tests: enhanced set_x509_key_file check

That now verifies that the input is the same as the data stored
in the credentials as well checks for valid operation.

diff --git a/tests/set_x509_key_file.c b/tests/set_x509_key_file.c
index 8e1cf9d85944dd05670008a0bea54ef90e60266d..b43dcd767f9b4fbf71390a61e02e67962b29007f 100644 (file)
--- a/tests/set_x509_key_file.c
+++ b/tests/set_x509_key_file.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2014 Nikos Mavrogiannopoulos
+ * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos
+ * Copyright (C) 2016 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -26,27 +27,86 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <assert.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 
+#include "cert-common.h"
 #include "utils.h"
 
+static void compare(const gnutls_datum_t *der, const void *ipem)
+{
+       gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)};
+       gnutls_datum_t new_der;
+       int ret;
+
+       ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der);
+       if (ret < 0) {
+               fail("error: %s\n", gnutls_strerror(ret));
+       }
+
+       if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) {
+               fail("error in %d: %s\n", __LINE__, "cert don't match");
+               exit(1);
+       }
+       gnutls_free(new_der.data);
+       return;
+}
+
 void doit(void)
 {
        int ret;
        gnutls_certificate_credentials_t xcred;
        const char *keyfile = "./certs/ecc256.pem";
        const char *certfile = "does-not-exist.pem";
+       gnutls_datum_t tcert;
+       FILE *fp;
 
        global_init();
-       ret = gnutls_certificate_allocate_credentials(&xcred);
+       assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
 
        /* this will fail */
-       ret = gnutls_certificate_set_x509_key_file(xcred, certfile, keyfile,
-                                                  GNUTLS_X509_FMT_PEM);
+       ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile,
+                                                  GNUTLS_X509_FMT_PEM, NULL, 0);
        if (ret != GNUTLS_E_FILE_ERROR)
                fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret));
 
+       gnutls_certificate_free_credentials(xcred);
+
+       assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
+
+       certfile = tmpnam(NULL);
+
+       fp = fopen(certfile, "w");
+       if (fp == NULL)
+               fail("error in fopen\n");
+       assert(fwrite(server_cert_pem, 1, strlen((char*)server_cert_pem), fp)>0);
+       assert(fwrite(server_key_pem, 1, strlen((char*)server_key_pem), fp)>0);
+       fclose(fp);
+
+       ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile,
+                                                   GNUTLS_X509_FMT_PEM, NULL, 0);
+       if (ret < 0)
+               fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret));
+
+       /* verify whether the stored certificate match the ones we have */
+       ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert);
+       if (ret < 0) {
+               fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
+               exit(1);
+       }
+
+       compare(&tcert, server_cert_pem);
+
+       ret = gnutls_certificate_get_crt_raw(xcred, 0, 1, &tcert);
+       if (ret < 0) {
+               fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
+               exit(1);
+       }
+       compare(&tcert, server_cert_pem+2);
+
+       remove(certfile);
+
        gnutls_certificate_free_credentials(xcred);
        gnutls_global_deinit();
 }