diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 15:12:00 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 15:12:00 +0200 |
commit | 8e52b17f725d44cf0f60c43ffc6e9738a59caef6 (patch) | |
tree | cc8b90cdb221348b73400f088bc77bba9b10312d | |
parent | 8d377b3d8a4aa37fda53cd4ee034f7800405aa13 (diff) | |
download | gnutls-8e52b17f725d44cf0f60c43ffc6e9738a59caef6.tar.gz |
tests: added check of gnutls_certificate_set_x509_key_file2 with DER input
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/set_x509_key_file_der.c | 117 |
2 files changed, 119 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 92bca80d67..60bd75e07f 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -102,7 +102,8 @@ ctests = mini-record-2 simple gc set_pkcs12_cred certder certuniqueid \ handshake-false-start version-checks key-material-dtls key-material-set-dtls \ system-prio-file name-constraints-merge crl-basic crq-basic \ send-client-cert custom-urls-override hex rehandshake-switch-psk-id \ - rehandshake-switch-srp-id base64 srpbase64 pkcs1-digest-info set_x509_key + rehandshake-switch-srp-id base64 srpbase64 pkcs1-digest-info set_x509_key \ + set_x509_key_file_der if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp diff --git a/tests/set_x509_key_file_der.c b/tests/set_x509_key_file_der.c new file mode 100644 index 0000000000..ecfbb233ff --- /dev/null +++ b/tests/set_x509_key_file_der.c @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> +#include <gnutls/gnutls.h> +#include <gnutls/x509.h> + +#include "cert-common.h" +#include "utils.h" + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +static void write_der(const char *file, const char *header, const char *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t der; + FILE *fp; + int ret; + + ret = gnutls_pem_base64_decode2(header, &pem, &der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + fp = fopen(file, "w"); + if (fp == NULL) + fail("error in fopen\n"); + + assert(fwrite(der.data, 1, der.size, fp)>0); + fclose(fp); + gnutls_free(der.data); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char keyfile[L_tmpnam]; + char certfile[L_tmpnam]; + gnutls_datum_t tcert; + + global_init(); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + + if (TMP_MAX < 2) + exit(77); + + assert(tmpnam(certfile)!=NULL); + assert(tmpnam(keyfile)!=NULL); + + write_der(certfile, "CERTIFICATE", (char*)server_cert_pem); + write_der(keyfile, "RSA PRIVATE KEY", (char*)server_key_pem); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile, + GNUTLS_X509_FMT_DER, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + /* verify whether the stored certificate match the ones we have */ + ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + compare(&tcert, server_cert_pem); + + remove(certfile); + remove(keyfile); + + gnutls_certificate_free_credentials(xcred); + gnutls_global_deinit(); +} |