luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-26 22:16:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'tpm-keys-in-pem-files' into 'master'

Browse Source 
gtlscertificate: Add support for TPM keys in PEM files

See merge request GNOME/glib!522
This commit is contained in:
Philip Withnall 2018-12-19 11:53:17 +00:00
commit 0953338704
8 changed files with 229 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
gio/gtlscertificate.c
View File

@ -218,12 +218,11 @@ g_tls_certificate_new_internal (const gchar *certificate_pem,
#define PEM_CERTIFICATE_HEADER "-----BEGIN CERTIFICATE-----"
#define PEM_CERTIFICATE_FOOTER "-----END CERTIFICATE-----"
#define PEM_PKCS1_PRIVKEY_HEADER "-----BEGIN RSA PRIVATE KEY-----"
#define PEM_PKCS1_PRIVKEY_FOOTER "-----END RSA PRIVATE KEY-----"
#define PEM_PKCS8_PRIVKEY_HEADER "-----BEGIN PRIVATE KEY-----"
#define PEM_PKCS8_PRIVKEY_FOOTER "-----END PRIVATE KEY-----"
#define PEM_PRIVKEY_HEADER_BEGIN "-----BEGIN "
#define PEM_PRIVKEY_HEADER_END "PRIVATE KEY-----"
#define PEM_PRIVKEY_FOOTER_BEGIN "-----END "
#define PEM_PRIVKEY_FOOTER_END "PRIVATE KEY-----"
#define PEM_PKCS8_ENCRYPTED_HEADER "-----BEGIN ENCRYPTED PRIVATE KEY-----"
#define PEM_PKCS8_ENCRYPTED_FOOTER "-----END ENCRYPTED PRIVATE KEY-----"
static gchar *
parse_private_key (const gchar *data,
@ -231,45 +230,47 @@ parse_private_key (const gchar *data,
gboolean required,
GError **error)
{
const gchar *start, *end, *footer;
const gchar *header_start = NULL, *header_end, *footer_start = NULL, *footer_end;
start = g_strstr_len (data, data_len, PEM_PKCS1_PRIVKEY_HEADER);
if (start)
footer = PEM_PKCS1_PRIVKEY_FOOTER;
else
header_end = g_strstr_len (data, data_len, PEM_PRIVKEY_HEADER_END);
if (header_end)
header_start = g_strrstr_len (data, header_end - data, PEM_PRIVKEY_HEADER_BEGIN);
if (!header_start)
{
start = g_strstr_len (data, data_len, PEM_PKCS8_PRIVKEY_HEADER);
if (start)
footer = PEM_PKCS8_PRIVKEY_FOOTER;
else
{
start = g_strstr_len (data, data_len, PEM_PKCS8_ENCRYPTED_HEADER);
if (start)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Cannot decrypt PEM-encoded private key"));
}
else if (required)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("No PEM-encoded private key found"));
}
return NULL;
}
if (required)
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("No PEM-encoded private key found"));
return NULL;
}
end = g_strstr_len (start, data_len - (start - data), footer);
if (!end)
header_end += strlen (PEM_PRIVKEY_HEADER_END);
if (strncmp (header_start, PEM_PKCS8_ENCRYPTED_HEADER, header_end - header_start) == 0)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Cannot decrypt PEM-encoded private key"));
return NULL;
}
footer_end = g_strstr_len (header_end, data_len - (header_end - data), PEM_PRIVKEY_FOOTER_END);
if (footer_end)
footer_start = g_strrstr_len (header_end, footer_end - header_end, PEM_PRIVKEY_FOOTER_BEGIN);
if (!footer_start)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse PEM-encoded private key"));
return NULL;
}
end += strlen (footer);
while (*end == '\r' || *end == '\n')
end++;
return g_strndup (start, end - start);
footer_end += strlen (PEM_PRIVKEY_FOOTER_END);
while (*footer_end == '\r' || *footer_end == '\n')
footer_end++;
return g_strndup (header_start, footer_end - header_start);
}

23
gio/tests/Makefile.am
View File

@ -225,15 +225,20 @@ tls_certificate_SOURCES = \
dist_test_data += $(cert_data_files)
cert_data_files = $(addprefix cert-tests/,$(cert_tests))
cert_tests = \
cert1.pem \
cert2.pem \
cert3.pem \
cert-key.pem \
cert-list.pem \
key8.pem \
key-cert.pem \
key.pem \
nothing.pem \
cert1.pem \
cert2.pem \
cert3.pem \
cert-crlf.pem \
cert-key.pem \
cert-list.pem \
key8.pem \
key8enc.pem \
key-cert.pem \
key.pem \
key-crlf.pem \
key_missing-footer.pem \
key_missing-header.pem \
nothing.pem \
$(NULL)
uninstalled_test_extra_programs += socket-client

17
gio/tests/cert-tests/cert-crlf.pem Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICtTCCAh4CCQCMmwFMUPAJYzANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMC
Q0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9udHJlYWwxFzAVBgNVBAoM
DkNvbGxhYm9yYSBMdGQuMQ8wDQYDVQQLDAZDYW5hZGExEjAQBgNVBAMMCTEyNy4w
LjAuMTEtMCsGCSqGSIb3DQEJARYebmljb2xhcy5kdWZyZXNuZUBjb2xsYWJvcmEu
Y29tMB4XDTExMDcyNTE4NDkzNFoXDTEyMDcyNDE4NDkzNFowgZ4xCzAJBgNVBAYT
AkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMRcwFQYDVQQK
DA5Db2xsYWJvcmEgTHRkLjEPMA0GA1UECwwGQ2FuYWRhMRIwEAYDVQQDDAkxMjcu
MC4wLjExLTArBgkqhkiG9w0BCQEWHm5pY29sYXMuZHVmcmVzbmVAY29sbGFib3Jh
LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArJa05foKd5ULBBjHoI4U
DKMOcoYp6UO8o4t+rKBrlKVMp0D7Oz+bZt6I2T3kBjZmKH9wrHNsk6zC6wonbfMR
ZHILWcnTifbEEhIMHNqH+J5b33yGW3SEftd1jj1UZkubQVZEFha5UhbUO9AQ4TSt
0mX5AG+PkJi0kdTCRWlD1q0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCaaBfCfCiw
BJ/2pzZOjoFQcMqwPWufJ+F7hv8AK0zaEhsYW/JPPNpVVjM4Rf9dhMFG513GQ6IR
q3K+okin/2H6XyLD1eyAxAreuyMZPwOsTdgkVROhl+NJEfZKnFZSxK9wkiQRnNhS
+5L8/na5o3vsgGerggQi8pj2JjfVE0R/aQ==
-----END CERTIFICATE-----

15
gio/tests/cert-tests/key-crlf.pem Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
+3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t
-----END RSA PRIVATE KEY-----

18
gio/tests/cert-tests/key8enc.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIC3TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIdjDoEOJTH2ICAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDNLC2sDVjClaQyT8BfXTt1BIIC
gCN4s9Z5bmfKogL7YHIJly2zLX5uILHeCr3iQpoPS8057V9Af1wqB/8AUOJrLY96
R2amkXjlxuqA0BebEk4gcR4tWvCNQ2VCOqvQozUt8LnA+2xQRgzNwaW0HPxcAUzf
6GVZKL7xfpwFD2ootfLwTHB2zAIVMo8nwgEzdDz93ZwsMmXJmOfSO7vpDQUnVqUX
jVlue0i8n7fO4ClQ8fz5J8zyvPj403bR9qxsIJjQZACNVLMIksQXjTDngymy/ziI
lZD4JDLXCQwAOgFz6N6vsyD/mHROyL4/4q8ujYFPmVpuAlQzuZJe6TFnmZHiSfoI
we6wi1Nee1rbM4VzsGFzMa4Fr0ZhElHEKBXXje4YKWCAOWEo3tLjow4+0dQxNx5W
tsbQdRt2fRYNYTgt18O55kq3DVfy93aMQVYIMuXkxwAuCWBeiLQrCfAM5r7kDwfc
owp2AQ5Ndf+aAwr89k2fYUpexz9kZzU+eIY2K1cRhpUlLRAr5SG2oVy7n9IvYs1m
O7/hjVBvXeAPDADVOtx/YNxPYr9ZI1X2QNDYGxNuSUNF1qGps66Gj+fcRe2NO+Ej
YfSyfBvw+0h8sad81ZPepCSpIkYX91p6lCdCmRnJWYBwYyn6V5tXOx6tn5ntKJZ9
9OtTGr7CMm7PLs9S8b03MV9IDJH+TBqR7msP1KWZbTxCNOws28EXo75tQ51ywElF
FJI6ZU2gBYaX39i8WyvEMXFRRqzYUMzV0Yw2KeVRiGLh0ZX/4rlh2PQqVXGyakvn
XttDRKEYPEvXDSRpO+tIvESlq9T0Pfo/rpnD4xJd2JWO6z/CSrn8cujs80e1+YjT
HXksoJzsoLGeiYG2DzTK9lY=
-----END ENCRYPTED PRIVATE KEY-----

14
gio/tests/cert-tests/key_missing-footer.pem Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
+3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t

14
gio/tests/cert-tests/key_missing-header.pem Normal file
View File

@ -0,0 +1,14 @@
MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
+3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t
-----END RSA PRIVATE KEY-----

129
gio/tests/tls-certificate.c
View File

@ -27,7 +27,9 @@
typedef struct
{
gchar *cert_pems[3];
gchar *cert_crlf_pem;
gchar *key_pem;
gchar *key_crlf_pem;
gchar *key8_pem;
} Reference;
@ -44,12 +46,12 @@ pem_parser (const Reference *ref)
/* Check PEM parsing in certificate, private key order. */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, &pem_len, &error);
g_assert_no_error (error);
g_assert (pem);
g_assert_nonnull (pem);
g_assert_cmpuint (pem_len, >=, 10);
cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -79,11 +81,11 @@ pem_parser (const Reference *ref)
/* Check PEM parsing in private key, certificate order */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error);
g_assert (pem);
g_assert_nonnull (pem);
cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -101,11 +103,11 @@ pem_parser (const Reference *ref)
/* Check certificate only PEM */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error);
g_assert (pem);
g_assert_nonnull (pem);
cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -114,7 +116,7 @@ pem_parser (const Reference *ref)
g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
g_free (parsed_cert_pem);
parsed_cert_pem = NULL;
g_assert (parsed_key_pem == NULL);
g_assert_null (parsed_key_pem);
g_free (pem);
g_object_unref (cert);
@ -122,12 +124,12 @@ pem_parser (const Reference *ref)
/* Check error with private key only PEM */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error);
g_assert (pem);
g_assert_nonnull (pem);
cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert (cert == NULL);
g_assert_null (cert);
g_free (pem);
}
@ -145,12 +147,12 @@ pem_parser_handles_chain (const Reference *ref)
/* Check that a chain with exactly three certificates is returned */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error);
g_assert (pem);
g_assert_nonnull (pem);
cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_free (pem);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -165,11 +167,11 @@ pem_parser_handles_chain (const Reference *ref)
/* Now test the second cert */
issuer = g_tls_certificate_get_issuer (cert);
g_assert (issuer);
g_assert_nonnull (issuer);
cert = issuer;
issuer = g_tls_certificate_get_issuer (cert);
g_assert (issuer);
g_assert_nonnull (issuer);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -179,12 +181,12 @@ pem_parser_handles_chain (const Reference *ref)
/* Only the first cert should have a private key */
parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
g_assert (!parsed_key_pem);
g_assert_null (parsed_key_pem);
/* Now test the final cert */
cert = issuer;
issuer = g_tls_certificate_get_issuer (cert);
g_assert (!issuer);
g_assert_null (issuer);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -193,7 +195,7 @@ pem_parser_handles_chain (const Reference *ref)
g_clear_pointer (&parsed_cert_pem, g_free);
parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
g_assert (!parsed_key_pem);
g_assert_null (parsed_key_pem);
g_object_unref (original_cert);
}
@ -209,7 +211,7 @@ from_file (const Reference *ref)
cert = g_tls_certificate_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
&error);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -236,7 +238,7 @@ from_files (const Reference *ref)
g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
&error);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -256,7 +258,23 @@ from_files (const Reference *ref)
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert (cert == NULL);
g_assert_null (cert);
/* Missing header private key */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key_missing-header.pem", NULL),
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert_null (cert);
/* Missing footer private key */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key_missing-footer.pem", NULL),
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert_null (cert);
/* Missing certificate */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
@ -264,7 +282,7 @@ from_files (const Reference *ref)
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert (cert == NULL);
g_assert_null (cert);
/* Using this method twice with a file containing both private key and
* certificate as a way to inforce private key presence is a fair use
@ -273,10 +291,36 @@ from_files (const Reference *ref)
g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
&error);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_unref (cert);
}
static void
from_files_crlf (const Reference *ref)
{
GTlsCertificate *cert;
gchar *parsed_cert_pem = NULL;
const gchar *parsed_key_pem = NULL;
GError *error = NULL;
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-crlf.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key-crlf.pem", NULL),
&error);
g_assert_no_error (error);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
NULL);
parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_crlf_pem);
g_free (parsed_cert_pem);
parsed_cert_pem = NULL;
g_assert_cmpstr (parsed_key_pem, ==, ref->key_crlf_pem);
parsed_key_pem = NULL;
g_object_unref (cert);
}
static void
from_files_pkcs8 (const Reference *ref)
@ -290,7 +334,7 @@ from_files_pkcs8 (const Reference *ref)
g_test_get_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL),
&error);
g_assert_no_error (error);
g_assert (cert);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
@ -305,6 +349,21 @@ from_files_pkcs8 (const Reference *ref)
g_object_unref (cert);
}
static void
from_files_pkcs8enc (const Reference *ref)
{
GTlsCertificate *cert;
GError *error = NULL;
/* Mare sure an error is returned for encrypted key */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key8enc.pem", NULL),
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert_null (cert);
}
static void
list_from_file (const Reference *ref)
{
@ -356,27 +415,37 @@ main (int argc,
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL);
g_file_get_contents (path, &ref.cert_pems[0], NULL, &error);
g_assert_no_error (error);
g_assert (ref.cert_pems[0]);
g_assert_nonnull (ref.cert_pems[0]);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL);
g_file_get_contents (path, &ref.cert_pems[1], NULL, &error);
g_assert_no_error (error);
g_assert (ref.cert_pems[1]);
g_assert_nonnull (ref.cert_pems[1]);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert3.pem", NULL);
g_file_get_contents (path, &ref.cert_pems[2], NULL, &error);
g_assert_no_error (error);
g_assert (ref.cert_pems[2]);
g_assert_nonnull (ref.cert_pems[2]);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert-crlf.pem", NULL);
g_file_get_contents (path, &ref.cert_crlf_pem, NULL, &error);
g_assert_no_error (error);
g_assert_nonnull (ref.cert_crlf_pem);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL);
g_file_get_contents (path, &ref.key_pem, NULL, &error);
g_assert_no_error (error);
g_assert (ref.key_pem);
g_assert_nonnull (ref.key_pem);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key-crlf.pem", NULL);
g_file_get_contents (path, &ref.key_crlf_pem, NULL, &error);
g_assert_no_error (error);
g_assert_nonnull (ref.key_crlf_pem);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL);
g_file_get_contents (path, &ref.key8_pem, NULL, &error);
g_assert_no_error (error);
g_assert (ref.key8_pem);
g_assert_nonnull (ref.key8_pem);
g_free (path);
g_test_add_data_func ("/tls-certificate/pem-parser",
@ -387,8 +456,12 @@ main (int argc,
&ref, (GTestDataFunc)from_file);
g_test_add_data_func ("/tls-certificate/from_files",
&ref, (GTestDataFunc)from_files);
g_test_add_data_func ("/tls-certificate/from_files_crlf",
&ref, (GTestDataFunc)from_files_crlf);
g_test_add_data_func ("/tls-certificate/from_files_pkcs8",
&ref, (GTestDataFunc)from_files_pkcs8);
g_test_add_data_func ("/tls-certificate/from_files_pkcs8enc",
&ref, (GTestDataFunc)from_files_pkcs8enc);
g_test_add_data_func ("/tls-certificate/list_from_file",
&ref, (GTestDataFunc)list_from_file);
@ -397,7 +470,9 @@ main (int argc,
g_free (ref.cert_pems[0]);
g_free (ref.cert_pems[1]);
g_free (ref.cert_pems[2]);
g_free (ref.cert_crlf_pem);
g_free (ref.key_pem);
g_free (ref.key_crlf_pem);
g_free (ref.key8_pem);
return rtv;