summaryrefslogtreecommitdiff
path: root/trust/tests/test-parser.c
diff options
context:
space:
mode:
Diffstat (limited to 'trust/tests/test-parser.c')
-rw-r--r--trust/tests/test-parser.c127
1 files changed, 127 insertions, 0 deletions
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index 4c182a0..94cfc49 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -437,6 +437,131 @@ test_parse_unrecognized (CuTest *cu)
teardown (cu);
}
+static void
+test_duplicate (CuTest *cu)
+{
+ CK_ATTRIBUTE cacert3[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
+ { CKA_TRUSTED, &falsev, sizeof (falsev) },
+ { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
+ { CKA_INVALID },
+ };
+
+ CK_OBJECT_HANDLE *handles;
+ CK_ATTRIBUTE *cert;
+ int ret;
+
+ setup (cu);
+
+ ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
+ CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+
+ p11_message_quiet ();
+
+ /* This shouldn't be added, should print a message */
+ ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
+ CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+
+ CuAssertTrue (cu, strstr (p11_message_last (), "duplicate") != NULL);
+
+ p11_message_loud ();
+
+ /* Should only be one certificate since the above two are identical */
+ handles = p11_index_find_all (test.index, cacert3, 2);
+ CuAssertPtrNotNull (cu, handles);
+ CuAssertTrue (cu, handles[0] != 0);
+ CuAssertTrue (cu, handles[1] == 0);
+
+ cert = p11_index_lookup (test.index, handles[0]);
+ test_check_attrs (cu, cacert3, cert);
+
+ free (handles);
+ teardown (cu);
+}
+
+static void
+test_duplicate_priority (CuTest *cu)
+{
+ CK_ATTRIBUTE cacert3[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
+ { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
+ { CKA_INVALID },
+ };
+
+ CK_ATTRIBUTE trusted[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
+ { CKA_TRUSTED, &truev, sizeof (truev) },
+ { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
+ { CKA_INVALID },
+ };
+
+ CK_ATTRIBUTE distrust[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
+ { CKA_TRUSTED, &falsev, sizeof (falsev) },
+ { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
+ { CKA_INVALID },
+ };
+
+ CK_OBJECT_HANDLE *handles;
+ CK_ATTRIBUTE *cert;
+ int ret;
+
+ setup (cu);
+
+ ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
+ CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+
+ p11_message_quiet ();
+
+ /* This shouldn't be added, should print a message */
+ ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
+ P11_PARSE_FLAG_ANCHOR);
+ CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+
+ CuAssertTrue (cu, strstr (p11_message_last (), "duplicate") != NULL);
+
+ p11_message_loud ();
+
+ /* We should now find the trusted certificate */
+ handles = p11_index_find_all (test.index, cacert3, 2);
+ CuAssertPtrNotNull (cu, handles);
+ CuAssertTrue (cu, handles[0] != 0);
+ CuAssertTrue (cu, handles[1] == 0);
+ cert = p11_index_lookup (test.index, handles[0]);
+ test_check_attrs (cu, trusted, cert);
+ free (handles);
+
+ /* Now add a distrutsed one, this should override the trusted */
+
+ p11_message_quiet ();
+
+ ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
+ P11_PARSE_FLAG_BLACKLIST);
+ CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+
+ p11_message_loud ();
+
+ /* We should now find the distrusted certificate */
+ handles = p11_index_find_all (test.index, cacert3, 2);
+ CuAssertPtrNotNull (cu, handles);
+ CuAssertTrue (cu, handles[0] != 0);
+ CuAssertTrue (cu, handles[1] == 0);
+ cert = p11_index_lookup (test.index, handles[0]);
+ test_check_attrs (cu, distrust, cert);
+ free (handles);
+
+ teardown (cu);
+}
+
int
main (void)
{
@@ -457,6 +582,8 @@ main (void)
SUITE_ADD_TEST (suite, test_parse_thawte);
SUITE_ADD_TEST (suite, test_parse_invalid_file);
SUITE_ADD_TEST (suite, test_parse_unrecognized);
+ SUITE_ADD_TEST (suite, test_duplicate);
+ SUITE_ADD_TEST (suite, test_duplicate_priority);
CuSuiteRun (suite);
CuSuiteSummary (suite, output);
generated by cgit v1.1 at 2024-10-17 21:42:02 +0000