libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils
Rather than having test-crypto and test-setting-8021x be programs that you have to pass arguments to to get them to run a single test, just have them run all of the tests themselves. This lets us get rid of the big "check-local" rule in Makefile.am and just use TESTS to run everything. https://bugzilla.gnome.org/show_bug.cgi?id=734388
This commit is contained in:
Dan Winship
@@ -25,66 +25,6 @@ LDADD = \
|
||||
$(GLIB_LIBS) \
|
||||
$(DBUS_LIBS)
|
||||
|
||||
check-local: test-crypto test-setting-8021x
|
||||
# Private key and CA certificate in the same file (PEM)
|
||||
$(abs_builddir)/test-setting-8021x $(certsdir)/test_key_and_cert.pem "test"
|
||||
|
||||
# Private key by itself (PEM)
|
||||
$(abs_builddir)/test-setting-8021x $(certsdir)/test-key-only.pem "test"
|
||||
|
||||
# PKCS#8 private key by itself (PEM)
|
||||
$(abs_builddir)/test-setting-8021x $(certsdir)/pkcs8-enc-key.pem "1234567890"
|
||||
|
||||
# Private key and CA certificate in the same file (pkcs12)
|
||||
$(abs_builddir)/test-setting-8021x $(certsdir)/test-cert.p12 "test"
|
||||
|
||||
# Normal CA certificate
|
||||
$(abs_builddir)/test-crypto --cert $(certsdir)/test_ca_cert.pem
|
||||
|
||||
# Another CA certificate
|
||||
$(abs_builddir)/test-crypto --cert $(certsdir)/test2_ca_cert.pem
|
||||
|
||||
# Normal CA certificate (DER format)
|
||||
$(abs_builddir)/test-crypto --cert $(certsdir)/test_ca_cert.der
|
||||
|
||||
# CA certificate without an ending newline
|
||||
$(abs_builddir)/test-crypto --cert $(certsdir)/ca-no-ending-newline.pem
|
||||
|
||||
# Combined user cert and private key
|
||||
$(abs_builddir)/test-crypto --cert $(certsdir)/test_key_and_cert.pem
|
||||
|
||||
# Another combined user cert and private key
|
||||
$(abs_builddir)/test-crypto --cert $(certsdir)/test2_key_and_cert.pem
|
||||
|
||||
# Private key with 8 bytes of tail padding
|
||||
$(abs_builddir)/test-crypto --key \
|
||||
$(certsdir)/test_key_and_cert.pem \
|
||||
"test" \
|
||||
$(certsdir)/test-key-only-decrypted.der
|
||||
|
||||
# Private key only (not combined with a cert)
|
||||
$(abs_builddir)/test-crypto --key \
|
||||
$(certsdir)/test-key-only.pem \
|
||||
"test" \
|
||||
$(certsdir)/test-key-only-decrypted.der
|
||||
|
||||
# Private key with 6 bytes of tail padding
|
||||
$(abs_builddir)/test-crypto --key $(certsdir)/test2_key_and_cert.pem "12345testing"
|
||||
|
||||
# PKCS#12 file
|
||||
$(abs_builddir)/test-crypto --p12 $(certsdir)/test-cert.p12 "test"
|
||||
|
||||
# Another PKCS#12 file
|
||||
$(abs_builddir)/test-crypto --p12 $(certsdir)/test2-cert.p12 "12345testing"
|
||||
|
||||
# PKCS#8 encrypted private key
|
||||
$(abs_builddir)/test-crypto --pkcs8 \
|
||||
$(certsdir)/pkcs8-enc-key.pem \
|
||||
"1234567890"
|
||||
|
||||
# Private key with AES cipher
|
||||
$(abs_builddir)/test-crypto --key $(certsdir)/test-aes-key.pem "test-aes-password"
|
||||
|
||||
TESTS = test-settings-defaults test-secrets test-general test-setting-dcb
|
||||
TESTS = $(noinst_PROGRAMS)
|
||||
|
||||
endif
|
||||
|
||||
@@ -92,18 +92,21 @@ out:
|
||||
#endif
|
||||
|
||||
static void
|
||||
test_load_cert (const char *path, const char *desc)
|
||||
test_cert (gconstpointer test_data)
|
||||
{
|
||||
char *path;
|
||||
GByteArray *array;
|
||||
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
|
||||
GError *error = NULL;
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
|
||||
|
||||
array = crypto_load_and_verify_certificate (path, &format, &error);
|
||||
ASSERT (array != NULL, desc,
|
||||
ASSERT (array != NULL, "cert",
|
||||
"couldn't read certificate file '%s': %d %s",
|
||||
path, error->code, error->message);
|
||||
|
||||
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, desc,
|
||||
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert",
|
||||
"%s: unexpected certificate format (expected %d, got %d)",
|
||||
path, NM_CRYPTO_FILE_FORMAT_X509, format);
|
||||
|
||||
@@ -330,55 +333,137 @@ test_encrypt_private_key (const char *path,
|
||||
g_byte_array_free (array, TRUE);
|
||||
}
|
||||
|
||||
int main (int argc, char **argv)
|
||||
static void
|
||||
test_key (gconstpointer test_data)
|
||||
{
|
||||
char **parts, *path, *password, *decrypted_path;
|
||||
int len;
|
||||
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
len = g_strv_length (parts);
|
||||
ASSERT (len == 2 || len == 3, "test-crypto",
|
||||
"wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
|
||||
|
||||
test_is_pkcs12 (path, TRUE, "not-pkcs12");
|
||||
test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
|
||||
test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
|
||||
test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
|
||||
test_encrypt_private_key (path, password, "private-key-rencrypt");
|
||||
|
||||
g_free (path);
|
||||
g_free (decrypted_path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
static void
|
||||
test_pkcs12 (gconstpointer test_data)
|
||||
{
|
||||
char **parts, *path, *password;
|
||||
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
ASSERT (g_strv_length (parts) == 2, "test-crypto",
|
||||
"wrong number of arguments (<file>, <password>)");
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
|
||||
test_is_pkcs12 (path, FALSE, "is-pkcs12");
|
||||
test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
|
||||
test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
|
||||
test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
|
||||
|
||||
g_free (path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
static void
|
||||
test_pkcs8 (gconstpointer test_data)
|
||||
{
|
||||
char **parts, *path, *password;
|
||||
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
ASSERT (g_strv_length (parts) == 2, "test-crypto",
|
||||
"wrong number of arguments (<file>, <password>)");
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
|
||||
test_is_pkcs12 (path, TRUE, "not-pkcs12");
|
||||
test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
|
||||
/* Until gnutls and NSS grow support for all the ciphers that openssl
|
||||
* can use with PKCS#8, we can't actually verify the password. So we
|
||||
* expect a bad password to work for the time being.
|
||||
*/
|
||||
test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
|
||||
|
||||
g_free (path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
NMTST_DEFINE ();
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
GError *error = NULL;
|
||||
char *progname;
|
||||
int ret;
|
||||
|
||||
ASSERT (argc > 2, "test-crypto",
|
||||
"wrong number of arguments (expected at least an operation and an object)");
|
||||
nmtst_init (&argc, &argv, TRUE);
|
||||
|
||||
if (!crypto_init (&error))
|
||||
FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
|
||||
|
||||
if (!strcmp (argv[1], "--cert"))
|
||||
test_load_cert (argv[2], "cert");
|
||||
else if (!strcmp (argv[1], "--key")) {
|
||||
const char *decrypted_path = (argc == 5) ? argv[4] : NULL;
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem",
|
||||
"test_ca_cert.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-2",
|
||||
"test2_ca_cert.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/der",
|
||||
"test_ca_cert.der",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
|
||||
"ca-no-ending-newline.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
|
||||
"test_key_and_cert.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
|
||||
"test2_key_and_cert.pem",
|
||||
test_cert);
|
||||
|
||||
ASSERT (argc == 4 || argc == 5, "test-crypto",
|
||||
"wrong number of arguments (--key <key file> <password> [<decrypted key file>])");
|
||||
g_test_add_data_func ("/libnm/crypto/key/padding-6",
|
||||
"test_key_and_cert.pem, test, test-key-only-decrypted.der",
|
||||
test_key);
|
||||
g_test_add_data_func ("/libnm/crypto/key/key-only",
|
||||
"test-key-only.pem, test, test-key-only-decrypted.der",
|
||||
test_key);
|
||||
g_test_add_data_func ("/libnm/crypto/key/padding-8",
|
||||
"test2_key_and_cert.pem, 12345testing",
|
||||
test_key);
|
||||
g_test_add_data_func ("/libnm/crypto/key/aes",
|
||||
"test-aes-key.pem, test-aes-password",
|
||||
test_key);
|
||||
|
||||
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
|
||||
test_load_private_key (argv[2], argv[3], decrypted_path, FALSE, "private-key");
|
||||
test_load_private_key (argv[2], "blahblahblah", NULL, TRUE, "private-key-bad-password");
|
||||
test_load_private_key (argv[2], NULL, NULL, TRUE, "private-key-no-password");
|
||||
test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt");
|
||||
} else if (!strcmp (argv[1], "--p12")) {
|
||||
test_is_pkcs12 (argv[2], FALSE, "is-pkcs12");
|
||||
test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key");
|
||||
test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
|
||||
test_load_pkcs12_no_password (argv[2], "pkcs12-private-key-no-password");
|
||||
} else if (!strcmp (argv[1], "--pkcs8")) {
|
||||
ASSERT (argc == 4, "test-crypto",
|
||||
"wrong number of arguments (--pkcs8 <key file> <password>)");
|
||||
g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
|
||||
"test-cert.p12, test",
|
||||
test_pkcs12);
|
||||
g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
|
||||
"test2-cert.p12, 12345testing",
|
||||
test_pkcs12);
|
||||
|
||||
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
|
||||
test_load_pkcs8 (argv[2], argv[3], FALSE, "pkcs8-private-key");
|
||||
/* Until gnutls and NSS grow support for all the ciphers that openssl
|
||||
* can use with PKCS#8, we can't actually verify the password. So we
|
||||
* expect a bad password to work for the time being.
|
||||
*/
|
||||
test_load_pkcs8 (argv[2], "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
|
||||
} else {
|
||||
ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)");
|
||||
}
|
||||
g_test_add_data_func ("/libnm/crypto/PKCS#8",
|
||||
"pkcs8-enc-key.pem, 1234567890",
|
||||
test_pkcs8);
|
||||
|
||||
ret = g_test_run ();
|
||||
|
||||
crypto_deinit ();
|
||||
|
||||
progname = g_path_get_basename (argv[0]);
|
||||
fprintf (stdout, "%s: SUCCESS\n", progname);
|
||||
g_free (progname);
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -404,40 +404,57 @@ test_clear_phase2_private_key (const char *path, const char *password)
|
||||
g_object_unref (s_8021x);
|
||||
}
|
||||
|
||||
int main (int argc, char **argv)
|
||||
static void
|
||||
do_8021x_test (gconstpointer test_data)
|
||||
{
|
||||
GError *error = NULL;
|
||||
char *base;
|
||||
char **parts, *path, *password;
|
||||
|
||||
if (argc < 3)
|
||||
FAIL ("init", "need at least two arguments: <path> <password>");
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
g_assert_cmpint (g_strv_length (parts), ==, 2);
|
||||
|
||||
#if !GLIB_CHECK_VERSION (2, 35, 0)
|
||||
g_type_init ();
|
||||
#endif
|
||||
|
||||
if (!nm_utils_init (&error))
|
||||
FAIL ("nm-utils-init", "failed to initialize libnm: %s", error->message);
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
|
||||
/* Test phase1 and phase2 path scheme */
|
||||
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
|
||||
/* Test phase1 and phase2 blob scheme */
|
||||
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
|
||||
/* Test that using a wrong password does not change existing data */
|
||||
test_wrong_password_keeps_data (argv[1], argv[2]);
|
||||
test_wrong_phase2_password_keeps_data (argv[1], argv[2]);
|
||||
test_wrong_password_keeps_data (path, password);
|
||||
test_wrong_phase2_password_keeps_data (path, password);
|
||||
|
||||
/* Test clearing the private key */
|
||||
test_clear_private_key (argv[1], argv[2]);
|
||||
test_clear_phase2_private_key (argv[1], argv[2]);
|
||||
test_clear_private_key (path, password);
|
||||
test_clear_phase2_private_key (path, password);
|
||||
|
||||
base = g_path_get_basename (argv[0]);
|
||||
fprintf (stdout, "%s: SUCCESS\n", base);
|
||||
g_free (base);
|
||||
return 0;
|
||||
g_free (path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
NMTST_DEFINE ();
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
nmtst_init (&argc, &argv, TRUE);
|
||||
|
||||
g_test_add_data_func ("/libnm/setting-8021x/key-and-cert",
|
||||
"test_key_and_cert.pem, test",
|
||||
do_8021x_test);
|
||||
g_test_add_data_func ("/libnm/setting-8021x/key-only",
|
||||
"test-key-only.pem, test",
|
||||
do_8021x_test);
|
||||
g_test_add_data_func ("/libnm/setting-8021x/pkcs8-enc-key",
|
||||
"pkcs8-enc-key.pem, 1234567890",
|
||||
do_8021x_test);
|
||||
g_test_add_data_func ("/libnm/setting-8021x/pkcs12",
|
||||
"test-cert.p12, test",
|
||||
do_8021x_test);
|
||||
|
||||
return g_test_run ();
|
||||
}
|
||||
|
||||
|
||||
@@ -12,13 +12,16 @@ AM_CPPFLAGS = \
|
||||
-DBUILD_DIR=\"$(abs_builddir)\" \
|
||||
-DTEST_CERT_DIR=\"$(top_srcdir)/libnm-util/tests/certs/\"
|
||||
|
||||
noinst_PROGRAMS = \
|
||||
TESTS = \
|
||||
test-settings-defaults \
|
||||
test-crypto \
|
||||
test-secrets \
|
||||
test-general \
|
||||
test-setting-8021x \
|
||||
test-setting-dcb \
|
||||
test-setting-dcb
|
||||
|
||||
noinst_PROGRAMS = \
|
||||
$(TESTS) \
|
||||
test-libnm-linking
|
||||
|
||||
test_settings_defaults_SOURCES = \
|
||||
@@ -80,66 +83,4 @@ test_libnm_linking_LDADD = \
|
||||
$(GLIB_LIBS) \
|
||||
$(DBUS_LIBS)
|
||||
|
||||
check-local: test-crypto test-setting-8021x
|
||||
# Private key and CA certificate in the same file (PEM)
|
||||
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test_key_and_cert.pem "test"
|
||||
|
||||
# Private key by itself (PEM)
|
||||
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test-key-only.pem "test"
|
||||
|
||||
# PKCS#8 private key by itself (PEM)
|
||||
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/pkcs8-enc-key.pem "1234567890"
|
||||
|
||||
# Private key and CA certificate in the same file (pkcs12)
|
||||
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test-cert.p12 "test"
|
||||
|
||||
# Normal CA certificate
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.pem
|
||||
|
||||
# Another CA certificate
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_ca_cert.pem
|
||||
|
||||
# Normal CA certificate (DER format)
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.der
|
||||
|
||||
# CA certificate without an ending newline
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/ca-no-ending-newline.pem
|
||||
|
||||
# Combined user cert and private key
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_key_and_cert.pem
|
||||
|
||||
# Another combined user cert and private key
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_key_and_cert.pem
|
||||
|
||||
# Private key with 8 bytes of tail padding
|
||||
$(abs_builddir)/test-crypto --key \
|
||||
$(srcdir)/certs/test_key_and_cert.pem \
|
||||
"test" \
|
||||
$(srcdir)/certs/test-key-only-decrypted.der
|
||||
|
||||
# Private key only (not combined with a cert)
|
||||
$(abs_builddir)/test-crypto --key \
|
||||
$(srcdir)/certs/test-key-only.pem \
|
||||
"test" \
|
||||
$(srcdir)/certs/test-key-only-decrypted.der
|
||||
|
||||
# Private key with 6 bytes of tail padding
|
||||
$(abs_builddir)/test-crypto --key $(srcdir)/certs/test2_key_and_cert.pem "12345testing"
|
||||
|
||||
# PKCS#12 file
|
||||
$(abs_builddir)/test-crypto --p12 $(srcdir)/certs/test-cert.p12 "test"
|
||||
|
||||
# Another PKCS#12 file
|
||||
$(abs_builddir)/test-crypto --p12 $(srcdir)/certs/test2-cert.p12 "12345testing"
|
||||
|
||||
# PKCS#8 encrypted private key
|
||||
$(abs_builddir)/test-crypto --pkcs8 \
|
||||
$(srcdir)/certs/pkcs8-enc-key.pem \
|
||||
"1234567890"
|
||||
|
||||
# Private key with AES cipher
|
||||
$(abs_builddir)/test-crypto --key $(srcdir)/certs/test-aes-key.pem "test-aes-password"
|
||||
|
||||
TESTS = test-settings-defaults test-secrets test-general test-setting-dcb
|
||||
|
||||
endif
|
||||
|
||||
@@ -92,18 +92,21 @@ out:
|
||||
#endif
|
||||
|
||||
static void
|
||||
test_load_cert (const char *path, const char *desc)
|
||||
test_cert (gconstpointer test_data)
|
||||
{
|
||||
char *path;
|
||||
GByteArray *array;
|
||||
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
|
||||
GError *error = NULL;
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
|
||||
|
||||
array = crypto_load_and_verify_certificate (path, &format, &error);
|
||||
ASSERT (array != NULL, desc,
|
||||
ASSERT (array != NULL, "cert",
|
||||
"couldn't read certificate file '%s': %d %s",
|
||||
path, error->code, error->message);
|
||||
|
||||
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, desc,
|
||||
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert",
|
||||
"%s: unexpected certificate format (expected %d, got %d)",
|
||||
path, NM_CRYPTO_FILE_FORMAT_X509, format);
|
||||
|
||||
@@ -330,55 +333,137 @@ test_encrypt_private_key (const char *path,
|
||||
g_byte_array_free (array, TRUE);
|
||||
}
|
||||
|
||||
int main (int argc, char **argv)
|
||||
static void
|
||||
test_key (gconstpointer test_data)
|
||||
{
|
||||
char **parts, *path, *password, *decrypted_path;
|
||||
int len;
|
||||
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
len = g_strv_length (parts);
|
||||
ASSERT (len == 2 || len == 3, "test-crypto",
|
||||
"wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
|
||||
|
||||
test_is_pkcs12 (path, TRUE, "not-pkcs12");
|
||||
test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
|
||||
test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
|
||||
test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
|
||||
test_encrypt_private_key (path, password, "private-key-rencrypt");
|
||||
|
||||
g_free (path);
|
||||
g_free (decrypted_path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
static void
|
||||
test_pkcs12 (gconstpointer test_data)
|
||||
{
|
||||
char **parts, *path, *password;
|
||||
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
ASSERT (g_strv_length (parts) == 2, "test-crypto",
|
||||
"wrong number of arguments (<file>, <password>)");
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
|
||||
test_is_pkcs12 (path, FALSE, "is-pkcs12");
|
||||
test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
|
||||
test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
|
||||
test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
|
||||
|
||||
g_free (path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
static void
|
||||
test_pkcs8 (gconstpointer test_data)
|
||||
{
|
||||
char **parts, *path, *password;
|
||||
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
ASSERT (g_strv_length (parts) == 2, "test-crypto",
|
||||
"wrong number of arguments (<file>, <password>)");
|
||||
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
|
||||
test_is_pkcs12 (path, TRUE, "not-pkcs12");
|
||||
test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
|
||||
/* Until gnutls and NSS grow support for all the ciphers that openssl
|
||||
* can use with PKCS#8, we can't actually verify the password. So we
|
||||
* expect a bad password to work for the time being.
|
||||
*/
|
||||
test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
|
||||
|
||||
g_free (path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
NMTST_DEFINE ();
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
GError *error = NULL;
|
||||
char *progname;
|
||||
int ret;
|
||||
|
||||
ASSERT (argc > 2, "test-crypto",
|
||||
"wrong number of arguments (expected at least an operation and an object)");
|
||||
nmtst_init (&argc, &argv, TRUE);
|
||||
|
||||
if (!crypto_init (&error))
|
||||
FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
|
||||
|
||||
if (!strcmp (argv[1], "--cert"))
|
||||
test_load_cert (argv[2], "cert");
|
||||
else if (!strcmp (argv[1], "--key")) {
|
||||
const char *decrypted_path = (argc == 5) ? argv[4] : NULL;
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem",
|
||||
"test_ca_cert.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-2",
|
||||
"test2_ca_cert.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/der",
|
||||
"test_ca_cert.der",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
|
||||
"ca-no-ending-newline.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
|
||||
"test_key_and_cert.pem",
|
||||
test_cert);
|
||||
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
|
||||
"test2_key_and_cert.pem",
|
||||
test_cert);
|
||||
|
||||
ASSERT (argc == 4 || argc == 5, "test-crypto",
|
||||
"wrong number of arguments (--key <key file> <password> [<decrypted key file>])");
|
||||
g_test_add_data_func ("/libnm/crypto/key/padding-6",
|
||||
"test_key_and_cert.pem, test, test-key-only-decrypted.der",
|
||||
test_key);
|
||||
g_test_add_data_func ("/libnm/crypto/key/key-only",
|
||||
"test-key-only.pem, test, test-key-only-decrypted.der",
|
||||
test_key);
|
||||
g_test_add_data_func ("/libnm/crypto/key/padding-8",
|
||||
"test2_key_and_cert.pem, 12345testing",
|
||||
test_key);
|
||||
g_test_add_data_func ("/libnm/crypto/key/aes",
|
||||
"test-aes-key.pem, test-aes-password",
|
||||
test_key);
|
||||
|
||||
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
|
||||
test_load_private_key (argv[2], argv[3], decrypted_path, FALSE, "private-key");
|
||||
test_load_private_key (argv[2], "blahblahblah", NULL, TRUE, "private-key-bad-password");
|
||||
test_load_private_key (argv[2], NULL, NULL, TRUE, "private-key-no-password");
|
||||
test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt");
|
||||
} else if (!strcmp (argv[1], "--p12")) {
|
||||
test_is_pkcs12 (argv[2], FALSE, "is-pkcs12");
|
||||
test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key");
|
||||
test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
|
||||
test_load_pkcs12_no_password (argv[2], "pkcs12-private-key-no-password");
|
||||
} else if (!strcmp (argv[1], "--pkcs8")) {
|
||||
ASSERT (argc == 4, "test-crypto",
|
||||
"wrong number of arguments (--pkcs8 <key file> <password>)");
|
||||
g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
|
||||
"test-cert.p12, test",
|
||||
test_pkcs12);
|
||||
g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
|
||||
"test2-cert.p12, 12345testing",
|
||||
test_pkcs12);
|
||||
|
||||
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
|
||||
test_load_pkcs8 (argv[2], argv[3], FALSE, "pkcs8-private-key");
|
||||
/* Until gnutls and NSS grow support for all the ciphers that openssl
|
||||
* can use with PKCS#8, we can't actually verify the password. So we
|
||||
* expect a bad password to work for the time being.
|
||||
*/
|
||||
test_load_pkcs8 (argv[2], "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
|
||||
} else {
|
||||
ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)");
|
||||
}
|
||||
g_test_add_data_func ("/libnm/crypto/PKCS#8",
|
||||
"pkcs8-enc-key.pem, 1234567890",
|
||||
test_pkcs8);
|
||||
|
||||
ret = g_test_run ();
|
||||
|
||||
crypto_deinit ();
|
||||
|
||||
progname = g_path_get_basename (argv[0]);
|
||||
fprintf (stdout, "%s: SUCCESS\n", progname);
|
||||
g_free (progname);
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -404,40 +404,57 @@ test_clear_phase2_private_key (const char *path, const char *password)
|
||||
g_object_unref (s_8021x);
|
||||
}
|
||||
|
||||
int main (int argc, char **argv)
|
||||
static void
|
||||
do_8021x_test (gconstpointer test_data)
|
||||
{
|
||||
GError *error = NULL;
|
||||
char *base;
|
||||
char **parts, *path, *password;
|
||||
|
||||
if (argc < 3)
|
||||
FAIL ("init", "need at least two arguments: <path> <password>");
|
||||
parts = g_strsplit ((const char *) test_data, ", ", -1);
|
||||
g_assert_cmpint (g_strv_length (parts), ==, 2);
|
||||
|
||||
#if !GLIB_CHECK_VERSION (2, 35, 0)
|
||||
g_type_init ();
|
||||
#endif
|
||||
|
||||
if (!nm_utils_init (&error))
|
||||
FAIL ("nm-utils-init", "failed to initialize libnm-util: %s", error->message);
|
||||
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
|
||||
password = parts[1];
|
||||
|
||||
/* Test phase1 and phase2 path scheme */
|
||||
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
|
||||
|
||||
/* Test phase1 and phase2 blob scheme */
|
||||
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
|
||||
|
||||
/* Test that using a wrong password does not change existing data */
|
||||
test_wrong_password_keeps_data (argv[1], argv[2]);
|
||||
test_wrong_phase2_password_keeps_data (argv[1], argv[2]);
|
||||
test_wrong_password_keeps_data (path, password);
|
||||
test_wrong_phase2_password_keeps_data (path, password);
|
||||
|
||||
/* Test clearing the private key */
|
||||
test_clear_private_key (argv[1], argv[2]);
|
||||
test_clear_phase2_private_key (argv[1], argv[2]);
|
||||
test_clear_private_key (path, password);
|
||||
test_clear_phase2_private_key (path, password);
|
||||
|
||||
base = g_path_get_basename (argv[0]);
|
||||
fprintf (stdout, "%s: SUCCESS\n", base);
|
||||
g_free (base);
|
||||
return 0;
|
||||
g_free (path);
|
||||
g_strfreev (parts);
|
||||
}
|
||||
|
||||
NMTST_DEFINE ();
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
nmtst_init (&argc, &argv, TRUE);
|
||||
|
||||
g_test_add_data_func ("/libnm-utils/setting-8021x/key-and-cert",
|
||||
"test_key_and_cert.pem, test",
|
||||
do_8021x_test);
|
||||
g_test_add_data_func ("/libnm-utils/setting-8021x/key-only",
|
||||
"test-key-only.pem, test",
|
||||
do_8021x_test);
|
||||
g_test_add_data_func ("/libnm-utils/setting-8021x/pkcs8-enc-key",
|
||||
"pkcs8-enc-key.pem, 1234567890",
|
||||
do_8021x_test);
|
||||
g_test_add_data_func ("/libnm-utils/setting-8021x/pkcs12",
|
||||
"test-cert.p12, test",
|
||||
do_8021x_test);
|
||||
|
||||
return g_test_run ();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user