luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-08-13 20:47:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'tpm-keys-in-pem-files' into 'master'

Browse Source 
gtlscertificate: Add support for TPM keys in PEM files

See merge request GNOME/glib!522
This commit is contained in:
Philip Withnall
2018-12-19 11:53:17 +00:00
parent 46900e55e7 a437a50694
commit 0953338704
8 changed files with 229 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
gio/gtlscertificate.c
View File

@@ -218,12 +218,11 @@ g_tls_certificate_new_internal (const gchar *certificate_pem,
#define PEM_CERTIFICATE_HEADER "-----BEGIN CERTIFICATE-----" #define PEM_CERTIFICATE_HEADER "-----BEGIN CERTIFICATE-----"
#define PEM_CERTIFICATE_FOOTER "-----END CERTIFICATE-----" #define PEM_CERTIFICATE_FOOTER "-----END CERTIFICATE-----"
#define PEM_PKCS1_PRIVKEY_HEADER "-----BEGIN RSA PRIVATE KEY-----" #define PEM_PRIVKEY_HEADER_BEGIN "-----BEGIN "
#define PEM_PKCS1_PRIVKEY_FOOTER "-----END RSA PRIVATE KEY-----" #define PEM_PRIVKEY_HEADER_END "PRIVATE KEY-----"
#define PEM_PKCS8_PRIVKEY_HEADER "-----BEGIN PRIVATE KEY-----" #define PEM_PRIVKEY_FOOTER_BEGIN "-----END "
#define PEM_PKCS8_PRIVKEY_FOOTER "-----END PRIVATE KEY-----" #define PEM_PRIVKEY_FOOTER_END "PRIVATE KEY-----"
#define PEM_PKCS8_ENCRYPTED_HEADER "-----BEGIN ENCRYPTED PRIVATE KEY-----" #define PEM_PKCS8_ENCRYPTED_HEADER "-----BEGIN ENCRYPTED PRIVATE KEY-----"
#define PEM_PKCS8_ENCRYPTED_FOOTER "-----END ENCRYPTED PRIVATE KEY-----"
static gchar * static gchar *
parse_private_key (const gchar *data, parse_private_key (const gchar *data,
@@ -231,45 +230,47 @@ parse_private_key (const gchar *data,
gboolean required, gboolean required,
GError **error) GError **error)
{ {
const gchar *start, *end, *footer; const gchar *header_start = NULL, *header_end, *footer_start = NULL, *footer_end;
start = g_strstr_len (data, data_len, PEM_PKCS1_PRIVKEY_HEADER); header_end = g_strstr_len (data, data_len, PEM_PRIVKEY_HEADER_END);
if (start) if (header_end)
footer = PEM_PKCS1_PRIVKEY_FOOTER; header_start = g_strrstr_len (data, header_end - data, PEM_PRIVKEY_HEADER_BEGIN);
else
if (!header_start)
{ {
start = g_strstr_len (data, data_len, PEM_PKCS8_PRIVKEY_HEADER); if (required)
if (start) g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
footer = PEM_PKCS8_PRIVKEY_FOOTER; _("No PEM-encoded private key found"));
else
{ return NULL;
start = g_strstr_len (data, data_len, PEM_PKCS8_ENCRYPTED_HEADER); }
if (start)
header_end += strlen (PEM_PRIVKEY_HEADER_END);
if (strncmp (header_start, PEM_PKCS8_ENCRYPTED_HEADER, header_end - header_start) == 0)
{ {
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Cannot decrypt PEM-encoded private key")); _("Cannot decrypt PEM-encoded private key"));
}
else if (required)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("No PEM-encoded private key found"));
}
return NULL; return NULL;
} }
}
end = g_strstr_len (start, data_len - (start - data), footer); footer_end = g_strstr_len (header_end, data_len - (header_end - data), PEM_PRIVKEY_FOOTER_END);
if (!end) if (footer_end)
footer_start = g_strrstr_len (header_end, footer_end - header_end, PEM_PRIVKEY_FOOTER_BEGIN);
if (!footer_start)
{ {
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse PEM-encoded private key")); _("Could not parse PEM-encoded private key"));
return NULL; return NULL;
} }
end += strlen (footer);
while (*end == '\r' || *end == '\n')
end++;
return g_strndup (start, end - start); footer_end += strlen (PEM_PRIVKEY_FOOTER_END);
while (*footer_end == '\r' || *footer_end == '\n')
footer_end++;
return g_strndup (header_start, footer_end - header_start);
} }

5
gio/tests/Makefile.am
View File

@@ -228,11 +228,16 @@ cert_tests = \
cert1.pem \ cert1.pem \
cert2.pem \ cert2.pem \
cert3.pem \ cert3.pem \
cert-crlf.pem \
cert-key.pem \ cert-key.pem \
cert-list.pem \ cert-list.pem \
key8.pem \ key8.pem \
key8enc.pem \
key-cert.pem \ key-cert.pem \
key.pem \ key.pem \
key-crlf.pem \
key_missing-footer.pem \
key_missing-header.pem \
nothing.pem \ nothing.pem \
$(NULL) $(NULL)

17
gio/tests/cert-tests/cert-crlf.pem Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICtTCCAh4CCQCMmwFMUPAJYzANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMC
Q0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9udHJlYWwxFzAVBgNVBAoM
DkNvbGxhYm9yYSBMdGQuMQ8wDQYDVQQLDAZDYW5hZGExEjAQBgNVBAMMCTEyNy4w
LjAuMTEtMCsGCSqGSIb3DQEJARYebmljb2xhcy5kdWZyZXNuZUBjb2xsYWJvcmEu
Y29tMB4XDTExMDcyNTE4NDkzNFoXDTEyMDcyNDE4NDkzNFowgZ4xCzAJBgNVBAYT
AkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMRcwFQYDVQQK
DA5Db2xsYWJvcmEgTHRkLjEPMA0GA1UECwwGQ2FuYWRhMRIwEAYDVQQDDAkxMjcu
MC4wLjExLTArBgkqhkiG9w0BCQEWHm5pY29sYXMuZHVmcmVzbmVAY29sbGFib3Jh
LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArJa05foKd5ULBBjHoI4U
DKMOcoYp6UO8o4t+rKBrlKVMp0D7Oz+bZt6I2T3kBjZmKH9wrHNsk6zC6wonbfMR
ZHILWcnTifbEEhIMHNqH+J5b33yGW3SEftd1jj1UZkubQVZEFha5UhbUO9AQ4TSt
0mX5AG+PkJi0kdTCRWlD1q0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCaaBfCfCiw
BJ/2pzZOjoFQcMqwPWufJ+F7hv8AK0zaEhsYW/JPPNpVVjM4Rf9dhMFG513GQ6IR
q3K+okin/2H6XyLD1eyAxAreuyMZPwOsTdgkVROhl+NJEfZKnFZSxK9wkiQRnNhS
+5L8/na5o3vsgGerggQi8pj2JjfVE0R/aQ==
-----END CERTIFICATE-----

15
gio/tests/cert-tests/key-crlf.pem Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
+3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t
-----END RSA PRIVATE KEY-----

18
gio/tests/cert-tests/key8enc.pem Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIC3TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIdjDoEOJTH2ICAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDNLC2sDVjClaQyT8BfXTt1BIIC
gCN4s9Z5bmfKogL7YHIJly2zLX5uILHeCr3iQpoPS8057V9Af1wqB/8AUOJrLY96
R2amkXjlxuqA0BebEk4gcR4tWvCNQ2VCOqvQozUt8LnA+2xQRgzNwaW0HPxcAUzf
6GVZKL7xfpwFD2ootfLwTHB2zAIVMo8nwgEzdDz93ZwsMmXJmOfSO7vpDQUnVqUX
jVlue0i8n7fO4ClQ8fz5J8zyvPj403bR9qxsIJjQZACNVLMIksQXjTDngymy/ziI
lZD4JDLXCQwAOgFz6N6vsyD/mHROyL4/4q8ujYFPmVpuAlQzuZJe6TFnmZHiSfoI
we6wi1Nee1rbM4VzsGFzMa4Fr0ZhElHEKBXXje4YKWCAOWEo3tLjow4+0dQxNx5W
tsbQdRt2fRYNYTgt18O55kq3DVfy93aMQVYIMuXkxwAuCWBeiLQrCfAM5r7kDwfc
owp2AQ5Ndf+aAwr89k2fYUpexz9kZzU+eIY2K1cRhpUlLRAr5SG2oVy7n9IvYs1m
O7/hjVBvXeAPDADVOtx/YNxPYr9ZI1X2QNDYGxNuSUNF1qGps66Gj+fcRe2NO+Ej
YfSyfBvw+0h8sad81ZPepCSpIkYX91p6lCdCmRnJWYBwYyn6V5tXOx6tn5ntKJZ9
9OtTGr7CMm7PLs9S8b03MV9IDJH+TBqR7msP1KWZbTxCNOws28EXo75tQ51ywElF
FJI6ZU2gBYaX39i8WyvEMXFRRqzYUMzV0Yw2KeVRiGLh0ZX/4rlh2PQqVXGyakvn
XttDRKEYPEvXDSRpO+tIvESlq9T0Pfo/rpnD4xJd2JWO6z/CSrn8cujs80e1+YjT
HXksoJzsoLGeiYG2DzTK9lY=
-----END ENCRYPTED PRIVATE KEY-----

14
gio/tests/cert-tests/key_missing-footer.pem Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
+3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t

14
gio/tests/cert-tests/key_missing-header.pem Normal file
View File

@@ -0,0 +1,14 @@
MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
+3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t
-----END RSA PRIVATE KEY-----

129
gio/tests/tls-certificate.c
View File

@@ -27,7 +27,9 @@
typedef struct typedef struct
{ {
gchar *cert_pems[3]; gchar *cert_pems[3];
gchar *cert_crlf_pem;
gchar *key_pem; gchar *key_pem;
gchar *key_crlf_pem;
gchar *key8_pem; gchar *key8_pem;
} Reference; } Reference;
@@ -44,12 +46,12 @@ pem_parser (const Reference *ref)
/* Check PEM parsing in certificate, private key order. */ /* Check PEM parsing in certificate, private key order. */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, &pem_len, &error); g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, &pem_len, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (pem); g_assert_nonnull (pem);
g_assert_cmpuint (pem_len, >=, 10); g_assert_cmpuint (pem_len, >=, 10);
cert = g_tls_certificate_new_from_pem (pem, -1, &error); cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -79,11 +81,11 @@ pem_parser (const Reference *ref)
/* Check PEM parsing in private key, certificate order */ /* Check PEM parsing in private key, certificate order */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), &pem, NULL, &error); g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (pem); g_assert_nonnull (pem);
cert = g_tls_certificate_new_from_pem (pem, -1, &error); cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -101,11 +103,11 @@ pem_parser (const Reference *ref)
/* Check certificate only PEM */ /* Check certificate only PEM */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), &pem, NULL, &error); g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (pem); g_assert_nonnull (pem);
cert = g_tls_certificate_new_from_pem (pem, -1, &error); cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -114,7 +116,7 @@ pem_parser (const Reference *ref)
g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]); g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
g_free (parsed_cert_pem); g_free (parsed_cert_pem);
parsed_cert_pem = NULL; parsed_cert_pem = NULL;
g_assert (parsed_key_pem == NULL); g_assert_null (parsed_key_pem);
g_free (pem); g_free (pem);
g_object_unref (cert); g_object_unref (cert);
@@ -122,12 +124,12 @@ pem_parser (const Reference *ref)
/* Check error with private key only PEM */ /* Check error with private key only PEM */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), &pem, NULL, &error); g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (pem); g_assert_nonnull (pem);
cert = g_tls_certificate_new_from_pem (pem, -1, &error); cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error); g_clear_error (&error);
g_assert (cert == NULL); g_assert_null (cert);
g_free (pem); g_free (pem);
} }
@@ -145,12 +147,12 @@ pem_parser_handles_chain (const Reference *ref)
/* Check that a chain with exactly three certificates is returned */ /* Check that a chain with exactly three certificates is returned */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL, &error); g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (pem); g_assert_nonnull (pem);
cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error); cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_free (pem); g_free (pem);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -165,11 +167,11 @@ pem_parser_handles_chain (const Reference *ref)
/* Now test the second cert */ /* Now test the second cert */
issuer = g_tls_certificate_get_issuer (cert); issuer = g_tls_certificate_get_issuer (cert);
g_assert (issuer); g_assert_nonnull (issuer);
cert = issuer; cert = issuer;
issuer = g_tls_certificate_get_issuer (cert); issuer = g_tls_certificate_get_issuer (cert);
g_assert (issuer); g_assert_nonnull (issuer);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -179,12 +181,12 @@ pem_parser_handles_chain (const Reference *ref)
/* Only the first cert should have a private key */ /* Only the first cert should have a private key */
parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
g_assert (!parsed_key_pem); g_assert_null (parsed_key_pem);
/* Now test the final cert */ /* Now test the final cert */
cert = issuer; cert = issuer;
issuer = g_tls_certificate_get_issuer (cert); issuer = g_tls_certificate_get_issuer (cert);
g_assert (!issuer); g_assert_null (issuer);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -193,7 +195,7 @@ pem_parser_handles_chain (const Reference *ref)
g_clear_pointer (&parsed_cert_pem, g_free); g_clear_pointer (&parsed_cert_pem, g_free);
parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert); parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
g_assert (!parsed_key_pem); g_assert_null (parsed_key_pem);
g_object_unref (original_cert); g_object_unref (original_cert);
} }
@@ -209,7 +211,7 @@ from_file (const Reference *ref)
cert = g_tls_certificate_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), cert = g_tls_certificate_new_from_file (g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
&error); &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -236,7 +238,7 @@ from_files (const Reference *ref)
g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
&error); &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -256,7 +258,23 @@ from_files (const Reference *ref)
&error); &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error); g_clear_error (&error);
g_assert (cert == NULL); g_assert_null (cert);
/* Missing header private key */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key_missing-header.pem", NULL),
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert_null (cert);
/* Missing footer private key */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key_missing-footer.pem", NULL),
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert_null (cert);
/* Missing certificate */ /* Missing certificate */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL), cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL),
@@ -264,7 +282,7 @@ from_files (const Reference *ref)
&error); &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error); g_clear_error (&error);
g_assert (cert == NULL); g_assert_null (cert);
/* Using this method twice with a file containing both private key and /* Using this method twice with a file containing both private key and
* certificate as a way to inforce private key presence is a fair use * certificate as a way to inforce private key presence is a fair use
@@ -273,10 +291,36 @@ from_files (const Reference *ref)
g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL), g_test_get_filename (G_TEST_DIST, "cert-tests", "key-cert.pem", NULL),
&error); &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_unref (cert); g_object_unref (cert);
} }
static void
from_files_crlf (const Reference *ref)
{
GTlsCertificate *cert;
gchar *parsed_cert_pem = NULL;
const gchar *parsed_key_pem = NULL;
GError *error = NULL;
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-crlf.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key-crlf.pem", NULL),
&error);
g_assert_no_error (error);
g_assert_nonnull (cert);
g_object_get (cert,
"certificate-pem", &parsed_cert_pem,
NULL);
parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_crlf_pem);
g_free (parsed_cert_pem);
parsed_cert_pem = NULL;
g_assert_cmpstr (parsed_key_pem, ==, ref->key_crlf_pem);
parsed_key_pem = NULL;
g_object_unref (cert);
}
static void static void
from_files_pkcs8 (const Reference *ref) from_files_pkcs8 (const Reference *ref)
@@ -290,7 +334,7 @@ from_files_pkcs8 (const Reference *ref)
g_test_get_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL), g_test_get_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL),
&error); &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (cert); g_assert_nonnull (cert);
g_object_get (cert, g_object_get (cert,
"certificate-pem", &parsed_cert_pem, "certificate-pem", &parsed_cert_pem,
@@ -305,6 +349,21 @@ from_files_pkcs8 (const Reference *ref)
g_object_unref (cert); g_object_unref (cert);
} }
static void
from_files_pkcs8enc (const Reference *ref)
{
GTlsCertificate *cert;
GError *error = NULL;
/* Mare sure an error is returned for encrypted key */
cert = g_tls_certificate_new_from_files (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL),
g_test_get_filename (G_TEST_DIST, "cert-tests", "key8enc.pem", NULL),
&error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_assert_null (cert);
}
static void static void
list_from_file (const Reference *ref) list_from_file (const Reference *ref)
{ {
@@ -356,27 +415,37 @@ main (int argc,
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL); path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert1.pem", NULL);
g_file_get_contents (path, &ref.cert_pems[0], NULL, &error); g_file_get_contents (path, &ref.cert_pems[0], NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (ref.cert_pems[0]); g_assert_nonnull (ref.cert_pems[0]);
g_free (path); g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL); path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert2.pem", NULL);
g_file_get_contents (path, &ref.cert_pems[1], NULL, &error); g_file_get_contents (path, &ref.cert_pems[1], NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (ref.cert_pems[1]); g_assert_nonnull (ref.cert_pems[1]);
g_free (path); g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert3.pem", NULL); path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert3.pem", NULL);
g_file_get_contents (path, &ref.cert_pems[2], NULL, &error); g_file_get_contents (path, &ref.cert_pems[2], NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (ref.cert_pems[2]); g_assert_nonnull (ref.cert_pems[2]);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "cert-crlf.pem", NULL);
g_file_get_contents (path, &ref.cert_crlf_pem, NULL, &error);
g_assert_no_error (error);
g_assert_nonnull (ref.cert_crlf_pem);
g_free (path); g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL); path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key.pem", NULL);
g_file_get_contents (path, &ref.key_pem, NULL, &error); g_file_get_contents (path, &ref.key_pem, NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (ref.key_pem); g_assert_nonnull (ref.key_pem);
g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key-crlf.pem", NULL);
g_file_get_contents (path, &ref.key_crlf_pem, NULL, &error);
g_assert_no_error (error);
g_assert_nonnull (ref.key_crlf_pem);
g_free (path); g_free (path);
path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL); path = g_test_build_filename (G_TEST_DIST, "cert-tests", "key8.pem", NULL);
g_file_get_contents (path, &ref.key8_pem, NULL, &error); g_file_get_contents (path, &ref.key8_pem, NULL, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (ref.key8_pem); g_assert_nonnull (ref.key8_pem);
g_free (path); g_free (path);
g_test_add_data_func ("/tls-certificate/pem-parser", g_test_add_data_func ("/tls-certificate/pem-parser",
@@ -387,8 +456,12 @@ main (int argc,
&ref, (GTestDataFunc)from_file); &ref, (GTestDataFunc)from_file);
g_test_add_data_func ("/tls-certificate/from_files", g_test_add_data_func ("/tls-certificate/from_files",
&ref, (GTestDataFunc)from_files); &ref, (GTestDataFunc)from_files);
g_test_add_data_func ("/tls-certificate/from_files_crlf",
&ref, (GTestDataFunc)from_files_crlf);
g_test_add_data_func ("/tls-certificate/from_files_pkcs8", g_test_add_data_func ("/tls-certificate/from_files_pkcs8",
&ref, (GTestDataFunc)from_files_pkcs8); &ref, (GTestDataFunc)from_files_pkcs8);
g_test_add_data_func ("/tls-certificate/from_files_pkcs8enc",
&ref, (GTestDataFunc)from_files_pkcs8enc);
g_test_add_data_func ("/tls-certificate/list_from_file", g_test_add_data_func ("/tls-certificate/list_from_file",
&ref, (GTestDataFunc)list_from_file); &ref, (GTestDataFunc)list_from_file);
@@ -397,7 +470,9 @@ main (int argc,
g_free (ref.cert_pems[0]); g_free (ref.cert_pems[0]);
g_free (ref.cert_pems[1]); g_free (ref.cert_pems[1]);
g_free (ref.cert_pems[2]); g_free (ref.cert_pems[2]);
g_free (ref.cert_crlf_pem);
g_free (ref.key_pem); g_free (ref.key_pem);
g_free (ref.key_crlf_pem);
g_free (ref.key8_pem); g_free (ref.key8_pem);
return rtv; return rtv;