2 * Copyright (C) 2013 Tobias Brunner
3 * Copyright (C) 2009 Martin Willi
4 * Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include "test_suite.h"
19 #include <utils/identification.h>
21 /*******************************************************************************
22 * create (_from_encoding, _from_data, _from_string, _from_sockaddr)
25 START_TEST(test_from_encoding
)
28 chunk_t expected
, encoding
;
30 /* only ID_ANY is handled differently, for all other types the following
31 * applies. should we perhaps test that this is in fact the case? */
32 expected
= chunk_from_str("moon@strongswan.org");
33 a
= identification_create_from_encoding(ID_RFC822_ADDR
, expected
);
34 ck_assert(ID_RFC822_ADDR
== a
->get_type(a
));
35 encoding
= a
->get_encoding(a
);
36 ck_assert(expected
.ptr
!= encoding
.ptr
);
37 ck_assert(chunk_equals(expected
, encoding
));
40 a
= identification_create_from_encoding(ID_ANY
, expected
);
41 ck_assert(ID_ANY
== a
->get_type(a
));
42 encoding
= a
->get_encoding(a
);
43 ck_assert(encoding
.ptr
== NULL
);
44 ck_assert(encoding
.len
== 0);
49 START_TEST(test_from_data
)
52 chunk_t expected
, encoding
;
54 /* this uses the DN parser (C=CH) */
55 expected
= chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
56 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48);
57 a
= identification_create_from_data(expected
);
58 ck_assert(ID_DER_ASN1_DN
== a
->get_type(a
));
59 encoding
= a
->get_encoding(a
);
60 ck_assert(expected
.ptr
!= encoding
.ptr
);
61 ck_assert(chunk_equals(expected
, encoding
));
64 /* everything else is handled by the string parser */
65 expected
= chunk_from_str("moon@strongswan.org");
66 a
= identification_create_from_data(expected
);
67 ck_assert(ID_RFC822_ADDR
== a
->get_type(a
));
68 encoding
= a
->get_encoding(a
);
69 ck_assert(expected
.ptr
!= encoding
.ptr
);
70 ck_assert(chunk_equals(expected
, encoding
));
75 START_TEST(test_from_sockaddr
)
78 chunk_t expected
, encoding
;
79 struct sockaddr_in in
= {
80 .sin_family
= AF_INET
,
82 struct sockaddr_in6 in6
= {
83 .sin6_family
= AF_INET6
,
86 expected
= chunk_from_chars(0xc0, 0xa8, 0x01, 0x01);
87 memcpy(&in
.sin_addr
, expected
.ptr
, sizeof(in
.sin_addr
));
88 a
= identification_create_from_sockaddr((sockaddr_t
*)&in
);
89 ck_assert(ID_IPV4_ADDR
== a
->get_type(a
));
90 encoding
= a
->get_encoding(a
);
91 ck_assert(chunk_equals(expected
, encoding
));
94 expected
= chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
96 memcpy(&in6
.sin6_addr
, expected
.ptr
, sizeof(in6
.sin6_addr
));
97 a
= identification_create_from_sockaddr((sockaddr_t
*)&in6
);
98 ck_assert(ID_IPV6_ADDR
== a
->get_type(a
));
99 encoding
= a
->get_encoding(a
);
100 ck_assert(chunk_equals(expected
, encoding
));
103 in6
.sin6_family
= AF_UNSPEC
;
104 a
= identification_create_from_sockaddr((sockaddr_t
*)&in6
);
105 ck_assert(ID_ANY
== a
->get_type(a
));
125 {NULL
, ID_ANY
, { .type
= ENC_CHUNK
}},
126 {"", ID_ANY
, { .type
= ENC_CHUNK
}},
127 {"%any", ID_ANY
, { .type
= ENC_CHUNK
}},
128 {"%any6", ID_ANY
, { .type
= ENC_CHUNK
}},
129 {"0.0.0.0", ID_ANY
, { .type
= ENC_CHUNK
}},
130 {"0::0", ID_ANY
, { .type
= ENC_CHUNK
}},
131 {"::", ID_ANY
, { .type
= ENC_CHUNK
}},
132 {"*", ID_ANY
, { .type
= ENC_CHUNK
}},
133 {"any", ID_FQDN
, { .type
= ENC_SIMPLE
}},
134 {"any6", ID_FQDN
, { .type
= ENC_SIMPLE
}},
135 {"0", ID_FQDN
, { .type
= ENC_SIMPLE
}},
136 {"**", ID_FQDN
, { .type
= ENC_SIMPLE
}},
137 {"192.168.1.1", ID_IPV4_ADDR
, { .type
= ENC_CHUNK
,
138 .data
.c
= chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
139 {"192.168.", ID_FQDN
, { .type
= ENC_SIMPLE
}},
140 {".", ID_FQDN
, { .type
= ENC_SIMPLE
}},
141 {"fec0::1", ID_IPV6_ADDR
, { .type
= ENC_CHUNK
,
142 .data
.c
= chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
143 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01) }},
144 {"fec0::", ID_IPV6_ADDR
, { .type
= ENC_CHUNK
,
145 .data
.c
= chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
146 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
147 {"fec0:", ID_KEY_ID
, { .type
= ENC_SIMPLE
}},
148 {":", ID_KEY_ID
, { .type
= ENC_SIMPLE
}},
149 {"alice@strongswan.org", ID_RFC822_ADDR
, { .type
= ENC_SIMPLE
}},
150 {"alice@strongswan", ID_RFC822_ADDR
, { .type
= ENC_SIMPLE
}},
151 {"alice@", ID_RFC822_ADDR
, { .type
= ENC_SIMPLE
}},
152 {"alice", ID_FQDN
, { .type
= ENC_SIMPLE
}},
153 {"@", ID_FQDN
, { .type
= ENC_CHUNK
}},
154 {" @", ID_RFC822_ADDR
, { .type
= ENC_SIMPLE
}},
155 {"@strongswan.org", ID_FQDN
, { .type
= ENC_STRING
,
156 .data
.s
= "strongswan.org" }},
157 {"@#deadbeef", ID_KEY_ID
, { .type
= ENC_CHUNK
,
158 .data
.c
= chunk_from_chars(0xde,0xad,0xbe,0xef) }},
159 {"@#deadbee", ID_KEY_ID
, { .type
= ENC_CHUNK
,
160 .data
.c
= chunk_from_chars(0x0d,0xea,0xdb,0xee) }},
161 {"foo=bar", ID_KEY_ID
, { .type
= ENC_SIMPLE
}},
162 {"foo=", ID_KEY_ID
, { .type
= ENC_SIMPLE
}},
163 {"=bar", ID_KEY_ID
, { .type
= ENC_SIMPLE
}},
164 {"C=", ID_DER_ASN1_DN
, { .type
= ENC_CHUNK
,
165 .data
.c
= chunk_from_chars(0x30,0x0b,0x31,0x09,0x30,0x07,0x06,
166 0x03,0x55,0x04,0x06,0x13,0x00) }},
167 {"C=CH", ID_DER_ASN1_DN
, { .type
= ENC_CHUNK
,
168 .data
.c
= chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
169 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
170 {"C=CH,", ID_DER_ASN1_DN
, { .type
= ENC_CHUNK
,
171 .data
.c
= chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
172 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
173 {"C=CH, ", ID_DER_ASN1_DN
, { .type
= ENC_CHUNK
,
174 .data
.c
= chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
175 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
176 {"C=CH, O", ID_KEY_ID
, { .type
= ENC_SIMPLE
}},
177 {"IPv4:#c0a80101", ID_IPV4_ADDR
, { .type
= ENC_CHUNK
,
178 .data
.c
= chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
179 { "email:tester", ID_RFC822_ADDR
, { .type
= ENC_STRING
,
180 .data
.s
= "tester" }},
183 START_TEST(test_from_string
)
186 chunk_t encoding
, expected
= chunk_empty
;
189 id
= string_data
[_i
].id
;
190 a
= identification_create_from_string(id
);
191 fail_unless(a
->get_type(a
) == string_data
[_i
].type
,
192 "type of id '%s' is %N, %N expected", id
,
193 id_type_names
, a
->get_type(a
),
194 id_type_names
, string_data
[_i
].type
);
196 encoding
= a
->get_encoding(a
);
197 switch (string_data
[_i
].result
.type
)
200 expected
= chunk_from_str(string_data
[_i
].id
);
203 expected
= chunk_from_str(string_data
[_i
].result
.data
.s
);
206 expected
= string_data
[_i
].result
.data
.c
;
209 fail("unexpected result type");
212 ck_assert(!id
|| (char*)encoding
.ptr
!= id
);
215 fail_unless(chunk_equals(encoding
, expected
),
216 "parsing '%s' failed\nencoding %B\nexpected %B\n",
217 id
, &encoding
, &expected
);
221 ck_assert(encoding
.ptr
== NULL
);
222 ck_assert(encoding
.len
== 0);
228 /*******************************************************************************
232 static void string_equals(char *a_str
, char *b_str
)
237 b
= b_str
? identification_create_from_string(b_str
) : NULL
;
238 snprintf(buf
, sizeof(buf
), "%Y", b
);
240 ck_assert_str_eq(a_str
, buf
);
243 static void string_equals_id(char *a_str
, identification_t
*b
)
247 snprintf(buf
, sizeof(buf
), "%Y", b
);
249 ck_assert_str_eq(a_str
, buf
);
252 START_TEST(test_printf_hook
)
254 string_equals("(null)", NULL
);
255 string_equals("%any", "");
256 string_equals("%any", "%any");
257 string_equals("%any", "*");
259 string_equals("192.168.1.1", "192.168.1.1");
260 string_equals_id("(invalid ID_IPV4_ADDR)",
261 identification_create_from_encoding(ID_IPV4_ADDR
, chunk_empty
));
262 string_equals("fec0::1", "fec0::1");
263 string_equals("fec0::1", "fec0:0:0::1");
264 string_equals_id("(invalid ID_IPV6_ADDR)",
265 identification_create_from_encoding(ID_IPV6_ADDR
, chunk_empty
));
267 string_equals_id("(unknown ID type: 255)",
268 identification_create_from_encoding(255, chunk_empty
));
270 string_equals("moon@strongswan.org", "moon@strongswan.org");
271 string_equals("MOON@STRONGSWAN.ORG", "MOON@STRONGSWAN.ORG");
272 /* non-printable characters */
273 string_equals_id("????@strongswan.org", identification_create_from_encoding(ID_RFC822_ADDR
,
274 chunk_from_chars(0xfa, 0xfb, 0xfc, 0xfd, 0x40, 0x73, 0x74, 0x72,
275 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
278 /* not a DN => ID_KEY_ID => no normalization */
279 string_equals("C=CH, AsdF=asdf", "C=CH, AsdF=asdf");
280 string_equals_id("moon@strongswan.org", identification_create_from_encoding(ID_KEY_ID
,
281 chunk_from_str("moon@strongswan.org")));
282 /* non-printable characters */
283 string_equals_id("de:ad:be:ef", identification_create_from_encoding(ID_KEY_ID
,
284 chunk_from_chars(0xde, 0xad, 0xbe, 0xef)));
285 /* printable characters */
286 string_equals_id("ABCDEFGHIJKLMNOPQRS",
287 identification_create_from_encoding(ID_KEY_ID
,
288 chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
289 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
291 /* ABCDEFGHIJKLMNOPQRST is printable but has the length of a SHA1 hash */
292 string_equals_id("41:42:43:44:45:46:47:48:49:4a:4b:4c:4d:4e:4f:50:51:52:53:54",
293 identification_create_from_encoding(ID_KEY_ID
,
294 chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
295 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
296 0x51, 0x52, 0x53, 0x54)));
298 string_equals_id("", identification_create_from_encoding(ID_DER_ASN1_DN
, chunk_empty
));
299 string_equals("C=", "C=");
300 string_equals("C=", "C=,");
301 string_equals("C=", "C=, ");
302 string_equals("C=", "C= , ");
303 string_equals("C=, O=strongSwan", "C=, O=strongSwan");
304 string_equals("C=CH, O=", "C=CH, O=");
305 string_equals("C=CH, O=strongSwan, CN=strongswan.org",
306 "C=CH, O=strongSwan, CN=strongswan.org");
307 string_equals("CN=strongswan.org, O=strongSwan, C=CH",
308 "cn=strongswan.org, o=strongSwan, c=CH");
309 string_equals("C=CH, O=strongSwan, CN=strongswan.org",
310 "C=CH,O=strongSwan,CN=strongswan.org");
311 string_equals("C=CH, O=strongSwan, CN=strongswan.org",
312 "/C=CH/O=strongSwan/CN=strongswan.org");
313 string_equals("CN=strongswan.org, O=strongSwan, C=CH",
314 "CN=strongswan.org,O=strongSwan,C=CH");
316 string_equals("C=CH, E=moon@strongswan.org, CN=moon",
317 "C=CH, email=moon@strongswan.org, CN=moon");
318 string_equals("C=CH, E=moon@strongswan.org, CN=moon",
319 "C=CH, emailAddress=moon@strongswan.org, CN=moon");
321 /* C=CH, pseudonym=ANO (pseudonym is currently not recognized) */
322 string_equals_id("C=CH, 55:04:41=ANO", identification_create_from_encoding(ID_DER_ASN1_DN
,
323 chunk_from_chars(0x30, 0x19, 0x31, 0x17, 0x30, 0x09, 0x06, 0x03, 0x55,
324 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x0a, 0x06,
325 0x03, 0x55, 0x04, 0x41, 0x13, 0x03, 0x41, 0x4e, 0x4f)));
326 /* C=CH, O=strongSwan (but instead of a 2nd OID -0x06- we got NULL -0x05) */
327 string_equals_id("C=CH, (invalid ID_DER_ASN1_DN)", identification_create_from_encoding(ID_DER_ASN1_DN
,
328 chunk_from_chars(0x30, 0x20, 0x31, 0x1e, 0x30, 0x09, 0x06, 0x03, 0x55,
329 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x11, 0x05,
330 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x73, 0x74, 0x72,
331 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e)));
332 /* moon@strongswan.org as GN */
333 string_equals_id("(ASN.1 general name)", identification_create_from_encoding(ID_DER_ASN1_GN
,
334 chunk_from_chars(0x81, 0x14, 0x6d, 0x6f, 0x6f, 0x6e, 0x40, 0x73, 0x74,
335 0x72, 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
340 START_TEST(test_printf_hook_width
)
345 a
= identification_create_from_string("moon@strongswan.org");
346 snprintf(buf
, sizeof(buf
), "%25Y", a
);
347 ck_assert_str_eq(" moon@strongswan.org", buf
);
348 snprintf(buf
, sizeof(buf
), "%-*Y", 25, a
);
349 ck_assert_str_eq("moon@strongswan.org ", buf
);
350 snprintf(buf
, sizeof(buf
), "%5Y", a
);
351 ck_assert_str_eq("moon@strongswan.org", buf
);
356 /*******************************************************************************
360 static bool id_equals(identification_t
*a
, char *b_str
)
365 b
= identification_create_from_string(b_str
);
366 equals
= a
->equals(a
, b
);
367 ck_assert_int_eq(equals
, b
->equals(b
, a
));
372 START_TEST(test_equals
)
375 chunk_t encoding
, fuzzed
;
378 /* this test also tests identification_create_from_string with DNs */
379 a
= identification_create_from_string(
380 "C=CH, E=moon@strongswan.org, CN=moon");
382 ck_assert(id_equals(a
, "C=CH, E=moon@strongswan.org, CN=moon"));
383 ck_assert(id_equals(a
, "C==CH , E==moon@strongswan.org , CN==moon"));
384 ck_assert(id_equals(a
, " C=CH, E=moon@strongswan.org, CN=moon "));
385 ck_assert(id_equals(a
, "C=ch, E=moon@STRONGSWAN.ORG, CN=Moon"));
386 ck_assert(id_equals(a
, "/C=CH/E=moon@strongswan.org/CN=moon"));
387 ck_assert(id_equals(a
, " / C=CH / E=moon@strongswan.org / CN=moon"));
389 ck_assert(!id_equals(a
, "C=CH/E=moon@strongswan.org/CN=moon"));
390 ck_assert(!id_equals(a
, "C=CH/E=moon@strongswan.org,CN=moon"));
391 ck_assert(!id_equals(a
, "C=CH E=moon@strongswan.org CN=moon"));
392 ck_assert(!id_equals(a
, "C=CN, E=moon@strongswan.org, CN=moon"));
393 ck_assert(!id_equals(a
, "E=moon@strongswan.org, C=CH, CN=moon"));
394 ck_assert(!id_equals(a
, "E=moon@strongswan.org, C=CH, CN=moon"));
396 encoding
= chunk_clone(a
->get_encoding(a
));
399 /* simple fuzzing, increment each byte of encoding */
400 for (i
= 0; i
< encoding
.len
; i
++)
402 if (i
== 11 || i
== 30 || i
== 60)
403 { /* skip ASN.1 type fields, as equals() handles them graceful */
406 fuzzed
= chunk_clone(encoding
);
408 a
= identification_create_from_encoding(ID_DER_ASN1_DN
, fuzzed
);
409 if (id_equals(a
, "C=CH, E=moon@strongswan.org, CN=moon"))
411 printf("%d %B\n%B\n", i
, &fuzzed
, &encoding
);
413 ck_assert(!id_equals(a
, "C=CH, E=moon@strongswan.org, CN=moon"));
418 /* and decrement each byte of encoding */
419 for (i
= 0; i
< encoding
.len
; i
++)
421 if (i
== 11 || i
== 30 || i
== 60)
425 fuzzed
= chunk_clone(encoding
);
427 a
= identification_create_from_encoding(ID_DER_ASN1_DN
, fuzzed
);
428 ck_assert(!id_equals(a
, "C=CH, E=moon@strongswan.org, CN=moon"));
436 START_TEST(test_equals_any
)
438 identification_t
*a
, *b
;
440 a
= identification_create_from_string("%any");
441 b
= identification_create_from_encoding(ID_ANY
, chunk_empty
);
442 ck_assert(a
->equals(a
, b
));
443 ck_assert(b
->equals(b
, a
));
446 b
= identification_create_from_string("C=CH, O=strongSwan, CN=strongswan.org");
447 ck_assert(!a
->equals(a
, b
));
448 ck_assert(!b
->equals(b
, a
));
454 START_TEST(test_equals_binary
)
456 identification_t
*a
, *b
;
459 encoding
= chunk_from_str("foobar=");
460 /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
461 a
= identification_create_from_string("foobar=");
462 ck_assert(a
->get_type(a
) == ID_KEY_ID
);
463 b
= identification_create_from_encoding(ID_KEY_ID
, encoding
);
464 ck_assert(a
->equals(a
, b
));
470 START_TEST(test_equals_fqdn
)
474 a
= identification_create_from_string("ipsec.strongswan.org");
475 ck_assert(id_equals(a
, "IPSEC.strongswan.org"));
476 ck_assert(id_equals(a
, "ipsec.strongSwan.org"));
477 ck_assert(id_equals(a
, "ipsec.strongSwan.ORG"));
478 ck_assert(!id_equals(a
, "strongswan.org"));
483 START_TEST(test_equals_empty
)
487 a
= identification_create_from_encoding(_i
, chunk_empty
);
492 ck_assert(id_equals(a
, "%any"));
495 ck_assert(!id_equals(a
, "192.168.1.1"));
498 ck_assert(!id_equals(a
, "moon.strongswan.org"));
501 ck_assert(!id_equals(a
, "moon@strongswan.org"));
504 ck_assert(!id_equals(a
, "fec0::1"));
507 ck_assert(!id_equals(a
, "C=CH, E=moon@strongswan.org, CN=moon"));
510 ck_assert(!id_equals(a
, "@#12345678"));
513 case ID_IPV4_ADDR_SUBNET
:
514 case ID_IPV6_ADDR_SUBNET
:
515 case ID_IPV4_ADDR_RANGE
:
516 case ID_IPV6_ADDR_RANGE
:
517 /* currently not tested */
525 /*******************************************************************************
529 static bool id_matches(identification_t
*a
, char *b_str
, id_match_t expected
)
534 b
= identification_create_from_string(b_str
);
535 match
= a
->matches(a
, b
);
537 return match
== expected
;
540 START_TEST(test_matches
)
544 a
= identification_create_from_string("C=CH, E=moon@strongswan.org, CN=moon");
546 ck_assert(id_matches(a
, "C=CH, E=moon@strongswan.org, CN=moon", ID_MATCH_PERFECT
));
547 ck_assert(id_matches(a
, "C=CH, E=*, CN=moon", ID_MATCH_ONE_WILDCARD
));
548 ck_assert(id_matches(a
, "C=CH, E=*, CN=*", ID_MATCH_ONE_WILDCARD
- 1));
549 ck_assert(id_matches(a
, "C=*, E=*, CN=*", ID_MATCH_ONE_WILDCARD
- 2));
550 ck_assert(id_matches(a
, "C=*, E=*, CN=*, O=BADInc", ID_MATCH_NONE
));
551 ck_assert(id_matches(a
, "C=*, E=*", ID_MATCH_NONE
));
552 ck_assert(id_matches(a
, "C=*, E=a@b.c, CN=*", ID_MATCH_NONE
));
553 ck_assert(id_matches(a
, "%any", ID_MATCH_ANY
));
559 START_TEST(test_matches_any
)
563 a
= identification_create_from_string("%any");
565 ck_assert(id_matches(a
, "%any", ID_MATCH_ANY
));
566 ck_assert(id_matches(a
, "", ID_MATCH_ANY
));
567 ck_assert(id_matches(a
, "*", ID_MATCH_ANY
));
568 ck_assert(id_matches(a
, "moon@strongswan.org", ID_MATCH_NONE
));
569 ck_assert(id_matches(a
, "vpn.strongswan.org", ID_MATCH_NONE
));
574 START_TEST(test_matches_binary
)
578 /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
579 a
= identification_create_from_string("foo=bar");
580 ck_assert(a
->get_type(a
) == ID_KEY_ID
);
581 ck_assert(id_matches(a
, "%any", ID_MATCH_ANY
));
582 ck_assert(id_matches(a
, "foo=bar", ID_MATCH_PERFECT
));
583 ck_assert(id_matches(a
, "bar=foo", ID_MATCH_NONE
));
584 ck_assert(id_matches(a
, "*=bar", ID_MATCH_NONE
));
585 ck_assert(id_matches(a
, "foo=*", ID_MATCH_NONE
));
586 ck_assert(id_matches(a
, "foo@bar", ID_MATCH_NONE
));
591 START_TEST(test_matches_string
)
595 a
= identification_create_from_string("moon@strongswan.org");
597 ck_assert(id_matches(a
, "moon@strongswan.org", ID_MATCH_PERFECT
));
598 ck_assert(id_matches(a
, "*@strongswan.org", ID_MATCH_ONE_WILDCARD
));
599 ck_assert(id_matches(a
, "*@*.org", ID_MATCH_NONE
));
600 ck_assert(id_matches(a
, "*@*", ID_MATCH_NONE
));
601 /* the following two are parsed as ID_FQDN, so no match */
602 ck_assert(id_matches(a
, "*strongswan.org", ID_MATCH_NONE
));
603 ck_assert(id_matches(a
, "*.org", ID_MATCH_NONE
));
604 ck_assert(id_matches(a
, "moon@*", ID_MATCH_NONE
));
605 ck_assert(id_matches(a
, "**", ID_MATCH_NONE
));
606 ck_assert(id_matches(a
, "*", ID_MATCH_ANY
));
607 ck_assert(id_matches(a
, "%any", ID_MATCH_ANY
));
610 a
= identification_create_from_string("vpn.strongswan.org");
612 ck_assert(id_matches(a
, "vpn.strongswan.org", ID_MATCH_PERFECT
));
613 ck_assert(id_matches(a
, "*.strongswan.org", ID_MATCH_ONE_WILDCARD
));
614 ck_assert(id_matches(a
, "*strongswan.org", ID_MATCH_ONE_WILDCARD
));
615 ck_assert(id_matches(a
, "*.org", ID_MATCH_ONE_WILDCARD
));
616 ck_assert(id_matches(a
, "*.strongswan.*", ID_MATCH_NONE
));
617 ck_assert(id_matches(a
, "*vpn.strongswan.org", ID_MATCH_NONE
));
618 ck_assert(id_matches(a
, "vpn.strongswan.*", ID_MATCH_NONE
));
619 ck_assert(id_matches(a
, "**", ID_MATCH_NONE
));
620 ck_assert(id_matches(a
, "*", ID_MATCH_ANY
));
621 ck_assert(id_matches(a
, "%any", ID_MATCH_ANY
));
626 START_TEST(test_matches_empty
)
630 a
= identification_create_from_encoding(_i
, chunk_empty
);
635 ck_assert(id_matches(a
, "%any", ID_MATCH_ANY
));
638 ck_assert(id_matches(a
, "192.168.1.1", ID_MATCH_NONE
));
641 ck_assert(id_matches(a
, "moon.strongswan.org", ID_MATCH_NONE
));
644 ck_assert(id_matches(a
, "moon@strongswan.org", ID_MATCH_NONE
));
647 ck_assert(id_matches(a
, "fec0::1", ID_MATCH_NONE
));
650 ck_assert(id_matches(a
, "C=CH, E=moon@strongswan.org, CN=moon",
654 ck_assert(id_matches(a
, "@#12345678", ID_MATCH_NONE
));
657 case ID_IPV4_ADDR_SUBNET
:
658 case ID_IPV6_ADDR_SUBNET
:
659 case ID_IPV4_ADDR_RANGE
:
660 case ID_IPV6_ADDR_RANGE
:
661 /* currently not tested */
669 static bool id_matches_rev(identification_t
*a
, char *b_str
, id_match_t expected
)
674 b
= identification_create_from_string(b_str
);
675 match
= b
->matches(b
, a
);
677 return match
== expected
;
680 START_TEST(test_matches_empty_reverse
)
684 a
= identification_create_from_encoding(_i
, chunk_empty
);
689 ck_assert(id_matches_rev(a
, "%any", ID_MATCH_ANY
));
692 ck_assert(id_matches_rev(a
, "192.168.1.1", ID_MATCH_NONE
));
695 ck_assert(id_matches_rev(a
, "moon.strongswan.org", ID_MATCH_NONE
));
698 ck_assert(id_matches_rev(a
, "moon@strongswan.org", ID_MATCH_NONE
));
701 ck_assert(id_matches_rev(a
, "fec0::1", ID_MATCH_NONE
));
704 ck_assert(id_matches_rev(a
, "C=CH, E=moon@strongswan.org, CN=moon",
708 ck_assert(id_matches_rev(a
, "@#12345678", ID_MATCH_NONE
));
711 case ID_IPV4_ADDR_SUBNET
:
712 case ID_IPV6_ADDR_SUBNET
:
713 case ID_IPV4_ADDR_RANGE
:
714 case ID_IPV6_ADDR_RANGE
:
715 /* currently not tested */
723 /*******************************************************************************
724 * identification part enumeration
727 START_TEST(test_parts
)
729 identification_t
*id
;
730 enumerator_t
*enumerator
;
735 id
= identification_create_from_string("C=CH, O=strongSwan, CN=tester");
737 enumerator
= id
->create_part_enumerator(id
);
738 while (enumerator
->enumerate(enumerator
, &part
, &data
))
743 ck_assert(part
== ID_PART_RDN_C
&&
744 chunk_equals(data
, chunk_create("CH", 2)));
747 ck_assert(part
== ID_PART_RDN_O
&&
748 chunk_equals(data
, chunk_from_str("strongSwan")));
751 ck_assert(part
== ID_PART_RDN_CN
&&
752 chunk_equals(data
, chunk_from_str("tester")));
755 fail("unexpected identification part %d", part
);
758 ck_assert_int_eq(i
, 3);
759 enumerator
->destroy(enumerator
);
764 /*******************************************************************************
768 static bool id_contains_wildcards(char *string
)
770 identification_t
*id
;
773 id
= identification_create_from_string(string
);
774 contains
= id
->contains_wildcards(id
);
779 START_TEST(test_contains_wildcards
)
781 ck_assert(id_contains_wildcards("%any"));
782 ck_assert(id_contains_wildcards("C=*, O=strongSwan, CN=gw"));
783 ck_assert(id_contains_wildcards("C=CH, O=strongSwan, CN=*"));
784 ck_assert(id_contains_wildcards("*@strongswan.org"));
785 ck_assert(id_contains_wildcards("*.strongswan.org"));
786 ck_assert(!id_contains_wildcards("C=**, O=a*, CN=*a"));
790 /*******************************************************************************
794 START_TEST(test_clone
)
796 identification_t
*a
, *b
;
797 chunk_t a_enc
, b_enc
;
799 a
= identification_create_from_string("moon@strongswan.org");
800 a_enc
= a
->get_encoding(a
);
802 ck_assert(b
!= NULL
);
804 b_enc
= b
->get_encoding(b
);
805 ck_assert(a_enc
.ptr
!= b_enc
.ptr
);
806 ck_assert(chunk_equals(a_enc
, b_enc
));
812 Suite
*identification_suite_create()
817 s
= suite_create("identification");
819 tc
= tcase_create("create");
820 tcase_add_test(tc
, test_from_encoding
);
821 tcase_add_test(tc
, test_from_data
);
822 tcase_add_test(tc
, test_from_sockaddr
);
823 tcase_add_loop_test(tc
, test_from_string
, 0, countof(string_data
));
824 suite_add_tcase(s
, tc
);
826 tc
= tcase_create("printf_hook");
827 tcase_add_test(tc
, test_printf_hook
);
828 tcase_add_test(tc
, test_printf_hook_width
);
829 suite_add_tcase(s
, tc
);
831 tc
= tcase_create("equals");
832 tcase_add_test(tc
, test_equals
);
833 tcase_add_test(tc
, test_equals_any
);
834 tcase_add_test(tc
, test_equals_binary
);
835 tcase_add_test(tc
, test_equals_fqdn
);
836 tcase_add_loop_test(tc
, test_equals_empty
, ID_ANY
, ID_KEY_ID
+ 1);
837 suite_add_tcase(s
, tc
);
839 tc
= tcase_create("matches");
840 tcase_add_test(tc
, test_matches
);
841 tcase_add_test(tc
, test_matches_any
);
842 tcase_add_test(tc
, test_matches_binary
);
843 tcase_add_test(tc
, test_matches_string
);
844 tcase_add_loop_test(tc
, test_matches_empty
, ID_ANY
, ID_KEY_ID
+ 1);
845 tcase_add_loop_test(tc
, test_matches_empty_reverse
, ID_ANY
, ID_KEY_ID
+ 1);
846 suite_add_tcase(s
, tc
);
848 tc
= tcase_create("part enumeration");
849 tcase_add_test(tc
, test_parts
);
850 suite_add_tcase(s
, tc
);
852 tc
= tcase_create("wildcards");
853 tcase_add_test(tc
, test_contains_wildcards
);
854 suite_add_tcase(s
, tc
);
856 tc
= tcase_create("clone");
857 tcase_add_test(tc
, test_clone
);
858 suite_add_tcase(s
, tc
);