libnm-core: port test-crypto to g_assert* macros

And in particular, add some g_assert_error() checks
author: Dan Winship <danw@gnome.org> 2014-10-30 10:19:32 -0400
committer: Dan Winship <danw@gnome.org> 2014-11-01 12:11:13 -0400
commit: 99f2396d017ab8bc5b58d8d5a50af7ba070cbd13 (patch)
tree: b726c7251b31e24bc133152039c3dddb06b56b05
parent: b63f8c80f867ad78367430ece60006a134ada140 (diff)
download: NetworkManager-99f2396d017ab8bc5b58d8d5a50af7ba070cbd13.tar.gz
1 files changed, 78 insertions, 117 deletions
diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c
index b1dd3f4e09..2ce7a35a0a 100644
--- a/libnm-core/tests/test-crypto.c
+++ b/libnm-core/tests/test-crypto.c
@@ -30,6 +30,7 @@
 
 #include "crypto.h"
 #include "nm-utils.h"
+#include "nm-errors.h"
 
 #include "nm-test-utils.h"
 
@@ -102,13 +103,8 @@ test_cert (gconstpointer test_data)
 	path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
 
 	array = crypto_load_and_verify_certificate (path, &format, &error);
-	ASSERT (array != NULL, "cert",
-	        "couldn't read certificate file '%s': %d %s",
-	        path, error->code, error->message);
-
-	ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert",
-	        "%s: unexpected certificate format (expected %d, got %d)",
-	        path, NM_CRYPTO_FILE_FORMAT_X509, format);
+	g_assert_no_error (error);
+	g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_X509);
 
 	g_byte_array_free (array, TRUE);
 }
@@ -133,50 +129,37 @@ static void
 test_load_private_key (const char *path,
                        const char *password,
                        const char *decrypted_path,
-                       gboolean expect_fail,
-                       const char *desc)
+                       int expected_error)
 {
 	NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
 	GByteArray *array, *decrypted;
 	GError *error = NULL;
 
 	array = crypto_decrypt_private_key (path, password, &key_type, &error);
-	if (expect_fail) {
-		ASSERT (array == NULL, desc,
-		        "unexpected success reading private key file '%s' with "
-		        "invalid password",
-		        path);
-
-		ASSERT (key_type != NM_CRYPTO_KEY_TYPE_UNKNOWN, desc,
-		        "unexpected failure determining private key file '%s' "
-		        "type with invalid password (expected %d, got %d)",
-		        path, NM_CRYPTO_KEY_TYPE_UNKNOWN, key_type);
+	/* Even if the password is wrong, we should determine the key type */
+	g_assert_cmpint (key_type, ==, NM_CRYPTO_KEY_TYPE_RSA);
+
+	if (expected_error != -1) {
+		g_assert (array == NULL);
+		g_assert_error (error, NM_CRYPTO_ERROR, expected_error);
+		g_clear_error (&error);
 		return;
 	}
 
-	ASSERT (array != NULL, desc,
-	        "couldn't read private key file '%s': %d %s",
-	        path, error->code, error->message);
+	if (password == NULL) {
+		g_assert (array == NULL);
+		g_assert_no_error (error);
+		return;
+	}
 
-	ASSERT (key_type == NM_CRYPTO_KEY_TYPE_RSA, desc,
-	        "%s: unexpected private key type (expected %d, got %d)",
-	        path, NM_CRYPTO_KEY_TYPE_RSA, key_type);
+	g_assert (array != NULL);
 
 	if (decrypted_path) {
 		/* Compare the crypto decrypted key against a known-good decryption */
 		decrypted = file_to_byte_array (decrypted_path);
-		ASSERT (decrypted != NULL, desc,
-		        "couldn't read decrypted private key file '%s': %d %s",
-		        decrypted_path, error->code, error->message);
-
-		ASSERT (decrypted->len > 0, desc, "decrypted key file invalid (size 0)");
-
-		ASSERT (decrypted->len == array->len,
-			    desc, "decrypted key file (%d) and decrypted key data (%d) lengths don't match",
-			    decrypted->len, array->len);
-
-		ASSERT (memcmp (decrypted->data, array->data, array->len) == 0,
-			    desc, "decrypted key file and decrypted key data don't match");
+		g_assert (decrypted != NULL);
+		g_assert (decrypted->len == array->len);
+		g_assert (memcmp (decrypted->data, array->data, array->len) == 0);
 
 		g_byte_array_free (decrypted, TRUE);
 	}
@@ -187,75 +170,68 @@ test_load_private_key (const char *path,
 static void
 test_load_pkcs12 (const char *path,
                   const char *password,
-                  gboolean expect_fail,
-                  const char *desc)
+                  int expected_error)
 {
 	NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 	GError *error = NULL;
 
 	format = crypto_verify_private_key (path, password, &error);
-	if (expect_fail) {
-		ASSERT (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN, desc,
-		        "unexpected success reading PKCS#12 private key file "
-		        "'%s' with invalid password",
-		        path);
+	if (expected_error != -1) {
+		g_assert_error (error, NM_CRYPTO_ERROR, expected_error);
+		g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN);
+		g_clear_error (&error);
 	} else {
-		ASSERT (format == NM_CRYPTO_FILE_FORMAT_PKCS12, desc,
-			    "%s: unexpected PKCS#12 private key file format (expected %d, got "
-			    "%d): %d %s",
-			    path, NM_CRYPTO_FILE_FORMAT_PKCS12, format, error->code, error->message);
+		g_assert_no_error (error);
+		g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_PKCS12);
 	}
 }
 
 static void
-test_load_pkcs12_no_password (const char *path, const char *desc)
+test_load_pkcs12_no_password (const char *path)
 {
 	NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 	GError *error = NULL;
 
 	/* We should still get a valid returned crypto file format */
 	format = crypto_verify_private_key (path, NULL, &error);
-	ASSERT (format == NM_CRYPTO_FILE_FORMAT_PKCS12, desc,
-		    "%s: unexpected PKCS#12 private key file format (expected %d, got "
-		    "%d): %d %s",
-		    path, NM_CRYPTO_FILE_FORMAT_PKCS12, format, error->code, error->message);
+	g_assert_no_error (error);
+	g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_PKCS12);
 }
 
 static void
-test_is_pkcs12 (const char *path, gboolean expect_fail, const char *desc)
+test_is_pkcs12 (const char *path, gboolean expect_fail)
 {
 	gboolean is_pkcs12;
+	GError *error = NULL;
 
-	is_pkcs12 = crypto_is_pkcs12_file (path, NULL);
-	if (expect_fail) {
-		ASSERT (is_pkcs12 == FALSE, desc,
-		        "unexpected success reading non-PKCS#12 file '%s'",
-		        path);
-	} else {
-		ASSERT (is_pkcs12 == TRUE, desc, "couldn't read PKCS#12 file '%s'", path);
-	}
+	is_pkcs12 = crypto_is_pkcs12_file (path, &error);
+	/* crypto_is_pkcs12_file() only returns an error if it couldn't read the
+	 * file, which we don't expect to happen here.
+	 */
+	g_assert_no_error (error);
+
+	if (expect_fail)
+		g_assert (!is_pkcs12);
+	else
+		g_assert (is_pkcs12);
 }
 
 static void
 test_load_pkcs8 (const char *path,
                  const char *password,
-                 gboolean expect_fail,
-                 const char *desc)
+                 int expected_error)
 {
 	NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 	GError *error = NULL;
 
 	format = crypto_verify_private_key (path, password, &error);
-	if (expect_fail) {
-		ASSERT (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN, desc,
-		        "unexpected success reading PKCS#8 private key file "
-		        "'%s' with invalid password",
-		        path);
+	if (expected_error != -1) {
+		g_assert_error (error, NM_CRYPTO_ERROR, expected_error);
+		g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN);
+		g_clear_error (&error);
 	} else {
-		ASSERT (format == NM_CRYPTO_FILE_FORMAT_RAW_KEY, desc,
-			    "%s: unexpected PKCS#8 private key file format (expected %d, got "
-			    "%d): %d %s",
-			    path, NM_CRYPTO_FILE_FORMAT_RAW_KEY, format, error->code, error->message);
+		g_assert_no_error (error);
+		g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_RAW_KEY);
 	}
 }
 
@@ -283,51 +259,36 @@ is_cipher_aes (const char *path)
 
 static void
 test_encrypt_private_key (const char *path,
-                          const char *password,
-                          const char *desc)
+                          const char *password)
 {
 	NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
 	GByteArray *array, *encrypted, *re_decrypted;
 	GError *error = NULL;
 
 	array = crypto_decrypt_private_key (path, password, &key_type, &error);
-	ASSERT (array != NULL, desc,
-	        "couldn't read private key file '%s': %d %s",
-	        path, error->code, error->message);
-
-	ASSERT (key_type == NM_CRYPTO_KEY_TYPE_RSA, desc,
-	        "%s: unexpected private key type (expected %d, got %d)",
-	        path, NM_CRYPTO_KEY_TYPE_RSA, key_type);
+	g_assert_no_error (error);
+	g_assert (array != NULL);
+	g_assert_cmpint (key_type, ==, NM_CRYPTO_KEY_TYPE_RSA);
 
 	/* Now re-encrypt the private key */
 	if (is_cipher_aes (path))
 		encrypted = nm_utils_rsa_key_encrypt_aes (array->data, array->len, password, NULL, &error);
 	else
 		encrypted = nm_utils_rsa_key_encrypt (array->data, array->len, password, NULL, &error);
-	ASSERT (encrypted != NULL, desc,
-	        "couldn't re-encrypt private key file '%s': %d %s",
-	        path, error->code, error->message);
+	g_assert_no_error (error);
+	g_assert (encrypted != NULL);
 
 	/* Then re-decrypt the private key */
 	key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
 	re_decrypted = crypto_decrypt_private_key_data (encrypted->data, encrypted->len,
 	                                                password, &key_type, &error);
-	ASSERT (re_decrypted != NULL, desc,
-	        "couldn't read private key file '%s': %d %s",
-	        path, error->code, error->message);
-
-	ASSERT (key_type == NM_CRYPTO_KEY_TYPE_RSA, desc,
-	        "%s: unexpected private key type (expected %d, got %d)",
-	        path, NM_CRYPTO_KEY_TYPE_RSA, key_type);
+	g_assert_no_error (error);
+	g_assert (re_decrypted != NULL);
+	g_assert_cmpint (key_type, ==, NM_CRYPTO_KEY_TYPE_RSA);
 
 	/* Compare the original decrypted key with the re-decrypted key */
-	ASSERT (array->len == re_decrypted->len, desc,
-	        "%s: unexpected re-decrypted private key length (expected %d, got %d)",
-	        path, array->len, re_decrypted->len);
-
-	ASSERT (!memcmp (array->data, re_decrypted->data, array->len), desc,
-	        "%s: unexpected private key data",
-	        path);
+	g_assert_cmpint (array->len, ==, re_decrypted->len);
+	g_assert (!memcmp (array->data, re_decrypted->data, array->len));
 
 	g_byte_array_free (re_decrypted, TRUE);
 	g_byte_array_free (encrypted, TRUE);
@@ -342,18 +303,18 @@ test_key (gconstpointer test_data)
 
 	parts = g_strsplit ((const char *) test_data, ", ", -1);
 	len = g_strv_length (parts);
-	ASSERT (len == 2 || len == 3, "test-crypto",
-	        "wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
+	if (len != 2 && len != 3)
+		g_error ("wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
 
 	path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
 	password = parts[1];
 	decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
 
-	test_is_pkcs12 (path, TRUE, "not-pkcs12");
-	test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
-	test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
-	test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
-	test_encrypt_private_key (path, password, "private-key-rencrypt");
+	test_is_pkcs12 (path, TRUE);
+	test_load_private_key (path, password, decrypted_path, -1);
+	test_load_private_key (path, "blahblahblah", NULL, NM_CRYPTO_ERROR_DECRYPTION_FAILED);
+	test_load_private_key (path, NULL, NULL, -1);
+	test_encrypt_private_key (path, password);
 
 	g_free (path);
 	g_free (decrypted_path);
@@ -366,16 +327,16 @@ test_pkcs12 (gconstpointer test_data)
 	char **parts, *path, *password;
 
 	parts = g_strsplit ((const char *) test_data, ", ", -1);
-	ASSERT (g_strv_length (parts) == 2, "test-crypto",
-	        "wrong number of arguments (<file>, <password>)");
+	if (g_strv_length (parts) != 2)
+		g_error ("wrong number of arguments (<file>, <password>)");
 
 	path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
 	password = parts[1];
 
-	test_is_pkcs12 (path, FALSE, "is-pkcs12");
-	test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
-	test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
-	test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
+	test_is_pkcs12 (path, FALSE);
+	test_load_pkcs12 (path, password, -1);
+	test_load_pkcs12 (path, "blahblahblah", NM_CRYPTO_ERROR_DECRYPTION_FAILED);
+	test_load_pkcs12_no_password (path);
 
 	g_free (path);
 	g_strfreev (parts);
@@ -387,19 +348,19 @@ test_pkcs8 (gconstpointer test_data)
 	char **parts, *path, *password;
 
 	parts = g_strsplit ((const char *) test_data, ", ", -1);
-	ASSERT (g_strv_length (parts) == 2, "test-crypto",
-	        "wrong number of arguments (<file>, <password>)");
+	if (g_strv_length (parts) != 2)
+		g_error ("wrong number of arguments (<file>, <password>)");
 
 	path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
 	password = parts[1];
 
-	test_is_pkcs12 (path, TRUE, "not-pkcs12");
-	test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
+	test_is_pkcs12 (path, TRUE);
+	test_load_pkcs8 (path, password, -1);
 	/* Until gnutls and NSS grow support for all the ciphers that openssl
 	 * can use with PKCS#8, we can't actually verify the password.  So we
 	 * expect a bad password to work for the time being.
 	 */
-	test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
+	test_load_pkcs8 (path, "blahblahblah", -1);
 
 	g_free (path);
 	g_strfreev (parts);
author	Dan Winship <danw@gnome.org>	2014-10-30 10:19:32 -0400
committer	Dan Winship <danw@gnome.org>	2014-11-01 12:11:13 -0400
commit	99f2396d017ab8bc5b58d8d5a50af7ba070cbd13 (patch)
tree	b726c7251b31e24bc133152039c3dddb06b56b05
parent	b63f8c80f867ad78367430ece60006a134ada140 (diff)
download	NetworkManager-99f2396d017ab8bc5b58d8d5a50af7ba070cbd13.tar.gz