[glib/tls-database] Add tests for TLS client authentication.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/tls-database] Add tests for TLS client authentication.
- Date: Tue, 18 Jan 2011 16:24:12 +0000 (UTC)
commit 9691b9e26fbc41e4cede4073c2e538a7be87c149
Author: Stef Walter <stefw collabora co uk>
Date: Mon Jan 17 22:10:33 2011 -0800
Add tests for TLS client authentication.
gio/tests/tls-tests/client-and-key.pem | 45 ++++++++++++++
gio/tests/tls.c | 100 ++++++++++++++++++++++++++++----
2 files changed, 133 insertions(+), 12 deletions(-)
---
diff --git a/gio/tests/tls-tests/client-and-key.pem b/gio/tests/tls-tests/client-and-key.pem
new file mode 100644
index 0000000..897b5f2
--- /dev/null
+++ b/gio/tests/tls-tests/client-and-key.pem
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQkwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTAxMTgwNjA0MTFaFw0yMTAxMTUwNjA0
+MTFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA3LuElj2QB9wQvmIxk2Jmb
+IPP2/WS8dwPoCv/N3+6nTx8yRsrILf4QsnEbbsxoYO5jW4r9Kt8m8B/M7YgnBDE9
+zlm7JbXKZf2isSm5TyT627Ymzxrzs5d+7o2eS7SN1DB6PyvRh2ye7EMbyEYD8ULi
+itDUkYkssNCVivYwVvJoMg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAwSA0Mz92De30Mc0A/P9vzstLERoqGhnwBw0HKbcsQ50KdcYS
+cp/Rv2WRPlxpe7kYAzzhqFMInufv1FU2uoYozuNsF1Jf5lR+SolA+E5cPb7SeJhC
+Jwf3afPvyTGaOVuLO93d8zUGU74L/741Z/YQCE5FUCO8msc2iQmnc9M1EnVZa14d
+5T0/B8aZYcpVzUiC9EUwfTzrTghnNfkJzEiD9vnqDbsDsIE+H8o7+opMMsUU0ZzV
+PZqy9j8/f4943rL6V4UdK0JO7tEGL+XiFzNl2fCrcEZPqaeMQ3vBq7azukDTrtJe
+KY06RiLl+DCykweLx8laZjIHKlSZAFHPB+bvsQIDAQABAoIBAQCQUI1RYnHIdPFO
+qZ+8bvDQ+g8tR30ApjM8QZsBrDRyjg579bhhWVY2jSJdFFdqseTkvoDt9KZzgGQy
+Kj9MYOZru3xRbSfmiWsaLbiUFJJPPaIvpa+BVS2oSjX8BYn2pJbF9MRfclc5CsIS
+qMNl3XUbj8mx2hKdIpJ5EvLD1adKE4Se6peqSZAmEHONNCsrMrQ0GSQqV3viInJr
+tc3kp3HcPffSROWqmc6jAJ77Cs3ApgJavL5RGjx30Kd+dKVq4PXZ+IhWM8dOSput
+wcyxEosiP/W2g0rDgNW2mGOVOwa/D5SnOolicHifdV7idjwLAjkyYgvmBMNSsECj
+yKBkE0gxAoGBAN8iHMumyvriHuj9bSLZ1bcyYFz7jIwUxpHTT7VqN/j/Y1BoBIBy
+ZZLDGMa+ID/brpRHzJQAKSNtbFQ0S1HTSKcFud5OWE8Rp3pQJU+sdeO3pCMWAD1z
+Q4ggF07JjTSSnK+4fcXgEN9P2OdfXy7Rj3HFpSahql55Kp5udoUdzUVFAoGBAN2S
+krlcEuqsEYjqsCJw5pctIwPMvCM51JgirrdETwSGquMklSrobH0PHMlR67gsA/9I
+UGShT0LL4UWYpBn/4xLrLbua5aHIBfQQZp9K6jDZddWS+EFL5JkO/Up4/qM6fUbH
+CuweVv1gd6i2Ti35K60mgx6MqVunaB1k8Q9P3Pl9AoGALSVtxha9Qv21W1bLWh3R
+C/v5W1baHQ2nD6I9omsXYB3sLjydjI+Y1ZT70lptk/4S2JWeYuOVb0GYhYD/LFMf
+hAu4i642V+kuhaTpp7ExOR3S6/ZrngNQSp6TmLFXDKgNY9BkQkEPqN8y971oOMTV
+zSM8QxC6s9q4MM4Q1OYuvjECgYEAsO2V1AW95T45Ukd1FktpFlaomyQlJ0vKgyFO
+unEFV+vhETfpFTY7SzGCHxAXVh1vo62u5Gwayo/a9qQIhepa/IRnJGNv8luyxU1D
+ZPeBQjija0PMkPd1NvNNNuafDuBpoNbX1ev0MqeRZVsN2pAZXE5gbUiNA+8NqEsu
+Yre3EFECgYEA13rXE76zZgsefx+2spjqJDUWEmTDd1460xTtxCCgL9dy4rW5bgwo
+MvINphSUXOwSkn8Oja/IvpN28zSj9W/ci5wU52P5w4blkBmuj8UoCjP2FN1b1OBa
+86mkwVsCYUyyI2apuwrHP77yeb8jXZb+reqSns3hU+HyO/nUTVmnews=
+-----END RSA PRIVATE KEY-----
diff --git a/gio/tests/tls.c b/gio/tests/tls.c
index 492ca97..a608da1 100644
--- a/gio/tests/tls.c
+++ b/gio/tests/tls.c
@@ -35,10 +35,12 @@
typedef struct {
GMainLoop *loop;
GSocketService *service;
+ GTlsDatabase *database;
GIOStream *server_connection;
GIOStream *client_connection;
GSocketConnectable *identity;
GSocketAddress *address;
+ GTlsAuthenticationMode auth_mode;
} TestConnection;
static void
@@ -49,6 +51,8 @@ setup_connection (TestConnection *test, gconstpointer data)
test->loop = g_main_loop_new (NULL, FALSE);
+ test->auth_mode = G_TLS_AUTHENTICATION_NONE;
+
/* This is where the server listens and the client connects */
port = g_random_int_range (50000, 65000);
inet = g_inet_address_new_from_string ("127.0.0.1");
@@ -64,15 +68,40 @@ teardown_connection (TestConnection *test, gconstpointer data)
{
if (test->service)
g_object_unref (test->service);
+
if (test->server_connection)
- g_object_unref (test->server_connection);
+ {
+ g_assert (G_IS_TLS_SERVER_CONNECTION (test->server_connection));
+ g_object_unref (test->server_connection);
+ g_assert (!G_IS_TLS_SERVER_CONNECTION (test->server_connection));
+ }
+
if (test->client_connection)
- g_object_unref (test->client_connection);
+ {
+ g_assert (G_IS_TLS_CLIENT_CONNECTION (test->client_connection));
+ g_object_unref (test->client_connection);
+ g_assert (!G_IS_TLS_SERVER_CONNECTION (test->client_connection));
+ }
+
+ if (test->database)
+ {
+ g_assert (G_IS_TLS_DATABASE (test->database));
+ g_object_unref (test->database);
+ g_assert (!G_IS_TLS_DATABASE (test->database));
+ }
+
g_object_unref (test->address);
g_object_unref (test->identity);
g_main_loop_unref (test->loop);
}
+static gboolean
+on_server_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert,
+ GTlsCertificateFlags errors, gpointer user_data)
+{
+ return errors == 0;
+}
+
static void
on_output_close_finish (GObject *object,
GAsyncResult *res,
@@ -119,6 +148,13 @@ on_incoming_connection (GSocketService *service,
g_assert_no_error (error);
g_object_unref (cert);
+ g_object_set (test->server_connection, "authentication-mode", test->auth_mode, NULL);
+ g_signal_connect (test->server_connection, "accept-certificate",
+ G_CALLBACK (on_server_accept_certificate), test);
+
+ if (test->database)
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->server_connection), test->database);
+
stream = g_io_stream_get_output_stream (test->server_connection);
g_output_stream_write_async (stream, TEST_DATA, TEST_DATA_LENGTH,
@@ -128,7 +164,7 @@ on_incoming_connection (GSocketService *service,
}
static void
-start_server_service (TestConnection *test)
+start_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode)
{
GError *error = NULL;
@@ -139,17 +175,18 @@ start_server_service (TestConnection *test)
NULL, NULL, &error);
g_assert_no_error (error);
+ test->auth_mode = auth_mode;
g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test);
}
static GIOStream*
-start_server_and_connect_to_it (TestConnection *test)
+start_server_and_connect_to_it (TestConnection *test, GTlsAuthenticationMode auth_mode)
{
GSocketClient *client;
GError *error = NULL;
GSocketConnection *connection;
- start_server_service (test);
+ start_server_service (test, auth_mode);
client = g_socket_client_new ();
connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
@@ -203,9 +240,10 @@ test_basic_connection (TestConnection *test,
GIOStream *connection;
GError *error = NULL;
- connection = start_server_and_connect_to_it (test);
+ connection = start_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
+ g_object_unref (connection);
/* No validation at all in this test */
g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
@@ -220,23 +258,59 @@ test_verified_connection (TestConnection *test,
gconstpointer data)
{
GIOStream *connection;
- GTlsDatabase *database;
GError *error = NULL;
gchar *path;
path = g_build_filename (SRCDIR, "tls-tests", "ca.pem", NULL);
- database = g_tls_file_database_new (path, &error);
+ test->database = g_tls_file_database_new (path, &error);
g_assert_no_error (error);
- g_assert (database);
+ g_assert (test->database);
g_free (path);
- connection = start_server_and_connect_to_it (test);
+ connection = start_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
- g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), database);
- g_object_unref (database);
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+}
+
+static void
+test_client_auth_connection (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GTlsCertificate *cert;
+ gchar *path;
+
+ path = g_build_filename (SRCDIR, "tls-tests", "ca.pem", NULL);
+ test->database = g_tls_file_database_new (path, &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+ g_free (path);
+
+ connection = start_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ path = g_build_filename (SRCDIR, "tls-tests", "client-and-key.pem", NULL);
+ cert = g_tls_certificate_new_from_file (path, &error);
+ g_assert_no_error (error);
+ g_free (path);
+
+ g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
+ g_object_unref (cert);
/* All validation in this test */
g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
@@ -366,6 +440,8 @@ main (int argc,
setup_connection, test_basic_connection, teardown_connection);
g_test_add ("/tls/connection/verified", TestConnection, NULL,
setup_connection, test_verified_connection, teardown_connection);
+ g_test_add ("/tls/connection/client-auth", TestConnection, NULL,
+ setup_connection, test_client_auth_connection, teardown_connection);
g_test_add_func ("/tls/backend/default-database-is-singleton",
test_default_database_is_singleton);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
