]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Check the credentials getter functions as part of the unit tests
authorArmin Burgmeier <armin@arbur.net>
Tue, 23 Sep 2014 20:12:38 +0000 (16:12 -0400)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 24 Sep 2014 08:09:39 +0000 (10:09 +0200)
tests/openpgp-auth.c
tests/x509cert.c

index 67faf73898b111b731e9fc3d4d6394ca560ba21d..82e37126c244d58b4a3868ab71063d086d132854 100644 (file)
@@ -64,6 +64,49 @@ int key_recv_func(gnutls_session_t session, const unsigned char *keyfpr,
        return 0;
 }
 
+void check_loaded_key(gnutls_certificate_credentials_t cred)
+{
+       int err;
+       gnutls_openpgp_privkey_t key;
+       gnutls_openpgp_crt_t *crts;
+       int n_crts;
+       gnutls_datum_t datum;
+       gnutls_openpgp_keyid_t keyid;
+       int i;
+
+       /* check that the getter functions for openpgp keys of
+        * gnutls_certificate_credentials_t work and deliver the
+        * expected key ID. */
+
+       err = gnutls_certificate_get_openpgp_key(cred, 0, &key);
+       if (err != 0)
+               fail("get openpgp key %s\n",
+                    gnutls_strerror(err));
+
+       gnutls_openpgp_privkey_get_subkey_id(key, 0, keyid);
+       if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
+           keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
+               fail("incorrect key id (privkey)\n");
+
+       err = gnutls_certificate_get_openpgp_crt(cred, 0, &crts, &n_crts);
+       if (err != 0)
+               fail("get openpgp crts %s\n",
+                    gnutls_strerror(err));
+
+       if (n_crts != 1)
+               fail("openpgp n_crts != 1\n");
+
+       gnutls_openpgp_crt_get_subkey_id(crts[0], 0, keyid);
+       if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
+           keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
+               fail("incorrect key id (pubkey)\n");
+
+       for (i = 0; i < n_crts; ++i)
+               gnutls_openpgp_crt_deinit(crts[i]);
+       gnutls_free(crts);
+       gnutls_openpgp_privkey_deinit(key);
+}
+
 void doit()
 {
        int err, i;
@@ -151,6 +194,8 @@ void doit()
                                fail("client openpgp keys %s\n",
                                     gnutls_strerror(err));
 
+                       check_loaded_key(cred);
+
                        err =
                            gnutls_credentials_set(session,
                                                   GNUTLS_CRD_CERTIFICATE,
@@ -230,6 +275,8 @@ void doit()
                                fail("server openpgp keys %s\n",
                                     gnutls_strerror(err));
 
+                       check_loaded_key(cred);
+
                        err = gnutls_dh_params_init(&dh_params);
                        if (err)
                                fail("server DH params init %d\n", err);
index 853e7e78e76a5bc707522b7801eaff7fb626110e..4e07ae5661a279469e6e06fd81b82c888b46db0d 100644 (file)
@@ -64,7 +64,7 @@ static unsigned char ca_pem[] =
     "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
     "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
     "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) };
+const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) - 1};
 
 static unsigned char cert_pem[] =
     "-----BEGIN CERTIFICATE-----\n"
@@ -92,7 +92,7 @@ static unsigned char cert_pem[] =
     "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
     "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
     "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) };
+const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) - 1};
 
 static unsigned char key_pem[] =
     "-----BEGIN RSA PRIVATE KEY-----\n"
@@ -110,7 +110,7 @@ static unsigned char key_pem[] =
     "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
     "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
     "-----END RSA PRIVATE KEY-----\n";
-const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
+const gnutls_datum_t key = { key_pem, sizeof(key_pem) - 1};
 
 static unsigned char server_cert_pem[] =
     "-----BEGIN CERTIFICATE-----\n"
@@ -129,7 +129,7 @@ static unsigned char server_cert_pem[] =
     "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
 
 const gnutls_datum_t server_cert = { server_cert_pem,
-       sizeof(server_cert_pem)
+       sizeof(server_cert_pem) - 1
 };
 
 static unsigned char server_key_pem[] =
@@ -150,7 +150,7 @@ static unsigned char server_key_pem[] =
     "-----END RSA PRIVATE KEY-----\n";
 
 const gnutls_datum_t server_key = { server_key_pem,
-       sizeof(server_key_pem)
+       sizeof(server_key_pem) - 1
 };
 
 #define LIST_SIZE 3
@@ -165,6 +165,15 @@ void doit(void)
        size_t dn_size;
        unsigned int list_size;
 
+       gnutls_x509_privkey_t get_key;
+       gnutls_x509_crt_t *get_crts;
+       int n_get_crts;
+       gnutls_datum_t get_datum;
+       gnutls_x509_trust_list_t trust_list;
+       gnutls_x509_trust_list_iter_t trust_iter;
+       gnutls_x509_crt_t get_ca_crt;
+       int n_get_ca_crts;
+
        /* this must be called once in the program
         */
        global_init();
@@ -203,6 +212,94 @@ void doit(void)
 
        if (debug)
                fprintf(stderr, "Issuer's DN: %s\n", dn);
+
+       /* test the getter functions of gnutls_certificate_credentials_t */
+
+       ret =
+           gnutls_certificate_get_x509_key(x509_cred, 0, &get_key);
+       if (ret < 0)
+               fail("gnutls_certificate_get_x509_key");
+
+       ret =
+           gnutls_x509_privkey_export2(get_key,
+                                       GNUTLS_X509_FMT_PEM,
+                                       &get_datum);
+       if (ret < 0)
+               fail("gnutls_x509_privkey_export2");
+
+       if (get_datum.size != server_key.size ||
+           memcmp(get_datum.data, server_key.data, get_datum.size) != 0) {
+               fail(
+                   "exported key %u vs. %u\n\n%s\n\nvs.\n\n%s",
+                   get_datum.size, server_key.size,
+                   get_datum.data, server_key.data);
+       }
+
+       gnutls_free(get_datum.data);
+
+       ret =
+           gnutls_certificate_get_x509_crt(x509_cred, 0, &get_crts, &n_get_crts);
+       if (ret < 0)
+               fail("gnutls_certificate_get_x509_crt");
+       if (n_get_crts != 1)
+               fail("gnutls_certificate_get_x509_crt: n_crts != 1");
+
+       ret =
+           gnutls_x509_crt_export2(get_crts[0],
+                                   GNUTLS_X509_FMT_PEM,
+                                   &get_datum);
+       if (ret < 0)
+               fail("gnutls_x509_crt_export2");
+
+       if (get_datum.size != server_cert.size ||
+           memcmp(get_datum.data, server_cert.data, get_datum.size) != 0) {
+               fail(
+                   "exported certificate %u vs. %u\n\n%s\n\nvs.\n\n%s",
+                   get_datum.size, server_cert.size,
+                   get_datum.data, server_cert.data);
+       }
+
+       gnutls_free(get_datum.data);
+
+       gnutls_certificate_get_trust_list(x509_cred, &trust_list);
+
+       n_get_ca_crts = 0;
+       trust_iter = NULL;
+       while (gnutls_x509_trust_list_iter_get_ca(trust_list,
+                                                 &trust_iter,
+                                                 &get_ca_crt) !=
+              GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+               ret =
+                   gnutls_x509_crt_export2(get_ca_crt,
+                                           GNUTLS_X509_FMT_PEM,
+                                           &get_datum);
+               if (ret < 0)
+                       fail("gnutls_x509_crt_export2");
+
+               if (get_datum.size != ca.size ||
+                   memcmp(get_datum.data, ca.data, get_datum.size) != 0) {
+                       fail(
+                           "exported CA certificate %u vs. %u\n\n%s\n\nvs.\n\n%s",
+                           get_datum.size, ca.size,
+                           get_datum.data, ca.data);
+               }
+
+               gnutls_x509_crt_deinit(get_ca_crt);
+               gnutls_free(get_datum.data);
+
+               ++n_get_ca_crts;
+       }
+
+       if (n_get_ca_crts != 1)
+               fail("gnutls_x509_trust_list_iter_get_ca: n_cas != 1");
+       if (trust_iter != NULL)
+               fail("gnutls_x509_trust_list_iter_get_ca: iterator not NULL after iteration");
+
+       gnutls_x509_privkey_deinit(get_key);
+       for (i = 0; i < n_get_crts; i++)
+               gnutls_x509_crt_deinit(get_crts[i]);
+       gnutls_free(get_crts);
+
        for (i = 0; i < list_size; i++)
                gnutls_x509_crt_deinit(list[i]);
        gnutls_certificate_free_credentials(x509_cred);