[glib-networking] Add a couple garbage certificate tests

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking] Add a couple garbage certificate tests
Date: Mon, 5 Mar 2018 02:40:26 +0000 (UTC)
commit 985277a3e745dc83da1297a5457df875bc156c12
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Sun Feb 25 22:00:56 2018 -0600

    Add a couple garbage certificate tests
    
    Ensure that creating a GTlsCertificate using a JPEG astronaut returns
    NULL.
    
    Also ensure that a GTlsDatabase containing only a JPEG astronaut does
    not permit successful certificate verification.
    
    More such tests are possible, but these are easy and a good start.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=793712

 tls/tests/certificate.c     |   21 +++++++++++++++++++++
 tls/tests/connection.c      |   35 +++++++++++++++++++++++++++++++++++
 tls/tests/files/garbage.pem |  Bin 0 -> 3034 bytes
 3 files changed, 56 insertions(+), 0 deletions(-)
---
diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
index d48f63a..6537a36 100644
--- a/tls/tests/certificate.c
+++ b/tls/tests/certificate.c
@@ -226,6 +226,24 @@ test_create_certificate_with_issuer (TestCertificate   *test,
 }
 
 static void
+test_create_certificate_with_garbage_input (TestCertificate *test,
+                                            gconstpointer data)
+{
+  GTlsCertificate *cert;
+  GError *error = NULL;
+
+  cert = g_tls_certificate_new_from_file (tls_test_file_path ("garbage.pem"), &error);
+  g_assert (cert == NULL);
+  g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+  g_clear_error (&error);
+
+  cert = g_tls_certificate_new_from_pem ("I am not a very good certificate.", -1, &error);
+  g_assert (cert == NULL);
+  g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+  g_clear_error (&error);
+}
+
+static void
 test_create_certificate_chain (void)
 {
   GTlsCertificate *cert, *intermediate, *root;
@@ -554,6 +572,9 @@ main (int   argc,
               setup_certificate, test_create_with_key_der, teardown_certificate);
   g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
               setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
+  g_test_add ("/tls/certificate/create-with-garbage-input", TestCertificate, NULL,
+              setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
+
   g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain);
   g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain);
   g_test_add_func ("/tls/certificate/create-list", test_create_list);
diff --git a/tls/tests/connection.c b/tls/tests/connection.c
index c93cc2e..bf9e154 100644
--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
@@ -2078,6 +2078,39 @@ test_output_stream_close (TestConnection *test,
   g_assert (ret);
 }
 
+static void
+test_garbage_database (TestConnection *test,
+                       gconstpointer   data)
+{
+  GIOStream *connection;
+  GError *error = NULL;
+
+  test->database = g_tls_file_database_new (tls_test_file_path ("garbage.pem"), &error);
+  g_assert_no_error (error);
+  g_assert (test->database);
+
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_assert (test->client_connection);
+  g_object_unref (connection);
+
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+  /* All validation in this test */
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+
+  /* Should reject the server's certificate, because our TLS database contains
+   * no valid certificates.
+   */
+  g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+  g_assert_no_error (test->server_error);
+}
+
 int
 main (int   argc,
       char *argv[])
@@ -2151,6 +2184,8 @@ main (int   argc,
               setup_connection, test_output_stream_close, teardown_connection);
   g_test_add ("/tls/connection/fallback", TestConnection, NULL,
               setup_connection, test_fallback, teardown_connection);
+  g_test_add ("/tls/connection/garbage-database", TestConnection, NULL,
+              setup_connection, test_garbage_database, teardown_connection);
 
   ret = g_test_run ();
 
diff --git a/tls/tests/files/garbage.pem b/tls/tests/files/garbage.pem
new file mode 100644
index 0000000..4b79f0e
Binary files /dev/null and b/tls/tests/files/garbage.pem differ
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]