]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libstrongswan/tests/suites/test_identification.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
identification: Support prefixes in string constructors for an explicit type
[thirdparty/strongswan.git] / src / libstrongswan / tests / suites / test_identification.c
1 /*
2 * Copyright (C) 2013 Tobias Brunner
3 * Copyright (C) 2009 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "test_suite.h"
18
19 #include <utils/identification.h>
20
21 /*******************************************************************************
22 * create (_from_encoding, _from_data, _from_string, _from_sockaddr)
23 */
24
25 START_TEST(test_from_encoding)
26 {
27 identification_t *a;
28 chunk_t expected, encoding;
29
30 /* only ID_ANY is handled differently, for all other types the following
31 * applies. should we perhaps test that this is in fact the case? */
32 expected = chunk_from_str("moon@strongswan.org");
33 a = identification_create_from_encoding(ID_RFC822_ADDR, expected);
34 ck_assert(ID_RFC822_ADDR == a->get_type(a));
35 encoding = a->get_encoding(a);
36 ck_assert(expected.ptr != encoding.ptr);
37 ck_assert(chunk_equals(expected, encoding));
38 a->destroy(a);
39
40 a = identification_create_from_encoding(ID_ANY, expected);
41 ck_assert(ID_ANY == a->get_type(a));
42 encoding = a->get_encoding(a);
43 ck_assert(encoding.ptr == NULL);
44 ck_assert(encoding.len == 0);
45 a->destroy(a);
46 }
47 END_TEST
48
49 START_TEST(test_from_data)
50 {
51 identification_t *a;
52 chunk_t expected, encoding;
53
54 /* this uses the DN parser (C=CH) */
55 expected = chunk_from_chars(0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06,
56 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48);
57 a = identification_create_from_data(expected);
58 ck_assert(ID_DER_ASN1_DN == a->get_type(a));
59 encoding = a->get_encoding(a);
60 ck_assert(expected.ptr != encoding.ptr);
61 ck_assert(chunk_equals(expected, encoding));
62 a->destroy(a);
63
64 /* everything else is handled by the string parser */
65 expected = chunk_from_str("moon@strongswan.org");
66 a = identification_create_from_data(expected);
67 ck_assert(ID_RFC822_ADDR == a->get_type(a));
68 encoding = a->get_encoding(a);
69 ck_assert(expected.ptr != encoding.ptr);
70 ck_assert(chunk_equals(expected, encoding));
71 a->destroy(a);
72 }
73 END_TEST
74
75 START_TEST(test_from_sockaddr)
76 {
77 identification_t *a;
78 chunk_t expected, encoding;
79 struct sockaddr_in in = {
80 .sin_family = AF_INET,
81 };
82 struct sockaddr_in6 in6 = {
83 .sin6_family = AF_INET6,
84 };
85
86 expected = chunk_from_chars(0xc0, 0xa8, 0x01, 0x01);
87 memcpy(&in.sin_addr, expected.ptr, sizeof(in.sin_addr));
88 a = identification_create_from_sockaddr((sockaddr_t*)&in);
89 ck_assert(ID_IPV4_ADDR == a->get_type(a));
90 encoding = a->get_encoding(a);
91 ck_assert(chunk_equals(expected, encoding));
92 a->destroy(a);
93
94 expected = chunk_from_chars(0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
96 memcpy(&in6.sin6_addr, expected.ptr, sizeof(in6.sin6_addr));
97 a = identification_create_from_sockaddr((sockaddr_t*)&in6);
98 ck_assert(ID_IPV6_ADDR == a->get_type(a));
99 encoding = a->get_encoding(a);
100 ck_assert(chunk_equals(expected, encoding));
101 a->destroy(a);
102
103 in6.sin6_family = AF_UNSPEC;
104 a = identification_create_from_sockaddr((sockaddr_t*)&in6);
105 ck_assert(ID_ANY == a->get_type(a));
106 a->destroy(a);
107 }
108 END_TEST
109
110 static struct {
111 char *id;
112 id_type_t type;
113 struct {
114 enum {
115 ENC_CHUNK,
116 ENC_STRING,
117 ENC_SIMPLE,
118 } type;
119 union {
120 chunk_t c;
121 char *s;
122 } data;
123 } result;
124 } string_data[] = {
125 {NULL, ID_ANY, { .type = ENC_CHUNK }},
126 {"", ID_ANY, { .type = ENC_CHUNK }},
127 {"%any", ID_ANY, { .type = ENC_CHUNK }},
128 {"%any6", ID_ANY, { .type = ENC_CHUNK }},
129 {"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
130 {"0::0", ID_ANY, { .type = ENC_CHUNK }},
131 {"::", ID_ANY, { .type = ENC_CHUNK }},
132 {"*", ID_ANY, { .type = ENC_CHUNK }},
133 {"any", ID_FQDN, { .type = ENC_SIMPLE }},
134 {"any6", ID_FQDN, { .type = ENC_SIMPLE }},
135 {"0", ID_FQDN, { .type = ENC_SIMPLE }},
136 {"**", ID_FQDN, { .type = ENC_SIMPLE }},
137 {"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
138 .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
139 {"192.168.", ID_FQDN, { .type = ENC_SIMPLE }},
140 {".", ID_FQDN, { .type = ENC_SIMPLE }},
141 {"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
142 .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
143 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01) }},
144 {"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
145 .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
146 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
147 {"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
148 {":", ID_KEY_ID, { .type = ENC_SIMPLE }},
149 {"alice@strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
150 {"alice@strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
151 {"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
152 {"alice", ID_FQDN, { .type = ENC_SIMPLE }},
153 {"@", ID_FQDN, { .type = ENC_CHUNK }},
154 {" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
155 {"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
156 .data.s = "strongswan.org" }},
157 {"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
158 .data.c = chunk_from_chars(0xde,0xad,0xbe,0xef) }},
159 {"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
160 .data.c = chunk_from_chars(0x0d,0xea,0xdb,0xee) }},
161 {"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
162 {"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
163 {"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
164 {"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
165 .data.c = chunk_from_chars(0x30,0x0b,0x31,0x09,0x30,0x07,0x06,
166 0x03,0x55,0x04,0x06,0x13,0x00) }},
167 {"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
168 .data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
169 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
170 {"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
171 .data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
172 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
173 {"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
174 .data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
175 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
176 {"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
177 {"IPv4:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
178 .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
179 { "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
180 .data.s = "tester" }},
181 };
182
183 START_TEST(test_from_string)
184 {
185 identification_t *a;
186 chunk_t encoding, expected = chunk_empty;
187 char *id;
188
189 id = string_data[_i].id;
190 a = identification_create_from_string(id);
191 fail_unless(a->get_type(a) == string_data[_i].type,
192 "type of id '%s' is %N, %N expected", id,
193 id_type_names, a->get_type(a),
194 id_type_names, string_data[_i].type);
195
196 encoding = a->get_encoding(a);
197 switch (string_data[_i].result.type)
198 {
199 case ENC_SIMPLE:
200 expected = chunk_from_str(string_data[_i].id);
201 break;
202 case ENC_STRING:
203 expected = chunk_from_str(string_data[_i].result.data.s);
204 break;
205 case ENC_CHUNK:
206 expected = string_data[_i].result.data.c;
207 break;
208 default:
209 fail("unexpected result type");
210 }
211
212 ck_assert(!id || (char*)encoding.ptr != id);
213 if (expected.ptr)
214 {
215 fail_unless(chunk_equals(encoding, expected),
216 "parsing '%s' failed\nencoding %B\nexpected %B\n",
217 id, &encoding, &expected);
218 }
219 else
220 {
221 ck_assert(encoding.ptr == NULL);
222 ck_assert(encoding.len == 0);
223 }
224 a->destroy(a);
225 }
226 END_TEST
227
228 /*******************************************************************************
229 * printf_hook
230 */
231
232 static void string_equals(char *a_str, char *b_str)
233 {
234 identification_t *b;
235 char buf[128];
236
237 b = b_str ? identification_create_from_string(b_str) : NULL;
238 snprintf(buf, sizeof(buf), "%Y", b);
239 DESTROY_IF(b);
240 ck_assert_str_eq(a_str, buf);
241 }
242
243 static void string_equals_id(char *a_str, identification_t *b)
244 {
245 char buf[128];
246
247 snprintf(buf, sizeof(buf), "%Y", b);
248 DESTROY_IF(b);
249 ck_assert_str_eq(a_str, buf);
250 }
251
252 START_TEST(test_printf_hook)
253 {
254 string_equals("(null)", NULL);
255 string_equals("%any", "");
256 string_equals("%any", "%any");
257 string_equals("%any", "*");
258
259 string_equals("192.168.1.1", "192.168.1.1");
260 string_equals_id("(invalid ID_IPV4_ADDR)",
261 identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
262 string_equals("fec0::1", "fec0::1");
263 string_equals("fec0::1", "fec0:0:0::1");
264 string_equals_id("(invalid ID_IPV6_ADDR)",
265 identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
266
267 string_equals_id("(unknown ID type: 255)",
268 identification_create_from_encoding(255, chunk_empty));
269
270 string_equals("moon@strongswan.org", "moon@strongswan.org");
271 string_equals("MOON@STRONGSWAN.ORG", "MOON@STRONGSWAN.ORG");
272 /* non-printable characters */
273 string_equals_id("????@strongswan.org", identification_create_from_encoding(ID_RFC822_ADDR,
274 chunk_from_chars(0xfa, 0xfb, 0xfc, 0xfd, 0x40, 0x73, 0x74, 0x72,
275 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
276 0x6f, 0x72, 0x67)));
277
278 /* not a DN => ID_KEY_ID => no normalization */
279 string_equals("C=CH, AsdF=asdf", "C=CH, AsdF=asdf");
280 string_equals_id("moon@strongswan.org", identification_create_from_encoding(ID_KEY_ID,
281 chunk_from_str("moon@strongswan.org")));
282 /* non-printable characters */
283 string_equals_id("de:ad:be:ef", identification_create_from_encoding(ID_KEY_ID,
284 chunk_from_chars(0xde, 0xad, 0xbe, 0xef)));
285 /* printable characters */
286 string_equals_id("ABCDEFGHIJKLMNOPQRS",
287 identification_create_from_encoding(ID_KEY_ID,
288 chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
289 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
290 0x51, 0x52, 0x53)));
291 /* ABCDEFGHIJKLMNOPQRST is printable but has the length of a SHA1 hash */
292 string_equals_id("41:42:43:44:45:46:47:48:49:4a:4b:4c:4d:4e:4f:50:51:52:53:54",
293 identification_create_from_encoding(ID_KEY_ID,
294 chunk_from_chars(0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
295 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
296 0x51, 0x52, 0x53, 0x54)));
297
298 string_equals_id("", identification_create_from_encoding(ID_DER_ASN1_DN, chunk_empty));
299 string_equals("C=", "C=");
300 string_equals("C=", "C=,");
301 string_equals("C=", "C=, ");
302 string_equals("C=", "C= , ");
303 string_equals("C=, O=strongSwan", "C=, O=strongSwan");
304 string_equals("C=CH, O=", "C=CH, O=");
305 string_equals("C=CH, O=strongSwan, CN=strongswan.org",
306 "C=CH, O=strongSwan, CN=strongswan.org");
307 string_equals("CN=strongswan.org, O=strongSwan, C=CH",
308 "cn=strongswan.org, o=strongSwan, c=CH");
309 string_equals("C=CH, O=strongSwan, CN=strongswan.org",
310 "C=CH,O=strongSwan,CN=strongswan.org");
311 string_equals("C=CH, O=strongSwan, CN=strongswan.org",
312 "/C=CH/O=strongSwan/CN=strongswan.org");
313 string_equals("CN=strongswan.org, O=strongSwan, C=CH",
314 "CN=strongswan.org,O=strongSwan,C=CH");
315
316 string_equals("C=CH, E=moon@strongswan.org, CN=moon",
317 "C=CH, email=moon@strongswan.org, CN=moon");
318 string_equals("C=CH, E=moon@strongswan.org, CN=moon",
319 "C=CH, emailAddress=moon@strongswan.org, CN=moon");
320
321 /* C=CH, pseudonym=ANO (pseudonym is currently not recognized) */
322 string_equals_id("C=CH, 55:04:41=ANO", identification_create_from_encoding(ID_DER_ASN1_DN,
323 chunk_from_chars(0x30, 0x19, 0x31, 0x17, 0x30, 0x09, 0x06, 0x03, 0x55,
324 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x0a, 0x06,
325 0x03, 0x55, 0x04, 0x41, 0x13, 0x03, 0x41, 0x4e, 0x4f)));
326 /* C=CH, O=strongSwan (but instead of a 2nd OID -0x06- we got NULL -0x05) */
327 string_equals_id("C=CH, (invalid ID_DER_ASN1_DN)", identification_create_from_encoding(ID_DER_ASN1_DN,
328 chunk_from_chars(0x30, 0x20, 0x31, 0x1e, 0x30, 0x09, 0x06, 0x03, 0x55,
329 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x11, 0x05,
330 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x73, 0x74, 0x72,
331 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e)));
332 /* moon@strongswan.org as GN */
333 string_equals_id("(ASN.1 general name)", identification_create_from_encoding(ID_DER_ASN1_GN,
334 chunk_from_chars(0x81, 0x14, 0x6d, 0x6f, 0x6f, 0x6e, 0x40, 0x73, 0x74,
335 0x72, 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e,
336 0x6f, 0x72, 0x67)));
337 }
338 END_TEST
339
340 START_TEST(test_printf_hook_width)
341 {
342 identification_t *a;
343 char buf[128];
344
345 a = identification_create_from_string("moon@strongswan.org");
346 snprintf(buf, sizeof(buf), "%25Y", a);
347 ck_assert_str_eq(" moon@strongswan.org", buf);
348 snprintf(buf, sizeof(buf), "%-*Y", 25, a);
349 ck_assert_str_eq("moon@strongswan.org ", buf);
350 snprintf(buf, sizeof(buf), "%5Y", a);
351 ck_assert_str_eq("moon@strongswan.org", buf);
352 DESTROY_IF(a);
353 }
354 END_TEST
355
356 /*******************************************************************************
357 * equals
358 */
359
360 static bool id_equals(identification_t *a, char *b_str)
361 {
362 identification_t *b;
363 bool equals;
364
365 b = identification_create_from_string(b_str);
366 equals = a->equals(a, b);
367 ck_assert_int_eq(equals, b->equals(b, a));
368 b->destroy(b);
369 return equals;
370 }
371
372 START_TEST(test_equals)
373 {
374 identification_t *a;
375 chunk_t encoding, fuzzed;
376 int i;
377
378 /* this test also tests identification_create_from_string with DNs */
379 a = identification_create_from_string(
380 "C=CH, E=moon@strongswan.org, CN=moon");
381
382 ck_assert(id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
383 ck_assert(id_equals(a, "C==CH , E==moon@strongswan.org , CN==moon"));
384 ck_assert(id_equals(a, " C=CH, E=moon@strongswan.org, CN=moon "));
385 ck_assert(id_equals(a, "C=ch, E=moon@STRONGSWAN.ORG, CN=Moon"));
386 ck_assert(id_equals(a, "/C=CH/E=moon@strongswan.org/CN=moon"));
387 ck_assert(id_equals(a, " / C=CH / E=moon@strongswan.org / CN=moon"));
388
389 ck_assert(!id_equals(a, "C=CH/E=moon@strongswan.org/CN=moon"));
390 ck_assert(!id_equals(a, "C=CH/E=moon@strongswan.org,CN=moon"));
391 ck_assert(!id_equals(a, "C=CH E=moon@strongswan.org CN=moon"));
392 ck_assert(!id_equals(a, "C=CN, E=moon@strongswan.org, CN=moon"));
393 ck_assert(!id_equals(a, "E=moon@strongswan.org, C=CH, CN=moon"));
394 ck_assert(!id_equals(a, "E=moon@strongswan.org, C=CH, CN=moon"));
395
396 encoding = chunk_clone(a->get_encoding(a));
397 a->destroy(a);
398
399 /* simple fuzzing, increment each byte of encoding */
400 for (i = 0; i < encoding.len; i++)
401 {
402 if (i == 11 || i == 30 || i == 60)
403 { /* skip ASN.1 type fields, as equals() handles them graceful */
404 continue;
405 }
406 fuzzed = chunk_clone(encoding);
407 fuzzed.ptr[i]++;
408 a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
409 if (id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"))
410 {
411 printf("%d %B\n%B\n", i, &fuzzed, &encoding);
412 }
413 ck_assert(!id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
414 a->destroy(a);
415 free(fuzzed.ptr);
416 }
417
418 /* and decrement each byte of encoding */
419 for (i = 0; i < encoding.len; i++)
420 {
421 if (i == 11 || i == 30 || i == 60)
422 {
423 continue;
424 }
425 fuzzed = chunk_clone(encoding);
426 fuzzed.ptr[i]--;
427 a = identification_create_from_encoding(ID_DER_ASN1_DN, fuzzed);
428 ck_assert(!id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
429 a->destroy(a);
430 free(fuzzed.ptr);
431 }
432 free(encoding.ptr);
433 }
434 END_TEST
435
436 START_TEST(test_equals_any)
437 {
438 identification_t *a, *b;
439
440 a = identification_create_from_string("%any");
441 b = identification_create_from_encoding(ID_ANY, chunk_empty);
442 ck_assert(a->equals(a, b));
443 ck_assert(b->equals(b, a));
444 b->destroy(b);
445
446 b = identification_create_from_string("C=CH, O=strongSwan, CN=strongswan.org");
447 ck_assert(!a->equals(a, b));
448 ck_assert(!b->equals(b, a));
449 a->destroy(a);
450 b->destroy(b);
451 }
452 END_TEST
453
454 START_TEST(test_equals_binary)
455 {
456 identification_t *a, *b;
457 chunk_t encoding;
458
459 encoding = chunk_from_str("foobar=");
460 /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
461 a = identification_create_from_string("foobar=");
462 ck_assert(a->get_type(a) == ID_KEY_ID);
463 b = identification_create_from_encoding(ID_KEY_ID, encoding);
464 ck_assert(a->equals(a, b));
465 a->destroy(a);
466 b->destroy(b);
467 }
468 END_TEST
469
470 START_TEST(test_equals_fqdn)
471 {
472 identification_t *a;
473
474 a = identification_create_from_string("ipsec.strongswan.org");
475 ck_assert(id_equals(a, "IPSEC.strongswan.org"));
476 ck_assert(id_equals(a, "ipsec.strongSwan.org"));
477 ck_assert(id_equals(a, "ipsec.strongSwan.ORG"));
478 ck_assert(!id_equals(a, "strongswan.org"));
479 a->destroy(a);
480 }
481 END_TEST
482
483 START_TEST(test_equals_empty)
484 {
485 identification_t *a;
486
487 a = identification_create_from_encoding(_i, chunk_empty);
488
489 switch (_i)
490 {
491 case ID_ANY:
492 ck_assert(id_equals(a, "%any"));
493 break;
494 case ID_IPV4_ADDR:
495 ck_assert(!id_equals(a, "192.168.1.1"));
496 break;
497 case ID_FQDN:
498 ck_assert(!id_equals(a, "moon.strongswan.org"));
499 break;
500 case ID_USER_FQDN:
501 ck_assert(!id_equals(a, "moon@strongswan.org"));
502 break;
503 case ID_IPV6_ADDR:
504 ck_assert(!id_equals(a, "fec0::1"));
505 break;
506 case ID_DER_ASN1_DN:
507 ck_assert(!id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
508 break;
509 case ID_KEY_ID:
510 ck_assert(!id_equals(a, "@#12345678"));
511 break;
512 case ID_DER_ASN1_GN:
513 case ID_IPV4_ADDR_SUBNET:
514 case ID_IPV6_ADDR_SUBNET:
515 case ID_IPV4_ADDR_RANGE:
516 case ID_IPV6_ADDR_RANGE:
517 /* currently not tested */
518 break;
519 }
520
521 a->destroy(a);
522 }
523 END_TEST
524
525 /*******************************************************************************
526 * matches
527 */
528
529 static bool id_matches(identification_t *a, char *b_str, id_match_t expected)
530 {
531 identification_t *b;
532 id_match_t match;
533
534 b = identification_create_from_string(b_str);
535 match = a->matches(a, b);
536 b->destroy(b);
537 return match == expected;
538 }
539
540 START_TEST(test_matches)
541 {
542 identification_t *a;
543
544 a = identification_create_from_string("C=CH, E=moon@strongswan.org, CN=moon");
545
546 ck_assert(id_matches(a, "C=CH, E=moon@strongswan.org, CN=moon", ID_MATCH_PERFECT));
547 ck_assert(id_matches(a, "C=CH, E=*, CN=moon", ID_MATCH_ONE_WILDCARD));
548 ck_assert(id_matches(a, "C=CH, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 1));
549 ck_assert(id_matches(a, "C=*, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 2));
550 ck_assert(id_matches(a, "C=*, E=*, CN=*, O=BADInc", ID_MATCH_NONE));
551 ck_assert(id_matches(a, "C=*, E=*", ID_MATCH_NONE));
552 ck_assert(id_matches(a, "C=*, E=a@b.c, CN=*", ID_MATCH_NONE));
553 ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
554
555 a->destroy(a);
556 }
557 END_TEST
558
559 START_TEST(test_matches_any)
560 {
561 identification_t *a;
562
563 a = identification_create_from_string("%any");
564
565 ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
566 ck_assert(id_matches(a, "", ID_MATCH_ANY));
567 ck_assert(id_matches(a, "*", ID_MATCH_ANY));
568 ck_assert(id_matches(a, "moon@strongswan.org", ID_MATCH_NONE));
569 ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_NONE));
570 a->destroy(a);
571 }
572 END_TEST
573
574 START_TEST(test_matches_binary)
575 {
576 identification_t *a;
577
578 /* strings containing = are parsed as KEY_ID if they aren't valid ASN.1 DNs */
579 a = identification_create_from_string("foo=bar");
580 ck_assert(a->get_type(a) == ID_KEY_ID);
581 ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
582 ck_assert(id_matches(a, "foo=bar", ID_MATCH_PERFECT));
583 ck_assert(id_matches(a, "bar=foo", ID_MATCH_NONE));
584 ck_assert(id_matches(a, "*=bar", ID_MATCH_NONE));
585 ck_assert(id_matches(a, "foo=*", ID_MATCH_NONE));
586 ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
587 a->destroy(a);
588 }
589 END_TEST
590
591 START_TEST(test_matches_string)
592 {
593 identification_t *a;
594
595 a = identification_create_from_string("moon@strongswan.org");
596
597 ck_assert(id_matches(a, "moon@strongswan.org", ID_MATCH_PERFECT));
598 ck_assert(id_matches(a, "*@strongswan.org", ID_MATCH_ONE_WILDCARD));
599 ck_assert(id_matches(a, "*@*.org", ID_MATCH_NONE));
600 ck_assert(id_matches(a, "*@*", ID_MATCH_NONE));
601 /* the following two are parsed as ID_FQDN, so no match */
602 ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_NONE));
603 ck_assert(id_matches(a, "*.org", ID_MATCH_NONE));
604 ck_assert(id_matches(a, "moon@*", ID_MATCH_NONE));
605 ck_assert(id_matches(a, "**", ID_MATCH_NONE));
606 ck_assert(id_matches(a, "*", ID_MATCH_ANY));
607 ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
608 a->destroy(a);
609
610 a = identification_create_from_string("vpn.strongswan.org");
611
612 ck_assert(id_matches(a, "vpn.strongswan.org", ID_MATCH_PERFECT));
613 ck_assert(id_matches(a, "*.strongswan.org", ID_MATCH_ONE_WILDCARD));
614 ck_assert(id_matches(a, "*strongswan.org", ID_MATCH_ONE_WILDCARD));
615 ck_assert(id_matches(a, "*.org", ID_MATCH_ONE_WILDCARD));
616 ck_assert(id_matches(a, "*.strongswan.*", ID_MATCH_NONE));
617 ck_assert(id_matches(a, "*vpn.strongswan.org", ID_MATCH_NONE));
618 ck_assert(id_matches(a, "vpn.strongswan.*", ID_MATCH_NONE));
619 ck_assert(id_matches(a, "**", ID_MATCH_NONE));
620 ck_assert(id_matches(a, "*", ID_MATCH_ANY));
621 ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
622 a->destroy(a);
623 }
624 END_TEST
625
626 START_TEST(test_matches_empty)
627 {
628 identification_t *a;
629
630 a = identification_create_from_encoding(_i, chunk_empty);
631
632 switch (_i)
633 {
634 case ID_ANY:
635 ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
636 break;
637 case ID_IPV4_ADDR:
638 ck_assert(id_matches(a, "192.168.1.1", ID_MATCH_NONE));
639 break;
640 case ID_FQDN:
641 ck_assert(id_matches(a, "moon.strongswan.org", ID_MATCH_NONE));
642 break;
643 case ID_USER_FQDN:
644 ck_assert(id_matches(a, "moon@strongswan.org", ID_MATCH_NONE));
645 break;
646 case ID_IPV6_ADDR:
647 ck_assert(id_matches(a, "fec0::1", ID_MATCH_NONE));
648 break;
649 case ID_DER_ASN1_DN:
650 ck_assert(id_matches(a, "C=CH, E=moon@strongswan.org, CN=moon",
651 ID_MATCH_NONE));
652 break;
653 case ID_KEY_ID:
654 ck_assert(id_matches(a, "@#12345678", ID_MATCH_NONE));
655 break;
656 case ID_DER_ASN1_GN:
657 case ID_IPV4_ADDR_SUBNET:
658 case ID_IPV6_ADDR_SUBNET:
659 case ID_IPV4_ADDR_RANGE:
660 case ID_IPV6_ADDR_RANGE:
661 /* currently not tested */
662 break;
663 }
664
665 a->destroy(a);
666 }
667 END_TEST
668
669 static bool id_matches_rev(identification_t *a, char *b_str, id_match_t expected)
670 {
671 identification_t *b;
672 id_match_t match;
673
674 b = identification_create_from_string(b_str);
675 match = b->matches(b, a);
676 b->destroy(b);
677 return match == expected;
678 }
679
680 START_TEST(test_matches_empty_reverse)
681 {
682 identification_t *a;
683
684 a = identification_create_from_encoding(_i, chunk_empty);
685
686 switch (_i)
687 {
688 case ID_ANY:
689 ck_assert(id_matches_rev(a, "%any", ID_MATCH_ANY));
690 break;
691 case ID_IPV4_ADDR:
692 ck_assert(id_matches_rev(a, "192.168.1.1", ID_MATCH_NONE));
693 break;
694 case ID_FQDN:
695 ck_assert(id_matches_rev(a, "moon.strongswan.org", ID_MATCH_NONE));
696 break;
697 case ID_USER_FQDN:
698 ck_assert(id_matches_rev(a, "moon@strongswan.org", ID_MATCH_NONE));
699 break;
700 case ID_IPV6_ADDR:
701 ck_assert(id_matches_rev(a, "fec0::1", ID_MATCH_NONE));
702 break;
703 case ID_DER_ASN1_DN:
704 ck_assert(id_matches_rev(a, "C=CH, E=moon@strongswan.org, CN=moon",
705 ID_MATCH_NONE));
706 break;
707 case ID_KEY_ID:
708 ck_assert(id_matches_rev(a, "@#12345678", ID_MATCH_NONE));
709 break;
710 case ID_DER_ASN1_GN:
711 case ID_IPV4_ADDR_SUBNET:
712 case ID_IPV6_ADDR_SUBNET:
713 case ID_IPV4_ADDR_RANGE:
714 case ID_IPV6_ADDR_RANGE:
715 /* currently not tested */
716 break;
717 }
718
719 a->destroy(a);
720 }
721 END_TEST
722
723 /*******************************************************************************
724 * identification part enumeration
725 */
726
727 START_TEST(test_parts)
728 {
729 identification_t *id;
730 enumerator_t *enumerator;
731 id_part_t part;
732 chunk_t data;
733 int i = 0;
734
735 id = identification_create_from_string("C=CH, O=strongSwan, CN=tester");
736
737 enumerator = id->create_part_enumerator(id);
738 while (enumerator->enumerate(enumerator, &part, &data))
739 {
740 switch (i++)
741 {
742 case 0:
743 ck_assert(part == ID_PART_RDN_C &&
744 chunk_equals(data, chunk_create("CH", 2)));
745 break;
746 case 1:
747 ck_assert(part == ID_PART_RDN_O &&
748 chunk_equals(data, chunk_from_str("strongSwan")));
749 break;
750 case 2:
751 ck_assert(part == ID_PART_RDN_CN &&
752 chunk_equals(data, chunk_from_str("tester")));
753 break;
754 default:
755 fail("unexpected identification part %d", part);
756 }
757 }
758 ck_assert_int_eq(i, 3);
759 enumerator->destroy(enumerator);
760 id->destroy(id);
761 }
762 END_TEST
763
764 /*******************************************************************************
765 * wildcards
766 */
767
768 static bool id_contains_wildcards(char *string)
769 {
770 identification_t *id;
771 bool contains;
772
773 id = identification_create_from_string(string);
774 contains = id->contains_wildcards(id);
775 id->destroy(id);
776 return contains;
777 }
778
779 START_TEST(test_contains_wildcards)
780 {
781 ck_assert(id_contains_wildcards("%any"));
782 ck_assert(id_contains_wildcards("C=*, O=strongSwan, CN=gw"));
783 ck_assert(id_contains_wildcards("C=CH, O=strongSwan, CN=*"));
784 ck_assert(id_contains_wildcards("*@strongswan.org"));
785 ck_assert(id_contains_wildcards("*.strongswan.org"));
786 ck_assert(!id_contains_wildcards("C=**, O=a*, CN=*a"));
787 }
788 END_TEST
789
790 /*******************************************************************************
791 * clone
792 */
793
794 START_TEST(test_clone)
795 {
796 identification_t *a, *b;
797 chunk_t a_enc, b_enc;
798
799 a = identification_create_from_string("moon@strongswan.org");
800 a_enc = a->get_encoding(a);
801 b = a->clone(a);
802 ck_assert(b != NULL);
803 ck_assert(a != b);
804 b_enc = b->get_encoding(b);
805 ck_assert(a_enc.ptr != b_enc.ptr);
806 ck_assert(chunk_equals(a_enc, b_enc));
807 a->destroy(a);
808 b->destroy(b);
809 }
810 END_TEST
811
812 Suite *identification_suite_create()
813 {
814 Suite *s;
815 TCase *tc;
816
817 s = suite_create("identification");
818
819 tc = tcase_create("create");
820 tcase_add_test(tc, test_from_encoding);
821 tcase_add_test(tc, test_from_data);
822 tcase_add_test(tc, test_from_sockaddr);
823 tcase_add_loop_test(tc, test_from_string, 0, countof(string_data));
824 suite_add_tcase(s, tc);
825
826 tc = tcase_create("printf_hook");
827 tcase_add_test(tc, test_printf_hook);
828 tcase_add_test(tc, test_printf_hook_width);
829 suite_add_tcase(s, tc);
830
831 tc = tcase_create("equals");
832 tcase_add_test(tc, test_equals);
833 tcase_add_test(tc, test_equals_any);
834 tcase_add_test(tc, test_equals_binary);
835 tcase_add_test(tc, test_equals_fqdn);
836 tcase_add_loop_test(tc, test_equals_empty, ID_ANY, ID_KEY_ID + 1);
837 suite_add_tcase(s, tc);
838
839 tc = tcase_create("matches");
840 tcase_add_test(tc, test_matches);
841 tcase_add_test(tc, test_matches_any);
842 tcase_add_test(tc, test_matches_binary);
843 tcase_add_test(tc, test_matches_string);
844 tcase_add_loop_test(tc, test_matches_empty, ID_ANY, ID_KEY_ID + 1);
845 tcase_add_loop_test(tc, test_matches_empty_reverse, ID_ANY, ID_KEY_ID + 1);
846 suite_add_tcase(s, tc);
847
848 tc = tcase_create("part enumeration");
849 tcase_add_test(tc, test_parts);
850 suite_add_tcase(s, tc);
851
852 tc = tcase_create("wildcards");
853 tcase_add_test(tc, test_contains_wildcards);
854 suite_add_tcase(s, tc);
855
856 tc = tcase_create("clone");
857 tcase_add_test(tc, test_clone);
858 suite_add_tcase(s, tc);
859
860 return s;
861 }
Unnamed repository; edit this file 'description' to name the repository.