[gnome-keyring/trust-store: 21/26] [gcr] Add gcr_certificate_is_issuer() and finish up testing.

From: Stefan Walter <stefw src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keyring/trust-store: 21/26] [gcr] Add gcr_certificate_is_issuer() and finish up testing.
Date: Mon, 6 Dec 2010 22:44:05 +0000 (UTC)
commit 4bdd3b73618fc9e80e154431cf04cc1f102a03aa
Author: Stef Walter <stefw collabora co uk>
Date:   Mon Dec 6 21:38:47 2010 +0000

    [gcr] Add gcr_certificate_is_issuer() and finish up testing.
    
    Add a function to test if a certificate is the issuer of another,
    and finish up testing, fix some bugs.

 gcr/gcr-certificate.c                              |   62 ++++++++++++++++---
 gcr/gcr-certificate.h                              |    9 ++-
 gcr/tests/Makefile.am                              |    2 +-
 ...{unit-test-certificate.c => test-certificate.c} |   32 +++++++++-
 gcr/tests/test-data/der-certificate-dsa.cer        |  Bin 0 -> 1639 bytes
 5 files changed, 87 insertions(+), 18 deletions(-)
---
diff --git a/gcr/gcr-certificate.c b/gcr/gcr-certificate.c
index a0b3c52..975cf28 100644
--- a/gcr/gcr-certificate.c
+++ b/gcr/gcr-certificate.c
@@ -61,6 +61,11 @@ typedef struct _GcrCertificateInfo {
 	guint key_size;
 } GcrCertificateInfo;
 
+/* Forward declarations */
+
+static gconstpointer _gcr_certificate_get_subject_const (GcrCertificate *self, gsize *n_data);
+static gconstpointer _gcr_certificate_get_issuer_const (GcrCertificate *self, gsize *n_data);
+
 /* -----------------------------------------------------------------------------
  * INTERNAL 
  */
@@ -87,7 +92,7 @@ certificate_info_load (GcrCertificate *cert)
 	GNode *asn1;
 	const guchar *der;
 	gsize n_der;
-	
+
 	g_assert (GCR_IS_CERTIFICATE (cert));
 	
 	der = gcr_certificate_get_der_data (cert, &n_der);
@@ -158,7 +163,7 @@ calculate_key_size (GcrCertificateInfo *info)
 	const guchar *data, *params;
 	gsize n_data, n_params;
 	guint key_size = 0, n_bits;
-	guchar *key;
+	guchar *key = NULL;
 	GQuark oid;
 
 	data = egg_asn1x_get_raw_element (egg_asn1x_node (info->asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL), &n_data);
@@ -178,6 +183,7 @@ calculate_key_size (GcrCertificateInfo *info)
 		key = egg_asn1x_get_bits_as_raw (egg_asn1x_node (asn, "subjectPublicKey", NULL), NULL, &n_bits);
 		g_return_val_if_fail (key, 0);
 		key_size = calculate_rsa_key_size (key, n_bits / 8);
+		g_free (key);
 
 	/* The DSA key size is discovered by the prime in params */
 	} else if (oid == OID_DSA_KEY) {
@@ -189,7 +195,6 @@ calculate_key_size (GcrCertificateInfo *info)
 	}
 
 	egg_asn1x_destroy (asn);
-	g_free (key);
 
 	return key_size;
 }
@@ -200,7 +205,7 @@ digest_certificate (GcrCertificate *self, GChecksumType type)
 	GChecksum *digest;
 	const guchar *der;
 	gsize n_der;
-	
+
 	g_assert (GCR_IS_CERTIFICATE (self));
 
 	der = gcr_certificate_get_der_data (self, &n_der);
@@ -324,22 +329,48 @@ gcr_certificate_get_issuer_part (GcrCertificate *self, const char *part)
 	return egg_dn_read_part (egg_asn1x_node (info->asn1, "tbsCertificate", "issuer", "rdnSequence", NULL), part);
 }
 
+static gconstpointer
+_gcr_certificate_get_issuer_const (GcrCertificate *self, gsize *n_data)
+{
+	GcrCertificateInfo *info;
+
+	info = certificate_info_load (self);
+	g_return_val_if_fail (info, NULL);
+
+	return egg_asn1x_get_raw_element (egg_asn1x_node (info->asn1, "tbsCertificate", "issuer", NULL), n_data);
+}
+
 gpointer
 gcr_certificate_get_issuer_raw (GcrCertificate *self, gsize *n_data)
 {
-	GcrCertificateInfo *info;
 	gconstpointer data;
 
 	g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL);
 	g_return_val_if_fail (n_data, NULL);
 
-	info = certificate_info_load (self);
-	g_return_val_if_fail (info, NULL);
-
-	data = egg_asn1x_get_raw_element (egg_asn1x_node (info->asn1, "tbsCertificate", "issuer", NULL), n_data);
+	data = _gcr_certificate_get_issuer_const (self, n_data);
 	return g_memdup (data, data ? *n_data : 0);
 }
 
+gboolean
+gcr_certificate_is_issuer (GcrCertificate *self, GcrCertificate *issuer)
+{
+	gconstpointer subject_dn, issuer_dn;
+	gsize n_subject_dn, n_issuer_dn;
+
+	g_return_val_if_fail (GCR_IS_CERTIFICATE (self), FALSE);
+	g_return_val_if_fail (GCR_IS_CERTIFICATE (issuer), FALSE);
+
+	subject_dn = _gcr_certificate_get_subject_const (issuer, &n_subject_dn);
+	g_return_val_if_fail (subject_dn, FALSE);
+
+	issuer_dn = _gcr_certificate_get_issuer_const (self, &n_issuer_dn);
+	g_return_val_if_fail (issuer_dn, FALSE);
+
+	return (n_issuer_dn == n_subject_dn &&
+	        memcmp (issuer_dn, subject_dn, n_issuer_dn) == 0);
+}
+
 /**
  * gcr_certificate_get_issuer_dn:
  * @self: a #GcrCertificate
@@ -436,6 +467,17 @@ gcr_certificate_get_subject_dn (GcrCertificate *self)
 	return egg_dn_read (egg_asn1x_node (info->asn1, "tbsCertificate", "issuer", "rdnSequence", NULL));
 }
 
+static gconstpointer
+_gcr_certificate_get_subject_const (GcrCertificate *self, gsize *n_data)
+{
+	GcrCertificateInfo *info;
+
+	info = certificate_info_load (self);
+	g_return_val_if_fail (info, NULL);
+
+	return egg_asn1x_get_raw_element (egg_asn1x_node (info->asn1, "tbsCertificate", "subject", NULL), n_data);
+}
+
 gpointer
 gcr_certificate_get_subject_raw (GcrCertificate *self, gsize *n_data)
 {
@@ -448,7 +490,7 @@ gcr_certificate_get_subject_raw (GcrCertificate *self, gsize *n_data)
 	info = certificate_info_load (self);
 	g_return_val_if_fail (info, NULL);
 
-	data = egg_asn1x_get_raw_element (egg_asn1x_node (info->asn1, "tbsCertificate", "subject", NULL), n_data);
+	data = _gcr_certificate_get_subject_const (self, n_data);
 	return g_memdup (data, data ? *n_data : 0);
 }
 
diff --git a/gcr/gcr-certificate.h b/gcr/gcr-certificate.h
index 9d695a1..5de9eee 100644
--- a/gcr/gcr-certificate.h
+++ b/gcr/gcr-certificate.h
@@ -38,9 +38,9 @@ typedef struct _GcrCertificateIface GcrCertificateIface;
 
 struct _GcrCertificateIface {
 	GTypeInterface parent;
-	
+
 	const guchar* (*get_der_data)   (GcrCertificate *self, gsize *n_data);
-	
+
 	gpointer dummy1;
 	gpointer dummy2;
 	gpointer dummy3;
@@ -52,7 +52,7 @@ struct _GcrCertificateIface {
 
 GType               gcr_certificate_get_type               (void);
 
-const guchar*       gcr_certificate_get_der_data           (GcrCertificate *self, 
+const guchar*       gcr_certificate_get_der_data           (GcrCertificate *self,
                                                             gsize *n_data);
 
 gchar*              gcr_certificate_get_issuer_cn          (GcrCertificate *self);
@@ -65,6 +65,9 @@ gchar*              gcr_certificate_get_issuer_part        (GcrCertificate *self
 gpointer            gcr_certificate_get_issuer_raw         (GcrCertificate *self,
                                                             gsize *n_data);
 
+gboolean            gcr_certificate_is_issuer              (GcrCertificate *self,
+                                                            GcrCertificate *issuer);
+
 gchar*              gcr_certificate_get_subject_cn         (GcrCertificate *self);
 
 gchar*              gcr_certificate_get_subject_dn         (GcrCertificate *self);
diff --git a/gcr/tests/Makefile.am b/gcr/tests/Makefile.am
index e55c99d..daee53f 100644
--- a/gcr/tests/Makefile.am
+++ b/gcr/tests/Makefile.am
@@ -1,7 +1,7 @@
 
 # Test files should be listed in order they need to run
 TESTING_FILES = \
-	unit-test-certificate.c \
+	test-certificate.c \
 	test-simple-certificate.c \
 	test-trust.c \
 	unit-test-parser.c
diff --git a/gcr/tests/unit-test-certificate.c b/gcr/tests/test-certificate.c
similarity index 82%
rename from gcr/tests/unit-test-certificate.c
rename to gcr/tests/test-certificate.c
index 5e51e74..96ae550 100644
--- a/gcr/tests/unit-test-certificate.c
+++ b/gcr/tests/test-certificate.c
@@ -10,23 +10,30 @@
 #include <string.h>
 
 static GcrCertificate *certificate = NULL;
+static GcrCertificate *certificate2 = NULL;
 
 TESTING_SETUP(certificate)
 {
 	guchar *contents;
 	gsize n_contents;
-	
+
 	contents = testing_data_read ("der-certificate.crt", &n_contents);
 	certificate = gcr_simple_certificate_new (contents, n_contents);
 	g_assert (certificate);
 	g_free (contents);
+
+	contents = testing_data_read ("der-certificate-dsa.cer", &n_contents);
+	certificate2 = gcr_simple_certificate_new (contents, n_contents);
+	g_assert (certificate2);
+	g_free (contents);
 }
 
 TESTING_TEARDOWN(certificate)
 {
-	if (certificate)
-		g_object_unref (certificate);
+	g_object_unref (certificate);
 	certificate = NULL;
+	g_object_unref (certificate2);
+	certificate2 = NULL;
 }
 
 TESTING_TEST(issuer_cn)
@@ -124,7 +131,7 @@ TESTING_TEST(serial_number)
 	gsize n_serial;
 	guchar *serial;
 	gchar *hex;
-	
+
 	serial = gcr_certificate_get_serial_number (certificate, &n_serial);
 	g_assert (serial);
 	g_assert_cmpuint (n_serial, ==, 1);
@@ -155,3 +162,20 @@ TESTING_TEST(fingerprint_hex)
 	g_free (print);
 }
 
+TESTING_TEST (certificate_key_size)
+{
+	guint key_size = gcr_certificate_get_key_size (certificate);
+	g_assert_cmpuint (key_size, ==, 1024);
+
+	key_size = gcr_certificate_get_key_size (certificate2);
+	g_assert_cmpuint (key_size, ==, 1024);
+}
+
+TESTING_TEST (certificate_is_issuer)
+{
+	gboolean ret = gcr_certificate_is_issuer (certificate, certificate);
+	g_assert (ret == TRUE);
+
+	ret = gcr_certificate_is_issuer (certificate, certificate2);
+	g_assert (ret == FALSE);
+}
diff --git a/gcr/tests/test-data/der-certificate-dsa.cer b/gcr/tests/test-data/der-certificate-dsa.cer
new file mode 100755
index 0000000..024f3c1
Binary files /dev/null and b/gcr/tests/test-data/der-certificate-dsa.cer differ
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]