2 #define _POSIX_SOURCE /* For getaddrinfo(3) */
6 #define _BSD_SOURCE /* For NI_MAXHOST up to glibc-2.19 */
8 #ifndef _DEFAULT_SOURCE
9 #define _DEFAULT_SOURCE /* For NI_MAXHOST since glibc-2.20 */
13 #define _XOPEN_SOURCE 600 /* For unsetenv(3) */
20 #define TLSDIR SRCDIR "/server/tls"
21 static const char *ca_certificate
= TLSDIR
"/ca.cert";
22 static char *server_certificate
= TLSDIR
"/server.cert";
23 static char *server_key
= TLSDIR
"/server.key";
24 static char *client_certificate
= TLSDIR
"/client.cert";
25 static char *client_key
= TLSDIR
"/client.key";
26 static const char *client_dn
= "CN=The Client,C=CZ";
27 static const char *username
= "douglas";
28 static const char *password
= "42";
31 static int test_login(const isds_error error
, struct isds_ctx
*context
,
32 const char *url
, const char *username
, const char *password
,
33 const struct isds_pki_credentials
*pki_credentials
,
34 struct isds_otp
*otp
) {
37 err
= isds_login(context
, url
, username
, password
, pki_credentials
, otp
);
39 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
40 isds_strerror(error
), isds_strerror(err
),
41 isds_long_message(context
));
50 struct isds_ctx
*context
= NULL
;
53 INIT_TEST("authentication with client certificate and username and "
56 if (unsetenv("http_proxy")) {
57 ABORT_UNIT("Could not remove http_proxy variable from environment\n");
61 ABORT_UNIT("isds_init() failed\n");
63 context
= isds_ctx_create();
66 ABORT_UNIT("isds_ctx_create() failed\n");
68 if (isds_set_opt(context
, IOPT_TLS_CA_FILE
, ca_certificate
)) {
69 isds_ctx_free(&context
);
71 ABORT_UNIT("Setting CA failed\n");
73 if (isds_set_opt(context
, IOPT_TLS_VERIFY_SERVER
, 0)) {
74 isds_ctx_free(&context
);
76 ABORT_UNIT("Disabling server hostname verification failed\n");
80 const struct service_configuration services
[] = {
81 { SERVICE_DS_Dz_DummyOperation
, NULL
},
84 const struct arguments_basic_authentication server_arguments
= {
90 struct tls_authentication tls_arguments
= {
91 .authority_certificate
= ca_certificate
,
92 .server_certificate
= server_certificate
,
93 .server_key
= server_key
,
94 .client_name
= client_dn
96 struct isds_pki_credentials pki_credentials
= {
98 .certificate_format
= PKI_FORMAT_PEM
,
99 .certificate
= server_certificate
,
100 .key_format
= PKI_FORMAT_PEM
,
104 error
= start_server(&server_process
, &url
,
105 server_certificate_with_password_authentication
,
106 &server_arguments
, &tls_arguments
);
108 isds_ctx_free(&context
);
110 ABORT_UNIT(server_error
);
113 TEST("no client certificate", test_login
, IE_SECURITY
, context
,
114 url
, username
, password
, NULL
, NULL
);
116 TEST("wrong client certificate", test_login
, IE_SECURITY
, context
,
117 url
, username
, password
, &pki_credentials
, NULL
);
119 pki_credentials
.certificate
= client_certificate
;
120 pki_credentials
.key
= client_key
;
122 TEST("invalid username", test_login
, IE_NOT_LOGGED_IN
, context
,
123 url
, "7777777", "nbuusr1", &pki_credentials
, NULL
);
125 TEST("valid login", test_login
, IE_SUCCESS
, context
,
126 url
, username
, password
, &pki_credentials
, NULL
);
128 if (stop_server(server_process
)) {
129 isds_ctx_free(&context
);
131 ABORT_UNIT(server_error
);
139 struct tls_authentication tls_arguments
= {
140 .authority_certificate
= ca_certificate
,
141 .server_certificate
= server_certificate
,
142 .server_key
= server_key
,
143 .client_name
= client_dn
145 struct isds_pki_credentials pki_credentials
= {
147 .certificate_format
= PKI_FORMAT_PEM
,
148 .certificate
= client_certificate
,
149 .key_format
= PKI_FORMAT_PEM
,
153 error
= start_server(&server_process
, &url
,
154 server_out_of_order
, NULL
, &tls_arguments
);
156 isds_ctx_free(&context
);
158 ABORT_UNIT(server_error
);
161 TEST("log into out-of-order server", test_login
, IE_SOAP
, context
,
162 url
, username
, password
, &pki_credentials
, NULL
);
164 if (stop_server(server_process
)) {
165 isds_ctx_free(&context
);
167 ABORT_UNIT(server_error
);
174 isds_ctx_free(&context
);