[glib/tls-database] Implement test which does a complete verification.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/tls-database] Implement test which does a complete verification.
- Date: Tue, 18 Jan 2011 16:23:51 +0000 (UTC)
commit 9ba40906bc7f03cebca6ad15dfa049731cb7a3c7
Author: Stef Walter <stefw collabora co uk>
Date: Mon Jan 17 19:57:39 2011 -0800
Implement test which does a complete verification.
Add a CA certificate which matches the server certificate.
gio/tests/tls-tests/ca.pem | 23 ++++++++
gio/tests/tls.c | 133 ++++++++++++++++++++++++++++----------------
2 files changed, 108 insertions(+), 48 deletions(-)
---
diff --git a/gio/tests/tls-tests/ca.pem b/gio/tests/tls-tests/ca.pem
new file mode 100644
index 0000000..b8d6008
--- /dev/null
+++ b/gio/tests/tls-tests/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAOpd4Em2fjp3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDEw5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDcxMjIwMTc1NjA2
+WhcNMzUwNTA4MTc1NjA2WjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5OjHuXXN2LG3s
+FHISaZZ6L1RSYgRdTenu1nvqkMn/xvzOz385oede1z/7f6BoXyM0kNWCf4SOXtXr
+EIGmQoeURhFfLCnoK8NHfNcel3IPyMPhdJUMJlc3gfpWm+QxjkyqVyMhyYxC9Pmg
+QC7zx4ZKcQrL3zVGYtg8wxmaKY2HwQIDAQABo4IBODCCATQwHQYDVR0OBBYEFNSE
+nYhMCPaaFynFeQ2R5y25+AcFMIG7BgNVHSMEgbMwgbCAFNSEnYhMCPaaFynFeQ2R
+5y25+AcFoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDEw5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDqXeBJtn46dzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQA6xjU2aPgMOh2yyz2KCb6d5gNNvfr4
+pLGpZWilbRkA36OOG43zxeRZoumh1ybyOvhm73cMvNihDUyOf7vQe75Qtp5koGPS
+V3mSruhsRGvOZxcV+SJnBj1exKyH3mdaZA74Xg4y5qkUkywPqnP5Y+E6UMJM7Nmw
+kHk2bKJC5vjxoA==
+-----END CERTIFICATE-----
diff --git a/gio/tests/tls.c b/gio/tests/tls.c
index f91200c..8f0f945 100644
--- a/gio/tests/tls.c
+++ b/gio/tests/tls.c
@@ -32,24 +32,9 @@ typedef struct {
GSocketService *service;
GIOStream *server_connection;
GIOStream *client_connection;
- guint16 port;
-} Test;
-
-static GSocketAddress*
-build_socket_address (Test *test)
-{
- GInetAddress *inet;
+ GSocketConnectable *identity;
GSocketAddress *address;
-
- if (!test->port)
- test->port = g_random_int_range (50000, 65000);
-
- inet = g_inet_address_new_from_string ("127.0.0.1");
- address = g_inet_socket_address_new (inet, test->port);
- g_object_unref (inet);
-
- return address;
-}
+} Test;
static void
on_output_close_finish (GObject *object,
@@ -108,22 +93,36 @@ on_incoming_connection (GSocketService *service,
static void
start_server_service (Test *test)
{
- GSocketAddress *address;
GError *error = NULL;
- address = build_socket_address (test);
- g_assert (address);
-
test->service = g_socket_service_new ();
- g_socket_listener_add_address (G_SOCKET_LISTENER (test->service), address,
+ g_socket_listener_add_address (G_SOCKET_LISTENER (test->service),
+ G_SOCKET_ADDRESS (test->address),
G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
NULL, NULL, &error);
g_assert_no_error (error);
- g_object_unref (address);
g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test);
}
+static GIOStream*
+start_server_and_connect_to_it (Test *test)
+{
+ GSocketClient *client;
+ GError *error = NULL;
+ GSocketConnection *connection;
+
+ start_server_service (test);
+
+ client = g_socket_client_new ();
+ connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ return G_IO_STREAM (connection);
+}
+
static void
on_input_read_finish (GObject *object,
GAsyncResult *res,
@@ -148,52 +147,82 @@ on_input_read_finish (GObject *object,
}
static void
-start_client_connection (Test *test)
+read_test_data_async (Test *test)
{
- GSocketAddress *address;
- GSocketClient *client;
- GSocketConnection *connection;
GDataInputStream *stream;
- GError *error = NULL;
-
- address = build_socket_address (test);
- g_assert (address);
-
- client = g_socket_client_new ();
- connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (address), NULL, &error);
- g_assert_no_error (error);
- g_object_unref (client);
-
- test->client_connection = g_tls_client_connection_new (G_IO_STREAM (connection),
- G_SOCKET_CONNECTABLE (address),
- &error);
- g_assert_no_error (error);
- g_object_unref (address);
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- 0);
- /* G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA */
stream = g_data_input_stream_new (g_io_stream_get_input_stream (test->client_connection));
g_assert (stream);
g_data_input_stream_read_line_async (stream, G_PRIORITY_DEFAULT, NULL,
on_input_read_finish, test);
-
g_object_unref (stream);
}
static void
test_basic_connection (Test *test, gconstpointer data)
{
- start_server_service (test);
- start_client_connection (test);
+ GIOStream *connection;
+ GError *error = NULL;
+
+ connection = start_server_and_connect_to_it (test);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+
+ /* No validation at all in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+}
+
+static void
+test_verified_connection (Test *test, gconstpointer data)
+{
+ GIOStream *connection;
+ GTlsDatabase *database;
+ GError *error = NULL;
+ gchar *path;
+
+ path = g_build_filename (SRCDIR, "tls-tests", "ca.pem", NULL);
+ database = g_tls_file_database_new (path, &error);
+ g_assert_no_error (error);
+ g_assert (database);
+ g_free (path);
+
+ connection = start_server_and_connect_to_it (test);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), database);
+ g_object_unref (database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
g_main_loop_run (test->loop);
}
static void
setup (Test *test, gconstpointer data)
{
+ GInetAddress *inet;
+ guint16 port;
+
test->loop = g_main_loop_new (NULL, FALSE);
+
+ /* This is where the server listens and the client connects */
+ port = g_random_int_range (50000, 65000);
+ inet = g_inet_address_new_from_string ("127.0.0.1");
+ test->address = G_SOCKET_CONNECTABLE (g_inet_socket_address_new (inet, port));
+ g_object_unref (inet);
+
+ /* The identity matches the server certificate */
+ test->identity = g_network_address_new ("server.example.com", port);
}
static void
@@ -211,6 +240,12 @@ teardown (Test *test, gconstpointer data)
g_object_unref (test->client_connection);
test->client_connection = NULL;
+ g_object_unref (test->address);
+ test->address = NULL;
+
+ g_object_unref (test->identity);
+ test->identity = NULL;
+
g_main_loop_unref (test->loop);
test->loop = NULL;
}
@@ -224,6 +259,8 @@ main (int argc,
g_test_add ("/tls/basic-connection", Test, NULL,
setup, test_basic_connection, teardown);
+ g_test_add ("/tls/verified-connection", Test, NULL,
+ setup, test_verified_connection, teardown);
return g_test_run();
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]