From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 3 May 2016 12:54:31 +0000 (+0200)
Subject: tests: enhanced set_x509_key_file check
X-Git-Tag: gnutls_3_5_0~21
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d377b3d8a4aa37fda53cd4ee034f7800405aa13;p=thirdparty%2Fgnutls.git

tests: enhanced set_x509_key_file check

That now verifies that the input is the same as the data stored
in the credentials as well checks for valid operation.
---

diff --git a/tests/set_x509_key_file.c b/tests/set_x509_key_file.c
index 8e1cf9d859..b43dcd767f 100644
--- a/tests/set_x509_key_file.c
+++ b/tests/set_x509_key_file.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2014 Nikos Mavrogiannopoulos
+ * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos
+ * Copyright (C) 2016 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -26,27 +27,86 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <assert.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 
+#include "cert-common.h"
 #include "utils.h"
 
+static void compare(const gnutls_datum_t *der, const void *ipem)
+{
+	gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)};
+	gnutls_datum_t new_der;
+	int ret;
+
+	ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der);
+	if (ret < 0) {
+		fail("error: %s\n", gnutls_strerror(ret));
+	}
+
+	if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) {
+		fail("error in %d: %s\n", __LINE__, "cert don't match");
+		exit(1);
+	}
+	gnutls_free(new_der.data);
+	return;
+}
+
 void doit(void)
 {
 	int ret;
 	gnutls_certificate_credentials_t xcred;
 	const char *keyfile = "./certs/ecc256.pem";
 	const char *certfile = "does-not-exist.pem";
+	gnutls_datum_t tcert;
+	FILE *fp;
 
 	global_init();
-	ret = gnutls_certificate_allocate_credentials(&xcred);
+	assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
 
 	/* this will fail */
-	ret = gnutls_certificate_set_x509_key_file(xcred, certfile, keyfile,
-						   GNUTLS_X509_FMT_PEM);
+	ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile,
+						   GNUTLS_X509_FMT_PEM, NULL, 0);
 	if (ret != GNUTLS_E_FILE_ERROR)
 		fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret));
 
+	gnutls_certificate_free_credentials(xcred);
+
+	assert(gnutls_certificate_allocate_credentials(&xcred) >= 0);
+
+	certfile = tmpnam(NULL);
+
+	fp = fopen(certfile, "w");
+	if (fp == NULL)
+		fail("error in fopen\n");
+	assert(fwrite(server_cert_pem, 1, strlen((char*)server_cert_pem), fp)>0);
+	assert(fwrite(server_key_pem, 1, strlen((char*)server_key_pem), fp)>0);
+	fclose(fp);
+
+	ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile,
+						    GNUTLS_X509_FMT_PEM, NULL, 0);
+	if (ret < 0)
+		fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret));
+
+	/* verify whether the stored certificate match the ones we have */
+	ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert);
+	if (ret < 0) {
+		fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
+		exit(1);
+	}
+
+	compare(&tcert, server_cert_pem);
+
+	ret = gnutls_certificate_get_crt_raw(xcred, 0, 1, &tcert);
+	if (ret < 0) {
+		fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret));
+		exit(1);
+	}
+	compare(&tcert, server_cert_pem+2);
+
+	remove(certfile);
+
 	gnutls_certificate_free_credentials(xcred);
 	gnutls_global_deinit();
 }