summaryrefslogtreecommitdiff
path: root/trust/tests
Commit message (Collapse)AuthorAgeFilesLines
* trust: Add index callback for when an object is removedStef Walter2013-08-292-8/+93
| | | | This allows a token to remove the file if desired
* trust: Correctly rewrite other objects in a modifiable persist fileStef Walter2013-08-281-0/+74
| | | | | There was a bug where we were rewriting the modified object multiple times.
* Avoid multiple stat() calls for same fileStef Walter2013-08-284-18/+20
| | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525
* trust: Add test tool for creating BasicConstraintsStef Walter2013-08-122-0/+102
|
* Make tests work on file systems with block size directoriesStef Walter2013-07-241-0/+12
| | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-233-7/+12
|
* Use simple serial automake test harnessStef Walter2013-07-231-3/+9
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-187-22/+13
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-182-3/+5
| | | | Among others fix possible usage of large stack allocation.
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-104-10/+158
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Fix bug with load validation failuresStef Walter2013-07-081-0/+50
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-082-84/+186
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Explicitly specify which formats parser should parseStef Walter2013-07-082-0/+12
|
* trust: Support using the parser without an asn1_cacheStef Walter2013-07-081-0/+22
|
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-0410-77/+302
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* trust: Add p11_oid_hash() and various oid stringsStef Walter2013-07-041-5/+14
|
* trust: Add p11_asn1_read() and p11_asn1_free() functionsStef Walter2013-07-041-0/+19
| | | | Some helpers for commonly used ASN.1 related stuff.
* trust: Initial support for writing out token objectsStef Walter2013-07-034-11/+227
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable
* trust: Add support for saving files with unique file namesStef Walter2013-07-032-43/+126
|
* trust: Rename p11_index_batch() to p11_index_load()Stef Walter2013-07-032-14/+14
| | | | | | The name makes it clearer what's going on. This is only used during loading, so we can track whether a change has resulted from the trust module or from the file storage.
* trust: Implement reloading of token dataStef Walter2013-07-035-192/+378
| | | | | | | | | | | | | | | * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes.
* iter: Add iteration mode where session is not busyStef Walter2013-07-035-7/+7
| | | | | | | | | | | In order to use the session we are iterating on for other tasks such as other C_FindObject() calls, we need to make sure that it's not in the middle of a find operation. Finish up the complete find operation in advance of returning objects from a session. Make this the default mode. The previous behavior remains as an option. Add tests.
* trust: Implement validation for creating/modifying objectsStef Walter2013-06-261-0/+427
|
* Fix running trust module tests under distcheckStef Walter2013-06-251-10/+12
|
* Reorganize various componentsStef Walter2013-06-2528-8/+4832
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* trust: Writable module PKCS#11 token functionsStef Walter2013-06-171-6/+32
| | | | | | Although we don't actually write anything out yet, make the various PKCS#11 functions behave properly when faced with requests to write to token objects
* trust: Correctly reflect the CK_TOKEN_INFO writability flagsStef Walter2013-06-142-2/+131
| | | | | Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths which we will be able to write to.
* Merge branch 'stable'Stef Walter2013-06-052-0/+136
|\
| * trust: Fix crash when C_Initialize args are NULLStef Walter2013-06-051-0/+18
| | | | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=65401
| * trust: Fix reinitialization of trust moduleStef Walter2013-06-052-0/+118
| | | | | | | | | | | | | | | | | | Track number of C_Initialize calls, and require similar number of C_Finalize calls to finalize. This fixes leaks/disappearing sessions in the trust module. https://bugs.freedesktop.org/show_bug.cgi?id=65401
* | persist: Support for writing out p11-kit persist filesStef Walter2013-05-272-29/+176
| |
* | Fix up Makefile.am files for automake 1.13 warningsStef Walter2013-05-211-1/+1
| |
* | Our own unit testing frameworkStef Walter2013-05-219-1133/+746
| | | | | | | | | | | | | | | | * Support the TAP protocol * Much cleaner without having to carry around state * First class support for setup/teardown * Port the common tests * Wait on porting other tests until we've merged outstanding code
* | p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-211-6/+19
|/ | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Don't respect timezones for CKA_START_DATE or CKA_END_DATEStef Walter2013-04-031-13/+1
| | | | | | | | | | | | | The PKCS#11 specification does not note what timezone these dates are in. In addition the time values are not represented in PKCS#11. So don't reinterpret certificate dates, other than filling in the century for dates that have a two digit year. Lastly, these are low resolution optional fields so not being all strict about timezones here is appropriate. https://bugs.freedesktop.org/show_bug.cgi?id=62825
* trust: Fix logic for matching invalid NSS serial numbersStef Walter2013-04-031-0/+107
| | | | | | | | Sometimes NSS queries for trust objects using invalid serial numbers that do not have their DER decoding. We fixed this earlier, but want to make sure there are no corner cases, accidentally not matching serial numbers that happen to start with the same bytes as a DER TLV would.
* More compatible path munging and handling codeStef Walter2013-04-031-2/+8
| | | | | | | | | | Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062
* Separate library init from message codeStef Walter2013-04-037-15/+7
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Fix build with automake 1.13Stef Walter2013-04-031-1/+1
| | | | Also remove some generated files from the po/ directory.
* Use CKA_X_CERTIFICATE_VALUE for trust assertionsStef Walter2013-03-291-3/+3
| | | | | | | These don't contain the CKA_VALUE attribute for certificate data but rather the CKA_X_CERTIFICATE_VALUE attribute. https://bugs.freedesktop.org/show_bug.cgi?id=62896
* Don't complain when applications call C_Logout or C_LoginStef Walter2013-03-281-0/+23
| | | | | | | Some callers erroneously call our C_Logout function, like NSS. So return appropriate error codes in these cases. https://bugs.freedesktop.org/show_bug.cgi?id=62874
* Don't try to guess at overflowing time values on 32-bit systemsStef Walter2013-03-281-0/+71
| | | | | | | | | Since CKA_START_DATE and CKA_END_DATE are the only places where we want to parse out times, and these are optional, just leave blank if the time overflows what libc can handle on a 32-bit system. https://bugs.freedesktop.org/show_bug.cgi?id=62825
* Fix memory leaks reported by 'make leakcheck'Stef Walter2013-03-203-10/+48
|
* Fix invalid memory accesses reported by 'make memcheck'Stef Walter2013-03-201-0/+2
| | | | These are things that showed up in valgrind while running the tests.
* Add a bit of infrastructure for running valgrindStef Walter2013-03-201-2/+0
| | | | | * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking
* trust: Predictable behavior with duplicate certificates in tokenStef Walter2013-03-201-0/+127
| | | | | | | | If duplicate certificates are present in a token, we warn about this, and don't really recommend it. However we have predictable behavior where blacklist is prefered to anchor is preferred to unknown trust. https://bugs.freedesktop.org/show_bug.cgi?id=62548
* trust: Rework index to be faster and more usableStef Walter2013-03-206-45/+103
| | | | | | | | | The index now uses a sort of cross between a hash table and a bloom filter internally to select matching items. This is needed for the massive amount of lookups we want to do during loading. In addition make p11_index_find() and p11_index_replace() easier to use.
* attrs: Print out the CKA_VALUE for certificates when debuggingStef Walter2013-03-202-6/+12
| | | | | | | | While it's true that we shouldn't be pritning out CKA_VALUE in certain cases, like for keys, we obviously can do so for certificates. We don't have keys anyway, but in the interest of being general purpose use the class to determine whether CKA_VALUE can be printed
* hash: Add the murmur2 hash and start using itStef Walter2013-03-202-4/+3
| | | | | | | | | | | Add implementation of the murmur2 hash function, and start using it for our dictionaries. Our implementation is incremental like our other hash functions. Also remove p11_oid_hash() which wasn't being used. In addition fix several tests whose success was based on the way that the dictionary hashed. This was a hidden testing bug.
* hash: Rename file and functions for hashesStef Walter2013-03-202-8/+8
| | | | | We're going to be adding other hashes. Also build as part of a different common library.