diff options
author | Dan Winship <danw@gnome.org> | 2014-10-30 10:19:32 -0400 |
---|---|---|
committer | Dan Winship <danw@gnome.org> | 2014-11-01 12:11:13 -0400 |
commit | 99f2396d017ab8bc5b58d8d5a50af7ba070cbd13 (patch) | |
tree | b726c7251b31e24bc133152039c3dddb06b56b05 | |
parent | b63f8c80f867ad78367430ece60006a134ada140 (diff) | |
download | NetworkManager-99f2396d017ab8bc5b58d8d5a50af7ba070cbd13.tar.gz |
libnm-core: port test-crypto to g_assert* macros
And in particular, add some g_assert_error() checks
-rw-r--r-- | libnm-core/tests/test-crypto.c | 195 |
1 files changed, 78 insertions, 117 deletions
diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c index b1dd3f4e09..2ce7a35a0a 100644 --- a/libnm-core/tests/test-crypto.c +++ b/libnm-core/tests/test-crypto.c @@ -30,6 +30,7 @@ #include "crypto.h" #include "nm-utils.h" +#include "nm-errors.h" #include "nm-test-utils.h" @@ -102,13 +103,8 @@ test_cert (gconstpointer test_data) path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL); array = crypto_load_and_verify_certificate (path, &format, &error); - ASSERT (array != NULL, "cert", - "couldn't read certificate file '%s': %d %s", - path, error->code, error->message); - - ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert", - "%s: unexpected certificate format (expected %d, got %d)", - path, NM_CRYPTO_FILE_FORMAT_X509, format); + g_assert_no_error (error); + g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_X509); g_byte_array_free (array, TRUE); } @@ -133,50 +129,37 @@ static void test_load_private_key (const char *path, const char *password, const char *decrypted_path, - gboolean expect_fail, - const char *desc) + int expected_error) { NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN; GByteArray *array, *decrypted; GError *error = NULL; array = crypto_decrypt_private_key (path, password, &key_type, &error); - if (expect_fail) { - ASSERT (array == NULL, desc, - "unexpected success reading private key file '%s' with " - "invalid password", - path); - - ASSERT (key_type != NM_CRYPTO_KEY_TYPE_UNKNOWN, desc, - "unexpected failure determining private key file '%s' " - "type with invalid password (expected %d, got %d)", - path, NM_CRYPTO_KEY_TYPE_UNKNOWN, key_type); + /* Even if the password is wrong, we should determine the key type */ + g_assert_cmpint (key_type, ==, NM_CRYPTO_KEY_TYPE_RSA); + + if (expected_error != -1) { + g_assert (array == NULL); + g_assert_error (error, NM_CRYPTO_ERROR, expected_error); + g_clear_error (&error); return; } - ASSERT (array != NULL, desc, - "couldn't read private key file '%s': %d %s", - path, error->code, error->message); + if (password == NULL) { + g_assert (array == NULL); + g_assert_no_error (error); + return; + } - ASSERT (key_type == NM_CRYPTO_KEY_TYPE_RSA, desc, - "%s: unexpected private key type (expected %d, got %d)", - path, NM_CRYPTO_KEY_TYPE_RSA, key_type); + g_assert (array != NULL); if (decrypted_path) { /* Compare the crypto decrypted key against a known-good decryption */ decrypted = file_to_byte_array (decrypted_path); - ASSERT (decrypted != NULL, desc, - "couldn't read decrypted private key file '%s': %d %s", - decrypted_path, error->code, error->message); - - ASSERT (decrypted->len > 0, desc, "decrypted key file invalid (size 0)"); - - ASSERT (decrypted->len == array->len, - desc, "decrypted key file (%d) and decrypted key data (%d) lengths don't match", - decrypted->len, array->len); - - ASSERT (memcmp (decrypted->data, array->data, array->len) == 0, - desc, "decrypted key file and decrypted key data don't match"); + g_assert (decrypted != NULL); + g_assert (decrypted->len == array->len); + g_assert (memcmp (decrypted->data, array->data, array->len) == 0); g_byte_array_free (decrypted, TRUE); } @@ -187,75 +170,68 @@ test_load_private_key (const char *path, static void test_load_pkcs12 (const char *path, const char *password, - gboolean expect_fail, - const char *desc) + int expected_error) { NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; GError *error = NULL; format = crypto_verify_private_key (path, password, &error); - if (expect_fail) { - ASSERT (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN, desc, - "unexpected success reading PKCS#12 private key file " - "'%s' with invalid password", - path); + if (expected_error != -1) { + g_assert_error (error, NM_CRYPTO_ERROR, expected_error); + g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN); + g_clear_error (&error); } else { - ASSERT (format == NM_CRYPTO_FILE_FORMAT_PKCS12, desc, - "%s: unexpected PKCS#12 private key file format (expected %d, got " - "%d): %d %s", - path, NM_CRYPTO_FILE_FORMAT_PKCS12, format, error->code, error->message); + g_assert_no_error (error); + g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_PKCS12); } } static void -test_load_pkcs12_no_password (const char *path, const char *desc) +test_load_pkcs12_no_password (const char *path) { NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; GError *error = NULL; /* We should still get a valid returned crypto file format */ format = crypto_verify_private_key (path, NULL, &error); - ASSERT (format == NM_CRYPTO_FILE_FORMAT_PKCS12, desc, - "%s: unexpected PKCS#12 private key file format (expected %d, got " - "%d): %d %s", - path, NM_CRYPTO_FILE_FORMAT_PKCS12, format, error->code, error->message); + g_assert_no_error (error); + g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_PKCS12); } static void -test_is_pkcs12 (const char *path, gboolean expect_fail, const char *desc) +test_is_pkcs12 (const char *path, gboolean expect_fail) { gboolean is_pkcs12; + GError *error = NULL; - is_pkcs12 = crypto_is_pkcs12_file (path, NULL); - if (expect_fail) { - ASSERT (is_pkcs12 == FALSE, desc, - "unexpected success reading non-PKCS#12 file '%s'", - path); - } else { - ASSERT (is_pkcs12 == TRUE, desc, "couldn't read PKCS#12 file '%s'", path); - } + is_pkcs12 = crypto_is_pkcs12_file (path, &error); + /* crypto_is_pkcs12_file() only returns an error if it couldn't read the + * file, which we don't expect to happen here. + */ + g_assert_no_error (error); + + if (expect_fail) + g_assert (!is_pkcs12); + else + g_assert (is_pkcs12); } static void test_load_pkcs8 (const char *path, const char *password, - gboolean expect_fail, - const char *desc) + int expected_error) { NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; GError *error = NULL; format = crypto_verify_private_key (path, password, &error); - if (expect_fail) { - ASSERT (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN, desc, - "unexpected success reading PKCS#8 private key file " - "'%s' with invalid password", - path); + if (expected_error != -1) { + g_assert_error (error, NM_CRYPTO_ERROR, expected_error); + g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN); + g_clear_error (&error); } else { - ASSERT (format == NM_CRYPTO_FILE_FORMAT_RAW_KEY, desc, - "%s: unexpected PKCS#8 private key file format (expected %d, got " - "%d): %d %s", - path, NM_CRYPTO_FILE_FORMAT_RAW_KEY, format, error->code, error->message); + g_assert_no_error (error); + g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_RAW_KEY); } } @@ -283,51 +259,36 @@ is_cipher_aes (const char *path) static void test_encrypt_private_key (const char *path, - const char *password, - const char *desc) + const char *password) { NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN; GByteArray *array, *encrypted, *re_decrypted; GError *error = NULL; array = crypto_decrypt_private_key (path, password, &key_type, &error); - ASSERT (array != NULL, desc, - "couldn't read private key file '%s': %d %s", - path, error->code, error->message); - - ASSERT (key_type == NM_CRYPTO_KEY_TYPE_RSA, desc, - "%s: unexpected private key type (expected %d, got %d)", - path, NM_CRYPTO_KEY_TYPE_RSA, key_type); + g_assert_no_error (error); + g_assert (array != NULL); + g_assert_cmpint (key_type, ==, NM_CRYPTO_KEY_TYPE_RSA); /* Now re-encrypt the private key */ if (is_cipher_aes (path)) encrypted = nm_utils_rsa_key_encrypt_aes (array->data, array->len, password, NULL, &error); else encrypted = nm_utils_rsa_key_encrypt (array->data, array->len, password, NULL, &error); - ASSERT (encrypted != NULL, desc, - "couldn't re-encrypt private key file '%s': %d %s", - path, error->code, error->message); + g_assert_no_error (error); + g_assert (encrypted != NULL); /* Then re-decrypt the private key */ key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN; re_decrypted = crypto_decrypt_private_key_data (encrypted->data, encrypted->len, password, &key_type, &error); - ASSERT (re_decrypted != NULL, desc, - "couldn't read private key file '%s': %d %s", - path, error->code, error->message); - - ASSERT (key_type == NM_CRYPTO_KEY_TYPE_RSA, desc, - "%s: unexpected private key type (expected %d, got %d)", - path, NM_CRYPTO_KEY_TYPE_RSA, key_type); + g_assert_no_error (error); + g_assert (re_decrypted != NULL); + g_assert_cmpint (key_type, ==, NM_CRYPTO_KEY_TYPE_RSA); /* Compare the original decrypted key with the re-decrypted key */ - ASSERT (array->len == re_decrypted->len, desc, - "%s: unexpected re-decrypted private key length (expected %d, got %d)", - path, array->len, re_decrypted->len); - - ASSERT (!memcmp (array->data, re_decrypted->data, array->len), desc, - "%s: unexpected private key data", - path); + g_assert_cmpint (array->len, ==, re_decrypted->len); + g_assert (!memcmp (array->data, re_decrypted->data, array->len)); g_byte_array_free (re_decrypted, TRUE); g_byte_array_free (encrypted, TRUE); @@ -342,18 +303,18 @@ test_key (gconstpointer test_data) parts = g_strsplit ((const char *) test_data, ", ", -1); len = g_strv_length (parts); - ASSERT (len == 2 || len == 3, "test-crypto", - "wrong number of arguments (<key file>, <password>, [<decrypted key file>])"); + if (len != 2 && len != 3) + g_error ("wrong number of arguments (<key file>, <password>, [<decrypted key file>])"); path = g_build_filename (TEST_CERT_DIR, parts[0], NULL); password = parts[1]; decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL; - test_is_pkcs12 (path, TRUE, "not-pkcs12"); - test_load_private_key (path, password, decrypted_path, FALSE, "private-key"); - test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password"); - test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password"); - test_encrypt_private_key (path, password, "private-key-rencrypt"); + test_is_pkcs12 (path, TRUE); + test_load_private_key (path, password, decrypted_path, -1); + test_load_private_key (path, "blahblahblah", NULL, NM_CRYPTO_ERROR_DECRYPTION_FAILED); + test_load_private_key (path, NULL, NULL, -1); + test_encrypt_private_key (path, password); g_free (path); g_free (decrypted_path); @@ -366,16 +327,16 @@ test_pkcs12 (gconstpointer test_data) char **parts, *path, *password; parts = g_strsplit ((const char *) test_data, ", ", -1); - ASSERT (g_strv_length (parts) == 2, "test-crypto", - "wrong number of arguments (<file>, <password>)"); + if (g_strv_length (parts) != 2) + g_error ("wrong number of arguments (<file>, <password>)"); path = g_build_filename (TEST_CERT_DIR, parts[0], NULL); password = parts[1]; - test_is_pkcs12 (path, FALSE, "is-pkcs12"); - test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key"); - test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password"); - test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password"); + test_is_pkcs12 (path, FALSE); + test_load_pkcs12 (path, password, -1); + test_load_pkcs12 (path, "blahblahblah", NM_CRYPTO_ERROR_DECRYPTION_FAILED); + test_load_pkcs12_no_password (path); g_free (path); g_strfreev (parts); @@ -387,19 +348,19 @@ test_pkcs8 (gconstpointer test_data) char **parts, *path, *password; parts = g_strsplit ((const char *) test_data, ", ", -1); - ASSERT (g_strv_length (parts) == 2, "test-crypto", - "wrong number of arguments (<file>, <password>)"); + if (g_strv_length (parts) != 2) + g_error ("wrong number of arguments (<file>, <password>)"); path = g_build_filename (TEST_CERT_DIR, parts[0], NULL); password = parts[1]; - test_is_pkcs12 (path, TRUE, "not-pkcs12"); - test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key"); + test_is_pkcs12 (path, TRUE); + test_load_pkcs8 (path, password, -1); /* Until gnutls and NSS grow support for all the ciphers that openssl * can use with PKCS#8, we can't actually verify the password. So we * expect a bad password to work for the time being. */ - test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password"); + test_load_pkcs8 (path, "blahblahblah", -1); g_free (path); g_strfreev (parts); |