verify_pinned_wrong_host (Test *test,
685 gconstpointer data G_GNUC_UNUSED)
686 {
687 TpTLSCertificateRejectReason reason = 0;
688 GError *error = NULL;
689 EmpathyTLSVerifier *verifier;
690 const gchar *reference_identities[] = {
691 "test-server.empathy.gnome.org",
692 NULL
693 };
694
695 test->mock = mock_tls_certificate_new_and_register (test->dbus,
696 "server-cert.cer", NULL);
697
698 /* Note that we're not adding any place to find root certs */
699
700 ensure_certificate_proxy (test);
701
702 verifier = empathy_tls_verifier_new (test->cert, "another.gnome.org",
703 reference_identities);
704 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
705 g_main_loop_run (test->loop);
706
707 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
708 NULL, &error);
709
710 /* And it should say we're self-signed */
711 g_assert_error (error, G_IO_ERROR,
712 TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED);
713
714 g_clear_error (&error);
715 g_object_unref (verifier);
716 }
717
718 int
719 main (int argc,
720 char **argv)
721 {
722 int result;
723
724 test_init (argc, argv);
725 gnutls_global_init ();
726
727 g_test_add ("/tls/certificate_basics", Test, NULL,
728 setup, test_certificate_mock_basics, teardown);
729 g_test_add ("/tls/certificate_verify_success_with_pkcs11_lookup", Test, NULL,
730 setup, test_certificate_verify_success_with_pkcs11_lookup, teardown);
731 g_test_add ("/tls/certificate_verify_success_with_full_chain", Test, NULL,
732 setup, test_certificate_verify_success_with_full_chain, teardown);
733 g_test_add ("/tls/certificate_verify_root_not_found", Test, NULL,
734 setup, test_certificate_verify_root_not_found, teardown);
735 g_test_add ("/tls/certificate_verify_root_not_anchored", Test, NULL,
736 setup, test_certificate_verify_root_not_anchored, teardown);
737 g_test_add ("/tls/certificate_verify_identities_invalid", Test, NULL,
738 setup, test_certificate_verify_identities_invalid, teardown);
739 g_test_add ("/tls/certificate_verify_uses_reference_identities", Test, NULL,
740 setup, test_certificate_verify_uses_reference_identities, teardown);
741 g_test_add ("/tls/certificate_verify_success_with_pinned", Test, NULL,
742 setup, test_certificate_verify_success_with_pinned, teardown);
743 g_test_add ("/tls/certificate_verify_pinned_wrong_host", Test, NULL,
744 setup, test_certificate_verify_pinned_wrong_host, teardown);
745
746 result = g_test_run ();
747 test_deinit ();
748 return result;
749 }
empathy mirror