[glib] Add certificate chain construction test
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib] Add certificate chain construction test
- Date: Sat, 29 Aug 2015 14:28:09 +0000 (UTC)
commit 516adb99c094fc2c4dcb95f97f9d251d7bba1716
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Fri Aug 28 19:47:19 2015 -0500
Add certificate chain construction test
Enhance GTestTlsBackend to allow setting the issuer property of
GTlsCertificates, and add a test to ensure certificate chain
construction with g_tls_certificate_new_from_pem() works as expected.
https://bugzilla.gnome.org/show_bug.cgi?id=754264
gio/tests/cert-tests/cert-list.pem | 16 ++++++++
gio/tests/gtesttlsbackend.c | 9 ++++-
gio/tests/tls-certificate.c | 69 ++++++++++++++++++++++++++++++++++++
3 files changed, 93 insertions(+), 1 deletions(-)
---
diff --git a/gio/tests/cert-tests/cert-list.pem b/gio/tests/cert-tests/cert-list.pem
index bf2fb31..ffab3f4 100644
--- a/gio/tests/cert-tests/cert-list.pem
+++ b/gio/tests/cert-tests/cert-list.pem
@@ -50,3 +50,19 @@ E6GlY2rvjCf0BpW0t4zKL/wvA5tBmuOWYg93psHgIdSNgkmfbA1kvD6kXehQlt1F
5yZJP91/VND5LHvXf5TcAmr/KeQAPYvqfiGYXuvHDLA9y9OOyTBMURLYfWuo9HZt
xeI14sZ9udXwtUhgcvXrBFzlRfkbojuMZw==
-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
+P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
+dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
+AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
+gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
+Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
+pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
++3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
+Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
+oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
+J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
+aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
+HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t
+-----END RSA PRIVATE KEY-----
+>>>> Garbage to be ignore <<<<
diff --git a/gio/tests/gtesttlsbackend.c b/gio/tests/gtesttlsbackend.c
index d5417fd..b97e4ef 100644
--- a/gio/tests/gtesttlsbackend.c
+++ b/gio/tests/gtesttlsbackend.c
@@ -68,6 +68,7 @@ struct _GTestTlsCertificate {
GTlsCertificate parent_instance;
gchar *key_pem;
gchar *cert_pem;
+ GTlsCertificate *issuer;
};
struct _GTestTlsCertificateClass {
@@ -117,6 +118,9 @@ g_test_tls_certificate_get_property (GObject *object,
case PROP_CERT_PRIVATE_KEY_PEM:
g_value_set_string (value, cert->key_pem);
break;
+ case PROP_CERT_ISSUER:
+ g_value_set_object (value, cert->issuer);
+ break;
default:
g_assert_not_reached ();
break;
@@ -139,9 +143,11 @@ g_test_tls_certificate_set_property (GObject *object,
case PROP_CERT_PRIVATE_KEY_PEM:
cert->key_pem = g_value_dup_string (value);
break;
+ case PROP_CERT_ISSUER:
+ cert->issuer = g_value_dup_object (value);
+ break;
case PROP_CERT_CERTIFICATE:
case PROP_CERT_PRIVATE_KEY:
- case PROP_CERT_ISSUER:
/* ignore */
break;
default:
@@ -157,6 +163,7 @@ g_test_tls_certificate_finalize (GObject *object)
g_free (cert->cert_pem);
g_free (cert->key_pem);
+ g_clear_object (&cert->issuer);
}
static void
diff --git a/gio/tests/tls-certificate.c b/gio/tests/tls-certificate.c
index 4d1de1d..9770272 100644
--- a/gio/tests/tls-certificate.c
+++ b/gio/tests/tls-certificate.c
@@ -123,6 +123,73 @@ pem_parser (const Reference *ref)
}
static void
+pem_parser_handles_chain (const Reference *ref)
+{
+ GTlsCertificate *cert;
+ GTlsCertificate *issuer;
+ GTlsCertificate *original_cert;
+ gchar *pem;
+ gchar *parsed_cert_pem = NULL;
+ const gchar *parsed_key_pem = NULL;
+ GError *error = NULL;
+
+ /* Check that a chain with exactly three certificates is returned */
+ g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL,
&error);
+ g_assert_no_error (error);
+ g_assert (pem);
+
+ cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error);
+ g_free (pem);
+ g_assert_no_error (error);
+ g_assert (cert);
+
+ g_object_get (cert,
+ "certificate-pem", &parsed_cert_pem,
+ NULL);
+ g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
+ g_clear_pointer (&parsed_cert_pem, g_free);
+
+ /* Make sure the private key was parsed */
+ parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
+ g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
+ parsed_key_pem = NULL;
+
+ /* Now test the second cert */
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer);
+
+ cert = issuer;
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer);
+
+ g_object_get (cert,
+ "certificate-pem", &parsed_cert_pem,
+ NULL);
+ g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[1]);
+ g_clear_pointer (&parsed_cert_pem, g_free);
+
+ /* Only the first cert should have a private key */
+ parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
+ g_assert (!parsed_key_pem);
+
+ /* Now test the final cert */
+ cert = issuer;
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (!issuer);
+
+ g_object_get (cert,
+ "certificate-pem", &parsed_cert_pem,
+ NULL);
+ g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[2]);
+ g_clear_pointer (&parsed_cert_pem, g_free);
+
+ parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
+ g_assert (!parsed_key_pem);
+
+ g_object_unref (original_cert);
+}
+
+static void
from_file (const Reference *ref)
{
GTlsCertificate *cert;
@@ -305,6 +372,8 @@ main (int argc,
g_test_add_data_func ("/tls-certificate/pem-parser",
&ref, (GTestDataFunc)pem_parser);
+ g_test_add_data_func ("/tls-certificate/pem-parser-handles-chain",
+ &ref, (GTestDataFunc)pem_parser_handles_chain);
g_test_add_data_func ("/tls-certificate/from_file",
&ref, (GTestDataFunc)from_file);
g_test_add_data_func ("/tls-certificate/from_files",
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
