search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add some more cases to the app-id unit tests
[glib.git] / gio / tests / tls-certificate.c
blob9770272629fa275995649b7fa477321031ad80e9
1 /* GLib testing framework examples and tests
2 *
3 * Copyright (C) 2011 Collabora Ltd.
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
17 *
18 * Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
19 */
20
21 #include "config.h"
22
23 #include <gio/gio.h>
24
25 #include "gtesttlsbackend.h"
26
27 typedef struct
28 {
29 gchar *cert_pems[3];
30 gchar *key_pem;
31 gchar *key8_pem;
32 } Reference;
33
34 static void
35 pem_parser (const Reference *ref)
36 {
37 GTlsCertificate *cert;
38 gchar *pem;
39 gchar *parsed_cert_pem = NULL;
40 const gchar *parsed_key_pem = NULL;
41 GError *error = NULL;
42
43 /* Check PEM parsing in certificate, private key order. */
44 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, NULL, &error);
45 g_assert_no_error (error);
46 g_assert (pem);
47
48 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
49 g_assert_no_error (error);
50 g_assert (cert);
51
52 g_object_get (cert,
53 "certificate-pem", &parsed_cert_pem,
54 NULL);
55 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
56 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
57 g_free (parsed_cert_pem);
58 parsed_cert_pem = NULL;
59 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
60 parsed_key_pem = NULL;
61
62 g_object_unref (cert);
63
64 /* Make sure length is respected and parser detect invalid (truncated) PEM. */
65 cert = g_tls_certificate_new_from_pem (pem, 10, &error);
66 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
67 g_clear_error (&error);
68 g_free (pem);
69
70 /* Check PEM parsing in private key, certificate order */
71 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), &pem, NULL, &error);
72 g_assert_no_error (error);
73 g_assert (pem);
74
75 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
76 g_assert_no_error (error);
77 g_assert (cert);
78
79 g_object_get (cert,
80 "certificate-pem", &parsed_cert_pem,
81 NULL);
82 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
83 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
84 g_free (parsed_cert_pem);
85 parsed_cert_pem = NULL;
86 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
87 parsed_key_pem = NULL;
88
89 g_free (pem);
90 g_object_unref (cert);
91
92 /* Check certificate only PEM */
93 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), &pem, NULL, &error);
94 g_assert_no_error (error);
95 g_assert (pem);
96
97 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
98 g_assert_no_error (error);
99 g_assert (cert);
100
101 g_object_get (cert,
102 "certificate-pem", &parsed_cert_pem,
103 NULL);
104 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
105 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
106 g_free (parsed_cert_pem);
107 parsed_cert_pem = NULL;
108 g_assert (parsed_key_pem == NULL);
109
110 g_free (pem);
111 g_object_unref (cert);
112
113 /* Check error with private key only PEM */
114 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), &pem, NULL, &error);
115 g_assert_no_error (error);
116 g_assert (pem);
117
118 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
119 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
120 g_clear_error (&error);
121 g_assert (cert == NULL);
122 g_free (pem);
123 }
124
125 static void
126 pem_parser_handles_chain (const Reference *ref)
127 {
128 GTlsCertificate *cert;
129 GTlsCertificate *issuer;
130 GTlsCertificate *original_cert;
131 gchar *pem;
132 gchar *parsed_cert_pem = NULL;
133 const gchar *parsed_key_pem = NULL;
134 GError *error = NULL;
135
136 /* Check that a chain with exactly three certificates is returned */
137 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL, &error);
138 g_assert_no_error (error);
139 g_assert (pem);
140
141 cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error);
142 g_free (pem);
143 g_assert_no_error (error);
144 g_assert (cert);
145
146 g_object_get (cert,
147 "certificate-pem", &parsed_cert_pem,
148 NULL);
149 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
150 g_clear_pointer (&parsed_cert_pem, g_free);
151
152 /* Make sure the private key was parsed */
153 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
154 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
155 parsed_key_pem = NULL;
156
157 /* Now test the second cert */
158 issuer = g_tls_certificate_get_issuer (cert);
159 g_assert (issuer);
160
161 cert = issuer;
162 issuer = g_tls_certificate_get_issuer (cert);
163 g_assert (issuer);
164
165 g_object_get (cert,
166 "certificate-pem", &parsed_cert_pem,
167 NULL);
168 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[1]);
169 g_clear_pointer (&parsed_cert_pem, g_free);
170
171 /* Only the first cert should have a private key */
172 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
173 g_assert (!parsed_key_pem);
174
175 /* Now test the final cert */
176 cert = issuer;
177 issuer = g_tls_certificate_get_issuer (cert);
178 g_assert (!issuer);
179
180 g_object_get (cert,
181 "certificate-pem", &parsed_cert_pem,
182 NULL);
183 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[2]);
184 g_clear_pointer (&parsed_cert_pem, g_free);
185
186 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
187 g_assert (!parsed_key_pem);
188
189 g_object_unref (original_cert);
190 }
191
192 static void
193 from_file (const Reference *ref)
194 {
195 GTlsCertificate *cert;
196 gchar *parsed_cert_pem = NULL;
197 const gchar *parsed_key_pem = NULL;
198 GError *error = NULL;
199
200 cert = g_tls_certificate_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
201 &error);
202 g_assert_no_error (error);
203 g_assert (cert);
204
205 g_object_get (cert,
206 "certificate-pem", &parsed_cert_pem,
207 NULL);
208 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
209 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
210 g_free (parsed_cert_pem);
211 parsed_cert_pem = NULL;
212 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
213 parsed_key_pem = NULL;
214
215 g_object_unref (cert);
216 }
217
218 static void
219 from_files (const Reference *ref)
220 {
221 GTlsCertificate *cert;
222 gchar *parsed_cert_pem = NULL;
223 const gchar *parsed_key_pem = NULL;
224 GError *error = NULL;
225
226 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
227 g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
228 &error);
229 g_assert_no_error (error);
230 g_assert (cert);
231
232 g_object_get (cert,
233 "certificate-pem", &parsed_cert_pem,
234 NULL);
235 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
236 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
237 g_free (parsed_cert_pem);
238 parsed_cert_pem = NULL;
239 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
240 parsed_key_pem = NULL;
241
242 g_object_unref (cert);
243
244 /* Missing private key */
245 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
246 g_test_get_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL),
247 &error);
248 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
249 g_clear_error (&error);
250 g_assert (cert == NULL);
251
252 /* Missing certificate */
253 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
254 g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
255 &error);
256 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
257 g_clear_error (&error);
258 g_assert (cert == NULL);
259
260 /* Using this method twice with a file containing both private key and
261 * certificate as a way to inforce private key presence is a fair use
262 */
263 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
264 g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
265 &error);
266 g_assert_no_error (error);
267 g_assert (cert);
268 g_object_unref (cert);
269 }
270
271
272 static void
273 from_files_pkcs8 (const Reference *ref)
274 {
275 GTlsCertificate *cert;
276 gchar *parsed_cert_pem = NULL;
277 const gchar *parsed_key_pem = NULL;
278 GError *error = NULL;
279
280 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
281 g_test_get_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL),
282 &error);
283 g_assert_no_error (error);
284 g_assert (cert);
285
286 g_object_get (cert,
287 "certificate-pem", &parsed_cert_pem,
288 NULL);
289 parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
290 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
291 g_free (parsed_cert_pem);
292 parsed_cert_pem = NULL;
293 g_assert_cmpstr (parsed_key_pem, ==, ref->key8_pem);
294 parsed_key_pem = NULL;
295
296 g_object_unref (cert);
297 }
298
299 static void
300 list_from_file (const Reference *ref)
301 {
302 GList *list, *l;
303 GError *error = NULL;
304 int i;
305
306 list = g_tls_certificate_list_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL),
307 &error);
308 g_assert_no_error (error);
309 g_assert_cmpint (g_list_length (list), ==, 3);
310
311 l = list;
312 for (i = 0; i < 3; i++)
313 {
314 GTlsCertificate *cert = l->data;
315 gchar *parsed_cert_pem = NULL;
316 g_object_get (cert,
317 "certificate-pem", &parsed_cert_pem,
318 NULL);
319 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[i]);
320 g_free (parsed_cert_pem);
321 l = g_list_next (l);
322 }
323
324 g_list_free_full (list, g_object_unref);
325
326 /* Empty list is not an error */
327 list = g_tls_certificate_list_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "nothing.pem", NULL),
328 &error);
329 g_assert_no_error (error);
330 g_assert_cmpint (g_list_length (list), ==, 0);
331 }
332
333 int
334 main (int argc,
335 char *argv[])
336 {
337 int rtv;
338 Reference ref;
339 GError *error = NULL;
340 gchar *path;
341
342 g_test_init (&argc, &argv, NULL);
343
344 _g_test_tls_backend_get_type ();
345
346 /* Load reference PEM */
347 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL);
348 g_file_get_contents (path, &ref.cert_pems[0], NULL, &error);
349 g_assert_no_error (error);
350 g_assert (ref.cert_pems[0]);
351 g_free (path);
352 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL);
353 g_file_get_contents (path, &ref.cert_pems[1], NULL, &error);
354 g_assert_no_error (error);
355 g_assert (ref.cert_pems[1]);
356 g_free (path);
357 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert3.pem", NULL);
358 g_file_get_contents (path, &ref.cert_pems[2], NULL, &error);
359 g_assert_no_error (error);
360 g_assert (ref.cert_pems[2]);
361 g_free (path);
362 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL);
363 g_file_get_contents (path, &ref.key_pem, NULL, &error);
364 g_assert_no_error (error);
365 g_assert (ref.key_pem);
366 g_free (path);
367 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL);
368 g_file_get_contents (path, &ref.key8_pem, NULL, &error);
369 g_assert_no_error (error);
370 g_assert (ref.key8_pem);
371 g_free (path);
372
373 g_test_add_data_func ("/tls-certificate/pem-parser",
374 &ref, (GTestDataFunc)pem_parser);
375 g_test_add_data_func ("/tls-certificate/pem-parser-handles-chain",
376 &ref, (GTestDataFunc)pem_parser_handles_chain);
377 g_test_add_data_func ("/tls-certificate/from_file",
378 &ref, (GTestDataFunc)from_file);
379 g_test_add_data_func ("/tls-certificate/from_files",
380 &ref, (GTestDataFunc)from_files);
381 g_test_add_data_func ("/tls-certificate/from_files_pkcs8",
382 &ref, (GTestDataFunc)from_files_pkcs8);
383 g_test_add_data_func ("/tls-certificate/list_from_file",
384 &ref, (GTestDataFunc)list_from_file);
385
386 rtv = g_test_run();
387
388 g_free (ref.cert_pems[0]);
389 g_free (ref.cert_pems[1]);
390 g_free (ref.cert_pems[2]);
391 g_free (ref.key_pem);
392 g_free (ref.key8_pem);
393
394 return rtv;
395 }
glib mirror