Add certificate chain construction test

Enhance GTestTlsBackend to allow setting the issuer property of GTlsCertificates, and add a test to ensure certificate chain construction with g_tls_certificate_new_from_pem() works as expected. https://bugzilla.gnome.org/show_bug.cgi?id=754264
2025-01-11 15:06:14 +01:00 · 2015-08-28 19:47:19 -05:00 · 2015-08-28 19:47:19 -05:00 · 516adb99c0
commit 516adb99c0
parent 587068c969
3 changed files with 93 additions and 1 deletions
--- a/gio/tests/cert-tests/cert-list.pem
+++ b/gio/tests/cert-tests/cert-list.pem
@ -50,3 +50,19 @@ E6GlY2rvjCf0BpW0t4zKL/wvA5tBmuOWYg93psHgIdSNgkmfbA1kvD6kXehQlt1F
 5yZJP91/VND5LHvXf5TcAmr/KeQAPYvqfiGYXuvHDLA9y9OOyTBMURLYfWuo9HZt
 xeI14sZ9udXwtUhgcvXrBFzlRfkbojuMZw==
 -----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCslrTl+gp3lQsEGMegjhQMow5yhinpQ7yji36soGuUpUynQPs7
+P5tm3ojZPeQGNmYof3Csc2yTrMLrCidt8xFkcgtZydOJ9sQSEgwc2of4nlvffIZb
+dIR+13WOPVRmS5tBVkQWFrlSFtQ70BDhNK3SZfkAb4+QmLSR1MJFaUPWrQIDAQAB
+AoGAUTnskYAIhRdEQ/1Vlp7HmNr05bl26C3VDjOMvroRZ7gUR3MxykS5YsTBK10R
+gEsB8XVpFgCMzUO1yODShdCsEg9kCB3fzSWkunK8+TF2TKOM5uWlQwifKJvcNisR
+Nbg3r8WygMMXaWSFA3xWoRuZ5It0jOX18v+x5RHHon/kaRECQQDl6FSwgJLeNAkR
+pMNQGdRhmMesHWmNNBv3Wozqm6Wpkwo5ZXPsLt3pprd0GN5jX0IG7clT1/eMD9/G
+3UGqTj3AkEAwC0M2gv+QUhbaB+KSlOZDOi4gsnhnsnaM7HQGDJJ5no4y2EvnYI3
+Y5rPJWedeYlCV3ccMitjnjcIJHInRZBIewJBANgsamVDn9Ua7GQQni1U/COAek7V
+oQfKNXmRROrbyxr1TSnGwQcU0kf+IIUjVQfu67CEKUeSzAqAapM4oULQHuUCQQC9
+J9qdiO6DXXAzRdA9pplgHnT2rzV3sSEoft3f4yfgRu8+KHPQqkpQrSE1pQ5YgWUe
+aGwFabXNFkfab839562fAkBl8jPidQdKWEgSa6h5pm4++sXLdWl7p6jiyetH64W7
+HnhRryE3ptrRGO0hSV1v4bx3DKzeJiJRlWUWiSl7828t
+-----END RSA PRIVATE KEY-----
+>>>> Garbage to be ignore <<<<
--- a/gio/tests/gtesttlsbackend.c
+++ b/gio/tests/gtesttlsbackend.c
@ -68,6 +68,7 @@ struct _GTestTlsCertificate {
  GTlsCertificate parent_instance;
  gchar *key_pem;
  gchar *cert_pem;
+  GTlsCertificate *issuer;
 };

 struct _GTestTlsCertificateClass {
@ -117,6 +118,9 @@ g_test_tls_certificate_get_property (GObject    *object,
    case PROP_CERT_PRIVATE_KEY_PEM:
      g_value_set_string (value, cert->key_pem);
      break;
+    case PROP_CERT_ISSUER:
+      g_value_set_object (value, cert->issuer);
+      break;
    default:
      g_assert_not_reached ();
      break;
@ -139,9 +143,11 @@ g_test_tls_certificate_set_property (GObject      *object,
    case PROP_CERT_PRIVATE_KEY_PEM:
      cert->key_pem = g_value_dup_string (value);
      break;
+    case PROP_CERT_ISSUER:
+      cert->issuer = g_value_dup_object (value);
+      break;
    case PROP_CERT_CERTIFICATE:
    case PROP_CERT_PRIVATE_KEY:
-    case PROP_CERT_ISSUER:
      /* ignore */
      break;
    default:
@ -157,6 +163,7 @@ g_test_tls_certificate_finalize (GObject *object)

  g_free (cert->cert_pem);
  g_free (cert->key_pem);
+  g_clear_object (&cert->issuer);
 }

 static void
--- a/gio/tests/tls-certificate.c
+++ b/gio/tests/tls-certificate.c
@ -122,6 +122,73 @@ pem_parser (const Reference *ref)
  g_free (pem);
 }

+static void
+pem_parser_handles_chain (const Reference *ref)
+{
+  GTlsCertificate *cert;
+  GTlsCertificate *issuer;
+  GTlsCertificate *original_cert;
+  gchar *pem;
+  gchar *parsed_cert_pem = NULL;
+  const gchar *parsed_key_pem = NULL;
+  GError *error = NULL;
+
+  /* Check that a chain with exactly three certificates is returned */
+  g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-list.pem", NULL), &pem, NULL, &error);
+  g_assert_no_error (error);
+  g_assert (pem);
+
+  cert = original_cert = g_tls_certificate_new_from_pem (pem, -1, &error);
+  g_free (pem);
+  g_assert_no_error (error);
+  g_assert (cert);
+
+  g_object_get (cert,
+      "certificate-pem", &parsed_cert_pem,
+      NULL);
+  g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[0]);
+  g_clear_pointer (&parsed_cert_pem, g_free);
+
+  /* Make sure the private key was parsed */
+  parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
+  g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
+  parsed_key_pem = NULL;
+
+  /* Now test the second cert */
+  issuer = g_tls_certificate_get_issuer (cert);
+  g_assert (issuer);
+
+  cert = issuer;
+  issuer = g_tls_certificate_get_issuer (cert);
+  g_assert (issuer);
+
+  g_object_get (cert,
+      "certificate-pem", &parsed_cert_pem,
+      NULL);
+  g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[1]);
+  g_clear_pointer (&parsed_cert_pem, g_free);
+
+  /* Only the first cert should have a private key */
+  parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
+  g_assert (!parsed_key_pem);
+
+  /* Now test the final cert */
+  cert = issuer;
+  issuer = g_tls_certificate_get_issuer (cert);
+  g_assert (!issuer);
+
+  g_object_get (cert,
+      "certificate-pem", &parsed_cert_pem,
+      NULL);
+  g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[2]);
+  g_clear_pointer (&parsed_cert_pem, g_free);
+
+  parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
+  g_assert (!parsed_key_pem);
+
+  g_object_unref (original_cert);
+}
+
 static void
 from_file (const Reference *ref)
 {
@ -305,6 +372,8 @@ main (int   argc,

  g_test_add_data_func ("/tls-certificate/pem-parser",
                        &ref, (GTestDataFunc)pem_parser);
+  g_test_add_data_func ("/tls-certificate/pem-parser-handles-chain",
+                        &ref, (GTestDataFunc)pem_parser_handles_chain);
  g_test_add_data_func ("/tls-certificate/from_file",
                        &ref, (GTestDataFunc)from_file);
  g_test_add_data_func ("/tls-certificate/from_files",