diff options
author | EKR <ekr@rtfm.com> | 2016-11-15 15:23:54 +0900 |
---|---|---|
committer | EKR <ekr@rtfm.com> | 2016-11-15 15:23:54 +0900 |
commit | f2e85a519a8ccdaf3267c40dad5d96a737711959 (patch) | |
tree | 67b8b30fee6d03f3cd9e72b93a0923ba1abc4578 /gtests | |
parent | 9b1b9cbf7bc45a4a648bd807ebd5e10647a26975 (diff) | |
download | nss-hg-f2e85a519a8ccdaf3267c40dad5d96a737711959.tar.gz |
Bug 1317657 - Test for multiple certificates. r=mt
Reviewers: mt
Differential Revision: https://nss-review.dev.mozaws.net/D65
Diffstat (limited to 'gtests')
-rw-r--r-- | gtests/common/scoped_ptrs.h | 2 | ||||
-rw-r--r-- | gtests/ssl_gtest/ssl_auth_unittest.cc | 9 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_agent.cc | 20 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_agent.h | 3 |
4 files changed, 34 insertions, 0 deletions
diff --git a/gtests/common/scoped_ptrs.h b/gtests/common/scoped_ptrs.h index a4272153d..81f23272d 100644 --- a/gtests/common/scoped_ptrs.h +++ b/gtests/common/scoped_ptrs.h @@ -16,6 +16,7 @@ namespace nss_test { struct ScopedDelete { void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); } + void operator()(CERTCertificateList* list) { CERT_DestroyCertificateList(list); } void operator()(CERTSubjectPublicKeyInfo* spki) { SECKEY_DestroySubjectPublicKeyInfo(spki); } @@ -40,6 +41,7 @@ struct ScopedMaybeDelete { #define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x SCOPED(CERTCertificate); +SCOPED(CERTCertificateList); SCOPED(CERTSubjectPublicKeyInfo); SCOPED(PK11SlotInfo); SCOPED(PK11SymKey); diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc index 5f3575307..e407d5550 100644 --- a/gtests/ssl_gtest/ssl_auth_unittest.cc +++ b/gtests/ssl_gtest/ssl_auth_unittest.cc @@ -28,6 +28,15 @@ TEST_P(TlsConnectGeneric, ServerAuthBigRsa) { CheckKeys(); } +TEST_P(TlsConnectGeneric, ServerAuthRsaChain) { + Reset(TlsAgent::kServerRsaChain); + Connect(); + CheckKeys(); + size_t chain_length; + EXPECT_TRUE(client_->GetPeerChainLength(&chain_length)); + EXPECT_EQ(2UL, chain_length); +} + TEST_P(TlsConnectGeneric, ClientAuth) { client_->SetupClientAuth(); server_->RequestClientAuth(true); diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc index 73e57d850..edcfd8daf 100644 --- a/gtests/ssl_gtest/tls_agent.cc +++ b/gtests/ssl_gtest/tls_agent.cc @@ -35,6 +35,7 @@ const std::string TlsAgent::kServerRsa = "rsa"; // both sign and encrypt const std::string TlsAgent::kServerRsaSign = "rsa_sign"; const std::string TlsAgent::kServerRsaPss = "rsa_pss"; const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt"; +const std::string TlsAgent::kServerRsaChain = "rsa_chain"; const std::string TlsAgent::kServerEcdsa256 = "ecdsa256"; const std::string TlsAgent::kServerEcdsa384 = "ecdsa384"; const std::string TlsAgent::kServerEcdsa521 = "ecdsa521"; @@ -201,6 +202,25 @@ SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd, return SECFailure; } +bool TlsAgent::GetPeerChainLength(size_t* count) { + CERTCertList *chain = SSL_PeerCertificateChain(ssl_fd_); + if (!chain) + return false; + *count = 0; + + for (PRCList *cursor = PR_NEXT_LINK(&chain->list); + cursor != &chain->list; + cursor = PR_NEXT_LINK(cursor)) { + CERTCertListNode *node = (CERTCertListNode *)cursor; + std::cerr << node->cert->subjectName << std::endl; + ++(*count); + } + + CERT_DestroyCertList(chain); + + return true; +} + void TlsAgent::RequestClientAuth(bool requireAuth) { EXPECT_TRUE(EnsureTlsSetup()); ASSERT_EQ(SERVER, role_); diff --git a/gtests/ssl_gtest/tls_agent.h b/gtests/ssl_gtest/tls_agent.h index e4d785bec..b245a9216 100644 --- a/gtests/ssl_gtest/tls_agent.h +++ b/gtests/ssl_gtest/tls_agent.h @@ -62,6 +62,7 @@ class TlsAgent : public PollTarget { static const std::string kServerRsaSign; static const std::string kServerRsaPss; static const std::string kServerRsaDecrypt; + static const std::string kServerRsaChain; // A cert that requires a chain. static const std::string kServerEcdsa256; static const std::string kServerEcdsa384; static const std::string kServerEcdsa521; @@ -108,6 +109,7 @@ class TlsAgent : public PollTarget { void StartRenegotiate(); bool ConfigServerCert(const std::string& name, bool updateKeyBits = false, const SSLExtraServerCertData* serverCertData = nullptr); + bool ConfigServerCertWithChain(const std::string& name); bool EnsureTlsSetup(PRFileDesc* modelSocket = nullptr); void SetupClientAuth(); @@ -151,6 +153,7 @@ class TlsAgent : public PollTarget { void CheckSecretsDestroyed(); void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups); void DisableECDHEServerKeyReuse(); + bool GetPeerChainLength(size_t* count); const std::string& name() const { return name_; } |