[glib/tls-database] Implement test which does a complete verification.



commit 9ba40906bc7f03cebca6ad15dfa049731cb7a3c7
Author: Stef Walter <stefw collabora co uk>
Date:   Mon Jan 17 19:57:39 2011 -0800

    Implement test which does a complete verification.
    
    Add a CA certificate which matches the server certificate.

 gio/tests/tls-tests/ca.pem |   23 ++++++++
 gio/tests/tls.c            |  133 ++++++++++++++++++++++++++++----------------
 2 files changed, 108 insertions(+), 48 deletions(-)
---
diff --git a/gio/tests/tls-tests/ca.pem b/gio/tests/tls-tests/ca.pem
new file mode 100644
index 0000000..b8d6008
--- /dev/null
+++ b/gio/tests/tls-tests/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAOpd4Em2fjp3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDEw5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDcxMjIwMTc1NjA2
+WhcNMzUwNTA4MTc1NjA2WjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5OjHuXXN2LG3s
+FHISaZZ6L1RSYgRdTenu1nvqkMn/xvzOz385oede1z/7f6BoXyM0kNWCf4SOXtXr
+EIGmQoeURhFfLCnoK8NHfNcel3IPyMPhdJUMJlc3gfpWm+QxjkyqVyMhyYxC9Pmg
+QC7zx4ZKcQrL3zVGYtg8wxmaKY2HwQIDAQABo4IBODCCATQwHQYDVR0OBBYEFNSE
+nYhMCPaaFynFeQ2R5y25+AcFMIG7BgNVHSMEgbMwgbCAFNSEnYhMCPaaFynFeQ2R
+5y25+AcFoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDEw5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDqXeBJtn46dzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQA6xjU2aPgMOh2yyz2KCb6d5gNNvfr4
+pLGpZWilbRkA36OOG43zxeRZoumh1ybyOvhm73cMvNihDUyOf7vQe75Qtp5koGPS
+V3mSruhsRGvOZxcV+SJnBj1exKyH3mdaZA74Xg4y5qkUkywPqnP5Y+E6UMJM7Nmw
+kHk2bKJC5vjxoA==
+-----END CERTIFICATE-----
diff --git a/gio/tests/tls.c b/gio/tests/tls.c
index f91200c..8f0f945 100644
--- a/gio/tests/tls.c
+++ b/gio/tests/tls.c
@@ -32,24 +32,9 @@ typedef struct {
   GSocketService *service;
   GIOStream *server_connection;
   GIOStream *client_connection;
-  guint16 port;
-} Test;
-
-static GSocketAddress*
-build_socket_address (Test *test)
-{
-  GInetAddress *inet;
+  GSocketConnectable *identity;
   GSocketAddress *address;
-
-  if (!test->port)
-    test->port = g_random_int_range (50000, 65000);
-
-  inet = g_inet_address_new_from_string ("127.0.0.1");
-  address = g_inet_socket_address_new (inet, test->port);
-  g_object_unref (inet);
-
-  return address;
-}
+} Test;
 
 static void
 on_output_close_finish (GObject        *object,
@@ -108,22 +93,36 @@ on_incoming_connection (GSocketService     *service,
 static void
 start_server_service (Test *test)
 {
-  GSocketAddress *address;
   GError *error = NULL;
 
-  address = build_socket_address (test);
-  g_assert (address);
-
   test->service = g_socket_service_new ();
-  g_socket_listener_add_address (G_SOCKET_LISTENER (test->service), address,
+  g_socket_listener_add_address (G_SOCKET_LISTENER (test->service),
+                                 G_SOCKET_ADDRESS (test->address),
                                  G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
                                  NULL, NULL, &error);
   g_assert_no_error (error);
-  g_object_unref (address);
 
   g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test);
 }
 
+static GIOStream*
+start_server_and_connect_to_it (Test *test)
+{
+  GSocketClient *client;
+  GError *error = NULL;
+  GSocketConnection *connection;
+
+  start_server_service (test);
+
+  client = g_socket_client_new ();
+  connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+                                        NULL, &error);
+  g_assert_no_error (error);
+  g_object_unref (client);
+
+  return G_IO_STREAM (connection);
+}
+
 static void
 on_input_read_finish (GObject        *object,
                       GAsyncResult   *res,
@@ -148,52 +147,82 @@ on_input_read_finish (GObject        *object,
 }
 
 static void
-start_client_connection (Test *test)
+read_test_data_async (Test *test)
 {
-  GSocketAddress *address;
-  GSocketClient *client;
-  GSocketConnection *connection;
   GDataInputStream *stream;
-  GError *error = NULL;
-
-  address = build_socket_address (test);
-  g_assert (address);
-
-  client = g_socket_client_new ();
-  connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (address), NULL, &error);
-  g_assert_no_error (error);
-  g_object_unref (client);
-
-  test->client_connection = g_tls_client_connection_new (G_IO_STREAM (connection),
-                                                         G_SOCKET_CONNECTABLE (address),
-                                                         &error);
-  g_assert_no_error (error);
-  g_object_unref (address);
 
-  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
-                                                0);
-  /* G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA */
   stream = g_data_input_stream_new (g_io_stream_get_input_stream (test->client_connection));
   g_assert (stream);
 
   g_data_input_stream_read_line_async (stream, G_PRIORITY_DEFAULT, NULL,
                                        on_input_read_finish, test);
-
   g_object_unref (stream);
 }
 
 static void
 test_basic_connection (Test *test, gconstpointer data)
 {
-  start_server_service (test);
-  start_client_connection (test);
+  GIOStream *connection;
+  GError *error = NULL;
+
+  connection = start_server_and_connect_to_it (test);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+
+  /* No validation at all in this test */
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                0);
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+}
+
+static void
+test_verified_connection (Test *test, gconstpointer data)
+{
+  GIOStream *connection;
+  GTlsDatabase *database;
+  GError *error = NULL;
+  gchar *path;
+
+  path = g_build_filename (SRCDIR, "tls-tests", "ca.pem", NULL);
+  database = g_tls_file_database_new (path, &error);
+  g_assert_no_error (error);
+  g_assert (database);
+  g_free (path);
+
+  connection = start_server_and_connect_to_it (test);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_assert (test->client_connection);
+
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), database);
+  g_object_unref (database);
+
+  /* All validation in this test */
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+  read_test_data_async (test);
   g_main_loop_run (test->loop);
 }
 
 static void
 setup (Test *test, gconstpointer data)
 {
+  GInetAddress *inet;
+  guint16 port;
+
   test->loop = g_main_loop_new (NULL, FALSE);
+
+  /* This is where the server listens and the client connects */
+  port = g_random_int_range (50000, 65000);
+  inet = g_inet_address_new_from_string ("127.0.0.1");
+  test->address = G_SOCKET_CONNECTABLE (g_inet_socket_address_new (inet, port));
+  g_object_unref (inet);
+
+  /* The identity matches the server certificate */
+  test->identity = g_network_address_new ("server.example.com", port);
 }
 
 static void
@@ -211,6 +240,12 @@ teardown (Test *test, gconstpointer data)
     g_object_unref (test->client_connection);
   test->client_connection = NULL;
 
+  g_object_unref (test->address);
+  test->address = NULL;
+
+  g_object_unref (test->identity);
+  test->identity = NULL;
+
   g_main_loop_unref (test->loop);
   test->loop = NULL;
 }
@@ -224,6 +259,8 @@ main (int   argc,
 
   g_test_add ("/tls/basic-connection", Test, NULL,
               setup, test_basic_connection, teardown);
+  g_test_add ("/tls/verified-connection", Test, NULL,
+              setup, test_verified_connection, teardown);
 
   return g_test_run();
 }



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]