Commit 964b9f35 authored by Dan Winship's avatar Dan Winship
Browse files

libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils

Rather than having test-crypto and test-setting-8021x be programs that
you have to pass arguments to to get them to run a single test, just
have them run all of the tests themselves.

This lets us get rid of the big "check-local" rule in Makefile.am and
just use TESTS to run everything.

https://bugzilla.gnome.org/show_bug.cgi?id=734388
parent 7cd69584
......@@ -25,66 +25,6 @@ LDADD = \
$(GLIB_LIBS) \
$(DBUS_LIBS)
check-local: test-crypto test-setting-8021x
# Private key and CA certificate in the same file (PEM)
$(abs_builddir)/test-setting-8021x $(certsdir)/test_key_and_cert.pem "test"
# Private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(certsdir)/test-key-only.pem "test"
# PKCS#8 private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(certsdir)/pkcs8-enc-key.pem "1234567890"
# Private key and CA certificate in the same file (pkcs12)
$(abs_builddir)/test-setting-8021x $(certsdir)/test-cert.p12 "test"
# Normal CA certificate
$(abs_builddir)/test-crypto --cert $(certsdir)/test_ca_cert.pem
# Another CA certificate
$(abs_builddir)/test-crypto --cert $(certsdir)/test2_ca_cert.pem
# Normal CA certificate (DER format)
$(abs_builddir)/test-crypto --cert $(certsdir)/test_ca_cert.der
# CA certificate without an ending newline
$(abs_builddir)/test-crypto --cert $(certsdir)/ca-no-ending-newline.pem
# Combined user cert and private key
$(abs_builddir)/test-crypto --cert $(certsdir)/test_key_and_cert.pem
# Another combined user cert and private key
$(abs_builddir)/test-crypto --cert $(certsdir)/test2_key_and_cert.pem
# Private key with 8 bytes of tail padding
$(abs_builddir)/test-crypto --key \
$(certsdir)/test_key_and_cert.pem \
"test" \
$(certsdir)/test-key-only-decrypted.der
# Private key only (not combined with a cert)
$(abs_builddir)/test-crypto --key \
$(certsdir)/test-key-only.pem \
"test" \
$(certsdir)/test-key-only-decrypted.der
# Private key with 6 bytes of tail padding
$(abs_builddir)/test-crypto --key $(certsdir)/test2_key_and_cert.pem "12345testing"
# PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(certsdir)/test-cert.p12 "test"
# Another PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(certsdir)/test2-cert.p12 "12345testing"
# PKCS#8 encrypted private key
$(abs_builddir)/test-crypto --pkcs8 \
$(certsdir)/pkcs8-enc-key.pem \
"1234567890"
# Private key with AES cipher
$(abs_builddir)/test-crypto --key $(certsdir)/test-aes-key.pem "test-aes-password"
TESTS = test-settings-defaults test-secrets test-general test-setting-dcb
TESTS = $(noinst_PROGRAMS)
endif
......@@ -92,18 +92,21 @@ out:
#endif
static void
test_load_cert (const char *path, const char *desc)
test_cert (gconstpointer test_data)
{
char *path;
GByteArray *array;
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL;
path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
array = crypto_load_and_verify_certificate (path, &format, &error);
ASSERT (array != NULL, desc,
ASSERT (array != NULL, "cert",
"couldn't read certificate file '%s': %d %s",
path, error->code, error->message);
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, desc,
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert",
"%s: unexpected certificate format (expected %d, got %d)",
path, NM_CRYPTO_FILE_FORMAT_X509, format);
......@@ -330,55 +333,137 @@ test_encrypt_private_key (const char *path,
g_byte_array_free (array, TRUE);
}
int main (int argc, char **argv)
static void
test_key (gconstpointer test_data)
{
char **parts, *path, *password, *decrypted_path;
int len;
parts = g_strsplit ((const char *) test_data, ", ", -1);
len = g_strv_length (parts);
ASSERT (len == 2 || len == 3, "test-crypto",
"wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
test_encrypt_private_key (path, password, "private-key-rencrypt");
g_free (path);
g_free (decrypted_path);
g_strfreev (parts);
}
static void
test_pkcs12 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, FALSE, "is-pkcs12");
test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
g_free (path);
g_strfreev (parts);
}
static void
test_pkcs8 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
/* Until gnutls and NSS grow support for all the ciphers that openssl
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being.
*/
test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
g_free (path);
g_strfreev (parts);
}
NMTST_DEFINE ();
int
main (int argc, char **argv)
{
GError *error = NULL;
char *progname;
int ret;
ASSERT (argc > 2, "test-crypto",
"wrong number of arguments (expected at least an operation and an object)");
nmtst_init (&argc, &argv, TRUE);
if (!crypto_init (&error))
FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
if (!strcmp (argv[1], "--cert"))
test_load_cert (argv[2], "cert");
else if (!strcmp (argv[1], "--key")) {
const char *decrypted_path = (argc == 5) ? argv[4] : NULL;
ASSERT (argc == 4 || argc == 5, "test-crypto",
"wrong number of arguments (--key <key file> <password> [<decrypted key file>])");
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
test_load_private_key (argv[2], argv[3], decrypted_path, FALSE, "private-key");
test_load_private_key (argv[2], "blahblahblah", NULL, TRUE, "private-key-bad-password");
test_load_private_key (argv[2], NULL, NULL, TRUE, "private-key-no-password");
test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt");
} else if (!strcmp (argv[1], "--p12")) {
test_is_pkcs12 (argv[2], FALSE, "is-pkcs12");
test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key");
test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (argv[2], "pkcs12-private-key-no-password");
} else if (!strcmp (argv[1], "--pkcs8")) {
ASSERT (argc == 4, "test-crypto",
"wrong number of arguments (--pkcs8 <key file> <password>)");
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
test_load_pkcs8 (argv[2], argv[3], FALSE, "pkcs8-private-key");
/* Until gnutls and NSS grow support for all the ciphers that openssl
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being.
*/
test_load_pkcs8 (argv[2], "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
} else {
ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)");
}
g_test_add_data_func ("/libnm/crypto/cert/pem",
"test_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-2",
"test2_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/der",
"test_ca_cert.der",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
"ca-no-ending-newline.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
"test_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
"test2_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/key/padding-6",
"test_key_and_cert.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/key-only",
"test-key-only.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/padding-8",
"test2_key_and_cert.pem, 12345testing",
test_key);
g_test_add_data_func ("/libnm/crypto/key/aes",
"test-aes-key.pem, test-aes-password",
test_key);
g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
"test-cert.p12, test",
test_pkcs12);
g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
"test2-cert.p12, 12345testing",
test_pkcs12);
g_test_add_data_func ("/libnm/crypto/PKCS#8",
"pkcs8-enc-key.pem, 1234567890",
test_pkcs8);
ret = g_test_run ();
crypto_deinit ();
progname = g_path_get_basename (argv[0]);
fprintf (stdout, "%s: SUCCESS\n", progname);
g_free (progname);
return 0;
return ret;
}
......@@ -404,40 +404,57 @@ test_clear_phase2_private_key (const char *path, const char *password)
g_object_unref (s_8021x);
}
int main (int argc, char **argv)
static void
do_8021x_test (gconstpointer test_data)
{
GError *error = NULL;
char *base;
char **parts, *path, *password;
if (argc < 3)
FAIL ("init", "need at least two arguments: <path> <password>");
parts = g_strsplit ((const char *) test_data, ", ", -1);
g_assert_cmpint (g_strv_length (parts), ==, 2);
#if !GLIB_CHECK_VERSION (2, 35, 0)
g_type_init ();
#endif
if (!nm_utils_init (&error))
FAIL ("nm-utils-init", "failed to initialize libnm: %s", error->message);
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
/* Test phase1 and phase2 path scheme */
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH);
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_PATH);
test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_PATH);
/* Test phase1 and phase2 blob scheme */
test_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB);
test_phase2_private_key_import (argv[1], argv[2], NM_SETTING_802_1X_CK_SCHEME_BLOB);
test_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
test_phase2_private_key_import (path, password, NM_SETTING_802_1X_CK_SCHEME_BLOB);
/* Test that using a wrong password does not change existing data */
test_wrong_password_keeps_data (argv[1], argv[2]);
test_wrong_phase2_password_keeps_data (argv[1], argv[2]);
test_wrong_password_keeps_data (path, password);
test_wrong_phase2_password_keeps_data (path, password);
/* Test clearing the private key */
test_clear_private_key (argv[1], argv[2]);
test_clear_phase2_private_key (argv[1], argv[2]);
test_clear_private_key (path, password);
test_clear_phase2_private_key (path, password);
base = g_path_get_basename (argv[0]);
fprintf (stdout, "%s: SUCCESS\n", base);
g_free (base);
return 0;
g_free (path);
g_strfreev (parts);
}
NMTST_DEFINE ();
int
main (int argc, char **argv)
{
nmtst_init (&argc, &argv, TRUE);
g_test_add_data_func ("/libnm/setting-8021x/key-and-cert",
"test_key_and_cert.pem, test",
do_8021x_test);
g_test_add_data_func ("/libnm/setting-8021x/key-only",
"test-key-only.pem, test",
do_8021x_test);
g_test_add_data_func ("/libnm/setting-8021x/pkcs8-enc-key",
"pkcs8-enc-key.pem, 1234567890",
do_8021x_test);
g_test_add_data_func ("/libnm/setting-8021x/pkcs12",
"test-cert.p12, test",
do_8021x_test);
return g_test_run ();
}
......@@ -12,13 +12,16 @@ AM_CPPFLAGS = \
-DBUILD_DIR=\"$(abs_builddir)\" \
-DTEST_CERT_DIR=\"$(top_srcdir)/libnm-util/tests/certs/\"
noinst_PROGRAMS = \
TESTS = \
test-settings-defaults \
test-crypto \
test-secrets \
test-general \
test-setting-8021x \
test-setting-dcb \
test-setting-dcb
noinst_PROGRAMS = \
$(TESTS) \
test-libnm-linking
test_settings_defaults_SOURCES = \
......@@ -80,66 +83,4 @@ test_libnm_linking_LDADD = \
$(GLIB_LIBS) \
$(DBUS_LIBS)
check-local: test-crypto test-setting-8021x
# Private key and CA certificate in the same file (PEM)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test_key_and_cert.pem "test"
# Private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test-key-only.pem "test"
# PKCS#8 private key by itself (PEM)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/pkcs8-enc-key.pem "1234567890"
# Private key and CA certificate in the same file (pkcs12)
$(abs_builddir)/test-setting-8021x $(srcdir)/certs/test-cert.p12 "test"
# Normal CA certificate
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.pem
# Another CA certificate
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_ca_cert.pem
# Normal CA certificate (DER format)
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.der
# CA certificate without an ending newline
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/ca-no-ending-newline.pem
# Combined user cert and private key
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_key_and_cert.pem
# Another combined user cert and private key
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_key_and_cert.pem
# Private key with 8 bytes of tail padding
$(abs_builddir)/test-crypto --key \
$(srcdir)/certs/test_key_and_cert.pem \
"test" \
$(srcdir)/certs/test-key-only-decrypted.der
# Private key only (not combined with a cert)
$(abs_builddir)/test-crypto --key \
$(srcdir)/certs/test-key-only.pem \
"test" \
$(srcdir)/certs/test-key-only-decrypted.der
# Private key with 6 bytes of tail padding
$(abs_builddir)/test-crypto --key $(srcdir)/certs/test2_key_and_cert.pem "12345testing"
# PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(srcdir)/certs/test-cert.p12 "test"
# Another PKCS#12 file
$(abs_builddir)/test-crypto --p12 $(srcdir)/certs/test2-cert.p12 "12345testing"
# PKCS#8 encrypted private key
$(abs_builddir)/test-crypto --pkcs8 \
$(srcdir)/certs/pkcs8-enc-key.pem \
"1234567890"
# Private key with AES cipher
$(abs_builddir)/test-crypto --key $(srcdir)/certs/test-aes-key.pem "test-aes-password"
TESTS = test-settings-defaults test-secrets test-general test-setting-dcb
endif
......@@ -92,18 +92,21 @@ out:
#endif
static void
test_load_cert (const char *path, const char *desc)
test_cert (gconstpointer test_data)
{
char *path;
GByteArray *array;
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
GError *error = NULL;
path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
array = crypto_load_and_verify_certificate (path, &format, &error);
ASSERT (array != NULL, desc,
ASSERT (array != NULL, "cert",
"couldn't read certificate file '%s': %d %s",
path, error->code, error->message);
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, desc,
ASSERT (format == NM_CRYPTO_FILE_FORMAT_X509, "cert",
"%s: unexpected certificate format (expected %d, got %d)",
path, NM_CRYPTO_FILE_FORMAT_X509, format);
......@@ -330,55 +333,137 @@ test_encrypt_private_key (const char *path,
g_byte_array_free (array, TRUE);
}
int main (int argc, char **argv)
static void
test_key (gconstpointer test_data)
{
char **parts, *path, *password, *decrypted_path;
int len;
parts = g_strsplit ((const char *) test_data, ", ", -1);
len = g_strv_length (parts);
ASSERT (len == 2 || len == 3, "test-crypto",
"wrong number of arguments (<key file>, <password>, [<decrypted key file>])");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
decrypted_path = parts[2] ? g_build_filename (TEST_CERT_DIR, parts[2], NULL) : NULL;
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_private_key (path, password, decrypted_path, FALSE, "private-key");
test_load_private_key (path, "blahblahblah", NULL, TRUE, "private-key-bad-password");
test_load_private_key (path, NULL, NULL, TRUE, "private-key-no-password");
test_encrypt_private_key (path, password, "private-key-rencrypt");
g_free (path);
g_free (decrypted_path);
g_strfreev (parts);
}
static void
test_pkcs12 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, FALSE, "is-pkcs12");
test_load_pkcs12 (path, password, FALSE, "pkcs12-private-key");
test_load_pkcs12 (path, "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (path, "pkcs12-private-key-no-password");
g_free (path);
g_strfreev (parts);
}
static void
test_pkcs8 (gconstpointer test_data)
{
char **parts, *path, *password;
parts = g_strsplit ((const char *) test_data, ", ", -1);
ASSERT (g_strv_length (parts) == 2, "test-crypto",
"wrong number of arguments (<file>, <password>)");
path = g_build_filename (TEST_CERT_DIR, parts[0], NULL);
password = parts[1];
test_is_pkcs12 (path, TRUE, "not-pkcs12");
test_load_pkcs8 (path, password, FALSE, "pkcs8-private-key");
/* Until gnutls and NSS grow support for all the ciphers that openssl
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being.
*/
test_load_pkcs8 (path, "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
g_free (path);
g_strfreev (parts);
}
NMTST_DEFINE ();
int
main (int argc, char **argv)
{
GError *error = NULL;
char *progname;
int ret;
ASSERT (argc > 2, "test-crypto",
"wrong number of arguments (expected at least an operation and an object)");
nmtst_init (&argc, &argv, TRUE);
if (!crypto_init (&error))
FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
if (!strcmp (argv[1], "--cert"))
test_load_cert (argv[2], "cert");
else if (!strcmp (argv[1], "--key")) {
const char *decrypted_path = (argc == 5) ? argv[4] : NULL;
ASSERT (argc == 4 || argc == 5, "test-crypto",
"wrong number of arguments (--key <key file> <password> [<decrypted key file>])");
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
test_load_private_key (argv[2], argv[3], decrypted_path, FALSE, "private-key");
test_load_private_key (argv[2], "blahblahblah", NULL, TRUE, "private-key-bad-password");
test_load_private_key (argv[2], NULL, NULL, TRUE, "private-key-no-password");
test_encrypt_private_key (argv[2], argv[3], "private-key-rencrypt");
} else if (!strcmp (argv[1], "--p12")) {
test_is_pkcs12 (argv[2], FALSE, "is-pkcs12");
test_load_pkcs12 (argv[2], argv[3], FALSE, "pkcs12-private-key");
test_load_pkcs12 (argv[2], "blahblahblah", TRUE, "pkcs12-private-key-bad-password");
test_load_pkcs12_no_password (argv[2], "pkcs12-private-key-no-password");
} else if (!strcmp (argv[1], "--pkcs8")) {
ASSERT (argc == 4, "test-crypto",
"wrong number of arguments (--pkcs8 <key file> <password>)");
test_is_pkcs12 (argv[2], TRUE, "not-pkcs12");
test_load_pkcs8 (argv[2], argv[3], FALSE, "pkcs8-private-key");
/* Until gnutls and NSS grow support for all the ciphers that openssl
* can use with PKCS#8, we can't actually verify the password. So we
* expect a bad password to work for the time being.
*/
test_load_pkcs8 (argv[2], "blahblahblah", FALSE, "pkcs8-private-key-bad-password");
} else {
ASSERT (argc > 2, "test-crypto", "unknown test type (not --cert, --key, or --p12)");
}
g_test_add_data_func ("/libnm/crypto/cert/pem",
"test_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-2",
"test2_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/der",
"test_ca_cert.der",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
"ca-no-ending-newline.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
"test_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",