ifcfg-rh: add testcases for WPA-EAP TLS connections

system-settings/plugins/ifcfg-rh/tests/network-scripts/Makefile.am

@@ -21,6 +21,8 @@ EXTRA_DIST = \
 	keys-test-wifi-wpa-psk-adhoc \
 	ifcfg-test-wifi-wpa-psk-hex \
 	keys-test-wifi-wpa-psk-hex \
+	ifcfg-test-wifi-wpa-eap-tls \
+	keys-test-wifi-wpa-eap-tls \
 	test_ca_cert.pem \
 	test1_key_and_cert.pem
 

system-settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wpa-eap-tls

@@ -0,0 +1,24 @@
+# Intel Corporation 82540EP Gigabit Ethernet Controller (Mobile)
+TYPE=Wireless
+DEVICE=eth2
+HWADDR=00:16:41:11:22:33
+BOOTPROTO=dhcp
+ONBOOT=yes
+ONBOOT=yes
+USERCTL=yes
+IPV6INIT=no
+NM_CONTROLLED=yes
+PEERDNS=yes
+ESSID=blahblah
+MODE=Managed
+RATE=auto
+CIPHER_PAIRWISE="TKIP CCMP"
+CIPHER_GROUP="TKIP CCMP WEP40 WEP104"
+KEY_MGMT=WPA-EAP
+WPA_ALLOW_WPA=yes
+WPA_ALLOW_WPA2=yes
+IEEE_8021X_EAP_METHODS=TLS
+IEEE_8021X_CA_CERT=test_ca_cert.pem
+IEEE_8021X_CLIENT_CERT=test1_key_and_cert.pem
+IEEE_8021X_PRIVATE_KEY=test1_key_and_cert.pem
+

system-settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-eap-tls

@@ -0,0 +1,2 @@
+IEEE_8021X_PRIVATE_KEY_PASSWORD="test1"
+

system-settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c

@@ -41,6 +41,75 @@
 
 #include "reader.h"
 
+typedef enum {
+	CK_CA_CERT = 0,
+	CK_CLIENT_CERT = 1,
+	CK_PRIV_KEY = 2
+} CertKeyType;
+
+static gboolean
+verify_cert_or_key (CertKeyType ck_type,
+                    NMSetting8021x *s_compare,
+                    const char *file,
+                    const char *privkey_password,
+                    const char *ifcfg,
+                    const char *test_name,
+                    const char *setting_key)
+{
+	NMSetting8021x *s_8021x;
+	GError *error = NULL;
+	gboolean success = FALSE;
+	const GByteArray *expected = NULL, *setting = NULL;
+
+	/* CA Cert */
+	s_8021x = (NMSetting8021x *) nm_setting_802_1x_new ();
+	ASSERT (s_8021x != NULL,
+	        test_name, "failed to verify %s: could not create temp 802.1x setting",
+	        ifcfg);
+
+	if (ck_type == CK_CA_CERT)
+		success = nm_setting_802_1x_set_ca_cert_from_file (s_8021x, file, NULL, &error);
+	else if (ck_type == CK_CLIENT_CERT)
+		success = nm_setting_802_1x_set_client_cert_from_file (s_8021x, file, NULL, &error);
+	else if (ck_type == CK_PRIV_KEY)
+		success = nm_setting_802_1x_set_private_key_from_file (s_8021x, file, privkey_password, NULL, &error);
+	ASSERT (success == TRUE,
+	        test_name, "failed to verify %s: could not load item for %s / %s: %s",
+	        ifcfg, NM_SETTING_802_1X_SETTING_NAME, setting_key, error->message);
+
+	if (ck_type == CK_CA_CERT)
+		expected = nm_setting_802_1x_get_ca_cert (s_8021x);
+	else if (ck_type == CK_CLIENT_CERT)
+		expected = nm_setting_802_1x_get_client_cert (s_8021x);
+	else if (ck_type == CK_PRIV_KEY)
+		expected = nm_setting_802_1x_get_private_key (s_8021x);
+	ASSERT (expected != NULL,
+	        test_name, "failed to verify %s: failed to get read item for %s / %s",
+	        ifcfg, NM_SETTING_802_1X_SETTING_NAME, setting_key);
+
+	if (ck_type == CK_CA_CERT)
+		setting = nm_setting_802_1x_get_ca_cert (s_compare);
+	else if (ck_type == CK_CLIENT_CERT)
+		setting = nm_setting_802_1x_get_client_cert (s_compare);
+	else if (ck_type == CK_PRIV_KEY)
+		setting = nm_setting_802_1x_get_private_key (s_compare);
+	ASSERT (setting != NULL,
+	        test_name, "failed to verify %s: missing %s / %s key",
+	        ifcfg, NM_SETTING_802_1X_SETTING_NAME, setting_key);
+
+	ASSERT (setting->len == expected->len,
+	        test_name, "failed to verify %s: unexpected %s / %s certificate length",
+	        test_name, NM_SETTING_802_1X_SETTING_NAME, setting_key);
+
+	ASSERT (memcmp (setting->data, expected->data, setting->len) == 0,
+	        test_name, "failed to verify %s: %s / %s key certificate mismatch",
+	        ifcfg, NM_SETTING_802_1X_SETTING_NAME, setting_key);
+
+	g_object_unref (s_8021x);
+	return TRUE;
+}
+
+
 #define TEST_IFCFG_MINIMAL TEST_DIR"/network-scripts/ifcfg-test-minimal"
 
 static void
@@ -2417,6 +2486,133 @@ test_read_wifi_wpa_psk_hex (void)
 	g_object_unref (connection);
 }
 
+#define TEST_IFCFG_WIFI_WPA_EAP_TLS TEST_DIR"/network-scripts/ifcfg-test-wifi-wpa-eap-tls"
+#define TEST_IFCFG_WIFI_WPA_EAP_TLS_CA_CERT TEST_DIR"/network-scripts/test_ca_cert.pem"
+#define TEST_IFCFG_WIFI_WPA_EAP_TLS_CLIENT_CERT TEST_DIR"/network-scripts/test1_key_and_cert.pem"
+#define TEST_IFCFG_WIFI_WPA_EAP_TLS_PRIVATE_KEY TEST_DIR"/network-scripts/test1_key_and_cert.pem"
+
+static void
+test_read_wifi_wpa_eap_tls (void)
+{
+	NMConnection *connection;
+	NMSettingWireless *s_wireless;
+	NMSettingIP4Config *s_ip4;
+	NMSetting8021x *s_8021x;
+	gboolean unmanaged = FALSE;
+	char *keyfile = NULL;
+	gboolean ignore_error = FALSE;
+	GError *error = NULL;
+	const char *tmp, *privkey_password;
+	const char *expected_private_key_password = "test1";
+
+	connection = connection_from_file (TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	                                   NULL,
+	                                   TYPE_ETHERNET,
+	                                   &unmanaged,
+	                                   &keyfile,
+	                                   &error,
+	                                   &ignore_error);
+	ASSERT (connection != NULL,
+	        "wifi-wpa-eap-tls-read", "failed to read %s: %s", TEST_IFCFG_WIFI_WPA_EAP_TLS, error->message);
+
+	ASSERT (nm_connection_verify (connection, &error),
+	        "wifi-wpa-eap-tls-verify", "failed to verify %s: %s", TEST_IFCFG_WIFI_WPA_EAP_TLS, error->message);
+
+	ASSERT (unmanaged == FALSE,
+	        "wifi-wpa-eap-tls-verify", "failed to verify %s: unexpected unmanaged value", TEST_IFCFG_WIFI_WPA_EAP_TLS);
+
+	/* ===== WIRELESS SETTING ===== */
+
+	s_wireless = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS));
+	ASSERT (s_wireless != NULL,
+	        "wifi-wpa-eap-tls-verify-wireless", "failed to verify %s: missing %s setting",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_WIRELESS_SETTING_NAME);
+
+	/* ===== IPv4 SETTING ===== */
+
+	s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG));
+	ASSERT (s_ip4 != NULL,
+	        "wifi-wpa-eap-tls-verify-ip4", "failed to verify %s: missing %s setting",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_IP4_CONFIG_SETTING_NAME);
+
+	/* Method */
+	tmp = nm_setting_ip4_config_get_method (s_ip4);
+	ASSERT (strcmp (tmp, NM_SETTING_IP4_CONFIG_METHOD_AUTO) == 0,
+	        "wifi-wpa-eap-tls-verify-ip4", "failed to verify %s: unexpected %s / %s key value",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_IP4_CONFIG_SETTING_NAME,
+	        NM_SETTING_IP4_CONFIG_METHOD);
+
+	/* ===== 802.1x SETTING ===== */
+	s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
+	ASSERT (s_8021x != NULL,
+	        "wifi-wpa-eap-tls-verify-8021x", "failed to verify %s: missing %s setting",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_802_1X_SETTING_NAME);
+
+	/* EAP methods */
+	ASSERT (nm_setting_802_1x_get_num_eap_methods (s_8021x) == 1,
+	        "wifi-wpa-eap-tls-verify-8021x", "failed to verify %s: unexpected %s / %s key value",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_802_1X_SETTING_NAME,
+	        NM_SETTING_802_1X_EAP);
+	tmp = nm_setting_802_1x_get_eap_method (s_8021x, 0);
+	ASSERT (tmp != NULL,
+	        "wifi-wpa-eap-tls-verify-8021x", "failed to verify %s: missing %s / %s eap method",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_802_1X_SETTING_NAME,
+	        NM_SETTING_802_1X_EAP);
+	ASSERT (strcmp (tmp, "tls") == 0,
+	        "wifi-wpa-eap-tls-verify-8021x", "failed to verify %s: unexpected %s / %s key value",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_802_1X_SETTING_NAME,
+	        NM_SETTING_802_1X_EAP);
+
+	/* CA Cert */
+	verify_cert_or_key (CK_CA_CERT,
+	                    s_8021x,
+	                    TEST_IFCFG_WIFI_WPA_EAP_TLS_CA_CERT,
+	                    NULL,
+	                    TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	                    "wifi-wpa-eap-tls-verify-8021x",
+	                    NM_SETTING_802_1X_CA_CERT);
+
+	/* Client Cert */
+	verify_cert_or_key (CK_CLIENT_CERT,
+	                    s_8021x,
+	                    TEST_IFCFG_WIFI_WPA_EAP_TLS_CLIENT_CERT,
+	                    NULL,
+	                    TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	                    "wifi-wpa-eap-tls-verify-8021x",
+	                    NM_SETTING_802_1X_CLIENT_CERT);
+
+	/* Private Key Password */
+	privkey_password = nm_setting_802_1x_get_private_key_password (s_8021x);
+	ASSERT (privkey_password != NULL,
+	        "wifi-wpa-eap-tls-verify-8021x", "failed to verify %s: missing %s / %s key",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_802_1X_SETTING_NAME,
+	        NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);
+	ASSERT (strcmp (privkey_password, expected_private_key_password) == 0,
+	        "wifi-wpa-eap-tls-verify-8021x", "failed to verify %s: unexpected %s / %s key value",
+	        TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	        NM_SETTING_802_1X_SETTING_NAME,
+	        NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);
+
+	/* Private key */
+	verify_cert_or_key (CK_PRIV_KEY,
+	                    s_8021x,
+	                    TEST_IFCFG_WIFI_WPA_EAP_TLS_PRIVATE_KEY,
+	                    privkey_password,
+	                    TEST_IFCFG_WIFI_WPA_EAP_TLS,
+	                    "wifi-wpa-eap-tls-verify-8021x",
+	                    NM_SETTING_802_1X_PRIVATE_KEY);
+
+	g_object_unref (connection);
+}
+
 int main (int argc, char **argv)
 {
 	GError *error = NULL;
@@ -2444,6 +2640,7 @@ int main (int argc, char **argv)
 	test_read_wifi_wpa_psk ();
 	test_read_wifi_wpa_psk_adhoc ();
 	test_read_wifi_wpa_psk_hex ();
+	test_read_wifi_wpa_eap_tls ();
 
 	basename = g_path_get_basename (argv[0]);
 	fprintf (stdout, "%s: SUCCESS\n", basename);