1 /* GLib testing framework examples and tests
2 *
3 * Copyright (C) 2011 Collabora Ltd.
4 *
5 * SPDX-License-Identifier: LGPL-2.1-or-later
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General
18 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 *
20 * Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
21 */
22
23 #include "config.h"
24
25 #include <gio/gio.h>
26
27 #include "gtesttlsbackend.h"
28
29 typedef struct
30 {
31 gchar *cert_pems[3];
32 gchar *cert_crlf_pem;
33 gchar *key_pem;
34 gchar *key_crlf_pem;
35 gchar *key8_pem;
36 } Reference;
37
38 static void
39 pem_parser (const Reference *ref)
40 {
41 GTlsCertificate *cert;
42 gchar *pem;
43 gsize pem_len = 0;
44 gchar *parsed_cert_pem = NULL;
45 gchar *parsed_key_pem = NULL;
46 GError *error = NULL;
47
48 /* Check PEM parsing in certificate, private key order. */
49 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, &pem_len, &error);
50 g_assert_no_error (error);
51 g_assert_nonnull (pem);
52 g_assert_cmpuint (pem_len, >=, 10);
53
54 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
55 g_assert_no_error (error);
56 g_assert_nonnull (cert);
57
58 g_object_get (cert,
59 "certificate-pem", &parsed_cert_pem,
60 "private-key-pem", &parsed_key_pem,
61 NULL);
62 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
63 g_clear_pointer (&parsed_cert_pem, g_free);
64 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
65 g_clear_pointer (&parsed_key_pem, g_free);
66
67 g_object_unref (cert);
68
69 /* Make sure length is respected and parser detect invalid PEM
70 * when cert is truncated. */
71 cert = g_tls_certificate_new_from_pem (pem, 10, &error);
72 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
73 g_clear_error (&error);
74
75 /* Make sure length is respected and parser detect invalid PEM
76 * when cert exists but key is truncated. */
77 cert = g_tls_certificate_new_from_pem (pem, pem_len - 10, &error);
78 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
79 g_clear_error (&error);
80 g_free (pem);
81
82 /* Check PEM parsing in private key, certificate order */
83 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), &pem, NULL, &error);
84 g_assert_no_error (error);
85 g_assert_nonnull (pem);
86
87 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
88 g_assert_no_error (error);
89 g_assert_nonnull (cert);
90
91 g_object_get (cert,
92 "certificate-pem", &parsed_cert_pem,
93 "private-key-pem", &parsed_key_pem,
94 NULL);
95 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
96 g_clear_pointer (&parsed_cert_pem, g_free);
97 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
98 g_clear_pointer (&parsed_key_pem, g_free);
99
100 g_free (pem);
101 g_object_unref (cert);
102
103 /* Check certificate only PEM */
104 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), &pem, NULL, &error);
105 g_assert_no_error (error);
106 g_assert_nonnull (pem);
107
108 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
109 g_assert_no_error (error);
110 g_assert_nonnull (cert);
111
112 g_object_get (cert,
113 "certificate-pem", &parsed_cert_pem,
114 "private-key-pem", &parsed_key_pem,
115 NULL);
116 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
117 g_clear_pointer (&parsed_cert_pem, g_free);
118 g_assert_null (parsed_key_pem);
119
120 g_free (pem);
121 g_object_unref (cert);
122
123 /* Check error with private key only PEM */
124 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), &pem, NULL, &error);
125 g_assert_no_error (error);
126 g_assert_nonnull (pem);
127
128 cert = g_tls_certificate_new_from_pem (pem, -1, &error);
129 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
130 g_clear_error (&error);
131 g_assert_null (cert);
132 g_free (pem);
133 }
134
135 static void
136 pem_parser_handles_chain (const Reference *ref)
137 {
138 GTlsCertificate *cert;
139 GTlsCertificate *issuer;
140 GTlsCertificate *original_cert;
141 gchar *pem;
142 gchar *parsed_cert_pem = NULL;
143 gchar *parsed_key_pem = NULL;
144 GError *error = NULL;
145
146 /* Check that a chain with exactly three certificates is returned */
147 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL, &error);
148 g_assert_no_error (error);
149 g_assert_nonnull (pem);
150
151 cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error);
152 g_free (pem);
153 g_assert_no_error (error);
154 g_assert_nonnull (cert);
155
156 g_object_get (cert,
157 "certificate-pem", &parsed_cert_pem,
158 "private-key-pem", &parsed_key_pem,
159 NULL);
160 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
161 g_clear_pointer (&parsed_cert_pem, g_free);
162
163 /* Make sure the private key was parsed */
164 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
165 g_clear_pointer (&parsed_key_pem, g_free);
166
167 /* Now test the second cert */
168 issuer = g_tls_certificate_get_issuer (cert);
169 g_assert_nonnull (issuer);
170
171 cert = issuer;
172 issuer = g_tls_certificate_get_issuer (cert);
173 g_assert_nonnull (issuer);
174
175 g_object_get (cert,
176 "certificate-pem", &parsed_cert_pem,
177 "private-key-pem", &parsed_key_pem,
178 NULL);
179 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[1]);
180 g_clear_pointer (&parsed_cert_pem, g_free);
181
182 /* Only the first cert should have a private key */
183 g_assert_null (parsed_key_pem);
184
185 /* Now test the final cert */
186 cert = issuer;
187 issuer = g_tls_certificate_get_issuer (cert);
188 g_assert_null (issuer);
189
190 g_object_get (cert,
191 "certificate-pem", &parsed_cert_pem,
192 "private-key-pem", &parsed_key_pem,
193 NULL);
194 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[2]);
195 g_clear_pointer (&parsed_cert_pem, g_free);
196
197 g_assert_null (parsed_key_pem);
198
199 g_object_unref (original_cert);
200 }
201
202 static void
203 pem_parser_no_sentinel (void)
204 {
205 GTlsCertificate *cert;
206 gchar *pem;
207 gsize pem_len = 0;
208 gchar *pem_copy;
209 GError *error = NULL;
210
211 /* Check certificate from not-nul-terminated PEM */
212 g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), &pem, &pem_len, &error);
213 g_assert_no_error (error);
214 g_assert_nonnull (pem);
215 g_assert_cmpuint (pem_len, >=, 10);
216
217 pem_copy = g_new (char, pem_len);
218 /* Do not copy the terminating nul: */
219 memmove (pem_copy, pem, pem_len);
220 g_free (pem);
221
222 /* Check whether the parser respects the @length parameter.
223 * pem_copy is allocated exactly pem_len bytes, so accessing memory
224 * outside its bounds will be detected by, for example, valgrind or
225 * asan. */
226 cert = g_tls_certificate_new_from_pem (pem_copy, pem_len, &error);
227 g_assert_no_error (error);
228 g_assert_nonnull (cert);
229
230 g_free (pem_copy);
231 g_object_unref (cert);
232 }
233
234 static void
235 from_file (const Reference *ref)
236 {
237 GTlsCertificate *cert;
238 gchar *parsed_cert_pem = NULL;
239 gchar *parsed_key_pem = NULL;
240 GError *error = NULL;
241
242 cert = g_tls_certificate_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
243 &error);
244 g_assert_no_error (error);
245 g_assert_nonnull (cert);
246
247 g_object_get (cert,
248 "certificate-pem", &parsed_cert_pem,
249 "private-key-pem", &parsed_key_pem,
250 NULL);
251 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
252 g_clear_pointer (&parsed_cert_pem, g_free);
253 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
254 g_clear_pointer (&parsed_key_pem, g_free);
255
256 g_object_unref (cert);
257 }
258
259 static void
260 from_files (const Reference *ref)
261 {
262 GTlsCertificate *cert;
263 gchar *parsed_cert_pem = NULL;
264 gchar *parsed_key_pem = NULL;
265 GError *error = NULL;
266
267 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
268 g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
269 &error);
270 g_assert_no_error (error);
271 g_assert_nonnull (cert);
272
273 g_object_get (cert,
274 "certificate-pem", &parsed_cert_pem,
275 "private-key-pem", &parsed_key_pem,
276 NULL);
277 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
278 g_clear_pointer (&parsed_cert_pem, g_free);
279 g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
280 g_clear_pointer (&parsed_key_pem, g_free);
281
282 g_object_unref (cert);
283
284 /* Missing private key */
285 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
286 g_test_get_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL),
287 &error);
288 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
289 g_clear_error (&error);
290 g_assert_null (cert);
291
292 /* Missing header private key */
293 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
294 g_test_get_filename (G_TEST_DIST, "cert-tests", "key_missing-header.pem", NULL),
295 &error);
296 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
297 g_clear_error (&error);
298 g_assert_null (cert);
299
300 /* Missing footer private key */
301 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
302 g_test_get_filename (G_TEST_DIST, "cert-tests", "key_missing-footer.pem", NULL),
303 &error);
304 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
305 g_clear_error (&error);
306 g_assert_null (cert);
307
308 /* Missing certificate */
309 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
310 g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
311 &error);
312 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
313 g_clear_error (&error);
314 g_assert_null (cert);
315
316 /* Using this method twice with a file containing both private key and
317 * certificate as a way to enforce private key presence is a fair use
318 */
319 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
320 g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
321 &error);
322 g_assert_no_error (error);
323 g_assert_nonnull (cert);
324 g_object_unref (cert);
325 }
326
327 static void
328 from_files_crlf (const Reference *ref)
329 {
330 GTlsCertificate *cert;
331 gchar *parsed_cert_pem = NULL;
332 gchar *parsed_key_pem = NULL;
333 GError *error = NULL;
334
335 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-crlf.pem", NULL),
336 g_test_get_filename (G_TEST_DIST, "cert-tests", "key-crlf.pem", NULL),
337 &error);
338 g_assert_no_error (error);
339 g_assert_nonnull (cert);
340
341 g_object_get (cert,
342 "certificate-pem", &parsed_cert_pem,
343 "private-key-pem", &parsed_key_pem,
344 NULL);
345 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_crlf_pem);
346 g_clear_pointer (&parsed_cert_pem, g_free);
347 g_assert_cmpstr (parsed_key_pem, ==, ref->key_crlf_pem);
348 g_clear_pointer (&parsed_key_pem, g_free);
349
350 g_object_unref (cert);
351 }
352
353 static void
354 from_files_pkcs8 (const Reference *ref)
355 {
356 GTlsCertificate *cert;
357 gchar *parsed_cert_pem = NULL;
358 gchar *parsed_key_pem = NULL;
359 GError *error = NULL;
360
361 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
362 g_test_get_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL),
363 &error);
364 g_assert_no_error (error);
365 g_assert_nonnull (cert);
366
367 g_object_get (cert,
368 "certificate-pem", &parsed_cert_pem,
369 "private-key-pem", &parsed_key_pem,
370 NULL);
371 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
372 g_clear_pointer (&parsed_cert_pem, g_free);
373 g_assert_cmpstr (parsed_key_pem, ==, ref->key8_pem);
374 g_clear_pointer (&parsed_key_pem, g_free);
375
376 g_object_unref (cert);
377 }
378
379 static void
380 from_files_pkcs8enc (const Reference *ref)
381 {
382 GTlsCertificate *cert;
383 GError *error = NULL;
384
385 /* Mare sure an error is returned for encrypted key */
386 cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
387 g_test_get_filename (G_TEST_DIST, "cert-tests", "key8enc.pem", NULL),
388 &error);
389 g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
390 g_clear_error (&error);
391 g_assert_null (cert);
392 }
393
394 static void
395 list_from_file (const Reference *ref)
396 {
397 GList *list, *l;
398 GError *error = NULL;
399 int i;
400
401 list = g_tls_certificate_list_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL),
402 &error);
403 g_assert_no_error (error);
404 g_assert_cmpint (g_list_length (list), ==, 3);
405
406 l = list;
407 for (i = 0; i < 3; i++)
408 {
409 GTlsCertificate *cert = l->data;
410 gchar *parsed_cert_pem = NULL;
411 g_object_get (cert,
412 "certificate-pem", &parsed_cert_pem,
413 NULL);
414 g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[i]);
415 g_free (parsed_cert_pem);
416 l = g_list_next (l);
417 }
418
419 g_list_free_full (list, g_object_unref);
420
421 /* Empty list is not an error */
422 list = g_tls_certificate_list_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "nothing.pem", NULL),
423 &error);
424 g_assert_no_error (error);
425 g_assert_cmpint (g_list_length (list), ==, 0);
426 }
427
428 static void
429 from_pkcs11_uri (void)
430 {
431 GError *error = NULL;
432 GTlsCertificate *cert;
433 gchar *pkcs11_uri = NULL;
434
435 cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
436 g_assert_no_error (error);
437 g_assert_nonnull (cert);
438
439 g_object_get (cert, "pkcs11-uri", &pkcs11_uri, NULL);
440 g_assert_cmpstr ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", ==, pkcs11_uri);
441 g_free (pkcs11_uri);
442
443 g_object_unref (cert);
444 }
445
446 static void
447 from_unsupported_pkcs11_uri (void)
448 {
449 GError *error = NULL;
450 GTlsCertificate *cert;
451
452 /* This is a magic value in gtesttlsbackend.c simulating an unsupported backend */
453 cert = g_tls_certificate_new_from_pkcs11_uris ("unsupported", NULL, &error);
454 g_assert_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED);
455 g_assert_null (cert);
456
457 g_clear_error (&error);
458 }
459
460 static void
461 not_valid_before (void)
462 {
463 const gchar *EXPECTED_NOT_VALID_BEFORE = "2020-10-12T17:49:44Z";
464
465 GTlsCertificate *cert;
466 GError *error = NULL;
467 GDateTime *actual;
468 gchar *actual_str;
469
470 cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
471 g_assert_no_error (error);
472 g_assert_nonnull (cert);
473
474 actual = g_tls_certificate_get_not_valid_before (cert);
475 g_assert_nonnull (actual);
476 actual_str = g_date_time_format_iso8601 (actual);
477 g_assert_cmpstr (actual_str, ==, EXPECTED_NOT_VALID_BEFORE);
478 g_free (actual_str);
479 g_date_time_unref (actual);
480 g_object_unref (cert);
481 }
482
483 static void
484 not_valid_after (void)
485 {
486 const gchar *EXPECTED_NOT_VALID_AFTER = "2045-10-06T17:49:44Z";
487
488 GTlsCertificate *cert;
489 GError *error = NULL;
490 GDateTime *actual;
491 gchar *actual_str;
492
493 cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
494 g_assert_no_error (error);
495 g_assert_nonnull (cert);
496
497 actual = g_tls_certificate_get_not_valid_after (cert);
498 g_assert_nonnull (actual);
499 actual_str = g_date_time_format_iso8601 (actual);
500 g_assert_cmpstr (actual_str, ==, EXPECTED_NOT_VALID_AFTER);
501 g_free (actual_str);
502 g_date_time_unref (actual);
503 g_object_unref (cert);
504 }
505
506 static void
507 subject_name (void)
508 {
509 const gchar *EXPECTED_SUBJECT_NAME = "DC=COM,DC=EXAMPLE,CN=server.example.com";
510
511 GTlsCertificate *cert;
512 GError *error = NULL;
513 gchar *actual;
514
515 cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
516 g_assert_no_error (error);
517 g_assert_nonnull (cert);
518
519 actual = g_tls_certificate_get_subject_name (cert);
520 g_assert_nonnull (actual);
521 g_assert_cmpstr (actual, ==, EXPECTED_SUBJECT_NAME);
522 g_free (actual);
523 g_object_unref (cert);
524 }
525
526 static void
527 issuer_name (void)
528 {
529 const gchar *EXPECTED_ISSUER_NAME = "DC=COM,DC=EXAMPLE,OU=Certificate Authority,CN=ca.example.com,emailAddress=ca@example.com";
530
531 GTlsCertificate *cert;
532 GError *error = NULL;
533 gchar *actual;
534
535 cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
536 g_assert_no_error (error);
537 g_assert_nonnull (cert);
538
539 actual = g_tls_certificate_get_issuer_name (cert);
540 g_assert_nonnull (actual);
541 g_assert_cmpstr (actual, ==, EXPECTED_ISSUER_NAME);
542 g_free (actual);
543 g_object_unref (cert);
544 }
545
546 static void
547 dns_names (void)
548 {
549 GTlsCertificate *cert;
550 GError *error = NULL;
551 GPtrArray *actual;
552 const gchar *dns_name = "a.example.com";
553 GBytes *expected = g_bytes_new_static (dns_name, strlen (dns_name));
554
555 cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
556 g_assert_no_error (error);
557 g_assert_nonnull (cert);
558
559 actual = g_tls_certificate_get_dns_names (cert);
560 g_assert_nonnull (actual);
561 g_assert_cmpuint (actual->len, ==, 1);
562 g_assert_true (g_ptr_array_find_with_equal_func (actual, expected, (GEqualFunc)g_bytes_equal, NULL));
563
564 g_ptr_array_unref (actual);
565 g_bytes_unref (expected);
566 g_object_unref (cert);
567 }
568
569 static void
570 ip_addresses (void)
571 {
572 GTlsCertificate *cert;
573 GError *error = NULL;
574 GPtrArray *actual;
575 GInetAddress *expected = g_inet_address_new_from_string ("192.0.2.1");
576
577 cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
578 g_assert_no_error (error);
579 g_assert_nonnull (cert);
580
581 actual = g_tls_certificate_get_ip_addresses (cert);
582 g_assert_nonnull (actual);
583 g_assert_cmpuint (actual->len, ==, 1);
584 g_assert_true (g_ptr_array_find_with_equal_func (actual, expected, (GEqualFunc)g_inet_address_equal, NULL));
585
586 g_ptr_array_free (actual, TRUE);
587 g_object_unref (expected);
588 g_object_unref (cert);
589 }
590
591 static void
592 from_pkcs12 (void)
593 {
594 GTlsCertificate *cert;
595 GError *error = NULL;
596 const guint8 data[1] = { 0 };
597
598 /* This simply fails because our test backend doesn't support this
599 * property. This reflects using a backend that doesn't support it.
600 * The real test lives in glib-networking. */
601 cert = g_tls_certificate_new_from_pkcs12 (data, 1, NULL, &error);
602
603 g_assert_null (cert);
604 g_assert_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED);
605 g_error_free (error);
606 }
607
608 static void
609 from_pkcs12_file (void)
610 {
611 GTlsCertificate *cert;
612 GError *error = NULL;
613 char *path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key-cert-password-123.p12", NULL);
614
615 /* Fails on our test backend, see from_pkcs12() above. */
616 cert = g_tls_certificate_new_from_file_with_password (path, "123", &error);
617 g_assert_null (cert);
618 g_assert_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED);
619 g_clear_error (&error);
620
621 /* Just for coverage. */
622 cert = g_tls_certificate_new_from_file (path, &error);
623 g_assert_null (cert);
624 g_assert_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED);
625 g_error_free (error);
626
627 g_free (path);
628 }
629
630 int
631 main (int argc,
632 char *argv[])
633 {
634 int rtv;
635 Reference ref;
636 GError *error = NULL;
637 gchar *path;
638
639 g_test_init (&argc, &argv, NULL);
640
641 _g_test_tls_backend_get_type ();
642
643 /* Load reference PEM */
644 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL);
645 g_file_get_contents (path, &ref.cert_pems[0], NULL, &error);
646 g_assert_no_error (error);
647 g_assert_nonnull (ref.cert_pems[0]);
648 g_free (path);
649 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL);
650 g_file_get_contents (path, &ref.cert_pems[1], NULL, &error);
651 g_assert_no_error (error);
652 g_assert_nonnull (ref.cert_pems[1]);
653 g_free (path);
654 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert3.pem", NULL);
655 g_file_get_contents (path, &ref.cert_pems[2], NULL, &error);
656 g_assert_no_error (error);
657 g_assert_nonnull (ref.cert_pems[2]);
658 g_free (path);
659 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert-crlf.pem", NULL);
660 g_file_get_contents (path, &ref.cert_crlf_pem, NULL, &error);
661 g_assert_no_error (error);
662 g_assert_nonnull (ref.cert_crlf_pem);
663 g_free (path);
664 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL);
665 g_file_get_contents (path, &ref.key_pem, NULL, &error);
666 g_assert_no_error (error);
667 g_assert_nonnull (ref.key_pem);
668 g_free (path);
669 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key-crlf.pem", NULL);
670 g_file_get_contents (path, &ref.key_crlf_pem, NULL, &error);
671 g_assert_no_error (error);
672 g_assert_nonnull (ref.key_crlf_pem);
673 g_free (path);
674 path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL);
675 g_file_get_contents (path, &ref.key8_pem, NULL, &error);
676 g_assert_no_error (error);
677 g_assert_nonnull (ref.key8_pem);
678 g_free (path);
679
680 g_test_add_data_func ("/tls-certificate/pem-parser",
681 &ref, (GTestDataFunc)pem_parser);
682 g_test_add_data_func ("/tls-certificate/pem-parser-handles-chain",
683 &ref, (GTestDataFunc)pem_parser_handles_chain);
684 g_test_add_data_func ("/tls-certificate/from_file",
685 &ref, (GTestDataFunc)from_file);
686 g_test_add_data_func ("/tls-certificate/from_files",
687 &ref, (GTestDataFunc)from_files);
688 g_test_add_data_func ("/tls-certificate/from_files_crlf",
689 &ref, (GTestDataFunc)from_files_crlf);
690 g_test_add_data_func ("/tls-certificate/from_files_pkcs8",
691 &ref, (GTestDataFunc)from_files_pkcs8);
692 g_test_add_data_func ("/tls-certificate/from_files_pkcs8enc",
693 &ref, (GTestDataFunc)from_files_pkcs8enc);
694 g_test_add_data_func ("/tls-certificate/list_from_file",
695 &ref, (GTestDataFunc)list_from_file);
696 g_test_add_func ("/tls-certificate/pkcs11-uri",
697 from_pkcs11_uri);
698 g_test_add_func ("/tls-certificate/pkcs11-uri-unsupported",
699 from_unsupported_pkcs11_uri);
700 g_test_add_func ("/tls-certificate/from_pkcs12",
701 from_pkcs12);
702 g_test_add_func ("/tls-certificate/from_pkcs12_file",
703 from_pkcs12_file);
704 g_test_add_func ("/tls-certificate/not-valid-before",
705 not_valid_before);
706 g_test_add_func ("/tls-certificate/not-valid-after",
707 not_valid_after);
708 g_test_add_func ("/tls-certificate/subject-name",
709 subject_name);
710 g_test_add_func ("/tls-certificate/issuer-name",
711 issuer_name);
712 g_test_add_func ("/tls-certificate/dns-names",
713 dns_names);
714 g_test_add_func ("/tls-certificate/ip-addresses",
715 ip_addresses);
716 g_test_add_func ("/tls-certificate/pem-parser-no-sentinel",
717 pem_parser_no_sentinel);
718
719 rtv = g_test_run();
720
721 g_free (ref.cert_pems[0]);
722 g_free (ref.cert_pems[1]);
723 g_free (ref.cert_pems[2]);
724 g_free (ref.cert_crlf_pem);
725 g_free (ref.key_pem);
726 g_free (ref.key_crlf_pem);
727 g_free (ref.key8_pem);
728
729 return rtv;
730 }