colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils

Browse Source 
Rather than having test-crypto and test-setting-8021x be programs that
you have to pass arguments to to get them to run a single test, just
have them run all of the tests themselves.

This lets us get rid of the big "check-local" rule in Makefile.am and
just use TESTS to run everything.

https://bugzilla.gnome.org/show_bug.cgi?id=734388
This commit is contained in:
Dan Winship
2014-08-06 20:19:07 -04:00
parent 7cd69584eb
commit 964b9f3513
6 changed files with 336 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
libnm-core/tests/Makefile.am
View File

@@ -25,66 +25,6 @@ LDADD = \
$(GLIB_LIBS) \ $(GLIB_LIBS) \
$(DBUS_LIBS) $(DBUS_LIBS)
check-local: test-crypto test-setting-8021x TESTS = $(noinst_PROGRAMS)
# Private key and CA certificate in the same file (PEM)
$(abs_builddir)/test-setting-8021x $(certsdir)/test_key_and_cert.pem "test"
# Private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(certsdir)/test-key-only.pem "test"
# PKCS#8 private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(certsdir)/pkcs8-enc-key.pem "1234567890"
# Private key and CA certificate in the same file (pkcs12)
$(abs_builddir)/test-setting-8021x $(certsdir)/test-cert.p12 "test"
# Normal CA certificate
$(abs_builddir)/test-crypto --cert $(certsdir)/test_ca_cert.pem
# Another CA certificate
$(abs_builddir)/test-crypto --cert $(certsdir)/test2_ca_cert.pem
# Normal CA certificate (DER format)
$(abs_builddir)/test-crypto --cert $(certsdir)/test_ca_cert.der
# CA certificate without an ending newline
$(abs_builddir)/test-crypto --cert $(certsdir)/ca-no-ending-newline.pem
# Combined user cert and private key
$(abs_builddir)/test-crypto --cert $(certsdir)/test_key_and_cert.pem
# Another combined user cert and private key
$(abs_builddir)/test-crypto --cert $(certsdir)/test2_key_and_cert.pem
# Private key with 8 bytes of tail padding
$(abs_builddir)/test-crypto --key \
$(certsdir)/test_key_and_cert.pem \
"test" \
$(certsdir)/test-key-only-decrypted.der
# Private key only (not combined with a cert)
$(abs_builddir)/test-crypto --key \
$(certsdir)/test-key-only.pem \
"test" \
$(certsdir)/test-key-only-decrypted.der
# Private key with 6 bytes of tail padding
$(abs_builddir)/test-crypto --key $(certsdir)/test2_key_and_cert.pem "12345testing"
# PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(certsdir)/test-cert.p12 "test"
# Another PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(certsdir)/test2-cert.p12 "12345testing"
# PKCS#8 encrypted private key
$(abs_builddir)/test-crypto --pkcs8 \
$(certsdir)/pkcs8-enc-key.pem \
"1234567890"
# Private key with AES cipher
$(abs_builddir)/test-crypto --key $(certsdir)/test-aes-key.pem "test-aes-password"
TESTS = test-settings-defaults test-secrets test-general test-setting-dcb
endif endif

165
libnm-core/tests/test-crypto.c
View File

@@ -92,18 +92,21 @@ out:
#endif #endif
static void static void
test_load_cert (const char *path, const char *desc) test_cert (gconstpointer test_data)
{ {
char *path;
GByteArray *array; GByteArray *array;
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL; GError *error = NULL;
path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
array = crypto_load_and_verify_certificate (path, &format, &error); array = crypto_load_and_verify_certificate (path, &format, &error);
ASSERT (array != NULL, desc, ASSERT (array != NULL, "cert",
"couldn't read certificate file '%s': %d %s", "couldn't read certificate file '%s': %d %s",
path, error->code, error->message); path, error->code, error->message);
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, desc, ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert",
"%s: unexpected certificate format (expected %d, got %d)", "%s: unexpected certificate format (expected %d, got %d)",
path, NM_CRYPTO_FILE_FORMAT_X509, format); path, NM_CRYPTO_FILE_FORMAT_X509, format);
@@ -330,55 +333,137 @@ test_encrypt_private_key (const char *path,
g_byte_array_free (array, TRUE); g_byte_array_free (array, TRUE);
} }
int main (int argc, char **argv) static void
test_key (gconstpointer test_data)
{
char **parts, *path, *password, *decrypted_path;
int len;
parts = g_strsplit ((const char *) test_data, ", ", -1);
len = g_strv_length (parts);
ASSERT (len == 2 || len == 3, "test-crypto",
"wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
test_encrypt_private_key (path, password, "private-key-rencrypt");
g_free (path);
g_free (decrypted_path);
g_strfreev (parts);
}
static void
test_pkcs12 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, FALSE, "is-pkcs12");
test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
g_free (path);
g_strfreev (parts);
}
static void
test_pkcs8 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
/* Until gnutls and NSS grow support for all the ciphers that openssl
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being.
*/
test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
g_free (path);
g_strfreev (parts);
}
NMTST_DEFINE ();
int
main (int argc, char **argv)
{ {
GError *error = NULL; GError *error = NULL;
char *progname; int ret;
ASSERT (argc > 2, "test-crypto", nmtst_init (&argc, &argv, TRUE);
"wrong number of arguments (expected at least an operation and an object)");
if (!crypto_init (&error)) if (!crypto_init (&error))
FAIL ("crypto-init", "failed to initialize crypto: %s", error->message); FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
if (!strcmp (argv[1], "--cert")) g_test_add_data_func ("/libnm/crypto/cert/pem",
test_load_cert (argv[2], "cert"); "test_ca_cert.pem",
else if (!strcmp (argv[1], "--key")) { test_cert);
const char *decrypted_path = (argc == 5) ? argv[4] : NULL; g_test_add_data_func ("/libnm/crypto/cert/pem-2",
"test2_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/der",
"test_ca_cert.der",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
"ca-no-ending-newline.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
"test_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
"test2_key_and_cert.pem",
test_cert);
ASSERT (argc == 4 || argc == 5, "test-crypto", g_test_add_data_func ("/libnm/crypto/key/padding-6",
"wrong number of arguments (--key <key file> <password> [<decrypted key file>])"); "test_key_and_cert.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/key-only",
"test-key-only.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/padding-8",
"test2_key_and_cert.pem, 12345testing",
test_key);
g_test_add_data_func ("/libnm/crypto/key/aes",
"test-aes-key.pem, test-aes-password",
test_key);
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12"); g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
test_load_private_key (argv[2], argv[3], decrypted_path, FALSE, "private-key"); "test-cert.p12, test",
test_load_private_key (argv[2], "blahblahblah", NULL, TRUE, "private-key-bad-password"); test_pkcs12);
test_load_private_key (argv[2], NULL, NULL, TRUE, "private-key-no-password"); g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt"); "test2-cert.p12, 12345testing",
} else if (!strcmp (argv[1], "--p12")) { test_pkcs12);
test_is_pkcs12 (argv[2], FALSE, "is-pkcs12");
test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key");
test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (argv[2], "pkcs12-private-key-no-password");
} else if (!strcmp (argv[1], "--pkcs8")) {
ASSERT (argc == 4, "test-crypto",
"wrong number of arguments (--pkcs8 <key file> <password>)");
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12"); g_test_add_data_func ("/libnm/crypto/PKCS#8",
test_load_pkcs8 (argv[2], argv[3], FALSE, "pkcs8-private-key"); "pkcs8-enc-key.pem, 1234567890",
/* Until gnutls and NSS grow support for all the ciphers that openssl test_pkcs8);
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being. ret = g_test_run ();
*/
test_load_pkcs8 (argv[2], "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
} else {
ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)");
}
crypto_deinit (); crypto_deinit ();
progname = g_path_get_basename (argv[0]); return ret;
fprintf (stdout, "%s: SUCCESS\n", progname);
g_free (progname);
return 0;
} }

63
libnm-core/tests/test-setting-8021x.c
View File

@@ -404,40 +404,57 @@ test_clear_phase2_private_key (const char *path, const char *password)
g_object_unref (s_8021x); g_object_unref (s_8021x);
} }
int main (int argc, char **argv) static void
do_8021x_test (gconstpointer test_data)
{ {
GError *error = NULL; char **parts, *path, *password;
char *base;
if (argc < 3) parts = g_strsplit ((const char *) test_data, ", ", -1);
FAIL ("init", "need at least two arguments: <path> <password>"); g_assert_cmpint (g_strv_length (parts), ==, 2);
#if !GLIB_CHECK_VERSION (2, 35, 0) path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
g_type_init (); password = parts[1];
#endif
if (!nm_utils_init (&error))
FAIL ("nm-utils-init", "failed to initialize libnm: %s", error->message);
/* Test phase1 and phase2 path scheme */ /* Test phase1 and phase2 path scheme */
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH); test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH); test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
/* Test phase1 and phase2 blob scheme */ /* Test phase1 and phase2 blob scheme */
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB); test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB); test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
/* Test that using a wrong password does not change existing data */ /* Test that using a wrong password does not change existing data */
test_wrong_password_keeps_data (argv[1], argv[2]); test_wrong_password_keeps_data (path, password);
test_wrong_phase2_password_keeps_data (argv[1], argv[2]); test_wrong_phase2_password_keeps_data (path, password);
/* Test clearing the private key */ /* Test clearing the private key */
test_clear_private_key (argv[1], argv[2]); test_clear_private_key (path, password);
test_clear_phase2_private_key (argv[1], argv[2]); test_clear_phase2_private_key (path, password);
base = g_path_get_basename (argv[0]); g_free (path);
fprintf (stdout, "%s: SUCCESS\n", base); g_strfreev (parts);
g_free (base); }
return 0;
NMTST_DEFINE ();
int
main (int argc, char **argv)
{
nmtst_init (&argc, &argv, TRUE);
g_test_add_data_func ("/libnm/setting-8021x/key-and-cert",
"test_key_and_cert.pem, test",
do_8021x_test);
g_test_add_data_func ("/libnm/setting-8021x/key-only",
"test-key-only.pem, test",
do_8021x_test);
g_test_add_data_func ("/libnm/setting-8021x/pkcs8-enc-key",
"pkcs8-enc-key.pem, 1234567890",
do_8021x_test);
g_test_add_data_func ("/libnm/setting-8021x/pkcs12",
"test-cert.p12, test",
do_8021x_test);
return g_test_run ();
} }

69
libnm-util/tests/Makefile.am
View File

@@ -12,13 +12,16 @@ AM_CPPFLAGS = \
-DBUILD_DIR=\"$(abs_builddir)\" \ -DBUILD_DIR=\"$(abs_builddir)\" \
-DTEST_CERT_DIR=\"$(top_srcdir)/libnm-util/tests/certs/\" -DTEST_CERT_DIR=\"$(top_srcdir)/libnm-util/tests/certs/\"
noinst_PROGRAMS = \ TESTS = \
test-settings-defaults \ test-settings-defaults \
test-crypto \ test-crypto \
test-secrets \ test-secrets \
test-general \ test-general \
test-setting-8021x \ test-setting-8021x \
test-setting-dcb \ test-setting-dcb
noinst_PROGRAMS = \
$(TESTS) \
test-libnm-linking test-libnm-linking
test_settings_defaults_SOURCES = \ test_settings_defaults_SOURCES = \
@@ -80,66 +83,4 @@ test_libnm_linking_LDADD = \
$(GLIB_LIBS) \ $(GLIB_LIBS) \
$(DBUS_LIBS) $(DBUS_LIBS)
check-local: test-crypto test-setting-8021x
# Private key and CA certificate in the same file (PEM)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test_key_and_cert.pem "test"
# Private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test-key-only.pem "test"
# PKCS#8 private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/pkcs8-enc-key.pem "1234567890"
# Private key and CA certificate in the same file (pkcs12)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test-cert.p12 "test"
# Normal CA certificate
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.pem
# Another CA certificate
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_ca_cert.pem
# Normal CA certificate (DER format)
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.der
# CA certificate without an ending newline
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/ca-no-ending-newline.pem
# Combined user cert and private key
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_key_and_cert.pem
# Another combined user cert and private key
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_key_and_cert.pem
# Private key with 8 bytes of tail padding
$(abs_builddir)/test-crypto --key \
$(srcdir)/certs/test_key_and_cert.pem \
"test" \
$(srcdir)/certs/test-key-only-decrypted.der
# Private key only (not combined with a cert)
$(abs_builddir)/test-crypto --key \
$(srcdir)/certs/test-key-only.pem \
"test" \
$(srcdir)/certs/test-key-only-decrypted.der
# Private key with 6 bytes of tail padding
$(abs_builddir)/test-crypto --key $(srcdir)/certs/test2_key_and_cert.pem "12345testing"
# PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(srcdir)/certs/test-cert.p12 "test"
# Another PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(srcdir)/certs/test2-cert.p12 "12345testing"
# PKCS#8 encrypted private key
$(abs_builddir)/test-crypto --pkcs8 \
$(srcdir)/certs/pkcs8-enc-key.pem \
"1234567890"
# Private key with AES cipher
$(abs_builddir)/test-crypto --key $(srcdir)/certs/test-aes-key.pem "test-aes-password"
TESTS = test-settings-defaults test-secrets test-general test-setting-dcb
endif endif

165
libnm-util/tests/test-crypto.c
View File

@@ -92,18 +92,21 @@ out:
#endif #endif
static void static void
test_load_cert (const char *path, const char *desc) test_cert (gconstpointer test_data)
{ {
char *path;
GByteArray *array; GByteArray *array;
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL; GError *error = NULL;
path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
array = crypto_load_and_verify_certificate (path, &format, &error); array = crypto_load_and_verify_certificate (path, &format, &error);
ASSERT (array != NULL, desc, ASSERT (array != NULL, "cert",
"couldn't read certificate file '%s': %d %s", "couldn't read certificate file '%s': %d %s",
path, error->code, error->message); path, error->code, error->message);
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, desc, ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert",
"%s: unexpected certificate format (expected %d, got %d)", "%s: unexpected certificate format (expected %d, got %d)",
path, NM_CRYPTO_FILE_FORMAT_X509, format); path, NM_CRYPTO_FILE_FORMAT_X509, format);
@@ -330,55 +333,137 @@ test_encrypt_private_key (const char *path,
g_byte_array_free (array, TRUE); g_byte_array_free (array, TRUE);
} }
int main (int argc, char **argv) static void
test_key (gconstpointer test_data)
{
char **parts, *path, *password, *decrypted_path;
int len;
parts = g_strsplit ((const char *) test_data, ", ", -1);
len = g_strv_length (parts);
ASSERT (len == 2 || len == 3, "test-crypto",
"wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
test_encrypt_private_key (path, password, "private-key-rencrypt");
g_free (path);
g_free (decrypted_path);
g_strfreev (parts);
}
static void
test_pkcs12 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, FALSE, "is-pkcs12");
test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
g_free (path);
g_strfreev (parts);
}
static void
test_pkcs8 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
/* Until gnutls and NSS grow support for all the ciphers that openssl
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being.
*/
test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
g_free (path);
g_strfreev (parts);
}
NMTST_DEFINE ();
int
main (int argc, char **argv)
{ {
GError *error = NULL; GError *error = NULL;
char *progname; int ret;
ASSERT (argc > 2, "test-crypto", nmtst_init (&argc, &argv, TRUE);
"wrong number of arguments (expected at least an operation and an object)");
if (!crypto_init (&error)) if (!crypto_init (&error))
FAIL ("crypto-init", "failed to initialize crypto: %s", error->message); FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
if (!strcmp (argv[1], "--cert")) g_test_add_data_func ("/libnm/crypto/cert/pem",
test_load_cert (argv[2], "cert"); "test_ca_cert.pem",
else if (!strcmp (argv[1], "--key")) { test_cert);
const char *decrypted_path = (argc == 5) ? argv[4] : NULL; g_test_add_data_func ("/libnm/crypto/cert/pem-2",
"test2_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/der",
"test_ca_cert.der",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
"ca-no-ending-newline.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
"test_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
"test2_key_and_cert.pem",
test_cert);
ASSERT (argc == 4 || argc == 5, "test-crypto", g_test_add_data_func ("/libnm/crypto/key/padding-6",
"wrong number of arguments (--key <key file> <password> [<decrypted key file>])"); "test_key_and_cert.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/key-only",
"test-key-only.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/padding-8",
"test2_key_and_cert.pem, 12345testing",
test_key);
g_test_add_data_func ("/libnm/crypto/key/aes",
"test-aes-key.pem, test-aes-password",
test_key);
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12"); g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
test_load_private_key (argv[2], argv[3], decrypted_path, FALSE, "private-key"); "test-cert.p12, test",
test_load_private_key (argv[2], "blahblahblah", NULL, TRUE, "private-key-bad-password"); test_pkcs12);
test_load_private_key (argv[2], NULL, NULL, TRUE, "private-key-no-password"); g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt"); "test2-cert.p12, 12345testing",
} else if (!strcmp (argv[1], "--p12")) { test_pkcs12);
test_is_pkcs12 (argv[2], FALSE, "is-pkcs12");
test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key");
test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (argv[2], "pkcs12-private-key-no-password");
} else if (!strcmp (argv[1], "--pkcs8")) {
ASSERT (argc == 4, "test-crypto",
"wrong number of arguments (--pkcs8 <key file> <password>)");
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12"); g_test_add_data_func ("/libnm/crypto/PKCS#8",
test_load_pkcs8 (argv[2], argv[3], FALSE, "pkcs8-private-key"); "pkcs8-enc-key.pem, 1234567890",
/* Until gnutls and NSS grow support for all the ciphers that openssl test_pkcs8);
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being. ret = g_test_run ();
*/
test_load_pkcs8 (argv[2], "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
} else {
ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)");
}
crypto_deinit (); crypto_deinit ();
progname = g_path_get_basename (argv[0]); return ret;
fprintf (stdout, "%s: SUCCESS\n", progname);
g_free (progname);
return 0;
} }

63
libnm-util/tests/test-setting-8021x.c
View File

@@ -404,40 +404,57 @@ test_clear_phase2_private_key (const char *path, const char *password)
g_object_unref (s_8021x); g_object_unref (s_8021x);
} }
int main (int argc, char **argv) static void
do_8021x_test (gconstpointer test_data)
{ {
GError *error = NULL; char **parts, *path, *password;
char *base;
if (argc < 3) parts = g_strsplit ((const char *) test_data, ", ", -1);
FAIL ("init", "need at least two arguments: <path> <password>"); g_assert_cmpint (g_strv_length (parts), ==, 2);
#if !GLIB_CHECK_VERSION (2, 35, 0) path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
g_type_init (); password = parts[1];
#endif
if (!nm_utils_init (&error))
FAIL ("nm-utils-init", "failed to initialize libnm-util: %s", error->message);
/* Test phase1 and phase2 path scheme */ /* Test phase1 and phase2 path scheme */
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH); test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH); test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
/* Test phase1 and phase2 blob scheme */ /* Test phase1 and phase2 blob scheme */
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB); test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB); test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
/* Test that using a wrong password does not change existing data */ /* Test that using a wrong password does not change existing data */
test_wrong_password_keeps_data (argv[1], argv[2]); test_wrong_password_keeps_data (path, password);
test_wrong_phase2_password_keeps_data (argv[1], argv[2]); test_wrong_phase2_password_keeps_data (path, password);
/* Test clearing the private key */ /* Test clearing the private key */
test_clear_private_key (argv[1], argv[2]); test_clear_private_key (path, password);
test_clear_phase2_private_key (argv[1], argv[2]); test_clear_phase2_private_key (path, password);
base = g_path_get_basename (argv[0]); g_free (path);
fprintf (stdout, "%s: SUCCESS\n", base); g_strfreev (parts);
g_free (base); }
return 0;
NMTST_DEFINE ();
int
main (int argc, char **argv)
{
nmtst_init (&argc, &argv, TRUE);
g_test_add_data_func ("/libnm-utils/setting-8021x/key-and-cert",
"test_key_and_cert.pem, test",
do_8021x_test);
g_test_add_data_func ("/libnm-utils/setting-8021x/key-only",
"test-key-only.pem, test",
do_8021x_test);
g_test_add_data_func ("/libnm-utils/setting-8021x/pkcs8-enc-key",
"pkcs8-enc-key.pem, 1234567890",
do_8021x_test);
g_test_add_data_func ("/libnm-utils/setting-8021x/pkcs12",
"test-cert.p12, test",
do_8021x_test);
return g_test_run ();
} }