From 677dee1a04058aefe8c7689f88da52afe3b4b4bb Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 15 Aug 2014 08:41:43 +0200 Subject: Move to non-recursive Makefile for building bins and libs Still use recursive for documentation and translation. --- Makefile.am | 66 +- build/Makefile.decl | 16 - build/Makefile.tests | 21 - build/certs/Makefile | 38 +- common/Makefile.am | 113 +- common/frob-getauxval.c | 61 + common/test-array.c | 209 ++ common/test-attrs.c | 757 +++++++ common/test-buffer.c | 199 ++ common/test-compat.c | 117 + common/test-constants.c | 102 + common/test-dict.c | 522 +++++ common/test-hash.c | 106 + common/test-lexer.c | 253 +++ common/test-message.c | 65 + common/test-path.c | 216 ++ common/test-tests.c | 95 + common/test-url.c | 164 ++ common/tests/Makefile.am | 39 - common/tests/frob-getauxval.c | 61 - common/tests/test-array.c | 209 -- common/tests/test-attrs.c | 757 ------- common/tests/test-buffer.c | 199 -- common/tests/test-compat.c | 117 - common/tests/test-constants.c | 102 - common/tests/test-dict.c | 522 ----- common/tests/test-hash.c | 106 - common/tests/test-lexer.c | 253 --- common/tests/test-message.c | 65 - common/tests/test-path.c | 216 -- common/tests/test-tests.c | 95 - common/tests/test-url.c | 164 -- configure.ac | 8 +- doc/manual/Makefile.am | 8 +- p11-kit/Makefile.am | 244 ++- p11-kit/fixtures/package-modules/four.module | 5 + p11-kit/fixtures/package-modules/win32/four.module | 4 + p11-kit/fixtures/system-modules/one.module | 5 + .../fixtures/system-modules/two-duplicate.module | 4 + p11-kit/fixtures/system-modules/two.badname | 6 + p11-kit/fixtures/system-modules/win32/one.module | 4 + .../system-modules/win32/two-duplicate.module | 4 + p11-kit/fixtures/system-modules/win32/two.badname | 6 + p11-kit/fixtures/system-pkcs11.conf | 6 + p11-kit/fixtures/test-1.conf | 6 + p11-kit/fixtures/test-pinfile | 1 + p11-kit/fixtures/test-pinfile-large | 53 + p11-kit/fixtures/test-system-invalid.conf | 3 + p11-kit/fixtures/test-system-merge.conf | 7 + p11-kit/fixtures/test-system-none.conf | 8 + p11-kit/fixtures/test-system-only.conf | 8 + p11-kit/fixtures/test-user-invalid.conf | 3 + p11-kit/fixtures/test-user-only.conf | 4 + p11-kit/fixtures/test-user.conf | 3 + p11-kit/fixtures/user-modules/one.module | 4 + p11-kit/fixtures/user-modules/three.module | 6 + p11-kit/fixtures/user-modules/win32/one.module | 2 + p11-kit/fixtures/user-modules/win32/three.module | 6 + p11-kit/frob-setuid.c | 95 + p11-kit/mock-module-ep.c | 54 + p11-kit/mock-module-ep2.c | 56 + p11-kit/print-messages.c | 137 ++ p11-kit/test-conf.c | 456 ++++ p11-kit/test-deprecated.c | 513 +++++ p11-kit/test-init.c | 420 ++++ p11-kit/test-iter.c | 1331 ++++++++++++ p11-kit/test-log.c | 112 + p11-kit/test-managed.c | 262 +++ p11-kit/test-mock.c | 1685 +++++++++++++++ p11-kit/test-modules.c | 415 ++++ p11-kit/test-pin.c | 313 +++ p11-kit/test-progname.c | 86 + p11-kit/test-proxy.c | 195 ++ p11-kit/test-rpc.c | 1061 ++++++++++ p11-kit/test-transport.c | 281 +++ p11-kit/test-uri.c | 1314 ++++++++++++ p11-kit/test-util.c | 59 + p11-kit/test-virtual.c | 171 ++ p11-kit/tests/Makefile.am | 91 - p11-kit/tests/files/package-modules/four.module | 5 - .../tests/files/package-modules/win32/four.module | 4 - p11-kit/tests/files/system-modules/one.module | 5 - .../files/system-modules/two-duplicate.module | 4 - p11-kit/tests/files/system-modules/two.badname | 6 - .../tests/files/system-modules/win32/one.module | 4 - .../system-modules/win32/two-duplicate.module | 4 - .../tests/files/system-modules/win32/two.badname | 6 - p11-kit/tests/files/system-pkcs11.conf | 6 - p11-kit/tests/files/test-1.conf | 6 - p11-kit/tests/files/test-pinfile | 1 - p11-kit/tests/files/test-pinfile-large | 53 - p11-kit/tests/files/test-system-invalid.conf | 3 - p11-kit/tests/files/test-system-merge.conf | 7 - p11-kit/tests/files/test-system-none.conf | 8 - p11-kit/tests/files/test-system-only.conf | 8 - p11-kit/tests/files/test-user-invalid.conf | 3 - p11-kit/tests/files/test-user-only.conf | 4 - p11-kit/tests/files/test-user.conf | 3 - p11-kit/tests/files/user-modules/one.module | 4 - p11-kit/tests/files/user-modules/three.module | 6 - p11-kit/tests/files/user-modules/win32/one.module | 2 - .../tests/files/user-modules/win32/three.module | 6 - p11-kit/tests/frob-setuid.c | 95 - p11-kit/tests/mock-module-ep.c | 54 - p11-kit/tests/mock-module-ep2.c | 56 - p11-kit/tests/print-messages.c | 137 -- p11-kit/tests/test-conf.c | 456 ---- p11-kit/tests/test-deprecated.c | 513 ----- p11-kit/tests/test-init.c | 420 ---- p11-kit/tests/test-iter.c | 1331 ------------ p11-kit/tests/test-log.c | 112 - p11-kit/tests/test-managed.c | 262 --- p11-kit/tests/test-mock.c | 1685 --------------- p11-kit/tests/test-modules.c | 415 ---- p11-kit/tests/test-pin.c | 313 --- p11-kit/tests/test-progname.c | 86 - p11-kit/tests/test-proxy.c | 195 -- p11-kit/tests/test-rpc.c | 1061 ---------- p11-kit/tests/test-transport.c | 281 --- p11-kit/tests/test-uri.c | 1314 ------------ p11-kit/tests/test-util.c | 59 - p11-kit/tests/test-virtual.c | 171 -- trust/Makefile.am | 273 ++- trust/anchor.c | 5 +- trust/enumerate.h | 5 +- trust/extract.c | 5 +- trust/fixtures/cacert-ca.der | Bin 0 -> 1857 bytes trust/fixtures/cacert3-distrust-all.pem | 44 + trust/fixtures/cacert3-distrusted-all.pem | 43 + trust/fixtures/cacert3-not-trusted.pem | 42 + trust/fixtures/cacert3-trusted-alias.pem | 42 + trust/fixtures/cacert3-trusted-keyid.pem | 42 + trust/fixtures/cacert3-trusted-server-alias.pem | 43 + trust/fixtures/cacert3-trusted.pem | 43 + trust/fixtures/cacert3-twice.pem | 84 + trust/fixtures/cacert3.der | Bin 0 -> 1885 bytes trust/fixtures/cacert3.pem | 42 + trust/fixtures/distrusted.pem | 23 + trust/fixtures/empty-file | 0 trust/fixtures/multiple.pem | 58 + trust/fixtures/openssl-trust-no-trust.pem | 27 + trust/fixtures/redhat-ca.der | Bin 0 -> 948 bytes trust/fixtures/self-signed-with-eku.der | Bin 0 -> 480 bytes trust/fixtures/self-signed-with-ku.der | Bin 0 -> 478 bytes trust/fixtures/simple-string | 1 + trust/fixtures/testing-server.der | Bin 0 -> 554 bytes trust/fixtures/thawte.pem | 25 + trust/fixtures/unrecognized-file.txt | 1 + trust/fixtures/verisign-v1.der | Bin 0 -> 576 bytes trust/fixtures/verisign-v1.pem | 15 + trust/frob-bc.c | 102 + trust/frob-cert.c | 134 ++ trust/frob-eku.c | 103 + trust/frob-ext.c | 119 ++ trust/frob-ku.c | 126 ++ trust/frob-multi-init.c | 69 + trust/frob-nss-trust.c | 221 ++ trust/frob-oid.c | 102 + trust/frob-pow.c | 57 + trust/frob-token.c | 64 + trust/input/anchors/cacert3.der | Bin 0 -> 1885 bytes trust/input/anchors/testing-ca.der | Bin 0 -> 970 bytes trust/input/blacklist/self-server.der | Bin 0 -> 396 bytes trust/input/cacert-ca.der | Bin 0 -> 1857 bytes trust/input/distrusted.pem | 23 + trust/input/verisign-v1.p11-kit | 17 + trust/list.c | 5 +- trust/test-asn1.c | 164 ++ trust/test-base64.c | 204 ++ trust/test-builder.c | 2236 ++++++++++++++++++++ trust/test-bundle.c | 237 +++ trust/test-cer.c | 247 +++ trust/test-digest.c | 143 ++ trust/test-enumerate.c | 538 +++++ trust/test-extract.in | 189 ++ trust/test-index.c | 1144 ++++++++++ trust/test-module.c | 1217 +++++++++++ trust/test-oid.c | 127 ++ trust/test-openssl.c | 662 ++++++ trust/test-parser.c | 569 +++++ trust/test-pem.c | 341 +++ trust/test-persist.c | 607 ++++++ trust/test-save.c | 595 ++++++ trust/test-token.c | 789 +++++++ trust/test-trust.c | 331 +++ trust/test-trust.h | 409 ++++ trust/test-utf8.c | 244 +++ trust/test-x509.c | 416 ++++ trust/tests/Makefile.am | 122 -- trust/tests/files/cacert-ca.der | Bin 1857 -> 0 bytes trust/tests/files/cacert3-distrust-all.pem | 44 - trust/tests/files/cacert3-distrusted-all.pem | 43 - trust/tests/files/cacert3-not-trusted.pem | 42 - trust/tests/files/cacert3-trusted-alias.pem | 42 - trust/tests/files/cacert3-trusted-keyid.pem | 42 - trust/tests/files/cacert3-trusted-server-alias.pem | 43 - trust/tests/files/cacert3-trusted.pem | 43 - trust/tests/files/cacert3-twice.pem | 84 - trust/tests/files/cacert3.der | Bin 1885 -> 0 bytes trust/tests/files/cacert3.pem | 42 - trust/tests/files/distrusted.pem | 23 - trust/tests/files/empty-file | 0 trust/tests/files/multiple.pem | 58 - trust/tests/files/openssl-trust-no-trust.pem | 27 - trust/tests/files/redhat-ca.der | Bin 948 -> 0 bytes trust/tests/files/self-signed-with-eku.der | Bin 480 -> 0 bytes trust/tests/files/self-signed-with-ku.der | Bin 478 -> 0 bytes trust/tests/files/simple-string | 1 - trust/tests/files/testing-server.der | Bin 554 -> 0 bytes trust/tests/files/thawte.pem | 25 - trust/tests/files/unrecognized-file.txt | 1 - trust/tests/files/verisign-v1.der | Bin 576 -> 0 bytes trust/tests/files/verisign-v1.pem | 15 - trust/tests/frob-bc.c | 102 - trust/tests/frob-cert.c | 134 -- trust/tests/frob-eku.c | 103 - trust/tests/frob-ext.c | 119 -- trust/tests/frob-ku.c | 126 -- trust/tests/frob-multi-init.c | 69 - trust/tests/frob-nss-trust.c | 221 -- trust/tests/frob-oid.c | 102 - trust/tests/frob-pow.c | 57 - trust/tests/frob-token.c | 64 - trust/tests/input/anchors/cacert3.der | Bin 1885 -> 0 bytes trust/tests/input/anchors/testing-ca.der | Bin 970 -> 0 bytes trust/tests/input/blacklist/self-server.der | Bin 396 -> 0 bytes trust/tests/input/cacert-ca.der | Bin 1857 -> 0 bytes trust/tests/input/distrusted.pem | 23 - trust/tests/input/verisign-v1.p11-kit | 17 - trust/tests/test-asn1.c | 164 -- trust/tests/test-base64.c | 204 -- trust/tests/test-builder.c | 2236 -------------------- trust/tests/test-bundle.c | 233 -- trust/tests/test-cer.c | 243 --- trust/tests/test-digest.c | 143 -- trust/tests/test-enumerate.c | 536 ----- trust/tests/test-extract.in | 189 -- trust/tests/test-index.c | 1144 ---------- trust/tests/test-module.c | 1217 ----------- trust/tests/test-oid.c | 127 -- trust/tests/test-openssl.c | 658 ------ trust/tests/test-parser.c | 569 ----- trust/tests/test-pem.c | 341 --- trust/tests/test-persist.c | 607 ------ trust/tests/test-save.c | 595 ------ trust/tests/test-token.c | 789 ------- trust/tests/test-trust.c | 331 --- trust/tests/test-trust.h | 409 ---- trust/tests/test-utf8.c | 244 --- trust/tests/test-x509.c | 416 ---- 250 files changed, 25705 insertions(+), 25662 deletions(-) delete mode 100644 build/Makefile.decl delete mode 100644 build/Makefile.tests create mode 100644 common/frob-getauxval.c create mode 100644 common/test-array.c create mode 100644 common/test-attrs.c create mode 100644 common/test-buffer.c create mode 100644 common/test-compat.c create mode 100644 common/test-constants.c create mode 100644 common/test-dict.c create mode 100644 common/test-hash.c create mode 100644 common/test-lexer.c create mode 100644 common/test-message.c create mode 100644 common/test-path.c create mode 100644 common/test-tests.c create mode 100644 common/test-url.c delete mode 100644 common/tests/Makefile.am delete mode 100644 common/tests/frob-getauxval.c delete mode 100644 common/tests/test-array.c delete mode 100644 common/tests/test-attrs.c delete mode 100644 common/tests/test-buffer.c delete mode 100644 common/tests/test-compat.c delete mode 100644 common/tests/test-constants.c delete mode 100644 common/tests/test-dict.c delete mode 100644 common/tests/test-hash.c delete mode 100644 common/tests/test-lexer.c delete mode 100644 common/tests/test-message.c delete mode 100644 common/tests/test-path.c delete mode 100644 common/tests/test-tests.c delete mode 100644 common/tests/test-url.c create mode 100644 p11-kit/fixtures/package-modules/four.module create mode 100644 p11-kit/fixtures/package-modules/win32/four.module create mode 100644 p11-kit/fixtures/system-modules/one.module create mode 100644 p11-kit/fixtures/system-modules/two-duplicate.module create mode 100644 p11-kit/fixtures/system-modules/two.badname create mode 100644 p11-kit/fixtures/system-modules/win32/one.module create mode 100644 p11-kit/fixtures/system-modules/win32/two-duplicate.module create mode 100644 p11-kit/fixtures/system-modules/win32/two.badname create mode 100644 p11-kit/fixtures/system-pkcs11.conf create mode 100644 p11-kit/fixtures/test-1.conf create mode 100644 p11-kit/fixtures/test-pinfile create mode 100644 p11-kit/fixtures/test-pinfile-large create mode 100644 p11-kit/fixtures/test-system-invalid.conf create mode 100644 p11-kit/fixtures/test-system-merge.conf create mode 100644 p11-kit/fixtures/test-system-none.conf create mode 100644 p11-kit/fixtures/test-system-only.conf create mode 100644 p11-kit/fixtures/test-user-invalid.conf create mode 100644 p11-kit/fixtures/test-user-only.conf create mode 100644 p11-kit/fixtures/test-user.conf create mode 100644 p11-kit/fixtures/user-modules/one.module create mode 100644 p11-kit/fixtures/user-modules/three.module create mode 100644 p11-kit/fixtures/user-modules/win32/one.module create mode 100644 p11-kit/fixtures/user-modules/win32/three.module create mode 100644 p11-kit/frob-setuid.c create mode 100644 p11-kit/mock-module-ep.c create mode 100644 p11-kit/mock-module-ep2.c create mode 100644 p11-kit/print-messages.c create mode 100644 p11-kit/test-conf.c create mode 100644 p11-kit/test-deprecated.c create mode 100644 p11-kit/test-init.c create mode 100644 p11-kit/test-iter.c create mode 100644 p11-kit/test-log.c create mode 100644 p11-kit/test-managed.c create mode 100644 p11-kit/test-mock.c create mode 100644 p11-kit/test-modules.c create mode 100644 p11-kit/test-pin.c create mode 100644 p11-kit/test-progname.c create mode 100644 p11-kit/test-proxy.c create mode 100644 p11-kit/test-rpc.c create mode 100644 p11-kit/test-transport.c create mode 100644 p11-kit/test-uri.c create mode 100644 p11-kit/test-util.c create mode 100644 p11-kit/test-virtual.c delete mode 100644 p11-kit/tests/Makefile.am delete mode 100644 p11-kit/tests/files/package-modules/four.module delete mode 100644 p11-kit/tests/files/package-modules/win32/four.module delete mode 100644 p11-kit/tests/files/system-modules/one.module delete mode 100644 p11-kit/tests/files/system-modules/two-duplicate.module delete mode 100644 p11-kit/tests/files/system-modules/two.badname delete mode 100644 p11-kit/tests/files/system-modules/win32/one.module delete mode 100644 p11-kit/tests/files/system-modules/win32/two-duplicate.module delete mode 100644 p11-kit/tests/files/system-modules/win32/two.badname delete mode 100644 p11-kit/tests/files/system-pkcs11.conf delete mode 100644 p11-kit/tests/files/test-1.conf delete mode 100644 p11-kit/tests/files/test-pinfile delete mode 100644 p11-kit/tests/files/test-pinfile-large delete mode 100644 p11-kit/tests/files/test-system-invalid.conf delete mode 100644 p11-kit/tests/files/test-system-merge.conf delete mode 100644 p11-kit/tests/files/test-system-none.conf delete mode 100644 p11-kit/tests/files/test-system-only.conf delete mode 100644 p11-kit/tests/files/test-user-invalid.conf delete mode 100644 p11-kit/tests/files/test-user-only.conf delete mode 100644 p11-kit/tests/files/test-user.conf delete mode 100644 p11-kit/tests/files/user-modules/one.module delete mode 100644 p11-kit/tests/files/user-modules/three.module delete mode 100644 p11-kit/tests/files/user-modules/win32/one.module delete mode 100644 p11-kit/tests/files/user-modules/win32/three.module delete mode 100644 p11-kit/tests/frob-setuid.c delete mode 100644 p11-kit/tests/mock-module-ep.c delete mode 100644 p11-kit/tests/mock-module-ep2.c delete mode 100644 p11-kit/tests/print-messages.c delete mode 100644 p11-kit/tests/test-conf.c delete mode 100644 p11-kit/tests/test-deprecated.c delete mode 100644 p11-kit/tests/test-init.c delete mode 100644 p11-kit/tests/test-iter.c delete mode 100644 p11-kit/tests/test-log.c delete mode 100644 p11-kit/tests/test-managed.c delete mode 100644 p11-kit/tests/test-mock.c delete mode 100644 p11-kit/tests/test-modules.c delete mode 100644 p11-kit/tests/test-pin.c delete mode 100644 p11-kit/tests/test-progname.c delete mode 100644 p11-kit/tests/test-proxy.c delete mode 100644 p11-kit/tests/test-rpc.c delete mode 100644 p11-kit/tests/test-transport.c delete mode 100644 p11-kit/tests/test-uri.c delete mode 100644 p11-kit/tests/test-util.c delete mode 100644 p11-kit/tests/test-virtual.c create mode 100644 trust/fixtures/cacert-ca.der create mode 100644 trust/fixtures/cacert3-distrust-all.pem create mode 100644 trust/fixtures/cacert3-distrusted-all.pem create mode 100644 trust/fixtures/cacert3-not-trusted.pem create mode 100644 trust/fixtures/cacert3-trusted-alias.pem create mode 100644 trust/fixtures/cacert3-trusted-keyid.pem create mode 100644 trust/fixtures/cacert3-trusted-server-alias.pem create mode 100644 trust/fixtures/cacert3-trusted.pem create mode 100644 trust/fixtures/cacert3-twice.pem create mode 100644 trust/fixtures/cacert3.der create mode 100644 trust/fixtures/cacert3.pem create mode 100644 trust/fixtures/distrusted.pem create mode 100644 trust/fixtures/empty-file create mode 100644 trust/fixtures/multiple.pem create mode 100644 trust/fixtures/openssl-trust-no-trust.pem create mode 100644 trust/fixtures/redhat-ca.der create mode 100644 trust/fixtures/self-signed-with-eku.der create mode 100644 trust/fixtures/self-signed-with-ku.der create mode 100644 trust/fixtures/simple-string create mode 100644 trust/fixtures/testing-server.der create mode 100644 trust/fixtures/thawte.pem create mode 100644 trust/fixtures/unrecognized-file.txt create mode 100644 trust/fixtures/verisign-v1.der create mode 100644 trust/fixtures/verisign-v1.pem create mode 100644 trust/frob-bc.c create mode 100644 trust/frob-cert.c create mode 100644 trust/frob-eku.c create mode 100644 trust/frob-ext.c create mode 100644 trust/frob-ku.c create mode 100644 trust/frob-multi-init.c create mode 100644 trust/frob-nss-trust.c create mode 100644 trust/frob-oid.c create mode 100644 trust/frob-pow.c create mode 100644 trust/frob-token.c create mode 100644 trust/input/anchors/cacert3.der create mode 100644 trust/input/anchors/testing-ca.der create mode 100644 trust/input/blacklist/self-server.der create mode 100644 trust/input/cacert-ca.der create mode 100644 trust/input/distrusted.pem create mode 100644 trust/input/verisign-v1.p11-kit create mode 100644 trust/test-asn1.c create mode 100644 trust/test-base64.c create mode 100644 trust/test-builder.c create mode 100644 trust/test-bundle.c create mode 100644 trust/test-cer.c create mode 100644 trust/test-digest.c create mode 100644 trust/test-enumerate.c create mode 100644 trust/test-extract.in create mode 100644 trust/test-index.c create mode 100644 trust/test-module.c create mode 100644 trust/test-oid.c create mode 100644 trust/test-openssl.c create mode 100644 trust/test-parser.c create mode 100644 trust/test-pem.c create mode 100644 trust/test-persist.c create mode 100644 trust/test-save.c create mode 100644 trust/test-token.c create mode 100644 trust/test-trust.c create mode 100644 trust/test-trust.h create mode 100644 trust/test-utf8.c create mode 100644 trust/test-x509.c delete mode 100644 trust/tests/Makefile.am delete mode 100644 trust/tests/files/cacert-ca.der delete mode 100644 trust/tests/files/cacert3-distrust-all.pem delete mode 100644 trust/tests/files/cacert3-distrusted-all.pem delete mode 100644 trust/tests/files/cacert3-not-trusted.pem delete mode 100644 trust/tests/files/cacert3-trusted-alias.pem delete mode 100644 trust/tests/files/cacert3-trusted-keyid.pem delete mode 100644 trust/tests/files/cacert3-trusted-server-alias.pem delete mode 100644 trust/tests/files/cacert3-trusted.pem delete mode 100644 trust/tests/files/cacert3-twice.pem delete mode 100644 trust/tests/files/cacert3.der delete mode 100644 trust/tests/files/cacert3.pem delete mode 100644 trust/tests/files/distrusted.pem delete mode 100644 trust/tests/files/empty-file delete mode 100644 trust/tests/files/multiple.pem delete mode 100644 trust/tests/files/openssl-trust-no-trust.pem delete mode 100644 trust/tests/files/redhat-ca.der delete mode 100644 trust/tests/files/self-signed-with-eku.der delete mode 100644 trust/tests/files/self-signed-with-ku.der delete mode 100644 trust/tests/files/simple-string delete mode 100644 trust/tests/files/testing-server.der delete mode 100644 trust/tests/files/thawte.pem delete mode 100644 trust/tests/files/unrecognized-file.txt delete mode 100644 trust/tests/files/verisign-v1.der delete mode 100644 trust/tests/files/verisign-v1.pem delete mode 100644 trust/tests/frob-bc.c delete mode 100644 trust/tests/frob-cert.c delete mode 100644 trust/tests/frob-eku.c delete mode 100644 trust/tests/frob-ext.c delete mode 100644 trust/tests/frob-ku.c delete mode 100644 trust/tests/frob-multi-init.c delete mode 100644 trust/tests/frob-nss-trust.c delete mode 100644 trust/tests/frob-oid.c delete mode 100644 trust/tests/frob-pow.c delete mode 100644 trust/tests/frob-token.c delete mode 100644 trust/tests/input/anchors/cacert3.der delete mode 100644 trust/tests/input/anchors/testing-ca.der delete mode 100644 trust/tests/input/blacklist/self-server.der delete mode 100644 trust/tests/input/cacert-ca.der delete mode 100644 trust/tests/input/distrusted.pem delete mode 100644 trust/tests/input/verisign-v1.p11-kit delete mode 100644 trust/tests/test-asn1.c delete mode 100644 trust/tests/test-base64.c delete mode 100644 trust/tests/test-builder.c delete mode 100644 trust/tests/test-bundle.c delete mode 100644 trust/tests/test-cer.c delete mode 100644 trust/tests/test-digest.c delete mode 100644 trust/tests/test-enumerate.c delete mode 100644 trust/tests/test-extract.in delete mode 100644 trust/tests/test-index.c delete mode 100644 trust/tests/test-module.c delete mode 100644 trust/tests/test-oid.c delete mode 100644 trust/tests/test-openssl.c delete mode 100644 trust/tests/test-parser.c delete mode 100644 trust/tests/test-pem.c delete mode 100644 trust/tests/test-persist.c delete mode 100644 trust/tests/test-save.c delete mode 100644 trust/tests/test-token.c delete mode 100644 trust/tests/test-trust.c delete mode 100644 trust/tests/test-trust.h delete mode 100644 trust/tests/test-utf8.c delete mode 100644 trust/tests/test-x509.c diff --git a/Makefile.am b/Makefile.am index bef51cf..9032154 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,21 +1,44 @@ -include $(top_srcdir)/build/Makefile.decl - +NULL = WEBHOST = anarchy.freedesktop.org WEBBASE = /srv/p11-glue.freedesktop.org/www +AM_CPPFLAGS = \ + -I$(top_srcdir) \ + -I$(top_srcdir)/common \ + -DBINDIR=\"$(bindir)\" \ + -DBUILDDIR=\"$(abs_builddir)\" \ + -DDATADIR=\"$(datadir)\" \ + -DPRIVATEDIR=\"$(privatedir)\" \ + -DSRCDIR=\"$(abs_srcdir)\" \ + -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DP11_KIT_FUTURE_UNSTABLE_API + +bin_PROGRAMS = + +CHECK_PROGS = + +EXTRA_DIST = HACKING + +incdir = $(includedir)/p11-kit-1/p11-kit +inc_HEADERS = + +lib_LTLIBRARIES = + +noinst_LTLIBRARIES = +noinst_PROGRAMS = $(CHECK_PROGS) +noinst_SCRIPTS = + +TESTS = $(CHECK_PROGS) + +include common/Makefile.am +include p11-kit/Makefile.am + if WITH_TRUST_MODULE -TRUST_DIR = trust -else -TRUST_DIR = +include trust/Makefile.am endif -SUBDIRS = \ - common \ - p11-kit \ - $(TRUST_DIR) \ - doc \ - po +SUBDIRS = . doc po ACLOCAL_AMFLAGS = -I build/m4 @@ -25,6 +48,22 @@ DISTCHECK_CONFIGURE_FLAGS = \ --enable-strict \ CFLAGS='-O2' + +MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet + +LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes + +HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind + +memcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(MEMCHECK_ENV)" check-TESTS + +leakcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS + +hellcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS + dist-hook: @if test -d "$(srcdir)/.git"; \ then \ @@ -64,10 +103,5 @@ upload-release: $(DIST_ARCHIVES) gpg --detach-sign --local-user 'stef@thewalter.net' $< scp $< $<.sig $(WEBHOST):$(WEBBASE)/releases/ -EXTRA_DIST = \ - build/Makefile.tests \ - build/Makefile.decl \ - HACKING - transifex: cd $(srcdir) && sh build/tx-update diff --git a/build/Makefile.decl b/build/Makefile.decl deleted file mode 100644 index 8dca4e7..0000000 --- a/build/Makefile.decl +++ /dev/null @@ -1,16 +0,0 @@ -NULL = - -memcheck: - @for dir in $(SUBDIRS); do \ - test "$$dir" = "." || $(MAKE) -C $$dir memcheck; \ - done - -leakcheck: - @for dir in $(SUBDIRS); do \ - test "$$dir" = "." || $(MAKE) -C $$dir leakcheck; \ - done - -hellcheck: - @for dir in $(SUBDIRS); do \ - test "$$dir" = "." || $(MAKE) -C $$dir hellcheck; \ - done diff --git a/build/Makefile.tests b/build/Makefile.tests deleted file mode 100644 index c26e689..0000000 --- a/build/Makefile.tests +++ /dev/null @@ -1,21 +0,0 @@ -NULL = - -TEST_CFLAGS = \ - -DSRCDIR=\"$(abs_srcdir)\" \ - -DBUILDDIR=\"$(abs_builddir)\" \ - -DP11_KIT_FUTURE_UNSTABLE_API - -MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet - -LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes - -HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind - -memcheck: all - make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(MEMCHECK_ENV)" check-TESTS - -leakcheck: all - make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS - -hellcheck: all - make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS diff --git a/build/certs/Makefile b/build/certs/Makefile index 4e61b14..033ecde 100644 --- a/build/certs/Makefile +++ b/build/certs/Makefile @@ -3,39 +3,39 @@ # We copy everything into its final location, and those test files are # distributed in the tarballs -TRUST = ../../trust/tests +TRUST = ../../trust prepare-certs: cp -v cacert3.der $(TRUST)/input/anchors - cp -v cacert3.der $(TRUST)/files - cp -v cacert3.der $(TRUST)/files - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3.pem - cat $(TRUST)/files/cacert3.pem $(TRUST)/files/cacert3.pem > $(TRUST)/files/cacert3-twice.pem - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted.pem \ + cp -v cacert3.der $(TRUST)/fixtures + cp -v cacert3.der $(TRUST)/fixtures + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3.pem + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3.pem + cat $(TRUST)/fixtures/cacert3.pem $(TRUST)/fixtures/cacert3.pem > $(TRUST)/fixtures/cacert3-twice.pem + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-trusted.pem \ -addtrust serverAuth -addreject emailProtection \ -setalias "Custom Label" - cp $(TRUST)/files/cacert3-trusted.pem $(TRUST)/files/cacert3-trusted-server-alias.pem - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted-alias.pem \ + cp $(TRUST)/fixtures/cacert3-trusted.pem $(TRUST)/fixtures/cacert3-trusted-server-alias.pem + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-trusted-alias.pem \ -setalias "Custom Label" - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-distrust-all.pem \ + openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-distrust-all.pem \ -addreject serverAuth -addreject clientAuth -addreject codeSigning \ -addreject emailProtection -addreject ipsecEndSystem -addreject ipsecTunnel \ -addreject ipsecUser -addreject timeStamping - openssl x509 -in verisign-v1.der -inform DER -out $(TRUST)/files/verisign-v1.pem \ + openssl x509 -in verisign-v1.der -inform DER -out $(TRUST)/fixtures/verisign-v1.pem \ -setalias "Custom Label" - cat $(TRUST)/files/cacert3-trusted-server-alias.pem \ - $(TRUST)/files/verisign-v1.pem > $(TRUST)/files/multiple.pem + cat $(TRUST)/fixtures/cacert3-trusted-server-alias.pem \ + $(TRUST)/fixtures/verisign-v1.pem > $(TRUST)/fixtures/multiple.pem cp -v cacert-ca.der $(TRUST)/input - cp -v cacert-ca.der $(TRUST)/files - openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/files/distrusted.pem \ + cp -v cacert-ca.der $(TRUST)/fixtures + openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/fixtures/distrusted.pem \ -addreject clientAuth -setalias "Red Hat Is the CA" - cp -v $(TRUST)/files/distrusted.pem $(TRUST)/input + cp -v $(TRUST)/fixtures/distrusted.pem $(TRUST)/input cp -v self-server.der $(TRUST)/input/blacklist - cp -v self-signed-with-eku.der $(TRUST)/files - cp -v self-signed-with-ku.der $(TRUST)/files + cp -v self-signed-with-eku.der $(TRUST)/fixtures + cp -v self-signed-with-ku.der $(TRUST)/fixtures cp -v testing-ca.der $(TRUST)/input/anchors - cp -v testing-server.der $(TRUST)/files + cp -v testing-server.der $(TRUST)/fixtures # Rebuild the self-signed certificates. This is almost never necessary and # will require other changes in the code, mostly here as documentation diff --git a/common/Makefile.am b/common/Makefile.am index 2df3915..5f185b8 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -1,15 +1,9 @@ -include $(top_srcdir)/build/Makefile.decl - -SUBDIRS = . tests - -incdir = $(includedir)/p11-kit-1/p11-kit - -inc_HEADERS = \ - pkcs11.h \ +inc_HEADERS += \ + common/pkcs11.h \ $(NULL) -noinst_LTLIBRARIES = \ +noinst_LTLIBRARIES += \ libp11-common.la \ libp11-library.la \ libp11-test.la \ @@ -17,31 +11,94 @@ noinst_LTLIBRARIES = \ $(NULL) libp11_common_la_SOURCES = \ - argv.c argv.h \ - attrs.c attrs.h \ - array.c array.h \ - buffer.c buffer.h \ - compat.c compat.h \ - constants.c constants.h \ - debug.c debug.h \ - dict.c dict.h \ - hash.c hash.h \ - lexer.c lexer.h \ - message.c message.h \ - path.c path.h \ - pkcs11.h pkcs11x.h \ - url.c url.h \ + common/argv.c common/argv.h \ + common/attrs.c common/attrs.h \ + common/array.c common/array.h \ + common/buffer.c common/buffer.h \ + common/compat.c common/compat.h \ + common/constants.c common/constants.h \ + common/debug.c common/debug.h \ + common/dict.c common/dict.h \ + common/hash.c common/hash.h \ + common/lexer.c common/lexer.h \ + common/message.c common/message.h \ + common/path.c common/path.h \ + common/pkcs11.h common/pkcs11x.h \ + common/url.c common/url.h \ $(NULL) libp11_library_la_SOURCES = \ - library.c library.h \ + common/library.c common/library.h \ $(NULL) libp11_test_la_SOURCES = \ - mock.c mock.h \ - test.c test.h \ + common/mock.c common/mock.h \ + common/test.c common/test.h \ $(NULL) libp11_tool_la_SOURCES = \ - tool.c tool.h \ - $(NULL) \ No newline at end of file + common/tool.c common/tool.h \ + $(NULL) + +# Tests ---------------------------------------------------------------- + +common_LIBS = \ + libp11-test.la \ + libp11-common.la \ + $(NULL) + +CHECK_PROGS += \ + test-tests \ + test-compat \ + test-hash \ + test-dict \ + test-array \ + test-constants \ + test-attrs \ + test-buffer \ + test-url \ + test-path \ + test-lexer \ + test-message \ + $(NULL) + +test_array_SOURCES = common/test-array.c +test_array_LDADD = $(common_LIBS) + +test_attrs_SOURCES = common/test-attrs.c +test_attrs_LDADD = $(common_LIBS) + +test_buffer_SOURCES = common/test-buffer.c +test_buffer_LDADD = $(common_LIBS) + +test_compat_SOURCES = common/test-compat.c +test_compat_LDADD = $(common_LIBS) + +test_constants_SOURCES = common/test-constants.c +test_constants_LDADD = $(common_LIBS) + +test_dict_SOURCES = common/test-dict.c +test_dict_LDADD = $(common_LIBS) + +test_hash_SOURCES = common/test-hash.c +test_hash_LDADD = $(common_LIBS) + +test_lexer_SOURCES = common/test-lexer.c +test_lexer_LDADD = $(common_LIBS) + +test_message_SOURCES = common/test-message.c +test_message_LDADD = $(common_LIBS) + +test_path_SOURCES = common/test-path.c +test_path_LDADD = $(common_LIBS) + +test_tests_SOURCES = common/test-tests.c +test_tests_LDADD = $(common_LIBS) + +test_url_SOURCES = common/test-url.c +test_url_LDADD = $(common_LIBS) + +noinst_PROGRAMS += frob-getauxval + +frob_getauxval_SOURCES = common/frob-getauxval.c +frob_getauxval_LDADD = $(common_LIBS) diff --git a/common/frob-getauxval.c b/common/frob-getauxval.c new file mode 100644 index 0000000..02745be --- /dev/null +++ b/common/frob-getauxval.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include +#include +#include +#include + +int +main (int argc, + char *argv[]) +{ + unsigned long type = 0; + unsigned long ret; + + if (argc == 2) + type = atoi (argv[1]); + + if (type == 0) { + fprintf (stderr, "usage: frob-getauxval 23"); + abort (); + } + + ret = getauxval (type); + printf ("getauxval(%lu) == %lu\n", type, ret); + return (int)ret; +} diff --git a/common/test-array.c b/common/test-array.c new file mode 100644 index 0000000..695917a --- /dev/null +++ b/common/test-array.c @@ -0,0 +1,209 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include +#include + +#include "array.h" +#include "test.h" + +static void +test_create (void) +{ + p11_array *array; + + array = p11_array_new (NULL); + assert_ptr_not_null (array); + p11_array_free (array); +} + +static void +test_free_null (void) +{ + p11_array_free (NULL); +} + +static void +destroy_value (void *data) +{ + int *value = data; + *value = 2; +} + +static void +test_free_destroys (void) +{ + p11_array *array; + int value = 0; + + array = p11_array_new (destroy_value); + assert_ptr_not_null (array); + if (!p11_array_push (array, &value)) + assert_not_reached (); + p11_array_free (array); + + assert_num_eq (2, value); +} + +static void +test_add (void) +{ + char *value = "VALUE"; + p11_array *array; + + array = p11_array_new (NULL); + if (!p11_array_push (array, value)) + assert_not_reached (); + + assert_num_eq (1, array->num); + assert_ptr_eq (array->elem[0], value); + + p11_array_free (array); +} + +static void +test_add_remove (void) +{ + char *value = "VALUE"; + p11_array *array; + + array = p11_array_new (NULL); + if (!p11_array_push (array, value)) + assert_not_reached (); + + assert_num_eq (1, array->num); + + assert_ptr_eq (array->elem[0], value); + + p11_array_remove (array, 0); + + assert_num_eq (0, array->num); + + p11_array_free (array); +} + +static void +test_remove_destroys (void) +{ + p11_array *array; + int value = 0; + + array = p11_array_new (destroy_value); + if (!p11_array_push (array, &value)) + assert_not_reached (); + + p11_array_remove (array, 0); + + assert_num_eq (2, value); + + /* should not be destroyed again */ + value = 0; + + p11_array_free (array); + + assert_num_eq (0, value); +} + +static void +test_remove_and_count (void) +{ + p11_array *array; + int *value; + int i; + + array = p11_array_new (free); + + assert_num_eq (0, array->num); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (int)); + assert (value != NULL); + *value = i; + if (!p11_array_push (array, value)) + assert_not_reached (); + assert_num_eq (i + 1, array->num); + } + + for (i = 10; i < 20000; ++i) { + p11_array_remove (array, 10); + assert_num_eq (20010 - (i + 1), array->num); + } + + assert_num_eq (10, array->num); + + p11_array_free (array); +} + +static void +test_clear_destroys (void) +{ + p11_array *array; + int value = 0; + + array = p11_array_new (destroy_value); + if (!p11_array_push (array, &value)) + assert_not_reached (); + + assert_num_eq (1, array->num); + + p11_array_clear (array); + + assert_num_eq (2, value); + assert_num_eq (0, array->num); + + /* should not be destroyed again */ + value = 0; + + p11_array_free (array); + + assert_num_eq (0, value); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_create, "/array/create"); + p11_test (test_add, "/array/add"); + p11_test (test_add_remove, "/array/add-remove"); + p11_test (test_remove_destroys, "/array/remove-destroys"); + p11_test (test_remove_and_count, "/array/remove-and-count"); + p11_test (test_free_null, "/array/free-null"); + p11_test (test_free_destroys, "/array/free-destroys"); + p11_test (test_clear_destroys, "/array/clear-destroys"); + return p11_test_run (argc, argv); +} diff --git a/common/test-attrs.c b/common/test-attrs.c new file mode 100644 index 0000000..79895e2 --- /dev/null +++ b/common/test-attrs.c @@ -0,0 +1,757 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "attrs.h" +#include "debug.h" + +static void +test_terminator (void) +{ + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_LABEL, NULL, 0 }, + { CKA_INVALID }, + }; + + assert_num_eq (true, p11_attrs_terminator (attrs + 2)); + assert_num_eq (true, p11_attrs_terminator (NULL)); + assert_num_eq (false, p11_attrs_terminator (attrs)); + assert_num_eq (false, p11_attrs_terminator (attrs + 1)); +} + +static void +test_count (void) +{ + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE empty[] = { + { CKA_INVALID }, + }; + + assert_num_eq (2, p11_attrs_count (attrs)); + assert_num_eq (0, p11_attrs_count (NULL)); + assert_num_eq (0, p11_attrs_count (empty)); +} + +static void +test_build_one (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; + + attrs = p11_attrs_build (NULL, &add, NULL); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert (attrs[1].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_two (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; + + attrs = p11_attrs_build (NULL, &one, &two, NULL); + + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_invalid (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE invalid = { CKA_INVALID }; + CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; + + attrs = p11_attrs_build (NULL, &one, &invalid, &two, NULL); + + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_buildn_two (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 } + }; + + attrs = p11_attrs_buildn (NULL, add, 2); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_buildn_one (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; + + attrs = p11_attrs_buildn (NULL, &add, 1); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert (attrs[1].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_add (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE two = { CKA_TOKEN, "\x01", 1 }; + + attrs = p11_attrs_buildn (NULL, initial, 2); + attrs = p11_attrs_build (attrs, &one, &two, NULL); + + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_TOKEN); + assert_num_eq (1, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_null (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add = { CKA_LABEL, NULL, (CK_ULONG)-1 }; + + attrs = p11_attrs_build (NULL, &add, NULL); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert (attrs->ulValueLen == (CK_ULONG)-1); + assert_ptr_eq (NULL, attrs->pValue); + + p11_attrs_free (attrs); +} + +static void +test_dup (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + attrs = p11_attrs_dup (original); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_take (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE *attrs; + + attrs = p11_attrs_buildn (NULL, initial, 2); + attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7); + attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1); + assert_ptr_not_null (attrs); + + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_TOKEN); + assert_num_eq (1, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + + +static void +test_merge_replace (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_LABEL, "boooyah", 7 }, + { CKA_APPLICATION, "disco", 5 }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + + attrs = p11_attrs_buildn (NULL, initial, 2); + merge = p11_attrs_buildn (NULL, extra, 2); + attrs = p11_attrs_merge (attrs, merge, true); + assert_ptr_not_null (attrs); + + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_APPLICATION); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "disco", 5) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_merge_empty (void) +{ + CK_ATTRIBUTE extra[] = { + { CKA_LABEL, "boooyah", 7 }, + { CKA_APPLICATION, "disco", 5 }, + }; + + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *merge; + + merge = p11_attrs_buildn (NULL, extra, 2); + attrs = p11_attrs_merge (attrs, merge, true); + assert_ptr_not_null (attrs); + assert_ptr_eq (merge, attrs); + + p11_attrs_free (attrs); +} + +static void +test_merge_augment (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_LABEL, "boooyah", 7 }, + { CKA_APPLICATION, "disco", 5 }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + + attrs = p11_attrs_buildn (NULL, initial, 2); + merge = p11_attrs_buildn (NULL, extra, 2); + attrs = p11_attrs_merge (attrs, merge, false); + assert_ptr_not_null (attrs); + + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (5, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "label", 5) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_APPLICATION); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "disco", 5) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_free_null (void) +{ + p11_attrs_free (NULL); +} + +static void +test_equal (void) +{ + char *data = "extra attribute"; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; + CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; + CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; + + assert (p11_attr_equal (&one, &one)); + assert (!p11_attr_equal (&one, NULL)); + assert (!p11_attr_equal (NULL, &one)); + assert (!p11_attr_equal (&one, &two)); + assert (!p11_attr_equal (&two, &other)); + assert (p11_attr_equal (&other, &overflow)); + assert (!p11_attr_equal (&one, &null)); + assert (!p11_attr_equal (&one, &null)); + assert (!p11_attr_equal (&other, &content)); +} + +static void +test_hash (void) +{ + char *data = "extra attribute"; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; + CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; + CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; + unsigned int hash; + + hash = p11_attr_hash (&one); + assert (hash != 0); + + assert (p11_attr_hash (&one) == hash); + assert (p11_attr_hash (&two) != hash); + assert (p11_attr_hash (&other) != hash); + assert (p11_attr_hash (&overflow) != hash); + assert (p11_attr_hash (&null) != hash); + assert (p11_attr_hash (&content) != hash); + + hash = p11_attr_hash (NULL); + assert (hash == 0); +} + +static void +test_to_string (void) +{ + char *data = "extra attribute"; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, data, 5 }, + { CKA_INVALID }, + }; + + char *string; + + + string = p11_attr_to_string (&one, CKA_INVALID); + assert_str_eq ("{ CKA_LABEL = (3) \"yay\" }", string); + free (string); + + string = p11_attrs_to_string (attrs, -1); + assert_str_eq ("(2) [ { CKA_LABEL = (3) \"yay\" }, { CKA_VALUE = (5) NOT-PRINTED } ]", string); + free (string); + + string = p11_attrs_to_string (attrs, 1); + assert_str_eq ("(1) [ { CKA_LABEL = (3) \"yay\" } ]", string); + free (string); +} + +static void +test_find (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_ATTRIBUTE *attr; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (attrs + 0, attr); + + attr = p11_attrs_find (attrs, CKA_TOKEN); + assert_ptr_eq (attrs + 1, attr); + + attr = p11_attrs_find (attrs, CKA_VALUE); + assert_ptr_eq (NULL, attr); +} + +static void +test_findn (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_ATTRIBUTE *attr; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + }; + + attr = p11_attrs_findn (attrs, 2, CKA_LABEL); + assert_ptr_eq (attrs + 0, attr); + + attr = p11_attrs_findn (attrs, 2, CKA_TOKEN); + assert_ptr_eq (attrs + 1, attr); + + attr = p11_attrs_findn (attrs, 2, CKA_VALUE); + assert_ptr_eq (NULL, attr); + + attr = p11_attrs_findn (attrs, 1, CKA_TOKEN); + assert_ptr_eq (NULL, attr); +} + +static void +test_remove (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_ATTRIBUTE *attr; + CK_ATTRIBUTE *attrs; + CK_BBOOL ret; + + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + }; + + attrs = p11_attrs_buildn (NULL, initial, 2); + assert_ptr_not_null (attrs); + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (attrs + 0, attr); + + ret = p11_attrs_remove (attrs, CKA_LABEL); + assert_num_eq (CK_TRUE, ret); + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (NULL, attr); + + ret = p11_attrs_remove (attrs, CKA_LABEL); + assert_num_eq (CK_FALSE, ret); + + p11_attrs_free (attrs); +} + +static void +test_match (void) +{ + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE subset[] = { + { CKA_LABEL, "label", 5 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE different[] = { + { CKA_LABEL, "other", 5 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_LABEL, "other", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + assert (p11_attrs_match (attrs, attrs)); + assert (p11_attrs_match (attrs, subset)); + assert (!p11_attrs_match (attrs, different)); + assert (!p11_attrs_match (attrs, extra)); +} + +static void +test_matchn (void) +{ + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE subset[] = { + { CKA_LABEL, "label", 5 }, + }; + + CK_ATTRIBUTE different[] = { + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_LABEL, "other", 5 }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_LABEL, "other", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + }; + + assert (p11_attrs_matchn (attrs, subset, 1)); + assert (!p11_attrs_matchn (attrs, different, 2)); + assert (!p11_attrs_matchn (attrs, extra, 3)); +} + +static void +test_find_bool (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_BBOOL vfalse = CK_FALSE; + CK_BBOOL value; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "\x01yy", 3 }, + { CKA_VALUE, &vtrue, (CK_ULONG)-1 }, + { CKA_TOKEN, &vtrue, sizeof (CK_BBOOL) }, + { CKA_TOKEN, &vfalse, sizeof (CK_BBOOL) }, + { CKA_INVALID }, + }; + + assert (p11_attrs_find_bool (attrs, CKA_TOKEN, &value) && value == CK_TRUE); + assert (!p11_attrs_find_bool (attrs, CKA_LABEL, &value)); + assert (!p11_attrs_find_bool (attrs, CKA_VALUE, &value)); +} + +static void +test_find_ulong (void) +{ + CK_ULONG v33 = 33UL; + CK_ULONG v45 = 45UL; + CK_ULONG value; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, &v33, 2 }, + { CKA_VALUE, &v45, (CK_ULONG)-1 }, + { CKA_BITS_PER_PIXEL, &v33, sizeof (CK_ULONG) }, + { CKA_BITS_PER_PIXEL, &v45, sizeof (CK_ULONG) }, + { CKA_INVALID }, + }; + + assert (p11_attrs_find_ulong (attrs, CKA_BITS_PER_PIXEL, &value) && value == v33); + assert (!p11_attrs_find_ulong (attrs, CKA_LABEL, &value)); + assert (!p11_attrs_find_ulong (attrs, CKA_VALUE, &value)); +} + +static void +test_find_value (void) +{ + void *value; + size_t length; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "", (CK_ULONG)-1 }, + { CKA_LABEL, NULL, 5 }, + { CKA_LABEL, "", 0 }, + { CKA_LABEL, "test", 4 }, + { CKA_VALUE, NULL, 0 }, + { CKA_INVALID }, + }; + + value = p11_attrs_find_value (attrs, CKA_LABEL, &length); + assert_ptr_eq (attrs[3].pValue, value); + assert_num_eq (4, length); + + value = p11_attrs_find_value (attrs, CKA_LABEL, NULL); + assert_ptr_eq (attrs[3].pValue, value); + + value = p11_attrs_find_value (attrs, CKA_VALUE, &length); + assert_ptr_eq (NULL, value); + + value = p11_attrs_find_value (attrs, CKA_TOKEN, &length); + assert_ptr_eq (NULL, value); +} + +static void +test_find_valid (void) +{ + CK_ATTRIBUTE *attr; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "", (CK_ULONG)-1 }, + { CKA_LABEL, NULL, 5 }, + { CKA_LABEL, "", 0 }, + { CKA_LABEL, "test", 4 }, + { CKA_VALUE, "value", 5 }, + { CKA_INVALID }, + }; + + attr = p11_attrs_find_valid (attrs, CKA_LABEL); + assert_ptr_eq (attrs + 3, attr); + + attr = p11_attrs_find_valid (attrs, CKA_VALUE); + assert_ptr_eq (attrs + 4, attr); + + attr = p11_attrs_find_valid (attrs, CKA_TOKEN); + assert_ptr_eq (NULL, attr); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_equal, "/attrs/equal"); + p11_test (test_hash, "/attrs/hash"); + p11_test (test_to_string, "/attrs/to-string"); + + p11_test (test_terminator, "/attrs/terminator"); + p11_test (test_count, "/attrs/count"); + p11_test (test_build_one, "/attrs/build-one"); + p11_test (test_build_two, "/attrs/build-two"); + p11_test (test_build_invalid, "/attrs/build-invalid"); + p11_test (test_buildn_one, "/attrs/buildn-one"); + p11_test (test_buildn_two, "/attrs/buildn-two"); + p11_test (test_build_add, "/attrs/build-add"); + p11_test (test_build_null, "/attrs/build-null"); + p11_test (test_dup, "/attrs/dup"); + p11_test (test_take, "/attrs/take"); + p11_test (test_merge_replace, "/attrs/merge-replace"); + p11_test (test_merge_augment, "/attrs/merge-augment"); + p11_test (test_merge_empty, "/attrs/merge-empty"); + p11_test (test_free_null, "/attrs/free-null"); + p11_test (test_match, "/attrs/match"); + p11_test (test_matchn, "/attrs/matchn"); + p11_test (test_find, "/attrs/find"); + p11_test (test_findn, "/attrs/findn"); + p11_test (test_find_bool, "/attrs/find-bool"); + p11_test (test_find_ulong, "/attrs/find-ulong"); + p11_test (test_find_value, "/attrs/find-value"); + p11_test (test_find_valid, "/attrs/find-valid"); + p11_test (test_remove, "/attrs/remove"); + return p11_test_run (argc, argv); +} diff --git a/common/test-buffer.c b/common/test-buffer.c new file mode 100644 index 0000000..4fd060d --- /dev/null +++ b/common/test-buffer.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "debug.h" +#include "buffer.h" + +static void +test_init_uninit (void) +{ + p11_buffer buffer; + + p11_buffer_init (&buffer, 10); + assert_ptr_not_null (buffer.data); + assert_num_eq (0, buffer.len); + assert_num_eq (0, buffer.flags); + assert (buffer.size >= 10); + assert_ptr_not_null (buffer.ffree); + assert_ptr_not_null (buffer.frealloc); + + p11_buffer_uninit (&buffer); +} + +static void +test_append (void) +{ + p11_buffer buffer; + + p11_buffer_init (&buffer, 10); + buffer.len = 5; + p11_buffer_append (&buffer, 35); + assert_num_eq (5 + 35, buffer.len); + assert (buffer.size >= 35 + 5); + + p11_buffer_append (&buffer, 15); + assert_num_eq (5 + 35 + 15, buffer.len); + assert (buffer.size >= 5 + 35 + 15); + + p11_buffer_uninit (&buffer); +} + +static void +test_null (void) +{ + p11_buffer buffer; + + p11_buffer_init_null (&buffer, 10); + p11_buffer_add (&buffer, "Blah", -1); + p11_buffer_add (&buffer, " blah", -1); + + assert_str_eq ("Blah blah", buffer.data); + + p11_buffer_uninit (&buffer); +} + +static int mock_realloced = 0; +static int mock_freed = 0; + +static void * +mock_realloc (void *data, + size_t size) +{ + mock_realloced++; + return realloc (data, size); +} + +static void +mock_free (void *data) +{ + mock_freed++; + free (data); +} + +static void +test_init_for_data (void) +{ + p11_buffer buffer; + unsigned char *ret; + size_t len; + + mock_realloced = 0; + mock_freed = 0; + + p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, 0, + mock_realloc, mock_free); + + assert_ptr_not_null (buffer.data); + assert_str_eq ("blah", (char *)buffer.data); + assert_num_eq (4, buffer.len); + assert_num_eq (0, buffer.flags); + assert_num_eq (4, buffer.size); + assert_ptr_eq (mock_free, buffer.ffree); + assert_ptr_eq (mock_realloc, buffer.frealloc); + + assert_num_eq (0, mock_realloced); + assert_num_eq (0, mock_freed); + + len = buffer.len; + ret = p11_buffer_append (&buffer, 1024); + assert_ptr_eq ((char *)buffer.data + len, ret); + assert_num_eq (1, mock_realloced); + + p11_buffer_uninit (&buffer); + assert_num_eq (1, mock_realloced); + assert_num_eq (1, mock_freed); +} + +static void +test_steal (void) +{ + p11_buffer buffer; + char *string; + size_t length; + + mock_freed = 0; + + p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, + P11_BUFFER_NULL, mock_realloc, mock_free); + + assert_ptr_not_null (buffer.data); + assert_str_eq ("blah", buffer.data); + + p11_buffer_add (&buffer, " yada", -1); + assert_str_eq ("blah yada", buffer.data); + + string = p11_buffer_steal (&buffer, &length); + p11_buffer_uninit (&buffer); + + assert_str_eq ("blah yada", string); + assert_num_eq (9, length); + assert_num_eq (0, mock_freed); + + free (string); +} + +static void +test_add (void) +{ + p11_buffer buffer; + + p11_buffer_init (&buffer, 10); + + p11_buffer_add (&buffer, (unsigned char *)"Planet Express", 15); + assert_num_eq (15, buffer.len); + assert_str_eq ("Planet Express", (char *)buffer.data); + assert (p11_buffer_ok (&buffer)); + + p11_buffer_uninit (&buffer); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_init_uninit, "/buffer/init-uninit"); + p11_test (test_init_for_data, "/buffer/init-for-data"); + p11_test (test_append, "/buffer/append"); + p11_test (test_null, "/buffer/null"); + p11_test (test_add, "/buffer/add"); + p11_test (test_steal, "/buffer/steal"); + return p11_test_run (argc, argv); +} diff --git a/common/test-compat.c b/common/test-compat.c new file mode 100644 index 0000000..42471ae --- /dev/null +++ b/common/test-compat.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include + +#include "compat.h" + +static void +test_strndup (void) +{ + char unterminated[] = { 't', 'e', 's', 't', 'e', 'r', 'o', 'n', 'i', 'o' }; + char *res; + + res = strndup (unterminated, 6); + assert_str_eq (res, "tester"); + free (res); + + res = strndup ("test", 6); + assert_str_eq (res, "test"); + free (res); +} + +#ifdef OS_UNIX + +static void +test_getauxval (void) +{ + /* 23 is AT_SECURE */ + const char *args[] = { BUILDDIR "/frob-getauxval", "23", NULL }; + char *path; + int ret; + + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 0); + + path = p11_test_copy_setgid (args[0]); + if (path == NULL) + return; + + args[0] = path; + ret = p11_test_run_child (args, true); + assert_num_cmp (ret, !=, 0); + + if (unlink (path) < 0) + assert_fail ("unlink failed", strerror (errno)); + free (path); +} + +static void +test_mmap (void) +{ + p11_mmap *map; + void *data; + size_t size; + char file[] = "emptyfileXXXXXX"; + int fd = mkstemp (file); + close (fd); + /* mmap on empty file should work */ + map = p11_mmap_open (file, NULL, &data, &size); + unlink (file); + assert_ptr_not_null (map); + p11_mmap_close (map); +} + +#endif /* OS_UNIX */ + +int +main (int argc, + char *argv[]) +{ + p11_test (test_strndup, "/compat/strndup"); +#ifdef OS_UNIX + /* Don't run this test when under fakeroot */ + if (!getenv ("FAKED_MODE")) { + p11_test (test_getauxval, "/compat/getauxval"); + } + p11_test (test_mmap, "/compat/mmap"); +#endif + return p11_test_run (argc, argv); +} diff --git a/common/test-constants.c b/common/test-constants.c new file mode 100644 index 0000000..9adc81a --- /dev/null +++ b/common/test-constants.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "attrs.h" +#include "constants.h" +#include "debug.h" + +static void +test_constants (void *arg) +{ + const p11_constant *constant = arg; + p11_dict *nicks, *names; + CK_ULONG check; + int i; + + nicks = p11_constant_reverse (true); + names = p11_constant_reverse (false); + + for (i = 1; constant[i].value != CKA_INVALID; i++) { + if (constant[i].value < constant[i - 1].value) + assert_fail ("attr constant out of order", constant[i].name); + } + for (i = 0; constant[i].value != CKA_INVALID; i++) { + assert_ptr_not_null (constant[i].name); + + if (constant[i].nick) { + assert_str_eq (constant[i].nick, + p11_constant_nick (constant, constant[i].value)); + } + + assert_str_eq (constant[i].name, + p11_constant_name (constant, constant[i].value)); + + if (constant[i].nick) { + check = p11_constant_resolve (nicks, constant[i].nick); + assert_num_eq (constant[i].value, check); + } + + check = p11_constant_resolve (names, constant[i].name); + assert_num_eq (constant[i].value, check); + } + + p11_dict_free (names); + p11_dict_free (nicks); +} + +int +main (int argc, + char *argv[]) +{ + p11_testx (test_constants, (void *)p11_constant_types, "/constants/types"); + p11_testx (test_constants, (void *)p11_constant_classes, "/constants/classes"); + p11_testx (test_constants, (void *)p11_constant_trusts, "/constants/trusts"); + p11_testx (test_constants, (void *)p11_constant_certs, "/constants/certs"); + p11_testx (test_constants, (void *)p11_constant_keys, "/constants/keys"); + p11_testx (test_constants, (void *)p11_constant_asserts, "/constants/asserts"); + p11_testx (test_constants, (void *)p11_constant_categories, "/constants/categories"); + p11_testx (test_constants, (void *)p11_constant_mechanisms, "/constants/mechanisms"); + p11_testx (test_constants, (void *)p11_constant_users, "/constants/users"); + p11_testx (test_constants, (void *)p11_constant_states, "/constants/states"); + p11_testx (test_constants, (void *)p11_constant_returns, "/constants/returns"); + + return p11_test_run (argc, argv); +} diff --git a/common/test-dict.c b/common/test-dict.c new file mode 100644 index 0000000..f12a34e --- /dev/null +++ b/common/test-dict.c @@ -0,0 +1,522 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include + +#include "dict.h" + +static void +test_create (void) +{ + p11_dict *map; + + map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + assert_ptr_not_null (map); + p11_dict_free (map); +} + +static void +test_free_null (void) +{ + p11_dict_free (NULL); +} + +typedef struct { + int value; + bool freed; +} Key; + +static unsigned int +key_hash (const void *ptr) +{ + const Key *k = ptr; + assert (!k->freed); + return p11_dict_intptr_hash (&k->value); +} + +static bool +key_equal (const void *one, + const void *two) +{ + const Key *k1 = one; + const Key *k2 = two; + assert (!k1->freed); + assert (!k2->freed); + return p11_dict_intptr_equal (&k1->value, &k2->value); +} + +static void +key_destroy (void *data) +{ + Key *k = data; + assert (!k->freed); + k->freed = true; +} + +static void +value_destroy (void *data) +{ + int *value = data; + *value = 2; +} + +static void +test_free_destroys (void) +{ + p11_dict *map; + Key key = { 8, 0 }; + int value = 0; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + p11_dict_free (map); + + assert_num_eq (true, key.freed); + assert_num_eq (2, value); +} + +static void +test_iterate (void) +{ + p11_dict *map; + p11_dictiter iter; + int key = 1; + int value = 2; + void *pkey; + void *pvalue; + int ret; + + map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + p11_dict_iterate (map, &iter); + + ret = p11_dict_next (&iter, &pkey, &pvalue); + assert_num_eq (1, ret); + assert_ptr_eq (pkey, &key); + assert_ptr_eq (pvalue, &value); + + ret = p11_dict_next (&iter, &pkey, &pvalue); + assert_num_eq (0, ret); + + p11_dict_free (map); +} + +static int +compar_strings (const void *one, + const void *two) +{ + char **p1 = (char **)one; + char **p2 = (char **)two; + return strcmp (*p1, *p2); +} + +static void +test_iterate_remove (void) +{ + p11_dict *map; + p11_dictiter iter; + char *keys[] = { "111", "222", "333" }; + char *values[] = { "444", "555", "666" }; + void *okeys[3]; + void *ovalues[3]; + bool ret; + int i; + + map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + assert_ptr_not_null (map); + + for (i = 0; i < 3; i++) { + if (!p11_dict_set (map, keys[i], values[i])) + assert_not_reached (); + } + + p11_dict_iterate (map, &iter); + + ret = p11_dict_next (&iter, &okeys[0], &ovalues[0]); + assert_num_eq (true, ret); + + ret = p11_dict_next (&iter, &okeys[1], &ovalues[1]); + assert_num_eq (true, ret); + if (!p11_dict_remove (map, okeys[1])) + assert_not_reached (); + + ret = p11_dict_next (&iter, &okeys[2], &ovalues[2]); + assert_num_eq (true, ret); + + ret = p11_dict_next (&iter, NULL, NULL); + assert_num_eq (false, ret); + + assert_num_eq (2, p11_dict_size (map)); + p11_dict_free (map); + + qsort (okeys, 3, sizeof (void *), compar_strings); + qsort (ovalues, 3, sizeof (void *), compar_strings); + + for (i = 0; i < 3; i++) { + assert_str_eq (keys[i], okeys[i]); + assert_ptr_eq (keys[i], okeys[i]); + assert_str_eq (values[i], ovalues[i]); + assert_ptr_eq (values[i], ovalues[i]); + } +} + +static void +test_set_get (void) +{ + char *key = "KEY"; + char *value = "VALUE"; + char *check; + p11_dict *map; + + map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + p11_dict_set (map, key, value); + check = p11_dict_get (map, key); + assert_ptr_eq (check, value); + + p11_dict_free (map); +} + +static void +test_set_get_remove (void) +{ + char *key = "KEY"; + char *value = "VALUE"; + char *check; + p11_dict *map; + bool ret; + + map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + + if (!p11_dict_set (map, key, value)) + assert_not_reached (); + + check = p11_dict_get (map, key); + assert_ptr_eq (check, value); + + ret = p11_dict_remove (map, key); + assert_num_eq (true, ret); + ret = p11_dict_remove (map, key); + assert_num_eq (false, ret); + + check = p11_dict_get (map, key); + assert (check == NULL); + + p11_dict_free (map); +} + +static void +test_set_clear (void) +{ + char *key = "KEY"; + char *value = "VALUE"; + char *check; + p11_dict *map; + + map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + + if (!p11_dict_set (map, key, value)) + assert_not_reached (); + + p11_dict_clear (map); + + check = p11_dict_get (map, key); + assert (check == NULL); + + p11_dict_free (map); +} + +static void +test_remove_destroys (void) +{ + p11_dict *map; + Key key = { 8, 0 }; + int value = 0; + bool ret; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + ret = p11_dict_remove (map, &key); + assert_num_eq (true, ret); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + ret = p11_dict_remove (map, &key); + assert_num_eq (false, ret); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + p11_dict_free (map); + + assert_num_eq (false, key.freed); + assert_num_eq (0, value); +} + +static void +test_set_destroys (void) +{ + p11_dict *map; + Key key = { 8, 0 }; + Key key2 = { 8, 0 }; + int value, value2; + bool ret; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting same key and value, should not be destroyed */ + ret = p11_dict_set (map, &key, &value); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value); + assert_num_eq (0, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting a new key same value, key should be destroyed */ + ret = p11_dict_set (map, &key2, &value); + assert_num_eq (true, ret); + assert_num_eq (true, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value); + assert_num_eq (0, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting same key, new value, value should be destroyed */ + ret = p11_dict_set (map, &key2, &value2); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (2, value); + assert_num_eq (0, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting new key new value, both should be destroyed */ + ret = p11_dict_set (map, &key, &value); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (true, key2.freed); + assert_num_eq (0, value); + assert_num_eq (2, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + p11_dict_free (map); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value2); +} + + +static void +test_clear_destroys (void) +{ + p11_dict *map; + Key key = { 18, 0 }; + int value = 0; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + p11_dict_clear (map); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + p11_dict_clear (map); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + p11_dict_free (map); + + assert_num_eq (false, key.freed); + assert_num_eq (0, value); +} + +static unsigned int +test_hash_intptr_with_collisions (const void *data) +{ + /* lots and lots of collisions, only returns 100 values */ + return (unsigned int)(*((int*)data) % 100); +} + +static void +test_hash_add_check_lots_and_collisions (void) +{ + p11_dict *map; + int *value; + int i; + + map = p11_dict_new (test_hash_intptr_with_collisions, + p11_dict_intptr_equal, NULL, free); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (int)); + assert (value != NULL); + *value = i; + if (!p11_dict_set (map, value, value)) + assert_not_reached (); + } + + for (i = 0; i < 20000; ++i) { + value = p11_dict_get (map, &i); + assert_ptr_not_null (value); + assert_num_eq (i, *value); + } + + p11_dict_free (map); +} + +static void +test_hash_count (void) +{ + p11_dict *map; + int *value; + int i; + bool ret; + + map = p11_dict_new (p11_dict_intptr_hash, p11_dict_intptr_equal, NULL, free); + + assert_num_eq (0, p11_dict_size (map)); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (int)); + assert (value != NULL); + *value = i; + if (!p11_dict_set (map, value, value)) + assert_not_reached (); + assert_num_eq (i + 1, p11_dict_size (map)); + } + + for (i = 0; i < 20000; ++i) { + ret = p11_dict_remove (map, &i); + assert_num_eq (true, ret); + assert_num_eq (20000 - (i + 1), p11_dict_size (map)); + } + + p11_dict_clear (map); + assert_num_eq (0, p11_dict_size (map)); + + p11_dict_free (map); +} + +static void +test_hash_ulongptr (void) +{ + p11_dict *map; + unsigned long *value; + unsigned long i; + + map = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (unsigned long)); + assert (value != NULL); + *value = i; + if (!p11_dict_set (map, value, value)) + assert_not_reached (); + } + + for (i = 0; i < 20000; ++i) { + value = p11_dict_get (map, &i); + assert_ptr_not_null (value); + assert_num_eq (i, *value); + } + + p11_dict_free (map); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_create, "/dict/create"); + p11_test (test_set_get, "/dict/set-get"); + p11_test (test_set_get_remove, "/dict/set-get-remove"); + p11_test (test_remove_destroys, "/dict/remove-destroys"); + p11_test (test_set_clear, "/dict/set-clear"); + p11_test (test_set_destroys, "/dict/set-destroys"); + p11_test (test_clear_destroys, "/dict/clear-destroys"); + p11_test (test_free_null, "/dict/free-null"); + p11_test (test_free_destroys, "/dict/free-destroys"); + p11_test (test_iterate, "/dict/iterate"); + p11_test (test_iterate_remove, "/dict/iterate-remove"); + p11_test (test_hash_add_check_lots_and_collisions, "/dict/add-check-lots-and-collisions"); + p11_test (test_hash_count, "/dict/count"); + p11_test (test_hash_ulongptr, "/dict/ulongptr"); + return p11_test_run (argc, argv); +} diff --git a/common/test-hash.c b/common/test-hash.c new file mode 100644 index 0000000..a12d5a4 --- /dev/null +++ b/common/test-hash.c @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include +#include + +#include "hash.h" + +static void +test_murmur3 (void) +{ + uint32_t one, two, four, seven, eleven, split; + + assert (sizeof (one) == P11_HASH_MURMUR3_LEN); + + p11_hash_murmur3 ((unsigned char *)&one, "one", 3, NULL); + p11_hash_murmur3 ((unsigned char *)&two, "two", 3, NULL); + p11_hash_murmur3 ((unsigned char *)&four, "four", 4, NULL); + p11_hash_murmur3 ((unsigned char *)&seven, "seven", 5, NULL); + p11_hash_murmur3 ((unsigned char *)&eleven, "eleven", 6, NULL); + p11_hash_murmur3 ((unsigned char *)&split, "ele", 3, "ven", 3, NULL); + + assert (one != two); + assert (one != four); + assert (one != seven); + assert (one != eleven); + + assert (two != four); + assert (two != seven); + assert (two != eleven); + + assert (four != seven); + assert (four != eleven); + + assert (split == eleven); +} + +static void +test_murmur3_incr (void) +{ + uint32_t first, second; + + p11_hash_murmur3 ((unsigned char *)&first, + "this is the long input!", (size_t)23, + NULL); + + p11_hash_murmur3 ((unsigned char *)&second, + "this", (size_t)4, + " ", (size_t)1, + "is ", (size_t)3, + "the long ", (size_t)9, + "in", (size_t)2, + "p", (size_t)1, + "u", (size_t)1, + "t", (size_t)1, + "!", (size_t)1, + NULL); + + assert_num_eq (first, second); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_murmur3, "/hash/murmur3"); + p11_test (test_murmur3_incr, "/hash/murmur3-incr"); + return p11_test_run (argc, argv); +} diff --git a/common/test-lexer.c b/common/test-lexer.c new file mode 100644 index 0000000..7d18e87 --- /dev/null +++ b/common/test-lexer.c @@ -0,0 +1,253 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "compat.h" +#include "debug.h" +#include "lexer.h" +#include "message.h" + +typedef struct { + int tok_type; + const char *name; + const char *value; +} expected_tok; + +static void +check_lex_msg (const char *file, + int line, + const char *function, + const expected_tok *expected, + const char *input, + bool failure) +{ + p11_lexer lexer; + size_t len; + bool failed; + int i; + + p11_lexer_init (&lexer, "test", input, strlen (input)); + for (i = 0; p11_lexer_next (&lexer, &failed); i++) { + if (expected[i].tok_type != lexer.tok_type) + p11_test_fail (file, line, function, + "lexer token type does not match: (%d != %d)", + expected[i].tok_type, lexer.tok_type); + switch (lexer.tok_type) { + case TOK_FIELD: + if (strcmp (expected[i].name, lexer.tok.field.name) != 0) + p11_test_fail (file, line, function, + "field name doesn't match: (%s != %s)", + expected[i].name, lexer.tok.field.name); + if (strcmp (expected[i].value, lexer.tok.field.value) != 0) + p11_test_fail (file, line, function, + "field value doesn't match: (%s != %s)", + expected[i].value, lexer.tok.field.value); + break; + case TOK_SECTION: + if (strcmp (expected[i].name, lexer.tok.field.name) != 0) + p11_test_fail (file, line, function, + "section name doesn't match: (%s != %s)", + expected[i].name, lexer.tok.field.name); + break; + case TOK_PEM: + len = strlen (expected[i].name); + if (lexer.tok.pem.length < len || + strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) { + p11_test_fail (file, line, function, + "wrong type of PEM block: %s", + expected[i].name); + } + break; + case TOK_EOF: + p11_test_fail (file, line, function, "eof should not be recieved"); + break; + } + } + + if (failure && !failed) + p11_test_fail (file, line, function, "lexing didn't fail"); + else if (!failure && failed) + p11_test_fail (file, line, function, "lexing failed"); + if (TOK_EOF != expected[i].tok_type) + p11_test_fail (file, line, function, "premature end of lexing"); + + p11_lexer_done (&lexer); +} + +#define check_lex_success(expected, input) \ + check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, false) + +#define check_lex_failure(expected, input) \ + check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, true) + +static void +test_basic (void) +{ + const char *input = "[the header]\n" + "field: value\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n"; + + const expected_tok expected[] = { + { TOK_SECTION, "the header" }, + { TOK_FIELD, "field", "value" }, + { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, + { TOK_EOF } + }; + + check_lex_success (expected, input); +} + +static void +test_corners (void) +{ + const char *input = "\r\n" /* blankline */ + " [the header]\r\n" /* bad line endings */ + " field: value \r\n" /* whitespace */ + "number: 2\n" /* extra space*/ + "number :3\n" /* extra space*/ + "number : 4\n" /* extra space*/ + "\n" + " # A comment \n" + "not-a-comment: # value\n" + "-----BEGIN BLOCK1-----\r\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\r\n" + "-----END BLOCK1-----"; /* no new line */ + + const expected_tok expected[] = { + { TOK_SECTION, "the header" }, + { TOK_FIELD, "field", "value" }, + { TOK_FIELD, "number", "2" }, + { TOK_FIELD, "number", "3" }, + { TOK_FIELD, "number", "4" }, + { TOK_FIELD, "not-a-comment", "# value" }, + { TOK_PEM, "-----BEGIN BLOCK1-----\r\n", }, + { TOK_EOF } + }; + + check_lex_success (expected, input); +} + +static void +test_following (void) +{ + const char *input = "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "field: value"; + + const expected_tok expected[] = { + { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, + { TOK_FIELD, "field", "value" }, + { TOK_EOF } + }; + + check_lex_success (expected, input); +} + +static void +test_bad_pem (void) +{ + const char *input = "field: value\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"; + + const expected_tok expected[] = { + { TOK_FIELD, "field", "value" }, + { TOK_EOF } + }; + + p11_message_quiet (); + + check_lex_failure (expected, input); + + p11_message_loud (); +} + +static void +test_bad_section (void) +{ + const char *input = "field: value\n" + "[section\n" + "bad]\n"; + + const expected_tok expected[] = { + { TOK_FIELD, "field", "value" }, + { TOK_EOF } + }; + + p11_message_quiet (); + + check_lex_failure (expected, input); + + p11_message_loud (); +} + +static void +test_bad_value (void) +{ + const char *input = "field_value\n" + "[section\n" + "bad]\n"; + + const expected_tok expected[] = { + { TOK_EOF } + }; + + p11_message_quiet (); + + check_lex_failure (expected, input); + + p11_message_loud (); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_basic, "/lexer/basic"); + p11_test (test_corners, "/lexer/corners"); + p11_test (test_following, "/lexer/following"); + p11_test (test_bad_pem, "/lexer/bad-pem"); + p11_test (test_bad_section, "/lexer/bad-section"); + p11_test (test_bad_value, "/lexer/bad-value"); + return p11_test_run (argc, argv); +} diff --git a/common/test-message.c b/common/test-message.c new file mode 100644 index 0000000..63ecf31 --- /dev/null +++ b/common/test-message.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "message.h" + +#include +#include + +static void +test_with_err (void) +{ + const char *last; + char *expected; + + errno = E2BIG; + p11_message_err (ENOENT, "Details: %s", "value"); + last = p11_message_last (); + + if (asprintf (&expected, "Details: value: %s", strerror (ENOENT)) < 0) + assert_not_reached (); + assert_str_eq (expected, last); + free (expected); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_with_err, "/message/with-err"); + return p11_test_run (argc, argv); +} diff --git a/common/test-path.c b/common/test-path.c new file mode 100644 index 0000000..57619c8 --- /dev/null +++ b/common/test-path.c @@ -0,0 +1,216 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "compat.h" +#include "path.h" + +static void +test_base (void) +{ + struct { + const char *in; + const char *out; + } fixtures[] = { + { "/this/is/a/path", "path" }, + { "/this/is/a/folder/", "folder" }, + { "folder/", "folder" }, + { "/", "" }, + { "this", "this" }, +#ifdef OS_WIN32 + { "\\this\\is\\a\\path", "path" }, + { "\\this\\is\\a\\folder\\", "folder" }, + { "C:\\this\\is\\a\\path", "path" }, + { "D:\\this\\is\\a\\folder\\", "folder" }, + { "folder\\", "folder" }, + { "\\", "" }, +#endif + { NULL }, + }; + + char *out; + int i; + + for (i = 0; fixtures[i].in != NULL; i++) { + out = p11_path_base (fixtures[i].in); + assert_str_eq (fixtures[i].out, out); + free (out); + } +} + +#define assert_str_eq_free(ex, ac) \ + do { const char *__s1 = (ex); \ + char *__s2 = (ac); \ + if (__s1 && __s2 && strcmp (__s1, __s2) == 0) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (%s == %s)", \ + #ex, #ac, __s1 ? __s1 : "(null)", __s2 ? __s2 : "(null)"); \ + free (__s2); \ + } while (0) + +static void +test_build (void) +{ +#ifdef OS_UNIX + assert_str_eq_free ("/root/second", + p11_path_build ("/root", "second", NULL)); + assert_str_eq_free ("/root/second", + p11_path_build ("/root", "/second", NULL)); + assert_str_eq_free ("/root/second", + p11_path_build ("/root/", "second", NULL)); + assert_str_eq_free ("/root/second/third", + p11_path_build ("/root", "second", "third", NULL)); + assert_str_eq_free ("/root/second/third", + p11_path_build ("/root", "/second/third", NULL)); +#else /* OS_WIN32 */ + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root", "second", NULL)); + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root", "\\second", NULL)); + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root\\", "second", NULL)); + assert_str_eq_free ("C:\\root\\second\\third", + p11_path_build ("C:\\root", "second", "third", NULL)); + assert_str_eq_free ("C:\\root\\second/third", + p11_path_build ("C:\\root", "second/third", NULL)); +#endif +} + +static void +test_expand (void) +{ + char *path; + +#ifdef OS_UNIX + putenv ("HOME=/home/blah"); + assert_str_eq_free ("/home/blah/my/path", + p11_path_expand ("~/my/path")); + assert_str_eq_free ("/home/blah", + p11_path_expand ("~")); + putenv ("XDG_CONFIG_HOME=/my"); + assert_str_eq_free ("/my/path", + p11_path_expand ("~/.config/path")); + putenv ("XDG_CONFIG_HOME="); + assert_str_eq_free ("/home/blah/.config/path", + p11_path_expand ("~/.config/path")); +#else /* OS_WIN32 */ + putenv ("HOME=C:\\Users\\blah"); + assert_str_eq_free ("C:\\Users\\blah\\path", + p11_path_expand ("~/my/path")); + assert_str_eq_free ("C:\\Users\\blah\\path", + p11_path_expand ("~\\path")); +#endif + + putenv("HOME="); + path = p11_path_expand ("~/this/is/my/path"); + assert (strstr (path, "this/is/my/path") != NULL); + free (path); +} + +static void +test_absolute (void) +{ +#ifdef OS_UNIX + assert (p11_path_absolute ("/home")); + assert (!p11_path_absolute ("home")); +#else /* OS_WIN32 */ + assert (p11_path_absolute ("C:\\home")); + assert (!p11_path_absolute ("home")); + assert (p11_path_absolute ("/home")); +#endif +} + +static void +test_parent (void) +{ + assert_str_eq_free ("/", p11_path_parent ("/root")); + assert_str_eq_free ("/", p11_path_parent ("/root/")); + assert_str_eq_free ("/", p11_path_parent ("/root//")); + assert_str_eq_free ("/root", p11_path_parent ("/root/second")); + assert_str_eq_free ("/root", p11_path_parent ("/root//second")); + assert_str_eq_free ("/root", p11_path_parent ("/root//second//")); + assert_str_eq_free ("/root", p11_path_parent ("/root///second")); + assert_str_eq_free ("/root/second", p11_path_parent ("/root/second/test.file")); + assert_ptr_eq (NULL, p11_path_parent ("/")); + assert_ptr_eq (NULL, p11_path_parent ("//")); + assert_ptr_eq (NULL, p11_path_parent ("")); +} + +static void +test_prefix (void) +{ + assert (p11_path_prefix ("/test/second", "/test")); + assert (!p11_path_prefix ("/test", "/test")); + assert (!p11_path_prefix ("/different/prefix", "/test")); + assert (!p11_path_prefix ("/te", "/test")); + assert (!p11_path_prefix ("/test", "/test/blah")); + assert (p11_path_prefix ("/test/other/second", "/test")); + assert (p11_path_prefix ("/test//other//second", "/test")); +} + +static void +test_canon (void) +{ + char *test; + + test = strdup ("2309haonutb;AOE@#$O "); + p11_path_canon (test); + assert_str_eq (test, "2309haonutb_AOE___O_"); + free (test); + + test = strdup ("22@# %ATI@#$onot"); + p11_path_canon (test); + assert_str_eq (test, "22____ATI___onot"); + free (test); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_base, "/path/base"); + p11_test (test_build, "/path/build"); + p11_test (test_expand, "/path/expand"); + p11_test (test_absolute, "/path/absolute"); + p11_test (test_parent, "/path/parent"); + p11_test (test_prefix, "/path/prefix"); + p11_test (test_canon, "/path/canon"); + + return p11_test_run (argc, argv); +} diff --git a/common/test-tests.c b/common/test-tests.c new file mode 100644 index 0000000..ba31d83 --- /dev/null +++ b/common/test-tests.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include + +static void +test_success (void) +{ + /* Yup, nothing */ +} + + +static void +test_failure (void) +{ + if (getenv ("TEST_FAIL")) { + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, + "Unconditional test failure due to TEST_FAIL environment variable"); + } +} + +static void +test_memory (void) +{ + char *mem; + + if (getenv ("TEST_FAIL")) { + mem = malloc (1); + assert (mem != NULL); + free (mem); + *mem = 1; + } +} + + +static void +test_leak (void) +{ + char *mem; + + if (getenv ("TEST_FAIL")) { + mem = malloc (1); + assert (mem != NULL); + *mem = 1; + } +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_success, "/test/success"); + + if (getenv ("TEST_FAIL")) { + p11_test (test_failure, "/test/failure"); + p11_test (test_memory, "/test/memory"); + p11_test (test_leak, "/test/leak"); + } + + return p11_test_run (argc, argv); +} diff --git a/common/test-url.c b/common/test-url.c new file mode 100644 index 0000000..892bf3c --- /dev/null +++ b/common/test-url.c @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "debug.h" +#include "message.h" + +#include +#include +#include +#include + +#include "url.h" + +static void +check_decode_msg (const char *file, + int line, + const char *function, + const char *input, + ssize_t input_len, + const char *expected, + size_t expected_len) +{ + unsigned char *decoded; + size_t length; + + if (input_len < 0) + input_len = strlen (input); + decoded = p11_url_decode (input, input + input_len, "", &length); + + if (expected == NULL) { + if (decoded != NULL) + p11_test_fail (file, line, function, "decoding should have failed"); + + } else { + if (decoded == NULL) + p11_test_fail (file, line, function, "decoding failed"); + if (expected_len != length) + p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", + (unsigned long)expected_len, (unsigned long)length); + if (memcmp (decoded, expected, length) != 0) + p11_test_fail (file, line, function, "decoding wrong"); + free (decoded); + } +} + +#define check_decode_success(input, input_len, expected, expected_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) + +#define check_decode_failure(input, input_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) + +static void +test_decode_success (void) +{ + check_decode_success ("%54%45%53%54%00", -1, "TEST", 5); + check_decode_success ("%54%45%53%54%00", 6, "TE", 2); + check_decode_success ("%54est%00", -1, "Test", 5); +} + +static void +test_decode_skip (void) +{ + const char *input = "%54 %45 %53 %54 %00"; + unsigned char *decoded; + size_t length; + + decoded = p11_url_decode (input, input + strlen (input), P11_URL_WHITESPACE, &length); + assert_str_eq ("TEST", (char *)decoded); + assert_num_eq (5, length); + + free (decoded); +} + +static void +test_decode_failure (void) +{ + /* Early termination */ + check_decode_failure ("%54%45%53%5", -1); + check_decode_failure ("%54%45%53%", -1); + + /* Not hex characters */ + check_decode_failure ("%54%XX%53%54%00", -1); +} + +static void +test_encode (void) +{ + const unsigned char *input = (unsigned char *)"TEST"; + p11_buffer buf; + + if (!p11_buffer_init_null (&buf, 5)) + assert_not_reached (); + + p11_url_encode (input, input + 5, "", &buf); + assert (p11_buffer_ok (&buf)); + assert_str_eq ("%54%45%53%54%00", (char *)buf.data); + assert_num_eq (15, buf.len); + + p11_buffer_uninit (&buf); +} + +static void +test_encode_verbatim (void) +{ + const unsigned char *input = (unsigned char *)"TEST"; + p11_buffer buf; + + if (!p11_buffer_init_null (&buf, 5)) + assert_not_reached (); + + p11_url_encode (input, input + 5, "ES", &buf); + assert (p11_buffer_ok (&buf)); + assert_str_eq ("%54ES%54%00", (char *)buf.data); + assert_num_eq (11, buf.len); + + p11_buffer_uninit (&buf); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_decode_success, "/url/decode-success"); + p11_test (test_decode_skip, "/url/decode-skip"); + p11_test (test_decode_failure, "/url/decode-failure"); + + p11_test (test_encode, "/url/encode"); + p11_test (test_encode_verbatim, "/url/encode-verbatim"); + return p11_test_run (argc, argv); +} diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am deleted file mode 100644 index 7bbc4ce..0000000 --- a/common/tests/Makefile.am +++ /dev/null @@ -1,39 +0,0 @@ - -include $(top_srcdir)/build/Makefile.tests - -COMMON = $(top_srcdir)/common - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(srcdir)/.. \ - -I$(COMMON) \ - -DBUILDDIR=\"$(abs_builddir)\" \ - $(TEST_CFLAGS) - -LDADD = \ - $(NULL) - -CHECK_PROGS = \ - test-tests \ - test-compat \ - test-hash \ - test-dict \ - test-array \ - test-constants \ - test-attrs \ - test-buffer \ - test-url \ - test-path \ - test-lexer \ - test-message \ - $(NULL) - -noinst_PROGRAMS = \ - frob-getauxval \ - $(CHECK_PROGS) - -TESTS = $(CHECK_PROGS) - -LDADD += \ - $(top_builddir)/common/libp11-test.la \ - $(top_builddir)/common/libp11-common.la diff --git a/common/tests/frob-getauxval.c b/common/tests/frob-getauxval.c deleted file mode 100644 index 02745be..0000000 --- a/common/tests/frob-getauxval.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include -#include -#include -#include - -int -main (int argc, - char *argv[]) -{ - unsigned long type = 0; - unsigned long ret; - - if (argc == 2) - type = atoi (argv[1]); - - if (type == 0) { - fprintf (stderr, "usage: frob-getauxval 23"); - abort (); - } - - ret = getauxval (type); - printf ("getauxval(%lu) == %lu\n", type, ret); - return (int)ret; -} diff --git a/common/tests/test-array.c b/common/tests/test-array.c deleted file mode 100644 index 695917a..0000000 --- a/common/tests/test-array.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include -#include -#include - -#include "array.h" -#include "test.h" - -static void -test_create (void) -{ - p11_array *array; - - array = p11_array_new (NULL); - assert_ptr_not_null (array); - p11_array_free (array); -} - -static void -test_free_null (void) -{ - p11_array_free (NULL); -} - -static void -destroy_value (void *data) -{ - int *value = data; - *value = 2; -} - -static void -test_free_destroys (void) -{ - p11_array *array; - int value = 0; - - array = p11_array_new (destroy_value); - assert_ptr_not_null (array); - if (!p11_array_push (array, &value)) - assert_not_reached (); - p11_array_free (array); - - assert_num_eq (2, value); -} - -static void -test_add (void) -{ - char *value = "VALUE"; - p11_array *array; - - array = p11_array_new (NULL); - if (!p11_array_push (array, value)) - assert_not_reached (); - - assert_num_eq (1, array->num); - assert_ptr_eq (array->elem[0], value); - - p11_array_free (array); -} - -static void -test_add_remove (void) -{ - char *value = "VALUE"; - p11_array *array; - - array = p11_array_new (NULL); - if (!p11_array_push (array, value)) - assert_not_reached (); - - assert_num_eq (1, array->num); - - assert_ptr_eq (array->elem[0], value); - - p11_array_remove (array, 0); - - assert_num_eq (0, array->num); - - p11_array_free (array); -} - -static void -test_remove_destroys (void) -{ - p11_array *array; - int value = 0; - - array = p11_array_new (destroy_value); - if (!p11_array_push (array, &value)) - assert_not_reached (); - - p11_array_remove (array, 0); - - assert_num_eq (2, value); - - /* should not be destroyed again */ - value = 0; - - p11_array_free (array); - - assert_num_eq (0, value); -} - -static void -test_remove_and_count (void) -{ - p11_array *array; - int *value; - int i; - - array = p11_array_new (free); - - assert_num_eq (0, array->num); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (int)); - assert (value != NULL); - *value = i; - if (!p11_array_push (array, value)) - assert_not_reached (); - assert_num_eq (i + 1, array->num); - } - - for (i = 10; i < 20000; ++i) { - p11_array_remove (array, 10); - assert_num_eq (20010 - (i + 1), array->num); - } - - assert_num_eq (10, array->num); - - p11_array_free (array); -} - -static void -test_clear_destroys (void) -{ - p11_array *array; - int value = 0; - - array = p11_array_new (destroy_value); - if (!p11_array_push (array, &value)) - assert_not_reached (); - - assert_num_eq (1, array->num); - - p11_array_clear (array); - - assert_num_eq (2, value); - assert_num_eq (0, array->num); - - /* should not be destroyed again */ - value = 0; - - p11_array_free (array); - - assert_num_eq (0, value); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_create, "/array/create"); - p11_test (test_add, "/array/add"); - p11_test (test_add_remove, "/array/add-remove"); - p11_test (test_remove_destroys, "/array/remove-destroys"); - p11_test (test_remove_and_count, "/array/remove-and-count"); - p11_test (test_free_null, "/array/free-null"); - p11_test (test_free_destroys, "/array/free-destroys"); - p11_test (test_clear_destroys, "/array/clear-destroys"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-attrs.c b/common/tests/test-attrs.c deleted file mode 100644 index 79895e2..0000000 --- a/common/tests/test-attrs.c +++ /dev/null @@ -1,757 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "attrs.h" -#include "debug.h" - -static void -test_terminator (void) -{ - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_LABEL, NULL, 0 }, - { CKA_INVALID }, - }; - - assert_num_eq (true, p11_attrs_terminator (attrs + 2)); - assert_num_eq (true, p11_attrs_terminator (NULL)); - assert_num_eq (false, p11_attrs_terminator (attrs)); - assert_num_eq (false, p11_attrs_terminator (attrs + 1)); -} - -static void -test_count (void) -{ - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE empty[] = { - { CKA_INVALID }, - }; - - assert_num_eq (2, p11_attrs_count (attrs)); - assert_num_eq (0, p11_attrs_count (NULL)); - assert_num_eq (0, p11_attrs_count (empty)); -} - -static void -test_build_one (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; - - attrs = p11_attrs_build (NULL, &add, NULL); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert (attrs[1].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_two (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; - - attrs = p11_attrs_build (NULL, &one, &two, NULL); - - assert_ptr_not_null (attrs); - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (3, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_invalid (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE invalid = { CKA_INVALID }; - CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; - - attrs = p11_attrs_build (NULL, &one, &invalid, &two, NULL); - - assert_ptr_not_null (attrs); - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (3, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_buildn_two (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 } - }; - - attrs = p11_attrs_buildn (NULL, add, 2); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_buildn_one (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; - - attrs = p11_attrs_buildn (NULL, &add, 1); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert (attrs[1].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_add (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE two = { CKA_TOKEN, "\x01", 1 }; - - attrs = p11_attrs_buildn (NULL, initial, 2); - attrs = p11_attrs_build (attrs, &one, &two, NULL); - - assert_ptr_not_null (attrs); - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (3, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_TOKEN); - assert_num_eq (1, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_null (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add = { CKA_LABEL, NULL, (CK_ULONG)-1 }; - - attrs = p11_attrs_build (NULL, &add, NULL); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert (attrs->ulValueLen == (CK_ULONG)-1); - assert_ptr_eq (NULL, attrs->pValue); - - p11_attrs_free (attrs); -} - -static void -test_dup (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - attrs = p11_attrs_dup (original); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_take (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE *attrs; - - attrs = p11_attrs_buildn (NULL, initial, 2); - attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7); - attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1); - assert_ptr_not_null (attrs); - - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_TOKEN); - assert_num_eq (1, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - - -static void -test_merge_replace (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_LABEL, "boooyah", 7 }, - { CKA_APPLICATION, "disco", 5 }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - - attrs = p11_attrs_buildn (NULL, initial, 2); - merge = p11_attrs_buildn (NULL, extra, 2); - attrs = p11_attrs_merge (attrs, merge, true); - assert_ptr_not_null (attrs); - - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_APPLICATION); - assert_num_eq (5, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "disco", 5) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_merge_empty (void) -{ - CK_ATTRIBUTE extra[] = { - { CKA_LABEL, "boooyah", 7 }, - { CKA_APPLICATION, "disco", 5 }, - }; - - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *merge; - - merge = p11_attrs_buildn (NULL, extra, 2); - attrs = p11_attrs_merge (attrs, merge, true); - assert_ptr_not_null (attrs); - assert_ptr_eq (merge, attrs); - - p11_attrs_free (attrs); -} - -static void -test_merge_augment (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_LABEL, "boooyah", 7 }, - { CKA_APPLICATION, "disco", 5 }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - - attrs = p11_attrs_buildn (NULL, initial, 2); - merge = p11_attrs_buildn (NULL, extra, 2); - attrs = p11_attrs_merge (attrs, merge, false); - assert_ptr_not_null (attrs); - - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (5, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "label", 5) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_APPLICATION); - assert_num_eq (5, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "disco", 5) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_free_null (void) -{ - p11_attrs_free (NULL); -} - -static void -test_equal (void) -{ - char *data = "extra attribute"; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; - CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; - CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; - - assert (p11_attr_equal (&one, &one)); - assert (!p11_attr_equal (&one, NULL)); - assert (!p11_attr_equal (NULL, &one)); - assert (!p11_attr_equal (&one, &two)); - assert (!p11_attr_equal (&two, &other)); - assert (p11_attr_equal (&other, &overflow)); - assert (!p11_attr_equal (&one, &null)); - assert (!p11_attr_equal (&one, &null)); - assert (!p11_attr_equal (&other, &content)); -} - -static void -test_hash (void) -{ - char *data = "extra attribute"; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; - CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; - CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; - unsigned int hash; - - hash = p11_attr_hash (&one); - assert (hash != 0); - - assert (p11_attr_hash (&one) == hash); - assert (p11_attr_hash (&two) != hash); - assert (p11_attr_hash (&other) != hash); - assert (p11_attr_hash (&overflow) != hash); - assert (p11_attr_hash (&null) != hash); - assert (p11_attr_hash (&content) != hash); - - hash = p11_attr_hash (NULL); - assert (hash == 0); -} - -static void -test_to_string (void) -{ - char *data = "extra attribute"; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, data, 5 }, - { CKA_INVALID }, - }; - - char *string; - - - string = p11_attr_to_string (&one, CKA_INVALID); - assert_str_eq ("{ CKA_LABEL = (3) \"yay\" }", string); - free (string); - - string = p11_attrs_to_string (attrs, -1); - assert_str_eq ("(2) [ { CKA_LABEL = (3) \"yay\" }, { CKA_VALUE = (5) NOT-PRINTED } ]", string); - free (string); - - string = p11_attrs_to_string (attrs, 1); - assert_str_eq ("(1) [ { CKA_LABEL = (3) \"yay\" } ]", string); - free (string); -} - -static void -test_find (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_ATTRIBUTE *attr; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - attr = p11_attrs_find (attrs, CKA_LABEL); - assert_ptr_eq (attrs + 0, attr); - - attr = p11_attrs_find (attrs, CKA_TOKEN); - assert_ptr_eq (attrs + 1, attr); - - attr = p11_attrs_find (attrs, CKA_VALUE); - assert_ptr_eq (NULL, attr); -} - -static void -test_findn (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_ATTRIBUTE *attr; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - }; - - attr = p11_attrs_findn (attrs, 2, CKA_LABEL); - assert_ptr_eq (attrs + 0, attr); - - attr = p11_attrs_findn (attrs, 2, CKA_TOKEN); - assert_ptr_eq (attrs + 1, attr); - - attr = p11_attrs_findn (attrs, 2, CKA_VALUE); - assert_ptr_eq (NULL, attr); - - attr = p11_attrs_findn (attrs, 1, CKA_TOKEN); - assert_ptr_eq (NULL, attr); -} - -static void -test_remove (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_ATTRIBUTE *attr; - CK_ATTRIBUTE *attrs; - CK_BBOOL ret; - - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - }; - - attrs = p11_attrs_buildn (NULL, initial, 2); - assert_ptr_not_null (attrs); - - attr = p11_attrs_find (attrs, CKA_LABEL); - assert_ptr_eq (attrs + 0, attr); - - ret = p11_attrs_remove (attrs, CKA_LABEL); - assert_num_eq (CK_TRUE, ret); - - attr = p11_attrs_find (attrs, CKA_LABEL); - assert_ptr_eq (NULL, attr); - - ret = p11_attrs_remove (attrs, CKA_LABEL); - assert_num_eq (CK_FALSE, ret); - - p11_attrs_free (attrs); -} - -static void -test_match (void) -{ - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE subset[] = { - { CKA_LABEL, "label", 5 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE different[] = { - { CKA_LABEL, "other", 5 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_LABEL, "other", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - assert (p11_attrs_match (attrs, attrs)); - assert (p11_attrs_match (attrs, subset)); - assert (!p11_attrs_match (attrs, different)); - assert (!p11_attrs_match (attrs, extra)); -} - -static void -test_matchn (void) -{ - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE subset[] = { - { CKA_LABEL, "label", 5 }, - }; - - CK_ATTRIBUTE different[] = { - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_LABEL, "other", 5 }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_LABEL, "other", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - }; - - assert (p11_attrs_matchn (attrs, subset, 1)); - assert (!p11_attrs_matchn (attrs, different, 2)); - assert (!p11_attrs_matchn (attrs, extra, 3)); -} - -static void -test_find_bool (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_BBOOL vfalse = CK_FALSE; - CK_BBOOL value; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "\x01yy", 3 }, - { CKA_VALUE, &vtrue, (CK_ULONG)-1 }, - { CKA_TOKEN, &vtrue, sizeof (CK_BBOOL) }, - { CKA_TOKEN, &vfalse, sizeof (CK_BBOOL) }, - { CKA_INVALID }, - }; - - assert (p11_attrs_find_bool (attrs, CKA_TOKEN, &value) && value == CK_TRUE); - assert (!p11_attrs_find_bool (attrs, CKA_LABEL, &value)); - assert (!p11_attrs_find_bool (attrs, CKA_VALUE, &value)); -} - -static void -test_find_ulong (void) -{ - CK_ULONG v33 = 33UL; - CK_ULONG v45 = 45UL; - CK_ULONG value; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, &v33, 2 }, - { CKA_VALUE, &v45, (CK_ULONG)-1 }, - { CKA_BITS_PER_PIXEL, &v33, sizeof (CK_ULONG) }, - { CKA_BITS_PER_PIXEL, &v45, sizeof (CK_ULONG) }, - { CKA_INVALID }, - }; - - assert (p11_attrs_find_ulong (attrs, CKA_BITS_PER_PIXEL, &value) && value == v33); - assert (!p11_attrs_find_ulong (attrs, CKA_LABEL, &value)); - assert (!p11_attrs_find_ulong (attrs, CKA_VALUE, &value)); -} - -static void -test_find_value (void) -{ - void *value; - size_t length; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "", (CK_ULONG)-1 }, - { CKA_LABEL, NULL, 5 }, - { CKA_LABEL, "", 0 }, - { CKA_LABEL, "test", 4 }, - { CKA_VALUE, NULL, 0 }, - { CKA_INVALID }, - }; - - value = p11_attrs_find_value (attrs, CKA_LABEL, &length); - assert_ptr_eq (attrs[3].pValue, value); - assert_num_eq (4, length); - - value = p11_attrs_find_value (attrs, CKA_LABEL, NULL); - assert_ptr_eq (attrs[3].pValue, value); - - value = p11_attrs_find_value (attrs, CKA_VALUE, &length); - assert_ptr_eq (NULL, value); - - value = p11_attrs_find_value (attrs, CKA_TOKEN, &length); - assert_ptr_eq (NULL, value); -} - -static void -test_find_valid (void) -{ - CK_ATTRIBUTE *attr; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "", (CK_ULONG)-1 }, - { CKA_LABEL, NULL, 5 }, - { CKA_LABEL, "", 0 }, - { CKA_LABEL, "test", 4 }, - { CKA_VALUE, "value", 5 }, - { CKA_INVALID }, - }; - - attr = p11_attrs_find_valid (attrs, CKA_LABEL); - assert_ptr_eq (attrs + 3, attr); - - attr = p11_attrs_find_valid (attrs, CKA_VALUE); - assert_ptr_eq (attrs + 4, attr); - - attr = p11_attrs_find_valid (attrs, CKA_TOKEN); - assert_ptr_eq (NULL, attr); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_equal, "/attrs/equal"); - p11_test (test_hash, "/attrs/hash"); - p11_test (test_to_string, "/attrs/to-string"); - - p11_test (test_terminator, "/attrs/terminator"); - p11_test (test_count, "/attrs/count"); - p11_test (test_build_one, "/attrs/build-one"); - p11_test (test_build_two, "/attrs/build-two"); - p11_test (test_build_invalid, "/attrs/build-invalid"); - p11_test (test_buildn_one, "/attrs/buildn-one"); - p11_test (test_buildn_two, "/attrs/buildn-two"); - p11_test (test_build_add, "/attrs/build-add"); - p11_test (test_build_null, "/attrs/build-null"); - p11_test (test_dup, "/attrs/dup"); - p11_test (test_take, "/attrs/take"); - p11_test (test_merge_replace, "/attrs/merge-replace"); - p11_test (test_merge_augment, "/attrs/merge-augment"); - p11_test (test_merge_empty, "/attrs/merge-empty"); - p11_test (test_free_null, "/attrs/free-null"); - p11_test (test_match, "/attrs/match"); - p11_test (test_matchn, "/attrs/matchn"); - p11_test (test_find, "/attrs/find"); - p11_test (test_findn, "/attrs/findn"); - p11_test (test_find_bool, "/attrs/find-bool"); - p11_test (test_find_ulong, "/attrs/find-ulong"); - p11_test (test_find_value, "/attrs/find-value"); - p11_test (test_find_valid, "/attrs/find-valid"); - p11_test (test_remove, "/attrs/remove"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-buffer.c b/common/tests/test-buffer.c deleted file mode 100644 index 4fd060d..0000000 --- a/common/tests/test-buffer.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "debug.h" -#include "buffer.h" - -static void -test_init_uninit (void) -{ - p11_buffer buffer; - - p11_buffer_init (&buffer, 10); - assert_ptr_not_null (buffer.data); - assert_num_eq (0, buffer.len); - assert_num_eq (0, buffer.flags); - assert (buffer.size >= 10); - assert_ptr_not_null (buffer.ffree); - assert_ptr_not_null (buffer.frealloc); - - p11_buffer_uninit (&buffer); -} - -static void -test_append (void) -{ - p11_buffer buffer; - - p11_buffer_init (&buffer, 10); - buffer.len = 5; - p11_buffer_append (&buffer, 35); - assert_num_eq (5 + 35, buffer.len); - assert (buffer.size >= 35 + 5); - - p11_buffer_append (&buffer, 15); - assert_num_eq (5 + 35 + 15, buffer.len); - assert (buffer.size >= 5 + 35 + 15); - - p11_buffer_uninit (&buffer); -} - -static void -test_null (void) -{ - p11_buffer buffer; - - p11_buffer_init_null (&buffer, 10); - p11_buffer_add (&buffer, "Blah", -1); - p11_buffer_add (&buffer, " blah", -1); - - assert_str_eq ("Blah blah", buffer.data); - - p11_buffer_uninit (&buffer); -} - -static int mock_realloced = 0; -static int mock_freed = 0; - -static void * -mock_realloc (void *data, - size_t size) -{ - mock_realloced++; - return realloc (data, size); -} - -static void -mock_free (void *data) -{ - mock_freed++; - free (data); -} - -static void -test_init_for_data (void) -{ - p11_buffer buffer; - unsigned char *ret; - size_t len; - - mock_realloced = 0; - mock_freed = 0; - - p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, 0, - mock_realloc, mock_free); - - assert_ptr_not_null (buffer.data); - assert_str_eq ("blah", (char *)buffer.data); - assert_num_eq (4, buffer.len); - assert_num_eq (0, buffer.flags); - assert_num_eq (4, buffer.size); - assert_ptr_eq (mock_free, buffer.ffree); - assert_ptr_eq (mock_realloc, buffer.frealloc); - - assert_num_eq (0, mock_realloced); - assert_num_eq (0, mock_freed); - - len = buffer.len; - ret = p11_buffer_append (&buffer, 1024); - assert_ptr_eq ((char *)buffer.data + len, ret); - assert_num_eq (1, mock_realloced); - - p11_buffer_uninit (&buffer); - assert_num_eq (1, mock_realloced); - assert_num_eq (1, mock_freed); -} - -static void -test_steal (void) -{ - p11_buffer buffer; - char *string; - size_t length; - - mock_freed = 0; - - p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, - P11_BUFFER_NULL, mock_realloc, mock_free); - - assert_ptr_not_null (buffer.data); - assert_str_eq ("blah", buffer.data); - - p11_buffer_add (&buffer, " yada", -1); - assert_str_eq ("blah yada", buffer.data); - - string = p11_buffer_steal (&buffer, &length); - p11_buffer_uninit (&buffer); - - assert_str_eq ("blah yada", string); - assert_num_eq (9, length); - assert_num_eq (0, mock_freed); - - free (string); -} - -static void -test_add (void) -{ - p11_buffer buffer; - - p11_buffer_init (&buffer, 10); - - p11_buffer_add (&buffer, (unsigned char *)"Planet Express", 15); - assert_num_eq (15, buffer.len); - assert_str_eq ("Planet Express", (char *)buffer.data); - assert (p11_buffer_ok (&buffer)); - - p11_buffer_uninit (&buffer); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_init_uninit, "/buffer/init-uninit"); - p11_test (test_init_for_data, "/buffer/init-for-data"); - p11_test (test_append, "/buffer/append"); - p11_test (test_null, "/buffer/null"); - p11_test (test_add, "/buffer/add"); - p11_test (test_steal, "/buffer/steal"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-compat.c b/common/tests/test-compat.c deleted file mode 100644 index 42471ae..0000000 --- a/common/tests/test-compat.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include - -#include "compat.h" - -static void -test_strndup (void) -{ - char unterminated[] = { 't', 'e', 's', 't', 'e', 'r', 'o', 'n', 'i', 'o' }; - char *res; - - res = strndup (unterminated, 6); - assert_str_eq (res, "tester"); - free (res); - - res = strndup ("test", 6); - assert_str_eq (res, "test"); - free (res); -} - -#ifdef OS_UNIX - -static void -test_getauxval (void) -{ - /* 23 is AT_SECURE */ - const char *args[] = { BUILDDIR "/frob-getauxval", "23", NULL }; - char *path; - int ret; - - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 0); - - path = p11_test_copy_setgid (args[0]); - if (path == NULL) - return; - - args[0] = path; - ret = p11_test_run_child (args, true); - assert_num_cmp (ret, !=, 0); - - if (unlink (path) < 0) - assert_fail ("unlink failed", strerror (errno)); - free (path); -} - -static void -test_mmap (void) -{ - p11_mmap *map; - void *data; - size_t size; - char file[] = "emptyfileXXXXXX"; - int fd = mkstemp (file); - close (fd); - /* mmap on empty file should work */ - map = p11_mmap_open (file, NULL, &data, &size); - unlink (file); - assert_ptr_not_null (map); - p11_mmap_close (map); -} - -#endif /* OS_UNIX */ - -int -main (int argc, - char *argv[]) -{ - p11_test (test_strndup, "/compat/strndup"); -#ifdef OS_UNIX - /* Don't run this test when under fakeroot */ - if (!getenv ("FAKED_MODE")) { - p11_test (test_getauxval, "/compat/getauxval"); - } - p11_test (test_mmap, "/compat/mmap"); -#endif - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-constants.c b/common/tests/test-constants.c deleted file mode 100644 index 9adc81a..0000000 --- a/common/tests/test-constants.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "attrs.h" -#include "constants.h" -#include "debug.h" - -static void -test_constants (void *arg) -{ - const p11_constant *constant = arg; - p11_dict *nicks, *names; - CK_ULONG check; - int i; - - nicks = p11_constant_reverse (true); - names = p11_constant_reverse (false); - - for (i = 1; constant[i].value != CKA_INVALID; i++) { - if (constant[i].value < constant[i - 1].value) - assert_fail ("attr constant out of order", constant[i].name); - } - for (i = 0; constant[i].value != CKA_INVALID; i++) { - assert_ptr_not_null (constant[i].name); - - if (constant[i].nick) { - assert_str_eq (constant[i].nick, - p11_constant_nick (constant, constant[i].value)); - } - - assert_str_eq (constant[i].name, - p11_constant_name (constant, constant[i].value)); - - if (constant[i].nick) { - check = p11_constant_resolve (nicks, constant[i].nick); - assert_num_eq (constant[i].value, check); - } - - check = p11_constant_resolve (names, constant[i].name); - assert_num_eq (constant[i].value, check); - } - - p11_dict_free (names); - p11_dict_free (nicks); -} - -int -main (int argc, - char *argv[]) -{ - p11_testx (test_constants, (void *)p11_constant_types, "/constants/types"); - p11_testx (test_constants, (void *)p11_constant_classes, "/constants/classes"); - p11_testx (test_constants, (void *)p11_constant_trusts, "/constants/trusts"); - p11_testx (test_constants, (void *)p11_constant_certs, "/constants/certs"); - p11_testx (test_constants, (void *)p11_constant_keys, "/constants/keys"); - p11_testx (test_constants, (void *)p11_constant_asserts, "/constants/asserts"); - p11_testx (test_constants, (void *)p11_constant_categories, "/constants/categories"); - p11_testx (test_constants, (void *)p11_constant_mechanisms, "/constants/mechanisms"); - p11_testx (test_constants, (void *)p11_constant_users, "/constants/users"); - p11_testx (test_constants, (void *)p11_constant_states, "/constants/states"); - p11_testx (test_constants, (void *)p11_constant_returns, "/constants/returns"); - - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-dict.c b/common/tests/test-dict.c deleted file mode 100644 index f12a34e..0000000 --- a/common/tests/test-dict.c +++ /dev/null @@ -1,522 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include - -#include "dict.h" - -static void -test_create (void) -{ - p11_dict *map; - - map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - assert_ptr_not_null (map); - p11_dict_free (map); -} - -static void -test_free_null (void) -{ - p11_dict_free (NULL); -} - -typedef struct { - int value; - bool freed; -} Key; - -static unsigned int -key_hash (const void *ptr) -{ - const Key *k = ptr; - assert (!k->freed); - return p11_dict_intptr_hash (&k->value); -} - -static bool -key_equal (const void *one, - const void *two) -{ - const Key *k1 = one; - const Key *k2 = two; - assert (!k1->freed); - assert (!k2->freed); - return p11_dict_intptr_equal (&k1->value, &k2->value); -} - -static void -key_destroy (void *data) -{ - Key *k = data; - assert (!k->freed); - k->freed = true; -} - -static void -value_destroy (void *data) -{ - int *value = data; - *value = 2; -} - -static void -test_free_destroys (void) -{ - p11_dict *map; - Key key = { 8, 0 }; - int value = 0; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - p11_dict_free (map); - - assert_num_eq (true, key.freed); - assert_num_eq (2, value); -} - -static void -test_iterate (void) -{ - p11_dict *map; - p11_dictiter iter; - int key = 1; - int value = 2; - void *pkey; - void *pvalue; - int ret; - - map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - p11_dict_iterate (map, &iter); - - ret = p11_dict_next (&iter, &pkey, &pvalue); - assert_num_eq (1, ret); - assert_ptr_eq (pkey, &key); - assert_ptr_eq (pvalue, &value); - - ret = p11_dict_next (&iter, &pkey, &pvalue); - assert_num_eq (0, ret); - - p11_dict_free (map); -} - -static int -compar_strings (const void *one, - const void *two) -{ - char **p1 = (char **)one; - char **p2 = (char **)two; - return strcmp (*p1, *p2); -} - -static void -test_iterate_remove (void) -{ - p11_dict *map; - p11_dictiter iter; - char *keys[] = { "111", "222", "333" }; - char *values[] = { "444", "555", "666" }; - void *okeys[3]; - void *ovalues[3]; - bool ret; - int i; - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - assert_ptr_not_null (map); - - for (i = 0; i < 3; i++) { - if (!p11_dict_set (map, keys[i], values[i])) - assert_not_reached (); - } - - p11_dict_iterate (map, &iter); - - ret = p11_dict_next (&iter, &okeys[0], &ovalues[0]); - assert_num_eq (true, ret); - - ret = p11_dict_next (&iter, &okeys[1], &ovalues[1]); - assert_num_eq (true, ret); - if (!p11_dict_remove (map, okeys[1])) - assert_not_reached (); - - ret = p11_dict_next (&iter, &okeys[2], &ovalues[2]); - assert_num_eq (true, ret); - - ret = p11_dict_next (&iter, NULL, NULL); - assert_num_eq (false, ret); - - assert_num_eq (2, p11_dict_size (map)); - p11_dict_free (map); - - qsort (okeys, 3, sizeof (void *), compar_strings); - qsort (ovalues, 3, sizeof (void *), compar_strings); - - for (i = 0; i < 3; i++) { - assert_str_eq (keys[i], okeys[i]); - assert_ptr_eq (keys[i], okeys[i]); - assert_str_eq (values[i], ovalues[i]); - assert_ptr_eq (values[i], ovalues[i]); - } -} - -static void -test_set_get (void) -{ - char *key = "KEY"; - char *value = "VALUE"; - char *check; - p11_dict *map; - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - p11_dict_set (map, key, value); - check = p11_dict_get (map, key); - assert_ptr_eq (check, value); - - p11_dict_free (map); -} - -static void -test_set_get_remove (void) -{ - char *key = "KEY"; - char *value = "VALUE"; - char *check; - p11_dict *map; - bool ret; - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - - if (!p11_dict_set (map, key, value)) - assert_not_reached (); - - check = p11_dict_get (map, key); - assert_ptr_eq (check, value); - - ret = p11_dict_remove (map, key); - assert_num_eq (true, ret); - ret = p11_dict_remove (map, key); - assert_num_eq (false, ret); - - check = p11_dict_get (map, key); - assert (check == NULL); - - p11_dict_free (map); -} - -static void -test_set_clear (void) -{ - char *key = "KEY"; - char *value = "VALUE"; - char *check; - p11_dict *map; - - map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - if (!p11_dict_set (map, key, value)) - assert_not_reached (); - - p11_dict_clear (map); - - check = p11_dict_get (map, key); - assert (check == NULL); - - p11_dict_free (map); -} - -static void -test_remove_destroys (void) -{ - p11_dict *map; - Key key = { 8, 0 }; - int value = 0; - bool ret; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - ret = p11_dict_remove (map, &key); - assert_num_eq (true, ret); - assert_num_eq (true, key.freed); - assert_num_eq (2, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - ret = p11_dict_remove (map, &key); - assert_num_eq (false, ret); - assert_num_eq (false, key.freed); - assert_num_eq (0, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - p11_dict_free (map); - - assert_num_eq (false, key.freed); - assert_num_eq (0, value); -} - -static void -test_set_destroys (void) -{ - p11_dict *map; - Key key = { 8, 0 }; - Key key2 = { 8, 0 }; - int value, value2; - bool ret; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting same key and value, should not be destroyed */ - ret = p11_dict_set (map, &key, &value); - assert_num_eq (true, ret); - assert_num_eq (false, key.freed); - assert_num_eq (false, key2.freed); - assert_num_eq (0, value); - assert_num_eq (0, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting a new key same value, key should be destroyed */ - ret = p11_dict_set (map, &key2, &value); - assert_num_eq (true, ret); - assert_num_eq (true, key.freed); - assert_num_eq (false, key2.freed); - assert_num_eq (0, value); - assert_num_eq (0, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting same key, new value, value should be destroyed */ - ret = p11_dict_set (map, &key2, &value2); - assert_num_eq (true, ret); - assert_num_eq (false, key.freed); - assert_num_eq (false, key2.freed); - assert_num_eq (2, value); - assert_num_eq (0, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting new key new value, both should be destroyed */ - ret = p11_dict_set (map, &key, &value); - assert_num_eq (true, ret); - assert_num_eq (false, key.freed); - assert_num_eq (true, key2.freed); - assert_num_eq (0, value); - assert_num_eq (2, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - p11_dict_free (map); - assert_num_eq (true, key.freed); - assert_num_eq (2, value); - assert_num_eq (false, key2.freed); - assert_num_eq (0, value2); -} - - -static void -test_clear_destroys (void) -{ - p11_dict *map; - Key key = { 18, 0 }; - int value = 0; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - p11_dict_clear (map); - assert_num_eq (true, key.freed); - assert_num_eq (2, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - p11_dict_clear (map); - assert_num_eq (false, key.freed); - assert_num_eq (0, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - p11_dict_free (map); - - assert_num_eq (false, key.freed); - assert_num_eq (0, value); -} - -static unsigned int -test_hash_intptr_with_collisions (const void *data) -{ - /* lots and lots of collisions, only returns 100 values */ - return (unsigned int)(*((int*)data) % 100); -} - -static void -test_hash_add_check_lots_and_collisions (void) -{ - p11_dict *map; - int *value; - int i; - - map = p11_dict_new (test_hash_intptr_with_collisions, - p11_dict_intptr_equal, NULL, free); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (int)); - assert (value != NULL); - *value = i; - if (!p11_dict_set (map, value, value)) - assert_not_reached (); - } - - for (i = 0; i < 20000; ++i) { - value = p11_dict_get (map, &i); - assert_ptr_not_null (value); - assert_num_eq (i, *value); - } - - p11_dict_free (map); -} - -static void -test_hash_count (void) -{ - p11_dict *map; - int *value; - int i; - bool ret; - - map = p11_dict_new (p11_dict_intptr_hash, p11_dict_intptr_equal, NULL, free); - - assert_num_eq (0, p11_dict_size (map)); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (int)); - assert (value != NULL); - *value = i; - if (!p11_dict_set (map, value, value)) - assert_not_reached (); - assert_num_eq (i + 1, p11_dict_size (map)); - } - - for (i = 0; i < 20000; ++i) { - ret = p11_dict_remove (map, &i); - assert_num_eq (true, ret); - assert_num_eq (20000 - (i + 1), p11_dict_size (map)); - } - - p11_dict_clear (map); - assert_num_eq (0, p11_dict_size (map)); - - p11_dict_free (map); -} - -static void -test_hash_ulongptr (void) -{ - p11_dict *map; - unsigned long *value; - unsigned long i; - - map = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (unsigned long)); - assert (value != NULL); - *value = i; - if (!p11_dict_set (map, value, value)) - assert_not_reached (); - } - - for (i = 0; i < 20000; ++i) { - value = p11_dict_get (map, &i); - assert_ptr_not_null (value); - assert_num_eq (i, *value); - } - - p11_dict_free (map); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_create, "/dict/create"); - p11_test (test_set_get, "/dict/set-get"); - p11_test (test_set_get_remove, "/dict/set-get-remove"); - p11_test (test_remove_destroys, "/dict/remove-destroys"); - p11_test (test_set_clear, "/dict/set-clear"); - p11_test (test_set_destroys, "/dict/set-destroys"); - p11_test (test_clear_destroys, "/dict/clear-destroys"); - p11_test (test_free_null, "/dict/free-null"); - p11_test (test_free_destroys, "/dict/free-destroys"); - p11_test (test_iterate, "/dict/iterate"); - p11_test (test_iterate_remove, "/dict/iterate-remove"); - p11_test (test_hash_add_check_lots_and_collisions, "/dict/add-check-lots-and-collisions"); - p11_test (test_hash_count, "/dict/count"); - p11_test (test_hash_ulongptr, "/dict/ulongptr"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-hash.c b/common/tests/test-hash.c deleted file mode 100644 index a12d5a4..0000000 --- a/common/tests/test-hash.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include -#include - -#include "hash.h" - -static void -test_murmur3 (void) -{ - uint32_t one, two, four, seven, eleven, split; - - assert (sizeof (one) == P11_HASH_MURMUR3_LEN); - - p11_hash_murmur3 ((unsigned char *)&one, "one", 3, NULL); - p11_hash_murmur3 ((unsigned char *)&two, "two", 3, NULL); - p11_hash_murmur3 ((unsigned char *)&four, "four", 4, NULL); - p11_hash_murmur3 ((unsigned char *)&seven, "seven", 5, NULL); - p11_hash_murmur3 ((unsigned char *)&eleven, "eleven", 6, NULL); - p11_hash_murmur3 ((unsigned char *)&split, "ele", 3, "ven", 3, NULL); - - assert (one != two); - assert (one != four); - assert (one != seven); - assert (one != eleven); - - assert (two != four); - assert (two != seven); - assert (two != eleven); - - assert (four != seven); - assert (four != eleven); - - assert (split == eleven); -} - -static void -test_murmur3_incr (void) -{ - uint32_t first, second; - - p11_hash_murmur3 ((unsigned char *)&first, - "this is the long input!", (size_t)23, - NULL); - - p11_hash_murmur3 ((unsigned char *)&second, - "this", (size_t)4, - " ", (size_t)1, - "is ", (size_t)3, - "the long ", (size_t)9, - "in", (size_t)2, - "p", (size_t)1, - "u", (size_t)1, - "t", (size_t)1, - "!", (size_t)1, - NULL); - - assert_num_eq (first, second); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_murmur3, "/hash/murmur3"); - p11_test (test_murmur3_incr, "/hash/murmur3-incr"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-lexer.c b/common/tests/test-lexer.c deleted file mode 100644 index 7d18e87..0000000 --- a/common/tests/test-lexer.c +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "compat.h" -#include "debug.h" -#include "lexer.h" -#include "message.h" - -typedef struct { - int tok_type; - const char *name; - const char *value; -} expected_tok; - -static void -check_lex_msg (const char *file, - int line, - const char *function, - const expected_tok *expected, - const char *input, - bool failure) -{ - p11_lexer lexer; - size_t len; - bool failed; - int i; - - p11_lexer_init (&lexer, "test", input, strlen (input)); - for (i = 0; p11_lexer_next (&lexer, &failed); i++) { - if (expected[i].tok_type != lexer.tok_type) - p11_test_fail (file, line, function, - "lexer token type does not match: (%d != %d)", - expected[i].tok_type, lexer.tok_type); - switch (lexer.tok_type) { - case TOK_FIELD: - if (strcmp (expected[i].name, lexer.tok.field.name) != 0) - p11_test_fail (file, line, function, - "field name doesn't match: (%s != %s)", - expected[i].name, lexer.tok.field.name); - if (strcmp (expected[i].value, lexer.tok.field.value) != 0) - p11_test_fail (file, line, function, - "field value doesn't match: (%s != %s)", - expected[i].value, lexer.tok.field.value); - break; - case TOK_SECTION: - if (strcmp (expected[i].name, lexer.tok.field.name) != 0) - p11_test_fail (file, line, function, - "section name doesn't match: (%s != %s)", - expected[i].name, lexer.tok.field.name); - break; - case TOK_PEM: - len = strlen (expected[i].name); - if (lexer.tok.pem.length < len || - strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) { - p11_test_fail (file, line, function, - "wrong type of PEM block: %s", - expected[i].name); - } - break; - case TOK_EOF: - p11_test_fail (file, line, function, "eof should not be recieved"); - break; - } - } - - if (failure && !failed) - p11_test_fail (file, line, function, "lexing didn't fail"); - else if (!failure && failed) - p11_test_fail (file, line, function, "lexing failed"); - if (TOK_EOF != expected[i].tok_type) - p11_test_fail (file, line, function, "premature end of lexing"); - - p11_lexer_done (&lexer); -} - -#define check_lex_success(expected, input) \ - check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, false) - -#define check_lex_failure(expected, input) \ - check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, true) - -static void -test_basic (void) -{ - const char *input = "[the header]\n" - "field: value\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n"; - - const expected_tok expected[] = { - { TOK_SECTION, "the header" }, - { TOK_FIELD, "field", "value" }, - { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, - { TOK_EOF } - }; - - check_lex_success (expected, input); -} - -static void -test_corners (void) -{ - const char *input = "\r\n" /* blankline */ - " [the header]\r\n" /* bad line endings */ - " field: value \r\n" /* whitespace */ - "number: 2\n" /* extra space*/ - "number :3\n" /* extra space*/ - "number : 4\n" /* extra space*/ - "\n" - " # A comment \n" - "not-a-comment: # value\n" - "-----BEGIN BLOCK1-----\r\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\r\n" - "-----END BLOCK1-----"; /* no new line */ - - const expected_tok expected[] = { - { TOK_SECTION, "the header" }, - { TOK_FIELD, "field", "value" }, - { TOK_FIELD, "number", "2" }, - { TOK_FIELD, "number", "3" }, - { TOK_FIELD, "number", "4" }, - { TOK_FIELD, "not-a-comment", "# value" }, - { TOK_PEM, "-----BEGIN BLOCK1-----\r\n", }, - { TOK_EOF } - }; - - check_lex_success (expected, input); -} - -static void -test_following (void) -{ - const char *input = "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "field: value"; - - const expected_tok expected[] = { - { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, - { TOK_FIELD, "field", "value" }, - { TOK_EOF } - }; - - check_lex_success (expected, input); -} - -static void -test_bad_pem (void) -{ - const char *input = "field: value\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"; - - const expected_tok expected[] = { - { TOK_FIELD, "field", "value" }, - { TOK_EOF } - }; - - p11_message_quiet (); - - check_lex_failure (expected, input); - - p11_message_loud (); -} - -static void -test_bad_section (void) -{ - const char *input = "field: value\n" - "[section\n" - "bad]\n"; - - const expected_tok expected[] = { - { TOK_FIELD, "field", "value" }, - { TOK_EOF } - }; - - p11_message_quiet (); - - check_lex_failure (expected, input); - - p11_message_loud (); -} - -static void -test_bad_value (void) -{ - const char *input = "field_value\n" - "[section\n" - "bad]\n"; - - const expected_tok expected[] = { - { TOK_EOF } - }; - - p11_message_quiet (); - - check_lex_failure (expected, input); - - p11_message_loud (); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_basic, "/lexer/basic"); - p11_test (test_corners, "/lexer/corners"); - p11_test (test_following, "/lexer/following"); - p11_test (test_bad_pem, "/lexer/bad-pem"); - p11_test (test_bad_section, "/lexer/bad-section"); - p11_test (test_bad_value, "/lexer/bad-value"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-message.c b/common/tests/test-message.c deleted file mode 100644 index 63ecf31..0000000 --- a/common/tests/test-message.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "message.h" - -#include -#include - -static void -test_with_err (void) -{ - const char *last; - char *expected; - - errno = E2BIG; - p11_message_err (ENOENT, "Details: %s", "value"); - last = p11_message_last (); - - if (asprintf (&expected, "Details: value: %s", strerror (ENOENT)) < 0) - assert_not_reached (); - assert_str_eq (expected, last); - free (expected); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_with_err, "/message/with-err"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-path.c b/common/tests/test-path.c deleted file mode 100644 index 57619c8..0000000 --- a/common/tests/test-path.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "compat.h" -#include "path.h" - -static void -test_base (void) -{ - struct { - const char *in; - const char *out; - } fixtures[] = { - { "/this/is/a/path", "path" }, - { "/this/is/a/folder/", "folder" }, - { "folder/", "folder" }, - { "/", "" }, - { "this", "this" }, -#ifdef OS_WIN32 - { "\\this\\is\\a\\path", "path" }, - { "\\this\\is\\a\\folder\\", "folder" }, - { "C:\\this\\is\\a\\path", "path" }, - { "D:\\this\\is\\a\\folder\\", "folder" }, - { "folder\\", "folder" }, - { "\\", "" }, -#endif - { NULL }, - }; - - char *out; - int i; - - for (i = 0; fixtures[i].in != NULL; i++) { - out = p11_path_base (fixtures[i].in); - assert_str_eq (fixtures[i].out, out); - free (out); - } -} - -#define assert_str_eq_free(ex, ac) \ - do { const char *__s1 = (ex); \ - char *__s2 = (ac); \ - if (__s1 && __s2 && strcmp (__s1, __s2) == 0) ; else \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (%s == %s)", \ - #ex, #ac, __s1 ? __s1 : "(null)", __s2 ? __s2 : "(null)"); \ - free (__s2); \ - } while (0) - -static void -test_build (void) -{ -#ifdef OS_UNIX - assert_str_eq_free ("/root/second", - p11_path_build ("/root", "second", NULL)); - assert_str_eq_free ("/root/second", - p11_path_build ("/root", "/second", NULL)); - assert_str_eq_free ("/root/second", - p11_path_build ("/root/", "second", NULL)); - assert_str_eq_free ("/root/second/third", - p11_path_build ("/root", "second", "third", NULL)); - assert_str_eq_free ("/root/second/third", - p11_path_build ("/root", "/second/third", NULL)); -#else /* OS_WIN32 */ - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root", "second", NULL)); - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root", "\\second", NULL)); - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root\\", "second", NULL)); - assert_str_eq_free ("C:\\root\\second\\third", - p11_path_build ("C:\\root", "second", "third", NULL)); - assert_str_eq_free ("C:\\root\\second/third", - p11_path_build ("C:\\root", "second/third", NULL)); -#endif -} - -static void -test_expand (void) -{ - char *path; - -#ifdef OS_UNIX - putenv ("HOME=/home/blah"); - assert_str_eq_free ("/home/blah/my/path", - p11_path_expand ("~/my/path")); - assert_str_eq_free ("/home/blah", - p11_path_expand ("~")); - putenv ("XDG_CONFIG_HOME=/my"); - assert_str_eq_free ("/my/path", - p11_path_expand ("~/.config/path")); - putenv ("XDG_CONFIG_HOME="); - assert_str_eq_free ("/home/blah/.config/path", - p11_path_expand ("~/.config/path")); -#else /* OS_WIN32 */ - putenv ("HOME=C:\\Users\\blah"); - assert_str_eq_free ("C:\\Users\\blah\\path", - p11_path_expand ("~/my/path")); - assert_str_eq_free ("C:\\Users\\blah\\path", - p11_path_expand ("~\\path")); -#endif - - putenv("HOME="); - path = p11_path_expand ("~/this/is/my/path"); - assert (strstr (path, "this/is/my/path") != NULL); - free (path); -} - -static void -test_absolute (void) -{ -#ifdef OS_UNIX - assert (p11_path_absolute ("/home")); - assert (!p11_path_absolute ("home")); -#else /* OS_WIN32 */ - assert (p11_path_absolute ("C:\\home")); - assert (!p11_path_absolute ("home")); - assert (p11_path_absolute ("/home")); -#endif -} - -static void -test_parent (void) -{ - assert_str_eq_free ("/", p11_path_parent ("/root")); - assert_str_eq_free ("/", p11_path_parent ("/root/")); - assert_str_eq_free ("/", p11_path_parent ("/root//")); - assert_str_eq_free ("/root", p11_path_parent ("/root/second")); - assert_str_eq_free ("/root", p11_path_parent ("/root//second")); - assert_str_eq_free ("/root", p11_path_parent ("/root//second//")); - assert_str_eq_free ("/root", p11_path_parent ("/root///second")); - assert_str_eq_free ("/root/second", p11_path_parent ("/root/second/test.file")); - assert_ptr_eq (NULL, p11_path_parent ("/")); - assert_ptr_eq (NULL, p11_path_parent ("//")); - assert_ptr_eq (NULL, p11_path_parent ("")); -} - -static void -test_prefix (void) -{ - assert (p11_path_prefix ("/test/second", "/test")); - assert (!p11_path_prefix ("/test", "/test")); - assert (!p11_path_prefix ("/different/prefix", "/test")); - assert (!p11_path_prefix ("/te", "/test")); - assert (!p11_path_prefix ("/test", "/test/blah")); - assert (p11_path_prefix ("/test/other/second", "/test")); - assert (p11_path_prefix ("/test//other//second", "/test")); -} - -static void -test_canon (void) -{ - char *test; - - test = strdup ("2309haonutb;AOE@#$O "); - p11_path_canon (test); - assert_str_eq (test, "2309haonutb_AOE___O_"); - free (test); - - test = strdup ("22@# %ATI@#$onot"); - p11_path_canon (test); - assert_str_eq (test, "22____ATI___onot"); - free (test); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_base, "/path/base"); - p11_test (test_build, "/path/build"); - p11_test (test_expand, "/path/expand"); - p11_test (test_absolute, "/path/absolute"); - p11_test (test_parent, "/path/parent"); - p11_test (test_prefix, "/path/prefix"); - p11_test (test_canon, "/path/canon"); - - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-tests.c b/common/tests/test-tests.c deleted file mode 100644 index ba31d83..0000000 --- a/common/tests/test-tests.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include - -static void -test_success (void) -{ - /* Yup, nothing */ -} - - -static void -test_failure (void) -{ - if (getenv ("TEST_FAIL")) { - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, - "Unconditional test failure due to TEST_FAIL environment variable"); - } -} - -static void -test_memory (void) -{ - char *mem; - - if (getenv ("TEST_FAIL")) { - mem = malloc (1); - assert (mem != NULL); - free (mem); - *mem = 1; - } -} - - -static void -test_leak (void) -{ - char *mem; - - if (getenv ("TEST_FAIL")) { - mem = malloc (1); - assert (mem != NULL); - *mem = 1; - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_success, "/test/success"); - - if (getenv ("TEST_FAIL")) { - p11_test (test_failure, "/test/failure"); - p11_test (test_memory, "/test/memory"); - p11_test (test_leak, "/test/leak"); - } - - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-url.c b/common/tests/test-url.c deleted file mode 100644 index 892bf3c..0000000 --- a/common/tests/test-url.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "message.h" - -#include -#include -#include -#include - -#include "url.h" - -static void -check_decode_msg (const char *file, - int line, - const char *function, - const char *input, - ssize_t input_len, - const char *expected, - size_t expected_len) -{ - unsigned char *decoded; - size_t length; - - if (input_len < 0) - input_len = strlen (input); - decoded = p11_url_decode (input, input + input_len, "", &length); - - if (expected == NULL) { - if (decoded != NULL) - p11_test_fail (file, line, function, "decoding should have failed"); - - } else { - if (decoded == NULL) - p11_test_fail (file, line, function, "decoding failed"); - if (expected_len != length) - p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", - (unsigned long)expected_len, (unsigned long)length); - if (memcmp (decoded, expected, length) != 0) - p11_test_fail (file, line, function, "decoding wrong"); - free (decoded); - } -} - -#define check_decode_success(input, input_len, expected, expected_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) - -#define check_decode_failure(input, input_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) - -static void -test_decode_success (void) -{ - check_decode_success ("%54%45%53%54%00", -1, "TEST", 5); - check_decode_success ("%54%45%53%54%00", 6, "TE", 2); - check_decode_success ("%54est%00", -1, "Test", 5); -} - -static void -test_decode_skip (void) -{ - const char *input = "%54 %45 %53 %54 %00"; - unsigned char *decoded; - size_t length; - - decoded = p11_url_decode (input, input + strlen (input), P11_URL_WHITESPACE, &length); - assert_str_eq ("TEST", (char *)decoded); - assert_num_eq (5, length); - - free (decoded); -} - -static void -test_decode_failure (void) -{ - /* Early termination */ - check_decode_failure ("%54%45%53%5", -1); - check_decode_failure ("%54%45%53%", -1); - - /* Not hex characters */ - check_decode_failure ("%54%XX%53%54%00", -1); -} - -static void -test_encode (void) -{ - const unsigned char *input = (unsigned char *)"TEST"; - p11_buffer buf; - - if (!p11_buffer_init_null (&buf, 5)) - assert_not_reached (); - - p11_url_encode (input, input + 5, "", &buf); - assert (p11_buffer_ok (&buf)); - assert_str_eq ("%54%45%53%54%00", (char *)buf.data); - assert_num_eq (15, buf.len); - - p11_buffer_uninit (&buf); -} - -static void -test_encode_verbatim (void) -{ - const unsigned char *input = (unsigned char *)"TEST"; - p11_buffer buf; - - if (!p11_buffer_init_null (&buf, 5)) - assert_not_reached (); - - p11_url_encode (input, input + 5, "ES", &buf); - assert (p11_buffer_ok (&buf)); - assert_str_eq ("%54ES%54%00", (char *)buf.data); - assert_num_eq (11, buf.len); - - p11_buffer_uninit (&buf); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_decode_success, "/url/decode-success"); - p11_test (test_decode_skip, "/url/decode-skip"); - p11_test (test_decode_failure, "/url/decode-failure"); - - p11_test (test_encode, "/url/encode"); - p11_test (test_encode_verbatim, "/url/encode-verbatim"); - return p11_test_run (argc, argv); -} diff --git a/configure.ac b/configure.ac index 7d738b3..f487900 100644 --- a/configure.ac +++ b/configure.ac @@ -503,19 +503,13 @@ privatedir='${libdir}/p11-kit' AC_SUBST(privatedir) AC_CONFIG_FILES([Makefile - common/Makefile - common/tests/Makefile doc/Makefile doc/manual/Makefile po/Makefile.in - p11-kit/Makefile - p11-kit/tests/Makefile p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example - trust/Makefile trust/trust-extract-compat - trust/tests/Makefile - trust/tests/test-extract + trust/test-extract ]) AC_OUTPUT diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index dc15075..300fc3f 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -102,10 +102,10 @@ expand_content_files= $(generate_files) GTKDOC_LIBS= # Hacks around gtk-doc brokenness for out of tree builds -p11-kit-sections.txt: $(srcdir)/p11-kit-sections.txt - cp $(srcdir)/p11-kit-sections.txt p11-kit-sections.txt -p11-kit-overrides.txt: $(srcdir)/p11-kit-overrides.txt - cp $(srcdir)/p11-kit-overrides.txt p11-kit-overrides.txt +$(builddir)/p11-kit-sections.txt: $(srcdir)/p11-kit-sections.txt + cp $(srcdir)/p11-kit-sections.txt $(builddir)/p11-kit-sections.txt +$(builddir)/p11-kit-overrides.txt: $(srcdir)/p11-kit-overrides.txt + cp $(srcdir)/p11-kit-overrides.txt $(builddir)/p11-kit-overrides.txt # Generate our files with variables sysdir.xml: diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am index dd2716d..b4b4886 100644 --- a/p11-kit/Makefile.am +++ b/p11-kit/Makefile.am @@ -1,51 +1,34 @@ -include $(top_srcdir)/build/Makefile.decl - -SUBDIRS = . tests - -COMMON = $(top_srcdir)/common - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(COMMON) \ - -DSRCDIR=\"$(srcdir)\" \ - -DBINDIR=\"$(bindir)\" \ - -DPRIVATEDIR=\"$(privatedir)\" \ - -DP11_KIT_FUTURE_UNSTABLE_API \ - $(NULL) - -incdir = $(includedir)/p11-kit-1/p11-kit - -inc_HEADERS = \ - deprecated.h \ - iter.h \ - p11-kit.h \ - pin.h \ - remote.h \ - uri.h \ +inc_HEADERS += \ + p11-kit/deprecated.h \ + p11-kit/iter.h \ + p11-kit/p11-kit.h \ + p11-kit/pin.h \ + p11-kit/remote.h \ + p11-kit/uri.h \ $(NULL) MODULE_SRCS = \ - util.c \ - conf.c conf.h \ - iter.c \ - log.c log.h \ - modules.c modules.h \ - pkcs11.h \ - pin.c \ - pkcs11.h \ - proxy.c proxy.h \ - private.h \ - messages.c \ - remote.c \ - rpc-transport.c rpc.h \ - rpc-message.c rpc-message.h \ - rpc-client.c rpc-server.c \ - uri.c \ - virtual.c virtual.h \ + p11-kit/util.c \ + p11-kit/conf.c p11-kit/conf.h \ + p11-kit/iter.c \ + p11-kit/log.c p11-kit/log.h \ + p11-kit/modules.c p11-kit/modules.h \ + p11-kit/pkcs11.h \ + p11-kit/pin.c \ + p11-kit/pkcs11.h \ + p11-kit/private.h \ + p11-kit/proxy.c p11-kit/proxy.h \ + p11-kit/messages.c \ + p11-kit/remote.c \ + p11-kit/rpc-transport.c p11-kit/rpc.h \ + p11-kit/rpc-message.c p11-kit/rpc-message.h \ + p11-kit/rpc-client.c p11-kit/rpc-server.c \ + p11-kit/uri.c \ + p11-kit/virtual.c p11-kit/virtual.h \ $(inc_HEADERS) -lib_LTLIBRARIES = \ +lib_LTLIBRARIES += \ libp11-kit.la libp11_kit_la_CFLAGS = \ @@ -66,13 +49,13 @@ libp11_kit_la_LDFLAGS = \ libp11_kit_la_SOURCES = $(MODULE_SRCS) libp11_kit_la_LIBADD = \ - $(top_builddir)/common/libp11-common.la \ - $(top_builddir)/common/libp11-library.la \ + libp11-common.la \ + libp11-library.la \ $(LIBFFI_LIBS) \ $(LTLIBINTL) \ $(NULL) -noinst_LTLIBRARIES = \ +noinst_LTLIBRARIES += \ libp11-kit-testable.la libp11_kit_testable_la_LDFLAGS = -no-undefined @@ -82,24 +65,24 @@ libp11_kit_testable_la_LIBADD = $(libp11_kit_la_LIBADD) if OS_WIN32 libp11_kit_testable_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/system-pkcs11.conf"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/system-modules/win32"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/package-modules/win32"\" \ - -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/user-pkcs11.conf"\" \ - -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/user-modules/win32"\" \ - -DP11_MODULE_PATH=\""$(abs_top_builddir)/p11-kit/tests/.libs"\" \ + -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ + -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules/win32"\" \ + -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules/win32"\" \ + -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ + -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules/win32"\" \ + -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ $(LIBFFI_CFLAGS) \ $(NULL) else libp11_kit_testable_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/system-pkcs11.conf"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/system-modules"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/package-modules"\" \ - -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/user-pkcs11.conf"\" \ - -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/user-modules"\" \ - -DP11_MODULE_PATH=\""$(abs_top_builddir)/p11-kit/tests/.libs"\" \ + -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ + -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules"\" \ + -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules"\" \ + -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ + -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules"\" \ + -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ $(LIBFFI_CFLAGS) \ $(NULL) @@ -111,31 +94,144 @@ install-exec-hook: endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = p11-kit-1.pc +pkgconfig_DATA = p11-kit/p11-kit-1.pc exampledir = $(p11_system_config) -example_DATA = pkcs11.conf.example +example_DATA = p11-kit/pkcs11.conf.example -EXTRA_DIST = \ - p11-kit-1.pc.in \ - pkcs11.conf.example.in \ - docs.h \ +EXTRA_DIST += \ + p11-kit/p11-kit-1.pc.in \ + p11-kit/pkcs11.conf.example.in \ + p11-kit/docs.h \ $(NULL) -bin_PROGRAMS = \ - p11-kit - -p11_kit_SOURCES = \ - lists.c \ - p11-kit.c \ - $(NULL) +bin_PROGRAMS += p11-kit/p11-kit -p11_kit_CFLAGS = \ +p11_kit_p11_kit_SOURCES = \ + p11-kit/lists.c \ + p11-kit/p11-kit.c \ $(NULL) -p11_kit_LDADD = \ +p11_kit_p11_kit_LDADD = \ libp11-kit.la \ - $(top_builddir)/common/libp11-tool.la \ - $(top_builddir)/common/libp11-common.la \ + libp11-tool.la \ + libp11-common.la \ $(LTLIBINTL) \ $(NULL) + +# Tests ---------------------------------------------------------------- + +p11_kit_LIBS = \ + libp11-kit-testable.la \ + libp11-test.la \ + libp11-common.la \ + $(LTLIBINTL) + +CHECK_PROGS += \ + test-progname \ + test-util \ + test-conf \ + test-uri \ + test-pin \ + test-init \ + test-modules \ + test-deprecated \ + test-proxy \ + test-iter \ + test-rpc \ + $(NULL) + +test_conf_SOURCES = p11-kit/test-conf.c +test_conf_LDADD = $(p11_kit_LIBS) + +test_deprecated_SOURCES = p11-kit/test-deprecated.c +test_deprecated_LDADD = $(p11_kit_LIBS) + +test_init_SOURCES = p11-kit/test-init.c +test_init_LDADD = $(p11_kit_LIBS) + +test_iter_SOURCES = p11-kit/test-iter.c +test_iter_LDADD = $(p11_kit_LIBS) + +test_modules_SOURCES = p11-kit/test-modules.c +test_modules_LDADD = $(p11_kit_LIBS) + +test_pin_SOURCES = p11-kit/test-pin.c +test_pin_LDADD = $(p11_kit_LIBS) + +test_progname_SOURCES = p11-kit/test-progname.c +test_progname_LDADD = $(p11_kit_LIBS) + +test_proxy_SOURCES = p11-kit/test-proxy.c +test_proxy_LDADD = $(p11_kit_LIBS) + +test_rpc_SOURCES = p11-kit/test-rpc.c +test_rpc_LDADD = $(p11_kit_LIBS) + +test_uri_SOURCES = p11-kit/test-uri.c +test_uri_LDADD = $(p11_kit_LIBS) + +test_util_SOURCES = p11-kit/test-util.c +test_util_LDADD = $(p11_kit_LIBS) + +noinst_PROGRAMS += \ + print-messages \ + frob-setuid + +print_messages_SOURCES = p11-kit/print-messages.c +print_messages_LDADD = $(p11_kit_LIBS) + +frob_setuid_SOURCES = p11-kit/frob-setuid.c +frob_setuid_LDADD = $(p11_kit_LIBS) + +if WITH_FFI + +CHECK_PROGS += \ + test-virtual \ + test-managed \ + test-log \ + test-transport \ + $(NULL) + +test_log_SOURCES = p11-kit/test-log.c +test_log_LDADD = $(p11_kit_LIBS) + +test_managed_SOURCES = p11-kit/test-managed.c +test_managed_LDADD = $(p11_kit_LIBS) + +test_transport_SOURCES = p11-kit/test-transport.c +test_transport_LDADD = $(p11_kit_LIBS) + +test_virtual_SOURCES = p11-kit/test-virtual.c +test_virtual_LDADD = $(p11_kit_LIBS) + +endif + +noinst_LTLIBRARIES += \ + mock-one.la \ + mock-two.la \ + mock-three.la \ + mock-four.la + +mock_one_la_SOURCES = p11-kit/mock-module-ep.c +mock_one_la_LIBADD = libp11-test.la libp11-common.la +mock_one_la_LDFLAGS = \ + -module -avoid-version -rpath /nowhere \ + -no-undefined -export-symbols-regex 'C_GetFunctionList' + +mock_two_la_SOURCES = p11-kit/mock-module-ep2.c +mock_two_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_two_la_LIBADD = $(mock_one_la_LIBADD) + +mock_three_la_SOURCES = $(mock_one_la_SOURCES) +mock_three_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_three_la_LIBADD = $(mock_one_la_LIBADD) + +mock_four_la_SOURCES = $(mock_one_la_SOURCES) +mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_four_la_LIBADD = $(mock_one_la_LIBADD) + +EXTRA_DIST += \ + p11-kit/fixtures \ + p11-kit/test-mock.c \ + $(NULL) diff --git a/p11-kit/fixtures/package-modules/four.module b/p11-kit/fixtures/package-modules/four.module new file mode 100644 index 0000000..933af2b --- /dev/null +++ b/p11-kit/fixtures/package-modules/four.module @@ -0,0 +1,5 @@ + +module: mock-four.so +disable-in: test-disable, test-other +priority: 4 +trust-policy: no \ No newline at end of file diff --git a/p11-kit/fixtures/package-modules/win32/four.module b/p11-kit/fixtures/package-modules/win32/four.module new file mode 100644 index 0000000..6dc87c9 --- /dev/null +++ b/p11-kit/fixtures/package-modules/win32/four.module @@ -0,0 +1,4 @@ + +module: mock-four.dll +disable-in: test-disable, test-other +priority: 4 \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/one.module b/p11-kit/fixtures/system-modules/one.module new file mode 100644 index 0000000..5f49a8f --- /dev/null +++ b/p11-kit/fixtures/system-modules/one.module @@ -0,0 +1,5 @@ + +module: mock-one.so +setting: system1 +trust-policy: yes +number: 18 diff --git a/p11-kit/fixtures/system-modules/two-duplicate.module b/p11-kit/fixtures/system-modules/two-duplicate.module new file mode 100644 index 0000000..756af69 --- /dev/null +++ b/p11-kit/fixtures/system-modules/two-duplicate.module @@ -0,0 +1,4 @@ + +# This is a duplicate of the 'two' module +module: mock-two.so +# no priority, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/two.badname b/p11-kit/fixtures/system-modules/two.badname new file mode 100644 index 0000000..eec3af0 --- /dev/null +++ b/p11-kit/fixtures/system-modules/two.badname @@ -0,0 +1,6 @@ +# This module doesn't have a .module extension, but p11-kit doesn't yet +# enforce the naming, just warns, so it should still be loaded + +module: mock-two.so +setting: system2 +# no priority, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/one.module b/p11-kit/fixtures/system-modules/win32/one.module new file mode 100644 index 0000000..d153ce5 --- /dev/null +++ b/p11-kit/fixtures/system-modules/win32/one.module @@ -0,0 +1,4 @@ + +module: mock-one.dll +setting: system1 +# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/two-duplicate.module b/p11-kit/fixtures/system-modules/win32/two-duplicate.module new file mode 100644 index 0000000..54ef1cc --- /dev/null +++ b/p11-kit/fixtures/system-modules/win32/two-duplicate.module @@ -0,0 +1,4 @@ + +# This is a duplicate of the 'two' module +module: mock-two.dll +# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/two.badname b/p11-kit/fixtures/system-modules/win32/two.badname new file mode 100644 index 0000000..af63cf9 --- /dev/null +++ b/p11-kit/fixtures/system-modules/win32/two.badname @@ -0,0 +1,6 @@ +# This module doesn't have a .module extension, but p11-kit doesn't yet +# enforce the naming, just warns, so it should still be loaded + +module: mock-two.dll +setting: system2 +# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-pkcs11.conf b/p11-kit/fixtures/system-pkcs11.conf new file mode 100644 index 0000000..a3aa273 --- /dev/null +++ b/p11-kit/fixtures/system-pkcs11.conf @@ -0,0 +1,6 @@ + +# Merge in user config +user-config: merge + +# Another option +new: world \ No newline at end of file diff --git a/p11-kit/fixtures/test-1.conf b/p11-kit/fixtures/test-1.conf new file mode 100644 index 0000000..d4ae0a1 --- /dev/null +++ b/p11-kit/fixtures/test-1.conf @@ -0,0 +1,6 @@ +key1:value1 +with-whitespace : value-with-whitespace +with-colon: value-of-colon + +# A comment +embedded-comment: this is # not a comment diff --git a/p11-kit/fixtures/test-pinfile b/p11-kit/fixtures/test-pinfile new file mode 100644 index 0000000..f646f3d --- /dev/null +++ b/p11-kit/fixtures/test-pinfile @@ -0,0 +1 @@ +yogabbagabba \ No newline at end of file diff --git a/p11-kit/fixtures/test-pinfile-large b/p11-kit/fixtures/test-pinfile-large new file mode 100644 index 0000000..506668d --- /dev/null +++ b/p11-kit/fixtures/test-pinfile-large @@ -0,0 +1,53 @@ +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yo \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-invalid.conf b/p11-kit/fixtures/test-system-invalid.conf new file mode 100644 index 0000000..344ee96 --- /dev/null +++ b/p11-kit/fixtures/test-system-invalid.conf @@ -0,0 +1,3 @@ + +# Invalid user-config setting +user-config: bad diff --git a/p11-kit/fixtures/test-system-merge.conf b/p11-kit/fixtures/test-system-merge.conf new file mode 100644 index 0000000..978427d --- /dev/null +++ b/p11-kit/fixtures/test-system-merge.conf @@ -0,0 +1,7 @@ + +# Merge in user config +user-config: merge + +key1: system1 +key2: system2 +key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-none.conf b/p11-kit/fixtures/test-system-none.conf new file mode 100644 index 0000000..95351e6 --- /dev/null +++ b/p11-kit/fixtures/test-system-none.conf @@ -0,0 +1,8 @@ + +# Only user config +user-config: none + +# These values will not be overriden +key1: system1 +key2: system2 +key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-only.conf b/p11-kit/fixtures/test-system-only.conf new file mode 100644 index 0000000..589f1c7 --- /dev/null +++ b/p11-kit/fixtures/test-system-only.conf @@ -0,0 +1,8 @@ + +# Only user config +user-config: only + +# This stuff will be ignored +key1: system1 +key2: system2 +key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-user-invalid.conf b/p11-kit/fixtures/test-user-invalid.conf new file mode 100644 index 0000000..344ee96 --- /dev/null +++ b/p11-kit/fixtures/test-user-invalid.conf @@ -0,0 +1,3 @@ + +# Invalid user-config setting +user-config: bad diff --git a/p11-kit/fixtures/test-user-only.conf b/p11-kit/fixtures/test-user-only.conf new file mode 100644 index 0000000..3224c01 --- /dev/null +++ b/p11-kit/fixtures/test-user-only.conf @@ -0,0 +1,4 @@ + +user-config: only +key2: user2 +key3: user3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-user.conf b/p11-kit/fixtures/test-user.conf new file mode 100644 index 0000000..369544a --- /dev/null +++ b/p11-kit/fixtures/test-user.conf @@ -0,0 +1,3 @@ + +key2: user2 +key3: user3 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/one.module b/p11-kit/fixtures/user-modules/one.module new file mode 100644 index 0000000..5197daf --- /dev/null +++ b/p11-kit/fixtures/user-modules/one.module @@ -0,0 +1,4 @@ + +setting: user1 +managed: yes +number: 33 diff --git a/p11-kit/fixtures/user-modules/three.module b/p11-kit/fixtures/user-modules/three.module new file mode 100644 index 0000000..3a2366d --- /dev/null +++ b/p11-kit/fixtures/user-modules/three.module @@ -0,0 +1,6 @@ + +module: mock-three.so +setting: user3 + +enable-in: test-enable +priority: 3 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/one.module b/p11-kit/fixtures/user-modules/win32/one.module new file mode 100644 index 0000000..c371e4a --- /dev/null +++ b/p11-kit/fixtures/user-modules/win32/one.module @@ -0,0 +1,2 @@ + +setting: user1 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/three.module b/p11-kit/fixtures/user-modules/win32/three.module new file mode 100644 index 0000000..30a3b63 --- /dev/null +++ b/p11-kit/fixtures/user-modules/win32/three.module @@ -0,0 +1,6 @@ + +module: mock-three.dll +setting: user3 + +enable-in: test-enable +priority: 3 \ No newline at end of file diff --git a/p11-kit/frob-setuid.c b/p11-kit/frob-setuid.c new file mode 100644 index 0000000..e546ece --- /dev/null +++ b/p11-kit/frob-setuid.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include +#include +#include + +#include "compat.h" +#include "p11-kit.h" + +int +main (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + char *field; + char *name; + int ret; + int i; + + /* + * Use 'chmod ug+s frob-setuid' to change this program + * and test the output with/without setuid or setgid. + */ + + putenv ("P11_KIT_STRICT=1"); + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL); + + /* This is a system configured module */ + module = p11_kit_module_for_name (modules, "one"); + assert (module != NULL); + + field = p11_kit_config_option (module, "setting"); + printf ("'setting' on module 'one': %s\n", field ? field : "(null)"); + + assert (field != NULL); + if (getauxval (AT_SECURE)) + assert (strcmp (field, "system1") == 0); + else + assert (strcmp (field, "user1") == 0); + + free (field); + + for (i = 0; modules[i] != NULL; i++) { + name = p11_kit_module_get_name (modules[i]); + printf ("%s\n", name); + free (name); + } + + field = p11_kit_config_option (module, "number"); + printf ("'number' on module 'one': %s\n", field ? field : "(null)"); + + ret = atoi (field ? field : "0"); + assert (ret != 0); + free (field); + + p11_kit_modules_finalize_and_release (modules); + return ret; +} diff --git a/p11-kit/mock-module-ep.c b/p11-kit/mock-module-ep.c new file mode 100644 index 0000000..9ba739a --- /dev/null +++ b/p11-kit/mock-module-ep.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module_no_slots.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep2.c b/p11-kit/mock-module-ep2.c new file mode 100644 index 0000000..ee71711 --- /dev/null +++ b/p11-kit/mock-module-ep2.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" + +#include + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/print-messages.c b/p11-kit/print-messages.c new file mode 100644 index 0000000..5870ad1 --- /dev/null +++ b/p11-kit/print-messages.c @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met); + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include +#include +#include + +#include "p11-kit.h" + +int +main (int argc, char *argv[]) +{ + if (argc != 1) { + fprintf (stderr, "usage: print-messages\n"); + exit (2); + } + + #define X(x) printf ("%s: %s\n", #x, p11_kit_strerror (x)) + X(CKR_CANCEL); + X(CKR_FUNCTION_CANCELED); + X(CKR_HOST_MEMORY); + X(CKR_SLOT_ID_INVALID); + X(CKR_GENERAL_ERROR); + X(CKR_FUNCTION_FAILED); + X(CKR_ARGUMENTS_BAD); + X(CKR_NEED_TO_CREATE_THREADS); + X(CKR_CANT_LOCK); + X(CKR_ATTRIBUTE_READ_ONLY); + X(CKR_ATTRIBUTE_SENSITIVE); + X(CKR_ATTRIBUTE_TYPE_INVALID); + X(CKR_ATTRIBUTE_VALUE_INVALID); + X(CKR_DATA_INVALID); + X(CKR_DATA_LEN_RANGE); + X(CKR_DEVICE_ERROR); + X(CKR_DEVICE_MEMORY); + X(CKR_DEVICE_REMOVED); + X(CKR_ENCRYPTED_DATA_INVALID); + X(CKR_ENCRYPTED_DATA_LEN_RANGE); + X(CKR_FUNCTION_NOT_SUPPORTED); + X(CKR_KEY_HANDLE_INVALID); + X(CKR_KEY_SIZE_RANGE); + X(CKR_KEY_TYPE_INCONSISTENT); + X(CKR_KEY_NOT_NEEDED); + X(CKR_KEY_CHANGED); + X(CKR_KEY_NEEDED); + X(CKR_KEY_INDIGESTIBLE); + X(CKR_KEY_FUNCTION_NOT_PERMITTED); + X(CKR_KEY_NOT_WRAPPABLE); + X(CKR_KEY_UNEXTRACTABLE); + X(CKR_MECHANISM_INVALID); + X(CKR_MECHANISM_PARAM_INVALID); + X(CKR_OBJECT_HANDLE_INVALID); + X(CKR_OPERATION_ACTIVE); + X(CKR_OPERATION_NOT_INITIALIZED); + X(CKR_PIN_INCORRECT); + X(CKR_PIN_INVALID); + X(CKR_PIN_LEN_RANGE); + X(CKR_PIN_EXPIRED); + X(CKR_PIN_LOCKED); + X(CKR_SESSION_CLOSED); + X(CKR_SESSION_COUNT); + X(CKR_SESSION_HANDLE_INVALID); + X(CKR_SESSION_READ_ONLY); + X(CKR_SESSION_EXISTS); + X(CKR_SESSION_READ_ONLY_EXISTS); + X(CKR_SESSION_READ_WRITE_SO_EXISTS); + X(CKR_SIGNATURE_INVALID); + X(CKR_SIGNATURE_LEN_RANGE); + X(CKR_TEMPLATE_INCOMPLETE); + X(CKR_TEMPLATE_INCONSISTENT); + X(CKR_TOKEN_NOT_PRESENT); + X(CKR_TOKEN_NOT_RECOGNIZED); + X(CKR_TOKEN_WRITE_PROTECTED); + X(CKR_UNWRAPPING_KEY_HANDLE_INVALID); + X(CKR_UNWRAPPING_KEY_SIZE_RANGE); + X(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT); + X(CKR_USER_ALREADY_LOGGED_IN); + X(CKR_USER_NOT_LOGGED_IN); + X(CKR_USER_PIN_NOT_INITIALIZED); + X(CKR_USER_TYPE_INVALID); + X(CKR_USER_ANOTHER_ALREADY_LOGGED_IN); + X(CKR_USER_TOO_MANY_TYPES); + X(CKR_WRAPPED_KEY_INVALID); + X(CKR_WRAPPED_KEY_LEN_RANGE); + X(CKR_WRAPPING_KEY_HANDLE_INVALID); + X(CKR_WRAPPING_KEY_SIZE_RANGE); + X(CKR_WRAPPING_KEY_TYPE_INCONSISTENT); + X(CKR_RANDOM_SEED_NOT_SUPPORTED); + X(CKR_RANDOM_NO_RNG); + X(CKR_DOMAIN_PARAMS_INVALID); + X(CKR_BUFFER_TOO_SMALL); + X(CKR_SAVED_STATE_INVALID); + X(CKR_INFORMATION_SENSITIVE); + X(CKR_STATE_UNSAVEABLE); + X(CKR_CRYPTOKI_NOT_INITIALIZED); + X(CKR_CRYPTOKI_ALREADY_INITIALIZED); + X(CKR_MUTEX_BAD); + X(CKR_MUTEX_NOT_LOCKED); + X(CKR_FUNCTION_REJECTED); + #undef X + + return 0; +} diff --git a/p11-kit/test-conf.c b/p11-kit/test-conf.c new file mode 100644 index 0000000..94b8b01 --- /dev/null +++ b/p11-kit/test-conf.c @@ -0,0 +1,456 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include + +#include "conf.h" +#include "debug.h" +#include "message.h" +#include "p11-kit.h" +#include "private.h" + +#ifdef OS_UNIX +#include +#include +#include +#endif + +static void +test_parse_conf_1 (void) +{ + p11_dict *map; + const char *value; + + map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/test-1.conf", NULL, 0); + assert_ptr_not_null (map); + + value = p11_dict_get (map, "key1"); + assert_str_eq ("value1", value); + + value = p11_dict_get (map, "with-colon"); + assert_str_eq ("value-of-colon", value); + + value = p11_dict_get (map, "with-whitespace"); + assert_str_eq ("value-with-whitespace", value); + + value = p11_dict_get (map, "embedded-comment"); + assert_str_eq ("this is # not a comment", value); + + p11_dict_free (map); +} + +static void +test_parse_ignore_missing (void) +{ + p11_dict *map; + + map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, CONF_IGNORE_MISSING); + assert_ptr_not_null (map); + + assert_num_eq (0, p11_dict_size (map)); + assert (p11_message_last () == NULL); + p11_dict_free (map); +} + +static void +test_parse_fail_missing (void) +{ + p11_dict *map; + + map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, 0); + assert (map == NULL); + assert_ptr_not_null (p11_message_last ()); +} + +static void +test_merge_defaults (void) +{ + p11_dict *values; + p11_dict *defaults; + + values = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); + defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); + + p11_dict_set (values, strdup ("one"), strdup ("real1")); + p11_dict_set (values, strdup ("two"), strdup ("real2")); + + p11_dict_set (defaults, strdup ("two"), strdup ("default2")); + p11_dict_set (defaults, strdup ("three"), strdup ("default3")); + + if (!_p11_conf_merge_defaults (values, defaults)) + assert_not_reached (); + + p11_dict_free (defaults); + + assert_str_eq (p11_dict_get (values, "one"), "real1"); + assert_str_eq (p11_dict_get (values, "two"), "real2"); + assert_str_eq (p11_dict_get (values, "three"), "default3"); + + p11_dict_free (values); +} + +static void +test_load_globals_merge (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", + SRCDIR "/p11-kit/fixtures/test-user.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_MERGE, user_mode); + + assert_str_eq (p11_dict_get (config, "key1"), "system1"); + assert_str_eq (p11_dict_get (config, "key2"), "user2"); + assert_str_eq (p11_dict_get (config, "key3"), "user3"); + + p11_dict_free (config); +} + +static void +test_load_globals_no_user (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-none.conf", + SRCDIR "/p11-kit/fixtures/test-user.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_NONE, user_mode); + + assert_str_eq (p11_dict_get (config, "key1"), "system1"); + assert_str_eq (p11_dict_get (config, "key2"), "system2"); + assert_str_eq (p11_dict_get (config, "key3"), "system3"); + + p11_dict_free (config); +} + +static void +test_load_globals_user_sets_only (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", + SRCDIR "/p11-kit/fixtures/test-user-only.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_ONLY, user_mode); + + assert (p11_dict_get (config, "key1") == NULL); + assert_str_eq (p11_dict_get (config, "key2"), "user2"); + assert_str_eq (p11_dict_get (config, "key3"), "user3"); + + p11_dict_free (config); +} + +static void +test_load_globals_system_sets_only (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-only.conf", + SRCDIR "/p11-kit/fixtures/test-user.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_ONLY, user_mode); + + assert (p11_dict_get (config, "key1") == NULL); + assert_str_eq (p11_dict_get (config, "key2"), "user2"); + assert_str_eq (p11_dict_get (config, "key3"), "user3"); + + p11_dict_free (config); +} + +static void +test_load_globals_system_sets_invalid (void) +{ + int user_mode = -1; + p11_dict *config; + int error; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-invalid.conf", + SRCDIR "/p11-kit/fixtures/non-existant.conf", + &user_mode); + error = errno; + assert_ptr_eq (NULL, config); + assert_num_eq (EINVAL, error); + assert_ptr_not_null (p11_message_last ()); + + p11_dict_free (config); +} + +static void +test_load_globals_user_sets_invalid (void) +{ + int user_mode = -1; + p11_dict *config; + int error; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", + SRCDIR "/p11-kit/fixtures/test-user-invalid.conf", + &user_mode); + error = errno; + assert_ptr_eq (NULL, config); + assert_num_eq (EINVAL, error); + assert_ptr_not_null (p11_message_last ()); + + p11_dict_free (config); +} + +static bool +assert_msg_contains (const char *msg, + const char *text) +{ + return (msg && strstr (msg, text)) ? true : false; +} + +static void +test_load_modules_merge (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_MERGE, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/user-modules"); + assert_ptr_not_null (configs); + assert (assert_msg_contains (p11_message_last (), "invalid config filename")); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "user1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_not_null (config); + assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system2"); + + config = p11_dict_get (configs, "three"); + assert_ptr_not_null (config); + assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "user3"); + + p11_dict_free (configs); +} + +static void +test_load_modules_user_none (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_NONE, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/user-modules"); + assert_ptr_not_null (configs); + assert (assert_msg_contains (p11_message_last (), "invalid config filename")); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_not_null (config); + assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system2"); + + config = p11_dict_get (configs, "three"); + assert_ptr_eq (NULL, config); + + p11_dict_free (configs); +} + +static void +test_load_modules_user_only (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_ONLY, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/user-modules"); + assert_ptr_not_null (configs); + assert_ptr_eq (NULL, (void *)p11_message_last ()); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert (p11_dict_get (config, "module") == NULL); + assert_str_eq (p11_dict_get (config, "setting"), "user1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_eq (NULL, config); + + config = p11_dict_get (configs, "three"); + assert_ptr_not_null (config); + assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "user3"); + + p11_dict_free (configs); +} + +static void +test_load_modules_no_user (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_MERGE, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/non-existant"); + assert_ptr_not_null (configs); + assert (assert_msg_contains (p11_message_last (), "invalid config filename")); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_not_null (config); + assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system2"); + + config = p11_dict_get (configs, "three"); + assert_ptr_eq (NULL, config); + + p11_dict_free (configs); +} + +static void +test_parse_boolean (void) +{ + p11_message_quiet (); + + assert_num_eq (true, _p11_conf_parse_boolean ("yes", false)); + assert_num_eq (false, _p11_conf_parse_boolean ("no", true)); + assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true)); +} + +#ifdef OS_UNIX + +static void +test_setuid (void) +{ + const char *args[] = { BUILDDIR "/frob-setuid", NULL, }; + char *path; + int ret; + + /* This is the 'number' setting set in one.module user configuration. */ + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 33); + + path = p11_test_copy_setgid (args[0]); + if (path == NULL) + return; + + args[0] = path; + + /* This is the 'number' setting set in one.module system configuration. */ + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 18); + + if (unlink (path) < 0) + assert_fail ("unlink failed", strerror (errno)); + free (path); +} + +#endif /* OS_UNIX */ + +int +main (int argc, + char *argv[]) +{ + p11_test (test_parse_conf_1, "/conf/test_parse_conf_1"); + p11_test (test_parse_ignore_missing, "/conf/test_parse_ignore_missing"); + p11_test (test_parse_fail_missing, "/conf/test_parse_fail_missing"); + p11_test (test_merge_defaults, "/conf/test_merge_defaults"); + p11_test (test_load_globals_merge, "/conf/test_load_globals_merge"); + p11_test (test_load_globals_no_user, "/conf/test_load_globals_no_user"); + p11_test (test_load_globals_system_sets_only, "/conf/test_load_globals_system_sets_only"); + p11_test (test_load_globals_user_sets_only, "/conf/test_load_globals_user_sets_only"); + p11_test (test_load_globals_system_sets_invalid, "/conf/test_load_globals_system_sets_invalid"); + p11_test (test_load_globals_user_sets_invalid, "/conf/test_load_globals_user_sets_invalid"); + p11_test (test_load_modules_merge, "/conf/test_load_modules_merge"); + p11_test (test_load_modules_no_user, "/conf/test_load_modules_no_user"); + p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only"); + p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none"); + p11_test (test_parse_boolean, "/conf/test_parse_boolean"); +#ifdef OS_UNIX + /* Don't run this test when under fakeroot */ + if (!getenv ("FAKED_MODE")) { + p11_test (test_setuid, "/conf/setuid"); + } +#endif + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-deprecated.c b/p11-kit/test-deprecated.c new file mode 100644 index 0000000..c8b8001 --- /dev/null +++ b/p11-kit/test-deprecated.c @@ -0,0 +1,513 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_NO_DEPRECATIONS + +#include "config.h" +#include "test.h" + +#include "dict.h" +#include "library.h" +#include "p11-kit.h" +#include "private.h" +#include "mock.h" + +#include + +#include +#include +#include +#include +#include +#include +#include + +static CK_FUNCTION_LIST_PTR_PTR +initialize_and_get_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_RV rv; + + rv = p11_kit_initialize_registered (); + assert_num_eq (CKR_OK, rv); + modules = p11_kit_registered_modules (); + assert (modules != NULL && modules[0] != NULL); + + return modules; +} + +static void +finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) +{ + CK_RV rv; + + free (modules); + rv = p11_kit_finalize_registered (); + assert_num_eq (CKR_OK, rv); + +} + +static void +test_no_duplicates (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + p11_dict *paths; + p11_dict *funcs; + char *path; + int i; + + modules = initialize_and_get_modules (); + paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + + /* The loaded modules should not contain duplicates */ + for (i = 0; modules[i] != NULL; i++) { + path = p11_kit_registered_option (modules[i], "module"); + + if (p11_dict_get (funcs, modules[i])) + assert_fail ("found duplicate function list pointer", NULL); + if (p11_dict_get (paths, path)) + assert_fail ("found duplicate path name", NULL); + + if (!p11_dict_set (funcs, modules[i], "")) + assert_not_reached (); + if (!p11_dict_set (paths, path, "")) + assert_not_reached (); + + free (path); + } + + p11_dict_free (paths); + p11_dict_free (funcs); + finalize_and_free_modules (modules); +} + +static CK_FUNCTION_LIST_PTR +lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, + const char *name) +{ + CK_FUNCTION_LIST_PTR match = NULL; + CK_FUNCTION_LIST_PTR module; + char *module_name; + int i; + + for (i = 0; match == NULL && modules[i] != NULL; i++) { + module_name = p11_kit_registered_module_to_name (modules[i]); + assert_ptr_not_null (module_name); + if (strcmp (module_name, name) == 0) + match = modules[i]; + free (module_name); + } + + /* + * As a side effect, we should check that the results of this function + * matches the above search. + */ + module = p11_kit_registered_name_to_module (name); + if (module != match) + assert_fail ("different result from p11_kit_registered_name_to_module()", NULL); + + return match; +} + +static void +test_disable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module four should be present, as we don't match any prognames + * that it has disabled. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") != NULL); + finalize_and_free_modules (modules); + + /* + * The module two shouldn't have been loaded, because in its config + * file we have: + * + * disable-in: test-disable + */ + + p11_kit_set_progname ("test-disable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_disable_later (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_RV rv; + + /* + * The module two shouldn't be matched, because in its config + * file we have: + * + * disable-in: test-disable + */ + + rv = p11_kit_initialize_registered (); + assert_num_eq (CKR_OK, rv); + + p11_kit_set_progname ("test-disable"); + + modules = p11_kit_registered_modules (); + assert (modules != NULL && modules[0] != NULL); + + assert (lookup_module_with_name (modules, "two") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_enable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") == NULL); + finalize_and_free_modules (modules); + + /* + * The module three should be loaded here , because in its config + * file we have: + * + * enable-in: test-enable + */ + + p11_kit_set_progname ("test-enable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") != NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +CK_FUNCTION_LIST module; + +#ifdef OS_UNIX + +#include + +static CK_RV +mock_C_Initialize__with_fork (CK_VOID_PTR init_args) +{ + struct timespec ts = { 0, 100 * 1000 * 1000 }; + CK_RV rv; + pid_t child; + pid_t ret; + int status; + + rv = mock_C_Initialize (init_args); + assert (rv == CKR_OK); + + /* Fork during the initialization */ + child = fork (); + if (child == 0) { + close (1); + nanosleep (&ts, NULL); + exit (66); + } + + ret = waitpid (child, &status, 0); + assert (ret == child); + assert (WIFEXITED (status)); + assert (WEXITSTATUS (status) == 66); + + return CKR_OK; +} + +static void +test_fork_initialization (void) +{ + CK_RV rv; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_fork; + + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_OK); + + rv = p11_kit_finalize_module (&module); + assert (rv == CKR_OK); + + assert (!mock_module_initialized ()); +} + +#endif /* OS_UNIX */ + +static CK_RV +mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) +{ + /* Recursively initialize, this is broken */ + return p11_kit_initialize_module (&module); +} + +static void +test_recursive_initialization (void) +{ + CK_RV rv; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_recursive; + + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_FUNCTION_FAILED); + + assert (!mock_module_initialized ()); +} + +static p11_mutex_t race_mutex; +static int initialization_count = 0; +static int finalization_count = 0; + +static CK_RV +mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + initialization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static CK_RV +mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + finalization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static void * +initialization_thread (void *data) +{ + CK_RV rv; + + assert_str_eq (data, "thread-data"); + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_OK); + + return "thread-data"; +} + +static void * +finalization_thread (void *data) +{ + CK_RV rv; + + assert_str_eq (data, "thread-data"); + rv = p11_kit_finalize_module (&module); + assert (rv == CKR_OK); + + return "thread-data"; +} + +static void +test_threaded_initialization (void) +{ + static const int num_threads = 2; + p11_thread_t threads[num_threads]; + int ret; + int i; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__threaded_race; + module.C_Finalize = mock_C_Finalize__threaded_race; + + p11_mutex_lock (&race_mutex); + initialization_count = 0; + finalization_count = 0; + p11_mutex_unlock (&race_mutex); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], initialization_thread, "thread-data"); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], finalization_thread, "thread-data"); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + /* C_Initialize should have been called exactly once */ + p11_mutex_lock (&race_mutex); + assert_num_eq (1, initialization_count); + assert_num_eq (1, finalization_count); + p11_mutex_unlock (&race_mutex); + + assert (!mock_module_initialized ()); +} + +static CK_RV +mock_C_Initialize__test_mutexes (CK_VOID_PTR args) +{ + CK_C_INITIALIZE_ARGS_PTR init_args; + void *mutex = NULL; + CK_RV rv; + + rv = mock_C_Initialize (NULL); + if (rv != CKR_OK) + return rv; + + assert (args != NULL); + init_args = args; + + rv = (init_args->CreateMutex) (&mutex); + assert (rv == CKR_OK); + + rv = (init_args->LockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->UnlockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->DestroyMutex) (mutex); + assert (rv == CKR_OK); + + return CKR_OK; +} + +static void +test_mutexes (void) +{ + CK_RV rv; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__test_mutexes; + + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_OK); + + rv = p11_kit_finalize_module (&module); + assert (rv == CKR_OK); + + assert (!mock_module_initialized ()); +} + +static void +test_load_and_initialize (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_INFO info; + CK_RV rv; + int ret; + + rv = p11_kit_load_initialize_module (BUILDDIR "/.libs/mock-one" SHLEXT, &module); + assert (rv == CKR_OK); + assert (module != NULL); + + rv = (module->C_GetInfo) (&info); + assert (rv == CKR_OK); + + ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); + assert (ret == 0); + + rv = p11_kit_finalize_module (module); + assert_num_eq (rv, CKR_OK); +} + +int +main (int argc, + char *argv[]) +{ + p11_mutex_init (&race_mutex); + mock_module_init (); + p11_library_init (); + + p11_test (test_no_duplicates, "/deprecated/test_no_duplicates"); + p11_test (test_disable, "/deprecated/test_disable"); + p11_test (test_disable_later, "/deprecated/test_disable_later"); + p11_test (test_enable, "/deprecated/test_enable"); + +#ifdef OS_UNIX + p11_test (test_fork_initialization, "/deprecated/test_fork_initialization"); +#endif + + p11_test (test_recursive_initialization, "/deprecated/test_recursive_initialization"); + p11_test (test_threaded_initialization, "/deprecated/test_threaded_initialization"); + p11_test (test_mutexes, "/deprecated/test_mutexes"); + p11_test (test_load_and_initialize, "/deprecated/test_load_and_initialize"); + + p11_kit_be_quiet (); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-init.c b/p11-kit/test-init.c new file mode 100644 index 0000000..c4fcecb --- /dev/null +++ b/p11-kit/test-init.c @@ -0,0 +1,420 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include + +#include "library.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "private.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include + +static CK_FUNCTION_LIST module; +static p11_mutex_t race_mutex; + +#ifdef OS_UNIX + +#include + +static CK_RV +mock_C_Initialize__with_fork (CK_VOID_PTR init_args) +{ + struct timespec ts = { 0, 100 * 1000 * 1000 }; + CK_RV rv; + pid_t child; + pid_t ret; + int status; + + rv = mock_C_Initialize (init_args); + assert (rv == CKR_OK); + + /* Fork during the initialization */ + child = fork (); + if (child == 0) { + close (1); + nanosleep (&ts, NULL); + exit (66); + } + + ret = waitpid (child, &status, 0); + assert (ret == child); + assert (WIFEXITED (status)); + assert (WEXITSTATUS (status) == 66); + + return CKR_OK; +} + +static void +test_fork_initialization (void) +{ + CK_FUNCTION_LIST_PTR result; + CK_RV rv; + + mock_module_reset (); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_fork; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&module, 0, &result); + assert (rv == CKR_OK); + + p11_unlock (); + + rv = p11_kit_module_initialize (result); + assert (rv == CKR_OK); + + rv = p11_kit_module_finalize (result); + assert (rv == CKR_OK); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (result); + assert (rv == CKR_OK); + + p11_unlock (); +} + +#endif /* OS_UNIX */ + +static CK_FUNCTION_LIST *recursive_managed; + +static CK_RV +mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) +{ + CK_RV rv; + + rv = mock_C_Initialize (init_args); + assert (rv == CKR_OK); + + return p11_kit_module_initialize (recursive_managed); +} + +static void +test_recursive_initialization (void) +{ + CK_RV rv; + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_recursive; + + p11_kit_be_quiet (); + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&module, 0, &recursive_managed); + assert (rv == CKR_OK); + + p11_unlock (); + + rv = p11_kit_module_initialize (recursive_managed); + assert_num_eq (CKR_FUNCTION_FAILED, rv); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (recursive_managed); + assert (rv == CKR_OK); + + p11_unlock (); + + p11_kit_be_loud (); +} + +static int initialization_count = 0; +static int finalization_count = 0; + +static CK_RV +mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + initialization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static CK_RV +mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + finalization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static void * +initialization_thread (void *data) +{ + CK_FUNCTION_LIST *module = data; + CK_RV rv; + + assert (module != NULL); + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + return module; +} + +static void * +finalization_thread (void *data) +{ + CK_FUNCTION_LIST *module = data; + CK_RV rv; + + assert (module != NULL); + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + return module; +} + +static void +test_threaded_initialization (void) +{ + static const int num_threads = 1; + CK_FUNCTION_LIST *data[num_threads]; + p11_thread_t threads[num_threads]; + CK_RV rv; + int ret; + int i; + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__threaded_race; + module.C_Finalize = mock_C_Finalize__threaded_race; + + memset (&data, 0, sizeof (data)); + + p11_mutex_lock (&race_mutex); + initialization_count = 0; + finalization_count = 0; + p11_mutex_unlock (&race_mutex); + + p11_lock (); + + for (i = 0; i < num_threads; i++) { + assert (data[i] == NULL); + rv = p11_module_load_inlock_reentrant (&module, 0, &data[i]); + assert (rv == CKR_OK); + } + + p11_unlock (); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], initialization_thread, data[i]); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], finalization_thread, data[i]); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + p11_lock (); + + for (i = 0; i < num_threads; i++) { + assert (data[i] != NULL); + rv = p11_module_release_inlock_reentrant (data[i]); + assert (rv == CKR_OK); + } + + p11_unlock (); + + /* C_Initialize should have been called exactly once */ + assert_num_eq (1, initialization_count); + assert_num_eq (1, finalization_count); +} + +static CK_RV +mock_C_Initialize__test_mutexes (CK_VOID_PTR args) +{ + CK_C_INITIALIZE_ARGS_PTR init_args; + void *mutex = NULL; + CK_RV rv; + + assert (args != NULL); + init_args = args; + + rv = (init_args->CreateMutex) (&mutex); + assert (rv == CKR_OK); + + rv = (init_args->LockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->UnlockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->DestroyMutex) (mutex); + assert (rv == CKR_OK); + + return CKR_OK; +} + +static void +test_mutexes (void) +{ + CK_FUNCTION_LIST_PTR result; + CK_RV rv; + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__test_mutexes; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&module, 0, &result); + assert (rv == CKR_OK); + + rv = p11_module_release_inlock_reentrant (result); + assert (rv == CKR_OK); + + p11_unlock (); +} + +static void +test_load_and_initialize (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_INFO info; + CK_RV rv; + int ret; + + module = p11_kit_module_load (BUILDDIR "/.libs/mock-one" SHLEXT, 0); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + rv = (module->C_GetInfo) (&info); + assert (rv == CKR_OK); + + ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); + assert (ret == 0); + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_kit_module_release (module); +} + +static void +test_initalize_fail (void) +{ + CK_FUNCTION_LIST failer; + CK_FUNCTION_LIST *modules[3] = { &mock_module_no_slots, &failer, NULL }; + CK_RV rv; + + memcpy (&failer, &mock_module, sizeof (CK_FUNCTION_LIST)); + failer.C_Initialize = mock_C_Initialize__fails; + + mock_module_reset (); + p11_kit_be_quiet (); + + rv = p11_kit_modules_initialize (modules, NULL); + assert_num_eq (CKR_FUNCTION_FAILED, rv); + + p11_kit_be_loud (); + + /* Failed modules get removed from the list */ + assert_ptr_eq (&mock_module_no_slots, modules[0]); + assert_ptr_eq (NULL, modules[1]); + assert_ptr_eq (NULL, modules[2]); + + p11_kit_modules_finalize (modules); +} + +static void +test_finalize_fail (void) +{ + +} + +int +main (int argc, + char *argv[]) +{ + p11_mutex_init (&race_mutex); + mock_module_init (); + p11_library_init (); + + /* These only work when managed */ + if (p11_virtual_can_wrap ()) { + p11_test (test_recursive_initialization, "/init/test_recursive_initialization"); + p11_test (test_threaded_initialization, "/init/test_threaded_initialization"); + p11_test (test_mutexes, "/init/test_mutexes"); + p11_test (test_load_and_initialize, "/init/test_load_and_initialize"); + +#ifdef OS_UNIX + p11_test (test_fork_initialization, "/init/test_fork_initialization"); +#endif + } + + p11_test (test_initalize_fail, "/init/test_initalize_fail"); + p11_test (test_finalize_fail, "/init/test_finalize_fail"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-iter.c b/p11-kit/test-iter.c new file mode 100644 index 0000000..055a4b3 --- /dev/null +++ b/p11-kit/test-iter.c @@ -0,0 +1,1331 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#define P11_KIT_FUTURE_UNSTABLE_API 1 + +#include "attrs.h" +#include "dict.h" +#include "iter.h" +#include "library.h" +#include "message.h" +#include "mock.h" + +#include +#include +#include +#include + +static CK_FUNCTION_LIST_PTR_PTR +initialize_and_get_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + p11_message_quiet (); + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL && modules[0] != NULL); + + p11_message_loud (); + + return modules; +} + +static void +finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) +{ + p11_kit_modules_finalize (modules); + p11_kit_modules_release (modules); +} + +static int +has_handle (CK_ULONG *objects, + int count, + CK_ULONG handle) +{ + int i; + for (i = 0; i < count; i++) { + if (objects[i] == handle) + return 1; + } + + return 0; +} + + +static void +test_all (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session; + CK_ULONG size; + P11KitIter *iter; + CK_RV rv; + int at; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, P11_KIT_ITER_BUSY_SESSIONS); + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + module = p11_kit_iter_get_module (iter); + assert_ptr_not_null (module); + + session = p11_kit_iter_get_session (iter); + assert (session != 0); + + /* Do something with the object */ + size = 0; + rv = (module->C_GetObjectSize) (session, objects[at], &size); + assert (rv == CKR_OK); + assert (size > 0); + + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static CK_RV +on_iter_callback (P11KitIter *iter, + CK_BBOOL *matches, + void *data) +{ + CK_OBJECT_HANDLE object; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session; + CK_ULONG size; + CK_RV rv; + + assert_str_eq (data, "callback"); + + object = p11_kit_iter_get_object (iter); + if (object != MOCK_PUBLIC_KEY_CAPITALIZE && object != MOCK_PUBLIC_KEY_PREFIX) { + *matches = CK_FALSE; + return CKR_OK; + } + + module = p11_kit_iter_get_module (iter); + assert_ptr_not_null (module); + + session = p11_kit_iter_get_session (iter); + assert (session != 0); + + /* Do something with the object */ + size = 0; + rv = (module->C_GetObjectSize) (session, object, &size); + assert (rv == CKR_OK); + assert (size > 0); + + return CKR_OK; +} + +static void +test_callback (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_RV rv; + int at; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_callback (iter, on_iter_callback, "callback", NULL); + p11_kit_iter_begin (iter, modules); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 2 public keys */ + assert_num_eq (6, at); + + assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static CK_RV +on_callback_fail (P11KitIter *iter, + CK_BBOOL *matches, + void *data) +{ + return CKR_DATA_INVALID; +} + +static void +test_callback_fails (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_RV rv; + int at; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_callback (iter, on_callback_fail, "callback", NULL); + p11_kit_iter_begin (iter, modules); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DATA_INVALID); + + /* Shouldn't have succeeded at all */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + finalize_and_free_modules (modules); +} + +static void +on_destroy_increment (void *data) +{ + int *value = data; + (*value)++; +} + +static void +test_callback_destroyer (void) +{ + P11KitIter *iter; + int value = 1; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_callback (iter, on_callback_fail, &value, on_destroy_increment); + p11_kit_iter_free (iter); + + assert_num_eq (2, value); +} + +static void +test_with_session (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, 0, session); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + slot = p11_kit_iter_get_slot (iter); + assert (slot == MOCK_SLOT_ONE_ID); + + module = p11_kit_iter_get_module (iter); + assert_ptr_eq (module, &mock_module); + + assert (session == p11_kit_iter_get_session (iter)); + at++; + } + + assert (rv == CKR_CANCEL); + + /* 1 modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + /* The session is still valid ... */ + rv = mock_module.C_CloseSession (session); + assert (rv == CKR_OK); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_with_slot (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, MOCK_SLOT_ONE_ID, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + slot = p11_kit_iter_get_slot (iter); + assert (slot == MOCK_SLOT_ONE_ID); + + module = p11_kit_iter_get_module (iter); + assert_ptr_eq (module, &mock_module); + at++; + } + + assert (rv == CKR_CANCEL); + + /* 1 modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + rv = (mock_module.C_Finalize) (NULL); + assert (rv == CKR_OK); +} + +static void +test_with_module (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + module = p11_kit_iter_get_module (iter); + assert_ptr_eq (module, &mock_module); + at++; + } + + assert (rv == CKR_CANCEL); + + /* 1 modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_keep_session (void) +{ + CK_SESSION_HANDLE session; + P11KitIter *iter; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, 0, 0); + + rv = p11_kit_iter_next (iter); + assert (rv == CKR_OK); + + session = p11_kit_iter_keep_session (iter); + p11_kit_iter_free (iter); + + /* The session is still valid ... */ + rv = mock_module.C_CloseSession (session); + assert (rv == CKR_OK); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_unrecognized (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + p11_kit_uri_set_unrecognized (uri, 1); + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_uri_with_type (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int at; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:object-type=public", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (ret, P11_KIT_URI_OK); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 2 public keys */ + assert_num_eq (6, at); + + assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_set_uri (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + p11_kit_uri_set_unrecognized (uri, 1); + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_set_uri (iter, uri); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + /* Nothing should have matched */ + rv = p11_kit_iter_next (iter); + assert_num_eq (rv, CKR_CANCEL); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_filter (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_RV rv; + int at; + + CK_BBOOL vfalse = CK_FALSE; + CK_OBJECT_CLASS public_key = CKO_PUBLIC_KEY; + CK_ATTRIBUTE attrs[] = { + { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, + { CKA_CLASS, &public_key, sizeof (public_key) }, + }; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter, attrs, 2); + + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 2 public keys */ + assert_num_eq (6, at); + + assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_session_flags (void) +{ + CK_FUNCTION_LIST_PTR *modules; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session; + CK_SESSION_INFO info; + P11KitIter *iter; + CK_RV rv; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); + p11_kit_iter_begin (iter, modules); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + module = p11_kit_iter_get_module (iter); + assert_ptr_not_null (module); + + session = p11_kit_iter_get_session (iter); + assert (session != 0); + + rv = (module->C_GetSessionInfo) (session, &info); + assert (rv == CKR_OK); + + assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_module_match (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_module_mismatch (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:library-description=blah", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_token_match (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_token_mismatch (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:manufacturer=blah", P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_token_info (void) +{ + CK_FUNCTION_LIST_PTR *modules; + CK_TOKEN_INFO *info; + P11KitIter *iter; + char *string; + CK_RV rv; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin (iter, modules); + + rv = p11_kit_iter_next (iter); + assert_num_eq (rv, CKR_OK); + + info = p11_kit_iter_get_token (iter); + assert_ptr_not_null (info); + + string = p11_kit_space_strdup (info->label, sizeof (info->label)); + assert_ptr_not_null (string); + + assert_str_eq (string, "TEST LABEL"); + + free (string); + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_getslotlist_fail_first (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetSlotList = mock_C_GetSlotList__fail_first; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_VENDOR_DEFINED); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_getslotlist_fail_late (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetSlotList = mock_C_GetSlotList__fail_late; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_VENDOR_DEFINED); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_open_session_fail (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_OpenSession = mock_C_OpenSession__fails; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DEVICE_ERROR); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_find_init_fail (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_FindObjectsInit = mock_C_FindObjectsInit__fails; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DEVICE_MEMORY); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_find_objects_fail (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_FindObjects = mock_C_FindObjects__fails; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DEVICE_REMOVED); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_get_attributes (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_OBJECT_HANDLE object; + char label[128]; + CK_ULONG klass; + CK_ULONG ulong; + CK_RV rv; + int at; + + CK_ATTRIBUTE template[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, sizeof (label) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE attrs[3]; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (sizeof (attrs) == sizeof (template)); + memcpy (&attrs, &template, sizeof (attrs)); + + rv = p11_kit_iter_get_attributes (iter, attrs, 2); + assert (rv == CKR_OK); + + object = p11_kit_iter_get_object (iter); + switch (object) { + case MOCK_DATA_OBJECT: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); + break; + case MOCK_PUBLIC_KEY_CAPITALIZE: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); + break; + case MOCK_PUBLIC_KEY_PREFIX: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); + break; + default: + assert_fail ("Unknown object matched", NULL); + break; + } + + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, at); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + + + +static void +test_load_attributes (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE object; + CK_ULONG ulong; + CK_RV rv; + int at; + + CK_ATTRIBUTE types[] = { + { CKA_CLASS }, + { CKA_LABEL }, + }; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin (iter, modules); + + attrs = p11_attrs_buildn (NULL, types, 2); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + rv = p11_kit_iter_load_attributes (iter, attrs, 2); + assert (rv == CKR_OK); + + object = p11_kit_iter_get_object (iter); + switch (object) { + case MOCK_DATA_OBJECT: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); + break; + case MOCK_PUBLIC_KEY_CAPITALIZE: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); + break; + case MOCK_PUBLIC_KEY_PREFIX: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); + break; + default: + assert_fail ("Unknown object matched", NULL); + break; + } + + at++; + } + + p11_attrs_free (attrs); + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, at); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_load_attributes_none (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_buildn (NULL, NULL, 0); + rv = p11_kit_iter_load_attributes (iter, attrs, 0); + assert (rv == CKR_OK); + p11_attrs_free (attrs); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_load_attributes_fail_first (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, }; + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_first; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_build (NULL, &label, NULL); + rv = p11_kit_iter_load_attributes (iter, attrs, 1); + assert (rv == CKR_FUNCTION_REJECTED); + p11_attrs_free (attrs); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_load_attributes_fail_late (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, }; + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_late; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_build (NULL, &label, NULL); + rv = p11_kit_iter_load_attributes (iter, attrs, 1); + assert (rv == CKR_FUNCTION_FAILED); + p11_attrs_free (attrs); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_many (void *flags) +{ + P11KitIterBehavior behavior; + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_dict *seen; + P11KitIter *iter; + CK_RV rv; + int count; + int i; + + static CK_OBJECT_CLASS data = CKO_DATA; + static CK_ATTRIBUTE object[] = { + { CKA_VALUE, "blah", 4 }, + { CKA_CLASS, &data, sizeof (data) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, + }; + + behavior = 0; + if (strstr (flags, "busy-sessions")) + behavior |= P11_KIT_ITER_BUSY_SESSIONS; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert_num_eq (rv, CKR_OK); + + rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + for (i = 0; i < 10000; i++) + mock_module_add_object (MOCK_SLOT_ONE_ID, object); + + seen = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, free, NULL); + iter = p11_kit_iter_new (NULL, behavior); + p11_kit_iter_add_filter (iter, object, 3); + p11_kit_iter_begin_with (iter, &mock_module, 0, session); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + handle = p11_kit_iter_get_object (iter); + assert (p11_dict_get (seen, &handle) == NULL); + if (!p11_dict_set (seen, memdup (&handle, sizeof (handle)), "x")) + assert_not_reached (); + count++; + } + + assert_num_eq (rv, CKR_CANCEL); + assert_num_eq (count, 10000); + + p11_kit_iter_free (iter); + p11_dict_free (seen); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_destroy_object (void) +{ + CK_FUNCTION_LIST **modules; + P11KitIter *iter; + CK_OBJECT_HANDLE object; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *module; + CK_ULONG size; + CK_RV rv; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); + + p11_kit_iter_begin (iter, modules); + + /* Should have matched */ + rv = p11_kit_iter_next (iter); + assert_num_eq (rv, CKR_OK); + + object = p11_kit_iter_get_object (iter); + session = p11_kit_iter_get_session (iter); + module = p11_kit_iter_get_module (iter); + + rv = (module->C_GetObjectSize) (session, object, &size); + assert_num_eq (rv, CKR_OK); + + rv = p11_kit_iter_destroy_object (iter); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_GetObjectSize) (session, object, &size); + assert_num_eq (rv, CKR_OBJECT_HANDLE_INVALID); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + mock_module_init (); + + p11_test (test_all, "/iter/test_all"); + p11_test (test_unrecognized, "/iter/test_unrecognized"); + p11_test (test_uri_with_type, "/iter/test_uri_with_type"); + p11_test (test_set_uri, "/iter/set-uri"); + p11_test (test_session_flags, "/iter/test_session_flags"); + p11_test (test_callback, "/iter/test_callback"); + p11_test (test_callback_fails, "/iter/test_callback_fails"); + p11_test (test_callback_destroyer, "/iter/test_callback_destroyer"); + p11_test (test_filter, "/iter/test_filter"); + p11_test (test_with_session, "/iter/test_with_session"); + p11_test (test_with_slot, "/iter/test_with_slot"); + p11_test (test_with_module, "/iter/test_with_module"); + p11_test (test_keep_session, "/iter/test_keep_session"); + p11_test (test_token_match, "/iter/test_token_match"); + p11_test (test_token_mismatch, "/iter/test_token_mismatch"); + p11_test (test_token_info, "/iter/token-info"); + p11_test (test_module_match, "/iter/test_module_match"); + p11_test (test_module_mismatch, "/iter/test_module_mismatch"); + p11_test (test_getslotlist_fail_first, "/iter/test_getslotlist_fail_first"); + p11_test (test_getslotlist_fail_late, "/iter/test_getslotlist_fail_late"); + p11_test (test_open_session_fail, "/iter/test_open_session_fail"); + p11_test (test_find_init_fail, "/iter/test_find_init_fail"); + p11_test (test_find_objects_fail, "/iter/test_find_objects_fail"); + p11_test (test_get_attributes, "/iter/get-attributes"); + p11_test (test_load_attributes, "/iter/test_load_attributes"); + p11_test (test_load_attributes_none, "/iter/test_load_attributes_none"); + p11_test (test_load_attributes_fail_first, "/iter/test_load_attributes_fail_first"); + p11_test (test_load_attributes_fail_late, "/iter/test_load_attributes_fail_late"); + p11_testx (test_many, "", "/iter/test-many"); + p11_testx (test_many, "busy-sessions", "/iter/test-many-busy"); + p11_test (test_destroy_object, "/iter/destroy-object"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-log.c b/p11-kit/test-log.c new file mode 100644 index 0000000..e7dab70 --- /dev/null +++ b/p11-kit/test-log.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2013 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "dict.h" +#include "library.h" +#include "log.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "virtual.h" + +#include +#include +#include +#include + +static CK_FUNCTION_LIST_PTR +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + p11_lock (); + p11_log_force = true; + + rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); + assert (rv == CKR_OK); + assert_ptr_not_null (module); + assert (p11_virtual_is_wrapper (module)); + + p11_unlock (); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + if (session) { + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, + CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return module; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST_PTR module) +{ + CK_RV rv; + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (module); + assert (rv == CKR_OK); + + p11_unlock (); +} + +/* Bring in all the mock module tests */ +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + mock_module_init (); + + test_mock_add_tests ("/log"); + + p11_kit_be_quiet (); + p11_log_output = false; + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-managed.c b/p11-kit/test-managed.c new file mode 100644 index 0000000..c4ccd9a --- /dev/null +++ b/p11-kit/test-managed.c @@ -0,0 +1,262 @@ +/* + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "dict.h" +#include "library.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include + +static CK_FUNCTION_LIST_PTR +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); + assert (rv == CKR_OK); + assert_ptr_not_null (module); + assert (p11_virtual_is_wrapper (module)); + + p11_unlock (); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + if (session) { + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, + CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return module; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST_PTR module) +{ + CK_RV rv; + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (module); + assert (rv == CKR_OK); + + p11_unlock (); +} + +static CK_RV +fail_C_Initialize (void *init_reserved) +{ + return CKR_FUNCTION_FAILED; +} + +static void +test_initialize_finalize (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); + assert (rv == CKR_OK); + assert_ptr_not_null (module); + assert (p11_virtual_is_wrapper (module)); + + p11_unlock (); + + rv = module->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = module->C_Initialize (NULL); + assert (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED); + + rv = module->C_Finalize (NULL); + assert (rv == CKR_OK); + + rv = module->C_Finalize (NULL); + assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (module); + assert (rv == CKR_OK); + + p11_unlock (); +} + +static void +test_initialize_fail (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_FUNCTION_LIST base; + CK_RV rv; + + memcpy (&base, &mock_module, sizeof (CK_FUNCTION_LIST)); + base.C_Initialize = fail_C_Initialize; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&base, 0, &module); + assert (rv == CKR_OK); + + p11_unlock (); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_FUNCTION_FAILED); +} + +static void +test_separate_close_all_sessions (void) +{ + CK_FUNCTION_LIST *first; + CK_FUNCTION_LIST *second; + CK_SESSION_HANDLE s1; + CK_SESSION_HANDLE s2; + CK_SESSION_INFO info; + CK_RV rv; + + first = setup_mock_module (&s1); + second = setup_mock_module (&s2); + + rv = first->C_GetSessionInfo (s1, &info); + assert (rv == CKR_OK); + + rv = second->C_GetSessionInfo (s2, &info); + assert (rv == CKR_OK); + + first->C_CloseAllSessions (MOCK_SLOT_ONE_ID); + assert (rv == CKR_OK); + + rv = first->C_GetSessionInfo (s1, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = second->C_GetSessionInfo (s2, &info); + assert (rv == CKR_OK); + + second->C_CloseAllSessions (MOCK_SLOT_ONE_ID); + assert (rv == CKR_OK); + + rv = first->C_GetSessionInfo (s1, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = second->C_GetSessionInfo (s2, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (first); + teardown_mock_module (second); +} + +static void +test_fork_and_reinitialize (void) +{ + CK_FUNCTION_LIST *module; + CK_INFO info; + int status; + CK_RV rv; + pid_t pid; + int i; + + module = setup_mock_module (NULL); + assert_ptr_not_null (module); + + pid = fork (); + assert_num_cmp (pid, >=, 0); + + /* The child */ + if (pid == 0) { + rv = (module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + for (i = 0; i < 32; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + rv = (module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + _exit (66); + } + + for (i = 0; i < 128; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + assert_num_eq (waitpid (pid, &status, 0), pid); + assert_num_eq (WEXITSTATUS (status), 66); + + teardown_mock_module (module); +} + +/* Bring in all the mock module tests */ +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + p11_library_init (); + + p11_test (test_initialize_finalize, "/managed/test_initialize_finalize"); + p11_test (test_initialize_fail, "/managed/test_initialize_fail"); + p11_test (test_separate_close_all_sessions, "/managed/test_separate_close_all_sessions"); + p11_test (test_fork_and_reinitialize, "/managed/fork-and-reinitialize"); + + test_mock_add_tests ("/managed"); + + p11_kit_be_quiet (); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c new file mode 100644 index 0000000..8454f1f --- /dev/null +++ b/p11-kit/test-mock.c @@ -0,0 +1,1685 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2012-2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "test.h" + +#include "library.h" +#include "mock.h" +#include "p11-kit.h" + +#include +#include +#include +#include + +static void +test_get_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_INFO info; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetInfo) (&info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (MOCK_INFO.cryptokiVersion.major, info.cryptokiVersion.major); + assert_num_eq (MOCK_INFO.cryptokiVersion.minor, info.cryptokiVersion.minor); + assert (memcmp (MOCK_INFO.manufacturerID, info.manufacturerID, sizeof (info.manufacturerID)) == 0); + assert_num_eq (MOCK_INFO.flags, info.flags); + assert (memcmp (MOCK_INFO.libraryDescription, info.libraryDescription, sizeof (info.libraryDescription)) == 0); + assert_num_eq (MOCK_INFO.libraryVersion.major, info.libraryVersion.major); + assert_num_eq (MOCK_INFO.libraryVersion.minor, info.libraryVersion.minor); + + teardown_mock_module (module); +} + +static void +test_get_slot_list (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot_list[8]; + CK_ULONG count = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + /* Normal module has 2 slots, one with token present */ + rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_PRESENT, count); + rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_ALL, count); + + count = 8; + rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_PRESENT, count); + assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); + + count = 8; + rv = (module->C_GetSlotList) (CK_FALSE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_ALL, count); + assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); + assert_num_eq (MOCK_SLOT_TWO_ID, slot_list[1]); + + teardown_mock_module (module); +} + +static void +test_get_slot_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_INFO info; + char *string; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info); + assert (rv == CKR_OK); + string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription)); + assert_str_eq ("TEST SLOT", string); + free (string); + string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); + assert_str_eq ("TEST MANUFACTURER", string); + free (string); + assert_num_eq (CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, info.flags); + assert_num_eq (55, info.hardwareVersion.major); + assert_num_eq (155, info.hardwareVersion.minor); + assert_num_eq (65, info.firmwareVersion.major); + assert_num_eq (165, info.firmwareVersion.minor); + + rv = (module->C_GetSlotInfo) (MOCK_SLOT_TWO_ID, &info); + assert (rv == CKR_OK); + assert_num_eq (CKF_REMOVABLE_DEVICE, info.flags); + + rv = (module->C_GetSlotInfo) (0, &info); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_token_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_TOKEN_INFO info; + char *string; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info); + assert (rv == CKR_OK); + + string = p11_kit_space_strdup (info.label, sizeof (info.label)); + assert_str_eq ("TEST LABEL", string); + free (string); + string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); + assert_str_eq ("TEST MANUFACTURER", string); + free (string); + string = p11_kit_space_strdup (info.model, sizeof (info.model)); + assert_str_eq ("TEST MODEL", string); + free (string); + string = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); + assert_str_eq ("TEST SERIAL", string); + free (string); + assert_num_eq (CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, info.flags); + assert_num_eq (1, info.ulMaxSessionCount); + assert_num_eq (2, info.ulSessionCount); + assert_num_eq (3, info.ulMaxRwSessionCount); + assert_num_eq (4, info.ulRwSessionCount); + assert_num_eq (5, info.ulMaxPinLen); + assert_num_eq (6, info.ulMinPinLen); + assert_num_eq (7, info.ulTotalPublicMemory); + assert_num_eq (8, info.ulFreePublicMemory); + assert_num_eq (9, info.ulTotalPrivateMemory); + assert_num_eq (10, info.ulFreePrivateMemory); + assert_num_eq (75, info.hardwareVersion.major); + assert_num_eq (175, info.hardwareVersion.minor); + assert_num_eq (85, info.firmwareVersion.major); + assert_num_eq (185, info.firmwareVersion.minor); + assert (memcmp (info.utcTime, "1999052509195900", sizeof (info.utcTime)) == 0); + + rv = (module->C_GetTokenInfo) (MOCK_SLOT_TWO_ID, &info); + assert (rv == CKR_TOKEN_NOT_PRESENT); + + rv = (module->C_GetTokenInfo) (0, &info); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_mechanism_list (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_MECHANISM_TYPE mechs[8]; + CK_ULONG count = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (2, count); + rv = (module->C_GetMechanismList) (MOCK_SLOT_TWO_ID, NULL, &count); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_GetMechanismList) (0, NULL, &count); + assert (rv == CKR_SLOT_ID_INVALID); + + count = 8; + rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, mechs, &count); + assert (rv == CKR_OK); + assert_num_eq (2, count); + assert_num_eq (mechs[0], CKM_MOCK_CAPITALIZE); + assert_num_eq (mechs[1], CKM_MOCK_PREFIX); + + teardown_mock_module (module); +} + +static void +test_get_mechanism_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_MECHANISM_INFO info; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (512, info.ulMinKeySize); + assert_num_eq (4096, info.ulMaxKeySize); + assert_num_eq (CKF_ENCRYPT | CKF_DECRYPT, info.flags); + + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_PREFIX, &info); + assert (rv == CKR_OK); + assert_num_eq (2048, info.ulMinKeySize); + assert_num_eq (2048, info.ulMaxKeySize); + assert_num_eq (CKF_SIGN | CKF_VERIFY, info.flags); + + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_TWO_ID, CKM_MOCK_PREFIX, &info); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, 0, &info); + assert (rv == CKR_MECHANISM_INVALID); + rv = (module->C_GetMechanismInfo) (0, CKM_MOCK_PREFIX, &info); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_init_token (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_OK); + + rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"OTHER", 5, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_PIN_INVALID); + rv = (module->C_InitToken) (MOCK_SLOT_TWO_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_InitToken) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_wait_for_slot_event (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot; + CK_RV rv; + +#ifdef MOCK_SKIP_WAIT_TEST + return; +#endif + + module = setup_mock_module (NULL); + + rv = (module->C_WaitForSlotEvent) (0, &slot, NULL); + assert (rv == CKR_OK); + assert_num_eq (slot, MOCK_SLOT_TWO_ID); + + rv = (module->C_WaitForSlotEvent) (CKF_DONT_BLOCK, &slot, NULL); + assert (rv == CKR_NO_EVENT); + + teardown_mock_module (module); +} + +static void +test_open_close_session (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_SLOT_ID_INVALID); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_CloseSession) (session); + assert (rv == CKR_OK); + + rv = (module->C_CloseSession) (session); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_close_all_sessions (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_CloseAllSessions) (MOCK_SLOT_ONE_ID); + assert (rv == CKR_OK); + + rv = (module->C_CloseSession) (session); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_function_status (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_GetFunctionStatus) (session); + assert (rv == CKR_FUNCTION_NOT_PARALLEL); + + teardown_mock_module (module); +} + +static void +test_cancel_function (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_CancelFunction) (session); + assert (rv == CKR_FUNCTION_NOT_PARALLEL); + + teardown_mock_module (module); +} + +static void +test_get_session_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_SESSION_INFO info; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetSessionInfo) (0, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_GetSessionInfo) (session, &info); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); + assert_num_eq (CKS_RO_PUBLIC_SESSION, info.state); + assert_num_eq (CKF_SERIAL_SESSION, info.flags); + assert_num_eq (1414, info.ulDeviceError); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_GetSessionInfo) (session, &info); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); + assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); + assert_num_eq (CKF_SERIAL_SESSION | CKF_RW_SESSION, info.flags); + assert_num_eq (1414, info.ulDeviceError); + + teardown_mock_module (module); +} + +static void +test_init_pin (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_InitPIN) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_OK); + + rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"OTHER", 5); + assert (rv == CKR_PIN_INVALID); + + teardown_mock_module (module); +} + +static void +test_set_pin (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_OK); + + rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5); + assert (rv == CKR_PIN_INCORRECT); + + teardown_mock_module (module); +} + +static void +test_operation_state (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_BYTE state[128]; + CK_ULONG state_len; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + state_len = sizeof (state); + rv = (module->C_GetOperationState) (0, state, &state_len); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + state_len = sizeof (state); + rv = (module->C_GetOperationState) (session, state, &state_len); + assert (rv == CKR_OK); + + rv = (module->C_SetOperationState) (session, state, state_len, 355, 455); + assert (rv == CKR_OK); + + rv = (module->C_SetOperationState) (0, state, state_len, 355, 455); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_login_logout (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2); + assert (rv == CKR_PIN_INCORRECT); + + rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_Logout) (session); + assert (rv == CKR_OK); + + rv = (module->C_Logout) (session); + assert (rv == CKR_USER_NOT_LOGGED_IN); + + teardown_mock_module (module); +} + +static void +test_get_attribute_value (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_OBJECT_CLASS klass; + CK_RV rv; + + module = setup_mock_module (&session); + + attrs[0].type = CKA_CLASS; + attrs[0].pValue = &klass; + attrs[0].ulValueLen = sizeof (klass); + attrs[1].type = CKA_LABEL; + attrs[1].pValue = label; + attrs[1].ulValueLen = 2; /* too small */ + attrs[2].type = CKA_BITS_PER_PIXEL; + attrs[2].pValue = NULL; + attrs[2].ulValueLen = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 3); + assert (rv == CKR_USER_NOT_LOGGED_IN); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_BUFFER_TOO_SMALL); + + /* Get right size */ + attrs[1].pValue = NULL; + attrs[1].ulValueLen = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_OK); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); + assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); + + assert_num_eq (CKO_PUBLIC_KEY, klass); + assert_num_eq (21, attrs[1].ulValueLen); + assert_ptr_eq (NULL, attrs[1].pValue); + attrs[1].pValue = label; + attrs[1].ulValueLen = sizeof (label); + assert ((CK_ULONG)-1 == attrs[2].ulValueLen); + assert_ptr_eq (NULL, attrs[2].pValue); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); + assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); + + assert_num_eq (CKO_PUBLIC_KEY, klass); + assert_num_eq (21, attrs[1].ulValueLen); + assert_ptr_eq (label, attrs[1].pValue); + assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); + assert ((CK_ULONG)-1 == attrs[2].ulValueLen); + assert_ptr_eq (NULL, attrs[2].pValue); + + teardown_mock_module (module); +} + +static void +test_set_attribute_value (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_USER_NOT_LOGGED_IN); + + rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_OK); + + memset (label, 0, sizeof (label)); + bits = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_create_object (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_CreateObject) (0, attrs, 2, &object); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_CreateObject) (session, attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + + rv = (module->C_GetAttributeValue) (session, object, attrs, 2); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_copy_object (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + bits = 1555; + + attrs[0].type = CKA_BITS_PER_PIXEL; + attrs[0].pValue = &bits; + attrs[0].ulValueLen = sizeof (bits); + + rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + rv = (module->C_CopyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1, &object); + assert (rv == CKR_OK); + + attrs[1].type = CKA_LABEL; + attrs[1].pValue = label; + attrs[1].ulValueLen = sizeof (label); + bits = 0; + + rv = (module->C_GetAttributeValue) (session, object, attrs, 2); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (21, attrs[1].ulValueLen); + assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_destroy_object (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_RV rv; + + module = setup_mock_module (&session); + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = sizeof (label); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); + assert (rv == CKR_OK); + + rv = (module->C_DestroyObject) (0, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_DestroyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_object_size (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ULONG size; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_GetObjectSize) (session, 1333, &size); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + rv = (module->C_GetObjectSize) (session, MOCK_PUBLIC_KEY_CAPITALIZE, &size); + assert (rv == CKR_OK); + + /* The number here is the length of all attributes added up */ + assert_num_eq (sizeof (CK_ULONG) == 8 ? 44 : 36, size); + + teardown_mock_module (module); +} + +static void +test_find_objects (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; + CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) }; + CK_OBJECT_HANDLE objects[16]; + CK_ULONG count; + CK_ULONG i; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_FindObjectsInit) (0, &attr, 1); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_FindObjectsInit) (session, &attr, 1); + assert (rv == CKR_OK); + + rv = (module->C_FindObjects) (0, objects, 16, &count); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_FindObjects) (session, objects, 16, &count); + assert (rv == CKR_OK); + + assert (count < 16); + + /* Make sure we get the capitalize public key */ + for (i = 0; i < count; i++) { + if (objects[i] == MOCK_PUBLIC_KEY_CAPITALIZE) + break; + } + assert (i != count); + + /* Make sure we get the prefix public key */ + for (i = 0; i < count; i++) { + if (objects[i] == MOCK_PUBLIC_KEY_PREFIX) + break; + } + assert (i != count); + + /* Make sure all public keys */ + for (i = 0; i < count; i++) { + klass = (CK_ULONG)-1; + rv = (module->C_GetAttributeValue) (session, objects[i], &attr, 1); + assert (rv == CKR_OK); + assert_num_eq (CKO_PUBLIC_KEY, klass); + } + + rv = (module->C_FindObjectsFinal) (session); + assert (rv == CKR_OK); + + rv = (module->C_FindObjectsFinal) (session); + assert (rv == CKR_OPERATION_NOT_INITIALIZED); + + teardown_mock_module (module); +} + +static void +test_encrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_KEY_HANDLE_INVALID); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLAH", 4) == 0); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (5, length); + assert (memcmp (data, "SLURM", 5) == 0); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (0, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_decrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_KEY_HANDLE_INVALID); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "blah", 4) == 0); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (5, length); + assert (memcmp (data, "slurm", 5) == 0); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (0, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_digest (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 }; + CK_BYTE digest[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_DigestInit) (0, &mech); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_DigestInit) (session, &mech); + assert (rv == CKR_OK); + + length = sizeof (digest); + rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (digest); + rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); + assert (rv == CKR_OK); + + assert_num_eq (1, length); + assert (memcmp (digest, "4", 1) == 0); + + rv = (module->C_DigestInit) (session, &mech); + assert (rv == CKR_OK); + + rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); + assert (rv == CKR_OK); + + /* Adds the the value of object handle to hash: 6 */ + assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX); + rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5); + assert (rv == CKR_OK); + + length = sizeof (digest); + rv = (module->C_DigestFinal) (0, digest, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (digest); + rv = (module->C_DigestFinal) (session, digest, &length); + assert (rv == CKR_OK); + + assert_num_eq (2, length); + assert (memcmp (digest, "16", 2) == 0); + + teardown_mock_module (module); +} + +static void +test_sign (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE signature[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + length = sizeof (signature); + rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (signature); + rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); + assert (rv == CKR_OK); + + assert_num_eq (13, length); + assert (memcmp (signature, "prefix:value4", 13) == 0); + + rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); + assert (rv == CKR_OK); + + rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5); + assert (rv == CKR_OK); + + length = sizeof (signature); + rv = (module->C_SignFinal) (0, signature, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (signature); + rv = (module->C_SignFinal) (session, signature, &length); + assert (rv == CKR_OK); + + assert_num_eq (14, length); + assert (memcmp (signature, "prefix:value10", 2) == 0); + + teardown_mock_module (module); +} + +static void +test_sign_recover (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE signature[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + length = sizeof (signature); + rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (signature); + rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); + assert (rv == CKR_OK); + + assert_num_eq (16, length); + assert (memcmp (signature, "prefix:valueBLAh", 16) == 0); + + teardown_mock_module (module); +} + +static void +test_verify (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE signature[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + length = 13; + memcpy (signature, "prefix:value4", length); + rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length); + assert (rv == CKR_OK); + + rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); + assert (rv == CKR_OK); + + rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5); + assert (rv == CKR_OK); + + length = 14; + memcpy (signature, "prefix:value10", length); + + rv = (module->C_VerifyFinal) (session, signature, 5); + assert (rv == CKR_SIGNATURE_LEN_RANGE); + + rv = (module->C_VerifyFinal) (session, signature, length); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_verify_recover (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLah", 4) == 0); + + teardown_mock_module (module); +} + +static void +test_digest_encrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_DigestInit) (session, &dmech); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLAH", 4) == 0); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DigestFinal) (session, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (1, length); + assert (memcmp (data, "4", 1) == 0); + + teardown_mock_module (module); +} + +static void +test_decrypt_digest (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_DigestInit) (session, &dmech); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "blah", 4) == 0); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DigestFinal) (session, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (1, length); + assert (memcmp (data, "4", 1) == 0); + + teardown_mock_module (module); +} + +static void +test_sign_encrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM smech = { CKM_MOCK_PREFIX, "p:", 2 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLAH", 4) == 0); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_SignFinal) (session, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (8, length); + assert (memcmp (data, "p:value4", 1) == 0); + + teardown_mock_module (module); +} + +static void +test_decrypt_verify (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM vmech = { CKM_MOCK_PREFIX, "p:", 2 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "blah", 4) == 0); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_generate_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_MECHANISM mech = { CKM_MOCK_GENERATE, NULL, 0 }; + CK_ATTRIBUTE attrs[8]; + char label[32]; + char value[64]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "generate"; + mech.ulParameterLen = 9; + + rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + attrs[2].type = CKA_VALUE; + attrs[2].pValue = value; + attrs[2].ulValueLen = sizeof (value); + + rv = (module->C_GetAttributeValue) (session, object, attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + assert_num_eq (9, attrs[2].ulValueLen); + assert (memcmp (value, "generated", attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_generate_key_pair (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE pub_object; + CK_OBJECT_HANDLE priv_object; + CK_MECHANISM mech = { CKM_MOCK_GENERATE, "generated", 9 }; + CK_ATTRIBUTE pub_attrs[8]; + CK_ATTRIBUTE priv_attrs[8]; + char pub_label[32]; + char pub_value[64]; + char priv_label[32]; + char priv_value[64]; + CK_ULONG pub_bits; + CK_ULONG priv_bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (pub_label, "Blahooo"); + pub_bits = 1555; + pub_attrs[0].type = CKA_LABEL; + pub_attrs[0].pValue = pub_label; + pub_attrs[0].ulValueLen = strlen (pub_label); + pub_attrs[1].type = CKA_BITS_PER_PIXEL; + pub_attrs[1].pValue = &pub_bits; + pub_attrs[1].ulValueLen = sizeof (pub_bits); + + strcpy (priv_label, "Private"); + priv_bits = 1666; + priv_attrs[0].type = CKA_LABEL; + priv_attrs[0].pValue = priv_label; + priv_attrs[0].ulValueLen = strlen (priv_label); + priv_attrs[1].type = CKA_BITS_PER_PIXEL; + priv_attrs[1].pValue = &priv_bits; + priv_attrs[1].ulValueLen = sizeof (priv_bits); + + rv = (module->C_GenerateKeyPair) (0, &mech, pub_attrs, 2, priv_attrs, 2, + &pub_object, &priv_object); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + mech.pParameter = "generate"; + mech.ulParameterLen = 9; + + rv = (module->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 2, + &pub_object, &priv_object); + assert (rv == CKR_OK); + + pub_bits = 0; + pub_attrs[0].ulValueLen = sizeof (pub_label); + memset (pub_label, 0, sizeof (pub_label)); + pub_attrs[2].type = CKA_VALUE; + pub_attrs[2].pValue = pub_value; + pub_attrs[2].ulValueLen = sizeof (pub_value); + + rv = (module->C_GetAttributeValue) (session, pub_object, pub_attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (1555, pub_bits); + assert_num_eq (7, pub_attrs[0].ulValueLen); + assert (memcmp (pub_label, "Blahooo", pub_attrs[0].ulValueLen) == 0); + assert_num_eq (9, pub_attrs[2].ulValueLen); + assert (memcmp (pub_value, "generated", pub_attrs[2].ulValueLen) == 0); + + priv_bits = 0; + priv_attrs[0].ulValueLen = sizeof (priv_label); + memset (priv_label, 0, sizeof (priv_label)); + priv_attrs[2].type = CKA_VALUE; + priv_attrs[2].pValue = priv_value; + priv_attrs[2].ulValueLen = sizeof (priv_value); + + rv = (module->C_GetAttributeValue) (session, priv_object, priv_attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (1666, priv_bits); + assert_num_eq (7, priv_attrs[0].ulValueLen); + assert (memcmp (priv_label, "Private", priv_attrs[0].ulValueLen) == 0); + assert_num_eq (9, priv_attrs[2].ulValueLen); + assert (memcmp (priv_value, "generated", priv_attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_wrap_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + length = sizeof (data); + rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "wrap"; + mech.ulParameterLen = 4; + + rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (5, length); + assert (memcmp (data, "value", 5) == 0); + + teardown_mock_module (module); +} + +static void +test_unwrap_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; + CK_ATTRIBUTE attrs[8]; + char label[32]; + char value[64]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "wrap"; + mech.ulParameterLen = 4; + + rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + attrs[2].type = CKA_VALUE; + attrs[2].pValue = value; + attrs[2].ulValueLen = sizeof (value); + + rv = (module->C_GetAttributeValue) (session, object, attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (value, "wheee", attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_derive_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_MECHANISM mech = { CKM_MOCK_DERIVE, NULL, 0 }; + CK_ATTRIBUTE attrs[8]; + char label[32]; + char value[64]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + attrs, 2, &object); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "derive"; + mech.ulParameterLen = 6; + + rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + attrs[2].type = CKA_VALUE; + attrs[2].pValue = value; + attrs[2].ulValueLen = sizeof (value); + + rv = (module->C_GetAttributeValue) (session, object, attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + assert_num_eq (7, attrs[2].ulValueLen); + assert (memcmp (value, "derived", attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_random (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_BYTE data[10]; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_SeedRandom) (0, (CK_BYTE_PTR)"seed", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SeedRandom) (session, (CK_BYTE_PTR)"seed", 4); + assert (rv == CKR_OK); + + rv = (module->C_GenerateRandom) (0, data, sizeof (data)); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_GenerateRandom) (session, data, sizeof (data)); + assert (rv == CKR_OK); + + assert (memcmp (data, "seedseedse", sizeof (data)) == 0); + + teardown_mock_module (module); +} + +static void +test_mock_add_tests (const char *prefix) +{ + p11_fixture (NULL, NULL); + p11_test (test_get_info, "%s/test_get_info", prefix); + p11_test (test_get_slot_list, "%s/test_get_slot_list", prefix); + p11_test (test_get_slot_info, "%s/test_get_slot_info", prefix); + p11_test (test_get_token_info, "%s/test_get_token_info", prefix); + p11_test (test_get_mechanism_list, "%s/test_get_mechanism_list", prefix); + p11_test (test_get_mechanism_info, "%s/test_get_mechanism_info", prefix); + p11_test (test_init_token, "%s/test_init_token", prefix); + p11_test (test_wait_for_slot_event, "%s/test_wait_for_slot_event", prefix); + p11_test (test_open_close_session, "%s/test_open_close_session", prefix); + p11_test (test_close_all_sessions, "%s/test_close_all_sessions", prefix); + p11_test (test_get_function_status, "%s/test_get_function_status", prefix); + p11_test (test_cancel_function, "%s/test_cancel_function", prefix); + p11_test (test_get_session_info, "%s/test_get_session_info", prefix); + p11_test (test_init_pin, "%s/test_init_pin", prefix); + p11_test (test_set_pin, "%s/test_set_pin", prefix); + p11_test (test_operation_state, "%s/test_operation_state", prefix); + p11_test (test_login_logout, "%s/test_login_logout", prefix); + p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); + p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); + p11_test (test_create_object, "%s/test_create_object", prefix); + p11_test (test_copy_object, "%s/test_copy_object", prefix); + p11_test (test_destroy_object, "%s/test_destroy_object", prefix); + p11_test (test_get_object_size, "%s/test_get_object_size", prefix); + p11_test (test_find_objects, "%s/test_find_objects", prefix); + p11_test (test_encrypt, "%s/test_encrypt", prefix); + p11_test (test_decrypt, "%s/test_decrypt", prefix); + p11_test (test_digest, "%s/test_digest", prefix); + p11_test (test_sign, "%s/test_sign", prefix); + p11_test (test_sign_recover, "%s/test_sign_recover", prefix); + p11_test (test_verify, "%s/test_verify", prefix); + p11_test (test_verify_recover, "%s/test_verify_recover", prefix); + p11_test (test_digest_encrypt, "%s/test_digest_encrypt", prefix); + p11_test (test_decrypt_digest, "%s/test_decrypt_digest", prefix); + p11_test (test_sign_encrypt, "%s/test_sign_encrypt", prefix); + p11_test (test_decrypt_verify, "%s/test_decrypt_verify", prefix); + p11_test (test_generate_key, "%s/test_generate_key", prefix); + p11_test (test_generate_key_pair, "%s/test_generate_key_pair", prefix); + p11_test (test_wrap_key, "%s/test_wrap_key", prefix); + p11_test (test_unwrap_key, "%s/test_unwrap_key", prefix); + p11_test (test_derive_key, "%s/test_derive_key", prefix); + p11_test (test_random, "%s/test_random", prefix); +} diff --git a/p11-kit/test-modules.c b/p11-kit/test-modules.c new file mode 100644 index 0000000..f274502 --- /dev/null +++ b/p11-kit/test-modules.c @@ -0,0 +1,415 @@ +/* + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include + +#include "debug.h" +#include "library.h" +#include "p11-kit.h" +#include "private.h" +#include "dict.h" + +static CK_FUNCTION_LIST_PTR_PTR +initialize_and_get_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL && modules[0] != NULL); + + return modules; +} + +static void +finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) +{ + p11_kit_modules_finalize_and_release (modules); +} + +static void +test_no_duplicates (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + p11_dict *paths; + p11_dict *funcs; + char *path; + int i; + + modules = initialize_and_get_modules (); + paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + + /* The loaded modules should not contain duplicates */ + for (i = 0; modules[i] != NULL; i++) { + path = p11_kit_config_option (modules[i], "module"); + + if (p11_dict_get (funcs, modules[i])) + assert_fail ("found duplicate function list pointer", NULL); + if (p11_dict_get (paths, path)) + assert_fail ("found duplicate path name", NULL); + + if (!p11_dict_set (funcs, modules[i], "")) + assert_not_reached (); + if (!p11_dict_set (paths, path, "")) + assert_not_reached (); + + free (path); + } + + p11_dict_free (paths); + p11_dict_free (funcs); + finalize_and_free_modules (modules); +} + +static CK_FUNCTION_LIST_PTR +lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, + const char *name) +{ + CK_FUNCTION_LIST_PTR match = NULL; + CK_FUNCTION_LIST_PTR module; + char *module_name; + int i; + + for (i = 0; match == NULL && modules[i] != NULL; i++) { + module_name = p11_kit_module_get_name (modules[i]); + assert_ptr_not_null (module_name); + if (strcmp (module_name, name) == 0) + match = modules[i]; + free (module_name); + } + + /* + * As a side effect, we should check that the results of this function + * matches the above search. + */ + module = p11_kit_module_for_name (modules, name); + if (module != match) + assert_fail ("different result from p11_kit_module_for_name ()", NULL); + + return match; +} + +static void +test_disable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module four should be present, as we don't match any prognames + * that it has disabled. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") != NULL); + finalize_and_free_modules (modules); + + /* + * The module two shouldn't have been loaded, because in its config + * file we have: + * + * disable-in: test-disable + */ + + p11_kit_set_progname ("test-disable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_disable_later (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module two shouldn't be matched, because in its config + * file we have: + * + * disable-in: test-disable + */ + + p11_kit_set_progname ("test-disable"); + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL && modules[0] != NULL); + + assert (lookup_module_with_name (modules, "two") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_enable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") == NULL); + finalize_and_free_modules (modules); + + /* + * The module three should be loaded here , because in its config + * file we have: + * + * enable-in: test-enable + */ + + p11_kit_set_progname ("test-enable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") != NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_priority (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + char *name; + int i; + + /* + * The expected order. + * - four is marked with a priority of 4, the highest therefore first + * - three is marked with a priority of 3, next highest + * - one and two do not have priority marked, so they default to zero + * and fallback to sorting alphabetically. 'o' comes before 't' + */ + + const char *expected[] = { "four", "three", "one", "two.badname" }; + + /* This enables module three */ + p11_kit_set_progname ("test-enable"); + + modules = initialize_and_get_modules (); + + /* The loaded modules should not contain duplicates */ + for (i = 0; modules[i] != NULL; i++) { + name = p11_kit_module_get_name (modules[i]); + assert_ptr_not_null (name); + + /* Either one of these can be loaded, as this is a duplicate module */ + if (strcmp (name, "two-duplicate") == 0) { + free (name); + name = strdup ("two.badname"); + } + + assert_str_eq (expected[i], name); + free (name); + } + + assert_num_eq (4, i); + finalize_and_free_modules (modules); +} + +static void +test_module_name (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_FUNCTION_LIST_PTR module; + char *name; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + + module = p11_kit_module_for_name (modules, "one"); + assert_ptr_not_null (module); + name = p11_kit_module_get_name (module); + assert_str_eq ("one", name); + free (name); + + module = p11_kit_module_for_name (modules, "invalid"); + assert_ptr_eq (NULL, module); + + module = p11_kit_module_for_name (NULL, "one"); + assert_ptr_eq (NULL, module); + + finalize_and_free_modules (modules); +} + +static void +test_module_flags (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST **unmanaged; + int flags; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + + flags = p11_kit_module_get_flags (modules[0]); + assert_num_eq (0, flags); + + unmanaged = p11_kit_modules_load (NULL, P11_KIT_MODULE_UNMANAGED); + assert (unmanaged != NULL && unmanaged[0] != NULL); + + flags = p11_kit_module_get_flags (unmanaged[0]); + assert_num_eq (P11_KIT_MODULE_UNMANAGED, flags); + + finalize_and_free_modules (modules); + p11_kit_modules_release (unmanaged); +} + +static void +test_module_trusted_only (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + char *name; + + modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); + assert_ptr_not_null (modules); + assert_ptr_not_null (modules[0]); + assert (modules[1] == NULL); + + name = p11_kit_module_get_name (modules[0]); + assert_str_eq (name, "one"); + free (name); + + assert_num_eq (p11_kit_module_get_flags (modules[0]), P11_KIT_MODULE_TRUSTED); + + finalize_and_free_modules (modules); +} + +static void +test_module_trust_flags (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + char *name; + int flags; + int i; + + modules = initialize_and_get_modules (); + assert_ptr_not_null (modules); + + for (i = 0; modules[i] != NULL; i++) { + name = p11_kit_module_get_name (modules[i]); + assert_ptr_not_null (name); + + flags = p11_kit_module_get_flags (modules[i]); + if (strcmp (name, "one") == 0) { + assert_num_eq (flags, P11_KIT_MODULE_TRUSTED); + } else { + assert_num_eq (flags, 0); + } + + free (name); + } + + finalize_and_free_modules (modules); +} + +static void +test_config_option (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_FUNCTION_LIST_PTR module; + char *value; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + + value = p11_kit_config_option (NULL, "new"); + assert_str_eq ("world", value); + free (value); + + module = p11_kit_module_for_name (modules, "one"); + assert_ptr_not_null (module); + + value = p11_kit_config_option (module, "setting"); + assert_str_eq ("user1", value); + free (value); + + value = p11_kit_config_option (NULL, "invalid"); + assert_ptr_eq (NULL, value); + + value = p11_kit_config_option (module, "invalid"); + assert_ptr_eq (NULL, value); + + /* Invalid but non-NULL module pointer */ + value = p11_kit_config_option (module + 1, "setting"); + assert_ptr_eq (NULL, value); + + finalize_and_free_modules (modules); +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + + p11_test (test_no_duplicates, "/modules/test_no_duplicates"); + p11_test (test_disable, "/modules/test_disable"); + p11_test (test_disable_later, "/modules/test_disable_later"); + p11_test (test_enable, "/modules/test_enable"); + p11_test (test_priority, "/modules/test_priority"); + p11_test (test_module_name, "/modules/test_module_name"); + p11_test (test_module_flags, "/modules/test_module_flags"); + p11_test (test_config_option, "/modules/test_config_option"); + p11_test (test_module_trusted_only, "/modules/trusted-only"); + p11_test (test_module_trust_flags, "/modules/trust-flags"); + + p11_kit_be_quiet (); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-pin.c b/p11-kit/test-pin.c new file mode 100644 index 0000000..27e20c8 --- /dev/null +++ b/p11-kit/test-pin.c @@ -0,0 +1,313 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "library.h" + +#include +#include +#include +#include +#include + +#include "p11-kit/pin.h" +#include "p11-kit/private.h" + +static P11KitPin * +callback_one (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, + P11KitPinFlags pin_flags, void *callback_data) +{ + int *data = callback_data; + assert (*data == 33); + return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("one"), 3, free); +} + +static P11KitPin* +callback_other (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, + P11KitPinFlags pin_flags, void *callback_data) +{ + char *data = callback_data; + return p11_kit_pin_new_for_string (data); +} + +static void +destroy_data (void *callback_data) +{ + int *data = callback_data; + (*data)++; +} + +static void +test_pin_register_unregister (void) +{ + int data = 33; + + p11_kit_pin_register_callback ("/the/pin_source", callback_one, + &data, destroy_data); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, + &data); + + assert_num_eq (34, data); +} + +static void +test_pin_read (void) +{ + P11KitUri *uri; + P11KitPin *pin; + int data = 33; + size_t length; + const unsigned char *ptr; + + p11_kit_pin_register_callback ("/the/pin_source", callback_one, + &data, destroy_data); + + uri = p11_kit_uri_new (); + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + p11_kit_uri_free (uri); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (3, length); + assert (memcmp (ptr, "one", 3) == 0); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, + &data); + + p11_kit_pin_unref (pin); +} + +static void +test_pin_read_no_match (void) +{ + P11KitUri *uri; + P11KitPin *pin; + + uri = p11_kit_uri_new (); + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + p11_kit_uri_free (uri); + + assert_ptr_eq (NULL, pin); +} + +static void +test_pin_register_duplicate (void) +{ + P11KitUri *uri; + P11KitPin *pin; + char *value = "secret"; + int data = 33; + size_t length; + const unsigned char *ptr; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback ("/the/pin_source", callback_one, + &data, destroy_data); + + p11_kit_pin_register_callback ("/the/pin_source", callback_other, + value, NULL); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (6, length); + assert (memcmp (ptr, "secret", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, + value); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (3, length); + assert (memcmp (ptr, "one", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, + &data); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_eq (NULL, pin); + + p11_kit_uri_free (uri); +} + +static void +test_pin_register_fallback (void) +{ + char *value = "secret"; + P11KitUri *uri; + P11KitPin *pin; + int data = 33; + size_t length; + const unsigned char *ptr; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, callback_one, + &data, destroy_data); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (3, length); + assert (memcmp (ptr, "one", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_register_callback ("/the/pin_source", callback_other, + value, NULL); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (6, length); + assert (memcmp (ptr, "secret", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, + value); + + p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, callback_one, + &data); + + p11_kit_uri_free (uri); +} + +static void +test_pin_file (void) +{ + P11KitUri *uri; + P11KitPin *pin; + size_t length; + const unsigned char *ptr; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL, NULL); + + pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (12, length); + assert (memcmp (ptr, "yogabbagabba", length) == 0); + p11_kit_pin_unref (pin); + + pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/nonexistant", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_eq (NULL, pin); + + p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL); + + p11_kit_uri_free (uri); +} + +static void +test_pin_file_large (void) +{ + P11KitUri *uri; + P11KitPin *pin; + int error; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL, NULL); + + pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile-large", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + error = errno; + assert_ptr_eq (NULL, pin); + assert_num_eq (EFBIG, error); + + p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL); + + p11_kit_uri_free (uri); +} + +static void +test_pin_ref_unref (void) +{ + P11KitPin *pin; + P11KitPin *check; + + pin = p11_kit_pin_new_for_string ("crack of lies"); + + check = p11_kit_pin_ref (pin); + assert_ptr_eq (pin, check); + + p11_kit_pin_unref (pin); + p11_kit_pin_unref (check); +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + + p11_test (test_pin_register_unregister, "/pin/test_pin_register_unregister"); + p11_test (test_pin_read, "/pin/test_pin_read"); + p11_test (test_pin_read_no_match, "/pin/test_pin_read_no_match"); + p11_test (test_pin_register_duplicate, "/pin/test_pin_register_duplicate"); + p11_test (test_pin_register_fallback, "/pin/test_pin_register_fallback"); + p11_test (test_pin_file, "/pin/test_pin_file"); + p11_test (test_pin_file_large, "/pin/test_pin_file_large"); + p11_test (test_pin_ref_unref, "/pin/test_pin_ref_unref"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-progname.c b/p11-kit/test-progname.c new file mode 100644 index 0000000..76b136d --- /dev/null +++ b/p11-kit/test-progname.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "library.h" + +#include +#include +#include +#include + +#include "p11-kit/uri.h" +#include "p11-kit/p11-kit.h" +#include "p11-kit/private.h" + +static void +test_progname_default (void) +{ + const char *progname; + + progname = _p11_get_progname_unlocked (); + assert_str_eq ("test-progname", progname); +} + +static void +test_progname_set (void) +{ + const char *progname; + + p11_kit_set_progname ("love-generation"); + + progname = _p11_get_progname_unlocked (); + assert_str_eq ("love-generation", progname); + + _p11_set_progname_unlocked (NULL); + + progname = _p11_get_progname_unlocked (); + assert_str_eq ("test-progname", progname); +} + +/* Defined in util.c */ +extern char p11_my_progname[]; + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + + p11_test (test_progname_default, "/progname/test_progname_default"); + p11_test (test_progname_set, "/progname/test_progname_set"); + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-proxy.c b/p11-kit/test-proxy.c new file mode 100644 index 0000000..bf5007d --- /dev/null +++ b/p11-kit/test-proxy.c @@ -0,0 +1,195 @@ +/* + * Copyright (c) 2013 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define CRYPTOKI_EXPORTS + +#include "config.h" +#include "test.h" + +#include "library.h" +#include "mock.h" +#include "p11-kit.h" +#include "pkcs11.h" +#include "proxy.h" + +#include + +#include +#include +#include +#include +#include +#include +#include + +/* This is the proxy module entry point in proxy.c, and linked to this test */ +CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list); + +static CK_SLOT_ID mock_slot_one_id; +static CK_SLOT_ID mock_slot_two_id; +static CK_ULONG mock_slots_present; +static CK_ULONG mock_slots_all; + +static void +test_initialize_finalize (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert (rv == CKR_OK); + + p11_proxy_module_cleanup (); +} + +static void +test_initialize_multiple (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); + + p11_proxy_module_cleanup (); +} + +static CK_FUNCTION_LIST_PTR +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_SLOT_ID slots[32]; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + mock_slots_all = 32; + rv = proxy->C_GetSlotList (CK_FALSE, slots, &mock_slots_all); + assert (rv == CKR_OK); + assert (mock_slots_all >= 2); + + /* Assume this is the slot we want to deal with */ + mock_slot_one_id = slots[0]; + mock_slot_two_id = slots[1]; + + rv = proxy->C_GetSlotList (CK_TRUE, NULL, &mock_slots_present); + assert (rv == CKR_OK); + assert (mock_slots_present > 1); + + if (session) { + rv = (proxy->C_OpenSession) (mock_slot_one_id, + CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return proxy; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST_PTR module) +{ + CK_RV rv; + + rv = module->C_Finalize (NULL); + assert (rv == CKR_OK); +} + +/* + * We redefine the mock module slot id so that the tests in test-mock.c + * use the proxy mapped slot id rather than the hard coded one + */ +#define MOCK_SLOT_ONE_ID mock_slot_one_id +#define MOCK_SLOT_TWO_ID mock_slot_two_id +#define MOCK_SLOTS_PRESENT mock_slots_present +#define MOCK_SLOTS_ALL mock_slots_all +#define MOCK_INFO mock_info +#define MOCK_SKIP_WAIT_TEST + +static const CK_INFO mock_info = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, + "PKCS#11 Kit ", + 0, + "PKCS#11 Kit Proxy Module ", + { 1, 1 } +}; + +/* Bring in all the mock module tests */ +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + p11_kit_be_quiet (); + + p11_test (test_initialize_finalize, "/proxy/initialize-finalize"); + p11_test (test_initialize_multiple, "/proxy/initialize-multiple"); + + test_mock_add_tests ("/proxy"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-rpc.c b/p11-kit/test-rpc.c new file mode 100644 index 0000000..0ce2c55 --- /dev/null +++ b/p11-kit/test-rpc.c @@ -0,0 +1,1061 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "debug.h" +#include "library.h" +#include "message.h" +#include "mock.h" +#include "p11-kit.h" +#include "private.h" +#include "rpc.h" +#include "rpc-message.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include + +static void +test_new_free (void) +{ + p11_buffer *buf; + + buf = p11_rpc_buffer_new (0); + + assert_ptr_not_null (buf->data); + assert_num_eq (0, buf->len); + assert_num_eq (0, buf->flags); + assert (buf->size == 0); + assert_ptr_not_null (buf->ffree); + assert_ptr_not_null (buf->frealloc); + + p11_rpc_buffer_free (buf); +} + +static void +test_uint16 (void) +{ + p11_buffer buffer; + uint16_t val = 0xFFFF; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + next = 0; + ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (0xFFFF, val); + + p11_buffer_reset (&buffer, 0); + + ret = p11_rpc_buffer_set_uint16 (&buffer, 0, 0x6789); + assert_num_eq (false, ret); + + p11_buffer_reset (&buffer, 0); + + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_uint16 (&buffer, 0x6789); + assert_num_eq (9, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (9, next); + assert_num_eq (0x6789, val); + + p11_buffer_uninit (&buffer); +} + +static void +test_uint16_static (void) +{ + p11_buffer buf = { (unsigned char *)"pad0\x67\x89", 6, }; + uint16_t val = 0xFFFF; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_uint16 (&buf, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (6, next); + assert_num_eq (0x6789, val); +} + +static void +test_uint32 (void) +{ + p11_buffer buffer; + uint32_t val = 0xFFFFFFFF; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + next = 0; + ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (0xFFFFFFFF, val); + + p11_buffer_reset (&buffer, 0); + + ret = p11_rpc_buffer_set_uint32 (&buffer, 0, 0x12345678); + assert_num_eq (false, ret); + + p11_buffer_reset (&buffer, 0); + + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_uint32 (&buffer, 0x12345678); + assert_num_eq (11, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (11, next); + assert_num_eq (0x12345678, val); + + p11_buffer_uninit (&buffer); +} + +static void +test_uint32_static (void) +{ + p11_buffer buf = { (unsigned char *)"pad0\x23\x45\x67\x89", 8, }; + uint32_t val = 0xFFFFFFFF; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_uint32 (&buf, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (8, next); + assert_num_eq (0x23456789, val); +} + +static void +test_uint64 (void) +{ + p11_buffer buffer; + uint64_t val = 0xFFFFFFFFFFFFFFFF; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + next = 0; + ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); + assert_num_eq (0, ret); + assert_num_eq (0, next); + assert (0xFFFFFFFFFFFFFFFF == val); + + p11_buffer_reset (&buffer, 0); + + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_uint64 (&buffer, 0x0123456708ABCDEF); + assert_num_eq (15, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (15, next); + assert (0x0123456708ABCDEF == val); + + p11_buffer_uninit (&buffer); +} + +static void +test_uint64_static (void) +{ + p11_buffer buf = { (unsigned char *)"pad0\x89\x67\x45\x23\x11\x22\x33\x44", 12, }; + uint64_t val = 0xFFFFFFFFFFFFFFFF; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_uint64 (&buf, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (12, next); + assert (0x8967452311223344 == val); +} + +static void +test_byte_array (void) +{ + p11_buffer buffer; + unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; + + const unsigned char *val; + size_t length = ~0; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + /* Invalid read */ + + next = 0; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (~0, length); + + /* Test full array */ + + p11_buffer_reset (&buffer, 0); + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_byte_array (&buffer, bytes, 32); + assert_num_eq (43, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (true, ret); + assert_num_eq (43, next); + assert_num_eq (32, length); + assert (memcmp (val, bytes, 32) == 0); + + p11_buffer_uninit (&buffer); +} + +static void +test_byte_array_null (void) +{ + p11_buffer buffer; + const unsigned char *val; + size_t length = ~0; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_buffer_reset (&buffer, 0); + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_byte_array (&buffer, NULL, 0); + assert_num_eq (11, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (true, ret); + assert_num_eq (11, next); + assert_num_eq (0, length); + assert_ptr_eq (NULL, (void*)val); + + p11_buffer_uninit (&buffer); +} + +static void +test_byte_array_too_long (void) +{ + p11_buffer buffer; + const unsigned char *val = NULL; + size_t length = ~0; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_buffer_reset (&buffer, 0); + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + assert (!p11_buffer_failed (&buffer)); + + /* Passing a too short buffer here shouldn't matter, as length is checked for sanity */ + p11_rpc_buffer_add_byte_array (&buffer, (unsigned char *)"", 0x9fffffff); + assert (p11_buffer_failed (&buffer)); + + /* Force write a too long byte arary to buffer */ + p11_buffer_reset (&buffer, 0); + p11_rpc_buffer_add_uint32 (&buffer, 0x9fffffff); + + next = 0; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (~0, length); + assert_ptr_eq (NULL, (void*)val); + + p11_buffer_uninit (&buffer); +} + +static void +test_byte_array_static (void) +{ + unsigned char data[] = { 'p', 'a', 'd', 0x00, 0x00, 0x00, 0x00, 0x20, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; + p11_buffer buf = { data, 0x40, }; + const unsigned char *val; + size_t length = ~0; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_byte_array (&buf, &next, &val, &length); + assert_num_eq (true, ret); + assert_num_eq (40, next); + assert_num_eq (32, length); + assert (memcmp (data + 8, val, 32) == 0); +} + +static p11_virtual base; +static pid_t rpc_initialized = 0; + +static CK_RV +rpc_initialize (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + pid_t pid = getpid (); + + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (pid, !=, rpc_initialized); + rpc_initialized = pid; + + return CKR_OK; +} + +static CK_RV +rpc_initialize_fails (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + pid_t pid = getpid (); + + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (pid, !=, rpc_initialized); + return CKR_FUNCTION_FAILED; +} + +static CK_RV +rpc_initialize_device_removed (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + pid_t pid = getpid (); + + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (pid, !=, rpc_initialized); + return CKR_DEVICE_REMOVED; +} + +static CK_RV +rpc_transport (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + bool ret; + + assert_str_eq (vtable->data, "vtable-data"); + + /* Just pass directly to the server code */ + ret = p11_rpc_server_handle (&base.funcs, request, response); + assert (ret == true); + + return CKR_OK; +} + +static void +rpc_finalize (p11_rpc_client_vtable *vtable, + void *fini_reserved) +{ + pid_t pid = getpid (); + + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (pid, ==, rpc_initialized); + rpc_initialized = 0; +} + +static void +test_initialize (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + pid_t pid = getpid (); + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = mixin.funcs.C_Initialize (&mixin.funcs, NULL); + assert (rv == CKR_OK); + assert_num_eq (pid, rpc_initialized); + + rv = mixin.funcs.C_Finalize (&mixin.funcs, NULL); + assert (rv == CKR_OK); + assert_num_cmp (pid, !=, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static void +test_not_initialized (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_virtual mixin; + CK_INFO info; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_GetInfo) (&mixin.funcs, &info); + assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); + + p11_virtual_uninit (&mixin); +} + +static void +test_initialize_fails_on_client (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_FUNCTION_FAILED); + assert_num_eq (0, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_fails (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + return CKR_FUNCTION_REJECTED; +} + +static void +test_transport_fails (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_FUNCTION_REJECTED); + assert_num_eq (0, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static void +test_initialize_fails_on_server (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + base.funcs.C_Initialize = mock_X_Initialize__fails; + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_FUNCTION_FAILED); + assert_num_eq (0, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_bad_parse (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + assert_str_eq (vtable->data, "vtable-data"); + + /* Just zero bytes is an invalid message */ + rc = p11_buffer_reset (response, 2); + assert (rc >= 0); + + memset (response->data, 0, 2); + response->len = 2; + return CKR_OK; +} + +static void +test_transport_bad_parse (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_short_error (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ + 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ + 0x00, 0x01, /* short error */ + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_short_error (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_invalid_error (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ + 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ + 0x00, 0x00, 0x00, 0x00, /* a CKR_OK error*/ + 0x00, 0x00, 0x00, 0x00, + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_invalid_error (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_wrong_response (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_Finalize */ + 0x00, 0x00, 0x00, 0x00, /* signature '' */ + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_wrong_response (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_bad_contents (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_GetInfo */ + 0x00, 0x00, 0x00, 0x05, /* signature 'vsusv' */ + 'v', 's', 'u', 's', 'v', + 0x00, 0x00, 0x00, 0x00, /* invalid data */ + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_bad_contents (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static p11_rpc_client_vtable test_normal_vtable = { + NULL, + rpc_initialize, + rpc_transport, + rpc_finalize, +}; + +static p11_rpc_client_vtable test_device_removed_vtable = { + NULL, + rpc_initialize_device_removed, + rpc_transport, + rpc_finalize, +}; + +static void +mixin_free (void *data) +{ + p11_virtual *mixin = data; + p11_virtual_uninit (mixin); + free (mixin); +} + +static CK_FUNCTION_LIST_PTR +setup_test_rpc_module (p11_rpc_client_vtable *vtable, + CK_FUNCTION_LIST *module_template, + CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST *rpc_module; + p11_virtual *mixin; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, module_template, NULL); + + mixin = calloc (1, sizeof (p11_virtual)); + assert (mixin != NULL); + + vtable->data = "vtable-data"; + if (!p11_rpc_client_init (mixin, vtable)) + assert_not_reached (); + + rpc_module = p11_virtual_wrap (mixin, mixin_free); + assert_ptr_not_null (rpc_module); + + rv = p11_kit_module_initialize (rpc_module); + assert (rv == CKR_OK); + + if (session) { + rv = (rpc_module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return rpc_module; +} + +static CK_FUNCTION_LIST * +setup_mock_module (CK_SESSION_HANDLE *session) +{ + return setup_test_rpc_module (&test_normal_vtable, &mock_module, session); +} + +static void +teardown_mock_module (CK_FUNCTION_LIST *rpc_module) +{ + p11_kit_module_finalize (rpc_module); + p11_virtual_unwrap (rpc_module); +} + +static void +test_get_info_stand_in (void) +{ + CK_FUNCTION_LIST_PTR rpc_module; + CK_INFO info; + CK_RV rv; + char *string; + + rpc_module = setup_test_rpc_module (&test_device_removed_vtable, + &mock_module_no_slots, NULL); + + rv = (rpc_module->C_GetInfo) (&info); + assert (rv == CKR_OK); + + assert_num_eq (CRYPTOKI_VERSION_MAJOR, info.cryptokiVersion.major); + assert_num_eq (CRYPTOKI_VERSION_MINOR, info.cryptokiVersion.minor); + string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); + assert_str_eq ("p11-kit", string); + free (string); + string = p11_kit_space_strdup (info.libraryDescription, sizeof (info.libraryDescription)); + assert_str_eq ("p11-kit (no connection)", string); + free (string); + assert_num_eq (0, info.flags); + assert_num_eq (1, info.libraryVersion.major); + assert_num_eq (1, info.libraryVersion.minor); + + teardown_mock_module (rpc_module); +} + +static void +test_get_slot_list_no_device (void) +{ + CK_FUNCTION_LIST_PTR rpc_module; + CK_SLOT_ID slot_list[8]; + CK_ULONG count; + CK_RV rv; + + rpc_module = setup_test_rpc_module (&test_device_removed_vtable, + &mock_module_no_slots, NULL); + + rv = (rpc_module->C_GetSlotList) (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + rv = (rpc_module->C_GetSlotList) (CK_FALSE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + + count = 8; + rv = (rpc_module->C_GetSlotList) (CK_TRUE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + + count = 8; + rv = (rpc_module->C_GetSlotList) (CK_FALSE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + + teardown_mock_module (rpc_module); +} + +static void * +invoke_in_thread (void *arg) +{ + CK_FUNCTION_LIST *rpc_module = arg; + CK_INFO info; + CK_RV rv; + + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (rv, CKR_OK); + + assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, + sizeof (info.manufacturerID)) == 0); + + return NULL; +} + +static p11_mutex_t delay_mutex; + +static CK_RV +delayed_C_GetInfo (CK_INFO_PTR info) +{ + CK_RV rv; + + p11_sleep_ms (rand () % 100); + + p11_mutex_lock (&delay_mutex); + rv = mock_C_GetInfo (info); + p11_mutex_unlock (&delay_mutex); + + return rv; +} + +static void +test_simultaneous_functions (void) +{ + CK_FUNCTION_LIST real_module; + CK_FUNCTION_LIST *rpc_module; + const int num_threads = 128; + p11_thread_t threads[num_threads]; + int i, ret; + + p11_mutex_init (&delay_mutex); + + memcpy (&real_module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + real_module.C_GetInfo = delayed_C_GetInfo; + + rpc_module = setup_test_rpc_module (&test_normal_vtable, + &real_module, NULL); + + /* Make the invoked function (above) wait */ + p11_mutex_lock (&delay_mutex); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (threads + i, invoke_in_thread, rpc_module); + assert_num_eq (0, ret); + } + + /* Let the invoked functions return */ + p11_mutex_unlock (&delay_mutex); + + for (i = 0; i < num_threads; i++) + p11_thread_join (threads[i]); + + teardown_mock_module (rpc_module); + p11_mutex_uninit (&delay_mutex); +} + +static void +test_fork_and_reinitialize (void) +{ + CK_FUNCTION_LIST *rpc_module; + CK_INFO info; + int status; + CK_RV rv; + pid_t pid; + int i; + + rpc_module = setup_test_rpc_module (&test_normal_vtable, + &mock_module_no_slots, NULL); + + pid = fork (); + assert_num_cmp (pid, >=, 0); + + /* The child */ + if (pid == 0) { + rv = (rpc_module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + for (i = 0; i < 32; i++) { + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + rv = (rpc_module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + _exit (66); + } + + for (i = 0; i < 128; i++) { + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + assert_num_eq (waitpid (pid, &status, 0), pid); + assert_num_eq (WEXITSTATUS (status), 66); + + teardown_mock_module (rpc_module); +} + +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + CK_MECHANISM_TYPE mechanisms[] = { + CKM_MOCK_CAPITALIZE, + CKM_MOCK_PREFIX, + CKM_MOCK_GENERATE, + CKM_MOCK_WRAP, + CKM_MOCK_DERIVE, + CKM_MOCK_COUNT, + 0, + }; + + mock_module_init (); + p11_library_init (); + + /* Override the mechanisms that the RPC mechanism will handle */ + p11_rpc_mechanisms_override_supported = mechanisms; + + p11_test (test_new_free, "/rpc/new-free"); + p11_test (test_uint16, "/rpc/uint16"); + p11_test (test_uint16_static, "/rpc/uint16-static"); + p11_test (test_uint32, "/rpc/uint32"); + p11_test (test_uint32_static, "/rpc/uint32-static"); + p11_test (test_uint64, "/rpc/uint64"); + p11_test (test_uint64_static, "/rpc/uint64-static"); + p11_test (test_byte_array, "/rpc/byte-array"); + p11_test (test_byte_array_null, "/rpc/byte-array-null"); + p11_test (test_byte_array_too_long, "/rpc/byte-array-too-long"); + p11_test (test_byte_array_static, "/rpc/byte-array-static"); + + p11_test (test_initialize_fails_on_client, "/rpc/initialize-fails-on-client"); + p11_test (test_initialize_fails_on_server, "/rpc/initialize-fails-on-server"); + p11_test (test_initialize, "/rpc/initialize"); + p11_test (test_not_initialized, "/rpc/not-initialized"); + p11_test (test_transport_fails, "/rpc/transport-fails"); + p11_test (test_transport_bad_parse, "/rpc/transport-bad-parse"); + p11_test (test_transport_short_error, "/rpc/transport-short-error"); + p11_test (test_transport_invalid_error, "/rpc/transport-invalid-error"); + p11_test (test_transport_wrong_response, "/rpc/transport-wrong-response"); + p11_test (test_transport_bad_contents, "/rpc/transport-bad-contents"); + p11_test (test_get_info_stand_in, "/rpc/get-info-stand-in"); + p11_test (test_get_slot_list_no_device, "/rpc/get-slot-list-no-device"); + p11_test (test_simultaneous_functions, "/rpc/simultaneous-functions"); + p11_test (test_fork_and_reinitialize, "/rpc/fork-and-reinitialize"); + + test_mock_add_tests ("/rpc"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-transport.c b/p11-kit/test-transport.c new file mode 100644 index 0000000..c302230 --- /dev/null +++ b/p11-kit/test-transport.c @@ -0,0 +1,281 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "library.h" +#include "mock.h" +#include "path.h" +#include "private.h" +#include "p11-kit.h" +#include "rpc.h" + +#include +#include +#include +#include + +struct { + char *directory; + char *user_config; + char *user_modules; +} test; + +static void +setup_remote (void *unused) +{ + const char *data; + + test.directory = p11_test_directory ("p11-test-config"); + test.user_modules = p11_path_build (test.directory, "modules", NULL); + if (mkdir (test.user_modules, 0700) < 0) + assert_not_reached (); + + data = "user-config: only\n"; + test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); + p11_test_file_write (NULL, test.user_config, data, strlen (data)); + + data = "remote: |" BUILDDIR "/p11-kit/p11-kit remote " BUILDDIR "/.libs/mock-two.so\n"; + p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); + + p11_config_user_modules = test.user_modules; + p11_config_user_file = test.user_config; +} + +static void +teardown_remote (void *unused) +{ + p11_test_directory_delete (test.user_modules); + p11_test_directory_delete (test.directory); + + free (test.directory); + free (test.user_config); + free (test.user_modules); +} + +static CK_FUNCTION_LIST * +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + CK_RV rv; + int i; + + setup_remote (NULL); + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + if (session) { + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + /* Release all the other modules */ + for (i = 0; modules[i] != NULL; i++) { + if (modules[i] != module) + p11_kit_module_release (modules[i]); + } + + free (modules); + return module; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST *module) +{ + p11_kit_module_finalize (module); + teardown_remote (NULL); +} + +static void +test_basic_exec (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + CK_RV rv; + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + p11_kit_modules_release (modules); +} + +static void * +invoke_in_thread (void *arg) +{ + CK_FUNCTION_LIST *rpc_module = arg; + CK_INFO info; + CK_RV rv; + + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (rv, CKR_OK); + + assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, + sizeof (info.manufacturerID)) == 0); + + return NULL; +} + +static void +test_simultaneous_functions (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + const int num_threads = 128; + p11_thread_t threads[num_threads]; + int i, ret; + CK_RV rv; + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (threads + i, invoke_in_thread, module); + assert_num_eq (0, ret); + } + + for (i = 0; i < num_threads; i++) + p11_thread_join (threads[i]); + + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + p11_kit_modules_release (modules); +} + +static void +test_fork_and_reinitialize (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + CK_INFO info; + int status; + CK_RV rv; + pid_t pid; + int i; + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + pid = fork (); + assert_num_cmp (pid, >=, 0); + + /* The child */ + if (pid == 0) { + rv = (module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + for (i = 0; i < 32; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + rv = (module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + _exit (66); + } + + for (i = 0; i < 128; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + assert_num_eq (waitpid (pid, &status, 0), pid); + assert_num_eq (WEXITSTATUS (status), 66); + + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + p11_kit_modules_release (modules); +} + + +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + CK_MECHANISM_TYPE mechanisms[] = { + CKM_MOCK_CAPITALIZE, + CKM_MOCK_PREFIX, + CKM_MOCK_GENERATE, + CKM_MOCK_WRAP, + CKM_MOCK_DERIVE, + CKM_MOCK_COUNT, + 0, + }; + + p11_library_init (); + + /* Override the mechanisms that the RPC mechanism will handle */ + p11_rpc_mechanisms_override_supported = mechanisms; + + p11_fixture (setup_remote, teardown_remote); + p11_test (test_basic_exec, "/transport/basic"); + p11_test (test_simultaneous_functions, "/transport/simultaneous-functions"); + p11_test (test_fork_and_reinitialize, "/transport/fork-and-reinitialize"); + + test_mock_add_tests ("/transport"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c new file mode 100644 index 0000000..9b5b293 --- /dev/null +++ b/p11-kit/test-uri.c @@ -0,0 +1,1314 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "debug.h" +#include "message.h" + +#include +#include +#include +#include + +#include "p11-kit/uri.h" +#include "p11-kit/private.h" + +static int +is_module_empty (P11KitUri *uri) +{ + CK_INFO_PTR info = p11_kit_uri_get_module_info (uri); + return (info->libraryDescription[0] == 0 && + info->manufacturerID[0] == 0 && + info->libraryVersion.major == (CK_BYTE)-1 && + info->libraryVersion.minor == (CK_BYTE)-1); +} + +static int +is_token_empty (P11KitUri *uri) +{ + CK_TOKEN_INFO_PTR token = p11_kit_uri_get_token_info (uri); + return (token->serialNumber[0] == 0 && + token->manufacturerID[0] == 0 && + token->label[0] == 0 && + token->model[0] == 0); +} + +static int +are_attributes_empty (P11KitUri *uri) +{ + return (p11_kit_uri_get_attribute (uri, CKA_LABEL) == NULL && + p11_kit_uri_get_attribute (uri, CKA_ID) == NULL && + p11_kit_uri_get_attribute (uri, CKA_CLASS) == NULL); +} + +static void +test_uri_parse (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (is_module_empty (uri)); + assert (is_token_empty (uri)); + assert (are_attributes_empty (uri)); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_bad_scheme (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_BAD_SCHEME, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_label (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (is_module_empty (uri)); + assert (is_token_empty (uri)); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == strlen ("Test Label")); + assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_label_and_klass (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;object-type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == strlen ("Test Label")); + assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_empty_label (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=;object-type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (attr); + + p11_kit_uri_free (uri); + + /* really empty */ + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object-type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert (attr == NULL); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_empty_id (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:id=;object-type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_ID); + assert_ptr_not_null (attr); + + p11_kit_uri_free (uri); + + /* really empty */ + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object-type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_ID); + assert (attr == NULL); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_id (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + /* Note that there's a NULL in the attribute (end) */ + attr = p11_kit_uri_get_attribute (uri, CKA_ID); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == 5); + assert (memcmp (attr->pValue, "TEST", 5) == 0); + + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_bad_string_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_bad_hex_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static bool +is_space_string (CK_UTF8CHAR_PTR string, CK_ULONG size, const char *check) +{ + size_t i, len = strlen (check); + if (len > size) + return false; + if (memcmp (string, check, len) != 0) + return false; + for (i = len; i < size; ++i) + if (string[i] != ' ') + return false; + return true; +} + +static void +test_uri_parse_with_token (void) +{ + P11KitUri *uri = NULL; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me", + P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + token = p11_kit_uri_get_token_info (uri); + assert (is_space_string (token->label, sizeof (token->label), "Token Label")); + assert (is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333")); + assert (is_space_string (token->model, sizeof (token->model), "Deluxe")); + assert (is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me")); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_token_bad_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_bad_syntax (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_spaces (void) +{ + P11KitUri *uri = NULL; + CK_INFO_PTR info; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkc\ns11: lib rary-desc\rrip \n tion =The%20Library;\n\n\nlibrary-manufacturer=\rMe", + P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + + assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); + assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); + + p11_kit_uri_free (uri); +} + + +static void +test_uri_parse_with_library (void) +{ + P11KitUri *uri = NULL; + CK_INFO_PTR info; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me", + P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + + assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); + assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_library_bad_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_build_empty (void) +{ + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert_str_eq ("pkcs11:", string); + free (string); + + p11_kit_uri_free (uri); +} + +static void +set_space_string (CK_BYTE_PTR buffer, CK_ULONG length, const char *string) +{ + size_t len = strlen (string); + assert (len <= length); + memset (buffer, ' ', length); + memcpy (buffer, string, len); +} + +static void +test_uri_build_with_token_info (void) +{ + char *string = NULL; + P11KitUri *uri; + P11KitUri *check; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + token = p11_kit_uri_get_token_info (uri); + set_space_string (token->label, sizeof (token->label), "The Label"); + set_space_string (token->serialNumber, sizeof (token->serialNumber), "44444"); + set_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"); + set_space_string (token->model, sizeof (token->model), "Deluxe"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert_ptr_not_null (string); + + check = p11_kit_uri_new (); + assert_ptr_not_null (check); + + ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_TOKEN, check); + assert_num_eq (P11_KIT_URI_OK, ret); + + p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri)); + + p11_kit_uri_free (uri); + p11_kit_uri_free (check); + + assert (strstr (string, "token=The%20Label") != NULL); + assert (strstr (string, "serial=44444") != NULL); + assert (strstr (string, "manufacturer=Me") != NULL); + assert (strstr (string, "model=Deluxe") != NULL); + + free (string); +} + +static void +test_uri_build_with_token_null_info (void) +{ + char *string = NULL; + P11KitUri *uri; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + token = p11_kit_uri_get_token_info (uri); + set_space_string (token->label, sizeof (token->label), "The Label"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (strstr (string, "token=The%20Label") != NULL); + assert (strstr (string, "serial=") == NULL); + + free (string); + p11_kit_uri_free (uri); +} + +static void +test_uri_build_with_token_empty_info (void) +{ + char *string = NULL; + P11KitUri *uri; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + token = p11_kit_uri_get_token_info (uri); + set_space_string (token->label, sizeof (token->label), ""); + set_space_string (token->serialNumber, sizeof (token->serialNumber), ""); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (strstr (string, "token=") != NULL); + assert (strstr (string, "serial=") != NULL); + + free (string); + p11_kit_uri_free (uri); +} + +static void +test_uri_build_with_attributes (void) +{ + char *string = NULL; + P11KitUri *uri; + P11KitUri *check; + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE at; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + at.type = CKA_LABEL; + at.pValue = "The Label"; + at.ulValueLen = 9; + ret = p11_kit_uri_set_attribute (uri, &at); + assert_num_eq (P11_KIT_URI_OK, ret); + + at.type = CKA_ID; + at.pValue = "HELLO"; + at.ulValueLen = 5; + ret = p11_kit_uri_set_attribute (uri, &at); + assert_num_eq (P11_KIT_URI_OK, ret); + + klass = CKO_DATA; + at.type = CKA_CLASS; + at.pValue = &klass; + at.ulValueLen = sizeof (klass); + ret = p11_kit_uri_set_attribute (uri, &at); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + + check = p11_kit_uri_new (); + assert_ptr_not_null (check); + + ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_ANY, check); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (check, CKA_LABEL); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == 9); + assert (memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0); + + attr = p11_kit_uri_get_attribute (check, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (klass)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == klass); + + attr = p11_kit_uri_get_attribute (check, CKA_ID); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == 5); + assert (memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0); + + p11_kit_uri_free (check); + + assert (strstr (string, "object=The%20Label") != NULL); + assert (strstr (string, "object-type=data") != NULL); + assert (strstr (string, "id=%48%45%4c%4c%4f") != NULL); + + free (string); + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_private_key (void) +{ + P11KitUri *uri; + CK_ATTRIBUTE_PTR attr; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object-type=private", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_secret_key (void) +{ + P11KitUri *uri; + CK_ATTRIBUTE_PTR attr; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object-type=secret-key", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_library_version (void) +{ + P11KitUri *uri; + CK_INFO_PTR info; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + assert_num_eq (2, info->libraryVersion.major); + assert_num_eq (101, info->libraryVersion.minor); + + ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + assert_num_eq (23, info->libraryVersion.major); + assert_num_eq (0, info->libraryVersion.minor); + + ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_parse_unknown_object_type (void) +{ + P11KitUri *uri; + CK_ATTRIBUTE_PTR attr; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object-type=unknown", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_eq (NULL, attr); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_unrecognized (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (1, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_too_long_is_unrecognized (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with", + P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (1, ret); + + p11_kit_uri_free (uri); +} + + + +static void +test_uri_build_object_type_cert (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_CERTIFICATE; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "object-type=cert") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_object_type_private (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_PRIVATE_KEY; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "object-type=private") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_object_type_public (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_PUBLIC_KEY; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "object-type=public") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_object_type_secret (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_SECRET_KEY; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "object-type=secret-key") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_with_library (void) +{ + CK_INFO_PTR info; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + info = p11_kit_uri_get_module_info (uri); + set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "library-description=The%20Description") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_library_version (void) +{ + CK_INFO_PTR info; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + info = p11_kit_uri_get_module_info (uri); + info->libraryVersion.major = 2; + info->libraryVersion.minor = 10; + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "library-version=2.10") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_get_set_unrecognized (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (0, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (1, ret); + + p11_kit_uri_set_unrecognized (uri, 0); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_token (void) +{ + CK_TOKEN_INFO token; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + set_space_string (token.label, sizeof (token.label), "A label"); + set_space_string (token.model, sizeof (token.model), "Giselle"); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (1, ret); + + set_space_string (token.label, sizeof (token.label), "Another label"); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (1, ret); + + set_space_string (token.model, sizeof (token.model), "Zoolander"); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (0, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_module (void) +{ + CK_INFO info; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet"); + set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone"); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (1, ret); + + set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone else"); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (1, ret); + + set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Leise"); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (0, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_version (void) +{ + CK_INFO info; + P11KitUri *uri; + int ret; + + memset (&info, 0, sizeof (info)); + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-version=5.8", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info.libraryVersion.major = 5; + info.libraryVersion.minor = 8; + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (1, ret); + + info.libraryVersion.major = 2; + info.libraryVersion.minor = 3; + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_attributes (void) +{ + CK_ATTRIBUTE attrs[4]; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + int ret; + + attrs[0].type = CKA_ID; + attrs[0].pValue = "Blah"; + attrs[0].ulValueLen = 4; + + attrs[1].type = CKA_LABEL; + attrs[1].pValue = "Junk"; + attrs[1].ulValueLen = 4; + + attrs[2].type = CKA_COLOR; + attrs[2].pValue = "blue"; + attrs[2].ulValueLen = 4; + + klass = CKO_DATA; + attrs[3].type = CKA_CLASS; + attrs[3].pValue = &klass; + attrs[3].ulValueLen = sizeof (klass); + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;object-type=data", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (0, ret); + + attrs[1].pValue = "Fancy"; + attrs[1].ulValueLen = 5; + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (1, ret); + + p11_kit_uri_clear_attribute (uri, CKA_CLASS); + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (1, ret); + + attrs[2].pValue = "pink"; + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (1, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_get_set_attribute (void) +{ + CK_ATTRIBUTE attr; + CK_ATTRIBUTE_PTR ptr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_eq (NULL, ptr); + + ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_clear_attribute (uri, CKA_COLOR); + assert_num_eq (P11_KIT_URI_NOT_FOUND, ret); + + attr.type = CKA_LABEL; + attr.pValue = "Test"; + attr.ulValueLen = 4; + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + /* We can set other attributes */ + attr.type = CKA_COLOR; + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + /* And get them too */ + ptr = p11_kit_uri_get_attribute (uri, CKA_COLOR); + assert_ptr_not_null (ptr); + + ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (ptr); + + assert (ptr->type == CKA_LABEL); + assert (ptr->ulValueLen == 4); + assert (memcmp (ptr->pValue, "Test", 4) == 0); + + ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); + assert_num_eq (P11_KIT_URI_OK, ret); + + ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_eq (NULL, ptr); + + p11_kit_uri_free (uri); +} + +static void +test_uri_get_set_attributes (void) +{ + CK_ATTRIBUTE_PTR attrs; + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE attr; + CK_ULONG n_attrs; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (0, n_attrs); + + attr.type = CKA_LABEL; + attr.pValue = "Test"; + attr.ulValueLen = 4; + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 4); + assert (memcmp (attrs[0].pValue, "Test", 4) == 0); + + attr.type = CKA_LABEL; + attr.pValue = "Kablooey"; + attr.ulValueLen = 8; + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 8); + assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); + + klass = CKO_DATA; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (2, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 8); + assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); + assert (attrs[1].type == CKA_CLASS); + assert (attrs[1].ulValueLen == sizeof (klass)); + assert (memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0); + + ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_CLASS); + assert (attrs[0].ulValueLen == sizeof (klass)); + assert (memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0); + + attr.type = CKA_LABEL; + attr.pValue = "Three"; + attr.ulValueLen = 5; + + ret = p11_kit_uri_set_attributes (uri, &attr, 1); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 5); + assert (memcmp (attrs[0].pValue, "Three", 5) == 0); + + p11_kit_uri_clear_attributes (uri); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (0, n_attrs); + + p11_kit_uri_free (uri); +} +static void +test_uri_pin_source (void) +{ + P11KitUri *uri; + const char *pin_source; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + p11_kit_uri_set_pin_source (uri, "|my-pin-source"); + + pin_source = p11_kit_uri_get_pin_source (uri); + assert_str_eq ("|my-pin-source", pin_source); + + pin_source = p11_kit_uri_get_pinfile (uri); + assert_str_eq ("|my-pin-source", pin_source); + + p11_kit_uri_set_pinfile (uri, "|my-pin-file"); + + pin_source = p11_kit_uri_get_pin_source (uri); + assert_str_eq ("|my-pin-file", pin_source); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "pin-source=%7cmy-pin-file") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:pin-source=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + pin_source = p11_kit_uri_get_pin_source (uri); + assert_str_eq ("blah/blah", pin_source); + + p11_kit_uri_free (uri); +} + +static void +test_uri_free_null (void) +{ + p11_kit_uri_free (NULL); +} + +static void +test_uri_message (void) +{ + assert (p11_kit_uri_message (P11_KIT_URI_OK) == NULL); + assert_ptr_not_null (p11_kit_uri_message (P11_KIT_URI_UNEXPECTED)); + assert_ptr_not_null (p11_kit_uri_message (-555555)); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_uri_parse, "/uri/test_uri_parse"); + p11_test (test_uri_parse_bad_scheme, "/uri/test_uri_parse_bad_scheme"); + p11_test (test_uri_parse_with_label, "/uri/test_uri_parse_with_label"); + p11_test (test_uri_parse_with_empty_label, "/uri/test_uri_parse_with_empty_label"); + p11_test (test_uri_parse_with_empty_id, "/uri/test_uri_parse_with_empty_id"); + p11_test (test_uri_parse_with_label_and_klass, "/uri/test_uri_parse_with_label_and_klass"); + p11_test (test_uri_parse_with_id, "/uri/test_uri_parse_with_id"); + p11_test (test_uri_parse_with_bad_string_encoding, "/uri/test_uri_parse_with_bad_string_encoding"); + p11_test (test_uri_parse_with_bad_hex_encoding, "/uri/test_uri_parse_with_bad_hex_encoding"); + p11_test (test_uri_parse_with_token, "/uri/test_uri_parse_with_token"); + p11_test (test_uri_parse_with_token_bad_encoding, "/uri/test_uri_parse_with_token_bad_encoding"); + p11_test (test_uri_parse_with_bad_syntax, "/uri/test_uri_parse_with_bad_syntax"); + p11_test (test_uri_parse_with_spaces, "/uri/test_uri_parse_with_spaces"); + p11_test (test_uri_parse_with_library, "/uri/test_uri_parse_with_library"); + p11_test (test_uri_parse_with_library_bad_encoding, "/uri/test_uri_parse_with_library_bad_encoding"); + p11_test (test_uri_build_empty, "/uri/test_uri_build_empty"); + p11_test (test_uri_build_with_token_info, "/uri/test_uri_build_with_token_info"); + p11_test (test_uri_build_with_token_null_info, "/uri/test_uri_build_with_token_null_info"); + p11_test (test_uri_build_with_token_empty_info, "/uri/test_uri_build_with_token_empty_info"); + p11_test (test_uri_build_with_attributes, "/uri/test_uri_build_with_attributes"); + p11_test (test_uri_parse_private_key, "/uri/test_uri_parse_private_key"); + p11_test (test_uri_parse_secret_key, "/uri/test_uri_parse_secret_key"); + p11_test (test_uri_parse_library_version, "/uri/test_uri_parse_library_version"); + p11_test (test_uri_parse_parse_unknown_object_type, "/uri/test_uri_parse_parse_unknown_object_type"); + p11_test (test_uri_parse_unrecognized, "/uri/test_uri_parse_unrecognized"); + p11_test (test_uri_parse_too_long_is_unrecognized, "/uri/test_uri_parse_too_long_is_unrecognized"); + p11_test (test_uri_build_object_type_cert, "/uri/test_uri_build_object_type_cert"); + p11_test (test_uri_build_object_type_private, "/uri/test_uri_build_object_type_private"); + p11_test (test_uri_build_object_type_public, "/uri/test_uri_build_object_type_public"); + p11_test (test_uri_build_object_type_secret, "/uri/test_uri_build_object_type_secret"); + p11_test (test_uri_build_with_library, "/uri/test_uri_build_with_library"); + p11_test (test_uri_build_library_version, "/uri/test_uri_build_library_version"); + p11_test (test_uri_get_set_unrecognized, "/uri/test_uri_get_set_unrecognized"); + p11_test (test_uri_match_token, "/uri/test_uri_match_token"); + p11_test (test_uri_match_module, "/uri/test_uri_match_module"); + p11_test (test_uri_match_version, "/uri/test_uri_match_version"); + p11_test (test_uri_match_attributes, "/uri/test_uri_match_attributes"); + p11_test (test_uri_get_set_attribute, "/uri/test_uri_get_set_attribute"); + p11_test (test_uri_get_set_attributes, "/uri/test_uri_get_set_attributes"); + p11_test (test_uri_pin_source, "/uri/test_uri_pin_source"); + p11_test (test_uri_free_null, "/uri/test_uri_free_null"); + p11_test (test_uri_message, "/uri/test_uri_message"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-util.c b/p11-kit/test-util.c new file mode 100644 index 0000000..0e579cd --- /dev/null +++ b/p11-kit/test-util.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "p11-kit.h" + +#include +#include + +static void +test_space_strlen (void) +{ + assert_num_eq (4, p11_kit_space_strlen ((const unsigned char *)"Test ", 20)); + assert_num_eq (20, p11_kit_space_strlen ((const unsigned char *)"01234567890123456789", 20)); + assert_num_eq (0, p11_kit_space_strlen ((const unsigned char *)" ", 20)); +} + +int +main (int argc, + char *argv[]) +{ + putenv ("P11_KIT_STRICT=1"); + + p11_test (test_space_strlen, "/util/space-strlen"); + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-virtual.c b/p11-kit/test-virtual.c new file mode 100644 index 0000000..73777d3 --- /dev/null +++ b/p11-kit/test-virtual.c @@ -0,0 +1,171 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "library.h" +#include "p11-kit.h" +#include "private.h" +#include "virtual.h" + +#include "test.h" + +#include "mock.h" + +#include +#include +#include +#include +#include + +/* + * test-managed.c is a pretty good test of the closure code, so we + * just test a few things here. + */ + +typedef struct { + p11_virtual virt; + void *check; +} Override; + +static CK_RV +override_initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR args) +{ + Override *over = (Override *)self; + + assert_str_eq ("initialize-arg", args); + assert_str_eq ("overide-arg", over->check); + + /* An arbitrary error code to check */ + return CKR_NEED_TO_CREATE_THREADS; +} + +static bool test_destroyed = false; + +static void +test_destroyer (void *data) +{ + assert (data == &mock_x_module_no_slots); + assert (test_destroyed == false); + test_destroyed = true; +} + +static void +test_initialize (void) +{ + CK_FUNCTION_LIST_PTR module; + Override over = { }; + CK_RV rv; + + p11_virtual_init (&over.virt, &p11_virtual_stack, &mock_x_module_no_slots, test_destroyer); + over.virt.funcs.C_Initialize = override_initialize; + over.check = "overide-arg"; + test_destroyed = false; + + module = p11_virtual_wrap (&over.virt, (p11_destroyer)p11_virtual_uninit); + assert_ptr_not_null (module); + + rv = (module->C_Initialize) ("initialize-arg"); + assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); + + p11_virtual_unwrap (module); + assert_num_eq (true, test_destroyed); +} + +static void +test_fall_through (void) +{ + CK_FUNCTION_LIST_PTR module; + Override over = { }; + p11_virtual base; + CK_RV rv; + + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + p11_virtual_init (&over.virt, &p11_virtual_stack, &base, NULL); + over.virt.funcs.C_Initialize = override_initialize; + over.check = "overide-arg"; + + module = p11_virtual_wrap (&over.virt, NULL); + assert_ptr_not_null (module); + + rv = (module->C_Initialize) ("initialize-arg"); + assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); + + /* All other functiosn should have just fallen through */ + assert_ptr_eq (mock_module_no_slots.C_Finalize, module->C_Finalize); + + p11_virtual_unwrap (module); +} + +static void +test_get_function_list (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_FUNCTION_LIST_PTR list; + p11_virtual virt; + CK_RV rv; + + p11_virtual_init (&virt, &p11_virtual_base, &mock_x_module_no_slots, NULL); + module = p11_virtual_wrap (&virt, NULL); + assert_ptr_not_null (module); + + rv = (module->C_GetFunctionList) (&list); + assert_num_eq (CKR_OK, rv); + assert_ptr_eq (module, list); + + rv = (module->C_GetFunctionList) (&list); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetFunctionList) (NULL); + assert_num_eq (CKR_ARGUMENTS_BAD, rv); + + p11_virtual_unwrap (module); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + p11_library_init (); + + assert (p11_virtual_can_wrap ()); + p11_test (test_initialize, "/virtual/test_initialize"); + p11_test (test_fall_through, "/virtual/test_fall_through"); + p11_test (test_get_function_list, "/virtual/test_get_function_list"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/tests/Makefile.am b/p11-kit/tests/Makefile.am deleted file mode 100644 index a7049a4..0000000 --- a/p11-kit/tests/Makefile.am +++ /dev/null @@ -1,91 +0,0 @@ - -include $(top_srcdir)/build/Makefile.tests - -COMMON = $(top_srcdir)/common - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(srcdir)/.. \ - -I$(COMMON) \ - $(TEST_CFLAGS) - -LDADD = \ - $(top_builddir)/p11-kit/libp11-kit-testable.la \ - $(top_builddir)/common/libp11-test.la \ - $(top_builddir)/common/libp11-common.la \ - $(LTLIBINTL) - -CHECK_PROGS = \ - test-progname \ - test-util \ - test-conf \ - test-uri \ - test-pin \ - test-init \ - test-modules \ - test-deprecated \ - test-proxy \ - test-iter \ - test-rpc \ - $(NULL) - -noinst_PROGRAMS = \ - print-messages \ - frob-setuid \ - $(CHECK_PROGS) - -if WITH_FFI - -CHECK_PROGS += \ - test-virtual \ - test-managed \ - test-log \ - test-transport \ - $(NULL) - -endif - -TESTS = $(CHECK_PROGS) - -noinst_LTLIBRARIES = \ - mock-one.la \ - mock-two.la \ - mock-three.la \ - mock-four.la - -mock_one_la_SOURCES = \ - mock-module-ep.c - -mock_one_la_CFLAGS = \ - $(AM_CFLAGS) - -mock_one_la_LIBADD = \ - $(top_builddir)/common/libp11-test.la \ - $(top_builddir)/common/libp11-common.la \ - $(NULL) - -mock_one_la_LDFLAGS = \ - -module -avoid-version -rpath /nowhere \ - -no-undefined -export-symbols-regex 'C_GetFunctionList' - -mock_two_la_SOURCES = \ - mock-module-ep2.c - -mock_two_la_CFLAGS = $(mock_one_la_CFLAGS) -mock_two_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_two_la_LIBADD = $(mock_one_la_LIBADD) - -mock_three_la_SOURCES = $(mock_one_la_SOURCES) -mock_three_la_CFLAGS = $(mock_one_la_CFLAGS) -mock_three_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_three_la_LIBADD = $(mock_one_la_LIBADD) - -mock_four_la_SOURCES = $(mock_one_la_SOURCES) -mock_four_la_CFLAGS = $(mock_one_la_CFLAGS) -mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_four_la_LIBADD = $(mock_one_la_LIBADD) - -EXTRA_DIST = \ - files \ - test-mock.c \ - $(NULL) diff --git a/p11-kit/tests/files/package-modules/four.module b/p11-kit/tests/files/package-modules/four.module deleted file mode 100644 index 933af2b..0000000 --- a/p11-kit/tests/files/package-modules/four.module +++ /dev/null @@ -1,5 +0,0 @@ - -module: mock-four.so -disable-in: test-disable, test-other -priority: 4 -trust-policy: no \ No newline at end of file diff --git a/p11-kit/tests/files/package-modules/win32/four.module b/p11-kit/tests/files/package-modules/win32/four.module deleted file mode 100644 index 6dc87c9..0000000 --- a/p11-kit/tests/files/package-modules/win32/four.module +++ /dev/null @@ -1,4 +0,0 @@ - -module: mock-four.dll -disable-in: test-disable, test-other -priority: 4 \ No newline at end of file diff --git a/p11-kit/tests/files/system-modules/one.module b/p11-kit/tests/files/system-modules/one.module deleted file mode 100644 index 5f49a8f..0000000 --- a/p11-kit/tests/files/system-modules/one.module +++ /dev/null @@ -1,5 +0,0 @@ - -module: mock-one.so -setting: system1 -trust-policy: yes -number: 18 diff --git a/p11-kit/tests/files/system-modules/two-duplicate.module b/p11-kit/tests/files/system-modules/two-duplicate.module deleted file mode 100644 index 756af69..0000000 --- a/p11-kit/tests/files/system-modules/two-duplicate.module +++ /dev/null @@ -1,4 +0,0 @@ - -# This is a duplicate of the 'two' module -module: mock-two.so -# no priority, use name \ No newline at end of file diff --git a/p11-kit/tests/files/system-modules/two.badname b/p11-kit/tests/files/system-modules/two.badname deleted file mode 100644 index eec3af0..0000000 --- a/p11-kit/tests/files/system-modules/two.badname +++ /dev/null @@ -1,6 +0,0 @@ -# This module doesn't have a .module extension, but p11-kit doesn't yet -# enforce the naming, just warns, so it should still be loaded - -module: mock-two.so -setting: system2 -# no priority, use name \ No newline at end of file diff --git a/p11-kit/tests/files/system-modules/win32/one.module b/p11-kit/tests/files/system-modules/win32/one.module deleted file mode 100644 index d153ce5..0000000 --- a/p11-kit/tests/files/system-modules/win32/one.module +++ /dev/null @@ -1,4 +0,0 @@ - -module: mock-one.dll -setting: system1 -# no order, use name \ No newline at end of file diff --git a/p11-kit/tests/files/system-modules/win32/two-duplicate.module b/p11-kit/tests/files/system-modules/win32/two-duplicate.module deleted file mode 100644 index 54ef1cc..0000000 --- a/p11-kit/tests/files/system-modules/win32/two-duplicate.module +++ /dev/null @@ -1,4 +0,0 @@ - -# This is a duplicate of the 'two' module -module: mock-two.dll -# no order, use name \ No newline at end of file diff --git a/p11-kit/tests/files/system-modules/win32/two.badname b/p11-kit/tests/files/system-modules/win32/two.badname deleted file mode 100644 index af63cf9..0000000 --- a/p11-kit/tests/files/system-modules/win32/two.badname +++ /dev/null @@ -1,6 +0,0 @@ -# This module doesn't have a .module extension, but p11-kit doesn't yet -# enforce the naming, just warns, so it should still be loaded - -module: mock-two.dll -setting: system2 -# no order, use name \ No newline at end of file diff --git a/p11-kit/tests/files/system-pkcs11.conf b/p11-kit/tests/files/system-pkcs11.conf deleted file mode 100644 index a3aa273..0000000 --- a/p11-kit/tests/files/system-pkcs11.conf +++ /dev/null @@ -1,6 +0,0 @@ - -# Merge in user config -user-config: merge - -# Another option -new: world \ No newline at end of file diff --git a/p11-kit/tests/files/test-1.conf b/p11-kit/tests/files/test-1.conf deleted file mode 100644 index d4ae0a1..0000000 --- a/p11-kit/tests/files/test-1.conf +++ /dev/null @@ -1,6 +0,0 @@ -key1:value1 -with-whitespace : value-with-whitespace -with-colon: value-of-colon - -# A comment -embedded-comment: this is # not a comment diff --git a/p11-kit/tests/files/test-pinfile b/p11-kit/tests/files/test-pinfile deleted file mode 100644 index f646f3d..0000000 --- a/p11-kit/tests/files/test-pinfile +++ /dev/null @@ -1 +0,0 @@ -yogabbagabba \ No newline at end of file diff --git a/p11-kit/tests/files/test-pinfile-large b/p11-kit/tests/files/test-pinfile-large deleted file mode 100644 index 506668d..0000000 --- a/p11-kit/tests/files/test-pinfile-large +++ /dev/null @@ -1,53 +0,0 @@ -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yo \ No newline at end of file diff --git a/p11-kit/tests/files/test-system-invalid.conf b/p11-kit/tests/files/test-system-invalid.conf deleted file mode 100644 index 344ee96..0000000 --- a/p11-kit/tests/files/test-system-invalid.conf +++ /dev/null @@ -1,3 +0,0 @@ - -# Invalid user-config setting -user-config: bad diff --git a/p11-kit/tests/files/test-system-merge.conf b/p11-kit/tests/files/test-system-merge.conf deleted file mode 100644 index 978427d..0000000 --- a/p11-kit/tests/files/test-system-merge.conf +++ /dev/null @@ -1,7 +0,0 @@ - -# Merge in user config -user-config: merge - -key1: system1 -key2: system2 -key3: system3 \ No newline at end of file diff --git a/p11-kit/tests/files/test-system-none.conf b/p11-kit/tests/files/test-system-none.conf deleted file mode 100644 index 95351e6..0000000 --- a/p11-kit/tests/files/test-system-none.conf +++ /dev/null @@ -1,8 +0,0 @@ - -# Only user config -user-config: none - -# These values will not be overriden -key1: system1 -key2: system2 -key3: system3 \ No newline at end of file diff --git a/p11-kit/tests/files/test-system-only.conf b/p11-kit/tests/files/test-system-only.conf deleted file mode 100644 index 589f1c7..0000000 --- a/p11-kit/tests/files/test-system-only.conf +++ /dev/null @@ -1,8 +0,0 @@ - -# Only user config -user-config: only - -# This stuff will be ignored -key1: system1 -key2: system2 -key3: system3 \ No newline at end of file diff --git a/p11-kit/tests/files/test-user-invalid.conf b/p11-kit/tests/files/test-user-invalid.conf deleted file mode 100644 index 344ee96..0000000 --- a/p11-kit/tests/files/test-user-invalid.conf +++ /dev/null @@ -1,3 +0,0 @@ - -# Invalid user-config setting -user-config: bad diff --git a/p11-kit/tests/files/test-user-only.conf b/p11-kit/tests/files/test-user-only.conf deleted file mode 100644 index 3224c01..0000000 --- a/p11-kit/tests/files/test-user-only.conf +++ /dev/null @@ -1,4 +0,0 @@ - -user-config: only -key2: user2 -key3: user3 \ No newline at end of file diff --git a/p11-kit/tests/files/test-user.conf b/p11-kit/tests/files/test-user.conf deleted file mode 100644 index 369544a..0000000 --- a/p11-kit/tests/files/test-user.conf +++ /dev/null @@ -1,3 +0,0 @@ - -key2: user2 -key3: user3 \ No newline at end of file diff --git a/p11-kit/tests/files/user-modules/one.module b/p11-kit/tests/files/user-modules/one.module deleted file mode 100644 index 5197daf..0000000 --- a/p11-kit/tests/files/user-modules/one.module +++ /dev/null @@ -1,4 +0,0 @@ - -setting: user1 -managed: yes -number: 33 diff --git a/p11-kit/tests/files/user-modules/three.module b/p11-kit/tests/files/user-modules/three.module deleted file mode 100644 index 3a2366d..0000000 --- a/p11-kit/tests/files/user-modules/three.module +++ /dev/null @@ -1,6 +0,0 @@ - -module: mock-three.so -setting: user3 - -enable-in: test-enable -priority: 3 \ No newline at end of file diff --git a/p11-kit/tests/files/user-modules/win32/one.module b/p11-kit/tests/files/user-modules/win32/one.module deleted file mode 100644 index c371e4a..0000000 --- a/p11-kit/tests/files/user-modules/win32/one.module +++ /dev/null @@ -1,2 +0,0 @@ - -setting: user1 \ No newline at end of file diff --git a/p11-kit/tests/files/user-modules/win32/three.module b/p11-kit/tests/files/user-modules/win32/three.module deleted file mode 100644 index 30a3b63..0000000 --- a/p11-kit/tests/files/user-modules/win32/three.module +++ /dev/null @@ -1,6 +0,0 @@ - -module: mock-three.dll -setting: user3 - -enable-in: test-enable -priority: 3 \ No newline at end of file diff --git a/p11-kit/tests/frob-setuid.c b/p11-kit/tests/frob-setuid.c deleted file mode 100644 index e546ece..0000000 --- a/p11-kit/tests/frob-setuid.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include -#include -#include -#include - -#include "compat.h" -#include "p11-kit.h" - -int -main (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - char *field; - char *name; - int ret; - int i; - - /* - * Use 'chmod ug+s frob-setuid' to change this program - * and test the output with/without setuid or setgid. - */ - - putenv ("P11_KIT_STRICT=1"); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL); - - /* This is a system configured module */ - module = p11_kit_module_for_name (modules, "one"); - assert (module != NULL); - - field = p11_kit_config_option (module, "setting"); - printf ("'setting' on module 'one': %s\n", field ? field : "(null)"); - - assert (field != NULL); - if (getauxval (AT_SECURE)) - assert (strcmp (field, "system1") == 0); - else - assert (strcmp (field, "user1") == 0); - - free (field); - - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - printf ("%s\n", name); - free (name); - } - - field = p11_kit_config_option (module, "number"); - printf ("'number' on module 'one': %s\n", field ? field : "(null)"); - - ret = atoi (field ? field : "0"); - assert (ret != 0); - free (field); - - p11_kit_modules_finalize_and_release (modules); - return ret; -} diff --git a/p11-kit/tests/mock-module-ep.c b/p11-kit/tests/mock-module-ep.c deleted file mode 100644 index 9ba739a..0000000 --- a/p11-kit/tests/mock-module-ep.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module_no_slots.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/tests/mock-module-ep2.c b/p11-kit/tests/mock-module-ep2.c deleted file mode 100644 index ee71711..0000000 --- a/p11-kit/tests/mock-module-ep2.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" - -#include - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/tests/print-messages.c b/p11-kit/tests/print-messages.c deleted file mode 100644 index 5870ad1..0000000 --- a/p11-kit/tests/print-messages.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met); - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include -#include -#include -#include - -#include "p11-kit.h" - -int -main (int argc, char *argv[]) -{ - if (argc != 1) { - fprintf (stderr, "usage: print-messages\n"); - exit (2); - } - - #define X(x) printf ("%s: %s\n", #x, p11_kit_strerror (x)) - X(CKR_CANCEL); - X(CKR_FUNCTION_CANCELED); - X(CKR_HOST_MEMORY); - X(CKR_SLOT_ID_INVALID); - X(CKR_GENERAL_ERROR); - X(CKR_FUNCTION_FAILED); - X(CKR_ARGUMENTS_BAD); - X(CKR_NEED_TO_CREATE_THREADS); - X(CKR_CANT_LOCK); - X(CKR_ATTRIBUTE_READ_ONLY); - X(CKR_ATTRIBUTE_SENSITIVE); - X(CKR_ATTRIBUTE_TYPE_INVALID); - X(CKR_ATTRIBUTE_VALUE_INVALID); - X(CKR_DATA_INVALID); - X(CKR_DATA_LEN_RANGE); - X(CKR_DEVICE_ERROR); - X(CKR_DEVICE_MEMORY); - X(CKR_DEVICE_REMOVED); - X(CKR_ENCRYPTED_DATA_INVALID); - X(CKR_ENCRYPTED_DATA_LEN_RANGE); - X(CKR_FUNCTION_NOT_SUPPORTED); - X(CKR_KEY_HANDLE_INVALID); - X(CKR_KEY_SIZE_RANGE); - X(CKR_KEY_TYPE_INCONSISTENT); - X(CKR_KEY_NOT_NEEDED); - X(CKR_KEY_CHANGED); - X(CKR_KEY_NEEDED); - X(CKR_KEY_INDIGESTIBLE); - X(CKR_KEY_FUNCTION_NOT_PERMITTED); - X(CKR_KEY_NOT_WRAPPABLE); - X(CKR_KEY_UNEXTRACTABLE); - X(CKR_MECHANISM_INVALID); - X(CKR_MECHANISM_PARAM_INVALID); - X(CKR_OBJECT_HANDLE_INVALID); - X(CKR_OPERATION_ACTIVE); - X(CKR_OPERATION_NOT_INITIALIZED); - X(CKR_PIN_INCORRECT); - X(CKR_PIN_INVALID); - X(CKR_PIN_LEN_RANGE); - X(CKR_PIN_EXPIRED); - X(CKR_PIN_LOCKED); - X(CKR_SESSION_CLOSED); - X(CKR_SESSION_COUNT); - X(CKR_SESSION_HANDLE_INVALID); - X(CKR_SESSION_READ_ONLY); - X(CKR_SESSION_EXISTS); - X(CKR_SESSION_READ_ONLY_EXISTS); - X(CKR_SESSION_READ_WRITE_SO_EXISTS); - X(CKR_SIGNATURE_INVALID); - X(CKR_SIGNATURE_LEN_RANGE); - X(CKR_TEMPLATE_INCOMPLETE); - X(CKR_TEMPLATE_INCONSISTENT); - X(CKR_TOKEN_NOT_PRESENT); - X(CKR_TOKEN_NOT_RECOGNIZED); - X(CKR_TOKEN_WRITE_PROTECTED); - X(CKR_UNWRAPPING_KEY_HANDLE_INVALID); - X(CKR_UNWRAPPING_KEY_SIZE_RANGE); - X(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT); - X(CKR_USER_ALREADY_LOGGED_IN); - X(CKR_USER_NOT_LOGGED_IN); - X(CKR_USER_PIN_NOT_INITIALIZED); - X(CKR_USER_TYPE_INVALID); - X(CKR_USER_ANOTHER_ALREADY_LOGGED_IN); - X(CKR_USER_TOO_MANY_TYPES); - X(CKR_WRAPPED_KEY_INVALID); - X(CKR_WRAPPED_KEY_LEN_RANGE); - X(CKR_WRAPPING_KEY_HANDLE_INVALID); - X(CKR_WRAPPING_KEY_SIZE_RANGE); - X(CKR_WRAPPING_KEY_TYPE_INCONSISTENT); - X(CKR_RANDOM_SEED_NOT_SUPPORTED); - X(CKR_RANDOM_NO_RNG); - X(CKR_DOMAIN_PARAMS_INVALID); - X(CKR_BUFFER_TOO_SMALL); - X(CKR_SAVED_STATE_INVALID); - X(CKR_INFORMATION_SENSITIVE); - X(CKR_STATE_UNSAVEABLE); - X(CKR_CRYPTOKI_NOT_INITIALIZED); - X(CKR_CRYPTOKI_ALREADY_INITIALIZED); - X(CKR_MUTEX_BAD); - X(CKR_MUTEX_NOT_LOCKED); - X(CKR_FUNCTION_REJECTED); - #undef X - - return 0; -} diff --git a/p11-kit/tests/test-conf.c b/p11-kit/tests/test-conf.c deleted file mode 100644 index d5dc415..0000000 --- a/p11-kit/tests/test-conf.c +++ /dev/null @@ -1,456 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include - -#include "conf.h" -#include "debug.h" -#include "message.h" -#include "p11-kit.h" -#include "private.h" - -#ifdef OS_UNIX -#include -#include -#include -#endif - -static void -test_parse_conf_1 (void) -{ - p11_dict *map; - const char *value; - - map = _p11_conf_parse_file (SRCDIR "/files/test-1.conf", NULL, 0); - assert_ptr_not_null (map); - - value = p11_dict_get (map, "key1"); - assert_str_eq ("value1", value); - - value = p11_dict_get (map, "with-colon"); - assert_str_eq ("value-of-colon", value); - - value = p11_dict_get (map, "with-whitespace"); - assert_str_eq ("value-with-whitespace", value); - - value = p11_dict_get (map, "embedded-comment"); - assert_str_eq ("this is # not a comment", value); - - p11_dict_free (map); -} - -static void -test_parse_ignore_missing (void) -{ - p11_dict *map; - - map = _p11_conf_parse_file (SRCDIR "/files/non-existant.conf", NULL, CONF_IGNORE_MISSING); - assert_ptr_not_null (map); - - assert_num_eq (0, p11_dict_size (map)); - assert (p11_message_last () == NULL); - p11_dict_free (map); -} - -static void -test_parse_fail_missing (void) -{ - p11_dict *map; - - map = _p11_conf_parse_file (SRCDIR "/files/non-existant.conf", NULL, 0); - assert (map == NULL); - assert_ptr_not_null (p11_message_last ()); -} - -static void -test_merge_defaults (void) -{ - p11_dict *values; - p11_dict *defaults; - - values = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - - p11_dict_set (values, strdup ("one"), strdup ("real1")); - p11_dict_set (values, strdup ("two"), strdup ("real2")); - - p11_dict_set (defaults, strdup ("two"), strdup ("default2")); - p11_dict_set (defaults, strdup ("three"), strdup ("default3")); - - if (!_p11_conf_merge_defaults (values, defaults)) - assert_not_reached (); - - p11_dict_free (defaults); - - assert_str_eq (p11_dict_get (values, "one"), "real1"); - assert_str_eq (p11_dict_get (values, "two"), "real2"); - assert_str_eq (p11_dict_get (values, "three"), "default3"); - - p11_dict_free (values); -} - -static void -test_load_globals_merge (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/files/test-system-merge.conf", - SRCDIR "/files/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_MERGE, user_mode); - - assert_str_eq (p11_dict_get (config, "key1"), "system1"); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_no_user (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/files/test-system-none.conf", - SRCDIR "/files/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_NONE, user_mode); - - assert_str_eq (p11_dict_get (config, "key1"), "system1"); - assert_str_eq (p11_dict_get (config, "key2"), "system2"); - assert_str_eq (p11_dict_get (config, "key3"), "system3"); - - p11_dict_free (config); -} - -static void -test_load_globals_user_sets_only (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/files/test-system-merge.conf", - SRCDIR "/files/test-user-only.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_ONLY, user_mode); - - assert (p11_dict_get (config, "key1") == NULL); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_system_sets_only (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/files/test-system-only.conf", - SRCDIR "/files/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_ONLY, user_mode); - - assert (p11_dict_get (config, "key1") == NULL); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_system_sets_invalid (void) -{ - int user_mode = -1; - p11_dict *config; - int error; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/files/test-system-invalid.conf", - SRCDIR "/files/non-existant.conf", - &user_mode); - error = errno; - assert_ptr_eq (NULL, config); - assert_num_eq (EINVAL, error); - assert_ptr_not_null (p11_message_last ()); - - p11_dict_free (config); -} - -static void -test_load_globals_user_sets_invalid (void) -{ - int user_mode = -1; - p11_dict *config; - int error; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/files/test-system-merge.conf", - SRCDIR "/files/test-user-invalid.conf", - &user_mode); - error = errno; - assert_ptr_eq (NULL, config); - assert_num_eq (EINVAL, error); - assert_ptr_not_null (p11_message_last ()); - - p11_dict_free (config); -} - -static bool -assert_msg_contains (const char *msg, - const char *text) -{ - return (msg && strstr (msg, text)) ? true : false; -} - -static void -test_load_modules_merge (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_MERGE, - SRCDIR "/files/package-modules", - SRCDIR "/files/system-modules", - SRCDIR "/files/user-modules"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_not_null (config); - assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user3"); - - p11_dict_free (configs); -} - -static void -test_load_modules_user_none (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_NONE, - SRCDIR "/files/package-modules", - SRCDIR "/files/system-modules", - SRCDIR "/files/user-modules"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_eq (NULL, config); - - p11_dict_free (configs); -} - -static void -test_load_modules_user_only (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_ONLY, - SRCDIR "/files/package-modules", - SRCDIR "/files/system-modules", - SRCDIR "/files/user-modules"); - assert_ptr_not_null (configs); - assert_ptr_eq (NULL, (void *)p11_message_last ()); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert (p11_dict_get (config, "module") == NULL); - assert_str_eq (p11_dict_get (config, "setting"), "user1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_eq (NULL, config); - - config = p11_dict_get (configs, "three"); - assert_ptr_not_null (config); - assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user3"); - - p11_dict_free (configs); -} - -static void -test_load_modules_no_user (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_MERGE, - SRCDIR "/files/package-modules", - SRCDIR "/files/system-modules", - SRCDIR "/files/non-existant"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_eq (NULL, config); - - p11_dict_free (configs); -} - -static void -test_parse_boolean (void) -{ - p11_message_quiet (); - - assert_num_eq (true, _p11_conf_parse_boolean ("yes", false)); - assert_num_eq (false, _p11_conf_parse_boolean ("no", true)); - assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true)); -} - -#ifdef OS_UNIX - -static void -test_setuid (void) -{ - const char *args[] = { BUILDDIR "/frob-setuid", NULL, }; - char *path; - int ret; - - /* This is the 'number' setting set in one.module user configuration. */ - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 33); - - path = p11_test_copy_setgid (args[0]); - if (path == NULL) - return; - - args[0] = path; - - /* This is the 'number' setting set in one.module system configuration. */ - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 18); - - if (unlink (path) < 0) - assert_fail ("unlink failed", strerror (errno)); - free (path); -} - -#endif /* OS_UNIX */ - -int -main (int argc, - char *argv[]) -{ - p11_test (test_parse_conf_1, "/conf/test_parse_conf_1"); - p11_test (test_parse_ignore_missing, "/conf/test_parse_ignore_missing"); - p11_test (test_parse_fail_missing, "/conf/test_parse_fail_missing"); - p11_test (test_merge_defaults, "/conf/test_merge_defaults"); - p11_test (test_load_globals_merge, "/conf/test_load_globals_merge"); - p11_test (test_load_globals_no_user, "/conf/test_load_globals_no_user"); - p11_test (test_load_globals_system_sets_only, "/conf/test_load_globals_system_sets_only"); - p11_test (test_load_globals_user_sets_only, "/conf/test_load_globals_user_sets_only"); - p11_test (test_load_globals_system_sets_invalid, "/conf/test_load_globals_system_sets_invalid"); - p11_test (test_load_globals_user_sets_invalid, "/conf/test_load_globals_user_sets_invalid"); - p11_test (test_load_modules_merge, "/conf/test_load_modules_merge"); - p11_test (test_load_modules_no_user, "/conf/test_load_modules_no_user"); - p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only"); - p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none"); - p11_test (test_parse_boolean, "/conf/test_parse_boolean"); -#ifdef OS_UNIX - /* Don't run this test when under fakeroot */ - if (!getenv ("FAKED_MODE")) { - p11_test (test_setuid, "/conf/setuid"); - } -#endif - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-deprecated.c b/p11-kit/tests/test-deprecated.c deleted file mode 100644 index c8b8001..0000000 --- a/p11-kit/tests/test-deprecated.c +++ /dev/null @@ -1,513 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_NO_DEPRECATIONS - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "mock.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_RV rv; - - rv = p11_kit_initialize_registered (); - assert_num_eq (CKR_OK, rv); - modules = p11_kit_registered_modules (); - assert (modules != NULL && modules[0] != NULL); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - CK_RV rv; - - free (modules); - rv = p11_kit_finalize_registered (); - assert_num_eq (CKR_OK, rv); - -} - -static void -test_no_duplicates (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - p11_dict *paths; - p11_dict *funcs; - char *path; - int i; - - modules = initialize_and_get_modules (); - paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - path = p11_kit_registered_option (modules[i], "module"); - - if (p11_dict_get (funcs, modules[i])) - assert_fail ("found duplicate function list pointer", NULL); - if (p11_dict_get (paths, path)) - assert_fail ("found duplicate path name", NULL); - - if (!p11_dict_set (funcs, modules[i], "")) - assert_not_reached (); - if (!p11_dict_set (paths, path, "")) - assert_not_reached (); - - free (path); - } - - p11_dict_free (paths); - p11_dict_free (funcs); - finalize_and_free_modules (modules); -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - CK_FUNCTION_LIST_PTR module; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_registered_module_to_name (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (module_name, name) == 0) - match = modules[i]; - free (module_name); - } - - /* - * As a side effect, we should check that the results of this function - * matches the above search. - */ - module = p11_kit_registered_name_to_module (name); - if (module != match) - assert_fail ("different result from p11_kit_registered_name_to_module()", NULL); - - return match; -} - -static void -test_disable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") != NULL); - finalize_and_free_modules (modules); - - /* - * The module two shouldn't have been loaded, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_disable_later (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_RV rv; - - /* - * The module two shouldn't be matched, because in its config - * file we have: - * - * disable-in: test-disable - */ - - rv = p11_kit_initialize_registered (); - assert_num_eq (CKR_OK, rv); - - p11_kit_set_progname ("test-disable"); - - modules = p11_kit_registered_modules (); - assert (modules != NULL && modules[0] != NULL); - - assert (lookup_module_with_name (modules, "two") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_enable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") == NULL); - finalize_and_free_modules (modules); - - /* - * The module three should be loaded here , because in its config - * file we have: - * - * enable-in: test-enable - */ - - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") != NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -CK_FUNCTION_LIST module; - -#ifdef OS_UNIX - -#include - -static CK_RV -mock_C_Initialize__with_fork (CK_VOID_PTR init_args) -{ - struct timespec ts = { 0, 100 * 1000 * 1000 }; - CK_RV rv; - pid_t child; - pid_t ret; - int status; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - /* Fork during the initialization */ - child = fork (); - if (child == 0) { - close (1); - nanosleep (&ts, NULL); - exit (66); - } - - ret = waitpid (child, &status, 0); - assert (ret == child); - assert (WIFEXITED (status)); - assert (WEXITSTATUS (status) == 66); - - return CKR_OK; -} - -static void -test_fork_initialization (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_fork; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - assert (!mock_module_initialized ()); -} - -#endif /* OS_UNIX */ - -static CK_RV -mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) -{ - /* Recursively initialize, this is broken */ - return p11_kit_initialize_module (&module); -} - -static void -test_recursive_initialization (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_recursive; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_FUNCTION_FAILED); - - assert (!mock_module_initialized ()); -} - -static p11_mutex_t race_mutex; -static int initialization_count = 0; -static int finalization_count = 0; - -static CK_RV -mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - initialization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static CK_RV -mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - finalization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static void * -initialization_thread (void *data) -{ - CK_RV rv; - - assert_str_eq (data, "thread-data"); - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - return "thread-data"; -} - -static void * -finalization_thread (void *data) -{ - CK_RV rv; - - assert_str_eq (data, "thread-data"); - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - return "thread-data"; -} - -static void -test_threaded_initialization (void) -{ - static const int num_threads = 2; - p11_thread_t threads[num_threads]; - int ret; - int i; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__threaded_race; - module.C_Finalize = mock_C_Finalize__threaded_race; - - p11_mutex_lock (&race_mutex); - initialization_count = 0; - finalization_count = 0; - p11_mutex_unlock (&race_mutex); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], initialization_thread, "thread-data"); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], finalization_thread, "thread-data"); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - /* C_Initialize should have been called exactly once */ - p11_mutex_lock (&race_mutex); - assert_num_eq (1, initialization_count); - assert_num_eq (1, finalization_count); - p11_mutex_unlock (&race_mutex); - - assert (!mock_module_initialized ()); -} - -static CK_RV -mock_C_Initialize__test_mutexes (CK_VOID_PTR args) -{ - CK_C_INITIALIZE_ARGS_PTR init_args; - void *mutex = NULL; - CK_RV rv; - - rv = mock_C_Initialize (NULL); - if (rv != CKR_OK) - return rv; - - assert (args != NULL); - init_args = args; - - rv = (init_args->CreateMutex) (&mutex); - assert (rv == CKR_OK); - - rv = (init_args->LockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->UnlockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->DestroyMutex) (mutex); - assert (rv == CKR_OK); - - return CKR_OK; -} - -static void -test_mutexes (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__test_mutexes; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - assert (!mock_module_initialized ()); -} - -static void -test_load_and_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - int ret; - - rv = p11_kit_load_initialize_module (BUILDDIR "/.libs/mock-one" SHLEXT, &module); - assert (rv == CKR_OK); - assert (module != NULL); - - rv = (module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); - assert (ret == 0); - - rv = p11_kit_finalize_module (module); - assert_num_eq (rv, CKR_OK); -} - -int -main (int argc, - char *argv[]) -{ - p11_mutex_init (&race_mutex); - mock_module_init (); - p11_library_init (); - - p11_test (test_no_duplicates, "/deprecated/test_no_duplicates"); - p11_test (test_disable, "/deprecated/test_disable"); - p11_test (test_disable_later, "/deprecated/test_disable_later"); - p11_test (test_enable, "/deprecated/test_enable"); - -#ifdef OS_UNIX - p11_test (test_fork_initialization, "/deprecated/test_fork_initialization"); -#endif - - p11_test (test_recursive_initialization, "/deprecated/test_recursive_initialization"); - p11_test (test_threaded_initialization, "/deprecated/test_threaded_initialization"); - p11_test (test_mutexes, "/deprecated/test_mutexes"); - p11_test (test_load_and_initialize, "/deprecated/test_load_and_initialize"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-init.c b/p11-kit/tests/test-init.c deleted file mode 100644 index c4fcecb..0000000 --- a/p11-kit/tests/test-init.c +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include - -#include "library.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "private.h" -#include "virtual.h" - -#include -#include -#include -#include -#include -#include - -static CK_FUNCTION_LIST module; -static p11_mutex_t race_mutex; - -#ifdef OS_UNIX - -#include - -static CK_RV -mock_C_Initialize__with_fork (CK_VOID_PTR init_args) -{ - struct timespec ts = { 0, 100 * 1000 * 1000 }; - CK_RV rv; - pid_t child; - pid_t ret; - int status; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - /* Fork during the initialization */ - child = fork (); - if (child == 0) { - close (1); - nanosleep (&ts, NULL); - exit (66); - } - - ret = waitpid (child, &status, 0); - assert (ret == child); - assert (WIFEXITED (status)); - assert (WEXITSTATUS (status) == 66); - - return CKR_OK; -} - -static void -test_fork_initialization (void) -{ - CK_FUNCTION_LIST_PTR result; - CK_RV rv; - - mock_module_reset (); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_fork; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &result); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (result); - assert (rv == CKR_OK); - - rv = p11_kit_module_finalize (result); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (result); - assert (rv == CKR_OK); - - p11_unlock (); -} - -#endif /* OS_UNIX */ - -static CK_FUNCTION_LIST *recursive_managed; - -static CK_RV -mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) -{ - CK_RV rv; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - return p11_kit_module_initialize (recursive_managed); -} - -static void -test_recursive_initialization (void) -{ - CK_RV rv; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_recursive; - - p11_kit_be_quiet (); - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &recursive_managed); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (recursive_managed); - assert_num_eq (CKR_FUNCTION_FAILED, rv); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (recursive_managed); - assert (rv == CKR_OK); - - p11_unlock (); - - p11_kit_be_loud (); -} - -static int initialization_count = 0; -static int finalization_count = 0; - -static CK_RV -mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - initialization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static CK_RV -mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - finalization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static void * -initialization_thread (void *data) -{ - CK_FUNCTION_LIST *module = data; - CK_RV rv; - - assert (module != NULL); - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - return module; -} - -static void * -finalization_thread (void *data) -{ - CK_FUNCTION_LIST *module = data; - CK_RV rv; - - assert (module != NULL); - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - return module; -} - -static void -test_threaded_initialization (void) -{ - static const int num_threads = 1; - CK_FUNCTION_LIST *data[num_threads]; - p11_thread_t threads[num_threads]; - CK_RV rv; - int ret; - int i; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__threaded_race; - module.C_Finalize = mock_C_Finalize__threaded_race; - - memset (&data, 0, sizeof (data)); - - p11_mutex_lock (&race_mutex); - initialization_count = 0; - finalization_count = 0; - p11_mutex_unlock (&race_mutex); - - p11_lock (); - - for (i = 0; i < num_threads; i++) { - assert (data[i] == NULL); - rv = p11_module_load_inlock_reentrant (&module, 0, &data[i]); - assert (rv == CKR_OK); - } - - p11_unlock (); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], initialization_thread, data[i]); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], finalization_thread, data[i]); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - p11_lock (); - - for (i = 0; i < num_threads; i++) { - assert (data[i] != NULL); - rv = p11_module_release_inlock_reentrant (data[i]); - assert (rv == CKR_OK); - } - - p11_unlock (); - - /* C_Initialize should have been called exactly once */ - assert_num_eq (1, initialization_count); - assert_num_eq (1, finalization_count); -} - -static CK_RV -mock_C_Initialize__test_mutexes (CK_VOID_PTR args) -{ - CK_C_INITIALIZE_ARGS_PTR init_args; - void *mutex = NULL; - CK_RV rv; - - assert (args != NULL); - init_args = args; - - rv = (init_args->CreateMutex) (&mutex); - assert (rv == CKR_OK); - - rv = (init_args->LockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->UnlockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->DestroyMutex) (mutex); - assert (rv == CKR_OK); - - return CKR_OK; -} - -static void -test_mutexes (void) -{ - CK_FUNCTION_LIST_PTR result; - CK_RV rv; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__test_mutexes; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &result); - assert (rv == CKR_OK); - - rv = p11_module_release_inlock_reentrant (result); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static void -test_load_and_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - int ret; - - module = p11_kit_module_load (BUILDDIR "/.libs/mock-one" SHLEXT, 0); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - rv = (module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); - assert (ret == 0); - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_kit_module_release (module); -} - -static void -test_initalize_fail (void) -{ - CK_FUNCTION_LIST failer; - CK_FUNCTION_LIST *modules[3] = { &mock_module_no_slots, &failer, NULL }; - CK_RV rv; - - memcpy (&failer, &mock_module, sizeof (CK_FUNCTION_LIST)); - failer.C_Initialize = mock_C_Initialize__fails; - - mock_module_reset (); - p11_kit_be_quiet (); - - rv = p11_kit_modules_initialize (modules, NULL); - assert_num_eq (CKR_FUNCTION_FAILED, rv); - - p11_kit_be_loud (); - - /* Failed modules get removed from the list */ - assert_ptr_eq (&mock_module_no_slots, modules[0]); - assert_ptr_eq (NULL, modules[1]); - assert_ptr_eq (NULL, modules[2]); - - p11_kit_modules_finalize (modules); -} - -static void -test_finalize_fail (void) -{ - -} - -int -main (int argc, - char *argv[]) -{ - p11_mutex_init (&race_mutex); - mock_module_init (); - p11_library_init (); - - /* These only work when managed */ - if (p11_virtual_can_wrap ()) { - p11_test (test_recursive_initialization, "/init/test_recursive_initialization"); - p11_test (test_threaded_initialization, "/init/test_threaded_initialization"); - p11_test (test_mutexes, "/init/test_mutexes"); - p11_test (test_load_and_initialize, "/init/test_load_and_initialize"); - -#ifdef OS_UNIX - p11_test (test_fork_initialization, "/init/test_fork_initialization"); -#endif - } - - p11_test (test_initalize_fail, "/init/test_initalize_fail"); - p11_test (test_finalize_fail, "/init/test_finalize_fail"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-iter.c b/p11-kit/tests/test-iter.c deleted file mode 100644 index 055a4b3..0000000 --- a/p11-kit/tests/test-iter.c +++ /dev/null @@ -1,1331 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#define P11_KIT_FUTURE_UNSTABLE_API 1 - -#include "attrs.h" -#include "dict.h" -#include "iter.h" -#include "library.h" -#include "message.h" -#include "mock.h" - -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - p11_message_quiet (); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - p11_message_loud (); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - p11_kit_modules_finalize (modules); - p11_kit_modules_release (modules); -} - -static int -has_handle (CK_ULONG *objects, - int count, - CK_ULONG handle) -{ - int i; - for (i = 0; i < count; i++) { - if (objects[i] == handle) - return 1; - } - - return 0; -} - - -static void -test_all (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_ULONG size; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_BUSY_SESSIONS); - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - /* Do something with the object */ - size = 0; - rv = (module->C_GetObjectSize) (session, objects[at], &size); - assert (rv == CKR_OK); - assert (size > 0); - - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static CK_RV -on_iter_callback (P11KitIter *iter, - CK_BBOOL *matches, - void *data) -{ - CK_OBJECT_HANDLE object; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_ULONG size; - CK_RV rv; - - assert_str_eq (data, "callback"); - - object = p11_kit_iter_get_object (iter); - if (object != MOCK_PUBLIC_KEY_CAPITALIZE && object != MOCK_PUBLIC_KEY_PREFIX) { - *matches = CK_FALSE; - return CKR_OK; - } - - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - /* Do something with the object */ - size = 0; - rv = (module->C_GetObjectSize) (session, object, &size); - assert (rv == CKR_OK); - assert (size > 0); - - return CKR_OK; -} - -static void -test_callback (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_iter_callback, "callback", NULL); - p11_kit_iter_begin (iter, modules); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static CK_RV -on_callback_fail (P11KitIter *iter, - CK_BBOOL *matches, - void *data) -{ - return CKR_DATA_INVALID; -} - -static void -test_callback_fails (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_callback_fail, "callback", NULL); - p11_kit_iter_begin (iter, modules); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DATA_INVALID); - - /* Shouldn't have succeeded at all */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - finalize_and_free_modules (modules); -} - -static void -on_destroy_increment (void *data) -{ - int *value = data; - (*value)++; -} - -static void -test_callback_destroyer (void) -{ - P11KitIter *iter; - int value = 1; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_callback_fail, &value, on_destroy_increment); - p11_kit_iter_free (iter); - - assert_num_eq (2, value); -} - -static void -test_with_session (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, session); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - slot = p11_kit_iter_get_slot (iter); - assert (slot == MOCK_SLOT_ONE_ID); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - - assert (session == p11_kit_iter_get_session (iter)); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - /* The session is still valid ... */ - rv = mock_module.C_CloseSession (session); - assert (rv == CKR_OK); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_with_slot (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, MOCK_SLOT_ONE_ID, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - slot = p11_kit_iter_get_slot (iter); - assert (slot == MOCK_SLOT_ONE_ID); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - rv = (mock_module.C_Finalize) (NULL); - assert (rv == CKR_OK); -} - -static void -test_with_module (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_keep_session (void) -{ - CK_SESSION_HANDLE session; - P11KitIter *iter; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, 0); - - rv = p11_kit_iter_next (iter); - assert (rv == CKR_OK); - - session = p11_kit_iter_keep_session (iter); - p11_kit_iter_free (iter); - - /* The session is still valid ... */ - rv = mock_module.C_CloseSession (session); - assert (rv == CKR_OK); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_unrecognized (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - p11_kit_uri_set_unrecognized (uri, 1); - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_uri_with_type (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int at; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:object-type=public", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (ret, P11_KIT_URI_OK); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_set_uri (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - p11_kit_uri_set_unrecognized (uri, 1); - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_set_uri (iter, uri); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - /* Nothing should have matched */ - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_CANCEL); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_filter (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - CK_BBOOL vfalse = CK_FALSE; - CK_OBJECT_CLASS public_key = CKO_PUBLIC_KEY; - CK_ATTRIBUTE attrs[] = { - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_CLASS, &public_key, sizeof (public_key) }, - }; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, attrs, 2); - - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_session_flags (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_SESSION_INFO info; - P11KitIter *iter; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); - p11_kit_iter_begin (iter, modules); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - - assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_module_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_module_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:library-description=blah", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:manufacturer=blah", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_info (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_TOKEN_INFO *info; - P11KitIter *iter; - char *string; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - info = p11_kit_iter_get_token (iter); - assert_ptr_not_null (info); - - string = p11_kit_space_strdup (info->label, sizeof (info->label)); - assert_ptr_not_null (string); - - assert_str_eq (string, "TEST LABEL"); - - free (string); - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_getslotlist_fail_first (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetSlotList = mock_C_GetSlotList__fail_first; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_VENDOR_DEFINED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_getslotlist_fail_late (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetSlotList = mock_C_GetSlotList__fail_late; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_VENDOR_DEFINED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_open_session_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_OpenSession = mock_C_OpenSession__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_ERROR); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_find_init_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_FindObjectsInit = mock_C_FindObjectsInit__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_MEMORY); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_find_objects_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_FindObjects = mock_C_FindObjects__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_REMOVED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_get_attributes (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_OBJECT_HANDLE object; - char label[128]; - CK_ULONG klass; - CK_ULONG ulong; - CK_RV rv; - int at; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, sizeof (label) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE attrs[3]; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (sizeof (attrs) == sizeof (template)); - memcpy (&attrs, &template, sizeof (attrs)); - - rv = p11_kit_iter_get_attributes (iter, attrs, 2); - assert (rv == CKR_OK); - - object = p11_kit_iter_get_object (iter); - switch (object) { - case MOCK_DATA_OBJECT: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); - break; - case MOCK_PUBLIC_KEY_CAPITALIZE: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); - break; - case MOCK_PUBLIC_KEY_PREFIX: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); - break; - default: - assert_fail ("Unknown object matched", NULL); - break; - } - - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - - - -static void -test_load_attributes (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE object; - CK_ULONG ulong; - CK_RV rv; - int at; - - CK_ATTRIBUTE types[] = { - { CKA_CLASS }, - { CKA_LABEL }, - }; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - attrs = p11_attrs_buildn (NULL, types, 2); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - rv = p11_kit_iter_load_attributes (iter, attrs, 2); - assert (rv == CKR_OK); - - object = p11_kit_iter_get_object (iter); - switch (object) { - case MOCK_DATA_OBJECT: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); - break; - case MOCK_PUBLIC_KEY_CAPITALIZE: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); - break; - case MOCK_PUBLIC_KEY_PREFIX: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); - break; - default: - assert_fail ("Unknown object matched", NULL); - break; - } - - at++; - } - - p11_attrs_free (attrs); - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_load_attributes_none (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_buildn (NULL, NULL, 0); - rv = p11_kit_iter_load_attributes (iter, attrs, 0); - assert (rv == CKR_OK); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_load_attributes_fail_first (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_first; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_build (NULL, &label, NULL); - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - assert (rv == CKR_FUNCTION_REJECTED); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_load_attributes_fail_late (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_late; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_build (NULL, &label, NULL); - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - assert (rv == CKR_FUNCTION_FAILED); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_many (void *flags) -{ - P11KitIterBehavior behavior; - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - p11_dict *seen; - P11KitIter *iter; - CK_RV rv; - int count; - int i; - - static CK_OBJECT_CLASS data = CKO_DATA; - static CK_ATTRIBUTE object[] = { - { CKA_VALUE, "blah", 4 }, - { CKA_CLASS, &data, sizeof (data) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, - }; - - behavior = 0; - if (strstr (flags, "busy-sessions")) - behavior |= P11_KIT_ITER_BUSY_SESSIONS; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert_num_eq (rv, CKR_OK); - - rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - for (i = 0; i < 10000; i++) - mock_module_add_object (MOCK_SLOT_ONE_ID, object); - - seen = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, free, NULL); - iter = p11_kit_iter_new (NULL, behavior); - p11_kit_iter_add_filter (iter, object, 3); - p11_kit_iter_begin_with (iter, &mock_module, 0, session); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - handle = p11_kit_iter_get_object (iter); - assert (p11_dict_get (seen, &handle) == NULL); - if (!p11_dict_set (seen, memdup (&handle, sizeof (handle)), "x")) - assert_not_reached (); - count++; - } - - assert_num_eq (rv, CKR_CANCEL); - assert_num_eq (count, 10000); - - p11_kit_iter_free (iter); - p11_dict_free (seen); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_destroy_object (void) -{ - CK_FUNCTION_LIST **modules; - P11KitIter *iter; - CK_OBJECT_HANDLE object; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *module; - CK_ULONG size; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); - - p11_kit_iter_begin (iter, modules); - - /* Should have matched */ - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - object = p11_kit_iter_get_object (iter); - session = p11_kit_iter_get_session (iter); - module = p11_kit_iter_get_module (iter); - - rv = (module->C_GetObjectSize) (session, object, &size); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_iter_destroy_object (iter); - assert_num_eq (rv, CKR_OK); - - rv = (module->C_GetObjectSize) (session, object, &size); - assert_num_eq (rv, CKR_OBJECT_HANDLE_INVALID); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - mock_module_init (); - - p11_test (test_all, "/iter/test_all"); - p11_test (test_unrecognized, "/iter/test_unrecognized"); - p11_test (test_uri_with_type, "/iter/test_uri_with_type"); - p11_test (test_set_uri, "/iter/set-uri"); - p11_test (test_session_flags, "/iter/test_session_flags"); - p11_test (test_callback, "/iter/test_callback"); - p11_test (test_callback_fails, "/iter/test_callback_fails"); - p11_test (test_callback_destroyer, "/iter/test_callback_destroyer"); - p11_test (test_filter, "/iter/test_filter"); - p11_test (test_with_session, "/iter/test_with_session"); - p11_test (test_with_slot, "/iter/test_with_slot"); - p11_test (test_with_module, "/iter/test_with_module"); - p11_test (test_keep_session, "/iter/test_keep_session"); - p11_test (test_token_match, "/iter/test_token_match"); - p11_test (test_token_mismatch, "/iter/test_token_mismatch"); - p11_test (test_token_info, "/iter/token-info"); - p11_test (test_module_match, "/iter/test_module_match"); - p11_test (test_module_mismatch, "/iter/test_module_mismatch"); - p11_test (test_getslotlist_fail_first, "/iter/test_getslotlist_fail_first"); - p11_test (test_getslotlist_fail_late, "/iter/test_getslotlist_fail_late"); - p11_test (test_open_session_fail, "/iter/test_open_session_fail"); - p11_test (test_find_init_fail, "/iter/test_find_init_fail"); - p11_test (test_find_objects_fail, "/iter/test_find_objects_fail"); - p11_test (test_get_attributes, "/iter/get-attributes"); - p11_test (test_load_attributes, "/iter/test_load_attributes"); - p11_test (test_load_attributes_none, "/iter/test_load_attributes_none"); - p11_test (test_load_attributes_fail_first, "/iter/test_load_attributes_fail_first"); - p11_test (test_load_attributes_fail_late, "/iter/test_load_attributes_fail_late"); - p11_testx (test_many, "", "/iter/test-many"); - p11_testx (test_many, "busy-sessions", "/iter/test-many-busy"); - p11_test (test_destroy_object, "/iter/destroy-object"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-log.c b/p11-kit/tests/test-log.c deleted file mode 100644 index e7dab70..0000000 --- a/p11-kit/tests/test-log.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "log.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "virtual.h" - -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - p11_log_force = true; - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - mock_module_init (); - - test_mock_add_tests ("/log"); - - p11_kit_be_quiet (); - p11_log_output = false; - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-managed.c b/p11-kit/tests/test-managed.c deleted file mode 100644 index c4ccd9a..0000000 --- a/p11-kit/tests/test-managed.c +++ /dev/null @@ -1,262 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "virtual.h" - -#include -#include -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static CK_RV -fail_C_Initialize (void *init_reserved) -{ - return CKR_FUNCTION_FAILED; -} - -static void -test_initialize_finalize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = module->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = module->C_Initialize (NULL); - assert (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED); - - rv = module->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = module->C_Finalize (NULL); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static void -test_initialize_fail (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_FUNCTION_LIST base; - CK_RV rv; - - memcpy (&base, &mock_module, sizeof (CK_FUNCTION_LIST)); - base.C_Initialize = fail_C_Initialize; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&base, 0, &module); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_FUNCTION_FAILED); -} - -static void -test_separate_close_all_sessions (void) -{ - CK_FUNCTION_LIST *first; - CK_FUNCTION_LIST *second; - CK_SESSION_HANDLE s1; - CK_SESSION_HANDLE s2; - CK_SESSION_INFO info; - CK_RV rv; - - first = setup_mock_module (&s1); - second = setup_mock_module (&s2); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_OK); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_OK); - - first->C_CloseAllSessions (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_OK); - - second->C_CloseAllSessions (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (first); - teardown_mock_module (second); -} - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST *module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - module = setup_mock_module (NULL); - assert_ptr_not_null (module); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - teardown_mock_module (module); -} - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - p11_library_init (); - - p11_test (test_initialize_finalize, "/managed/test_initialize_finalize"); - p11_test (test_initialize_fail, "/managed/test_initialize_fail"); - p11_test (test_separate_close_all_sessions, "/managed/test_separate_close_all_sessions"); - p11_test (test_fork_and_reinitialize, "/managed/fork-and-reinitialize"); - - test_mock_add_tests ("/managed"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-mock.c b/p11-kit/tests/test-mock.c deleted file mode 100644 index 8454f1f..0000000 --- a/p11-kit/tests/test-mock.c +++ /dev/null @@ -1,1685 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012-2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "p11-kit.h" - -#include -#include -#include -#include - -static void -test_get_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (MOCK_INFO.cryptokiVersion.major, info.cryptokiVersion.major); - assert_num_eq (MOCK_INFO.cryptokiVersion.minor, info.cryptokiVersion.minor); - assert (memcmp (MOCK_INFO.manufacturerID, info.manufacturerID, sizeof (info.manufacturerID)) == 0); - assert_num_eq (MOCK_INFO.flags, info.flags); - assert (memcmp (MOCK_INFO.libraryDescription, info.libraryDescription, sizeof (info.libraryDescription)) == 0); - assert_num_eq (MOCK_INFO.libraryVersion.major, info.libraryVersion.major); - assert_num_eq (MOCK_INFO.libraryVersion.minor, info.libraryVersion.minor); - - teardown_mock_module (module); -} - -static void -test_get_slot_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot_list[8]; - CK_ULONG count = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - /* Normal module has 2 slots, one with token present */ - rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_PRESENT, count); - rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_ALL, count); - - count = 8; - rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_PRESENT, count); - assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); - - count = 8; - rv = (module->C_GetSlotList) (CK_FALSE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_ALL, count); - assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); - assert_num_eq (MOCK_SLOT_TWO_ID, slot_list[1]); - - teardown_mock_module (module); -} - -static void -test_get_slot_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_INFO info; - char *string; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info); - assert (rv == CKR_OK); - string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription)); - assert_str_eq ("TEST SLOT", string); - free (string); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("TEST MANUFACTURER", string); - free (string); - assert_num_eq (CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, info.flags); - assert_num_eq (55, info.hardwareVersion.major); - assert_num_eq (155, info.hardwareVersion.minor); - assert_num_eq (65, info.firmwareVersion.major); - assert_num_eq (165, info.firmwareVersion.minor); - - rv = (module->C_GetSlotInfo) (MOCK_SLOT_TWO_ID, &info); - assert (rv == CKR_OK); - assert_num_eq (CKF_REMOVABLE_DEVICE, info.flags); - - rv = (module->C_GetSlotInfo) (0, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_token_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_TOKEN_INFO info; - char *string; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info); - assert (rv == CKR_OK); - - string = p11_kit_space_strdup (info.label, sizeof (info.label)); - assert_str_eq ("TEST LABEL", string); - free (string); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("TEST MANUFACTURER", string); - free (string); - string = p11_kit_space_strdup (info.model, sizeof (info.model)); - assert_str_eq ("TEST MODEL", string); - free (string); - string = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); - assert_str_eq ("TEST SERIAL", string); - free (string); - assert_num_eq (CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, info.flags); - assert_num_eq (1, info.ulMaxSessionCount); - assert_num_eq (2, info.ulSessionCount); - assert_num_eq (3, info.ulMaxRwSessionCount); - assert_num_eq (4, info.ulRwSessionCount); - assert_num_eq (5, info.ulMaxPinLen); - assert_num_eq (6, info.ulMinPinLen); - assert_num_eq (7, info.ulTotalPublicMemory); - assert_num_eq (8, info.ulFreePublicMemory); - assert_num_eq (9, info.ulTotalPrivateMemory); - assert_num_eq (10, info.ulFreePrivateMemory); - assert_num_eq (75, info.hardwareVersion.major); - assert_num_eq (175, info.hardwareVersion.minor); - assert_num_eq (85, info.firmwareVersion.major); - assert_num_eq (185, info.firmwareVersion.minor); - assert (memcmp (info.utcTime, "1999052509195900", sizeof (info.utcTime)) == 0); - - rv = (module->C_GetTokenInfo) (MOCK_SLOT_TWO_ID, &info); - assert (rv == CKR_TOKEN_NOT_PRESENT); - - rv = (module->C_GetTokenInfo) (0, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_mechanism_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_MECHANISM_TYPE mechs[8]; - CK_ULONG count = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (2, count); - rv = (module->C_GetMechanismList) (MOCK_SLOT_TWO_ID, NULL, &count); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_GetMechanismList) (0, NULL, &count); - assert (rv == CKR_SLOT_ID_INVALID); - - count = 8; - rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, mechs, &count); - assert (rv == CKR_OK); - assert_num_eq (2, count); - assert_num_eq (mechs[0], CKM_MOCK_CAPITALIZE); - assert_num_eq (mechs[1], CKM_MOCK_PREFIX); - - teardown_mock_module (module); -} - -static void -test_get_mechanism_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_MECHANISM_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (512, info.ulMinKeySize); - assert_num_eq (4096, info.ulMaxKeySize); - assert_num_eq (CKF_ENCRYPT | CKF_DECRYPT, info.flags); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_OK); - assert_num_eq (2048, info.ulMinKeySize); - assert_num_eq (2048, info.ulMaxKeySize); - assert_num_eq (CKF_SIGN | CKF_VERIFY, info.flags); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_TWO_ID, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, 0, &info); - assert (rv == CKR_MECHANISM_INVALID); - rv = (module->C_GetMechanismInfo) (0, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_init_token (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_OK); - - rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"OTHER", 5, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_PIN_INVALID); - rv = (module->C_InitToken) (MOCK_SLOT_TWO_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_InitToken) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_wait_for_slot_event (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - CK_RV rv; - -#ifdef MOCK_SKIP_WAIT_TEST - return; -#endif - - module = setup_mock_module (NULL); - - rv = (module->C_WaitForSlotEvent) (0, &slot, NULL); - assert (rv == CKR_OK); - assert_num_eq (slot, MOCK_SLOT_TWO_ID); - - rv = (module->C_WaitForSlotEvent) (CKF_DONT_BLOCK, &slot, NULL); - assert (rv == CKR_NO_EVENT); - - teardown_mock_module (module); -} - -static void -test_open_close_session (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_SLOT_ID_INVALID); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_OK); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_close_all_sessions (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_CloseAllSessions) (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_function_status (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_GetFunctionStatus) (session); - assert (rv == CKR_FUNCTION_NOT_PARALLEL); - - teardown_mock_module (module); -} - -static void -test_cancel_function (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_CancelFunction) (session); - assert (rv == CKR_FUNCTION_NOT_PARALLEL); - - teardown_mock_module (module); -} - -static void -test_get_session_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_SESSION_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetSessionInfo) (0, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); - assert_num_eq (CKS_RO_PUBLIC_SESSION, info.state); - assert_num_eq (CKF_SERIAL_SESSION, info.flags); - assert_num_eq (1414, info.ulDeviceError); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); - assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); - assert_num_eq (CKF_SERIAL_SESSION | CKF_RW_SESSION, info.flags); - assert_num_eq (1414, info.ulDeviceError); - - teardown_mock_module (module); -} - -static void -test_init_pin (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_InitPIN) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_OK); - - rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"OTHER", 5); - assert (rv == CKR_PIN_INVALID); - - teardown_mock_module (module); -} - -static void -test_set_pin (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_OK); - - rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5); - assert (rv == CKR_PIN_INCORRECT); - - teardown_mock_module (module); -} - -static void -test_operation_state (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_BYTE state[128]; - CK_ULONG state_len; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - state_len = sizeof (state); - rv = (module->C_GetOperationState) (0, state, &state_len); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - state_len = sizeof (state); - rv = (module->C_GetOperationState) (session, state, &state_len); - assert (rv == CKR_OK); - - rv = (module->C_SetOperationState) (session, state, state_len, 355, 455); - assert (rv == CKR_OK); - - rv = (module->C_SetOperationState) (0, state, state_len, 355, 455); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_login_logout (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2); - assert (rv == CKR_PIN_INCORRECT); - - rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_Logout) (session); - assert (rv == CKR_OK); - - rv = (module->C_Logout) (session); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - teardown_mock_module (module); -} - -static void -test_get_attribute_value (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_OBJECT_CLASS klass; - CK_RV rv; - - module = setup_mock_module (&session); - - attrs[0].type = CKA_CLASS; - attrs[0].pValue = &klass; - attrs[0].ulValueLen = sizeof (klass); - attrs[1].type = CKA_LABEL; - attrs[1].pValue = label; - attrs[1].ulValueLen = 2; /* too small */ - attrs[2].type = CKA_BITS_PER_PIXEL; - attrs[2].pValue = NULL; - attrs[2].ulValueLen = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_BUFFER_TOO_SMALL); - - /* Get right size */ - attrs[1].pValue = NULL; - attrs[1].ulValueLen = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); - - assert_num_eq (CKO_PUBLIC_KEY, klass); - assert_num_eq (21, attrs[1].ulValueLen); - assert_ptr_eq (NULL, attrs[1].pValue); - attrs[1].pValue = label; - attrs[1].ulValueLen = sizeof (label); - assert ((CK_ULONG)-1 == attrs[2].ulValueLen); - assert_ptr_eq (NULL, attrs[2].pValue); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); - - assert_num_eq (CKO_PUBLIC_KEY, klass); - assert_num_eq (21, attrs[1].ulValueLen); - assert_ptr_eq (label, attrs[1].pValue); - assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); - assert ((CK_ULONG)-1 == attrs[2].ulValueLen); - assert_ptr_eq (NULL, attrs[2].pValue); - - teardown_mock_module (module); -} - -static void -test_set_attribute_value (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - memset (label, 0, sizeof (label)); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_create_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_CreateObject) (0, attrs, 2, &object); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_CreateObject) (session, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, object, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_copy_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - bits = 1555; - - attrs[0].type = CKA_BITS_PER_PIXEL; - attrs[0].pValue = &bits; - attrs[0].ulValueLen = sizeof (bits); - - rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = (module->C_CopyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1, &object); - assert (rv == CKR_OK); - - attrs[1].type = CKA_LABEL; - attrs[1].pValue = label; - attrs[1].ulValueLen = sizeof (label); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, object, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (21, attrs[1].ulValueLen); - assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_destroy_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_RV rv; - - module = setup_mock_module (&session); - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = sizeof (label); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); - assert (rv == CKR_OK); - - rv = (module->C_DestroyObject) (0, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DestroyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_object_size (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ULONG size; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_GetObjectSize) (session, 1333, &size); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = (module->C_GetObjectSize) (session, MOCK_PUBLIC_KEY_CAPITALIZE, &size); - assert (rv == CKR_OK); - - /* The number here is the length of all attributes added up */ - assert_num_eq (sizeof (CK_ULONG) == 8 ? 44 : 36, size); - - teardown_mock_module (module); -} - -static void -test_find_objects (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; - CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) }; - CK_OBJECT_HANDLE objects[16]; - CK_ULONG count; - CK_ULONG i; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_FindObjectsInit) (0, &attr, 1); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_FindObjectsInit) (session, &attr, 1); - assert (rv == CKR_OK); - - rv = (module->C_FindObjects) (0, objects, 16, &count); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_FindObjects) (session, objects, 16, &count); - assert (rv == CKR_OK); - - assert (count < 16); - - /* Make sure we get the capitalize public key */ - for (i = 0; i < count; i++) { - if (objects[i] == MOCK_PUBLIC_KEY_CAPITALIZE) - break; - } - assert (i != count); - - /* Make sure we get the prefix public key */ - for (i = 0; i < count; i++) { - if (objects[i] == MOCK_PUBLIC_KEY_PREFIX) - break; - } - assert (i != count); - - /* Make sure all public keys */ - for (i = 0; i < count; i++) { - klass = (CK_ULONG)-1; - rv = (module->C_GetAttributeValue) (session, objects[i], &attr, 1); - assert (rv == CKR_OK); - assert_num_eq (CKO_PUBLIC_KEY, klass); - } - - rv = (module->C_FindObjectsFinal) (session); - assert (rv == CKR_OK); - - rv = (module->C_FindObjectsFinal) (session); - assert (rv == CKR_OPERATION_NOT_INITIALIZED); - - teardown_mock_module (module); -} - -static void -test_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "SLURM", 5) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_decrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "slurm", 5) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_digest (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE digest[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_DigestInit) (0, &mech); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); - - length = sizeof (digest); - rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (digest); - rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (digest, "4", 1) == 0); - - rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); - - rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - /* Adds the the value of object handle to hash: 6 */ - assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX); - rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = sizeof (digest); - rv = (module->C_DigestFinal) (0, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (digest); - rv = (module->C_DigestFinal) (session, digest, &length); - assert (rv == CKR_OK); - - assert_num_eq (2, length); - assert (memcmp (digest, "16", 2) == 0); - - teardown_mock_module (module); -} - -static void -test_sign (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (13, length); - assert (memcmp (signature, "prefix:value4", 13) == 0); - - rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_SignFinal) (0, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_SignFinal) (session, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (14, length); - assert (memcmp (signature, "prefix:value10", 2) == 0); - - teardown_mock_module (module); -} - -static void -test_sign_recover (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (16, length); - assert (memcmp (signature, "prefix:valueBLAh", 16) == 0); - - teardown_mock_module (module); -} - -static void -test_verify (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = 13; - memcpy (signature, "prefix:value4", length); - rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length); - assert (rv == CKR_OK); - - rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = 14; - memcpy (signature, "prefix:value10", length); - - rv = (module->C_VerifyFinal) (session, signature, 5); - assert (rv == CKR_SIGNATURE_LEN_RANGE); - - rv = (module->C_VerifyFinal) (session, signature, length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_verify_recover (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLah", 4) == 0); - - teardown_mock_module (module); -} - -static void -test_digest_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (data, "4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_decrypt_digest (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (data, "4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_sign_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM smech = { CKM_MOCK_PREFIX, "p:", 2 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_SignFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (8, length); - assert (memcmp (data, "p:value4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_decrypt_verify (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM vmech = { CKM_MOCK_PREFIX, "p:", 2 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_generate_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_GENERATE, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "generate"; - mech.ulParameterLen = 9; - - rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (9, attrs[2].ulValueLen); - assert (memcmp (value, "generated", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_generate_key_pair (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE pub_object; - CK_OBJECT_HANDLE priv_object; - CK_MECHANISM mech = { CKM_MOCK_GENERATE, "generated", 9 }; - CK_ATTRIBUTE pub_attrs[8]; - CK_ATTRIBUTE priv_attrs[8]; - char pub_label[32]; - char pub_value[64]; - char priv_label[32]; - char priv_value[64]; - CK_ULONG pub_bits; - CK_ULONG priv_bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (pub_label, "Blahooo"); - pub_bits = 1555; - pub_attrs[0].type = CKA_LABEL; - pub_attrs[0].pValue = pub_label; - pub_attrs[0].ulValueLen = strlen (pub_label); - pub_attrs[1].type = CKA_BITS_PER_PIXEL; - pub_attrs[1].pValue = &pub_bits; - pub_attrs[1].ulValueLen = sizeof (pub_bits); - - strcpy (priv_label, "Private"); - priv_bits = 1666; - priv_attrs[0].type = CKA_LABEL; - priv_attrs[0].pValue = priv_label; - priv_attrs[0].ulValueLen = strlen (priv_label); - priv_attrs[1].type = CKA_BITS_PER_PIXEL; - priv_attrs[1].pValue = &priv_bits; - priv_attrs[1].ulValueLen = sizeof (priv_bits); - - rv = (module->C_GenerateKeyPair) (0, &mech, pub_attrs, 2, priv_attrs, 2, - &pub_object, &priv_object); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - mech.pParameter = "generate"; - mech.ulParameterLen = 9; - - rv = (module->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 2, - &pub_object, &priv_object); - assert (rv == CKR_OK); - - pub_bits = 0; - pub_attrs[0].ulValueLen = sizeof (pub_label); - memset (pub_label, 0, sizeof (pub_label)); - pub_attrs[2].type = CKA_VALUE; - pub_attrs[2].pValue = pub_value; - pub_attrs[2].ulValueLen = sizeof (pub_value); - - rv = (module->C_GetAttributeValue) (session, pub_object, pub_attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (1555, pub_bits); - assert_num_eq (7, pub_attrs[0].ulValueLen); - assert (memcmp (pub_label, "Blahooo", pub_attrs[0].ulValueLen) == 0); - assert_num_eq (9, pub_attrs[2].ulValueLen); - assert (memcmp (pub_value, "generated", pub_attrs[2].ulValueLen) == 0); - - priv_bits = 0; - priv_attrs[0].ulValueLen = sizeof (priv_label); - memset (priv_label, 0, sizeof (priv_label)); - priv_attrs[2].type = CKA_VALUE; - priv_attrs[2].pValue = priv_value; - priv_attrs[2].ulValueLen = sizeof (priv_value); - - rv = (module->C_GetAttributeValue) (session, priv_object, priv_attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (1666, priv_bits); - assert_num_eq (7, priv_attrs[0].ulValueLen); - assert (memcmp (priv_label, "Private", priv_attrs[0].ulValueLen) == 0); - assert_num_eq (9, priv_attrs[2].ulValueLen); - assert (memcmp (priv_value, "generated", priv_attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_wrap_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - length = sizeof (data); - rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "wrap"; - mech.ulParameterLen = 4; - - rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "value", 5) == 0); - - teardown_mock_module (module); -} - -static void -test_unwrap_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "wrap"; - mech.ulParameterLen = 4; - - rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (5, attrs[2].ulValueLen); - assert (memcmp (value, "wheee", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_derive_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_DERIVE, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "derive"; - mech.ulParameterLen = 6; - - rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (7, attrs[2].ulValueLen); - assert (memcmp (value, "derived", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_random (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_BYTE data[10]; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_SeedRandom) (0, (CK_BYTE_PTR)"seed", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SeedRandom) (session, (CK_BYTE_PTR)"seed", 4); - assert (rv == CKR_OK); - - rv = (module->C_GenerateRandom) (0, data, sizeof (data)); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_GenerateRandom) (session, data, sizeof (data)); - assert (rv == CKR_OK); - - assert (memcmp (data, "seedseedse", sizeof (data)) == 0); - - teardown_mock_module (module); -} - -static void -test_mock_add_tests (const char *prefix) -{ - p11_fixture (NULL, NULL); - p11_test (test_get_info, "%s/test_get_info", prefix); - p11_test (test_get_slot_list, "%s/test_get_slot_list", prefix); - p11_test (test_get_slot_info, "%s/test_get_slot_info", prefix); - p11_test (test_get_token_info, "%s/test_get_token_info", prefix); - p11_test (test_get_mechanism_list, "%s/test_get_mechanism_list", prefix); - p11_test (test_get_mechanism_info, "%s/test_get_mechanism_info", prefix); - p11_test (test_init_token, "%s/test_init_token", prefix); - p11_test (test_wait_for_slot_event, "%s/test_wait_for_slot_event", prefix); - p11_test (test_open_close_session, "%s/test_open_close_session", prefix); - p11_test (test_close_all_sessions, "%s/test_close_all_sessions", prefix); - p11_test (test_get_function_status, "%s/test_get_function_status", prefix); - p11_test (test_cancel_function, "%s/test_cancel_function", prefix); - p11_test (test_get_session_info, "%s/test_get_session_info", prefix); - p11_test (test_init_pin, "%s/test_init_pin", prefix); - p11_test (test_set_pin, "%s/test_set_pin", prefix); - p11_test (test_operation_state, "%s/test_operation_state", prefix); - p11_test (test_login_logout, "%s/test_login_logout", prefix); - p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); - p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); - p11_test (test_create_object, "%s/test_create_object", prefix); - p11_test (test_copy_object, "%s/test_copy_object", prefix); - p11_test (test_destroy_object, "%s/test_destroy_object", prefix); - p11_test (test_get_object_size, "%s/test_get_object_size", prefix); - p11_test (test_find_objects, "%s/test_find_objects", prefix); - p11_test (test_encrypt, "%s/test_encrypt", prefix); - p11_test (test_decrypt, "%s/test_decrypt", prefix); - p11_test (test_digest, "%s/test_digest", prefix); - p11_test (test_sign, "%s/test_sign", prefix); - p11_test (test_sign_recover, "%s/test_sign_recover", prefix); - p11_test (test_verify, "%s/test_verify", prefix); - p11_test (test_verify_recover, "%s/test_verify_recover", prefix); - p11_test (test_digest_encrypt, "%s/test_digest_encrypt", prefix); - p11_test (test_decrypt_digest, "%s/test_decrypt_digest", prefix); - p11_test (test_sign_encrypt, "%s/test_sign_encrypt", prefix); - p11_test (test_decrypt_verify, "%s/test_decrypt_verify", prefix); - p11_test (test_generate_key, "%s/test_generate_key", prefix); - p11_test (test_generate_key_pair, "%s/test_generate_key_pair", prefix); - p11_test (test_wrap_key, "%s/test_wrap_key", prefix); - p11_test (test_unwrap_key, "%s/test_unwrap_key", prefix); - p11_test (test_derive_key, "%s/test_derive_key", prefix); - p11_test (test_random, "%s/test_random", prefix); -} diff --git a/p11-kit/tests/test-modules.c b/p11-kit/tests/test-modules.c deleted file mode 100644 index f274502..0000000 --- a/p11-kit/tests/test-modules.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include - -#include "debug.h" -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "dict.h" - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - p11_kit_modules_finalize_and_release (modules); -} - -static void -test_no_duplicates (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - p11_dict *paths; - p11_dict *funcs; - char *path; - int i; - - modules = initialize_and_get_modules (); - paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - path = p11_kit_config_option (modules[i], "module"); - - if (p11_dict_get (funcs, modules[i])) - assert_fail ("found duplicate function list pointer", NULL); - if (p11_dict_get (paths, path)) - assert_fail ("found duplicate path name", NULL); - - if (!p11_dict_set (funcs, modules[i], "")) - assert_not_reached (); - if (!p11_dict_set (paths, path, "")) - assert_not_reached (); - - free (path); - } - - p11_dict_free (paths); - p11_dict_free (funcs); - finalize_and_free_modules (modules); -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - CK_FUNCTION_LIST_PTR module; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (module_name, name) == 0) - match = modules[i]; - free (module_name); - } - - /* - * As a side effect, we should check that the results of this function - * matches the above search. - */ - module = p11_kit_module_for_name (modules, name); - if (module != match) - assert_fail ("different result from p11_kit_module_for_name ()", NULL); - - return match; -} - -static void -test_disable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") != NULL); - finalize_and_free_modules (modules); - - /* - * The module two shouldn't have been loaded, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_disable_later (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module two shouldn't be matched, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - assert (lookup_module_with_name (modules, "two") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_enable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") == NULL); - finalize_and_free_modules (modules); - - /* - * The module three should be loaded here , because in its config - * file we have: - * - * enable-in: test-enable - */ - - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") != NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_priority (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - int i; - - /* - * The expected order. - * - four is marked with a priority of 4, the highest therefore first - * - three is marked with a priority of 3, next highest - * - one and two do not have priority marked, so they default to zero - * and fallback to sorting alphabetically. 'o' comes before 't' - */ - - const char *expected[] = { "four", "three", "one", "two.badname" }; - - /* This enables module three */ - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (name); - - /* Either one of these can be loaded, as this is a duplicate module */ - if (strcmp (name, "two-duplicate") == 0) { - free (name); - name = strdup ("two.badname"); - } - - assert_str_eq (expected[i], name); - free (name); - } - - assert_num_eq (4, i); - finalize_and_free_modules (modules); -} - -static void -test_module_name (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_FUNCTION_LIST_PTR module; - char *name; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - module = p11_kit_module_for_name (modules, "one"); - assert_ptr_not_null (module); - name = p11_kit_module_get_name (module); - assert_str_eq ("one", name); - free (name); - - module = p11_kit_module_for_name (modules, "invalid"); - assert_ptr_eq (NULL, module); - - module = p11_kit_module_for_name (NULL, "one"); - assert_ptr_eq (NULL, module); - - finalize_and_free_modules (modules); -} - -static void -test_module_flags (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST **unmanaged; - int flags; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - flags = p11_kit_module_get_flags (modules[0]); - assert_num_eq (0, flags); - - unmanaged = p11_kit_modules_load (NULL, P11_KIT_MODULE_UNMANAGED); - assert (unmanaged != NULL && unmanaged[0] != NULL); - - flags = p11_kit_module_get_flags (unmanaged[0]); - assert_num_eq (P11_KIT_MODULE_UNMANAGED, flags); - - finalize_and_free_modules (modules); - p11_kit_modules_release (unmanaged); -} - -static void -test_module_trusted_only (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - - modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); - assert_ptr_not_null (modules); - assert_ptr_not_null (modules[0]); - assert (modules[1] == NULL); - - name = p11_kit_module_get_name (modules[0]); - assert_str_eq (name, "one"); - free (name); - - assert_num_eq (p11_kit_module_get_flags (modules[0]), P11_KIT_MODULE_TRUSTED); - - finalize_and_free_modules (modules); -} - -static void -test_module_trust_flags (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - int flags; - int i; - - modules = initialize_and_get_modules (); - assert_ptr_not_null (modules); - - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (name); - - flags = p11_kit_module_get_flags (modules[i]); - if (strcmp (name, "one") == 0) { - assert_num_eq (flags, P11_KIT_MODULE_TRUSTED); - } else { - assert_num_eq (flags, 0); - } - - free (name); - } - - finalize_and_free_modules (modules); -} - -static void -test_config_option (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_FUNCTION_LIST_PTR module; - char *value; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - value = p11_kit_config_option (NULL, "new"); - assert_str_eq ("world", value); - free (value); - - module = p11_kit_module_for_name (modules, "one"); - assert_ptr_not_null (module); - - value = p11_kit_config_option (module, "setting"); - assert_str_eq ("user1", value); - free (value); - - value = p11_kit_config_option (NULL, "invalid"); - assert_ptr_eq (NULL, value); - - value = p11_kit_config_option (module, "invalid"); - assert_ptr_eq (NULL, value); - - /* Invalid but non-NULL module pointer */ - value = p11_kit_config_option (module + 1, "setting"); - assert_ptr_eq (NULL, value); - - finalize_and_free_modules (modules); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_no_duplicates, "/modules/test_no_duplicates"); - p11_test (test_disable, "/modules/test_disable"); - p11_test (test_disable_later, "/modules/test_disable_later"); - p11_test (test_enable, "/modules/test_enable"); - p11_test (test_priority, "/modules/test_priority"); - p11_test (test_module_name, "/modules/test_module_name"); - p11_test (test_module_flags, "/modules/test_module_flags"); - p11_test (test_config_option, "/modules/test_config_option"); - p11_test (test_module_trusted_only, "/modules/trusted-only"); - p11_test (test_module_trust_flags, "/modules/trust-flags"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-pin.c b/p11-kit/tests/test-pin.c deleted file mode 100644 index ebe3efc..0000000 --- a/p11-kit/tests/test-pin.c +++ /dev/null @@ -1,313 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "library.h" - -#include -#include -#include -#include -#include - -#include "p11-kit/pin.h" -#include "p11-kit/private.h" - -static P11KitPin * -callback_one (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, - P11KitPinFlags pin_flags, void *callback_data) -{ - int *data = callback_data; - assert (*data == 33); - return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("one"), 3, free); -} - -static P11KitPin* -callback_other (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, - P11KitPinFlags pin_flags, void *callback_data) -{ - char *data = callback_data; - return p11_kit_pin_new_for_string (data); -} - -static void -destroy_data (void *callback_data) -{ - int *data = callback_data; - (*data)++; -} - -static void -test_pin_register_unregister (void) -{ - int data = 33; - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - assert_num_eq (34, data); -} - -static void -test_pin_read (void) -{ - P11KitUri *uri; - P11KitPin *pin; - int data = 33; - size_t length; - const unsigned char *ptr; - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - uri = p11_kit_uri_new (); - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - p11_kit_uri_free (uri); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", 3) == 0); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - p11_kit_pin_unref (pin); -} - -static void -test_pin_read_no_match (void) -{ - P11KitUri *uri; - P11KitPin *pin; - - uri = p11_kit_uri_new (); - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - p11_kit_uri_free (uri); - - assert_ptr_eq (NULL, pin); -} - -static void -test_pin_register_duplicate (void) -{ - P11KitUri *uri; - P11KitPin *pin; - char *value = "secret"; - int data = 33; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - p11_kit_pin_register_callback ("/the/pin_source", callback_other, - value, NULL); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (6, length); - assert (memcmp (ptr, "secret", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, - value); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_eq (NULL, pin); - - p11_kit_uri_free (uri); -} - -static void -test_pin_register_fallback (void) -{ - char *value = "secret"; - P11KitUri *uri; - P11KitPin *pin; - int data = 33; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, callback_one, - &data, destroy_data); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_register_callback ("/the/pin_source", callback_other, - value, NULL); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (6, length); - assert (memcmp (ptr, "secret", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, - value); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, callback_one, - &data); - - p11_kit_uri_free (uri); -} - -static void -test_pin_file (void) -{ - P11KitUri *uri; - P11KitPin *pin; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL, NULL); - - pin = p11_kit_pin_request (SRCDIR "/files/test-pinfile", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (12, length); - assert (memcmp (ptr, "yogabbagabba", length) == 0); - p11_kit_pin_unref (pin); - - pin = p11_kit_pin_request (SRCDIR "/files/nonexistant", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_eq (NULL, pin); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL); - - p11_kit_uri_free (uri); -} - -static void -test_pin_file_large (void) -{ - P11KitUri *uri; - P11KitPin *pin; - int error; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL, NULL); - - pin = p11_kit_pin_request (SRCDIR "/files/test-pinfile-large", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - error = errno; - assert_ptr_eq (NULL, pin); - assert_num_eq (EFBIG, error); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL); - - p11_kit_uri_free (uri); -} - -static void -test_pin_ref_unref (void) -{ - P11KitPin *pin; - P11KitPin *check; - - pin = p11_kit_pin_new_for_string ("crack of lies"); - - check = p11_kit_pin_ref (pin); - assert_ptr_eq (pin, check); - - p11_kit_pin_unref (pin); - p11_kit_pin_unref (check); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_pin_register_unregister, "/pin/test_pin_register_unregister"); - p11_test (test_pin_read, "/pin/test_pin_read"); - p11_test (test_pin_read_no_match, "/pin/test_pin_read_no_match"); - p11_test (test_pin_register_duplicate, "/pin/test_pin_register_duplicate"); - p11_test (test_pin_register_fallback, "/pin/test_pin_register_fallback"); - p11_test (test_pin_file, "/pin/test_pin_file"); - p11_test (test_pin_file_large, "/pin/test_pin_file_large"); - p11_test (test_pin_ref_unref, "/pin/test_pin_ref_unref"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-progname.c b/p11-kit/tests/test-progname.c deleted file mode 100644 index 76b136d..0000000 --- a/p11-kit/tests/test-progname.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "library.h" - -#include -#include -#include -#include - -#include "p11-kit/uri.h" -#include "p11-kit/p11-kit.h" -#include "p11-kit/private.h" - -static void -test_progname_default (void) -{ - const char *progname; - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("test-progname", progname); -} - -static void -test_progname_set (void) -{ - const char *progname; - - p11_kit_set_progname ("love-generation"); - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("love-generation", progname); - - _p11_set_progname_unlocked (NULL); - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("test-progname", progname); -} - -/* Defined in util.c */ -extern char p11_my_progname[]; - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_progname_default, "/progname/test_progname_default"); - p11_test (test_progname_set, "/progname/test_progname_set"); - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-proxy.c b/p11-kit/tests/test-proxy.c deleted file mode 100644 index bf5007d..0000000 --- a/p11-kit/tests/test-proxy.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define CRYPTOKI_EXPORTS - -#include "config.h" -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "p11-kit.h" -#include "pkcs11.h" -#include "proxy.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -/* This is the proxy module entry point in proxy.c, and linked to this test */ -CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list); - -static CK_SLOT_ID mock_slot_one_id; -static CK_SLOT_ID mock_slot_two_id; -static CK_ULONG mock_slots_present; -static CK_ULONG mock_slots_all; - -static void -test_initialize_finalize (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_OK); - - p11_proxy_module_cleanup (); -} - -static void -test_initialize_multiple (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_proxy_module_cleanup (); -} - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_SLOT_ID slots[32]; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - mock_slots_all = 32; - rv = proxy->C_GetSlotList (CK_FALSE, slots, &mock_slots_all); - assert (rv == CKR_OK); - assert (mock_slots_all >= 2); - - /* Assume this is the slot we want to deal with */ - mock_slot_one_id = slots[0]; - mock_slot_two_id = slots[1]; - - rv = proxy->C_GetSlotList (CK_TRUE, NULL, &mock_slots_present); - assert (rv == CKR_OK); - assert (mock_slots_present > 1); - - if (session) { - rv = (proxy->C_OpenSession) (mock_slot_one_id, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return proxy; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = module->C_Finalize (NULL); - assert (rv == CKR_OK); -} - -/* - * We redefine the mock module slot id so that the tests in test-mock.c - * use the proxy mapped slot id rather than the hard coded one - */ -#define MOCK_SLOT_ONE_ID mock_slot_one_id -#define MOCK_SLOT_TWO_ID mock_slot_two_id -#define MOCK_SLOTS_PRESENT mock_slots_present -#define MOCK_SLOTS_ALL mock_slots_all -#define MOCK_INFO mock_info -#define MOCK_SKIP_WAIT_TEST - -static const CK_INFO mock_info = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - "PKCS#11 Kit ", - 0, - "PKCS#11 Kit Proxy Module ", - { 1, 1 } -}; - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - p11_kit_be_quiet (); - - p11_test (test_initialize_finalize, "/proxy/initialize-finalize"); - p11_test (test_initialize_multiple, "/proxy/initialize-multiple"); - - test_mock_add_tests ("/proxy"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-rpc.c b/p11-kit/tests/test-rpc.c deleted file mode 100644 index 0ce2c55..0000000 --- a/p11-kit/tests/test-rpc.c +++ /dev/null @@ -1,1061 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "library.h" -#include "message.h" -#include "mock.h" -#include "p11-kit.h" -#include "private.h" -#include "rpc.h" -#include "rpc-message.h" -#include "virtual.h" - -#include -#include -#include -#include -#include -#include - -static void -test_new_free (void) -{ - p11_buffer *buf; - - buf = p11_rpc_buffer_new (0); - - assert_ptr_not_null (buf->data); - assert_num_eq (0, buf->len); - assert_num_eq (0, buf->flags); - assert (buf->size == 0); - assert_ptr_not_null (buf->ffree); - assert_ptr_not_null (buf->frealloc); - - p11_rpc_buffer_free (buf); -} - -static void -test_uint16 (void) -{ - p11_buffer buffer; - uint16_t val = 0xFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (0xFFFF, val); - - p11_buffer_reset (&buffer, 0); - - ret = p11_rpc_buffer_set_uint16 (&buffer, 0, 0x6789); - assert_num_eq (false, ret); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint16 (&buffer, 0x6789); - assert_num_eq (9, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (9, next); - assert_num_eq (0x6789, val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint16_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x67\x89", 6, }; - uint16_t val = 0xFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint16 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (6, next); - assert_num_eq (0x6789, val); -} - -static void -test_uint32 (void) -{ - p11_buffer buffer; - uint32_t val = 0xFFFFFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (0xFFFFFFFF, val); - - p11_buffer_reset (&buffer, 0); - - ret = p11_rpc_buffer_set_uint32 (&buffer, 0, 0x12345678); - assert_num_eq (false, ret); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint32 (&buffer, 0x12345678); - assert_num_eq (11, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (11, next); - assert_num_eq (0x12345678, val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint32_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x23\x45\x67\x89", 8, }; - uint32_t val = 0xFFFFFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint32 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (8, next); - assert_num_eq (0x23456789, val); -} - -static void -test_uint64 (void) -{ - p11_buffer buffer; - uint64_t val = 0xFFFFFFFFFFFFFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); - assert_num_eq (0, ret); - assert_num_eq (0, next); - assert (0xFFFFFFFFFFFFFFFF == val); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint64 (&buffer, 0x0123456708ABCDEF); - assert_num_eq (15, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (15, next); - assert (0x0123456708ABCDEF == val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint64_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x89\x67\x45\x23\x11\x22\x33\x44", 12, }; - uint64_t val = 0xFFFFFFFFFFFFFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint64 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (12, next); - assert (0x8967452311223344 == val); -} - -static void -test_byte_array (void) -{ - p11_buffer buffer; - unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - /* Invalid read */ - - next = 0; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (~0, length); - - /* Test full array */ - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_byte_array (&buffer, bytes, 32); - assert_num_eq (43, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (43, next); - assert_num_eq (32, length); - assert (memcmp (val, bytes, 32) == 0); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_null (void) -{ - p11_buffer buffer; - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_byte_array (&buffer, NULL, 0); - assert_num_eq (11, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (11, next); - assert_num_eq (0, length); - assert_ptr_eq (NULL, (void*)val); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_too_long (void) -{ - p11_buffer buffer; - const unsigned char *val = NULL; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - assert (!p11_buffer_failed (&buffer)); - - /* Passing a too short buffer here shouldn't matter, as length is checked for sanity */ - p11_rpc_buffer_add_byte_array (&buffer, (unsigned char *)"", 0x9fffffff); - assert (p11_buffer_failed (&buffer)); - - /* Force write a too long byte arary to buffer */ - p11_buffer_reset (&buffer, 0); - p11_rpc_buffer_add_uint32 (&buffer, 0x9fffffff); - - next = 0; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (~0, length); - assert_ptr_eq (NULL, (void*)val); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_static (void) -{ - unsigned char data[] = { 'p', 'a', 'd', 0x00, 0x00, 0x00, 0x00, 0x20, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - p11_buffer buf = { data, 0x40, }; - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_byte_array (&buf, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (40, next); - assert_num_eq (32, length); - assert (memcmp (data + 8, val, 32) == 0); -} - -static p11_virtual base; -static pid_t rpc_initialized = 0; - -static CK_RV -rpc_initialize (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - pid_t pid = getpid (); - - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (pid, !=, rpc_initialized); - rpc_initialized = pid; - - return CKR_OK; -} - -static CK_RV -rpc_initialize_fails (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - pid_t pid = getpid (); - - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (pid, !=, rpc_initialized); - return CKR_FUNCTION_FAILED; -} - -static CK_RV -rpc_initialize_device_removed (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - pid_t pid = getpid (); - - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (pid, !=, rpc_initialized); - return CKR_DEVICE_REMOVED; -} - -static CK_RV -rpc_transport (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - bool ret; - - assert_str_eq (vtable->data, "vtable-data"); - - /* Just pass directly to the server code */ - ret = p11_rpc_server_handle (&base.funcs, request, response); - assert (ret == true); - - return CKR_OK; -} - -static void -rpc_finalize (p11_rpc_client_vtable *vtable, - void *fini_reserved) -{ - pid_t pid = getpid (); - - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (pid, ==, rpc_initialized); - rpc_initialized = 0; -} - -static void -test_initialize (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - pid_t pid = getpid (); - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = mixin.funcs.C_Initialize (&mixin.funcs, NULL); - assert (rv == CKR_OK); - assert_num_eq (pid, rpc_initialized); - - rv = mixin.funcs.C_Finalize (&mixin.funcs, NULL); - assert (rv == CKR_OK); - assert_num_cmp (pid, !=, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static void -test_not_initialized (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - CK_INFO info; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_GetInfo) (&mixin.funcs, &info); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_virtual_uninit (&mixin); -} - -static void -test_initialize_fails_on_client (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_FAILED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_fails (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - return CKR_FUNCTION_REJECTED; -} - -static void -test_transport_fails (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_REJECTED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static void -test_initialize_fails_on_server (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - base.funcs.C_Initialize = mock_X_Initialize__fails; - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_FAILED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_bad_parse (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - assert_str_eq (vtable->data, "vtable-data"); - - /* Just zero bytes is an invalid message */ - rc = p11_buffer_reset (response, 2); - assert (rc >= 0); - - memset (response->data, 0, 2); - response->len = 2; - return CKR_OK; -} - -static void -test_transport_bad_parse (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_short_error (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ - 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ - 0x00, 0x01, /* short error */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_short_error (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_invalid_error (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ - 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ - 0x00, 0x00, 0x00, 0x00, /* a CKR_OK error*/ - 0x00, 0x00, 0x00, 0x00, - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_invalid_error (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_wrong_response (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_Finalize */ - 0x00, 0x00, 0x00, 0x00, /* signature '' */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_wrong_response (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_bad_contents (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_GetInfo */ - 0x00, 0x00, 0x00, 0x05, /* signature 'vsusv' */ - 'v', 's', 'u', 's', 'v', - 0x00, 0x00, 0x00, 0x00, /* invalid data */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_bad_contents (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static p11_rpc_client_vtable test_normal_vtable = { - NULL, - rpc_initialize, - rpc_transport, - rpc_finalize, -}; - -static p11_rpc_client_vtable test_device_removed_vtable = { - NULL, - rpc_initialize_device_removed, - rpc_transport, - rpc_finalize, -}; - -static void -mixin_free (void *data) -{ - p11_virtual *mixin = data; - p11_virtual_uninit (mixin); - free (mixin); -} - -static CK_FUNCTION_LIST_PTR -setup_test_rpc_module (p11_rpc_client_vtable *vtable, - CK_FUNCTION_LIST *module_template, - CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST *rpc_module; - p11_virtual *mixin; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, module_template, NULL); - - mixin = calloc (1, sizeof (p11_virtual)); - assert (mixin != NULL); - - vtable->data = "vtable-data"; - if (!p11_rpc_client_init (mixin, vtable)) - assert_not_reached (); - - rpc_module = p11_virtual_wrap (mixin, mixin_free); - assert_ptr_not_null (rpc_module); - - rv = p11_kit_module_initialize (rpc_module); - assert (rv == CKR_OK); - - if (session) { - rv = (rpc_module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return rpc_module; -} - -static CK_FUNCTION_LIST * -setup_mock_module (CK_SESSION_HANDLE *session) -{ - return setup_test_rpc_module (&test_normal_vtable, &mock_module, session); -} - -static void -teardown_mock_module (CK_FUNCTION_LIST *rpc_module) -{ - p11_kit_module_finalize (rpc_module); - p11_virtual_unwrap (rpc_module); -} - -static void -test_get_info_stand_in (void) -{ - CK_FUNCTION_LIST_PTR rpc_module; - CK_INFO info; - CK_RV rv; - char *string; - - rpc_module = setup_test_rpc_module (&test_device_removed_vtable, - &mock_module_no_slots, NULL); - - rv = (rpc_module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - assert_num_eq (CRYPTOKI_VERSION_MAJOR, info.cryptokiVersion.major); - assert_num_eq (CRYPTOKI_VERSION_MINOR, info.cryptokiVersion.minor); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("p11-kit", string); - free (string); - string = p11_kit_space_strdup (info.libraryDescription, sizeof (info.libraryDescription)); - assert_str_eq ("p11-kit (no connection)", string); - free (string); - assert_num_eq (0, info.flags); - assert_num_eq (1, info.libraryVersion.major); - assert_num_eq (1, info.libraryVersion.minor); - - teardown_mock_module (rpc_module); -} - -static void -test_get_slot_list_no_device (void) -{ - CK_FUNCTION_LIST_PTR rpc_module; - CK_SLOT_ID slot_list[8]; - CK_ULONG count; - CK_RV rv; - - rpc_module = setup_test_rpc_module (&test_device_removed_vtable, - &mock_module_no_slots, NULL); - - rv = (rpc_module->C_GetSlotList) (CK_TRUE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - rv = (rpc_module->C_GetSlotList) (CK_FALSE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - count = 8; - rv = (rpc_module->C_GetSlotList) (CK_TRUE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - count = 8; - rv = (rpc_module->C_GetSlotList) (CK_FALSE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - teardown_mock_module (rpc_module); -} - -static void * -invoke_in_thread (void *arg) -{ - CK_FUNCTION_LIST *rpc_module = arg; - CK_INFO info; - CK_RV rv; - - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - - assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, - sizeof (info.manufacturerID)) == 0); - - return NULL; -} - -static p11_mutex_t delay_mutex; - -static CK_RV -delayed_C_GetInfo (CK_INFO_PTR info) -{ - CK_RV rv; - - p11_sleep_ms (rand () % 100); - - p11_mutex_lock (&delay_mutex); - rv = mock_C_GetInfo (info); - p11_mutex_unlock (&delay_mutex); - - return rv; -} - -static void -test_simultaneous_functions (void) -{ - CK_FUNCTION_LIST real_module; - CK_FUNCTION_LIST *rpc_module; - const int num_threads = 128; - p11_thread_t threads[num_threads]; - int i, ret; - - p11_mutex_init (&delay_mutex); - - memcpy (&real_module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - real_module.C_GetInfo = delayed_C_GetInfo; - - rpc_module = setup_test_rpc_module (&test_normal_vtable, - &real_module, NULL); - - /* Make the invoked function (above) wait */ - p11_mutex_lock (&delay_mutex); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (threads + i, invoke_in_thread, rpc_module); - assert_num_eq (0, ret); - } - - /* Let the invoked functions return */ - p11_mutex_unlock (&delay_mutex); - - for (i = 0; i < num_threads; i++) - p11_thread_join (threads[i]); - - teardown_mock_module (rpc_module); - p11_mutex_uninit (&delay_mutex); -} - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST *rpc_module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - rpc_module = setup_test_rpc_module (&test_normal_vtable, - &mock_module_no_slots, NULL); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (rpc_module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (rpc_module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - teardown_mock_module (rpc_module); -} - -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - CK_MECHANISM_TYPE mechanisms[] = { - CKM_MOCK_CAPITALIZE, - CKM_MOCK_PREFIX, - CKM_MOCK_GENERATE, - CKM_MOCK_WRAP, - CKM_MOCK_DERIVE, - CKM_MOCK_COUNT, - 0, - }; - - mock_module_init (); - p11_library_init (); - - /* Override the mechanisms that the RPC mechanism will handle */ - p11_rpc_mechanisms_override_supported = mechanisms; - - p11_test (test_new_free, "/rpc/new-free"); - p11_test (test_uint16, "/rpc/uint16"); - p11_test (test_uint16_static, "/rpc/uint16-static"); - p11_test (test_uint32, "/rpc/uint32"); - p11_test (test_uint32_static, "/rpc/uint32-static"); - p11_test (test_uint64, "/rpc/uint64"); - p11_test (test_uint64_static, "/rpc/uint64-static"); - p11_test (test_byte_array, "/rpc/byte-array"); - p11_test (test_byte_array_null, "/rpc/byte-array-null"); - p11_test (test_byte_array_too_long, "/rpc/byte-array-too-long"); - p11_test (test_byte_array_static, "/rpc/byte-array-static"); - - p11_test (test_initialize_fails_on_client, "/rpc/initialize-fails-on-client"); - p11_test (test_initialize_fails_on_server, "/rpc/initialize-fails-on-server"); - p11_test (test_initialize, "/rpc/initialize"); - p11_test (test_not_initialized, "/rpc/not-initialized"); - p11_test (test_transport_fails, "/rpc/transport-fails"); - p11_test (test_transport_bad_parse, "/rpc/transport-bad-parse"); - p11_test (test_transport_short_error, "/rpc/transport-short-error"); - p11_test (test_transport_invalid_error, "/rpc/transport-invalid-error"); - p11_test (test_transport_wrong_response, "/rpc/transport-wrong-response"); - p11_test (test_transport_bad_contents, "/rpc/transport-bad-contents"); - p11_test (test_get_info_stand_in, "/rpc/get-info-stand-in"); - p11_test (test_get_slot_list_no_device, "/rpc/get-slot-list-no-device"); - p11_test (test_simultaneous_functions, "/rpc/simultaneous-functions"); - p11_test (test_fork_and_reinitialize, "/rpc/fork-and-reinitialize"); - - test_mock_add_tests ("/rpc"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-transport.c b/p11-kit/tests/test-transport.c deleted file mode 100644 index 4656d34..0000000 --- a/p11-kit/tests/test-transport.c +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "path.h" -#include "private.h" -#include "p11-kit.h" -#include "rpc.h" - -#include -#include -#include -#include - -struct { - char *directory; - char *user_config; - char *user_modules; -} test; - -static void -setup_remote (void *unused) -{ - const char *data; - - test.directory = p11_test_directory ("p11-test-config"); - test.user_modules = p11_path_build (test.directory, "modules", NULL); - if (mkdir (test.user_modules, 0700) < 0) - assert_not_reached (); - - data = "user-config: only\n"; - test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); - p11_test_file_write (NULL, test.user_config, data, strlen (data)); - - data = "remote: |" BUILDDIR "/../p11-kit remote " BUILDDIR "/.libs/mock-two.so\n"; - p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); - - p11_config_user_modules = test.user_modules; - p11_config_user_file = test.user_config; -} - -static void -teardown_remote (void *unused) -{ - p11_test_directory_delete (test.user_modules); - p11_test_directory_delete (test.directory); - - free (test.directory); - free (test.user_config); - free (test.user_modules); -} - -static CK_FUNCTION_LIST * -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - int i; - - setup_remote (NULL); - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - /* Release all the other modules */ - for (i = 0; modules[i] != NULL; i++) { - if (modules[i] != module) - p11_kit_module_release (modules[i]); - } - - free (modules); - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST *module) -{ - p11_kit_module_finalize (module); - teardown_remote (NULL); -} - -static void -test_basic_exec (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -static void * -invoke_in_thread (void *arg) -{ - CK_FUNCTION_LIST *rpc_module = arg; - CK_INFO info; - CK_RV rv; - - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - - assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, - sizeof (info.manufacturerID)) == 0); - - return NULL; -} - -static void -test_simultaneous_functions (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - const int num_threads = 128; - p11_thread_t threads[num_threads]; - int i, ret; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (threads + i, invoke_in_thread, module); - assert_num_eq (0, ret); - } - - for (i = 0; i < num_threads; i++) - p11_thread_join (threads[i]); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - - -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - CK_MECHANISM_TYPE mechanisms[] = { - CKM_MOCK_CAPITALIZE, - CKM_MOCK_PREFIX, - CKM_MOCK_GENERATE, - CKM_MOCK_WRAP, - CKM_MOCK_DERIVE, - CKM_MOCK_COUNT, - 0, - }; - - p11_library_init (); - - /* Override the mechanisms that the RPC mechanism will handle */ - p11_rpc_mechanisms_override_supported = mechanisms; - - p11_fixture (setup_remote, teardown_remote); - p11_test (test_basic_exec, "/transport/basic"); - p11_test (test_simultaneous_functions, "/transport/simultaneous-functions"); - p11_test (test_fork_and_reinitialize, "/transport/fork-and-reinitialize"); - - test_mock_add_tests ("/transport"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-uri.c b/p11-kit/tests/test-uri.c deleted file mode 100644 index 9b5b293..0000000 --- a/p11-kit/tests/test-uri.c +++ /dev/null @@ -1,1314 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "message.h" - -#include -#include -#include -#include - -#include "p11-kit/uri.h" -#include "p11-kit/private.h" - -static int -is_module_empty (P11KitUri *uri) -{ - CK_INFO_PTR info = p11_kit_uri_get_module_info (uri); - return (info->libraryDescription[0] == 0 && - info->manufacturerID[0] == 0 && - info->libraryVersion.major == (CK_BYTE)-1 && - info->libraryVersion.minor == (CK_BYTE)-1); -} - -static int -is_token_empty (P11KitUri *uri) -{ - CK_TOKEN_INFO_PTR token = p11_kit_uri_get_token_info (uri); - return (token->serialNumber[0] == 0 && - token->manufacturerID[0] == 0 && - token->label[0] == 0 && - token->model[0] == 0); -} - -static int -are_attributes_empty (P11KitUri *uri) -{ - return (p11_kit_uri_get_attribute (uri, CKA_LABEL) == NULL && - p11_kit_uri_get_attribute (uri, CKA_ID) == NULL && - p11_kit_uri_get_attribute (uri, CKA_CLASS) == NULL); -} - -static void -test_uri_parse (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (is_module_empty (uri)); - assert (is_token_empty (uri)); - assert (are_attributes_empty (uri)); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_bad_scheme (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SCHEME, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (is_module_empty (uri)); - assert (is_token_empty (uri)); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label_and_klass (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;object-type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_empty_label (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=;object-type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - - p11_kit_uri_free (uri); - - /* really empty */ - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object-type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert (attr == NULL); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_empty_id (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:id=;object-type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert_ptr_not_null (attr); - - p11_kit_uri_free (uri); - - /* really empty */ - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object-type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert (attr == NULL); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_id (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* Note that there's a NULL in the attribute (end) */ - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 5); - assert (memcmp (attr->pValue, "TEST", 5) == 0); - - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_string_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_hex_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static bool -is_space_string (CK_UTF8CHAR_PTR string, CK_ULONG size, const char *check) -{ - size_t i, len = strlen (check); - if (len > size) - return false; - if (memcmp (string, check, len) != 0) - return false; - for (i = len; i < size; ++i) - if (string[i] != ' ') - return false; - return true; -} - -static void -test_uri_parse_with_token (void) -{ - P11KitUri *uri = NULL; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me", - P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - token = p11_kit_uri_get_token_info (uri); - assert (is_space_string (token->label, sizeof (token->label), "Token Label")); - assert (is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333")); - assert (is_space_string (token->model, sizeof (token->model), "Deluxe")); - assert (is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_token_bad_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_syntax (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_spaces (void) -{ - P11KitUri *uri = NULL; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkc\ns11: lib rary-desc\rrip \n tion =The%20Library;\n\n\nlibrary-manufacturer=\rMe", - P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - - assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); - assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); - - p11_kit_uri_free (uri); -} - - -static void -test_uri_parse_with_library (void) -{ - P11KitUri *uri = NULL; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me", - P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - - assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); - assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_library_bad_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_build_empty (void) -{ - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_str_eq ("pkcs11:", string); - free (string); - - p11_kit_uri_free (uri); -} - -static void -set_space_string (CK_BYTE_PTR buffer, CK_ULONG length, const char *string) -{ - size_t len = strlen (string); - assert (len <= length); - memset (buffer, ' ', length); - memcpy (buffer, string, len); -} - -static void -test_uri_build_with_token_info (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), "The Label"); - set_space_string (token->serialNumber, sizeof (token->serialNumber), "44444"); - set_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"); - set_space_string (token->model, sizeof (token->model), "Deluxe"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_ptr_not_null (string); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_TOKEN, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri)); - - p11_kit_uri_free (uri); - p11_kit_uri_free (check); - - assert (strstr (string, "token=The%20Label") != NULL); - assert (strstr (string, "serial=44444") != NULL); - assert (strstr (string, "manufacturer=Me") != NULL); - assert (strstr (string, "model=Deluxe") != NULL); - - free (string); -} - -static void -test_uri_build_with_token_null_info (void) -{ - char *string = NULL; - P11KitUri *uri; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), "The Label"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (strstr (string, "token=The%20Label") != NULL); - assert (strstr (string, "serial=") == NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_token_empty_info (void) -{ - char *string = NULL; - P11KitUri *uri; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), ""); - set_space_string (token->serialNumber, sizeof (token->serialNumber), ""); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (strstr (string, "token=") != NULL); - assert (strstr (string, "serial=") != NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_attributes (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE_PTR attr; - CK_ATTRIBUTE at; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - at.type = CKA_LABEL; - at.pValue = "The Label"; - at.ulValueLen = 9; - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - at.type = CKA_ID; - at.pValue = "HELLO"; - at.ulValueLen = 5; - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - klass = CKO_DATA; - at.type = CKA_CLASS; - at.pValue = &klass; - at.ulValueLen = sizeof (klass); - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_ANY, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (check, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 9); - assert (memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (check, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (klass)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == klass); - - attr = p11_kit_uri_get_attribute (check, CKA_ID); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 5); - assert (memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0); - - p11_kit_uri_free (check); - - assert (strstr (string, "object=The%20Label") != NULL); - assert (strstr (string, "object-type=data") != NULL); - assert (strstr (string, "id=%48%45%4c%4c%4f") != NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_private_key (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object-type=private", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_secret_key (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object-type=secret-key", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_library_version (void) -{ - P11KitUri *uri; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - assert_num_eq (2, info->libraryVersion.major); - assert_num_eq (101, info->libraryVersion.minor); - - ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - assert_num_eq (23, info->libraryVersion.major); - assert_num_eq (0, info->libraryVersion.minor); - - ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_parse_unknown_object_type (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object-type=unknown", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_eq (NULL, attr); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_too_long_is_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with", - P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_free (uri); -} - - - -static void -test_uri_build_object_type_cert (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_CERTIFICATE; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "object-type=cert") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_private (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_PRIVATE_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "object-type=private") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_public (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_PUBLIC_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "object-type=public") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_secret (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_SECRET_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "object-type=secret-key") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_with_library (void) -{ - CK_INFO_PTR info; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - info = p11_kit_uri_get_module_info (uri); - set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "library-description=The%20Description") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_library_version (void) -{ - CK_INFO_PTR info; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - info = p11_kit_uri_get_module_info (uri); - info->libraryVersion.major = 2; - info->libraryVersion.minor = 10; - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "library-version=2.10") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_get_set_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_set_unrecognized (uri, 0); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_token (void) -{ - CK_TOKEN_INFO token; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - set_space_string (token.label, sizeof (token.label), "A label"); - set_space_string (token.model, sizeof (token.model), "Giselle"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (1, ret); - - set_space_string (token.label, sizeof (token.label), "Another label"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (1, ret); - - set_space_string (token.model, sizeof (token.model), "Zoolander"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_module (void) -{ - CK_INFO info; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet"); - set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone else"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Leise"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_version (void) -{ - CK_INFO info; - P11KitUri *uri; - int ret; - - memset (&info, 0, sizeof (info)); - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-version=5.8", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info.libraryVersion.major = 5; - info.libraryVersion.minor = 8; - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - info.libraryVersion.major = 2; - info.libraryVersion.minor = 3; - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_attributes (void) -{ - CK_ATTRIBUTE attrs[4]; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - int ret; - - attrs[0].type = CKA_ID; - attrs[0].pValue = "Blah"; - attrs[0].ulValueLen = 4; - - attrs[1].type = CKA_LABEL; - attrs[1].pValue = "Junk"; - attrs[1].ulValueLen = 4; - - attrs[2].type = CKA_COLOR; - attrs[2].pValue = "blue"; - attrs[2].ulValueLen = 4; - - klass = CKO_DATA; - attrs[3].type = CKA_CLASS; - attrs[3].pValue = &klass; - attrs[3].ulValueLen = sizeof (klass); - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;object-type=data", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (0, ret); - - attrs[1].pValue = "Fancy"; - attrs[1].ulValueLen = 5; - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - p11_kit_uri_clear_attribute (uri, CKA_CLASS); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - attrs[2].pValue = "pink"; - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_get_set_attribute (void) -{ - CK_ATTRIBUTE attr; - CK_ATTRIBUTE_PTR ptr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_eq (NULL, ptr); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_clear_attribute (uri, CKA_COLOR); - assert_num_eq (P11_KIT_URI_NOT_FOUND, ret); - - attr.type = CKA_LABEL; - attr.pValue = "Test"; - attr.ulValueLen = 4; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* We can set other attributes */ - attr.type = CKA_COLOR; - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* And get them too */ - ptr = p11_kit_uri_get_attribute (uri, CKA_COLOR); - assert_ptr_not_null (ptr); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (ptr); - - assert (ptr->type == CKA_LABEL); - assert (ptr->ulValueLen == 4); - assert (memcmp (ptr->pValue, "Test", 4) == 0); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_eq (NULL, ptr); - - p11_kit_uri_free (uri); -} - -static void -test_uri_get_set_attributes (void) -{ - CK_ATTRIBUTE_PTR attrs; - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE attr; - CK_ULONG n_attrs; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (0, n_attrs); - - attr.type = CKA_LABEL; - attr.pValue = "Test"; - attr.ulValueLen = 4; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 4); - assert (memcmp (attrs[0].pValue, "Test", 4) == 0); - - attr.type = CKA_LABEL; - attr.pValue = "Kablooey"; - attr.ulValueLen = 8; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 8); - assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); - - klass = CKO_DATA; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (2, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 8); - assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); - assert (attrs[1].type == CKA_CLASS); - assert (attrs[1].ulValueLen == sizeof (klass)); - assert (memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_CLASS); - assert (attrs[0].ulValueLen == sizeof (klass)); - assert (memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0); - - attr.type = CKA_LABEL; - attr.pValue = "Three"; - attr.ulValueLen = 5; - - ret = p11_kit_uri_set_attributes (uri, &attr, 1); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 5); - assert (memcmp (attrs[0].pValue, "Three", 5) == 0); - - p11_kit_uri_clear_attributes (uri); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (0, n_attrs); - - p11_kit_uri_free (uri); -} -static void -test_uri_pin_source (void) -{ - P11KitUri *uri; - const char *pin_source; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - p11_kit_uri_set_pin_source (uri, "|my-pin-source"); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("|my-pin-source", pin_source); - - pin_source = p11_kit_uri_get_pinfile (uri); - assert_str_eq ("|my-pin-source", pin_source); - - p11_kit_uri_set_pinfile (uri, "|my-pin-file"); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("|my-pin-file", pin_source); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "pin-source=%7cmy-pin-file") != NULL); - free (string); - - ret = p11_kit_uri_parse ("pkcs11:pin-source=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("blah/blah", pin_source); - - p11_kit_uri_free (uri); -} - -static void -test_uri_free_null (void) -{ - p11_kit_uri_free (NULL); -} - -static void -test_uri_message (void) -{ - assert (p11_kit_uri_message (P11_KIT_URI_OK) == NULL); - assert_ptr_not_null (p11_kit_uri_message (P11_KIT_URI_UNEXPECTED)); - assert_ptr_not_null (p11_kit_uri_message (-555555)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_uri_parse, "/uri/test_uri_parse"); - p11_test (test_uri_parse_bad_scheme, "/uri/test_uri_parse_bad_scheme"); - p11_test (test_uri_parse_with_label, "/uri/test_uri_parse_with_label"); - p11_test (test_uri_parse_with_empty_label, "/uri/test_uri_parse_with_empty_label"); - p11_test (test_uri_parse_with_empty_id, "/uri/test_uri_parse_with_empty_id"); - p11_test (test_uri_parse_with_label_and_klass, "/uri/test_uri_parse_with_label_and_klass"); - p11_test (test_uri_parse_with_id, "/uri/test_uri_parse_with_id"); - p11_test (test_uri_parse_with_bad_string_encoding, "/uri/test_uri_parse_with_bad_string_encoding"); - p11_test (test_uri_parse_with_bad_hex_encoding, "/uri/test_uri_parse_with_bad_hex_encoding"); - p11_test (test_uri_parse_with_token, "/uri/test_uri_parse_with_token"); - p11_test (test_uri_parse_with_token_bad_encoding, "/uri/test_uri_parse_with_token_bad_encoding"); - p11_test (test_uri_parse_with_bad_syntax, "/uri/test_uri_parse_with_bad_syntax"); - p11_test (test_uri_parse_with_spaces, "/uri/test_uri_parse_with_spaces"); - p11_test (test_uri_parse_with_library, "/uri/test_uri_parse_with_library"); - p11_test (test_uri_parse_with_library_bad_encoding, "/uri/test_uri_parse_with_library_bad_encoding"); - p11_test (test_uri_build_empty, "/uri/test_uri_build_empty"); - p11_test (test_uri_build_with_token_info, "/uri/test_uri_build_with_token_info"); - p11_test (test_uri_build_with_token_null_info, "/uri/test_uri_build_with_token_null_info"); - p11_test (test_uri_build_with_token_empty_info, "/uri/test_uri_build_with_token_empty_info"); - p11_test (test_uri_build_with_attributes, "/uri/test_uri_build_with_attributes"); - p11_test (test_uri_parse_private_key, "/uri/test_uri_parse_private_key"); - p11_test (test_uri_parse_secret_key, "/uri/test_uri_parse_secret_key"); - p11_test (test_uri_parse_library_version, "/uri/test_uri_parse_library_version"); - p11_test (test_uri_parse_parse_unknown_object_type, "/uri/test_uri_parse_parse_unknown_object_type"); - p11_test (test_uri_parse_unrecognized, "/uri/test_uri_parse_unrecognized"); - p11_test (test_uri_parse_too_long_is_unrecognized, "/uri/test_uri_parse_too_long_is_unrecognized"); - p11_test (test_uri_build_object_type_cert, "/uri/test_uri_build_object_type_cert"); - p11_test (test_uri_build_object_type_private, "/uri/test_uri_build_object_type_private"); - p11_test (test_uri_build_object_type_public, "/uri/test_uri_build_object_type_public"); - p11_test (test_uri_build_object_type_secret, "/uri/test_uri_build_object_type_secret"); - p11_test (test_uri_build_with_library, "/uri/test_uri_build_with_library"); - p11_test (test_uri_build_library_version, "/uri/test_uri_build_library_version"); - p11_test (test_uri_get_set_unrecognized, "/uri/test_uri_get_set_unrecognized"); - p11_test (test_uri_match_token, "/uri/test_uri_match_token"); - p11_test (test_uri_match_module, "/uri/test_uri_match_module"); - p11_test (test_uri_match_version, "/uri/test_uri_match_version"); - p11_test (test_uri_match_attributes, "/uri/test_uri_match_attributes"); - p11_test (test_uri_get_set_attribute, "/uri/test_uri_get_set_attribute"); - p11_test (test_uri_get_set_attributes, "/uri/test_uri_get_set_attributes"); - p11_test (test_uri_pin_source, "/uri/test_uri_pin_source"); - p11_test (test_uri_free_null, "/uri/test_uri_free_null"); - p11_test (test_uri_message, "/uri/test_uri_message"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-util.c b/p11-kit/tests/test-util.c deleted file mode 100644 index 0e579cd..0000000 --- a/p11-kit/tests/test-util.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "p11-kit.h" - -#include -#include - -static void -test_space_strlen (void) -{ - assert_num_eq (4, p11_kit_space_strlen ((const unsigned char *)"Test ", 20)); - assert_num_eq (20, p11_kit_space_strlen ((const unsigned char *)"01234567890123456789", 20)); - assert_num_eq (0, p11_kit_space_strlen ((const unsigned char *)" ", 20)); -} - -int -main (int argc, - char *argv[]) -{ - putenv ("P11_KIT_STRICT=1"); - - p11_test (test_space_strlen, "/util/space-strlen"); - return p11_test_run (argc, argv); -} diff --git a/p11-kit/tests/test-virtual.c b/p11-kit/tests/test-virtual.c deleted file mode 100644 index 73777d3..0000000 --- a/p11-kit/tests/test-virtual.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "virtual.h" - -#include "test.h" - -#include "mock.h" - -#include -#include -#include -#include -#include - -/* - * test-managed.c is a pretty good test of the closure code, so we - * just test a few things here. - */ - -typedef struct { - p11_virtual virt; - void *check; -} Override; - -static CK_RV -override_initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR args) -{ - Override *over = (Override *)self; - - assert_str_eq ("initialize-arg", args); - assert_str_eq ("overide-arg", over->check); - - /* An arbitrary error code to check */ - return CKR_NEED_TO_CREATE_THREADS; -} - -static bool test_destroyed = false; - -static void -test_destroyer (void *data) -{ - assert (data == &mock_x_module_no_slots); - assert (test_destroyed == false); - test_destroyed = true; -} - -static void -test_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - Override over = { }; - CK_RV rv; - - p11_virtual_init (&over.virt, &p11_virtual_stack, &mock_x_module_no_slots, test_destroyer); - over.virt.funcs.C_Initialize = override_initialize; - over.check = "overide-arg"; - test_destroyed = false; - - module = p11_virtual_wrap (&over.virt, (p11_destroyer)p11_virtual_uninit); - assert_ptr_not_null (module); - - rv = (module->C_Initialize) ("initialize-arg"); - assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); - - p11_virtual_unwrap (module); - assert_num_eq (true, test_destroyed); -} - -static void -test_fall_through (void) -{ - CK_FUNCTION_LIST_PTR module; - Override over = { }; - p11_virtual base; - CK_RV rv; - - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - p11_virtual_init (&over.virt, &p11_virtual_stack, &base, NULL); - over.virt.funcs.C_Initialize = override_initialize; - over.check = "overide-arg"; - - module = p11_virtual_wrap (&over.virt, NULL); - assert_ptr_not_null (module); - - rv = (module->C_Initialize) ("initialize-arg"); - assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); - - /* All other functiosn should have just fallen through */ - assert_ptr_eq (mock_module_no_slots.C_Finalize, module->C_Finalize); - - p11_virtual_unwrap (module); -} - -static void -test_get_function_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_FUNCTION_LIST_PTR list; - p11_virtual virt; - CK_RV rv; - - p11_virtual_init (&virt, &p11_virtual_base, &mock_x_module_no_slots, NULL); - module = p11_virtual_wrap (&virt, NULL); - assert_ptr_not_null (module); - - rv = (module->C_GetFunctionList) (&list); - assert_num_eq (CKR_OK, rv); - assert_ptr_eq (module, list); - - rv = (module->C_GetFunctionList) (&list); - assert_num_eq (CKR_OK, rv); - - rv = (module->C_GetFunctionList) (NULL); - assert_num_eq (CKR_ARGUMENTS_BAD, rv); - - p11_virtual_unwrap (module); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - p11_library_init (); - - assert (p11_virtual_can_wrap ()); - p11_test (test_initialize, "/virtual/test_initialize"); - p11_test (test_fall_through, "/virtual/test_fall_through"); - p11_test (test_get_function_list, "/virtual/test_get_function_list"); - - return p11_test_run (argc, argv); -} diff --git a/trust/Makefile.am b/trust/Makefile.am index d6d291f..322f812 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -1,50 +1,35 @@ -include $(top_srcdir)/build/Makefile.decl - -SUBDIRS = . tests - -COMMON = $(top_srcdir)/common - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(top_srcdir)/common \ - -DDATADIR=\"$(datadir)\" \ - -DSYSCONFDIR=\"$(sysconfdir)\" \ - -DPRIVATEDIR=\"$(privatedir)\" \ - $(LIBTASN1_CFLAGS) \ - $(NULL) - -noinst_LTLIBRARIES = \ +noinst_LTLIBRARIES += \ libtrust-testable.la \ libtrust-data.la libtrust_data_la_SOURCES = \ - asn1.c asn1.h \ - basic.asn basic.asn.h \ - base64.c base64.h \ - pem.c pem.h \ - pkix.asn pkix.asn.h \ - oid.c oid.h \ - openssl.asn openssl.asn.h \ - utf8.c utf8.h \ - x509.c x509.h \ + trust/asn1.c trust/asn1.h \ + trust/basic.asn trust/basic.asn.h \ + trust/base64.c trust/base64.h \ + trust/pem.c trust/pem.h \ + trust/pkix.asn trust/pkix.asn.h \ + trust/oid.c trust/oid.h \ + trust/openssl.asn trust/openssl.asn.h \ + trust/utf8.c trust/utf8.h \ + trust/x509.c trust/x509.h \ $(NULL) -MODULE_SRCS = \ - builder.c builder.h \ - digest.c digest.h \ - index.c index.h \ - parser.c parser.h \ - persist.c persist.h \ - module.c module.h \ - save.c save.h \ - session.c session.h \ - token.c token.h \ - types.h \ +TRUST_SRCS = \ + trust/builder.c trust/builder.h \ + trust/digest.c trust/digest.h \ + trust/index.c trust/index.h \ + trust/parser.c trust/parser.h \ + trust/persist.c trust/persist.h \ + trust/module.c trust/module.h \ + trust/save.c trust/save.h \ + trust/session.c trust/session.h \ + trust/token.c trust/token.h \ + trust/types.h \ $(NULL) configdir = $(p11_package_config_modules) -config_DATA = p11-kit-trust.module +config_DATA = trust/p11-kit-trust.module moduledir = $(p11_module_path) module_LTLIBRARIES = \ @@ -55,8 +40,8 @@ p11_kit_trust_la_CFLAGS = \ p11_kit_trust_la_LIBADD = \ libtrust-data.la \ - $(top_builddir)/common/libp11-library.la \ - $(top_builddir)/common/libp11-common.la \ + libp11-library.la \ + libp11-common.la \ $(LIBTASN1_LIBS) \ $(HASH_LIBS) \ $(NULL) @@ -67,57 +52,205 @@ p11_kit_trust_la_LDFLAGS = \ -export-symbols-regex 'C_GetFunctionList' \ $(NULL) -p11_kit_trust_la_SOURCES = $(MODULE_SRCS) +p11_kit_trust_la_SOURCES = $(TRUST_SRCS) libtrust_testable_la_LDFLAGS = \ -no-undefined -libtrust_testable_la_SOURCES = $(MODULE_SRCS) +libtrust_testable_la_SOURCES = $(TRUST_SRCS) -bin_PROGRAMS = \ - trust +bin_PROGRAMS += trust/trust -trust_LDADD = \ +trust_trust_LDADD = \ libtrust-data.la \ - $(top_builddir)/p11-kit/libp11-kit.la \ - $(top_builddir)/common/libp11-common.la \ - $(top_builddir)/common/libp11-tool.la \ + libp11-kit.la \ + libp11-common.la \ + libp11-tool.la \ $(LTLIBINTL) \ $(LIBTASN1_LIBS) \ $(HASH_LIBS) \ $(NULL) -trust_CFLAGS = \ - -I$(top_srcdir)/p11-kit \ +trust_trust_CFLAGS = \ -DP11_KIT_FUTURE_UNSTABLE_API \ $(LIBTASN1_CFLAGS) \ $(NULL) -trust_SOURCES = \ - anchor.c anchor.h \ - parser.c parser.h \ - persist.c persist.h \ - digest.c digest.h \ - enumerate.c enumerate.h \ - extract.c extract.h \ - extract-jks.c \ - extract-openssl.c \ - extract-pem.c \ - extract-cer.c \ - list.c list.h \ - openssl.asn openssl.asn.h \ - save.c save.h \ - trust.c \ +trust_trust_SOURCES = \ + trust/anchor.c trust/anchor.h \ + trust/parser.c trust/parser.h \ + trust/persist.c trust/persist.h \ + trust/digest.c trust/digest.h \ + trust/enumerate.c trust/enumerate.h \ + trust/extract.c trust/extract.h \ + trust/extract-jks.c \ + trust/extract-openssl.c \ + trust/extract-pem.c \ + trust/extract-cer.c \ + trust/list.c trust/list.h \ + trust/openssl.asn trust/openssl.asn.h \ + trust/save.c trust/save.h \ + trust/trust.c \ $(NULL) externaldir = $(privatedir) external_SCRIPTS = \ - trust-extract-compat + trust/trust-extract-compat -EXTRA_DIST = \ - p11-kit-trust.module +EXTRA_DIST += \ + trust/p11-kit-trust.module asn: - asn1Parser -o pkix.asn.h pkix.asn - asn1Parser -o openssl.asn.h openssl.asn - asn1Parser -o basic.asn.h basic.asn + asn1Parser -o $(srcdir)/trust/pkix.asn.h $(srcdir)/trust/pkix.asn + asn1Parser -o $(srcdir)/trust/openssl.asn.h $(srcdir)/trust/openssl.asn + asn1Parser -o $(srcdir)/trust/basic.asn.h $(srcdir)/trust/basic.asn + +# Tests ---------------------------------------------------------------- + +trust_LIBS = \ + libtrust-testable.la \ + libtrust-data.la \ + libtrust-test.la \ + libp11-kit.la \ + libp11-library.la \ + libp11-test.la \ + libp11-common.la \ + $(LIBTASN1_LIBS) \ + $(HASH_LIBS) \ + $(NULL) + +noinst_LTLIBRARIES += \ + libtrust-test.la + +libtrust_test_la_SOURCES = \ + trust/test-trust.c trust/test-trust.h \ + trust/digest.c \ + $(NULL) + +CHECK_PROGS += \ + test-digest \ + test-asn1 \ + test-base64 \ + test-pem \ + test-oid \ + test-utf8 \ + test-x509 \ + test-persist \ + test-index \ + test-parser \ + test-builder \ + test-token \ + test-module \ + test-save \ + test-enumerate \ + test-cer \ + test-bundle \ + test-openssl \ + $(NULL) + +test_asn1_SOURCES = trust/test-asn1.c +test_asn1_LDADD = $(trust_LIBS) + +test_base64_SOURCES = trust/test-base64.c +test_base64_LDADD = $(trust_LIBS) + +test_builder_SOURCES = trust/test-builder.c +test_builder_LDADD = $(trust_LIBS) + +test_bundle_SOURCES = trust/test-bundle.c +test_bundle_LDADD = $(trust_LIBS) + +test_cer_SOURCES = trust/test-cer.c +test_cer_LDADD = $(trust_LIBS) + +test_digest_SOURCES = trust/test-digest.c +test_digest_LDADD = $(trust_LIBS) + +test_enumerate_SOURCES = trust/test-enumerate.c +test_enumerate_LDADD = $(trust_LIBS) + +test_index_SOURCES = trust/test-index.c +test_index_LDADD = $(trust_LIBS) + +test_module_SOURCES = trust/test-module.c +test_module_LDADD = $(trust_LIBS) + +test_oid_SOURCES = trust/test-oid.c +test_oid_LDADD = $(trust_LIBS) + +test_openssl_SOURCES = trust/test-openssl.c +test_openssl_LDADD = $(trust_LIBS) + +test_parser_SOURCES = trust/test-parser.c +test_parser_LDADD = $(trust_LIBS) + +test_pem_SOURCES = trust/test-pem.c +test_pem_LDADD = $(trust_LIBS) + +test_persist_SOURCES = trust/test-persist.c +test_persist_LDADD = $(trust_LIBS) + +test_save_SOURCES = trust/test-save.c +test_save_LDADD = $(trust_LIBS) + +test_token_SOURCES = trust/test-token.c +test_token_LDADD = $(trust_LIBS) + +test_utf8_SOURCES = trust/test-utf8.c +test_utf8_LDADD = $(trust_LIBS) + +test_x509_SOURCES = trust/test-x509.c +test_x509_LDADD = $(trust_LIBS) + +noinst_PROGRAMS += \ + frob-pow \ + frob-token \ + frob-nss-trust \ + frob-cert \ + frob-bc \ + frob-ku \ + frob-eku \ + frob-ext \ + frob-oid \ + $(NULL) + +frob_bc_SOURCES = trust/frob-bc.c +frob_bc_LDADD = $(trust_LIBS) + +frob_cert_SOURCES = trust/frob-cert.c +frob_cert_LDADD = $(trust_LIBS) + +frob_eku_SOURCES = trust/frob-eku.c +frob_eku_LDADD = $(trust_LIBS) + +frob_ext_SOURCES = trust/frob-ext.c +frob_ext_LDADD = $(trust_LIBS) + +frob_ku_SOURCES = trust/frob-ku.c +frob_ku_LDADD = $(trust_LIBS) + +frob_nss_trust_SOURCES = trust/frob-nss-trust.c +frob_nss_trust_LDADD = \ + libp11-common.la \ + libp11-kit.la \ + $(HASH_LIBS) \ + $(NULL) + +frob_oid_SOURCES = trust/frob-oid.c +frob_oid_LDADD = $(trust_LIBS) + +frob_pow_SOURCES = trust/frob-pow.c +frob_pow_LDADD = $(trust_LIBS) + +frob_token_SOURCES = trust/frob-token.c +frob_token_LDADD = $(trust_LIBS) + +noinst_SCRIPTS += trust/test-extract + +installcheck-local: + sh $(builddir)/trust/test-extract + +EXTRA_DIST += \ + trust/input \ + trust/fixtures \ + $(NULL) diff --git a/trust/anchor.c b/trust/anchor.c index cdc6486..baa1aeb 100644 --- a/trust/anchor.c +++ b/trust/anchor.c @@ -41,12 +41,13 @@ #include "debug.h" #include "constants.h" #include "extract.h" -#include "iter.h" #include "message.h" #include "parser.h" -#include "p11-kit.h" #include "tool.h" +#include "p11-kit/iter.h" +#include "p11-kit/p11-kit.h" + #include #include #include diff --git a/trust/enumerate.h b/trust/enumerate.h index d49bf16..8a18b06 100644 --- a/trust/enumerate.h +++ b/trust/enumerate.h @@ -40,8 +40,9 @@ #include "array.h" #include "asn1.h" #include "dict.h" -#include "iter.h" -#include "pkcs11.h" + +#include "p11-kit/iter.h" +#include "p11-kit/pkcs11.h" enum { /* These overlap with the flags in save.h, so start higher */ diff --git a/trust/extract.c b/trust/extract.c index 1bc406c..a008270 100644 --- a/trust/extract.c +++ b/trust/extract.c @@ -38,15 +38,16 @@ #include "compat.h" #include "debug.h" #include "extract.h" -#include "iter.h" #include "message.h" #include "oid.h" #include "path.h" -#include "pkcs11.h" #include "pkcs11x.h" #include "save.h" #include "tool.h" +#include "p11-kit/iter.h" +#include "p11-kit/pkcs11.h" + #include #include #include diff --git a/trust/fixtures/cacert-ca.der b/trust/fixtures/cacert-ca.der new file mode 100644 index 0000000..719b0ff Binary files /dev/null and b/trust/fixtures/cacert-ca.der differ diff --git a/trust/fixtures/cacert3-distrust-all.pem b/trust/fixtures/cacert3-distrust-all.pem new file mode 100644 index 0000000..ce5d887 --- /dev/null +++ b/trust/fixtures/cacert3-distrust-all.pem @@ -0,0 +1,44 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijBSoFAGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG +CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD +CA== +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-distrusted-all.pem b/trust/fixtures/cacert3-distrusted-all.pem new file mode 100644 index 0000000..4a04a39 --- /dev/null +++ b/trust/fixtures/cacert3-distrusted-all.pem @@ -0,0 +1,43 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijBIoEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG +CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMI +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-not-trusted.pem b/trust/fixtures/cacert3-not-trusted.pem new file mode 100644 index 0000000..eaa2e54 --- /dev/null +++ b/trust/fixtures/cacert3-not-trusted.pem @@ -0,0 +1,42 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijACMAA= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-alias.pem b/trust/fixtures/cacert3-trusted-alias.pem new file mode 100644 index 0000000..44601ea --- /dev/null +++ b/trust/fixtures/cacert3-trusted-alias.pem @@ -0,0 +1,42 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-keyid.pem b/trust/fixtures/cacert3-trusted-keyid.pem new file mode 100644 index 0000000..e652733 --- /dev/null +++ b/trust/fixtures/cacert3-trusted-keyid.pem @@ -0,0 +1,42 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAJBAcAAQIDBAUG +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-server-alias.pem b/trust/fixtures/cacert3-trusted-server-alias.pem new file mode 100644 index 0000000..55593ec --- /dev/null +++ b/trust/fixtures/cacert3-trusted-server-alias.pem @@ -0,0 +1,43 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g +TGFiZWw= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted.pem b/trust/fixtures/cacert3-trusted.pem new file mode 100644 index 0000000..55593ec --- /dev/null +++ b/trust/fixtures/cacert3-trusted.pem @@ -0,0 +1,43 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g +TGFiZWw= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-twice.pem b/trust/fixtures/cacert3-twice.pem new file mode 100644 index 0000000..c73202d --- /dev/null +++ b/trust/fixtures/cacert3-twice.pem @@ -0,0 +1,84 @@ +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- diff --git a/trust/fixtures/cacert3.der b/trust/fixtures/cacert3.der new file mode 100644 index 0000000..56f8c88 Binary files /dev/null and b/trust/fixtures/cacert3.der differ diff --git a/trust/fixtures/cacert3.pem b/trust/fixtures/cacert3.pem new file mode 100644 index 0000000..087ca0e --- /dev/null +++ b/trust/fixtures/cacert3.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- diff --git a/trust/fixtures/distrusted.pem b/trust/fixtures/distrusted.pem new file mode 100644 index 0000000..8de6ff0 --- /dev/null +++ b/trust/fixtures/distrusted.pem @@ -0,0 +1,23 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN +QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n +i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L +WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 +6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg +MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV +BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT +MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p +bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p +mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 +voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH +AwIMEVJlZCBIYXQgSXMgdGhlIENB +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/empty-file b/trust/fixtures/empty-file new file mode 100644 index 0000000..e69de29 diff --git a/trust/fixtures/multiple.pem b/trust/fixtures/multiple.pem new file mode 100644 index 0000000..d3e1775 --- /dev/null +++ b/trust/fixtures/multiple.pem @@ -0,0 +1,58 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g +TGFiZWw= +-----END TRUSTED CERTIFICATE----- +-----BEGIN TRUSTED CERTIFICATE----- +MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f +zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi +TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW +NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV +Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb +MA4MDEN1c3RvbSBMYWJlbA== +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/openssl-trust-no-trust.pem b/trust/fixtures/openssl-trust-no-trust.pem new file mode 100644 index 0000000..07e3917 --- /dev/null +++ b/trust/fixtures/openssl-trust-no-trust.pem @@ -0,0 +1,27 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIEmTCCA4GgAwIBAgIQXSBhjowOuTRAk7mx2GOVtjANBgkqhkiG9w0BAQUFADBv +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF +eHRlcm5hbCBDQSBSb290MB4XDTE0MDgwNTAwMDAwMFoXDTE1MTEwMTIzNTk1OVow +fzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSowKAYDVQQDEyFV +U0VSVHJ1c3QgTGVnYWN5IFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDZTSA65ikwhvLphol2NE5oH5ZE99H51oJOpjie7stb +4Y4uvfJXgP3JP/yQc0S8j7tXW+UtHxQwdTb1f7zPVvR/gf+ukc3Y0mrLl/n3zZBq +RS3Eu6SFE2hXX+8puirK6vXMpASbY80A6/3tjd0jxnseVx02fx8Img1h21pscQJT +KML6jf2ru7PxjXRL3729zAaTYwmVwhB6nSWQMp0BwjlTsOAVa8fXdOWkIpvklP+E +kfstsxlDLZMPnBIJ5Ge5J3oyrXoqzEFYwG5ZX+44KxcinIn6buflVzX0Wu2SlZMt ++cwkP6UcPSe9IgNzzPXK86n03P7P6dBc0A+rh/yD/cipAgMBAAGjggEfMIIBGzAf +BgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUr6RAr58W +/qsx/fvVl4v1kaMkhhYwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C +AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGA1UdIAQSMBAwDgYM +KwYBBAGyMQECAQMEMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRy +dXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQp +MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI +hvcNAQEFBQADggEBAISuLWg4EWyDUWLAkcKYvMY7+qXFvTsJ5m5gbzADhiIasovz +xs4euxt54BYUTdKaBUv/j+zwKCnqKgQdPa8REtVJmFBCn2FmOrZAmQQMaxAy6ffP +hlhPLc3TrH7oW2qDfA2gnFxQNnUNbX5Ct9+m3JBcbyNOlx3zInW/AzXmXX/H+Zss +h/aO1iWWWZ3P6hAe727qWpt3GDTMgXevmofCCuXlnhOVU729SRqldhL23PKRt+ka +4bxNPZVxffiNfD4DT1Pt/lL9yl+T4RoBGwK3c066Zul4i1D+EcvRZ9AiT3fqzRQV +QK5mXegufx6Ib1V51rl+47X9kaDA8iaHSy+d9aA= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/redhat-ca.der b/trust/fixtures/redhat-ca.der new file mode 100644 index 0000000..affae24 Binary files /dev/null and b/trust/fixtures/redhat-ca.der differ diff --git a/trust/fixtures/self-signed-with-eku.der b/trust/fixtures/self-signed-with-eku.der new file mode 100644 index 0000000..33e0760 Binary files /dev/null and b/trust/fixtures/self-signed-with-eku.der differ diff --git a/trust/fixtures/self-signed-with-ku.der b/trust/fixtures/self-signed-with-ku.der new file mode 100644 index 0000000..51bb227 Binary files /dev/null and b/trust/fixtures/self-signed-with-ku.der differ diff --git a/trust/fixtures/simple-string b/trust/fixtures/simple-string new file mode 100644 index 0000000..be13474 --- /dev/null +++ b/trust/fixtures/simple-string @@ -0,0 +1 @@ +The simple string is hairy \ No newline at end of file diff --git a/trust/fixtures/testing-server.der b/trust/fixtures/testing-server.der new file mode 100644 index 0000000..cf2de65 Binary files /dev/null and b/trust/fixtures/testing-server.der differ diff --git a/trust/fixtures/thawte.pem b/trust/fixtures/thawte.pem new file mode 100644 index 0000000..34af29e --- /dev/null +++ b/trust/fixtures/thawte.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- diff --git a/trust/fixtures/unrecognized-file.txt b/trust/fixtures/unrecognized-file.txt new file mode 100644 index 0000000..4d5bac3 --- /dev/null +++ b/trust/fixtures/unrecognized-file.txt @@ -0,0 +1 @@ +# This file is not recognized by the parser \ No newline at end of file diff --git a/trust/fixtures/verisign-v1.der b/trust/fixtures/verisign-v1.der new file mode 100644 index 0000000..bcd5ebb Binary files /dev/null and b/trust/fixtures/verisign-v1.der differ diff --git a/trust/fixtures/verisign-v1.pem b/trust/fixtures/verisign-v1.pem new file mode 100644 index 0000000..ace4da5 --- /dev/null +++ b/trust/fixtures/verisign-v1.pem @@ -0,0 +1,15 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f +zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi +TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW +NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV +Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb +MA4MDEN1c3RvbSBMYWJlbA== +-----END TRUSTED CERTIFICATE----- diff --git a/trust/frob-bc.c b/trust/frob-bc.c new file mode 100644 index 0000000..41fbc58 --- /dev/null +++ b/trust/frob-bc.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ext = NULL; + char *buf; + int len; + int ret; + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, "PKIX1.BasicConstraints", &ext); + err_if_fail (ret, "BasicConstraints"); + + if (argc > 1) { + ret = asn1_write_value (ext, "cA", argv[1], 1); + err_if_fail (ret, "cA"); + } + + ret = asn1_write_value (ext, "pathLenConstraint", NULL, 0); + err_if_fail (ret, "pathLenConstraint"); + + len = 0; + ret = asn1_der_coding (ext, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ext, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + + free (buf); + asn1_delete_structure (&ext); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-cert.c b/trust/frob-cert.c new file mode 100644 index 0000000..c1bc45c --- /dev/null +++ b/trust/frob-cert.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +static ssize_t +tlv_length (const unsigned char *data, + size_t length) +{ + unsigned char cls; + int counter = 0; + int cb, len; + unsigned long tag; + + if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { + counter += cb; + len = asn1_get_length_der (data + cb, length - cb, &cb); + counter += cb; + if (len >= 0) { + len += counter; + if (length >= len) + return len; + } + } + + return -1; +} + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *cert = NULL; + p11_mmap *map; + void *data; + size_t size; + int start, end; + ssize_t len; + int ret; + + if (argc != 4) { + fprintf (stderr, "usage: frob-cert struct field filename\n"); + return 2; + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, argv[1], &cert); + err_if_fail (ret, "Certificate"); + + map = p11_mmap_open (argv[3], NULL, &data, &size); + if (map == NULL) { + fprintf (stderr, "couldn't open file: %s\n", argv[3]); + return 1; + } + + ret = asn1_der_decoding (&cert, data, size, message); + err_if_fail (ret, message); + + ret = asn1_der_decoding_startEnd (cert, data, size, argv[2], &start, &end); + err_if_fail (ret, "asn1_der_decoding_startEnd"); + + len = tlv_length ((unsigned char *)data + start, size - start); + assert (len >= 0); + + fprintf (stderr, "%lu %d %d %ld\n", (unsigned long)size, start, end, (long)len); + fwrite ((unsigned char *)data + start, 1, len, stdout); + fflush (stdout); + + p11_mmap_close (map); + + asn1_delete_structure (&cert); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-eku.c b/trust/frob-eku.c new file mode 100644 index 0000000..f467b36 --- /dev/null +++ b/trust/frob-eku.c @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ekus = NULL; + char *buf; + int len; + int ret; + int i; + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, "PKIX1.ExtKeyUsageSyntax", &ekus); + err_if_fail (ret, "ExtKeyUsageSyntax"); + + for (i = 1; i < argc; i++) { + ret = asn1_write_value (ekus, "", "NEW", 1); + err_if_fail (ret, "NEW"); + + ret = asn1_write_value (ekus, "?LAST", argv[i], strlen (argv[i])); + err_if_fail (ret, "asn1_write_value"); + } + + len = 0; + ret = asn1_der_coding (ekus, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ekus, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + + free (buf); + asn1_delete_structure (&ekus); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-ext.c b/trust/frob-ext.c new file mode 100644 index 0000000..2017205 --- /dev/null +++ b/trust/frob-ext.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ext = NULL; + unsigned char input[1024]; + char *buf; + size_t size; + int len; + int ret; + + if (argc == 1 || argc > 3) { + fprintf (stderr, "usage: frob-ext 1.2.3 TRUE\n"); + return 2; + } + + size = fread (input, 1, sizeof (input), stdin); + if (ferror (stdin) || !feof (stdin)) { + fprintf (stderr, "bad input\n"); + return 1; + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + + ret = asn1_create_element (definitions, "PKIX1.Extension", &ext); + err_if_fail (ret, "Extension"); + + ret = asn1_write_value (ext, "extnID", argv[1], 1); + err_if_fail (ret, "extnID"); + + if (argc == 3) { + ret = asn1_write_value (ext, "critical", argv[2], 1); + err_if_fail (ret, "critical"); + } + + ret = asn1_write_value (ext, "extnValue", input, size); + err_if_fail (ret, "extnValue"); + + len = 0; + ret = asn1_der_coding (ext, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ext, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + + free (buf); + asn1_delete_structure (&ext); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-ku.c b/trust/frob-ku.c new file mode 100644 index 0000000..99ac217 --- /dev/null +++ b/trust/frob-ku.c @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include "oid.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ku = NULL; + unsigned int usage = 0; + char bits[2]; + char *buf; + int len; + int ret; + int i; + + for (i = 1; i < argc; i++) { + if (strcmp (argv[i], "digital-signature") == 0) + usage |= P11_KU_DIGITAL_SIGNATURE; + else if (strcmp (argv[i], "non-repudiation") == 0) + usage |= P11_KU_NON_REPUDIATION; + else if (strcmp (argv[i], "key-encipherment") == 0) + usage |= P11_KU_KEY_ENCIPHERMENT; + else if (strcmp (argv[i], "data-encipherment") == 0) + usage |= P11_KU_DATA_ENCIPHERMENT; + else if (strcmp (argv[i], "key-agreement") == 0) + usage |= P11_KU_KEY_AGREEMENT; + else if (strcmp (argv[i], "key-cert-sign") == 0) + usage |= P11_KU_KEY_CERT_SIGN; + else if (strcmp (argv[i], "crl-sign") == 0) + usage |= P11_KU_CRL_SIGN; + else { + fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]); + return 2; + } + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, "PKIX1.KeyUsage", &ku); + err_if_fail (ret, "KeyUsage"); + + bits[0] = usage & 0xff; + bits[1] = (usage >> 8) & 0xff; + + ret = asn1_write_value (ku, "", bits, 9); + err_if_fail (ret, "asn1_write_value"); + + len = 0; + ret = asn1_der_coding (ku, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ku, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + free (buf); + + asn1_delete_structure (&ku); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-multi-init.c b/trust/frob-multi-init.c new file mode 100644 index 0000000..d966540 --- /dev/null +++ b/trust/frob-multi-init.c @@ -0,0 +1,69 @@ +/* + * gcc -Wall -o frob-multi-init $(pkg-config p11-kit-1 --cflags --libs) -ldl frob-multi-init.c + */ + +#include +#include +#include + +#include + +#define TRUST_SO "/usr/lib64/pkcs11/p11-kit-trust.so" + +int +main (void) +{ + CK_C_INITIALIZE_ARGS args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + CK_C_GetFunctionList C_GetFunctionList; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[8]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + void *dl; + + dl = dlopen (TRUST_SO, RTLD_LOCAL | RTLD_NOW); + if (dl == NULL) + fprintf (stderr, "%s\n", dlerror()); + assert (dl != NULL); + + C_GetFunctionList = dlsym (dl, "C_GetFunctionList"); + assert (C_GetFunctionList != NULL); + + rv = C_GetFunctionList (&module); + assert (rv == CKR_OK); + assert (module != NULL); + + rv = module->C_Initialize (&args); + assert (rv == CKR_OK); + + count = 8; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert (count > 1); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert (rv == CKR_OK); + + rv = p11_kit_initialize_registered (); + assert (rv == CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + if (rv == CKR_OK) { + printf ("no reinitialization bug\n"); + return 0; + + } else if (rv == CKR_SESSION_HANDLE_INVALID) { + printf ("reinitialization bug present\n"); + return 1; + + } else { + printf ("another error: %lu\n", rv); + return 1; + } +} diff --git a/trust/frob-nss-trust.c b/trust/frob-nss-trust.c new file mode 100644 index 0000000..fd69573 --- /dev/null +++ b/trust/frob-nss-trust.c @@ -0,0 +1,221 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "attrs.h" +#include "debug.h" +#include "pkcs11x.h" + +#include "p11-kit/iter.h" +#include "p11-kit/p11-kit.h" + +#include +#include +#include + +static void +dump_object (P11KitIter *iter, + CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE label = { CKA_LABEL, }; + CK_ATTRIBUTE *attr; + char *string; + char *name; + CK_RV rv; + + attr = p11_attrs_find_valid (attrs, CKA_LABEL); + if (!attr) { + rv = p11_kit_iter_load_attributes (iter, &label, 1); + if (rv == CKR_OK) + attr = &label; + } + + if (attr) + name = strndup (attr->pValue, attr->ulValueLen); + else + name = strdup ("unknown"); + + string = p11_attrs_to_string (attrs, -1); + printf ("\"%s\" = %s\n", name, string); + free (string); + + free (label.pValue); + free (name); +} + +static int +dump_trust_module (const char *path) +{ + CK_FUNCTION_LIST *module; + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + CK_ATTRIBUTE match = + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + CK_ATTRIBUTE template[] = { + { CKA_CLASS,}, + { CKA_LABEL, }, + { CKA_CERT_MD5_HASH, }, + { CKA_CERT_SHA1_HASH }, + { CKA_ISSUER, }, + { CKA_SERIAL_NUMBER, }, + { CKA_TRUST_SERVER_AUTH, }, + { CKA_TRUST_EMAIL_PROTECTION, }, + { CKA_TRUST_CODE_SIGNING, }, + { CKA_TRUST_STEP_UP_APPROVED, }, + { CKA_INVALID, } + }; + + CK_ULONG count = p11_attrs_count (template); + + module = p11_kit_module_load (path, 0); + return_val_if_fail (module != NULL, 1); + + rv = p11_kit_module_initialize (module); + return_val_if_fail (rv == CKR_OK, 1); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter, &match, 1); + p11_kit_iter_begin_with (iter, module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_dup (template); + rv = p11_kit_iter_load_attributes (iter, attrs, count); + return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1); + p11_attrs_purge (attrs); + dump_object (iter, attrs); + p11_attrs_free (attrs); + } + + return_val_if_fail (rv == CKR_CANCEL, 1); + + p11_kit_module_finalize (module); + p11_kit_module_release (module); + + return 0; +} + +static int +compare_trust_modules (const char *path1, + const char *path2) +{ + CK_FUNCTION_LIST *module1; + CK_FUNCTION_LIST *module2; + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + CK_ATTRIBUTE match = + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; + P11KitIter *iter; + P11KitIter *iter2; + CK_ATTRIBUTE *check; + CK_RV rv; + + CK_ATTRIBUTE template[] = { + { CKA_CLASS, }, + { CKA_ISSUER, }, + { CKA_SERIAL_NUMBER, }, + { CKA_CERT_MD5_HASH, }, + { CKA_CERT_SHA1_HASH }, + { CKA_TRUST_SERVER_AUTH, }, + { CKA_TRUST_EMAIL_PROTECTION, }, + { CKA_TRUST_CODE_SIGNING, }, + { CKA_TRUST_STEP_UP_APPROVED, }, + { CKA_INVALID, } + }; + + module1 = p11_kit_module_load (path1, 0); + return_val_if_fail (module1 != NULL, 1); + + rv = p11_kit_module_initialize (module1); + return_val_if_fail (rv == CKR_OK, 1); + + module2 = p11_kit_module_load (path2, 0); + return_val_if_fail (module2 != NULL, 1); + + rv = p11_kit_module_initialize (module2); + return_val_if_fail (rv == CKR_OK, 1); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter, &match, 1); + p11_kit_iter_begin_with (iter, module1, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + check = p11_attrs_dup (template); + + rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check)); + return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1); + + /* Go through and remove anything not found */ + p11_attrs_purge (check); + + /* Check that this object exists */ + iter2 = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check)); + p11_kit_iter_begin_with (iter2, module2, 0, 0); + rv = p11_kit_iter_next (iter2); + p11_kit_iter_free (iter2); + + if (rv != CKR_OK) + dump_object (iter, check); + + p11_attrs_free (check); + } + + return_val_if_fail (rv == CKR_CANCEL, 1); + p11_kit_module_finalize (module1); + p11_kit_module_release (module1); + + p11_kit_module_finalize (module2); + p11_kit_module_release (module2); + + return 0; +} + +int +main (int argc, + char *argv[]) +{ + if (argc == 2) { + return dump_trust_module (argv[1]); + } else if (argc == 3) { + return compare_trust_modules (argv[1], argv[2]); + } else { + fprintf (stderr, "usage: frob-nss-trust module\n"); + fprintf (stderr, " frob-nss-trust module1 module2\n"); + return 2; + } +} diff --git a/trust/frob-oid.c b/trust/frob-oid.c new file mode 100644 index 0000000..5a2499a --- /dev/null +++ b/trust/frob-oid.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *oid = NULL; + char *buf; + int len; + int ret; + + if (argc != 2) { + fprintf (stderr, "usage: frob-oid 1.1.1\n"); + return 2; + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + /* AttributeType is a OBJECT IDENTIFIER */ + ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid); + err_if_fail (ret, "AttributeType"); + + ret = asn1_write_value (oid, "", argv[1], strlen (argv[1])); + err_if_fail (ret, "asn1_write_value"); + + len = 0; + ret = asn1_der_coding (oid, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (oid, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + free (buf); + + asn1_delete_structure (&oid); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-pow.c b/trust/frob-pow.c new file mode 100644 index 0000000..f029b2a --- /dev/null +++ b/trust/frob-pow.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include + +static unsigned int +nearest_pow_2 (int num) +{ + unsigned int n = num ? 1 : 0; + while (n < num && n > 0) + n <<= 1; + return n; +} + +int +main (void) +{ + int i; + + for (i = 0; i < 40; i++) + printf ("nearest_pow_2 (%d) == %u\n", i, nearest_pow_2 (i)); + + return 0; +} diff --git a/trust/frob-token.c b/trust/frob-token.c new file mode 100644 index 0000000..5d57ec1 --- /dev/null +++ b/trust/frob-token.c @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include "token.h" + +int +main (int argc, + char *argv[]) +{ + p11_token *token; + p11_index *index; + int count; + + if (argc != 2) { + fprintf (stderr, "usage: frob-token path\n"); + return 2; + } + + token = p11_token_new (1, argv[1], "Label"); + count = p11_token_load (token); + + printf ("%d files loaded\n", count); + index = p11_token_index (token); + printf ("%d objects loaded\n", p11_index_size (index)); + + p11_token_free (token); + return 0; +} diff --git a/trust/input/anchors/cacert3.der b/trust/input/anchors/cacert3.der new file mode 100644 index 0000000..56f8c88 Binary files /dev/null and b/trust/input/anchors/cacert3.der differ diff --git a/trust/input/anchors/testing-ca.der b/trust/input/anchors/testing-ca.der new file mode 100644 index 0000000..d3f70ea Binary files /dev/null and b/trust/input/anchors/testing-ca.der differ diff --git a/trust/input/blacklist/self-server.der b/trust/input/blacklist/self-server.der new file mode 100644 index 0000000..68fe9af Binary files /dev/null and b/trust/input/blacklist/self-server.der differ diff --git a/trust/input/cacert-ca.der b/trust/input/cacert-ca.der new file mode 100644 index 0000000..719b0ff Binary files /dev/null and b/trust/input/cacert-ca.der differ diff --git a/trust/input/distrusted.pem b/trust/input/distrusted.pem new file mode 100644 index 0000000..8de6ff0 --- /dev/null +++ b/trust/input/distrusted.pem @@ -0,0 +1,23 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN +QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n +i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L +WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 +6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg +MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV +BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT +MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p +bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p +mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 +voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH +AwIMEVJlZCBIYXQgSXMgdGhlIENB +-----END TRUSTED CERTIFICATE----- diff --git a/trust/input/verisign-v1.p11-kit b/trust/input/verisign-v1.p11-kit new file mode 100644 index 0000000..eaa080d --- /dev/null +++ b/trust/input/verisign-v1.p11-kit @@ -0,0 +1,17 @@ +[p11-kit-object-v1] +trusted: true + +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f +zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi +TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW +NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV +Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb +-----END CERTIFICATE----- diff --git a/trust/list.c b/trust/list.c index 8a172eb..a7fa4d9 100644 --- a/trust/list.c +++ b/trust/list.c @@ -40,12 +40,13 @@ #include "constants.h" #include "debug.h" #include "enumerate.h" -#include "iter.h" #include "list.h" -#include "pkcs11x.h" #include "message.h" +#include "pkcs11x.h" #include "tool.h" +#include "p11-kit/iter.h" + #include #include #include diff --git a/trust/test-asn1.c b/trust/test-asn1.c new file mode 100644 index 0000000..df75dfd --- /dev/null +++ b/trust/test-asn1.c @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "asn1.h" +#include "debug.h" +#include "oid.h" +#include "x509.h" + +#include +#include +#include + +struct { + p11_dict *asn1_defs; +} test; + +static void +setup (void *unused) +{ + test.asn1_defs = p11_asn1_defs_load (); + assert_ptr_not_null (test.asn1_defs); +} + +static void +teardown (void *unused) +{ + p11_dict_free (test.asn1_defs); + memset (&test, 0, sizeof (test)); +} + +static void +test_tlv_length (void) +{ + struct { + const char *der; + size_t der_len; + int expected; + } tlv_lengths[] = { + { "\x01\x01\x00", 3, 3 }, + { "\x01\x01\x00\x01\x02", 5, 3 }, + { "\x01\x05\x00", 3, -1 }, + { NULL } + }; + + int length; + int i; + + for (i = 0; tlv_lengths[i].der != NULL; i++) { + length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len); + assert_num_eq (tlv_lengths[i].expected, length); + } +} + +static const unsigned char test_eku_server_and_client[] = { + 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, +}; + +static void +test_asn1_cache (void) +{ + p11_asn1_cache *cache; + p11_dict *defs; + node_asn *asn; + node_asn *check; + + cache = p11_asn1_cache_new (); + assert_ptr_not_null (cache); + + defs = p11_asn1_cache_defs (cache); + assert_ptr_not_null (defs); + + asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client), NULL); + assert_ptr_not_null (defs); + + /* Place the parsed data in the cache */ + p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client)); + + /* Get it back out */ + check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client)); + assert_ptr_eq (asn, check); + + /* Flush should remove it */ + p11_asn1_cache_flush (cache); + check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client)); + assert_ptr_eq (NULL, check); + + p11_asn1_cache_free (cache); +} + +static void +test_asn1_free (void) +{ + p11_dict *defs; + node_asn *asn; + + defs = p11_asn1_defs_load (); + assert_ptr_not_null (defs); + + asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client), NULL); + assert_ptr_not_null (asn); + + p11_asn1_free (asn); + p11_asn1_free (NULL); + p11_dict_free (defs); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_tlv_length, "/asn1/tlv_length"); + + p11_fixture (NULL, NULL); + p11_test (test_asn1_cache, "/asn1/asn1_cache"); + p11_test (test_asn1_free, "/asn1/free"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-base64.c b/trust/test-base64.c new file mode 100644 index 0000000..ce303e8 --- /dev/null +++ b/trust/test-base64.c @@ -0,0 +1,204 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "base64.h" +#include "debug.h" +#include "message.h" + +#include +#include +#include +#include + +static void +check_decode_msg (const char *file, + int line, + const char *function, + const char *input, + ssize_t input_len, + const unsigned char *expected, + ssize_t expected_len) +{ + unsigned char decoded[8192]; + int length; + + if (input_len < 0) + input_len = strlen (input); + if (expected_len < 0) + expected_len = strlen ((char *)expected); + length = p11_b64_pton (input, input_len, decoded, sizeof (decoded)); + + if (expected == NULL) { + if (length >= 0) + p11_test_fail (file, line, function, "decoding should have failed"); + + } else { + if (length < 0) + p11_test_fail (file, line, function, "decoding failed"); + if (expected_len != length) + p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", + (unsigned long)expected_len, (unsigned long)length); + if (memcmp (decoded, expected, length) != 0) + p11_test_fail (file, line, function, "decoded wrong"); + } +} + +#define check_decode_success(input, input_len, expected, expected_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) + +#define check_decode_failure(input, input_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) + +static void +test_decode_simple (void) +{ + check_decode_success ("", 0, (unsigned char *)"", 0); + check_decode_success ("MQ==", 0, (unsigned char *)"1", 0); + check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1); + check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1); + check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1); +} + +static void +test_decode_thawte (void) +{ + const char *input = + "MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB" + "rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf" + "Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw" + "MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV" + "BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa" + "Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl" + "LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u" + "MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl" + "ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm" + "gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8" + "YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf" + "b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9" + "9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S" + "zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk" + "OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV" + "HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA" + "2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW" + "oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu" + "t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c" + "KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM" + "m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu" + "MdRAGmI0Nj81Aa6sY6A="; + + const unsigned char output[] = { + 0x30, 0x82, 0x04, 0x2a, 0x30, 0x82, 0x03, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x60, + 0x01, 0x97, 0xb7, 0x46, 0xa7, 0xea, 0xb4, 0xb4, 0x9a, 0xd6, 0x4b, 0x2f, 0xf7, 0x90, 0xfb, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, + 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, + 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, + 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, + 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, + 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, + 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, + 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, + 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, + 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, + 0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, + 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, + 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, + 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, + 0x30, 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, + 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, + 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, + 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xb2, 0xbf, 0x27, 0x2c, 0xfb, 0xdb, 0xd8, 0x5b, 0xdd, 0x78, 0x7b, 0x1b, 0x9e, 0x77, 0x66, + 0x81, 0xcb, 0x3e, 0xbc, 0x7c, 0xae, 0xf3, 0xa6, 0x27, 0x9a, 0x34, 0xa3, 0x68, 0x31, 0x71, 0x38, + 0x33, 0x62, 0xe4, 0xf3, 0x71, 0x66, 0x79, 0xb1, 0xa9, 0x65, 0xa3, 0xa5, 0x8b, 0xd5, 0x8f, 0x60, + 0x2d, 0x3f, 0x42, 0xcc, 0xaa, 0x6b, 0x32, 0xc0, 0x23, 0xcb, 0x2c, 0x41, 0xdd, 0xe4, 0xdf, 0xfc, + 0x61, 0x9c, 0xe2, 0x73, 0xb2, 0x22, 0x95, 0x11, 0x43, 0x18, 0x5f, 0xc4, 0xb6, 0x1f, 0x57, 0x6c, + 0x0a, 0x05, 0x58, 0x22, 0xc8, 0x36, 0x4c, 0x3a, 0x7c, 0xa5, 0xd1, 0xcf, 0x86, 0xaf, 0x88, 0xa7, + 0x44, 0x02, 0x13, 0x74, 0x71, 0x73, 0x0a, 0x42, 0x59, 0x02, 0xf8, 0x1b, 0x14, 0x6b, 0x42, 0xdf, + 0x6f, 0x5f, 0xba, 0x6b, 0x82, 0xa2, 0x9d, 0x5b, 0xe7, 0x4a, 0xbd, 0x1e, 0x01, 0x72, 0xdb, 0x4b, + 0x74, 0xe8, 0x3b, 0x7f, 0x7f, 0x7d, 0x1f, 0x04, 0xb4, 0x26, 0x9b, 0xe0, 0xb4, 0x5a, 0xac, 0x47, + 0x3d, 0x55, 0xb8, 0xd7, 0xb0, 0x26, 0x52, 0x28, 0x01, 0x31, 0x40, 0x66, 0xd8, 0xd9, 0x24, 0xbd, + 0xf6, 0x2a, 0xd8, 0xec, 0x21, 0x49, 0x5c, 0x9b, 0xf6, 0x7a, 0xe9, 0x7f, 0x55, 0x35, 0x7e, 0x96, + 0x6b, 0x8d, 0x93, 0x93, 0x27, 0xcb, 0x92, 0xbb, 0xea, 0xac, 0x40, 0xc0, 0x9f, 0xc2, 0xf8, 0x80, + 0xcf, 0x5d, 0xf4, 0x5a, 0xdc, 0xce, 0x74, 0x86, 0xa6, 0x3e, 0x6c, 0x0b, 0x53, 0xca, 0xbd, 0x92, + 0xce, 0x19, 0x06, 0x72, 0xe6, 0x0c, 0x5c, 0x38, 0x69, 0xc7, 0x04, 0xd6, 0xbc, 0x6c, 0xce, 0x5b, + 0xf6, 0xf7, 0x68, 0x9c, 0xdc, 0x25, 0x15, 0x48, 0x88, 0xa1, 0xe9, 0xa9, 0xf8, 0x98, 0x9c, 0xe0, + 0xf3, 0xd5, 0x31, 0x28, 0x61, 0x11, 0x6c, 0x67, 0x96, 0x8d, 0x39, 0x99, 0xcb, 0xc2, 0x45, 0x24, + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, + 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa, + 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1a, 0x40, + 0xd8, 0x95, 0x65, 0xac, 0x09, 0x92, 0x89, 0xc6, 0x39, 0xf4, 0x10, 0xe5, 0xa9, 0x0e, 0x66, 0x53, + 0x5d, 0x78, 0xde, 0xfa, 0x24, 0x91, 0xbb, 0xe7, 0x44, 0x51, 0xdf, 0xc6, 0x16, 0x34, 0x0a, 0xef, + 0x6a, 0x44, 0x51, 0xea, 0x2b, 0x07, 0x8a, 0x03, 0x7a, 0xc3, 0xeb, 0x3f, 0x0a, 0x2c, 0x52, 0x16, + 0xa0, 0x2b, 0x43, 0xb9, 0x25, 0x90, 0x3f, 0x70, 0xa9, 0x33, 0x25, 0x6d, 0x45, 0x1a, 0x28, 0x3b, + 0x27, 0xcf, 0xaa, 0xc3, 0x29, 0x42, 0x1b, 0xdf, 0x3b, 0x4c, 0xc0, 0x33, 0x34, 0x5b, 0x41, 0x88, + 0xbf, 0x6b, 0x2b, 0x65, 0xaf, 0x28, 0xef, 0xb2, 0xf5, 0xc3, 0xaa, 0x66, 0xce, 0x7b, 0x56, 0xee, + 0xb7, 0xc8, 0xcb, 0x67, 0xc1, 0xc9, 0x9c, 0x1a, 0x18, 0xb8, 0xc4, 0xc3, 0x49, 0x03, 0xf1, 0x60, + 0x0e, 0x50, 0xcd, 0x46, 0xc5, 0xf3, 0x77, 0x79, 0xf7, 0xb6, 0x15, 0xe0, 0x38, 0xdb, 0xc7, 0x2f, + 0x28, 0xa0, 0x0c, 0x3f, 0x77, 0x26, 0x74, 0xd9, 0x25, 0x12, 0xda, 0x31, 0xda, 0x1a, 0x1e, 0xdc, + 0x29, 0x41, 0x91, 0x22, 0x3c, 0x69, 0xa7, 0xbb, 0x02, 0xf2, 0xb6, 0x5c, 0x27, 0x03, 0x89, 0xf4, + 0x06, 0xea, 0x9b, 0xe4, 0x72, 0x82, 0xe3, 0xa1, 0x09, 0xc1, 0xe9, 0x00, 0x19, 0xd3, 0x3e, 0xd4, + 0x70, 0x6b, 0xba, 0x71, 0xa6, 0xaa, 0x58, 0xae, 0xf4, 0xbb, 0xe9, 0x6c, 0xb6, 0xef, 0x87, 0xcc, + 0x9b, 0xbb, 0xff, 0x39, 0xe6, 0x56, 0x61, 0xd3, 0x0a, 0xa7, 0xc4, 0x5c, 0x4c, 0x60, 0x7b, 0x05, + 0x77, 0x26, 0x7a, 0xbf, 0xd8, 0x07, 0x52, 0x2c, 0x62, 0xf7, 0x70, 0x63, 0xd9, 0x39, 0xbc, 0x6f, + 0x1c, 0xc2, 0x79, 0xdc, 0x76, 0x29, 0xaf, 0xce, 0xc5, 0x2c, 0x64, 0x04, 0x5e, 0x88, 0x36, 0x6e, + 0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0, + }; + + check_decode_success (input, -1, output, sizeof (output)); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_decode_simple, "/base64/decode-simple"); + p11_test (test_decode_thawte, "/base64/decode-thawte"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-builder.c b/trust/test-builder.c new file mode 100644 index 0000000..29bac07 --- /dev/null +++ b/trust/test-builder.c @@ -0,0 +1,2236 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include "attrs.h" +#include "builder.h" +#include "debug.h" +#include "digest.h" +#include "index.h" +#include "message.h" +#include "oid.h" +#include "pkcs11x.h" + +struct { + p11_builder *builder; + p11_index *index; +} test; + +static CK_TRUST trusted = CKT_NSS_TRUSTED; +static CK_TRUST trusted_delegator = CKT_NSS_TRUSTED_DELEGATOR; +static CK_TRUST not_trusted = CKT_NSS_NOT_TRUSTED; +static CK_TRUST trust_unknown = CKT_NSS_TRUST_UNKNOWN; +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; +static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; +static CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION; +static CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE; +static CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509 = CKC_X_509; +static CK_ULONG certificate_authority = 2; +static CK_ULONG other_entity = 3; +static CK_BBOOL truev = CK_TRUE; +static CK_BBOOL falsev = CK_FALSE; + +static void +setup (void *unused) +{ + test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN); + assert_ptr_not_null (test.builder); + + test.index = p11_index_new (p11_builder_build, NULL, NULL, p11_builder_changed, test.builder); + assert_ptr_not_null (test.index); +} + +static void +teardown (void *unused) +{ + p11_builder_free (test.builder); + p11_index_free (test.index); + memset (&test, 0, sizeof (test)); +} + +static void +test_get_cache (void) +{ + p11_asn1_cache *cache; + + cache = p11_builder_get_cache (test.builder); + assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4)); +} + +static void +test_build_data (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE check[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_PRIVATE, &falsev, sizeof (falsev) }, + { CKA_LABEL, "", 0 }, + { CKA_VALUE, "the value", 9 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (check, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_LABEL, "the label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, + { CKA_START_DATE, "20110523", 8 }, + { CKA_END_DATE, "20210520", 8, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_LABEL, "the label", 9 }, + { CKA_ID, "\xf0""a\xd8?\x95\x8fMx\xb1G\xb3\x13""9\x97\x8e\xa9\xc2Q\xba\x9b", 20}, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_empty (void) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + CK_ULONG domain = 0; + CK_ULONG category = 0; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_URL, "http://blah", 11 }, + { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_LABEL, "the label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_VALUE, "", 0 }, + { CKA_START_DATE, "", 0 }, + { CKA_END_DATE, "", 0, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, "", 0 }, + { CKA_SERIAL_NUMBER, "", 0 }, + { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_LABEL, "the label", 9 }, + { CKA_JAVA_MIDP_SECURITY_DOMAIN, &domain, sizeof (domain) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_digest_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static const unsigned char entrust_pretend_ca[] = { + 0x30, 0x82, 0x04, 0x5c, 0x30, 0x82, 0x03, 0x44, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x38, + 0x63, 0xb9, 0x66, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, + 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, + 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, + 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, + 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, + 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, + 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, + 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, + 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x39, 0x31, + 0x32, 0x32, 0x34, 0x31, 0x37, 0x35, 0x30, 0x35, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, + 0x32, 0x34, 0x31, 0x38, 0x32, 0x30, 0x35, 0x31, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, + 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, + 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, + 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, + 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, + 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, + 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, + 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, + 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, + 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, + 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, + 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, + 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, + 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, + 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, + 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, + 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, + 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, + 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, + 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, + 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, + 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, + 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, + 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, + 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x74, 0x30, 0x72, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x00, 0x07, 0x30, 0x1f, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, + 0xbe, 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, 0xbe, + 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x41, 0x00, 0x04, 0x10, 0x30, 0x0e, 0x1b, 0x08, + 0x56, 0x35, 0x2e, 0x30, 0x3a, 0x34, 0x2e, 0x30, 0x03, 0x02, 0x04, 0x90, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x59, 0x47, 0xac, 0x21, 0x84, 0x8a, 0x17, 0xc9, 0x9c, 0x89, 0x53, 0x1e, 0xba, 0x80, 0x85, 0x1a, + 0xc6, 0x3c, 0x4e, 0x3e, 0xb1, 0x9c, 0xb6, 0x7c, 0xc6, 0x92, 0x5d, 0x18, 0x64, 0x02, 0xe3, 0xd3, + 0x06, 0x08, 0x11, 0x61, 0x7c, 0x63, 0xe3, 0x2b, 0x9d, 0x31, 0x03, 0x70, 0x76, 0xd2, 0xa3, 0x28, + 0xa0, 0xf4, 0xbb, 0x9a, 0x63, 0x73, 0xed, 0x6d, 0xe5, 0x2a, 0xdb, 0xed, 0x14, 0xa9, 0x2b, 0xc6, + 0x36, 0x11, 0xd0, 0x2b, 0xeb, 0x07, 0x8b, 0xa5, 0xda, 0x9e, 0x5c, 0x19, 0x9d, 0x56, 0x12, 0xf5, + 0x54, 0x29, 0xc8, 0x05, 0xed, 0xb2, 0x12, 0x2a, 0x8d, 0xf4, 0x03, 0x1b, 0xff, 0xe7, 0x92, 0x10, + 0x87, 0xb0, 0x3a, 0xb5, 0xc3, 0x9d, 0x05, 0x37, 0x12, 0xa3, 0xc7, 0xf4, 0x15, 0xb9, 0xd5, 0xa4, + 0x39, 0x16, 0x9b, 0x53, 0x3a, 0x23, 0x91, 0xf1, 0xa8, 0x82, 0xa2, 0x6a, 0x88, 0x68, 0xc1, 0x79, + 0x02, 0x22, 0xbc, 0xaa, 0xa6, 0xd6, 0xae, 0xdf, 0xb0, 0x14, 0x5f, 0xb8, 0x87, 0xd0, 0xdd, 0x7c, + 0x7f, 0x7b, 0xff, 0xaf, 0x1c, 0xcf, 0xe6, 0xdb, 0x07, 0xad, 0x5e, 0xdb, 0x85, 0x9d, 0xd0, 0x2b, + 0x0d, 0x33, 0xdb, 0x04, 0xd1, 0xe6, 0x49, 0x40, 0x13, 0x2b, 0x76, 0xfb, 0x3e, 0xe9, 0x9c, 0x89, + 0x0f, 0x15, 0xce, 0x18, 0xb0, 0x85, 0x78, 0x21, 0x4f, 0x6b, 0x4f, 0x0e, 0xfa, 0x36, 0x67, 0xcd, + 0x07, 0xf2, 0xff, 0x08, 0xd0, 0xe2, 0xde, 0xd9, 0xbf, 0x2a, 0xaf, 0xb8, 0x87, 0x86, 0x21, 0x3c, + 0x04, 0xca, 0xb7, 0x94, 0x68, 0x7f, 0xcf, 0x3c, 0xe9, 0x98, 0xd7, 0x38, 0xff, 0xec, 0xc0, 0xd9, + 0x50, 0xf0, 0x2e, 0x4b, 0x58, 0xae, 0x46, 0x6f, 0xd0, 0x2e, 0xc3, 0x60, 0xda, 0x72, 0x55, 0x72, + 0xbd, 0x4c, 0x45, 0x9e, 0x61, 0xba, 0xbf, 0x84, 0x81, 0x92, 0x03, 0xd1, 0xd2, 0x69, 0x7c, 0xc5, +}; + +static const unsigned char entrust_public_key[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, + 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, + 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, + 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, + 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, + 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, + 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, + 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, + 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, + 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, + 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, + 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, + 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, + 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, + 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, + 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, + 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +static void +test_build_certificate_non_ca (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &other_entity, sizeof (other_entity) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_v1_ca (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_staple_ca (void) +{ + CK_ULONG category = 2; /* CA */ + + CK_ATTRIBUTE stapled[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, + { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + /* Adding the stapled extension *first*, and then the certificate */ + + /* Add a stapled certificate */ + rv = p11_index_add (test.index, stapled, 4, NULL); + assert_num_eq (CKR_OK, rv); + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + /* + * Even though the certificate is not a valid CA, the presence of the + * stapled certificate extension transforms it into a CA. + */ + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_staple_ca_backwards (void) +{ + CK_ULONG category = 2; /* CA */ + + CK_ATTRIBUTE stapled[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, + { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_INVALID }, + }; + + CK_RV rv; + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE handle; + + /* Adding the certificate *first*, and then the stapled extension */ + + rv = p11_index_add (test.index, input, 4, &handle); + assert_num_eq (CKR_OK, rv); + + /* Add a stapled certificate */ + rv = p11_index_add (test.index, stapled, 4, NULL); + assert_num_eq (CKR_OK, rv); + + /* + * Even though the certificate is not a valid CA, the presence of the + * stapled certificate extension transforms it into a CA. + */ + attrs = p11_index_lookup (test.index, handle); + test_check_attrs (expected, attrs); +} + +static void +test_build_certificate_no_type (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_build_certificate_bad_type (void) +{ + CK_CERTIFICATE_TYPE type = CKC_WTLS; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_build_extension (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE check[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_PRIVATE, &falsev, sizeof (falsev) }, + { CKA_OBJECT_ID, "\x06\x03\x55\x1d\x50", 5 }, + { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_LABEL, "", 0 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (check, attrs); + p11_attrs_free (attrs); +} + +/* This certificate has and end date in 2067 */ +static const unsigned char cert_distant_end_date[] = { + 0x30, 0x82, 0x01, 0x6a, 0x30, 0x82, 0x01, 0x14, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03, + 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, + 0x2d, 0x69, 0x6e, 0x2d, 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x33, + 0x30, 0x33, 0x32, 0x37, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x36, + 0x37, 0x31, 0x32, 0x32, 0x39, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x28, 0x31, 0x26, + 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, 0x2d, 0x69, 0x6e, 0x2d, + 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xe2, + 0x2d, 0x35, 0x70, 0x75, 0xc0, 0x07, 0x56, 0x40, 0x7d, 0x63, 0xbc, 0xd2, 0x60, 0xb3, 0xcf, 0xb8, + 0x3d, 0x27, 0x6e, 0x10, 0xcd, 0x42, 0x50, 0x51, 0x9d, 0x79, 0x30, 0x79, 0x5a, 0xe3, 0xc3, 0x51, + 0x38, 0x85, 0x4c, 0xb4, 0x91, 0xd9, 0xe6, 0x8d, 0x69, 0x6a, 0xd4, 0x9c, 0x1c, 0x49, 0xc2, 0x25, + 0x2a, 0xc9, 0x2b, 0xf2, 0xf4, 0x8e, 0x8a, 0x3f, 0x8b, 0x4c, 0x97, 0xc3, 0x16, 0x96, 0x99, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, + 0x1b, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x03, 0x2a, 0x03, 0x04, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0xc2, 0x83, + 0x27, 0x32, 0x80, 0x74, 0x73, 0xe2, 0xa3, 0x92, 0xaa, 0x7c, 0xd8, 0x50, 0xf4, 0x61, 0x50, 0xb1, + 0x63, 0x9e, 0x29, 0xef, 0x38, 0x1d, 0xc0, 0x55, 0x20, 0x0f, 0x7e, 0xe9, 0x1f, 0xa1, 0x54, 0x1a, + 0x5f, 0x8c, 0x26, 0x1b, 0x66, 0x96, 0x0e, 0x64, 0x52, 0x1c, 0x00, 0x96, 0xfb, 0x81, 0x77, 0xa2, + 0x3a, 0x1d, 0x49, 0x0c, 0x03, 0xd5, 0x19, 0xf2, 0x6a, 0x01, 0x29, 0x31, 0xfb, 0xf5, +}; + +static void +test_build_distant_end_date (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)cert_distant_end_date, sizeof (cert_distant_end_date) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_END_DATE, "20671229", 8 }, + { CKA_START_DATE, "20130327", 8 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_valid_bool (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_BBOOL value = CK_TRUE; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_PRIVATE, &value, sizeof (value) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_bool (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_PRIVATE, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "123"; + input[0].ulValueLen = 3; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + + input[0].pValue = NULL; + input[0].ulValueLen = sizeof (CK_BBOOL); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_ulong (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_ULONG value = 2; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_CERTIFICATE_CATEGORY, &value, sizeof (value) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_ulong (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_CERTIFICATE_CATEGORY, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "123"; + input[0].ulValueLen = 3; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + + input[0].pValue = NULL; + input[0].ulValueLen = sizeof (CK_ULONG); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_utf8 (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_LABEL, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_utf8 (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_LABEL, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "\xfex23"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_dates (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_DATE date; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_START_DATE, &date, sizeof (CK_DATE) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + memcpy (date.year, "2000", sizeof (date.year)); + memcpy (date.month, "10", sizeof (date.month)); + memcpy (date.day, "10", sizeof (date.day)); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); + attrs = NULL; + + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); +} + +static void +test_invalid_dates (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_DATE date; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_START_DATE, &date, sizeof (CK_DATE) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + memcpy (date.year, "AAAA", sizeof (date.year)); + memcpy (date.month, "BB", sizeof (date.month)); + memcpy (date.day, "CC", sizeof (date.day)); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + memcpy (date.year, "2000", sizeof (date.year)); + memcpy (date.month, "15", sizeof (date.month)); + memcpy (date.day, "80", sizeof (date.day)); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_name (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SUBJECT, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); + attrs = NULL; + + input[0].pValue = (void *)test_cacert3_ca_issuer; + input[0].ulValueLen = sizeof (test_cacert3_ca_issuer); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); +} + +static void +test_invalid_name (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SUBJECT, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "blah"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_serial (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + attrs = NULL; + + input[0].pValue = (void *)test_cacert3_ca_serial; + input[0].ulValueLen = sizeof (test_cacert3_ca_serial); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_serial (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "blah"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = (void *)test_cacert3_ca_subject; + input[0].ulValueLen = sizeof (test_cacert3_ca_subject); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_cert (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_VALUE, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + attrs = NULL; + + input[0].pValue = (void *)test_cacert3_ca_der; + input[0].ulValueLen = sizeof (test_cacert3_ca_der); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_cert (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_VALUE, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "blah"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = (void *)test_cacert3_ca_subject; + input[0].ulValueLen = sizeof (test_cacert3_ca_subject); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_invalid_schema (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_URL, "http://blah", 11 }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + /* Missing CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY */ + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + + p11_message_loud (); +} + +static void +test_create_not_settable (void) +{ + /* + * CKA_X_PUBLIC_KEY_INFO cannot be created/modified + */ + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); + p11_attrs_free (merge); + + p11_message_loud (); + + p11_attrs_free (attrs); +} + +static void +test_create_but_loadable (void) +{ + /* + * CKA_X_PUBLIC_KEY_INFO cannot be set on creation, but can be set if we're + * loading from our store. This is signified by batching. + */ + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_index_load (test.index); + + attrs = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_index_finish (test.index); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (input, attrs); + p11_attrs_free (attrs); +} + +static void +test_create_unsupported (void) +{ + CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_generated (void) +{ + CK_OBJECT_CLASS klass = CKO_NSS_TRUST; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_bad_attribute (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the value", 9 }, + { CKA_COLOR, "blue", 4 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_missing_attribute (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_no_class (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_token_mismatch (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_TOKEN, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_modify_success (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE modify[] = { + { CKA_VALUE, "new value long", 14 }, + { CKA_LABEL, "new label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "new value long", 14 }, + { CKA_LABEL, "new label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_modify_read_only (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE modify[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + p11_message_quiet (); + + extra = NULL; + merge = p11_attrs_dup (modify); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); + p11_attrs_free (merge); + + p11_message_loud (); + + p11_attrs_free (attrs); +} + +static void +test_modify_unchanged (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + /* + * Although CKA_CLASS is read-only, changing to same value + * shouldn't fail + */ + + CK_ATTRIBUTE modify[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the other", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the other", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_modify_not_modifiable (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE modify[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + p11_message_quiet (); + + extra = NULL; + merge = p11_attrs_dup (modify); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); + p11_attrs_free (merge); + + p11_message_loud (); + + p11_attrs_free (attrs); +} + +static CK_ATTRIBUTE cacert3_assert_distrust_server[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_client[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_code[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_CODE_SIGNING_STR, sizeof (P11_OID_CODE_SIGNING_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_email[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_EMAIL_PROTECTION_STR, sizeof (P11_OID_EMAIL_PROTECTION_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_system[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_END_SYSTEM_STR, sizeof (P11_OID_IPSEC_END_SYSTEM_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_tunnel[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_TUNNEL_STR, sizeof (P11_OID_IPSEC_TUNNEL_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_user[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_USER_STR, sizeof (P11_OID_IPSEC_USER_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_time[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_TIME_STAMPING_STR, sizeof (P11_OID_TIME_STAMPING_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static void +test_changed_trusted_certificate (void) +{ + static CK_ATTRIBUTE cacert3_trusted_certificate[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, + { CKA_START_DATE, "20110523", 8 }, + { CKA_END_DATE, "20210520", 8, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_INVALID }, + }; + + static unsigned char eku_server_and_client[] = { + 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, + }; + + CK_ATTRIBUTE eku_extension_server_and_client[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_VALUE, eku_server_and_client, sizeof (eku_server_and_client) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static char eku_client_email[] = { + 0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, + }; + + static CK_ATTRIBUTE reject_extension_email[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_VALUE, eku_client_email, sizeof (eku_client_email) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE nss_trust_server_and_client_distrust_email[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_CLIENT_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CODE_SIGNING, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_IPSEC_END_SYSTEM, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_IPSEC_TUNNEL, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_IPSEC_USER, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_TIME_STAMPING, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_DIGITAL_SIGNATURE, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_NON_REPUDIATION, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_KEY_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_DATA_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_KEY_AGREEMENT, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_KEY_CERT_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_CRL_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE server_anchor_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE client_anchor_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + /* + * We should get an NSS trust object and various assertions here. + * The first two attributes of each object are enough to look it up, + * and then we check the rest of the attributes match. + */ + + CK_ATTRIBUTE *expected[] = { + nss_trust_server_and_client_distrust_email, + cacert3_assert_distrust_email, + server_anchor_assertion, + client_anchor_assertion, + NULL, + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + int i; + + /* + * A trusted cetrificate, trusted for server and client purposes, + * and explicitly rejects the email and timestamping purposes. + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + + /* The other objects */ + for (i = 0; expected[i]; i++) { + handle = p11_index_find (test.index, expected[i], 2); + assert (handle != 0); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + + test_check_attrs (expected[i], attrs); + } +} + +static void +test_changed_distrust_value (void) +{ + CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate), }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_PRIVATE, &falsev, sizeof (falsev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE eku_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE reject_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE nss_trust_nothing[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_INVALID, } + }; + + /* + * We should get an NSS trust object and various assertions here. + * The first two attributes of each object are enough to look it up, + * and then we check the rest of the attributes match. + */ + + CK_ATTRIBUTE *expected[] = { + nss_trust_nothing, + cacert3_assert_distrust_server, + cacert3_assert_distrust_client, + cacert3_assert_distrust_code, + cacert3_assert_distrust_email, + cacert3_assert_distrust_system, + cacert3_assert_distrust_tunnel, + cacert3_assert_distrust_user, + cacert3_assert_distrust_time, + NULL + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + int i; + + /* + * A distrusted certificate with a value, plus some extra + * extensions (which should be ignored). + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + /* The other objects */ + for (i = 0; expected[i]; i++) { + handle = p11_index_find (test.index, expected[i], 2); + assert (handle != 0); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + + test_check_attrs (expected[i], attrs); + } +} + +static void +test_changed_distrust_serial (void) +{ + CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate), }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE nss_trust_distrust[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_INVALID, } + }; + + /* + * We should get an NSS trust object and various assertions here. + * The first two attributes of each object are enough to look it up, + * and then we check the rest of the attributes match. + */ + + CK_ATTRIBUTE *expected[] = { + nss_trust_distrust, + cacert3_assert_distrust_server, + cacert3_assert_distrust_client, + cacert3_assert_distrust_code, + cacert3_assert_distrust_email, + cacert3_assert_distrust_system, + cacert3_assert_distrust_tunnel, + cacert3_assert_distrust_user, + cacert3_assert_distrust_time, + NULL + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + int i; + + /* + * A distrusted certificate without a value. + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + for (i = 0; expected[i]; i++) { + handle = p11_index_find (test.index, expected[i], 2); + assert (handle != 0); + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + test_check_attrs (expected[i], attrs); + } +} + +static void +test_changed_dup_certificates (void) +{ + static CK_ATTRIBUTE trusted_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE trusted_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE distrust_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE unknown_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_TRUST_SERVER_AUTH, &trust_unknown, sizeof (trust_unknown) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE match_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE anchor_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE distrust_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE match_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE handle1; + CK_OBJECT_HANDLE handle2; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + /* + * A trusted certificate, should create trutsed nss trust + * and anchor assertions + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + handle = p11_index_find (test.index, match_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, match_assertion, -1); + assert (handle != 0); + handle = p11_index_find (test.index, trusted_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, anchor_assertion, -1); + assert (handle != 0); + + /* Now we add a distrusted certificate, should update the objects */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + handle = p11_index_find (test.index, trusted_nss, -1); + assert (handle == 0); + handle = p11_index_find (test.index, distrust_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, anchor_assertion, -1); + assert (handle == 0); + handle = p11_index_find (test.index, distrust_assertion, -1); + assert (handle != 0); + + /* Now remove the trusted cetrificate, should update again */ + rv = p11_index_remove (test.index, handle2); + assert_num_eq (CKR_OK, rv); + + handle = p11_index_find (test.index, trusted_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, distrust_nss, -1); + assert (handle == 0); + handle = p11_index_find (test.index, anchor_assertion, -1); + assert (handle != 0); + handle = p11_index_find (test.index, distrust_assertion, -1); + assert (handle == 0); + + /* Now remove the original certificate, unknown nss and no assertions */ + rv = p11_index_remove (test.index, handle1); + assert_num_eq (CKR_OK, rv); + + handle = p11_index_find (test.index, unknown_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, match_assertion, -1); + assert (handle == 0); +} + +static void +test_changed_without_id (void) +{ + static CK_ATTRIBUTE trusted_without_id[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, NULL, 0, }, + { CKA_INVALID }, + }; + + CK_OBJECT_CLASS klass = 0; + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + /* + * A cetrificate without a CKA_ID that's created should still + * automatically create compat objects. + */ + + CK_OBJECT_HANDLE handle; + CK_RV rv; + + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + klass = CKO_NSS_TRUST; + handle = p11_index_find (test.index, match, -1); + assert (handle != 0); + + klass = CKO_X_TRUST_ASSERTION; + handle = p11_index_find (test.index, match, -1); + assert (handle != 0); +} + +static void +test_changed_staple_ca (void) +{ + CK_ULONG category = 0; + + CK_ATTRIBUTE stapled[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, + { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE match[] = { + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_RV rv; + + attrs = NULL; + rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); + assert_num_eq (CKR_OK, rv); + + /* Not a CA at this point, until we staple */ + category = 0; + assert (p11_index_find (test.index, match, -1) == 0); + + /* Add a stapled basic constraint */ + rv = p11_index_add (test.index, stapled, 4, NULL); + assert_num_eq (CKR_OK, rv); + + /* Now should be a CA */ + category = 2; + assert (p11_index_find (test.index, match, -1) != 0); + + p11_attrs_free (attrs); +} + +static void +test_changed_staple_ku (void) +{ + CK_ATTRIBUTE stapled_ds_and_np[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) }, + { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE nss_trust_ds_and_np[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "the id", 6 }, + { CKA_TRUST_SERVER_AUTH, &trusted, sizeof (trusted) }, + { CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) }, + { CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) }, + { CKA_TRUST_CODE_SIGNING, &trusted, sizeof (trusted) }, + { CKA_TRUST_IPSEC_END_SYSTEM, &trusted, sizeof (trusted) }, + { CKA_TRUST_IPSEC_TUNNEL, &trusted, sizeof (trusted) }, + { CKA_TRUST_IPSEC_USER, &trusted, sizeof (trusted) }, + { CKA_TRUST_TIME_STAMPING, &trusted, sizeof (trusted) }, + { CKA_TRUST_DIGITAL_SIGNATURE, &trusted, sizeof (trusted) }, + { CKA_TRUST_NON_REPUDIATION, &trusted, sizeof (trusted) }, + { CKA_TRUST_KEY_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_DATA_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_KEY_AGREEMENT, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_KEY_CERT_SIGN, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_CRL_SIGN, &trust_unknown, sizeof (trust_unknown) }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + handle = p11_index_find (test.index, nss_trust_ds_and_np, 2); + assert (handle != 0); + + attrs = p11_index_lookup (test.index, handle); + test_check_attrs (nss_trust_ds_and_np, attrs); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_get_cache, "/builder/get_cache"); + p11_test (test_build_data, "/builder/build_data"); + p11_test (test_build_certificate, "/builder/build_certificate"); + p11_test (test_build_certificate_empty, "/builder/build_certificate_empty"); + p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca"); + p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca"); + p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca"); + p11_test (test_build_certificate_staple_ca_backwards, "/builder/build-certificate-staple-ca-backwards"); + p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type"); + p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type"); + p11_test (test_build_extension, "/builder/build_extension"); + p11_test (test_build_distant_end_date, "/builder/build_distant_end_date"); + + p11_test (test_valid_bool, "/builder/valid-bool"); + p11_test (test_valid_ulong, "/builder/valid-ulong"); + p11_test (test_valid_utf8, "/builder/valid-utf8"); + p11_test (test_valid_dates, "/builder/valid-date"); + p11_test (test_valid_name, "/builder/valid-name"); + p11_test (test_valid_serial, "/builder/valid-serial"); + p11_test (test_valid_cert, "/builder/valid-cert"); + p11_test (test_invalid_bool, "/builder/invalid-bool"); + p11_test (test_invalid_ulong, "/builder/invalid-ulong"); + p11_test (test_invalid_utf8, "/builder/invalid-utf8"); + p11_test (test_invalid_dates, "/builder/invalid-date"); + p11_test (test_invalid_name, "/builder/invalid-name"); + p11_test (test_invalid_serial, "/builder/invalid-serial"); + p11_test (test_invalid_cert, "/builder/invalid-cert"); + p11_test (test_invalid_schema, "/builder/invalid-schema"); + + p11_test (test_create_not_settable, "/builder/create_not_settable"); + p11_test (test_create_but_loadable, "/builder/create_but_loadable"); + p11_test (test_create_unsupported, "/builder/create_unsupported"); + p11_test (test_create_generated, "/builder/create_generated"); + p11_test (test_create_bad_attribute, "/builder/create_bad_attribute"); + p11_test (test_create_missing_attribute, "/builder/create_missing_attribute"); + p11_test (test_create_no_class, "/builder/create_no_class"); + p11_test (test_create_token_mismatch, "/builder/create_token_mismatch"); + p11_test (test_modify_success, "/builder/modify_success"); + p11_test (test_modify_read_only, "/builder/modify_read_only"); + p11_test (test_modify_unchanged, "/builder/modify_unchanged"); + p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable"); + + p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate"); + p11_test (test_changed_distrust_value, "/builder/changed_distrust_value"); + p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial"); + p11_test (test_changed_without_id, "/builder/changed_without_id"); + p11_test (test_changed_staple_ca, "/builder/changed_staple_ca"); + p11_test (test_changed_staple_ku, "/builder/changed_staple_ku"); + p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-bundle.c b/trust/test-bundle.c new file mode 100644 index 0000000..a12d8a1 --- /dev/null +++ b/trust/test-bundle.c @@ -0,0 +1,237 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include +#include +#include +#include + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + assert_not_reached (); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +test_file (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_pem_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3.pem"); + + free (destination); +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_pem_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3-twice.pem"); + + free (destination); +} + +static void +test_file_without (void) +{ + char *destination; + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_pem_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_data (test.directory, "extract.pem", "", 0); + + free (destination); +} + +static void +test_directory (void) +{ + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_pem_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL)); + test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/trust/fixtures/cacert3.pem"); + test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/trust/fixtures/cacert3.pem"); +} + +static void +test_directory_empty (void) +{ + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_pem_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, (NULL, NULL)); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_fixture (setup, teardown); + p11_test (test_file, "/pem/test_file"); + p11_test (test_file_multiple, "/pem/test_file_multiple"); + p11_test (test_file_without, "/pem/test_file_without"); + p11_test (test_directory, "/pem/test_directory"); + p11_test (test_directory_empty, "/pem/test_directory_empty"); + return p11_test_run (argc, argv); +} + +#include "enumerate.c" +#include "extract-pem.c" +#include "save.c" diff --git a/trust/test-cer.c b/trust/test-cer.c new file mode 100644 index 0000000..422b528 --- /dev/null +++ b/trust/test-cer.c @@ -0,0 +1,247 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include +#include +#include +#include + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + assert_fail ("rmdir() failed", test.directory); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +test_file (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + ret = p11_extract_x509_file (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der"); + + free (destination); +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + p11_message_quiet (); + + ret = p11_extract_x509_file (&test.ex, destination); + assert_num_eq (true, ret); + + assert (strstr (p11_message_last (), "multiple certificates") != NULL); + + p11_message_loud (); + + test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der"); + + free (destination); +} + +static void +test_file_without (void) +{ + char *destination; + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + p11_message_quiet (); + + ret = p11_extract_x509_file (&test.ex, destination); + assert_num_eq (false, ret); + + assert (strstr (p11_message_last (), "no certificate") != NULL); + + p11_message_loud (); + + free (destination); +} + +static void +test_directory (void) +{ + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_x509_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL)); + test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/trust/fixtures/cacert3.der"); + test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_directory_empty (void) +{ + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_x509_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, (NULL, NULL)); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_fixture (setup, teardown); + p11_test (test_file, "/x509/test_file"); + p11_test (test_file_multiple, "/x509/test_file_multiple"); + p11_test (test_file_without, "/x509/test_file_without"); + p11_test (test_directory, "/x509/test_directory"); + p11_test (test_directory_empty, "/x509/test_directory_empty"); + return p11_test_run (argc, argv); +} + +#include "enumerate.c" +#include "extract-cer.c" +#include "save.c" diff --git a/trust/test-digest.c b/trust/test-digest.c new file mode 100644 index 0000000..f2cb669 --- /dev/null +++ b/trust/test-digest.c @@ -0,0 +1,143 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include +#include + +#include "digest.h" + +const char *sha1_input[] = { + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + NULL +}; + +const char *sha1_checksum[] = { + "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", + "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", + NULL +}; + +static void +test_sha1 (void) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + size_t len; + int i; + + for (i = 0; sha1_input[i] != NULL; i++) { + memset (checksum, 0, sizeof (checksum)); + len = strlen (sha1_input[i]); + + p11_digest_sha1 (checksum, sha1_input[i], len, NULL); + assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); + + if (len > 6) { + p11_digest_sha1 (checksum, sha1_input[i], 6, sha1_input[i] + 6, len - 6, NULL); + assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); + } + } +} + +static void +test_sha1_long (void) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + char *expected = "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F"; + char *input; + + input = malloc (1000000); + assert (input != NULL); + memset (input, 'a', 1000000); + + p11_digest_sha1 (checksum, input, 1000000, NULL); + assert (memcmp (expected, checksum, P11_DIGEST_SHA1_LEN) == 0); + + free (input); +} + +const char *md5_input[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + NULL +}; + +const char *md5_checksum[] = { + "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e", + "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61", + "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", + "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0", + "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b", + NULL +}; + +static void +test_md5 (void) +{ + unsigned char checksum[P11_DIGEST_MD5_LEN]; + size_t len; + int i; + + for (i = 0; md5_input[i] != NULL; i++) { + memset (checksum, 0, sizeof (checksum)); + len = strlen (md5_input[i]); + + p11_digest_md5 (checksum, md5_input[i], len, NULL); + assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); + + if (len > 5) { + p11_digest_md5 (checksum, md5_input[i], 5, md5_input[i] + 5, len - 5, NULL); + assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); + } + } +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_sha1, "/digest/sha1"); + p11_test (test_sha1_long, "/digest/sha1-long"); + p11_test (test_md5, "/digest/md5"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c new file mode 100644 index 0000000..e11373f --- /dev/null +++ b/trust/test-enumerate.c @@ -0,0 +1,538 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include + + +static void +test_file_name_for_label (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; + p11_enumerate ex; + char *name; + + p11_enumerate_init (&ex); + + ex.attrs = p11_attrs_build (NULL, &label, NULL); + + name = p11_enumerate_filename (&ex); + assert_str_eq ("The_Label_", name); + free (name); + + p11_enumerate_cleanup (&ex); +} + +static void +test_file_name_for_class (void) +{ + p11_enumerate ex; + char *name; + + p11_enumerate_init (&ex); + + ex.klass = CKO_CERTIFICATE; + + name = p11_enumerate_filename (&ex); + assert_str_eq ("certificate", name); + free (name); + + ex.klass = CKO_DATA; + + name = p11_enumerate_filename (&ex); + assert_str_eq ("unknown", name); + free (name); + + p11_enumerate_cleanup (&ex); +} + +static void +test_comment_for_label (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; + p11_enumerate ex; + char *comment; + + p11_enumerate_init (&ex); + + ex.flags = P11_EXTRACT_COMMENT; + ex.attrs = p11_attrs_build (NULL, &label, NULL); + + comment = p11_enumerate_comment (&ex, true); + assert_str_eq ("# The Label!\n", comment); + free (comment); + + comment = p11_enumerate_comment (&ex, false); + assert_str_eq ("\n# The Label!\n", comment); + free (comment); + + p11_enumerate_cleanup (&ex); +} + +static void +test_comment_not_enabled (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; + p11_enumerate ex; + char *comment; + + p11_enumerate_init (&ex); + + ex.attrs = p11_attrs_build (NULL, &label, NULL); + + comment = p11_enumerate_comment (&ex, true); + assert_ptr_eq (NULL, comment); + + comment = p11_enumerate_comment (&ex, false); + assert_ptr_eq (NULL, comment); + + p11_enumerate_cleanup (&ex); +} + +struct { + CK_FUNCTION_LIST module; + CK_FUNCTION_LIST_PTR modules[2]; + p11_enumerate ex; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + + /* Prefill the modules */ + test.modules[0] = &test.module; + test.modules[1] = NULL; + test.ex.modules = test.modules; +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + /* Don't free the modules */ + test.ex.modules = NULL; + + p11_enumerate_cleanup (&test.ex); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_OBJECT_CLASS public_key_class = CKO_PUBLIC_KEY; +static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; +static CK_BBOOL truev = CK_TRUE; + +static CK_ATTRIBUTE cacert3_trusted[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 11 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_distrusted[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Another CaCert", 11 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_distrusted_by_key[] = { + { CKA_CLASS, &public_key_class, sizeof (public_key_class) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_server_client[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_ID, "ID1", 3 }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_VALUE, "\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 31 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_invalid[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_ID, "ID1", 3 }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x25\x04\x07\x69\x6e\x76\x61\x6c\x69\x64", 16 }, + { CKA_INVALID }, +}; + +static void +test_info_simple_certificate (void) +{ + void *value; + size_t length; + CK_RV rv; + + assert_ptr_not_null (test.ex.asn1_defs); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + assert_num_eq (CKO_CERTIFICATE, test.ex.klass); + assert_ptr_not_null (test.ex.attrs); + value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length); + assert_ptr_not_null (value); + assert (memcmp (value, test_cacert3_ca_der, length) == 0); + assert_ptr_not_null (test.ex.cert_der); + assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0); + assert_ptr_not_null (test.ex.cert_asn); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_info_limit_purposes (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + /* This should not match the above, with the stapled certificat ext */ + assert_ptr_eq (NULL, test.ex.limit_to_purposes); + p11_enumerate_opt_purpose (&test.ex, "1.1.1"); + assert_ptr_not_null (test.ex.limit_to_purposes); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_info_invalid_purposes (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_enumerate_ready (&test.ex, NULL); + + p11_kit_be_quiet (); + + /* No results due to invalid purpose on certificate */ + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); + + p11_kit_be_loud (); +} + +static void +test_info_skip_non_certificate (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + + p11_enumerate_ready (&test.ex, NULL); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + assert_num_eq (CKO_CERTIFICATE, test.ex.klass); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); + + p11_message_loud (); +} + +static void +test_limit_to_purpose_match (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR); + p11_enumerate_ready (&test.ex, NULL); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + p11_message_loud (); +} + +static void +test_limit_to_purpose_no_match (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + p11_enumerate_opt_purpose (&test.ex, "3.3.3.3"); + p11_enumerate_ready (&test.ex, NULL); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); + + p11_message_loud (); +} + +static void +test_duplicate_extract (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_duplicate_distrusted (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_ATTRIBUTE attrs[] = { + { CKA_X_DISTRUSTED, NULL, 0 }, + }; + + CK_BBOOL val; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + + test.ex.flags = P11_ENUMERATE_COLLAPSE; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + rv = p11_kit_iter_load_attributes (test.ex.iter, attrs, 1); + assert_num_eq (CKR_OK, rv); + assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val)); + assert_num_eq (val, CK_TRUE); + free (attrs[0].pValue); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_trusted_match (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + test.ex.flags = P11_ENUMERATE_ANCHORS; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_distrust_match (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_BBOOL boolv; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + test.ex.flags = P11_ENUMERATE_BLACKLIST; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv)) + boolv = CK_FALSE; + assert_num_eq (CK_TRUE, boolv); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_override_by_issuer_serial (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_BBOOL distrusted = CK_FALSE; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + assert (p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &distrusted)); + assert_num_eq (CK_TRUE, distrusted); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_override_by_public_key (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key); + + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + /* No results returned, because distrust is not a cert */ + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_test (test_file_name_for_label, "/extract/test_file_name_for_label"); + p11_test (test_file_name_for_class, "/extract/test_file_name_for_class"); + p11_test (test_comment_for_label, "/extract/test_comment_for_label"); + p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled"); + + p11_fixture (setup, teardown); + p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate"); + p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes"); + p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes"); + p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate"); + p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match"); + p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match"); + p11_test (test_duplicate_extract, "/extract/test_duplicate_extract"); + p11_test (test_duplicate_distrusted, "/extract/test-duplicate-distrusted"); + p11_test (test_trusted_match, "/extract/test_trusted_match"); + p11_test (test_distrust_match, "/extract/test_distrust_match"); + p11_test (test_override_by_issuer_serial, "/extract/override-by-issuer-and-serial"); + p11_test (test_override_by_public_key, "/extract/override-by-public-key"); + + return p11_test_run (argc, argv); +} + +#include "enumerate.c" diff --git a/trust/test-extract.in b/trust/test-extract.in new file mode 100644 index 0000000..59f6cd6 --- /dev/null +++ b/trust/test-extract.in @@ -0,0 +1,189 @@ +#!/bin/sh + +set -euf + +# ----------------------------------------------------------------------------- +# Basic fundamentals + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +datarootdir=@datarootdir@ +datadir=@datadir@ +sysconfdir=@sysconfdir@ +libdir=@libdir@ +privatedir=@privatedir@ +with_trust_paths=@with_trust_paths@ +script=$(basename $0) + +# ----------------------------------------------------------------------------- +# Testing + +warning() +{ + echo "$script: $@" >&2 +} + +assert_fail() +{ + warning $@ + exit 1 +} + +assert_contains() +{ + if ! grep -qF $2 $1; then + assert_fail "$1 does not contain $2" + fi +} + +assert_not_contains() +{ + if grep -qF $2 $1; then + assert_fail "$1 contains $2" + fi +} + +teardown() +{ + for x in $TD; do + if [ -d $x ]; then + rmdir $x + elif [ -f $x ]; then + rm $x + fi + done + TD="" +} + +teardown_dirty() +{ + echo "not ok $TEST_NUMBER $TEST_NAME" + teardown +} + +openssl_quiet() +( + command='/Generating a|-----|^[.+]+$|writing new private key/d' + exec 3>&1 + openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&- +) + +skip() +{ + TEST_SKIP=yes + echo "ok $TEST_NUMBER # skip $TEST_NAME: $@" +} + +setup() +{ + # Parse the trust paths + oldifs="$IFS" + IFS=: + set $with_trust_paths + IFS="$oldifs" + + if [ ! -d $1 ]; then + skip "$1 is not a directory" + return + fi + + SOURCE_1=$1 + if [ $# -lt 2 ]; then + warning "certain tests neutered if only 1 trust path: $with_trust_paths" + SOURCE_2=$1 + else + SOURCE_2=$2 + fi + + # Make a temporary directory + dir=$(mktemp -d) + cd $dir + CLEANUP="$dir $TD" + + # Generate a unique identifier + CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + + # Generate relevant certificates + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_1.pem -subj /CN=$CERT_1_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_2.pem -subj /CN=$CERT_2_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_3.pem -subj /CN=$CERT_3_CN + + TD="cert_1.pem cert_2.pem cert_3.pem $TD" + + mkdir -p $SOURCE_1/anchors + cp cert_1.pem $SOURCE_1/anchors/ + + mkdir -p $SOURCE_2/anchors + cp cert_2.pem $SOURCE_2/anchors/ + cp cert_3.pem $SOURCE_2/anchors/ + + TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD" +} + +run() +{ + TOTAL=0 + for TEST_NAME in $@; do + TOTAL=$(expr $TOTAL + 1) + done + + echo "1..$TOTAL" + + TEST_NUMBER=0 + for TEST_NAME in $@; do + TEST_NUMBER=$(expr $TEST_NUMBER + 1) + ( + trap teardown_dirty EXIT + trap "teardown_dirty; exit 127" INT TERM + TD="" + + TEST_SKIP=no + setup + + if [ $TEST_SKIP != "yes" ]; then + $TEST_NAME + fi + if [ $TEST_SKIP != "yes" ]; then + echo "ok $TEST_NUMBER $TEST_NAME" + fi + + trap - EXIT + teardown + ) + done +} + +# ----------------------------------------------------------------------------- +# Main tests + +test_extract() +{ + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + extract-test.pem + + assert_contains extract-test.pem $CERT_1_CN + assert_contains extract-test.pem $CERT_2_CN + assert_contains extract-test.pem $CERT_3_CN +} + +test_blacklist() +{ + mkdir -p $SOURCE_1/blacklist + cp cert_3.pem $SOURCE_1/blacklist + TD="$SOURCE_1/blacklist/cert_3.pem $TD" + + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + blacklist-test.pem + + assert_contains blacklist-test.pem $CERT_1_CN + assert_not_contains blacklist-test.pem $CERT_3_CN +} + +run test_extract test_blacklist diff --git a/trust/test-index.c b/trust/test-index.c new file mode 100644 index 0000000..fc861b2 --- /dev/null +++ b/trust/test-index.c @@ -0,0 +1,1144 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include +#include + +#include "attrs.h" +#include "debug.h" +#include "index.h" +#include "message.h" + +struct { + p11_index *index; +} test; + +static void +setup (void *unused) +{ + test.index = p11_index_new (NULL, NULL, NULL, NULL, NULL); + assert_ptr_not_null (test.index); +} + +static void +teardown (void *unused) +{ + p11_index_free (test.index); + memset (&test, 0, sizeof (test)); +} + +static void +test_take_lookup (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); + + check = p11_index_lookup (test.index, 1UL); + assert_ptr_eq (NULL, check); + + check = p11_index_lookup (test.index, 0UL); + assert_ptr_eq (NULL, check); +} + +static void +test_add_lookup (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + rv = p11_index_add (test.index, original, 2, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); +} + +static void +test_size (void) +{ + static CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_RV rv; + + rv = p11_index_add (test.index, original, 2, NULL); + assert (rv == CKR_OK); + + rv = p11_index_add (test.index, original, 2, NULL); + assert (rv == CKR_OK); + + rv = p11_index_add (test.index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (3, p11_index_size (test.index)); +} + +static int +compar_ulong (const void *one, + const void *two) +{ + const CK_ULONG *u1 = one; + const CK_ULONG *u2 = two; + + if (*u1 == *u2) + return 0; + if (*u1 < *u2) + return -1; + return 1; +} + +static void +test_snapshot (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + static const int NUM = 16; + CK_OBJECT_HANDLE expected[NUM]; + CK_OBJECT_HANDLE *snapshot; + int i; + + for (i = 0; i < NUM; i++) + p11_index_add (test.index, original, 2, expected + i); + + snapshot = p11_index_snapshot (test.index, NULL, NULL, 0); + assert_ptr_not_null (snapshot); + + for (i = 0; i < NUM; i++) + assert (snapshot[i] != 0); + assert (snapshot[NUM] == 0); + + qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong); + + for (i = 0; i < NUM; i++) + assert_num_eq (expected[i], snapshot[i]); + + free (snapshot); +} + +static void +test_snapshot_base (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + static const int NUM = 16; + CK_OBJECT_HANDLE expected[NUM]; + CK_OBJECT_HANDLE *snapshot; + CK_RV rv; + int i; + + for (i = 0; i < NUM; i++) { + rv = p11_index_add (test.index, original, 2, expected + i); + assert (rv == CKR_OK); + } + + snapshot = p11_index_snapshot (test.index, test.index, NULL, 0); + assert_ptr_not_null (snapshot); + + for (i = 0; i < NUM * 2; i++) + assert (snapshot[i] != 0); + assert (snapshot[NUM * 2] == 0); + + qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong); + + for (i = 0; i < NUM * 2; i++) + assert_num_eq (expected[i / 2], snapshot[i]); + + free (snapshot); +} + +static void +test_remove (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + assert_ptr_eq (attrs, check); + + rv = p11_index_remove (test.index, 1UL); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + rv = p11_index_remove (test.index, handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + assert_ptr_eq (NULL, check); +} + +static void +test_set (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; + + CK_ATTRIBUTE changed[] = { + { CKA_LABEL, "naay", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); + + rv = p11_index_set (test.index, handle, &change, 1); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (changed, check); + + rv = p11_index_set (test.index, 1UL, &change, 1); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_update (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; + + CK_ATTRIBUTE changed[] = { + { CKA_LABEL, "naay", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); + + attrs = p11_attrs_build (NULL, &change, NULL); + rv = p11_index_update (test.index, handle, attrs); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (changed, check); + + attrs = p11_attrs_build (NULL, &change, NULL); + rv = p11_index_update (test.index, 1L, attrs); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_find (void) +{ + CK_ATTRIBUTE first[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "two", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE third[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "three", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match3[] = { + { CKA_VALUE, "three", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_any[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_none[] = { + { CKA_VALUE, "blonononon", 10 }, + { CKA_LABEL, "yay", 3 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE check; + CK_OBJECT_HANDLE one; + CK_OBJECT_HANDLE two; + CK_OBJECT_HANDLE three; + + p11_index_add (test.index, first, 2, &one); + p11_index_add (test.index, second, 2, &two); + p11_index_add (test.index, third, 2, &three); + + check = p11_index_find (test.index, match3, -1); + assert_num_eq (three, check); + + check = p11_index_find (test.index, match3, 1); + assert_num_eq (three, check); + + check = p11_index_find (test.index, match_any, -1); + assert (check == one || check == two || check == three); + + check = p11_index_find (test.index, match_any, 1); + assert (check == one || check == two || check == three); + + check = p11_index_find (test.index, match_none, -1); + assert_num_eq (0, check); + + check = p11_index_find (test.index, match_none, 2); + assert_num_eq (0, check); +} + +static bool +handles_are (CK_OBJECT_HANDLE *handles, + ...) +{ + CK_OBJECT_HANDLE handle; + bool matched = true; + int count; + int num; + va_list va; + int i; + + if (!handles) + return false; + + /* Count number of handles */ + for (num = 0; handles[num]; num++); + + va_start (va, handles); + + for (count = 0; matched; count++) { + handle = va_arg (va, CK_OBJECT_HANDLE); + if (handle == 0) + break; + + for (i = 0; handles[i]; i++) { + if (handle == handles[i]) + break; + } + + if (handles[i] != handle) + matched = false; + } + + va_end (va); + + return matched && (count == num); +} + +static void +test_find_all (void) +{ + CK_ATTRIBUTE first[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "even", 4 }, + { CKA_VALUE, "two", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE third[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "three", 5 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_odd[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_3[] = { + { CKA_VALUE, "three", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_any[] = { + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_none[] = { + { CKA_VALUE, "blonononon", 10 }, + { CKA_LABEL, "yay", 3 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE *check; + CK_OBJECT_HANDLE one; + CK_OBJECT_HANDLE two; + CK_OBJECT_HANDLE three; + + p11_index_add (test.index, first, 3, &one); + p11_index_add (test.index, second, 3, &two); + p11_index_add (test.index, third, 3, &three); + + check = p11_index_find_all (test.index, match_3, -1); + assert (handles_are (check, three, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_none, -1); + assert (handles_are (check, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_odd, -1); + assert (handles_are (check, one, three, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_any, -1); + assert (handles_are (check, one, two, three, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_none, -1); + assert_ptr_not_null (check); + assert_num_eq (0, check[0]); + free (check); + + /* A double check of this method */ + one = 0UL; + check = &one; + assert (!handles_are (check, 29292929, 0UL)); + assert (!handles_are (NULL, 0UL)); +} + +static void +test_find_realloc (void) +{ + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE *check; + int i; + + for (i = 0; i < 1000; i++) + p11_index_add (test.index, attrs, 3, NULL); + + check = p11_index_find_all (test.index, match, -1); + assert_ptr_not_null (check); + + for (i = 0; i < 1000; i++) + assert (check[i] != 0); + assert_num_eq (0, check[1000]); + + free (check); +} + +static void +test_replace_all (void) +{ + CK_ATTRIBUTE first[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "even", 4 }, + { CKA_VALUE, "two", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE third[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "three", 5 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE fifth[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "five", 4 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE eins[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "replace", 7 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE sieben[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "seven", 5 }, + { CKA_APPLICATION, "replace", 7 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE neun[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "nine", 4 }, + { CKA_APPLICATION, "replace", 7 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE check; + CK_OBJECT_HANDLE one; + CK_OBJECT_HANDLE two; + CK_OBJECT_HANDLE three; + CK_OBJECT_HANDLE five; + p11_array *array; + CK_RV rv; + + p11_index_add (test.index, first, 3, &one); + assert (one != 0); + p11_index_add (test.index, second, 3, &two); + assert (two != 0); + p11_index_add (test.index, third, 3, &three); + assert (three != 0); + p11_index_add (test.index, fifth, 3, &five); + assert (five != 0); + + array = p11_array_new (p11_attrs_free); + p11_array_push (array, p11_attrs_buildn (NULL, eins, 3)); + p11_array_push (array, p11_attrs_buildn (NULL, sieben, 3)); + p11_array_push (array, p11_attrs_buildn (NULL, neun, 3)); + + rv = p11_index_replace_all (test.index, match, CKA_VALUE, array); + assert (rv == CKR_OK); + + assert_num_eq (0, array->num); + p11_array_free (array); + + /* eins should have replaced one */ + check = p11_index_find (test.index, eins, -1); + assert_num_eq (one, check); + + /* two should still be around */ + check = p11_index_find (test.index, second, -1); + assert_num_eq (two, check); + + /* three should have been removed */ + check = p11_index_find (test.index, third, -1); + assert_num_eq (0, check); + + /* five should have been removed */ + check = p11_index_find (test.index, fifth, -1); + assert_num_eq (0, check); + + /* sieben should have been added */ + check = p11_index_find (test.index, sieben, -1); + assert (check != one && check != two && check != three && check != five); + + /* neun should have been added */ + check = p11_index_find (test.index, neun, -1); + assert (check != one && check != two && check != three && check != five); + + assert_num_eq (4, p11_index_size (test.index)); +} + +static CK_RV +on_index_build_fail (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + CK_ATTRIBUTE *match = data; + + if (p11_attrs_match (merge, match)) + return CKR_FUNCTION_FAILED; + + return CKR_OK; +} + +static void +test_replace_all_build_fails (void) +{ + CK_ATTRIBUTE replace[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_INVALID } + }; + + p11_array *array; + p11_index *index; + CK_RV rv; + + index = p11_index_new (on_index_build_fail, NULL, NULL, NULL, &match); + assert_ptr_not_null (index); + + array = p11_array_new (p11_attrs_free); + if (!p11_array_push (array, p11_attrs_dup (replace))) + assert_not_reached (); + + rv = p11_index_replace_all (index, NULL, CKA_INVALID, array); + assert_num_eq (rv, CKR_FUNCTION_FAILED); + + p11_array_free (array); + p11_index_free (index); +} + + +static CK_RV +on_build_populate (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + CK_ATTRIBUTE more[] = { + { CKA_APPLICATION, "vigorous", 8 }, + { CKA_LABEL, "naay", 4 }, + }; + + assert_str_eq (data, "blah"); + assert_ptr_not_null (index); + assert_ptr_not_null (merge); + + *populate = p11_attrs_buildn (*populate, more, 2); + return CKR_OK; +} + +static void +test_build_populate (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_ATTRIBUTE after[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "vigorous", 8 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *check; + p11_index *index; + CK_RV rv; + + index = p11_index_new (on_build_populate, NULL, NULL, NULL, "blah"); + assert_ptr_not_null (index); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (index, handle); + assert_ptr_not_null (check); + + test_check_attrs (after, check); + + rv = p11_index_set (index, handle, original, 2); + assert (rv == CKR_OK); + + check = p11_index_lookup (index, handle); + assert_ptr_not_null (check); + + test_check_attrs (after, check); + + p11_index_free (index); +} + +static CK_RV +on_build_fail (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + CK_ATTRIBUTE check[] = { + { CKA_LABEL, "nay", 3 }, + { CKA_INVALID } + }; + + assert_str_eq (data, "testo"); + assert_ptr_not_null (merge); + + if (p11_attrs_match (merge, check)) + return CKR_DEVICE_ERROR; + + return CKR_OK; +} + + +static void +test_build_fail (void) +{ + CK_ATTRIBUTE okay[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE fails[] = { + { CKA_LABEL, "nay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (on_build_fail, NULL, NULL, NULL, "testo"); + assert_ptr_not_null (index); + + rv = p11_index_add (index, okay, 2, &handle); + assert (rv == CKR_OK); + + rv = p11_index_add (index, fails, 2, NULL); + assert (rv == CKR_DEVICE_ERROR); + + rv = p11_index_set (index, handle, fails, 2); + assert (rv == CKR_DEVICE_ERROR); + + rv = p11_index_set (index, handle, okay, 2); + assert (rv == CKR_OK); + + p11_index_free (index); +} + +static int on_change_called = 0; +static bool on_change_removing = false; +static bool on_change_batching = false; + +static void +on_change_check (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE check[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + assert_str_eq (data, "change-check"); + assert_ptr_not_null (index); + assert_ptr_not_null (attrs); + + if (!on_change_batching) { + if (on_change_removing) + assert_num_eq (0, handle); + else + assert (handle != 0); + } + + test_check_attrs (check, attrs); + on_change_called++; +} + +static void +test_change_called (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); + assert_ptr_not_null (index); + + on_change_removing = false; + on_change_called = 0; + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (1, on_change_called); + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (2, on_change_called); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + assert_num_eq (3, on_change_called); + + on_change_removing = true; + + rv = p11_index_remove (index, handle); + assert (rv == CKR_OK); + + assert_num_eq (4, on_change_called); + + p11_index_free (index); +} + +static void +test_change_batch (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); + assert_ptr_not_null (index); + + on_change_batching = true; + on_change_called = 0; + + p11_index_load (index); + + assert (p11_index_loading (index)); + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + /* Nested batch is a noop */ + p11_index_load (index); + + rv = p11_index_remove (index, handle); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + /* + * Batch finishes when first finish call is called, + * even when batches are nested + */ + p11_index_finish (index); + + assert (!p11_index_loading (index)); + + /* + * Only three calls, because later operations on the + * same handle override the earlier one. + */ + assert_num_eq (3, on_change_called); + + /* This is a noop */ + p11_index_finish (index); + + assert (!p11_index_loading (index)); + + p11_index_free (index); +} + +static void +on_change_nested (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + CK_RV rv; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + assert_str_eq (data, "change-nested"); + on_change_called++; + + /* A nested call */ + rv = p11_index_add (index, second, 2, NULL); + assert (rv == CKR_OK); +} + +static void +test_change_nested (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, NULL, on_change_nested, "change-nested"); + assert_ptr_not_null (index); + + on_change_called = 0; + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + assert_num_eq (1, on_change_called); + + + on_change_called = 0; + p11_index_load (index); + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + p11_index_finish (index); + assert_num_eq (1, on_change_called); + + p11_index_free (index); +} + +static CK_RV +on_remove_callback (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs) +{ + int *removed = data; + assert_ptr_not_null (removed); + assert_num_eq (*removed, 0); + *removed = 1; + return CKR_OK; +} + +static void +test_remove_callback (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + int removed = 0; + CK_RV rv; + + index = p11_index_new (NULL, NULL, on_remove_callback, NULL, &removed); + assert_ptr_not_null (index); + + rv = p11_index_add (index, original, 2, &handle); + assert_num_eq (rv, CKR_OK); + + assert_ptr_not_null (p11_index_lookup (index, handle)); + + rv = p11_index_remove (index, handle); + assert_num_eq (rv, CKR_OK); + + assert_num_eq (removed, 1); + assert_ptr_eq (p11_index_lookup (index, handle), NULL); + + p11_index_free (index); +} + +static CK_RV +on_remove_fail (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs) +{ + assert_str_eq (data, "remove-fail"); + return CKR_DEVICE_REMOVED; +} + +static void +test_remove_fail (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, on_remove_fail, NULL, "remove-fail"); + assert_ptr_not_null (index); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + assert_ptr_not_null (p11_index_lookup (index, handle)); + + rv = p11_index_remove (index, handle); + assert_num_eq (rv, CKR_DEVICE_REMOVED); + + assert_ptr_not_null (p11_index_lookup (index, handle)); + + p11_index_free (index); +} + +int +main (int argc, + char *argv[]) +{ + p11_message_quiet (); + + p11_fixture (setup, teardown); + p11_test (test_add_lookup, "/index/add_lookup"); + p11_test (test_take_lookup, "/index/take_lookup"); + p11_test (test_size, "/index/size"); + p11_test (test_remove, "/index/remove"); + p11_test (test_snapshot, "/index/snapshot"); + p11_test (test_snapshot_base, "/index/snapshot_base"); + p11_test (test_set, "/index/set"); + p11_test (test_update, "/index/update"); + p11_test (test_find, "/index/find"); + p11_test (test_find_all, "/index/find_all"); + p11_test (test_find_realloc, "/index/find_realloc"); + p11_test (test_replace_all, "/index/replace_all"); + + p11_fixture (NULL, NULL); + p11_test (test_build_populate, "/index/build_populate"); + p11_test (test_build_fail, "/index/build_fail"); + p11_test (test_change_called, "/index/change_called"); + p11_test (test_change_batch, "/index/change_batch"); + p11_test (test_change_nested, "/index/change_nested"); + p11_test (test_replace_all_build_fails, "/index/replace-all-build-fails"); + p11_test (test_remove_callback, "/index/remove-callback"); + p11_test (test_remove_fail, "/index/remove-fail"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-module.c b/trust/test-module.c new file mode 100644 index 0000000..3eedc1b --- /dev/null +++ b/trust/test-module.c @@ -0,0 +1,1217 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define CRYPTOKI_EXPORTS + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include "attrs.h" +#include "digest.h" +#include "library.h" +#include "path.h" +#include "parser.h" +#include "pkcs11x.h" +#include "token.h" + +#include + +/* + * This is the number of input paths. Should match the + * paths below near : + * + * paths='%s' + */ +#define NUM_SLOTS 3 + +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL vtrue = CK_TRUE; +static CK_BBOOL vfalse = CK_FALSE; + +struct { + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[NUM_SLOTS]; + char *directory; + p11_asn1_cache *cache; + p11_parser *parser; +} test; + +static void +setup (void *unused) +{ + CK_C_INITIALIZE_ARGS args; + const char *paths; + char *arguments; + CK_ULONG count; + CK_RV rv; + + memset (&test, 0, sizeof (test)); + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&test.module); + assert (rv == CKR_OK); + + memset (&args, 0, sizeof (args)); + paths = SRCDIR "/trust/input" P11_PATH_SEP \ + SRCDIR "/trust/fixtures/self-signed-with-ku.der" P11_PATH_SEP \ + SRCDIR "/trust/fixtures/thawte.pem"; + if (asprintf (&arguments, "paths='%s'", paths) < 0) + assert (false && "not reached"); + args.pReserved = arguments; + args.flags = CKF_OS_LOCKING_OK; + + rv = test.module->C_Initialize (&args); + assert (rv == CKR_OK); + + free (arguments); + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (test.parser) + p11_parser_free (test.parser); + p11_asn1_cache_free (test.cache); + + rv = test.module->C_Finalize (NULL); + assert (rv == CKR_OK); + + free (test.directory); + + memset (&test, 0, sizeof (test)); +} + +static void +setup_writable (void *unused) +{ + CK_C_INITIALIZE_ARGS args; + char *arguments; + CK_ULONG count; + CK_RV rv; + + memset (&test, 0, sizeof (test)); + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&test.module); + assert (rv == CKR_OK); + + test.directory = p11_test_directory ("test-module"); + + memset (&args, 0, sizeof (args)); + if (asprintf (&arguments, "paths='%s'", test.directory) < 0) + assert (false && "not reached"); + args.pReserved = arguments; + args.flags = CKF_OS_LOCKING_OK; + + rv = test.module->C_Initialize (&args); + assert (rv == CKR_OK); + + free (arguments); + + count = 1; + rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); + assert_num_eq (rv, CKR_OK); + assert_num_eq (count, 1); + + test.cache = p11_asn1_cache_new (); + test.parser = p11_parser_new (test.cache); + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); +} + +static void +test_get_slot_list (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_ULONG count; + CK_RV rv; + int i; + + rv = test.module->C_GetSlotList (TRUE, NULL, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + count = 1; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_BUFFER_TOO_SMALL, rv); + assert_num_eq (NUM_SLOTS, count); + + count = NUM_SLOTS; + memset (slots, 0, sizeof (slots)); + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + for (i = 0; i < NUM_SLOTS; i++) + assert (slots[i] != 0); +} + +static void +test_null_initialize (void) +{ + CK_FUNCTION_LIST *module; + CK_RV rv; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Initialize (NULL); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static void +test_multi_initialize (void) +{ + static CK_C_INITIALIZE_ARGS args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + CK_FUNCTION_LIST *module; + CK_SESSION_HANDLE session; + CK_SLOT_ID slots[8]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Initialize (&args); + assert_num_eq (rv, CKR_OK); + + count = 8; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert_num_eq (rv, CKR_OK); + assert_num_cmp (count, >, 0); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); + + rv = module->C_Initialize (&args); + assert_num_eq (rv, CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv); +} + +static void +test_get_slot_info (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_SLOT_INFO info; + char description[64]; + CK_ULONG count; + size_t length; + CK_RV rv; + int i; + + /* These are the paths passed in in setup() */ + const char *paths[] = { + SRCDIR "/trust/input", + SRCDIR "/trust/fixtures/self-signed-with-ku.der", + SRCDIR "/trust/fixtures/thawte.pem" + }; + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_GetSlotInfo (slots[i], &info); + assert_num_eq (CKR_OK, rv); + + memset (description, ' ', sizeof (description)); + length = strlen(paths[i]); + if (length > sizeof (description)) + length = sizeof (description); + memcpy (description, paths[i], length); + assert (memcmp (info.slotDescription, description, sizeof (description)) == 0); + } +} + +static void +test_get_token_info (void) +{ + CK_C_INITIALIZE_ARGS args; + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[NUM_SLOTS]; + CK_TOKEN_INFO info; + char label[32]; + CK_ULONG count; + CK_RV rv; + int i; + + /* These are the paths passed in in setup() */ + const char *labels[] = { + "System Trust", + "Default Trust", + "the-basename", + }; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert (rv == CKR_OK); + + memset (&args, 0, sizeof (args)); + args.pReserved = "paths='" \ + SYSCONFDIR "/trust/input" P11_PATH_SEP \ + DATADIR "/trust/fixtures/blah" P11_PATH_SEP \ + "/some/other/path/the-basename'"; + args.flags = CKF_OS_LOCKING_OK; + + rv = module->C_Initialize (&args); + assert (rv == CKR_OK); + + count = NUM_SLOTS; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); + + for (i = 0; i < NUM_SLOTS; i++) { + rv = module->C_GetTokenInfo (slots[i], &info); + assert_num_eq (CKR_OK, rv); + + memset (label, ' ', sizeof (label)); + memcpy (label, labels[i], strlen (labels[i])); + assert (memcmp (info.label, label, sizeof (label)) == 0); + } + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static void +test_get_session_info (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_SESSION_HANDLE sessions[NUM_SLOTS]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + int i; + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + /* Open two sessions with each token */ + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetSessionInfo (sessions[i], &info); + assert_num_eq (CKR_OK, rv); + + assert_num_eq (slots[i], info.slotID); + assert_num_eq (CKF_SERIAL_SESSION, info.flags); + } +} + +static void +test_close_all_sessions (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_SESSION_HANDLE sessions[NUM_SLOTS][2]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + int i; + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + /* Open two sessions with each token */ + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + } + + /* Close all the sessions on the first token */ + rv = test.module->C_CloseAllSessions (slots[0]); + assert_num_eq (CKR_OK, rv); + + /* Those sessions should be closed */ + rv = test.module->C_GetSessionInfo (sessions[0][0], &info); + assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); + rv = test.module->C_GetSessionInfo (sessions[0][1], &info); + assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); + + /* Other sessions should still be open */ + for (i = 1; i < NUM_SLOTS; i++) { + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + } +} + +static CK_ULONG +find_objects (CK_ATTRIBUTE *match, + CK_OBJECT_HANDLE *sessions, + CK_OBJECT_HANDLE *objects, + CK_ULONG max_objects) +{ + CK_SESSION_HANDLE session; + CK_RV rv; + CK_ULONG found; + CK_ULONG count; + int i, j; + + found = 0; + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match)); + assert (rv == CKR_OK); + rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count); + assert (rv == CKR_OK); + rv = test.module->C_FindObjectsFinal (session); + assert (rv == CKR_OK); + + for (j = found ; j < found + count; j++) + sessions[j] = session; + found += count; + } + + assert (found < max_objects); + return found; +} + +static void +check_trust_object_equiv (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE trust, + CK_ATTRIBUTE *cert) +{ + unsigned char subject[1024]; + unsigned char issuer[1024]; + unsigned char serial[128]; + CK_BBOOL private; + CK_BBOOL token; + CK_RV rv; + + /* The following attributes should be equivalent to the certificate */ + CK_ATTRIBUTE equiv[] = { + { CKA_TOKEN, &token, sizeof (token) }, + { CKA_PRIVATE, &private, sizeof (private) }, + { CKA_ISSUER, issuer, sizeof (issuer) }, + { CKA_SUBJECT, subject, sizeof (subject) }, + { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, + { CKA_INVALID, }, + }; + + rv = test.module->C_GetAttributeValue (session, trust, equiv, 5); + assert_num_eq (CKR_OK, rv); + + test_check_attrs (equiv, cert); +} + +static void +check_trust_object_hashes (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE trust, + CK_ATTRIBUTE *cert) +{ + unsigned char sha1[P11_DIGEST_SHA1_LEN]; + unsigned char md5[P11_DIGEST_MD5_LEN]; + unsigned char check[128]; + CK_ATTRIBUTE *value; + CK_RV rv; + + CK_ATTRIBUTE hashes[] = { + { CKA_CERT_SHA1_HASH, sha1, sizeof (sha1) }, + { CKA_CERT_MD5_HASH, md5, sizeof (md5) }, + { CKA_INVALID, }, + }; + + rv = test.module->C_GetAttributeValue (session, trust, hashes, 2); + assert (rv == CKR_OK); + + value = p11_attrs_find_valid (cert, CKA_VALUE); + assert_ptr_not_null (value); + + p11_digest_md5 (check, value->pValue, value->ulValueLen, NULL); + assert (memcmp (md5, check, sizeof (md5)) == 0); + + p11_digest_sha1 (check, value->pValue, value->ulValueLen, NULL); + assert (memcmp (sha1, check, sizeof (sha1)) == 0); +} + +static void +check_has_trust_object (CK_ATTRIBUTE *cert) +{ + CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; + CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) }; + CK_OBJECT_HANDLE objects[2]; + CK_SESSION_HANDLE sessions[2]; + CK_ATTRIBUTE *match; + CK_ATTRIBUTE *attr; + CK_ULONG count; + + attr = p11_attrs_find_valid (cert, CKA_ID); + assert_ptr_not_null (attr); + + match = p11_attrs_build (NULL, &klass, attr, NULL); + count = find_objects (match, sessions, objects, 2); + assert_num_eq (1, count); + + check_trust_object_equiv (sessions[0], objects[0], cert); + check_trust_object_hashes (sessions[0], objects[0], cert); + + p11_attrs_free (match); +} + +static void +check_certificate (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE handle) +{ + unsigned char label[4096]= { 0, }; + CK_OBJECT_CLASS klass; + unsigned char value[4096]; + unsigned char subject[1024]; + unsigned char issuer[1024]; + unsigned char serial[128]; + unsigned char id[128]; + CK_CERTIFICATE_TYPE type; + CK_BYTE check[3]; + CK_DATE start; + CK_DATE end; + CK_ULONG category; + CK_BBOOL private; + CK_BBOOL token; + CK_RV rv; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_TOKEN, &token, sizeof (token) }, + { CKA_PRIVATE, &private, sizeof (private) }, + { CKA_VALUE, value, sizeof (value) }, + { CKA_ISSUER, issuer, sizeof (issuer) }, + { CKA_SUBJECT, subject, sizeof (subject) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_START_DATE, &start, sizeof (start) }, + { CKA_END_DATE, &end, sizeof (end) }, + { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, + { CKA_CHECK_VALUE, check, sizeof (check) }, + { CKA_ID, id, sizeof (id) }, + { CKA_LABEL, label, sizeof (label) }, + { CKA_INVALID, }, + }; + + /* Note that we don't pass the CKA_INVALID attribute in */ + rv = test.module->C_GetAttributeValue (session, handle, attrs, 14); + assert_num_eq (rv, CKR_OK); + + /* If this is the cacert3 certificate, check its values */ + if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) { + CK_BBOOL trusted; + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE anchor[] = { + { CKA_TRUSTED, &trusted, sizeof (trusted) }, + { CKA_INVALID, }, + }; + + CK_ATTRIBUTE check[] = { + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID, }, + }; + + test_check_cacert3_ca (attrs, NULL); + + /* Get anchor specific attributes */ + rv = test.module->C_GetAttributeValue (session, handle, anchor, 1); + assert (rv == CKR_OK); + + /* It lives in the trusted directory */ + test_check_attrs (check, anchor); + + /* Other certificates, we can't check the values */ + } else { + test_check_object (attrs, CKO_CERTIFICATE, NULL); + } + + check_has_trust_object (attrs); +} + +static void +test_find_certificates (void) +{ + CK_OBJECT_CLASS klass = CKO_CERTIFICATE; + + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE objects[16]; + CK_SESSION_HANDLE sessions[16]; + CK_ULONG count; + CK_ULONG i; + + count = find_objects (match, sessions, objects, 16); + assert_num_eq (8, count); + + for (i = 0; i < count; i++) + check_certificate (sessions[i], objects[i]); +} + +static void +test_find_builtin (void) +{ + CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST; + + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, + { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE objects[16]; + CK_SESSION_HANDLE sessions[16]; + CK_ULONG count; + + /* One per token */ + count = find_objects (match, sessions, objects, 16); + assert_num_eq (NUM_SLOTS, count); +} + +static void +test_session_object (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_ULONG size; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert (rv == CKR_OK); + + rv = test.module->C_GetObjectSize (session, handle, &size); + assert (rv == CKR_OK); +} + +static void +test_session_find (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_FindObjectsInit (session, original, 2); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); + + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_session_find_no_attr (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_COLOR, "blah", 4 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, original, 3, &handle); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_FindObjectsInit (session, match, 1); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_lookup_invalid (void) +{ + CK_SESSION_HANDLE session; + CK_ULONG size; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_GetObjectSize (session, 88888, &size); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_remove_token (void) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjectsInit (session, NULL, 0); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjects (session, &handle, 1, &count); + assert_num_eq (rv, CKR_OK); + assert_num_eq (1, count); + + rv = test.module->C_DestroyObject (session, handle); + if (rv != CKR_TOKEN_WRITE_PROTECTED) + assert_num_eq (rv, CKR_SESSION_READ_ONLY); +} + +static void +test_setattr_token (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjectsInit (session, NULL, 0); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjects (session, &handle, 1, &count); + assert_num_eq (rv, CKR_OK); + assert_num_eq (1, count); + + rv = test.module->C_SetAttributeValue (session, handle, original, 2); + if (rv != CKR_TOKEN_WRITE_PROTECTED) + assert_num_eq (rv, CKR_ATTRIBUTE_READ_ONLY); +} + +static void +test_session_copy (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE copy; + CK_ULONG size; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CopyObject (session, handle, original, 2, ©); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetObjectSize (session, copy, &size); + assert_num_eq (CKR_OK, rv); +} + +static void +test_session_setattr (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert (rv == CKR_OK); + + rv = test.module->C_SetAttributeValue (session, handle, original, 2); + assert (rv == CKR_OK); +} + +static void +test_session_remove (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert (rv == CKR_OK); + + rv = test.module->C_DestroyObject (session, handle); + assert (rv == CKR_OK); + + rv = test.module->C_DestroyObject (session, handle); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_find_serial_der_decoded (void) +{ + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + + CK_ATTRIBUTE object[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_decoded[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_SERIAL_NUMBER, "\x01\x02\x03", 3 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + /* + * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are + * not DER encoded. It shouldn't be doing this. We never return any certificate + * serial numbers that are not DER encoded. + * + * So work around the issue here while the NSS guys fix this issue. + * This code should be removed in future versions. + * + * See work_around_broken_nss_serial_number_lookups(). + */ + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, object, 2, &handle); + assert_num_eq (CKR_OK, rv); + + /* Do a standard find for the same object */ + rv = test.module->C_FindObjectsInit (session, object, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); + + /* Do a find for the serial number decoded */ + rv = test.module->C_FindObjectsInit (session, match_decoded, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_find_serial_der_mismatch (void) +{ + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + + CK_ATTRIBUTE object[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, object, 2, &handle); + assert_num_eq (CKR_OK, rv); + + /* Do a find with a null serial number, no match */ + rv = test.module->C_FindObjectsInit (session, match, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); + + /* Do a find with a wrong length, no match */ + match[0].pValue = "at"; + match[0].ulValueLen = 2; + rv = test.module->C_FindObjectsInit (session, match, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); + + /* Do a find with a right length, wrong value, no match */ + match[0].pValue = "one"; + match[0].ulValueLen = 3; + rv = test.module->C_FindObjectsInit (session, match, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_login_logout (void) +{ + CK_SESSION_HANDLE session; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + /* Just testing our stubs for now */ + + rv = test.module->C_Login (session, CKU_USER, NULL, 0); + assert (rv == CKR_USER_TYPE_INVALID); + + rv = test.module->C_Logout (session); + assert (rv == CKR_USER_NOT_LOGGED_IN); +} + +static void +test_token_writable (void) +{ + CK_TOKEN_INFO info; + CK_RV rv; + + rv = test.module->C_GetTokenInfo (test.slots[0], &info); + + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.flags & CKF_WRITE_PROTECTED, 0); +} + +static void +test_session_read_only_create (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, + NULL, NULL, &session); + assert (rv == CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 4, &handle); + assert_num_eq (rv, CKR_SESSION_READ_ONLY); +} + +static void +test_create_and_write (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "yay.p11-kit", NULL); + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_modify_and_write (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_VALUE, "eight", 5 }, + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_MODIFIABLE, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "nine", 4 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 5, &handle); + assert_num_eq (rv, CKR_OK); + + /* Now modify the object */ + original[0].pValue = "nine"; + original[0].ulValueLen = 4; + + rv = test.module->C_SetAttributeValue (session, handle, original, 5); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "yay.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + + p11_fixture (setup, teardown); + p11_test (test_get_slot_list, "/module/get_slot_list"); + p11_test (test_get_slot_info, "/module/get_slot_info"); + + p11_fixture (NULL, NULL); + p11_test (test_null_initialize, "/module/initialize-null"); + p11_test (test_multi_initialize, "/module/initialize-multi"); + p11_test (test_get_token_info, "/module/get_token_info"); + + p11_fixture (setup, teardown); + p11_test (test_get_session_info, "/module/get_session_info"); + p11_test (test_close_all_sessions, "/module/close_all_sessions"); + p11_test (test_find_certificates, "/module/find_certificates"); + p11_test (test_find_builtin, "/module/find_builtin"); + p11_test (test_lookup_invalid, "/module/lookup_invalid"); + p11_test (test_remove_token, "/module/remove_token"); + p11_test (test_setattr_token, "/module/setattr_token"); + p11_test (test_session_object, "/module/session_object"); + p11_test (test_session_find, "/module/session_find"); + p11_test (test_session_find_no_attr, "/module/session_find_no_attr"); + p11_test (test_session_copy, "/module/session_copy"); + p11_test (test_session_remove, "/module/session_remove"); + p11_test (test_session_setattr, "/module/session_setattr"); + p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded"); + p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch"); + p11_test (test_login_logout, "/module/login_logout"); + + p11_fixture (setup_writable, teardown); + p11_test (test_token_writable, "/module/token-writable"); + p11_test (test_session_read_only_create, "/module/session-read-only-create"); + p11_test (test_create_and_write, "/module/create-and-write"); + p11_test (test_modify_and_write, "/module/modify-and-write"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-oid.c b/trust/test-oid.c new file mode 100644 index 0000000..0635d0a --- /dev/null +++ b/trust/test-oid.c @@ -0,0 +1,127 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "debug.h" +#include "oid.h" + +#include + +#include "pkix.asn.h" + +static void +test_known_oids (void) +{ + char buffer[128]; + node_asn *definitions = NULL; + node_asn *node; + int ret; + int len; + int i; + + struct { + const unsigned char *oid; + size_t length; + const char *string; + } known_oids[] = { + { P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), P11_OID_SUBJECT_KEY_IDENTIFIER_STR, }, + { P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), P11_OID_KEY_USAGE_STR, }, + { P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), P11_OID_BASIC_CONSTRAINTS_STR }, + { P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), P11_OID_EXTENDED_KEY_USAGE_STR }, + { P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), P11_OID_OPENSSL_REJECT_STR }, + { P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), P11_OID_SERVER_AUTH_STR }, + { P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), P11_OID_CLIENT_AUTH_STR }, + { P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), P11_OID_CODE_SIGNING_STR }, + { P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), P11_OID_EMAIL_PROTECTION_STR }, + { P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), P11_OID_IPSEC_END_SYSTEM_STR }, + { P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), P11_OID_IPSEC_TUNNEL_STR }, + { P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), P11_OID_IPSEC_USER_STR }, + { P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), P11_OID_TIME_STAMPING_STR }, + { P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), P11_OID_RESERVED_PURPOSE_STR }, + { NULL }, + }; + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL); + assert (ret == ASN1_SUCCESS); + + for (i = 0; known_oids[i].oid != NULL; i++) { + + assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length)); + assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid)); + assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid)); + + if (i > 0) + assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid)); + + /* AttributeType is a OBJECT IDENTIFIER */ + ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node); + assert (ret == ASN1_SUCCESS); + + ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL); + assert (ret == ASN1_SUCCESS); + + len = sizeof (buffer); + ret = asn1_read_value (node, "", buffer, &len); + assert (ret == ASN1_SUCCESS); + + assert_str_eq (known_oids[i].string, buffer); + + asn1_delete_structure (&node); + } + + asn1_delete_structure (&definitions); +} + +static void +test_hash (void) +{ + assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, 0); + assert_num_cmp (p11_oid_hash (P11_OID_CN), ==, p11_oid_hash (P11_OID_CN)); + assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, p11_oid_hash (P11_OID_BASIC_CONSTRAINTS)); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_known_oids, "/oids/known"); + p11_test (test_hash, "/oids/hash"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-openssl.c b/trust/test-openssl.c new file mode 100644 index 0000000..9f7c4d6 --- /dev/null +++ b/trust/test-openssl.c @@ -0,0 +1,662 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "buffer.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include +#include +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + assert_not_reached (); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + p11_kit_iter_free (test.ex.iter); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; +static CK_BBOOL vtrue = CK_TRUE; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE verisign_v1_attrs[] = { + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_server[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_reject_email[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +setup_objects (const CK_ATTRIBUTE *attrs, + ...) GNUC_NULL_TERMINATED; + +static void +setup_objects (const CK_ATTRIBUTE *attrs, + ...) +{ + static CK_ULONG id_value = 8888; + + CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) }; + CK_ATTRIBUTE *copy; + va_list va; + + va_start (va, attrs); + while (attrs != NULL) { + copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL); + assert (copy != NULL); + mock_module_take_object (MOCK_SLOT_ONE_ID, copy); + attrs = va_arg (va, const CK_ATTRIBUTE *); + } + va_end (va); + + id_value++; +} + +static void +test_file (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); + + free (destination); +} + +static void +test_plain (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-alias.pem"); + + free (destination); +} + +static void +test_keyid (void) +{ + char *destination; + bool ret; + + static CK_ATTRIBUTE cacert3_plain[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE extension_subject_key_identifier[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x0e\x04\x07\x00\x01\x02\x03\x04\x05\x06", 16 }, + { CKA_INVALID }, + }; + + setup_objects (cacert3_plain, extension_subject_key_identifier, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-keyid.pem"); + + free (destination); +} + +static void +test_not_authority (void) +{ + char *destination; + bool ret; + + static CK_ATTRIBUTE cacert3_not_trusted[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_INVALID }, + }; + + setup_objects (cacert3_not_trusted, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-not-trusted.pem"); + + free (destination); +} + +static void +test_distrust_all (void) +{ + char *destination; + bool ret; + + static CK_ATTRIBUTE cacert3_blacklist[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_X_DISTRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + setup_objects (cacert3_blacklist, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-distrust-all.pem"); + + free (destination); +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + setup_objects (verisign_v1_attrs, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/multiple.pem"); + free (destination); +} + +static void +test_file_without (void) +{ + char *destination; + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_data (test.directory, "extract.pem", "", 0); + + free (destination); +} + +/* From extract-openssl.c */ +void p11_openssl_canon_string (char *str, size_t *len); + +static void +test_canon_string (void) +{ + struct { + char *input; + int input_len; + char *output; + int output_len; + } fixtures[] = { + { "A test", -1, "a test", -1 }, + { " Strip spaces ", -1, "strip spaces", -1 }, + { " Collapse \n\t spaces", -1, "collapse spaces", -1 }, + { "Ignore non-ASCII \303\204", -1, "ignore non-ascii \303\204", -1 }, + { "no-space", -1, "no-space", -1 }, + }; + + char *str; + size_t len; + size_t out; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + if (fixtures[i].input_len < 0) + len = strlen (fixtures[i].input); + else + len = fixtures[i].input_len; + str = strndup (fixtures[i].input, len); + + p11_openssl_canon_string (str, &len); + + if (fixtures[i].output_len < 0) + out = strlen (fixtures[i].output); + else + out = fixtures[i].output_len; + assert_num_eq (out, len); + assert_str_eq (fixtures[i].output, str); + + free (str); + } +} + +bool p11_openssl_canon_string_der (p11_buffer *der); + +static void +test_canon_string_der (void) +{ + struct { + unsigned char input[100]; + int input_len; + unsigned char output[100]; + int output_len; + } fixtures[] = { + /* UTF8String */ + { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, + { 0x0c, 0x0e, 0xc3, 0x84, ' ', 'u', 't', 'f', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', }, 16, + }, + + /* NumericString */ + { { 0x12, 0x04, '0', '1', '2', '3', }, 6, + { 0x0c, 0x04, '0', '1', '2', '3' }, 6, + }, + + /* IA5String */ + { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, + { 0x0c, 0x02, 'a', 'b', }, 4, + }, + + /* TeletexString */ + { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, + }, + + /* PrintableString */ + { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, + }, + + /* No change, not a known string type */ + { { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9 + }, + + /* UniversalString */ + { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, + { 0x0c, 0x08, 'f', 'u', 'n', ' ', 0xf0, 0x90, 0x8c, 0x99 }, 10, + }, + + /* BMPString */ + { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, + { 0x0c, 0x06, 'v', 0xc3, 0xb6, 'g', 'e', 'l' }, 8, + }, + }; + + p11_buffer buf; + bool ret; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), + fixtures[i].input_len, 0, realloc, free); + + ret = p11_openssl_canon_string_der (&buf); + assert_num_eq (true, ret); + + assert_num_eq (fixtures[i].output_len, buf.len); + assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); + + p11_buffer_uninit (&buf); + } +} + +bool p11_openssl_canon_name_der (p11_dict *asn1_defs, + p11_buffer *der); + +static void +test_canon_name_der (void) +{ + struct { + unsigned char input[100]; + int input_len; + unsigned char output[100]; + int output_len; + } fixtures[] = { + { { '0', 'T', '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, + 0x13, 0x0b, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'I', 'n', + 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, + 0x0b, 0x13, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', + 'w', 'w', '.', 'C', 'A', 'c', 'e', 'r', 't', '.', 'o', 'r', + 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x13, + 0x13, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'C', 'l', 'a', 's', + 's', 0x20, '3', 0x20, 'R', 'o', 'o', 't', }, 86, + { '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, + 0x0c, 0x0b, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'i', 'n', + 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, + 0x0b, 0x0c, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', + 'w', 'w', '.', 'c', 'a', 'c', 'e', 'r', 't', '.', 'o', 'r', + 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x0c, + 0x13, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'c', 'l', 'a', 's', + 's', 0x20, '3', 0x20, 'r', 'o', 'o', 't', }, 84, + }, + { { '0', 0x00, }, 2, + { }, 0, + }, + }; + + p11_buffer buf; + p11_dict *asn1_defs; + bool ret; + int i; + + asn1_defs = p11_asn1_defs_load (); + + for (i = 0; i < ELEMS (fixtures); i++) { + p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), + fixtures[i].input_len, 0, realloc, free); + + ret = p11_openssl_canon_name_der (asn1_defs, &buf); + assert_num_eq (true, ret); + + assert_num_eq (fixtures[i].output_len, buf.len); + assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); + + p11_buffer_uninit (&buf); + } + + p11_dict_free (asn1_defs); +} + +static void +test_canon_string_der_fail (void) +{ + struct { + unsigned char input[100]; + int input_len; + } fixtures[] = { + { { 0x0c, 0x02, 0xc3, 0xc4 /* Invalid UTF-8 */ }, 4 }, + { { 0x1e, 0x01, 0x00 /* Invalid UCS2 */ }, 3 }, + { { 0x1c, 0x02, 0x00, 0x01 /* Invalid UCS4 */ }, 4 }, + }; + + p11_buffer buf; + bool ret; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), + fixtures[i].input_len, 0, realloc, free); + + ret = p11_openssl_canon_string_der (&buf); + assert_num_eq (false, ret); + + p11_buffer_uninit (&buf); + } +} + +static void +test_directory (void) +{ + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + /* Accesses the above objects */ + setup_objects (cacert3_authority_attrs, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_openssl_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem", +#ifdef OS_UNIX + "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0", +#endif + NULL)); + test_check_file (test.directory, "Custom_Label.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); + test_check_file (test.directory, "Custom_Label.1.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); +#ifdef OS_UNIX + test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem"); + test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem"); + test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem"); + test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem"); +#endif +} + +static void +test_directory_empty (void) +{ + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_openssl_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, (NULL, NULL)); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_fixture (setup, teardown); + p11_test (test_file, "/openssl/test_file"); + p11_test (test_plain, "/openssl/test_plain"); + p11_test (test_keyid, "/openssl/test_keyid"); + p11_test (test_not_authority, "/openssl/test_not_authority"); + p11_test (test_distrust_all, "/openssl/test_distrust_all"); + p11_test (test_file_multiple, "/openssl/test_file_multiple"); + p11_test (test_file_without, "/openssl/test_file_without"); + + p11_fixture (NULL, NULL); + p11_test (test_canon_string, "/openssl/test_canon_string"); + p11_test (test_canon_string_der, "/openssl/test_canon_string_der"); + p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail"); + p11_test (test_canon_name_der, "/openssl/test_canon_name_der"); + + p11_fixture (setup, teardown); + p11_test (test_directory, "/openssl/test_directory"); + p11_test (test_directory_empty, "/openssl/test_directory_empty"); + + return p11_test_run (argc, argv); +} + +#include "enumerate.c" +#include "extract-openssl.c" +#include "save.c" diff --git a/trust/test-parser.c b/trust/test-parser.c new file mode 100644 index 0000000..bdb67df --- /dev/null +++ b/trust/test-parser.c @@ -0,0 +1,569 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include "array.h" +#include "attrs.h" +#include "builder.h" +#include "debug.h" +#include "message.h" +#include "oid.h" +#include "parser.h" +#include "pkcs11x.h" + +struct { + p11_parser *parser; + p11_array *parsed; + p11_asn1_cache *cache; +} test; + +static void +setup (void *unused) +{ + test.cache = p11_asn1_cache_new (); + test.parser = p11_parser_new (test.cache); + assert_ptr_not_null (test.parser); + + test.parsed = p11_parser_parsed (test.parser); + assert_ptr_not_null (test.parsed); +} + +static void +teardown (void *unused) +{ + p11_parser_free (test.parser); + p11_asn1_cache_free (test.cache); + memset (&test, 0, sizeof (test)); +} + +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; +static CK_BBOOL falsev = CK_FALSE; +static CK_BBOOL truev = CK_TRUE; +static CK_CERTIFICATE_TYPE x509 = CKC_X_509; + +static CK_ATTRIBUTE certificate_match[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_INVALID, }, +}; + +static CK_ATTRIBUTE * +parsed_attrs (CK_ATTRIBUTE *match, + int length) +{ + int i; + + if (length < 0) + length = p11_attrs_count (match); + for (i = 0; i < test.parsed->num; i++) { + if (p11_attrs_matchn (test.parsed->elem[i], match, length)) + return test.parsed->elem[i]; + } + + return NULL; +} + +static void +test_parse_der_certificate (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_pem_certificate (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.pem", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_p11_kit_persist (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/input/verisign-v1.p11-kit", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_openssl_trusted (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE eku_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE reject_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *expected[] = { + cacert3, + eku_extension, + reject_extension, + NULL + }; + + CK_ATTRIBUTE *cert; + CK_ATTRIBUTE *object; + int ret; + int i; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3-trusted.pem", NULL, + P11_PARSE_FLAG_ANCHOR); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* + * Should have gotten: + * - 1 certificate + * - 2 stapled extensions + */ + assert_num_eq (3, test.parsed->num); + + /* The certificate */ + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected[0], cert); + + /* The other objects */ + for (i = 1; expected[i]; i++) { + object = parsed_attrs (expected[i], 2); + assert_ptr_not_null (object); + + test_check_attrs (expected[i], object); + test_check_id (cert, object); + } +} + +static void +test_parse_openssl_distrusted (void) +{ + static const char distrust_public_key[] = { + 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, 0xc7, 0x0d, + 0x61, 0xa2, 0x2f, 0xc0, 0x5a, 0xad, 0x45, 0x83, 0x22, 0x33, 0x42, 0xea, 0xec, 0x42, 0x5e, 0xa6, + 0x0d, 0x42, 0x4c, 0x1c, 0x9a, 0x12, 0x0b, 0x5f, 0xe7, 0x25, 0xf9, 0x8b, 0x83, 0x0c, 0x0a, 0xc5, + 0x2f, 0x5a, 0x58, 0x56, 0xb8, 0xad, 0x87, 0x6d, 0xbc, 0x80, 0x5d, 0xdd, 0x49, 0x45, 0x39, 0x5f, + 0xb9, 0x08, 0x3a, 0x63, 0xe4, 0x92, 0x33, 0x61, 0x79, 0x19, 0x1b, 0x9d, 0xab, 0x3a, 0xd5, 0x7f, + 0xa7, 0x8b, 0x7f, 0x8a, 0x5a, 0xf6, 0xd7, 0xde, 0xaf, 0xa1, 0xe5, 0x53, 0x31, 0x29, 0x7d, 0x9c, + 0x03, 0x55, 0x3e, 0x47, 0x78, 0xcb, 0xb9, 0x7a, 0x98, 0x8c, 0x5f, 0x8d, 0xda, 0x09, 0x0f, 0xc8, + 0xfb, 0xf1, 0x7a, 0x80, 0xee, 0x12, 0x77, 0x0a, 0x00, 0x8b, 0x70, 0xfa, 0x62, 0xbf, 0xaf, 0xee, + 0x0b, 0x58, 0x16, 0xf9, 0x9c, 0x5c, 0xde, 0x93, 0xb8, 0x4f, 0xdf, 0x4d, 0x7b, 0x02, 0x03, 0x01, + 0x00, 0x01, + }; + + CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate), }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE eku_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, + { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE reject_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *expected[] = { + distrust_cert, + eku_extension, + reject_extension, + NULL + }; + + CK_ATTRIBUTE *cert; + CK_ATTRIBUTE *object; + int ret; + int i; + + /* + * OpenSSL style is to litter the blacklist in with the anchors, + * so we parse this as an anchor, but expect it to be blacklisted + */ + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/distrusted.pem", NULL, + P11_PARSE_FLAG_ANCHOR); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* + * Should have gotten: + * - 1 certificate + * - 2 stapled extensions + */ + assert_num_eq (3, test.parsed->num); + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected[0], cert); + + /* The other objects */ + for (i = 1; expected[i]; i++) { + object = parsed_attrs (expected[i], 2); + assert_ptr_not_null (object); + + test_check_attrs (expected[i], object); + test_check_id (cert, object); + } +} + +static void +test_openssl_trusted_no_trust (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + char expected_value[] = { + 0x30, 0x82, 0x04, 0x99, 0x30, 0x82, 0x03, 0x81, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5d, + 0x20, 0x61, 0x8e, 0x8c, 0x0e, 0xb9, 0x34, 0x40, 0x93, 0xb9, 0xb1, 0xd8, 0x63, 0x95, 0xb6, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64, + 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, + 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, + 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x30, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, + 0x17, 0x0d, 0x31, 0x35, 0x31, 0x31, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, + 0x7f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, + 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, + 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x55, + 0x53, 0x45, 0x52, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20, + 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xd9, 0x4d, 0x20, 0x3a, 0xe6, 0x29, 0x30, 0x86, 0xf2, 0xe9, 0x86, 0x89, 0x76, 0x34, 0x4e, + 0x68, 0x1f, 0x96, 0x44, 0xf7, 0xd1, 0xf9, 0xd6, 0x82, 0x4e, 0xa6, 0x38, 0x9e, 0xee, 0xcb, 0x5b, + 0xe1, 0x8e, 0x2e, 0xbd, 0xf2, 0x57, 0x80, 0xfd, 0xc9, 0x3f, 0xfc, 0x90, 0x73, 0x44, 0xbc, 0x8f, + 0xbb, 0x57, 0x5b, 0xe5, 0x2d, 0x1f, 0x14, 0x30, 0x75, 0x36, 0xf5, 0x7f, 0xbc, 0xcf, 0x56, 0xf4, + 0x7f, 0x81, 0xff, 0xae, 0x91, 0xcd, 0xd8, 0xd2, 0x6a, 0xcb, 0x97, 0xf9, 0xf7, 0xcd, 0x90, 0x6a, + 0x45, 0x2d, 0xc4, 0xbb, 0xa4, 0x85, 0x13, 0x68, 0x57, 0x5f, 0xef, 0x29, 0xba, 0x2a, 0xca, 0xea, + 0xf5, 0xcc, 0xa4, 0x04, 0x9b, 0x63, 0xcd, 0x00, 0xeb, 0xfd, 0xed, 0x8d, 0xdd, 0x23, 0xc6, 0x7b, + 0x1e, 0x57, 0x1d, 0x36, 0x7f, 0x1f, 0x08, 0x9a, 0x0d, 0x61, 0xdb, 0x5a, 0x6c, 0x71, 0x02, 0x53, + 0x28, 0xc2, 0xfa, 0x8d, 0xfd, 0xab, 0xbb, 0xb3, 0xf1, 0x8d, 0x74, 0x4b, 0xdf, 0xbd, 0xbd, 0xcc, + 0x06, 0x93, 0x63, 0x09, 0x95, 0xc2, 0x10, 0x7a, 0x9d, 0x25, 0x90, 0x32, 0x9d, 0x01, 0xc2, 0x39, + 0x53, 0xb0, 0xe0, 0x15, 0x6b, 0xc7, 0xd7, 0x74, 0xe5, 0xa4, 0x22, 0x9b, 0xe4, 0x94, 0xff, 0x84, + 0x91, 0xfb, 0x2d, 0xb3, 0x19, 0x43, 0x2d, 0x93, 0x0f, 0x9c, 0x12, 0x09, 0xe4, 0x67, 0xb9, 0x27, + 0x7a, 0x32, 0xad, 0x7a, 0x2a, 0xcc, 0x41, 0x58, 0xc0, 0x6e, 0x59, 0x5f, 0xee, 0x38, 0x2b, 0x17, + 0x22, 0x9c, 0x89, 0xfa, 0x6e, 0xe7, 0xe5, 0x57, 0x35, 0xf4, 0x5a, 0xed, 0x92, 0x95, 0x93, 0x2d, + 0xf9, 0xcc, 0x24, 0x3f, 0xa5, 0x1c, 0x3d, 0x27, 0xbd, 0x22, 0x03, 0x73, 0xcc, 0xf5, 0xca, 0xf3, + 0xa9, 0xf4, 0xdc, 0xfe, 0xcf, 0xe9, 0xd0, 0x5c, 0xd0, 0x0f, 0xab, 0x87, 0xfc, 0x83, 0xfd, 0xc8, + 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x1f, + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34, + 0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xaf, 0xa4, 0x40, 0xaf, 0x9f, 0x16, + 0xfe, 0xab, 0x31, 0xfd, 0xfb, 0xd5, 0x97, 0x8b, 0xf5, 0x91, 0xa3, 0x24, 0x86, 0x16, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, + 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, + 0x02, 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x01, 0x03, 0x04, 0x30, 0x44, 0x06, 0x03, + 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, 0x35, 0x86, 0x33, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, + 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x2e, 0x63, + 0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, + 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, + 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x84, 0xae, 0x2d, + 0x68, 0x38, 0x11, 0x6c, 0x83, 0x51, 0x62, 0xc0, 0x91, 0xc2, 0x98, 0xbc, 0xc6, 0x3b, 0xfa, 0xa5, + 0xc5, 0xbd, 0x3b, 0x09, 0xe6, 0x6e, 0x60, 0x6f, 0x30, 0x03, 0x86, 0x22, 0x1a, 0xb2, 0x8b, 0xf3, + 0xc6, 0xce, 0x1e, 0xbb, 0x1b, 0x79, 0xe0, 0x16, 0x14, 0x4d, 0xd2, 0x9a, 0x05, 0x4b, 0xff, 0x8f, + 0xec, 0xf0, 0x28, 0x29, 0xea, 0x2a, 0x04, 0x1d, 0x3d, 0xaf, 0x11, 0x12, 0xd5, 0x49, 0x98, 0x50, + 0x42, 0x9f, 0x61, 0x66, 0x3a, 0xb6, 0x40, 0x99, 0x04, 0x0c, 0x6b, 0x10, 0x32, 0xe9, 0xf7, 0xcf, + 0x86, 0x58, 0x4f, 0x2d, 0xcd, 0xd3, 0xac, 0x7e, 0xe8, 0x5b, 0x6a, 0x83, 0x7c, 0x0d, 0xa0, 0x9c, + 0x5c, 0x50, 0x36, 0x75, 0x0d, 0x6d, 0x7e, 0x42, 0xb7, 0xdf, 0xa6, 0xdc, 0x90, 0x5c, 0x6f, 0x23, + 0x4e, 0x97, 0x1d, 0xf3, 0x22, 0x75, 0xbf, 0x03, 0x35, 0xe6, 0x5d, 0x7f, 0xc7, 0xf9, 0x9b, 0x2c, + 0x87, 0xf6, 0x8e, 0xd6, 0x25, 0x96, 0x59, 0x9d, 0xcf, 0xea, 0x10, 0x1e, 0xef, 0x6e, 0xea, 0x5a, + 0x9b, 0x77, 0x18, 0x34, 0xcc, 0x81, 0x77, 0xaf, 0x9a, 0x87, 0xc2, 0x0a, 0xe5, 0xe5, 0x9e, 0x13, + 0x95, 0x53, 0xbd, 0xbd, 0x49, 0x1a, 0xa5, 0x76, 0x12, 0xf6, 0xdc, 0xf2, 0x91, 0xb7, 0xe9, 0x1a, + 0xe1, 0xbc, 0x4d, 0x3d, 0x95, 0x71, 0x7d, 0xf8, 0x8d, 0x7c, 0x3e, 0x03, 0x4f, 0x53, 0xed, 0xfe, + 0x52, 0xfd, 0xca, 0x5f, 0x93, 0xe1, 0x1a, 0x01, 0x1b, 0x02, 0xb7, 0x73, 0x4e, 0xba, 0x66, 0xe9, + 0x78, 0x8b, 0x50, 0xfe, 0x11, 0xcb, 0xd1, 0x67, 0xd0, 0x22, 0x4f, 0x77, 0xea, 0xcd, 0x14, 0x15, + 0x40, 0xae, 0x66, 0x5d, 0xe8, 0x2e, 0x7f, 0x1e, 0x88, 0x6f, 0x55, 0x79, 0xd6, 0xb9, 0x7e, 0xe3, + 0xb5, 0xfd, 0x91, 0xa0, 0xc0, 0xf2, 0x26, 0x87, 0x4b, 0x2f, 0x9d, 0xf5, 0xa0, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_VALUE, expected_value, sizeof (expected_value) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/openssl-trust-no-trust.pem", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_anchor (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *cert; + int ret; + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, + P11_PARSE_FLAG_ANCHOR); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* + * Should have gotten: + * - 1 certificate + */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (cacert3, cert); +} + +static void +test_parse_thawte (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/thawte.pem", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +/* TODO: A certificate that uses generalTime needs testing */ + +static void +test_parse_invalid_file (void) +{ + int ret; + + p11_message_quiet (); + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, "/nonexistant", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_FAILURE, ret); + + p11_message_loud (); +} + +static void +test_parse_unrecognized (void) +{ + int ret; + + p11_message_quiet (); + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/unrecognized-file.txt", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_UNRECOGNIZED, ret); + + p11_message_loud (); +} + +static void +test_parse_no_asn1_cache (void) +{ + p11_parser *parser; + int ret; + + parser = p11_parser_new (NULL); + assert_ptr_not_null (parser); + + p11_parser_formats (parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, p11_parser_parsed (parser)->num); + + p11_parser_free (parser); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_parse_der_certificate, "/parser/parse_der_certificate"); + p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate"); + p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist"); + p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted"); + p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted"); + p11_test (test_openssl_trusted_no_trust, "/parser/openssl-trusted-no-trust"); + p11_test (test_parse_anchor, "/parser/parse_anchor"); + p11_test (test_parse_thawte, "/parser/parse_thawte"); + p11_test (test_parse_invalid_file, "/parser/parse_invalid_file"); + p11_test (test_parse_unrecognized, "/parser/parse_unrecognized"); + + p11_fixture (NULL, NULL); + p11_test (test_parse_no_asn1_cache, "/parser/null-asn1-cache"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-pem.c b/trust/test-pem.c new file mode 100644 index 0000000..0c7d60a --- /dev/null +++ b/trust/test-pem.c @@ -0,0 +1,341 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "compat.h" +#include "pem.h" + +struct { + const char *input; + struct { + const char *type; + const char *data; + unsigned int length; + } output[8]; +} success_fixtures[] = { + { + /* one block */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + { + { + "BLOCK1", + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, + }, + { + NULL, + } + } + }, + + { + /* one block, with header */ + "-----BEGIN BLOCK1-----\n" + "Header1: value1 \n" + " Header2: value2\n" + "\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + { + { + "BLOCK1", + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, + }, + { + NULL, + } + } + }, + + { + /* two blocks, junk data */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "blah blah\n" + "-----BEGIN TWO-----\n" + "oy5L157C671HyJMCf9FiK9prvPZfSch6V4EoUfylFoI1Bq6SbL53kg==\n" + "-----END TWO-----\n" + "trailing data", + { + { + "BLOCK1", + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, + }, + { + "TWO", + "\xa3\x2e\x4b\xd7\x9e\xc2\xeb\xbd\x47\xc8\x93\x02\x7f\xd1\x62\x2b" + "\xda\x6b\xbc\xf6\x5f\x49\xc8\x7a\x57\x81\x28\x51\xfc\xa5\x16\x82" + "\x35\x06\xae\x92\x6c\xbe\x77\x92", + 40 + }, + { + NULL, + } + } + }, + + { + NULL, + } +}; + +typedef struct { + int input_index; + int output_index; + int parsed; +} Closure; + +static void +on_parse_pem_success (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + Closure *cl = user_data; + + assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length); + assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents, + success_fixtures[cl->input_index].output[cl->output_index].length) == 0); + + cl->output_index++; + cl->parsed++; +} + +static void +test_pem_success (void) +{ + Closure cl; + int ret; + int i; + int j; + + for (i = 0; success_fixtures[i].input != NULL; i++) { + cl.input_index = i; + cl.output_index = 0; + cl.parsed = 0; + + ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input), + on_parse_pem_success, &cl); + + assert (success_fixtures[i].output[cl.output_index].type == NULL); + + /* Count number of outputs, return from p11_pem_parse() should match */ + for (j = 0; success_fixtures[i].output[j].type != NULL; j++); + assert_num_eq (j, ret); + assert_num_eq (ret, cl.parsed); + } +} + +const char *failure_fixtures[] = { + /* too short at end of opening line */ + "-----BEGIN BLOCK1---\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + + /* truncated */ + "-----BEGIN BLOCK1---", + + /* no ending */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n", + + /* wrong ending */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK2-----", + + /* wrong ending */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END INVALID-----", + + /* too short at end of ending line */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1---", + + /* invalid base64 data */ + "-----BEGIN BLOCK1-----\n" + "!!!!NNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + + NULL, +}; + +static void +on_parse_pem_failure (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + assert (false && "not reached"); +} + +static void +test_pem_failure (void) +{ + int ret; + int i; + + for (i = 0; failure_fixtures[i] != NULL; i++) { + ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]), + on_parse_pem_failure, NULL); + assert_num_eq (0, ret); + } +} + +typedef struct { + const char *input; + size_t length; + const char *type; + const char *output; +} WriteFixture; + +static WriteFixture write_fixtures[] = { + { + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, "BLOCK1", + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n", + }, + { + "\x50\x31\x31\x2d\x4b\x49\x54\x0a\x0a\x50\x72\x6f\x76\x69\x64\x65" + "\x73\x20\x61\x20\x77\x61\x79\x20\x74\x6f\x20\x6c\x6f\x61\x64\x20" + "\x61\x6e\x64\x20\x65\x6e\x75\x6d\x65\x72\x61\x74\x65\x20\x50\x4b" + "\x43\x53\x23\x31\x31\x20\x6d\x6f\x64\x75\x6c\x65\x73\x2e\x20\x50" + "\x72\x6f\x76\x69\x64\x65\x73\x20\x61\x20\x73\x74\x61\x6e\x64\x61" + "\x72\x64\x0a\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e" + "\x20\x73\x65\x74\x75\x70\x20\x66\x6f\x72\x20\x69\x6e\x73\x74\x61" + "\x6c\x6c\x69\x6e\x67\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x6d\x6f" + "\x64\x75\x6c\x65\x73\x20\x69\x6e\x20\x73\x75\x63\x68\x20\x61\x20" + "\x77\x61\x79\x20\x74\x68\x61\x74\x20\x74\x68\x65\x79\x27\x72\x65" + "\x0a\x64\x69\x73\x63\x6f\x76\x65\x72\x61\x62\x6c\x65\x2e\x0a\x0a" + "\x41\x6c\x73\x6f\x20\x73\x6f\x6c\x76\x65\x73\x20\x70\x72\x6f\x62" + "\x6c\x65\x6d\x73\x20\x77\x69\x74\x68\x20\x63\x6f\x6f\x72\x64\x69" + "\x6e\x61\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f" + "\x66\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x62\x79\x20\x64\x69\x66" + "\x66\x65\x72\x65\x6e\x74\x0a\x63\x6f\x6d\x70\x6f\x6e\x65\x6e\x74" + "\x73\x20\x6f\x72\x20\x6c\x69\x62\x72\x61\x72\x69\x65\x73\x20\x6c" + "\x69\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x73\x61\x6d" + "\x65\x20\x70\x72\x6f\x63\x65\x73\x73\x2e\x0a", + 299, "LONG TYPE WITH SPACES", + "-----BEGIN LONG TYPE WITH SPACES-----\n" + "UDExLUtJVAoKUHJvdmlkZXMgYSB3YXkgdG8gbG9hZCBhbmQgZW51bWVyYXRlIFBL\n" + "Q1MjMTEgbW9kdWxlcy4gUHJvdmlkZXMgYSBzdGFuZGFyZApjb25maWd1cmF0aW9u\n" + "IHNldHVwIGZvciBpbnN0YWxsaW5nIFBLQ1MjMTEgbW9kdWxlcyBpbiBzdWNoIGEg\n" + "d2F5IHRoYXQgdGhleSdyZQpkaXNjb3ZlcmFibGUuCgpBbHNvIHNvbHZlcyBwcm9i\n" + "bGVtcyB3aXRoIGNvb3JkaW5hdGluZyB0aGUgdXNlIG9mIFBLQ1MjMTEgYnkgZGlm\n" + "ZmVyZW50CmNvbXBvbmVudHMgb3IgbGlicmFyaWVzIGxpdmluZyBpbiB0aGUgc2Ft\n" + "ZSBwcm9jZXNzLgo=\n" + "-----END LONG TYPE WITH SPACES-----\n" + }, + { + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf", + 28, "BLOCK1", + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrw==\n" + "-----END BLOCK1-----\n", + }, + { + NULL, + } +}; + +static void +on_parse_written (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + WriteFixture *fixture = user_data; + + assert_str_eq (fixture->type, type); + assert_num_eq (fixture->length, length); + assert (memcmp (contents, fixture->input, length) == 0); +} + +static void +test_pem_write (void) +{ + WriteFixture *fixture; + p11_buffer buf; + unsigned int count; + int i; + + for (i = 0; write_fixtures[i].input != NULL; i++) { + fixture = write_fixtures + i; + + if (!p11_buffer_init_null (&buf, 0)) + assert_not_reached (); + + if (!p11_pem_write ((unsigned char *)fixture->input, + fixture->length, + fixture->type, &buf)) + assert_not_reached (); + assert_str_eq (fixture->output, buf.data); + assert_num_eq (strlen (fixture->output), buf.len); + + count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture); + assert_num_eq (1, count); + + p11_buffer_uninit (&buf); + } +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_pem_success, "/pem/success"); + p11_test (test_pem_failure, "/pem/failure"); + p11_test (test_pem_write, "/pem/write"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-persist.c b/trust/test-persist.c new file mode 100644 index 0000000..107f131 --- /dev/null +++ b/trust/test-persist.c @@ -0,0 +1,607 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include +#include + +#include "array.h" +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "message.h" +#include "persist.h" +#include "pkcs11.h" +#include "pkcs11x.h" + +static void +test_magic (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n"; + + const char *other = " " + "\n\n[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n"; + + assert (p11_persist_magic ((unsigned char *)input, strlen (input))); + assert (!p11_persist_magic ((unsigned char *)input, 5)); + assert (p11_persist_magic ((unsigned char *)other, strlen (other))); + assert (!p11_persist_magic ((unsigned char *)"blah", 4)); +} + +static p11_array * +args_to_array (void *arg, + ...) GNUC_NULL_TERMINATED; + +static p11_array * +args_to_array (void *arg, + ...) +{ + p11_array *array = p11_array_new (NULL); + + va_list (va); + va_start (va, arg); + + while (arg != NULL) { + p11_array_push (array, arg); + arg = va_arg (va, void *); + } + + va_end (va); + + return array; +} + +static void +check_read_msg (const char *file, + int line, + const char *function, + const char *input, + p11_array *expected) +{ + p11_array *objects; + p11_persist *persist; + int i; + + persist = p11_persist_new (); + objects = p11_array_new (p11_attrs_free); + + if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) { + if (expected == NULL) + p11_test_fail (file, line, function, "decoding should have failed"); + for (i = 0; i < expected->num; i++) { + if (i >= objects->num) + p11_test_fail (file, line, function, "too few objects read"); + test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]); + } + if (i != objects->num) + p11_test_fail (file, line, function, "too many objects read"); + } else { + if (expected != NULL) + p11_test_fail (file, line, function, "decoding failed"); + } + + p11_array_free (objects); + p11_persist_free (persist); + p11_array_free (expected); +} + +static void +check_write_msg (const char *file, + int line, + const char *function, + const char *expected, + p11_array *input) +{ + p11_persist *persist; + p11_buffer buf; + int i; + + persist = p11_persist_new (); + p11_buffer_init_null (&buf, 0); + + for (i = 0; i < input->num; i++) { + if (!p11_persist_write (persist, input->elem[i], &buf)) + p11_test_fail (file, line, function, "persist write failed"); + } + + if (strcmp (buf.data, expected) != 0) { + p11_test_fail (file, line, function, "persist doesn't match: (\n%s----\n%s\n)", \ + expected, (char *)buf.data); + } + + p11_buffer_uninit (&buf); + p11_array_free (input); + p11_persist_free (persist); +} + +#define check_read_success(input, objs) \ + check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs) + +#define check_read_failure(input) \ + check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL) + +#define check_write_success(expected, inputs) \ + check_write_msg (__FILE__, __LINE__, __FUNCTION__, expected, args_to_array inputs) + +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509 = CKC_X_509; +static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL truev = CK_TRUE; +static CK_BBOOL falsev = CK_FALSE; + +static void +test_simple (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "blah", 4 }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_number (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "value-len: 29202390\n" + "application: \"test-persist\"\n\n"; + + CK_ULONG value = 29202390; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE_LEN, &value, sizeof (value) }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_bool (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "private: true\n" + "modifiable: false\n" + "application: \"test-persist\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_PRIVATE, &truev, sizeof (truev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_oid (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2.3.4\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_constant (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "certificate-type: x-509-attr-cert\n" + "key-type: rsa\n" + "x-assertion-type: x-pinned-certificate\n" + "certificate-category: authority\n" + "mechanism-type: rsa-pkcs-key-pair-gen\n" + "trust-server-auth: nss-trust-unknown\n\n"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + CK_CERTIFICATE_TYPE type = CKC_X_509_ATTR_CERT; + CK_X_ASSERTION_TYPE ass = CKT_X_PINNED_CERTIFICATE; + CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_KEY_PAIR_GEN; + CK_ULONG category = 2; + CK_KEY_TYPE key = CKK_RSA; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, + { CKA_KEY_TYPE, &key, sizeof (key) }, + { CKA_X_ASSERTION_TYPE, &ass, sizeof (ass) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_MECHANISM_TYPE, &mech, sizeof (mech) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_unknown (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "38383838: \"the-value-here\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { 38383838, "the-value-here", 14 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_multiple (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2.3.4\n\n" + "[p11-kit-object-v1]\n" + "class: nss-trust\n" + "trust-server-auth: nss-trust-unknown\n\n"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + + CK_ATTRIBUTE attrs1[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE attrs2[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs1, attrs2, NULL)); + check_write_success (output, (attrs1, attrs2, NULL)); +} + +static void +test_pem_block (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "id: \"292c92\"\n" + "trusted: true\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATE-----\n" + "\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_ID, "292c92", 6, }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_pem_middle (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "id: \"292c92\"\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATE-----\n" + "\n" + "trusted: true"; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + check_read_success (input, (expected, NULL)); +} + +static void +test_pem_invalid (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "-----BEGIN CERT-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATEXXX-----\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_pem_unsupported (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_pem_first (void) +{ + const char *input = "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "[p11-kit-object-v1]\n" + "class: certificate\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_skip_unknown (void) +{ + const char *input = "[version-2]\n" + "class: data\n" + "object-id: 1.2.3.4\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "[p11-kit-object-v1]\n" + "class: nss-trust\n" + "trust-server-auth: nss-trust-unknown"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + + CK_ATTRIBUTE expected2[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + check_read_success (input, (expected2, NULL)); + + p11_message_loud (); +} + +static void +test_bad_value (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"%38%\"\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_bad_oid (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_bad_field (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "invalid-field: true"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_attribute_first (void) +{ + const char *input = "class: data\n" + "[p11-kit-object-v1]\n" + "invalid-field: true"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_not_boolean (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "private: \"x\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_PRIVATE, "x", 1 }, + { CKA_INVALID }, + }; + + check_write_success (output, (attrs, NULL)); +} + +static void +test_not_ulong (void) +{ + char buffer[sizeof (CK_ULONG) + 1]; + char *output; + + CK_ATTRIBUTE attrs[] = { + { CKA_BITS_PER_PIXEL, "xx", 2 }, + { CKA_VALUE, buffer, sizeof (CK_ULONG) }, + { CKA_INVALID }, + }; + + memset (buffer, 'x', sizeof (buffer)); + buffer[sizeof (CK_ULONG)] = 0; + + if (asprintf (&output, "[p11-kit-object-v1]\n" + "bits-per-pixel: \"xx\"\n" + "value: \"%s\"\n\n", buffer) < 0) + assert_not_reached (); + + check_write_success (output, (attrs, NULL)); + free (output); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_magic, "/persist/magic"); + p11_test (test_simple, "/persist/simple"); + p11_test (test_number, "/persist/number"); + p11_test (test_bool, "/persist/bool"); + p11_test (test_oid, "/persist/oid"); + p11_test (test_constant, "/persist/constant"); + p11_test (test_unknown, "/persist/unknown"); + p11_test (test_multiple, "/persist/multiple"); + p11_test (test_pem_block, "/persist/pem_block"); + p11_test (test_pem_middle, "/persist/pem-middle"); + p11_test (test_pem_invalid, "/persist/pem_invalid"); + p11_test (test_pem_unsupported, "/persist/pem_unsupported"); + p11_test (test_pem_first, "/persist/pem_first"); + p11_test (test_bad_value, "/persist/bad_value"); + p11_test (test_bad_oid, "/persist/bad_oid"); + p11_test (test_bad_field, "/persist/bad_field"); + p11_test (test_skip_unknown, "/persist/skip_unknown"); + p11_test (test_attribute_first, "/persist/attribute_first"); + p11_test (test_not_boolean, "/persist/not-boolean"); + p11_test (test_not_ulong, "/persist/not-ulong"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-save.c b/trust/test-save.c new file mode 100644 index 0000000..1de798d --- /dev/null +++ b/trust/test-save.c @@ -0,0 +1,595 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "message.h" +#include "path.h" +#include "save.h" +#include "test.h" + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +struct { + char *directory; +} test; + +static void +setup (void *unused) +{ + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + if (rmdir (test.directory) < 0) + assert_fail ("rmdir() failed", strerror (errno)); + free (test.directory); +} + +static void +write_zero_file (const char *directory, + const char *name) +{ + char *filename; + int res; + int fd; + + if (asprintf (&filename, "%s/%s", directory, name) < 0) + assert_not_reached (); + + fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); + assert (fd != -1); + res = close (fd); + assert (res >= 0); + + free (filename); +} + +static void +test_file_write (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_file_exists (void) +{ + p11_save_file *file; + char *filename; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + write_zero_file (test.directory, "extract-file"); + + p11_message_quiet (); + + file = p11_save_open_file (filename, NULL, 0); + assert (file != NULL); + + if (p11_save_finish_file (file, NULL, true)) + assert_not_reached (); + + p11_message_loud (); + + unlink (filename); + free (filename); +} + +static void +test_file_bad_directory (void) +{ + p11_save_file *file; + char *filename; + + if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + p11_message_quiet (); + + file = p11_save_open_file (filename, NULL, 0); + assert (file == NULL); + + p11_message_loud (); + + free (filename); +} + +static void +test_file_overwrite (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + write_zero_file (test.directory, "extract-file"); + + file = p11_save_open_file (filename, NULL, P11_SAVE_OVERWRITE); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_file_unique (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + write_zero_file (test.directory, "extract-file"); + + file = p11_save_open_file (filename, NULL, P11_SAVE_UNIQUE); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file"); + test_check_file (test.directory, "extract-file.1", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_file_auto_empty (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, NULL, -1); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file"); +} + +static void +test_file_auto_length (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, "The simple string is hairy", -1); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/simple-string"); +} + +static void +test_write_with_null (void) +{ + bool ret; + + ret = p11_save_write (NULL, "test", 4); + assert_num_eq (false, ret); +} + +static void +test_write_and_finish_with_null (void) +{ + bool ret; + + ret = p11_save_write_and_finish (NULL, "test", 4); + assert_num_eq (false, ret); +} + +static void +test_file_abort (void) +{ + struct stat st; + p11_save_file *file; + char *filename; + char *path; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + path = NULL; + ret = p11_save_finish_file (file, &path, false); + assert_num_eq (true, ret); + assert (path == NULL); + + if (stat (filename, &st) >= 0 || errno != ENOENT) + assert_fail ("file should not exist", filename); + + free (filename); +} + + +static void +test_directory_empty (void) +{ + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_not_null (dir); + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + + test_check_directory (subdir, (NULL, NULL)); + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +static void +test_directory_files (void) +{ + char *path; + char *check; + p11_save_file *file; + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_not_null (dir); + + file = p11_save_open_file_in (dir, "blah", ".cer"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, strlen (test_text)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + +#ifdef OS_UNIX + ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination"); + assert_num_eq (true, ret); +#endif + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + + test_check_directory (subdir, ("blah.cer", "file.txt", +#ifdef OS_UNIX + "link.ext", +#endif + NULL)); + test_check_file (subdir, "blah.cer", SRCDIR "/trust/fixtures/cacert3.der"); + test_check_data (subdir, "file.txt", test_text, strlen (test_text)); +#ifdef OS_UNIX + test_check_symlink (subdir, "link.ext", "/the/destination"); +#endif + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +static void +test_directory_dups (void) +{ + char *path; + char *check; + p11_save_file *file; + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_not_null (dir); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, 5); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, 10); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), + test_text, 15); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), + test_text, 8); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), + test_text, 16); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), + test_text, 14); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), + test_text, 15); + assert_num_eq (true, ret); + +#ifdef OS_UNIX + ret = p11_save_symlink_in (dir, "link", ".0", "/destination1"); + assert_num_eq (true, ret); + + ret = p11_save_symlink_in (dir, "link", ".0", "/destination2"); + assert_num_eq (true, ret); +#endif + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + + test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt", + "no-ext", "no-ext.1", + "with-num.0", "with-num.1", +#ifdef OS_UNIX + "link.0", "link.1", +#endif + NULL)); + test_check_data (subdir, "file.txt", test_text, 5); + test_check_data (subdir, "file.1.txt", test_text, 10); + test_check_data (subdir, "file.2.txt", test_text, 15); + test_check_data (subdir, "no-ext", test_text, 8); + test_check_data (subdir, "no-ext.1", test_text, 16); + test_check_data (subdir, "with-num.0", test_text, 14); + test_check_data (subdir, "with-num.1", test_text, 15); +#ifdef OS_UNIX + test_check_symlink (subdir, "link.0", "/destination1"); + test_check_symlink (subdir, "link.1", "/destination2"); +#endif + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +static void +test_directory_exists (void) +{ + p11_save_dir *dir; + char *subdir; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + +#ifdef OS_UNIX + if (mkdir (subdir, S_IRWXU) < 0) +#else + if (mkdir (subdir) < 0) +#endif + assert_fail ("mkdir() failed", subdir); + + p11_message_quiet (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_eq (NULL, dir); + + p11_message_loud (); + + rmdir (subdir); + free (subdir); +} + +static void +test_directory_overwrite (void) +{ + char *path; + char *check; + p11_save_file *file; + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + /* Some initial files into this directory, which get overwritten */ + dir = p11_save_open_directory (subdir, 0); + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), "", 0) && + p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL), "", 0) && + p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL), "", 0) && + p11_save_finish_directory (dir, true); + assert (ret && dir); + + /* Now the actual test, using the same directory */ + dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE); + assert_ptr_not_null (dir); + + file = p11_save_open_file_in (dir, "blah", ".cer"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, strlen (test_text)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, 10); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + + test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL)); + test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + test_check_data (subdir, "file.txt", test_text, strlen (test_text)); + test_check_data (subdir, "file.1.txt", test_text, 10); + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_file_write, "/save/test_file_write"); + p11_test (test_file_exists, "/save/test_file_exists"); + p11_test (test_file_bad_directory, "/save/test_file_bad_directory"); + p11_test (test_file_overwrite, "/save/test_file_overwrite"); + p11_test (test_file_unique, "/save/file-unique"); + p11_test (test_file_auto_empty, "/save/test_file_auto_empty"); + p11_test (test_file_auto_length, "/save/test_file_auto_length"); + + p11_fixture (NULL, NULL); + p11_test (test_write_with_null, "/save/test_write_with_null"); + p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null"); + + p11_fixture (setup, teardown); + p11_test (test_file_abort, "/save/test_file_abort"); + + p11_test (test_directory_empty, "/save/test_directory_empty"); + p11_test (test_directory_files, "/save/test_directory_files"); + p11_test (test_directory_dups, "/save/test_directory_dups"); + p11_test (test_directory_exists, "/save/test_directory_exists"); + p11_test (test_directory_overwrite, "/save/test_directory_overwrite"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-token.c b/trust/test-token.c new file mode 100644 index 0000000..c643f7e --- /dev/null +++ b/trust/test-token.c @@ -0,0 +1,789 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include "attrs.h" +#include "debug.h" +#include "parser.h" +#include "path.h" +#include "pkcs11x.h" +#include "message.h" +#include "token.h" + +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL falsev = CK_FALSE; +static CK_BBOOL truev = CK_TRUE; + +struct { + p11_token *token; + p11_index *index; + p11_parser *parser; + char *directory; +} test; + +static void +setup (void *path) +{ + test.token = p11_token_new (333, path, "Label"); + assert_ptr_not_null (test.token); + + test.index = p11_token_index (test.token); + assert_ptr_not_null (test.token); + + test.parser = p11_token_parser (test.token); + assert_ptr_not_null (test.parser); +} + +static void +setup_temp (void *unused) +{ + test.directory = p11_test_directory ("test-module"); + setup (test.directory); +} + +static void +teardown (void *path) +{ + p11_token_free (test.token); + memset (&test, 0, sizeof (test)); +} + +static void +teardown_temp (void *unused) +{ + p11_test_directory_delete (test.directory); + teardown (test.directory); + free (test.directory); +} + +static void +test_token_load (void *path) +{ + p11_index *index; + int count; + + count = p11_token_load (test.token); + assert_num_eq (6, count); + + /* A certificate and trust object for each parsed object */ + index = p11_token_index (test.token); + assert (((count - 1) * 2) + 1 <= p11_index_size (index)); +} + +static void +test_token_flags (void *path) +{ + /* + * blacklist comes from the input/distrust.pem file. It is not in the blacklist + * directory, but is an OpenSSL trusted certificate file, and is marked + * in the blacklist style for OpenSSL. + */ + + CK_ATTRIBUTE blacklist[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_LABEL, "Red Hat Is the CA", 17 }, + { CKA_SERIAL_NUMBER, "\x02\x01\x01", 3 }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + /* + * blacklist2 comes from the input/blacklist/self-server.der file. It is + * explicitly put on the blacklist, even though it containts no trust + * policy information. + */ + + const unsigned char self_server_subject[] = { + 0x30, 0x4b, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, + 0x01, 0x19, 0x16, 0x03, 0x43, 0x4f, 0x4d, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26, + 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x45, 0x58, 0x41, 0x4d, 0x50, 0x4c, 0x45, + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + }; + + CK_ATTRIBUTE blacklist2[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)self_server_subject, sizeof (self_server_subject) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + /* + * anchor comes from the input/anchors/cacert3.der file. It is + * explicitly marked as an anchor, even though it containts no trust + * policy information. + */ + + CK_ATTRIBUTE anchor[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + const unsigned char cacert_root_subject[] = { + 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, + 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, + 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, + 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, + }; + + /* + * notrust comes from the input/cacert-ca.der file. It contains no + * trust information, and is not explicitly marked as an anchor, so + * it's neither trusted or distrusted. + */ + + CK_ATTRIBUTE notrust[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)cacert_root_subject, sizeof (cacert_root_subject) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *expected[] = { + anchor, + blacklist, + blacklist2, + notrust, + NULL, + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *object; + int i; + + if (p11_token_load (test.token) < 0) + assert_not_reached (); + + /* The other objects */ + for (i = 0; expected[i]; i++) { + handle = p11_index_find (p11_token_index (test.token), expected[i], 2); + assert (handle != 0); + + object = p11_index_lookup (p11_token_index (test.token), handle); + assert_ptr_not_null (object); + + test_check_attrs (expected[i], object); + } +} + +static void +test_token_path (void *path) +{ + assert_str_eq (path, p11_token_get_path (test.token)); +} + +static void +test_token_label (void *path) +{ + assert_str_eq ("Label", p11_token_get_label (test.token)); +} + +static void +test_token_slot (void *path) +{ + assert_num_eq (333, p11_token_get_slot (test.token)); +} + +static void +test_not_writable (void) +{ + p11_token *token; + + if (getuid () != 0) { + token = p11_token_new (333, "/", "Label"); + assert (!p11_token_is_writable (token)); + p11_token_free (token); + } + + token = p11_token_new (333, "", "Label"); + assert (!p11_token_is_writable (token)); + p11_token_free (token); + + token = p11_token_new (333, "/non-existant", "Label"); + assert (!p11_token_is_writable (token)); + p11_token_free (token); +} + +static void +test_writable_exists (void) +{ + /* A writable directory since we created it */ + assert (p11_token_is_writable (test.token)); +} + +static void +test_writable_no_exist (void) +{ + char *directory; + p11_token *token; + char *path; + + directory = p11_test_directory ("test-module"); + + path = p11_path_build (directory, "subdir", NULL); + assert (path != NULL); + + token = p11_token_new (333, path, "Label"); + free (path); + + /* A writable directory since parent is writable */ + assert (p11_token_is_writable (token)); + + p11_token_free (token); + + if (rmdir (directory) < 0) + assert_not_reached (); + + free (directory); +} + +static void +test_load_already (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + CK_OBJECT_HANDLE handle; + int ret; + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + handle = p11_index_find (test.index, cert, -1); + assert (handle != 0); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert_num_eq (p11_index_find (test.index, cert, -1), handle); +} + +static void +test_load_unreadable (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + int ret; + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + assert (p11_index_find (test.index, cert, -1) != 0); + + p11_test_file_write (test.directory, "test.cer", "", 0); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert (p11_index_find (test.index, cert, -1) == 0); +} + +static void +test_load_gone (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + int ret; + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + assert (p11_index_find (test.index, cert, -1) != 0); + + p11_test_file_delete (test.directory, "test.cer"); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert (p11_index_find (test.index, cert, -1) == 0); +} + +static void +test_load_found (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + int ret; + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert (p11_index_find (test.index, cert, -1) == 0); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + assert (p11_index_find (test.index, cert, -1) != 0); +} + +static void +test_reload_changed (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE verisign[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE handle; + int ret; + + /* Just one file */ + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + handle = p11_index_find (test.index, cacert3, -1); + assert (handle != 0); + + /* Replace the file with verisign */ + p11_test_file_write (test.directory, "test.cer", verisign_v1_ca, + sizeof (verisign_v1_ca)); + + /* Add another file with cacert3, but not reloaded */ + p11_test_file_write (test.directory, "another.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + if (!p11_token_reload (test.token, attrs)) + assert_not_reached (); + + assert (p11_index_find (test.index, cacert3, -1) == 0); + assert (p11_index_find (test.index, verisign, -1) != 0); +} + +static void +test_reload_gone (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE verisign[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE handle; + int ret; + + /* Just one file */ + p11_test_file_write (test.directory, "cacert3.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + p11_test_file_write (test.directory, "verisign.cer", verisign_v1_ca, + sizeof (verisign_v1_ca)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 2); + handle = p11_index_find (test.index, cacert3, -1); + assert (handle != 0); + assert (p11_index_find (test.index, verisign, -1) != 0); + + p11_test_file_delete (test.directory, "cacert3.cer"); + p11_test_file_delete (test.directory, "verisign.cer"); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + if (p11_token_reload (test.token, attrs)) + assert_not_reached (); + + assert (p11_index_find (test.index, cacert3, -1) == 0); + assert (p11_index_find (test.index, verisign, -1) != 0); +} + +static void +test_reload_no_origin (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + if (p11_token_reload (test.token, cacert3)) + assert_not_reached (); +} + +static void +test_write_new (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "Yay!", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "Yay!", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + rv = p11_index_add (test.index, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "Yay_.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_write_no_label (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "", 0 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + rv = p11_index_add (test.index, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "data.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_modify_multiple (void) +{ + const char *test_data = + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"first\"\n" + "value: \"1\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"second\"\n" + "value: \"2\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"third\"\n" + "value: \"3\"\n"; + + CK_ATTRIBUTE first[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "first", 5 }, + { CKA_VALUE, "1", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE second[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "zwei", 4 }, + { CKA_VALUE, "2", 2 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE third[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "third", 5 }, + { CKA_VALUE, "3", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + int ret; + CK_RV rv; + + p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); + + /* Reload now that we have this new file */ + p11_token_load (test.token); + + handle = p11_index_find (test.index, &match, 1); + + rv = p11_index_update (test.index, handle, p11_attrs_dup (second)); + assert_num_eq (rv, CKR_OK); + + /* Now read in the file and make sure it has all the objects */ + path = p11_path_build (test.directory, "Test.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 3); + + /* The modified one will be first */ + test_check_attrs (second, parsed->elem[0]); + test_check_attrs (first, parsed->elem[1]); + test_check_attrs (third, parsed->elem[2]); +} + +static void +test_remove_one (void) +{ + const char *test_data = + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"first\"\n" + "value: \"1\"\n" + "\n"; + + CK_ATTRIBUTE match = { CKA_LABEL, "first", 5 }; + + CK_OBJECT_HANDLE handle; + CK_RV rv; + + p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); + test_check_directory (test.directory, ("Test.p11-kit", NULL)); + + /* Reload now that we have this new file */ + p11_token_load (test.token); + + handle = p11_index_find (test.index, &match, 1); + assert_num_cmp (handle, !=, 0); + + rv = p11_index_remove (test.index, handle); + assert_num_eq (rv, CKR_OK); + + /* No other files in the test directory, all files gone */ + test_check_directory (test.directory, (NULL, NULL)); +} + +static void +test_remove_multiple (void) +{ + const char *test_data = + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"first\"\n" + "value: \"1\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"second\"\n" + "value: \"2\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"third\"\n" + "value: \"3\"\n"; + + CK_ATTRIBUTE first[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "first", 5 }, + { CKA_VALUE, "1", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE third[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "third", 5 }, + { CKA_VALUE, "3", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + int ret; + CK_RV rv; + + p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); + + /* Reload now that we have this new file */ + p11_token_load (test.token); + + handle = p11_index_find (test.index, &match, 1); + assert_num_cmp (handle, !=, 0); + + rv = p11_index_remove (test.index, handle); + assert_num_eq (rv, CKR_OK); + + /* Now read in the file and make sure it has all the objects */ + path = p11_path_build (test.directory, "Test.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 2); + + /* The modified one will be first */ + test_check_attrs (first, parsed->elem[0]); + test_check_attrs (third, parsed->elem[1]); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_testx (test_token_load, SRCDIR "/trust/input", "/token/load"); + p11_testx (test_token_flags, SRCDIR "/trust/input", "/token/flags"); + p11_testx (test_token_path, "/wheee", "/token/path"); + p11_testx (test_token_label, "/wheee", "/token/label"); + p11_testx (test_token_slot, "/unneeded", "/token/slot"); + + p11_fixture (NULL, NULL); + p11_test (test_not_writable, "/token/not-writable"); + p11_test (test_writable_no_exist, "/token/writable-no-exist"); + + p11_fixture (setup_temp, teardown_temp); + p11_test (test_writable_exists, "/token/writable-exists"); + p11_test (test_load_found, "/token/load-found"); + p11_test (test_load_already, "/token/load-already"); + p11_test (test_load_unreadable, "/token/load-unreadable"); + p11_test (test_load_gone, "/token/load-gone"); + p11_test (test_reload_changed, "/token/reload-changed"); + p11_test (test_reload_gone, "/token/reload-gone"); + p11_test (test_reload_no_origin, "/token/reload-no-origin"); + p11_test (test_write_new, "/token/write-new"); + p11_test (test_write_no_label, "/token/write-no-label"); + p11_test (test_modify_multiple, "/token/modify-multiple"); + p11_test (test_remove_one, "/token/remove-one"); + p11_test (test_remove_multiple, "/token/remove-multiple"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-trust.c b/trust/test-trust.c new file mode 100644 index 0000000..20306e0 --- /dev/null +++ b/trust/test-trust.c @@ -0,0 +1,331 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#include "debug.h" +#include "message.h" +#include "path.h" +#include "test.h" + +#include "test-trust.h" + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef OS_UNIX +#include +#endif + +void +test_check_object_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + CK_OBJECT_CLASS klass, + const char *label) +{ + CK_BBOOL vfalse = CK_FALSE; + + CK_ATTRIBUTE expected[] = { + { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, + { CKA_CLASS, &klass, sizeof (klass) }, + { label ? CKA_LABEL : CKA_INVALID, (void *)label, label ? strlen (label) : 0 }, + { CKA_INVALID }, + }; + + test_check_attrs_msg (file, line, function, expected, attrs); +} + +void +test_check_cacert3_ca_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + const char *label) +{ + CK_CERTIFICATE_TYPE x509 = CKC_X_509; + CK_ULONG category = 2; /* authority */ + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, + { CKA_START_DATE, "20110523", 8 }, + { CKA_END_DATE, "20210520", 8, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_INVALID }, + }; + + test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label); + test_check_attrs_msg (file, line, function, expected, attrs); +} + +void +test_check_id_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr) +{ + CK_ATTRIBUTE *one; + CK_ATTRIBUTE *two; + + one = p11_attrs_find (expected, CKA_ID); + two = p11_attrs_find (attr, CKA_ID); + + test_check_attr_msg (file, line, function, CKA_INVALID, one, two); +} + +void +test_check_attrs_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE *attr; + + if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass)) + klass = CKA_INVALID; + + while (!p11_attrs_terminator (expected)) { + attr = p11_attrs_find (attrs, expected->type); + test_check_attr_msg (file, line, function, klass, expected, attr); + expected++; + } +} + +void +test_check_attr_msg (const char *file, + int line, + const char *function, + CK_OBJECT_CLASS klass, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr) +{ + assert (expected != NULL); + + if (attr == NULL) { + p11_test_fail (file, line, function, + "attribute does not match: (expected %s but found NULL)", + p11_attr_to_string (expected, klass)); + } + + if (!p11_attr_equal (attr, expected)) { + p11_test_fail (file, line, function, + "attribute does not match: (expected %s but found %s)", + p11_attr_to_string (expected, klass), + attr ? p11_attr_to_string (attr, klass) : "(null)"); + } +} + +static char * +read_file (const char *file, + int line, + const char *function, + const char *filename, + long *len) +{ + struct stat sb; + FILE *f = NULL; + char *data; + + f = fopen (filename, "rb"); + if (f == NULL) + p11_test_fail (file, line, function, "Couldn't open file: %s", filename); + + /* Figure out size */ + if (stat (filename, &sb) < 0) + p11_test_fail (file, line, function, "Couldn't stat file: %s", filename); + + *len = sb.st_size; + data = malloc (*len ? *len : 1); + assert (data != NULL); + + /* And read in one block */ + if (fread (data, 1, *len, f) != *len) + p11_test_fail (file, line, function, "Couldn't read file: %s", filename); + + fclose (f); + + return data; +} + +void +test_check_file_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const char *reference) +{ + char *refdata; + long reflen; + + refdata = read_file (file, line, function, reference, &reflen); + test_check_data_msg (file, line, function, directory, name, refdata, reflen); + free (refdata); +} + +void +test_check_data_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const void *refdata, + long reflen) +{ + char *filedata; + char *filename; + long filelen; + + if (asprintf (&filename, "%s/%s", directory, name) < 0) + assert_not_reached (); + + filedata = read_file (file, line, function, filename, &filelen); + + if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0) + p11_test_fail (file, line, function, "File contents not as expected: %s", filename); + + if (unlink (filename) < 0) + p11_test_fail (file, line, function, "Couldn't remove file: %s", filename); + free (filename); + free (filedata); +} + +#ifdef OS_UNIX + +void +test_check_symlink_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const char *destination) +{ + char buf[1024] = { 0, }; + char *filename; + + if (asprintf (&filename, "%s/%s", directory, name) < 0) + assert_not_reached (); + + if (readlink (filename, buf, sizeof (buf)) < 0) + p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename); + + if (strcmp (destination, buf) != 0) + p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf); + + if (unlink (filename) < 0) + p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename); + free (filename); +} + +#endif /* OS_UNIX */ + +p11_dict * +test_check_directory_files (const char *file, + ...) +{ + p11_dict *files; + va_list va; + + files = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + + va_start (va, file); + + while (file != NULL) { + if (!p11_dict_set (files, (void *)file, (void *)file)) + return_val_if_reached (NULL); + file = va_arg (va, const char *); + } + + va_end (va); + + return files; +} + +void +test_check_directory_msg (const char *file, + int line, + const char *function, + const char *directory, + p11_dict *files) +{ + p11_dictiter iter; + struct dirent *dp; + const char *name; + DIR *dir; + + dir = opendir (directory); + if (dir == NULL) + p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory); + + while ((dp = readdir (dir)) != NULL) { + if (strcmp (dp->d_name, ".") == 0 || + strcmp (dp->d_name, "..") == 0) + continue; + + if (!p11_dict_remove (files, dp->d_name)) + p11_test_fail (file, line, function, "Unexpected file in directory: %s", dp->d_name); + } + + closedir (dir); + +#ifdef OS_UNIX + if (chmod (directory, S_IRWXU) < 0) + p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno)); +#endif + + p11_dict_iterate (files, &iter); + while (p11_dict_next (&iter, (void **)&name, NULL)) + p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name); + + p11_dict_free (files); +} diff --git a/trust/test-trust.h b/trust/test-trust.h new file mode 100644 index 0000000..b70bbdb --- /dev/null +++ b/trust/test-trust.h @@ -0,0 +1,409 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "dict.h" +#include "pkcs11.h" +#include "test.h" + +#include +#include + +#ifndef TEST_DATA_H_ +#define TEST_DATA_H_ + +#define test_check_object(attrs, klass, label) \ + test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label) + +void test_check_object_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + CK_OBJECT_CLASS klass, + const char *label); + +#define test_check_cacert3_ca(attrs, label) \ + test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label) + +void test_check_cacert3_ca_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + const char *label); + +#define test_check_attrs(expected, attrs) \ + test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) + +void test_check_attrs_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attrs); + +#define test_check_attr(expected, attr) \ + test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr) + +void test_check_attr_msg (const char *file, + int line, + const char *function, + CK_OBJECT_CLASS klass, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr); + +#define test_check_id(expected, attrs) \ + test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) + +void test_check_id_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr); + +static const unsigned char test_cacert3_ca_der[] = { + 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, + 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, + 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, + 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, + 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, + 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, + 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, + 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, + 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, + 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, + 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, + 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, + 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, + 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, + 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, + 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, + 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, + 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, + 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, + 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, + 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, + 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, + 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, + 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, + 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, + 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, + 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, + 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, + 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, + 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, + 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, + 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, + 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, + 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, + 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, + 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, + 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, + 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, + 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, + 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, + 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, + 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, + 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, + 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, + 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, + 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, + 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, + 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, + 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, + 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, + 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, + 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, + 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, + 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, + 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, + 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, + 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, + 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, + 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, + 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, + 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, + 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, + 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, + 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, + 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, + 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, + 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, + 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, + 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, + 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, + 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, + 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, + 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, + 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, + 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, + 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, + 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, + 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, + 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, + 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, + 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, + 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, + 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, + 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, + 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, + 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, + 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, + 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, + 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, + 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, + 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, + 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, +}; + +static const char test_cacert3_ca_subject[] = { + 0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, + 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, + 0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74, +}; + +static const char test_cacert3_ca_issuer[] = { + 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, + 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, + 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, + 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, +}; + +static const char test_cacert3_ca_serial[] = { + 0x02, 0x03, 0x0a, 0x41, 0x8a, +}; + +static const char test_cacert3_ca_public_key[] = { + 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, + 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, 0xa9, 0xdd, + 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, 0x89, 0x7d, + 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, 0x99, 0x73, + 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, 0x7f, 0x64, + 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, 0x69, 0x01, + 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, 0xc5, 0x79, + 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, 0x9f, 0xcb, + 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, 0x8d, 0x09, + 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, 0xe3, 0xeb, + 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, 0x33, 0xbf, + 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, 0xa4, 0xd9, + 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, 0xec, 0x85, + 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, 0xd5, 0x3b, + 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, 0x15, 0x71, + 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, 0x8c, 0xf9, + 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, 0x64, 0x27, + 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, 0x5d, 0xaa, + 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, 0x0e, 0x42, + 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, 0x62, 0x34, + 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, 0xa0, 0x5b, + 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, 0xb7, 0xa2, + 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, 0x6c, 0x5f, + 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, 0x47, 0xd5, + 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, 0x03, 0x68, + 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, 0x3a, 0x98, + 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, 0xae, 0x60, + 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, 0x56, 0xe7, + 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, 0xa1, 0xd1, + 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, 0x2c, 0x86, + 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, 0x9d, 0xaf, + 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, 0x42, 0x74, + 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, 0x05, 0xfb, + 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +static const unsigned char verisign_v1_ca[] = { + 0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0, + 0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, + 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, + 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36, + 0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, + 0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, + 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, + 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, + 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, + 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d, + 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e, + 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f, + 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73, + 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06, + 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2, + 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9, + 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a, + 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, + 0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09, + 0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96, + 0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d, + 0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe, + 0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15, + 0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36, + 0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa, + 0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b, +}; + +static const unsigned char verisign_v1_ca_subject[] = { + 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, + 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, +}; + +static const unsigned char verisign_v1_ca_public_key[] = { + 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, + 0x6d, 0xa3, 0x56, 0x61, 0x2d, 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, + 0x86, 0x80, 0x0a, 0x91, 0x0e, 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, + 0x9b, 0x24, 0x5d, 0x0d, 0x1f, 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, + 0x06, 0x9b, 0x10, 0xa1, 0x73, 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, + 0xa8, 0x3f, 0xaa, 0x12, 0x06, 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, + 0x09, 0xcd, 0x14, 0x11, 0xe2, 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, + 0x91, 0x29, 0xbb, 0x36, 0xc9, 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, + 0xb0, 0x7b, 0x30, 0xba, 0x2a, 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, + 0x00, 0x01, +}; + +static const char test_text[] = "This is the file text"; + +static const char test_eku_server_and_client[] = { + 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, +}; + +static const char test_eku_server[] = { + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, +}; + +static const char test_eku_email[] = { + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 +}; + +static const char test_eku_none[] = { + 0x30, 0x00, +}; + +void test_check_file_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *filename, + const char *reference); + +void test_check_data_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *filename, + const void *refdata, + long reflen); + +#ifdef OS_UNIX + +void test_check_symlink_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const char *destination); + +#endif /* OS_UNIX */ + +p11_dict * test_check_directory_files (const char *file, + ...) GNUC_NULL_TERMINATED; + +void test_check_directory_msg (const char *file, + int line, + const char *function, + const char *directory, + p11_dict *files); + +#define test_check_file(directory, name, reference) \ + (test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference)) + +#define test_check_data(directory, name, data, length) \ + (test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length)) + +#ifdef OS_UNIX + +#define test_check_symlink(directory, name, destination) \ + (test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination)) + +#endif /* OS_UNIX */ + +#define test_check_directory(directory, files) \ + (test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \ + test_check_directory_files files)) + +#endif /* TEST_DATA_H_ */ diff --git a/trust/test-utf8.c b/trust/test-utf8.c new file mode 100644 index 0000000..9b2c3d5 --- /dev/null +++ b/trust/test-utf8.c @@ -0,0 +1,244 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "utf8.h" + +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +static void +test_ucs2be (void) +{ + char *output; + size_t length; + int i; + + struct { + const char *output; + size_t output_len; + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { "This is a test", 14, + { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, 's', 0x00, ' ', 0x00, 'i', 0x00, 's', 0x00, ' ', + 0x00, 'a', 0x00, ' ', 0x00, 't', 0x00, 'e', 0x00, 's', 0x00, 't' }, 28, + }, + { "V\303\266gel", 6, + { 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 10, + }, + { "M\303\244nwich \340\264\205", 12, + { 0x00, 'M', 0x00, 0xE4, 0x00, 'n', 0x00, 'w', 0x00, 'i', 0x00, 'c', 0x00, 'h', + 0x00, ' ', 0x0D, 0x05 }, 18, + } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs2be (fixtures[i].input, + fixtures[i].input_len, + &length); + + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, output); + free (output); + } +} + +static void +test_ucs2be_fail (void) +{ + char *output; + size_t length; + int i; + + struct { + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, }, 7 /* truncated */ } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs2be (fixtures[i].input, + fixtures[i].input_len, + &length); + assert_ptr_eq (NULL, output); + } +} + +static void +test_ucs4be (void) +{ + char *output; + size_t length; + int i; + + struct { + const char *output; + size_t output_len; + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { "This is a test", 14, + { 0x00, 0x00, 0x00, 'T', + 0x00, 0x00, 0x00, 'h', + 0x00, 0x00, 0x00, 'i', + 0x00, 0x00, 0x00, 's', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x00, 0x00, 'i', + 0x00, 0x00, 0x00, 's', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x00, 0x00, 'a', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x00, 0x00, 't', + 0x00, 0x00, 0x00, 'e', + 0x00, 0x00, 0x00, 's', + 0x00, 0x00, 0x00, 't', + }, 56, + }, + { "Fun \360\220\214\231", 8, + { 0x00, 0x00, 0x00, 'F', + 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x01, 0x03, 0x19, /* U+10319: looks like an antenna */ + }, 20, + } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs4be (fixtures[i].input, + fixtures[i].input_len, + &length); + + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, output); + + free (output); + } +} + +static void +test_ucs4be_fail (void) +{ + char *output; + size_t length; + int i; + + struct { + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { { 0x00, 0x00, 'T', + }, 7 /* truncated */ }, + { { 0x00, 0x00, 0x00, 'F', + 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', + 0x00, 0x00, 0x00, ' ', + 0xD8, 0x00, 0xDF, 0x19, + }, 20, + } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs4be (fixtures[i].input, + fixtures[i].input_len, + &length); + assert_ptr_eq (NULL, output); + } +} + +static void +test_utf8 (void) +{ + bool ret; + int i; + + struct { + const char *input; + size_t input_len; + } fixtures[] = { + { "This is a test", 14 }, + { "Good news everyone", -1 }, + { "Fun \360\220\214\231", -1 }, + { "Fun invalid here: \xfe", 4 }, /* but limited length */ + { "V\303\266gel", 6, }, + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + ret = p11_utf8_validate (fixtures[i].input, + fixtures[i].input_len); + assert_num_eq (true, ret); + } +} + +static void +test_utf8_fail (void) +{ + bool ret; + int i; + + struct { + const char *input; + size_t input_len; + } fixtures[] = { + { "This is a test\x80", 15 }, + { "Good news everyone\x88", -1 }, + { "Bad \xe0v following chars should be |0x80", -1 }, + { "Truncated \xe0", -1 }, + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + ret = p11_utf8_validate (fixtures[i].input, + fixtures[i].input_len); + assert_num_eq (false, ret); + } +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_ucs2be, "/utf8/ucs2be"); + p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail"); + p11_test (test_ucs4be, "/utf8/ucs4be"); + p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail"); + p11_test (test_utf8, "/utf8/utf8"); + p11_test (test_utf8_fail, "/utf8/utf8_fail"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-x509.c b/trust/test-x509.c new file mode 100644 index 0000000..9f7d258 --- /dev/null +++ b/trust/test-x509.c @@ -0,0 +1,416 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "asn1.h" +#include "debug.h" +#include "oid.h" +#include "x509.h" + +#include +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +struct { + p11_dict *asn1_defs; +} test; + +static void +setup (void *unused) +{ + test.asn1_defs = p11_asn1_defs_load (); + assert_ptr_not_null (test.asn1_defs); +} + +static void +teardown (void *unused) +{ + p11_dict_free (test.asn1_defs); + memset (&test, 0, sizeof (test)); +} + +static const char test_ku_ds_and_np[] = { + 0x03, 0x03, 0x07, 0xc0, 0x00, +}; + +static const char test_ku_none[] = { + 0x03, 0x03, 0x07, 0x00, 0x00, +}; + +static const char test_ku_cert_crl_sign[] = { + 0x03, 0x03, 0x07, 0x06, 0x00, +}; + +static const char test_eku_server_and_client[] = { + 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, +}; + +static const char test_eku_none[] = { + 0x30, 0x00, +}; + +static const char test_eku_client_email_and_timestamp[] = { + 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, +}; + +static const unsigned char test_cacert3_ca_der[] = { + 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, + 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, + 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, + 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, + 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, + 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, + 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, + 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, + 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, + 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, + 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, + 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, + 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, + 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, + 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, + 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, + 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, + 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, + 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, + 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, + 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, + 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, + 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, + 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, + 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, + 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, + 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, + 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, + 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, + 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, + 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, + 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, + 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, + 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, + 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, + 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, + 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, + 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, + 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, + 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, + 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, + 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, + 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, + 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, + 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, + 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, + 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, + 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, + 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, + 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, + 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, + 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, + 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, + 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, + 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, + 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, + 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, + 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, + 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, + 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, + 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, + 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, + 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, + 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, + 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, + 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, + 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, + 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, + 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, + 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, + 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, + 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, + 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, + 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, + 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, + 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, + 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, + 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, + 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, + 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, + 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, + 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, + 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, + 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, + 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, + 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, + 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, + 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, + 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, + 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, + 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, + 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, +}; + +struct { + const char *eku; + size_t length; + const char *expected[16]; +} extended_key_usage_fixtures[] = { + { test_eku_server_and_client, sizeof (test_eku_server_and_client), + { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, }, + { test_eku_none, sizeof (test_eku_none), + { NULL, }, }, + { test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp), + { P11_OID_CLIENT_AUTH_STR, P11_OID_EMAIL_PROTECTION_STR, P11_OID_TIME_STAMPING_STR }, }, + { NULL }, +}; + +static void +test_parse_extended_key_usage (void) +{ + p11_array *ekus; + int i, j, count; + + for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) { + ekus = p11_x509_parse_extended_key_usage (test.asn1_defs, + (const unsigned char *)extended_key_usage_fixtures[i].eku, + extended_key_usage_fixtures[i].length); + assert_ptr_not_null (ekus); + + for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++); + + assert_num_eq (count, ekus->num); + for (j = 0; j < count; j++) + assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); + + p11_array_free (ekus); + } +} + +struct { + const char *ku; + size_t length; + unsigned int expected; +} key_usage_fixtures[] = { + { test_ku_ds_and_np, sizeof (test_ku_ds_and_np), P11_KU_DIGITAL_SIGNATURE | P11_KU_NON_REPUDIATION }, + { test_ku_none, sizeof (test_ku_none), 0 }, + { test_ku_cert_crl_sign, sizeof (test_ku_cert_crl_sign), P11_KU_KEY_CERT_SIGN | P11_KU_CRL_SIGN }, + { NULL }, +}; + +static void +test_parse_key_usage (void) +{ + unsigned int ku; + int i; + bool ret; + + for (i = 0; key_usage_fixtures[i].ku != NULL; i++) { + ku = 0; + + ret = p11_x509_parse_key_usage (test.asn1_defs, + (const unsigned char *)key_usage_fixtures[i].ku, + key_usage_fixtures[i].length, &ku); + assert_num_eq (true, ret); + + assert_num_eq (key_usage_fixtures[i].expected, ku); + } +} + +static void +test_parse_extension (void) +{ + node_asn *cert; + unsigned char *ext; + size_t length; + bool is_ca; + + cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + assert_ptr_not_null (cert); + + ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS, + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), + &length); + assert_ptr_not_null (ext); + assert (length > 0); + + asn1_delete_structure (&cert); + + if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca)) + assert_fail ("failed to parse message", "basic constraints"); + + free (ext); +} +static void +test_parse_extension_not_found (void) +{ + node_asn *cert; + unsigned char *ext; + size_t length; + + cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + assert_ptr_not_null (cert); + + ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT, + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), + &length); + assert_ptr_eq (NULL, ext); + + asn1_delete_structure (&cert); +} + +static void +test_directory_string (void) +{ + struct { + unsigned char input[100]; + int input_len; + char *output; + int output_len; + } fixtures[] = { + /* UTF8String */ + { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, + "\xc3\x84 UTF8 string ", 15, + }, + + /* NumericString */ + { { 0x12, 0x04, '0', '1', '2', '3', }, 6, + "0123", 4, + }, + + /* IA5String */ + { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, + " AB ", 4 + }, + + /* TeletexString */ + { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + "A nice", 7 + }, + + /* PrintableString */ + { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + "A nice", 7, + }, + + /* UniversalString */ + { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, + "Fun \xf0\x90\x8c\x99", 8 + }, + + /* BMPString */ + { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, + "V\xc3\xb6gel", 6 + }, + }; + + char *string; + bool unknown; + size_t length; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + string = p11_x509_parse_directory_string (fixtures[i].input, + fixtures[i].input_len, + &unknown, &length); + assert_ptr_not_null (string); + assert_num_eq (false, unknown); + + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, string); + free (string); + } +} + +static void +test_directory_string_unknown (void) +{ + /* Not a valid choice in DirectoryString */ + unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }; + char *string; + bool unknown = false; + size_t length; + + string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length); + assert_ptr_eq (NULL, string); + assert_num_eq (true, unknown); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage"); + p11_test (test_parse_key_usage, "/x509/parse-key-usage"); + p11_test (test_parse_extension, "/x509/parse-extension"); + p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found"); + + p11_fixture (NULL, NULL); + p11_test (test_directory_string, "/x509/directory-string"); + p11_test (test_directory_string_unknown, "/x509/directory-string-unknown"); + return p11_test_run (argc, argv); +} diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am deleted file mode 100644 index 1f13b2a..0000000 --- a/trust/tests/Makefile.am +++ /dev/null @@ -1,122 +0,0 @@ - -include $(top_srcdir)/build/Makefile.tests - -COMMON = $(top_srcdir)/common -TRUST = $(top_srcdir)/trust - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(srcdir)/.. \ - -I$(top_srcdir)/p11-kit \ - -I$(COMMON) \ - -DDATADIR=\"$(datadir)\" \ - -DSYSCONFDIR=\"$(sysconfdir)\" \ - -DP11_KIT_FUTURE_UNSTABLE_API \ - $(LIBTASN1_CFLAGS) \ - $(TEST_CFLAGS) \ - $(NULL) - -noinst_LTLIBRARIES = \ - libtrust-test.la - -libtrust_test_la_SOURCES = \ - test-trust.c test-trust.h \ - $(TRUST)/digest.c - -LDADD = \ - $(top_builddir)/trust/libtrust-testable.la \ - $(top_builddir)/trust/libtrust-data.la \ - $(builddir)/libtrust-test.la \ - $(top_builddir)/p11-kit/libp11-kit.la \ - $(top_builddir)/common/libp11-library.la \ - $(top_builddir)/common/libp11-test.la \ - $(top_builddir)/common/libp11-common.la \ - $(LIBTASN1_LIBS) \ - $(HASH_LIBS) \ - $(NULL) - -CHECK_PROGS = \ - test-digest \ - test-asn1 \ - test-base64 \ - test-pem \ - test-oid \ - test-utf8 \ - test-x509 \ - test-persist \ - test-index \ - test-parser \ - test-builder \ - test-token \ - test-module \ - test-save \ - test-enumerate \ - test-cer \ - test-bundle \ - test-openssl \ - $(NULL) - -noinst_PROGRAMS = \ - frob-pow \ - frob-token \ - frob-nss-trust \ - frob-cert \ - frob-bc \ - frob-ku \ - frob-eku \ - frob-ext \ - frob-cert \ - frob-oid \ - $(CHECK_PROGS) - -frob_nss_trust_LDADD = \ - $(top_builddir)/common/libp11-common.la \ - $(top_builddir)/p11-kit/libp11-kit.la \ - $(HASH_LIBS) \ - $(NULL) - -TESTS = $(CHECK_PROGS) - -EXTRA_DIST = \ - input \ - files \ - $(NULL) - -TEST_RUNNER = libtool --mode=execute - -test_save_SOURCES = \ - test-save.c \ - $(TRUST)/save.c \ - $(NULL) - -test_enumerate_SOURCES = \ - test-enumerate.c \ - $(TRUST)/enumerate.c \ - $(NULL) - -test_cer_SOURCES = \ - test-cer.c \ - $(TRUST)/enumerate.c \ - $(TRUST)/extract-cer.c \ - $(TRUST)/save.c \ - $(NULL) - -test_bundle_SOURCES = \ - test-bundle.c \ - $(TRUST)/enumerate.c \ - $(TRUST)/extract-pem.c \ - $(TRUST)/save.c \ - $(NULL) - -test_openssl_SOURCES = \ - test-openssl.c \ - $(TRUST)/enumerate.c \ - $(TRUST)/extract-openssl.c \ - $(TRUST)/save.c \ - $(NULL) - -noinst_SCRIPTS = \ - test-extract - -installcheck-local: - sh $(builddir)/test-extract diff --git a/trust/tests/files/cacert-ca.der b/trust/tests/files/cacert-ca.der deleted file mode 100644 index 719b0ff..0000000 Binary files a/trust/tests/files/cacert-ca.der and /dev/null differ diff --git a/trust/tests/files/cacert3-distrust-all.pem b/trust/tests/files/cacert3-distrust-all.pem deleted file mode 100644 index ce5d887..0000000 --- a/trust/tests/files/cacert3-distrust-all.pem +++ /dev/null @@ -1,44 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijBSoFAGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG -CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD -CA== ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/cacert3-distrusted-all.pem b/trust/tests/files/cacert3-distrusted-all.pem deleted file mode 100644 index 4a04a39..0000000 --- a/trust/tests/files/cacert3-distrusted-all.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijBIoEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG -CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMI ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/cacert3-not-trusted.pem b/trust/tests/files/cacert3-not-trusted.pem deleted file mode 100644 index eaa2e54..0000000 --- a/trust/tests/files/cacert3-not-trusted.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijACMAA= ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/cacert3-trusted-alias.pem b/trust/tests/files/cacert3-trusted-alias.pem deleted file mode 100644 index 44601ea..0000000 --- a/trust/tests/files/cacert3-trusted-alias.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/cacert3-trusted-keyid.pem b/trust/tests/files/cacert3-trusted-keyid.pem deleted file mode 100644 index e652733..0000000 --- a/trust/tests/files/cacert3-trusted-keyid.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAJBAcAAQIDBAUG ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/cacert3-trusted-server-alias.pem b/trust/tests/files/cacert3-trusted-server-alias.pem deleted file mode 100644 index 55593ec..0000000 --- a/trust/tests/files/cacert3-trusted-server-alias.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/cacert3-trusted.pem b/trust/tests/files/cacert3-trusted.pem deleted file mode 100644 index 55593ec..0000000 --- a/trust/tests/files/cacert3-trusted.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/cacert3-twice.pem b/trust/tests/files/cacert3-twice.pem deleted file mode 100644 index c73202d..0000000 --- a/trust/tests/files/cacert3-twice.pem +++ /dev/null @@ -1,84 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- diff --git a/trust/tests/files/cacert3.der b/trust/tests/files/cacert3.der deleted file mode 100644 index 56f8c88..0000000 Binary files a/trust/tests/files/cacert3.der and /dev/null differ diff --git a/trust/tests/files/cacert3.pem b/trust/tests/files/cacert3.pem deleted file mode 100644 index 087ca0e..0000000 --- a/trust/tests/files/cacert3.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- diff --git a/trust/tests/files/distrusted.pem b/trust/tests/files/distrusted.pem deleted file mode 100644 index 8de6ff0..0000000 --- a/trust/tests/files/distrusted.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN -QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n -i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L -WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 -6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg -MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV -BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT -MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p -bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA -A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p -mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 -voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH -AwIMEVJlZCBIYXQgSXMgdGhlIENB ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/empty-file b/trust/tests/files/empty-file deleted file mode 100644 index e69de29..0000000 diff --git a/trust/tests/files/multiple.pem b/trust/tests/files/multiple.pem deleted file mode 100644 index d3e1775..0000000 --- a/trust/tests/files/multiple.pem +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- ------BEGIN TRUSTED CERTIFICATE----- -MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f -zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi -TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW -NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV -Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb -MA4MDEN1c3RvbSBMYWJlbA== ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/openssl-trust-no-trust.pem b/trust/tests/files/openssl-trust-no-trust.pem deleted file mode 100644 index 07e3917..0000000 --- a/trust/tests/files/openssl-trust-no-trust.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIEmTCCA4GgAwIBAgIQXSBhjowOuTRAk7mx2GOVtjANBgkqhkiG9w0BAQUFADBv -MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk -ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF -eHRlcm5hbCBDQSBSb290MB4XDTE0MDgwNTAwMDAwMFoXDTE1MTEwMTIzNTk1OVow -fzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSowKAYDVQQDEyFV -U0VSVHJ1c3QgTGVnYWN5IFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDZTSA65ikwhvLphol2NE5oH5ZE99H51oJOpjie7stb -4Y4uvfJXgP3JP/yQc0S8j7tXW+UtHxQwdTb1f7zPVvR/gf+ukc3Y0mrLl/n3zZBq -RS3Eu6SFE2hXX+8puirK6vXMpASbY80A6/3tjd0jxnseVx02fx8Img1h21pscQJT -KML6jf2ru7PxjXRL3729zAaTYwmVwhB6nSWQMp0BwjlTsOAVa8fXdOWkIpvklP+E -kfstsxlDLZMPnBIJ5Ge5J3oyrXoqzEFYwG5ZX+44KxcinIn6buflVzX0Wu2SlZMt -+cwkP6UcPSe9IgNzzPXK86n03P7P6dBc0A+rh/yD/cipAgMBAAGjggEfMIIBGzAf -BgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUr6RAr58W -/qsx/fvVl4v1kaMkhhYwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C -AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGA1UdIAQSMBAwDgYM -KwYBBAGyMQECAQMEMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRy -dXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQp -MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI -hvcNAQEFBQADggEBAISuLWg4EWyDUWLAkcKYvMY7+qXFvTsJ5m5gbzADhiIasovz -xs4euxt54BYUTdKaBUv/j+zwKCnqKgQdPa8REtVJmFBCn2FmOrZAmQQMaxAy6ffP -hlhPLc3TrH7oW2qDfA2gnFxQNnUNbX5Ct9+m3JBcbyNOlx3zInW/AzXmXX/H+Zss -h/aO1iWWWZ3P6hAe727qWpt3GDTMgXevmofCCuXlnhOVU729SRqldhL23PKRt+ka -4bxNPZVxffiNfD4DT1Pt/lL9yl+T4RoBGwK3c066Zul4i1D+EcvRZ9AiT3fqzRQV -QK5mXegufx6Ib1V51rl+47X9kaDA8iaHSy+d9aA= ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/files/redhat-ca.der b/trust/tests/files/redhat-ca.der deleted file mode 100644 index affae24..0000000 Binary files a/trust/tests/files/redhat-ca.der and /dev/null differ diff --git a/trust/tests/files/self-signed-with-eku.der b/trust/tests/files/self-signed-with-eku.der deleted file mode 100644 index 33e0760..0000000 Binary files a/trust/tests/files/self-signed-with-eku.der and /dev/null differ diff --git a/trust/tests/files/self-signed-with-ku.der b/trust/tests/files/self-signed-with-ku.der deleted file mode 100644 index 51bb227..0000000 Binary files a/trust/tests/files/self-signed-with-ku.der and /dev/null differ diff --git a/trust/tests/files/simple-string b/trust/tests/files/simple-string deleted file mode 100644 index be13474..0000000 --- a/trust/tests/files/simple-string +++ /dev/null @@ -1 +0,0 @@ -The simple string is hairy \ No newline at end of file diff --git a/trust/tests/files/testing-server.der b/trust/tests/files/testing-server.der deleted file mode 100644 index cf2de65..0000000 Binary files a/trust/tests/files/testing-server.der and /dev/null differ diff --git a/trust/tests/files/thawte.pem b/trust/tests/files/thawte.pem deleted file mode 100644 index 34af29e..0000000 --- a/trust/tests/files/thawte.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB -rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV -BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa -Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl -LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u -MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl -ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm -gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 -YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf -b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 -9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S -zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk -OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV -HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA -2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW -oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu -t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c -KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM -m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu -MdRAGmI0Nj81Aa6sY6A= ------END CERTIFICATE----- diff --git a/trust/tests/files/unrecognized-file.txt b/trust/tests/files/unrecognized-file.txt deleted file mode 100644 index 4d5bac3..0000000 --- a/trust/tests/files/unrecognized-file.txt +++ /dev/null @@ -1 +0,0 @@ -# This file is not recognized by the parser \ No newline at end of file diff --git a/trust/tests/files/verisign-v1.der b/trust/tests/files/verisign-v1.der deleted file mode 100644 index bcd5ebb..0000000 Binary files a/trust/tests/files/verisign-v1.der and /dev/null differ diff --git a/trust/tests/files/verisign-v1.pem b/trust/tests/files/verisign-v1.pem deleted file mode 100644 index ace4da5..0000000 --- a/trust/tests/files/verisign-v1.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f -zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi -TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW -NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV -Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb -MA4MDEN1c3RvbSBMYWJlbA== ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/frob-bc.c b/trust/tests/frob-bc.c deleted file mode 100644 index 41fbc58..0000000 --- a/trust/tests/frob-bc.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ext = NULL; - char *buf; - int len; - int ret; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.BasicConstraints", &ext); - err_if_fail (ret, "BasicConstraints"); - - if (argc > 1) { - ret = asn1_write_value (ext, "cA", argv[1], 1); - err_if_fail (ret, "cA"); - } - - ret = asn1_write_value (ext, "pathLenConstraint", NULL, 0); - err_if_fail (ret, "pathLenConstraint"); - - len = 0; - ret = asn1_der_coding (ext, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ext, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - free (buf); - asn1_delete_structure (&ext); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/tests/frob-cert.c b/trust/tests/frob-cert.c deleted file mode 100644 index c1bc45c..0000000 --- a/trust/tests/frob-cert.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -static ssize_t -tlv_length (const unsigned char *data, - size_t length) -{ - unsigned char cls; - int counter = 0; - int cb, len; - unsigned long tag; - - if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { - counter += cb; - len = asn1_get_length_der (data + cb, length - cb, &cb); - counter += cb; - if (len >= 0) { - len += counter; - if (length >= len) - return len; - } - } - - return -1; -} - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *cert = NULL; - p11_mmap *map; - void *data; - size_t size; - int start, end; - ssize_t len; - int ret; - - if (argc != 4) { - fprintf (stderr, "usage: frob-cert struct field filename\n"); - return 2; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, argv[1], &cert); - err_if_fail (ret, "Certificate"); - - map = p11_mmap_open (argv[3], NULL, &data, &size); - if (map == NULL) { - fprintf (stderr, "couldn't open file: %s\n", argv[3]); - return 1; - } - - ret = asn1_der_decoding (&cert, data, size, message); - err_if_fail (ret, message); - - ret = asn1_der_decoding_startEnd (cert, data, size, argv[2], &start, &end); - err_if_fail (ret, "asn1_der_decoding_startEnd"); - - len = tlv_length ((unsigned char *)data + start, size - start); - assert (len >= 0); - - fprintf (stderr, "%lu %d %d %ld\n", (unsigned long)size, start, end, (long)len); - fwrite ((unsigned char *)data + start, 1, len, stdout); - fflush (stdout); - - p11_mmap_close (map); - - asn1_delete_structure (&cert); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/tests/frob-eku.c b/trust/tests/frob-eku.c deleted file mode 100644 index f467b36..0000000 --- a/trust/tests/frob-eku.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ekus = NULL; - char *buf; - int len; - int ret; - int i; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.ExtKeyUsageSyntax", &ekus); - err_if_fail (ret, "ExtKeyUsageSyntax"); - - for (i = 1; i < argc; i++) { - ret = asn1_write_value (ekus, "", "NEW", 1); - err_if_fail (ret, "NEW"); - - ret = asn1_write_value (ekus, "?LAST", argv[i], strlen (argv[i])); - err_if_fail (ret, "asn1_write_value"); - } - - len = 0; - ret = asn1_der_coding (ekus, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ekus, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - free (buf); - asn1_delete_structure (&ekus); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/tests/frob-ext.c b/trust/tests/frob-ext.c deleted file mode 100644 index 2017205..0000000 --- a/trust/tests/frob-ext.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ext = NULL; - unsigned char input[1024]; - char *buf; - size_t size; - int len; - int ret; - - if (argc == 1 || argc > 3) { - fprintf (stderr, "usage: frob-ext 1.2.3 TRUE\n"); - return 2; - } - - size = fread (input, 1, sizeof (input), stdin); - if (ferror (stdin) || !feof (stdin)) { - fprintf (stderr, "bad input\n"); - return 1; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - - ret = asn1_create_element (definitions, "PKIX1.Extension", &ext); - err_if_fail (ret, "Extension"); - - ret = asn1_write_value (ext, "extnID", argv[1], 1); - err_if_fail (ret, "extnID"); - - if (argc == 3) { - ret = asn1_write_value (ext, "critical", argv[2], 1); - err_if_fail (ret, "critical"); - } - - ret = asn1_write_value (ext, "extnValue", input, size); - err_if_fail (ret, "extnValue"); - - len = 0; - ret = asn1_der_coding (ext, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ext, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - free (buf); - asn1_delete_structure (&ext); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/tests/frob-ku.c b/trust/tests/frob-ku.c deleted file mode 100644 index 99ac217..0000000 --- a/trust/tests/frob-ku.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include "oid.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ku = NULL; - unsigned int usage = 0; - char bits[2]; - char *buf; - int len; - int ret; - int i; - - for (i = 1; i < argc; i++) { - if (strcmp (argv[i], "digital-signature") == 0) - usage |= P11_KU_DIGITAL_SIGNATURE; - else if (strcmp (argv[i], "non-repudiation") == 0) - usage |= P11_KU_NON_REPUDIATION; - else if (strcmp (argv[i], "key-encipherment") == 0) - usage |= P11_KU_KEY_ENCIPHERMENT; - else if (strcmp (argv[i], "data-encipherment") == 0) - usage |= P11_KU_DATA_ENCIPHERMENT; - else if (strcmp (argv[i], "key-agreement") == 0) - usage |= P11_KU_KEY_AGREEMENT; - else if (strcmp (argv[i], "key-cert-sign") == 0) - usage |= P11_KU_KEY_CERT_SIGN; - else if (strcmp (argv[i], "crl-sign") == 0) - usage |= P11_KU_CRL_SIGN; - else { - fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]); - return 2; - } - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.KeyUsage", &ku); - err_if_fail (ret, "KeyUsage"); - - bits[0] = usage & 0xff; - bits[1] = (usage >> 8) & 0xff; - - ret = asn1_write_value (ku, "", bits, 9); - err_if_fail (ret, "asn1_write_value"); - - len = 0; - ret = asn1_der_coding (ku, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ku, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - free (buf); - - asn1_delete_structure (&ku); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/tests/frob-multi-init.c b/trust/tests/frob-multi-init.c deleted file mode 100644 index d966540..0000000 --- a/trust/tests/frob-multi-init.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * gcc -Wall -o frob-multi-init $(pkg-config p11-kit-1 --cflags --libs) -ldl frob-multi-init.c - */ - -#include -#include -#include - -#include - -#define TRUST_SO "/usr/lib64/pkcs11/p11-kit-trust.so" - -int -main (void) -{ - CK_C_INITIALIZE_ARGS args = - { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; - CK_C_GetFunctionList C_GetFunctionList; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *module; - CK_SLOT_ID slots[8]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - void *dl; - - dl = dlopen (TRUST_SO, RTLD_LOCAL | RTLD_NOW); - if (dl == NULL) - fprintf (stderr, "%s\n", dlerror()); - assert (dl != NULL); - - C_GetFunctionList = dlsym (dl, "C_GetFunctionList"); - assert (C_GetFunctionList != NULL); - - rv = C_GetFunctionList (&module); - assert (rv == CKR_OK); - assert (module != NULL); - - rv = module->C_Initialize (&args); - assert (rv == CKR_OK); - - count = 8; - rv = module->C_GetSlotList (CK_TRUE, slots, &count); - assert (rv == CKR_OK); - assert (count > 1); - - rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - assert (rv == CKR_OK); - - rv = p11_kit_initialize_registered (); - assert (rv == CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - if (rv == CKR_OK) { - printf ("no reinitialization bug\n"); - return 0; - - } else if (rv == CKR_SESSION_HANDLE_INVALID) { - printf ("reinitialization bug present\n"); - return 1; - - } else { - printf ("another error: %lu\n", rv); - return 1; - } -} diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c deleted file mode 100644 index fd69573..0000000 --- a/trust/tests/frob-nss-trust.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "attrs.h" -#include "debug.h" -#include "pkcs11x.h" - -#include "p11-kit/iter.h" -#include "p11-kit/p11-kit.h" - -#include -#include -#include - -static void -dump_object (P11KitIter *iter, - CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_ATTRIBUTE *attr; - char *string; - char *name; - CK_RV rv; - - attr = p11_attrs_find_valid (attrs, CKA_LABEL); - if (!attr) { - rv = p11_kit_iter_load_attributes (iter, &label, 1); - if (rv == CKR_OK) - attr = &label; - } - - if (attr) - name = strndup (attr->pValue, attr->ulValueLen); - else - name = strdup ("unknown"); - - string = p11_attrs_to_string (attrs, -1); - printf ("\"%s\" = %s\n", name, string); - free (string); - - free (label.pValue); - free (name); -} - -static int -dump_trust_module (const char *path) -{ - CK_FUNCTION_LIST *module; - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - CK_ATTRIBUTE match = - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS,}, - { CKA_LABEL, }, - { CKA_CERT_MD5_HASH, }, - { CKA_CERT_SHA1_HASH }, - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_TRUST_SERVER_AUTH, }, - { CKA_TRUST_EMAIL_PROTECTION, }, - { CKA_TRUST_CODE_SIGNING, }, - { CKA_TRUST_STEP_UP_APPROVED, }, - { CKA_INVALID, } - }; - - CK_ULONG count = p11_attrs_count (template); - - module = p11_kit_module_load (path, 0); - return_val_if_fail (module != NULL, 1); - - rv = p11_kit_module_initialize (module); - return_val_if_fail (rv == CKR_OK, 1); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, &match, 1); - p11_kit_iter_begin_with (iter, module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_dup (template); - rv = p11_kit_iter_load_attributes (iter, attrs, count); - return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1); - p11_attrs_purge (attrs); - dump_object (iter, attrs); - p11_attrs_free (attrs); - } - - return_val_if_fail (rv == CKR_CANCEL, 1); - - p11_kit_module_finalize (module); - p11_kit_module_release (module); - - return 0; -} - -static int -compare_trust_modules (const char *path1, - const char *path2) -{ - CK_FUNCTION_LIST *module1; - CK_FUNCTION_LIST *module2; - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - CK_ATTRIBUTE match = - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; - P11KitIter *iter; - P11KitIter *iter2; - CK_ATTRIBUTE *check; - CK_RV rv; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS, }, - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_CERT_MD5_HASH, }, - { CKA_CERT_SHA1_HASH }, - { CKA_TRUST_SERVER_AUTH, }, - { CKA_TRUST_EMAIL_PROTECTION, }, - { CKA_TRUST_CODE_SIGNING, }, - { CKA_TRUST_STEP_UP_APPROVED, }, - { CKA_INVALID, } - }; - - module1 = p11_kit_module_load (path1, 0); - return_val_if_fail (module1 != NULL, 1); - - rv = p11_kit_module_initialize (module1); - return_val_if_fail (rv == CKR_OK, 1); - - module2 = p11_kit_module_load (path2, 0); - return_val_if_fail (module2 != NULL, 1); - - rv = p11_kit_module_initialize (module2); - return_val_if_fail (rv == CKR_OK, 1); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, &match, 1); - p11_kit_iter_begin_with (iter, module1, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - check = p11_attrs_dup (template); - - rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check)); - return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1); - - /* Go through and remove anything not found */ - p11_attrs_purge (check); - - /* Check that this object exists */ - iter2 = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check)); - p11_kit_iter_begin_with (iter2, module2, 0, 0); - rv = p11_kit_iter_next (iter2); - p11_kit_iter_free (iter2); - - if (rv != CKR_OK) - dump_object (iter, check); - - p11_attrs_free (check); - } - - return_val_if_fail (rv == CKR_CANCEL, 1); - p11_kit_module_finalize (module1); - p11_kit_module_release (module1); - - p11_kit_module_finalize (module2); - p11_kit_module_release (module2); - - return 0; -} - -int -main (int argc, - char *argv[]) -{ - if (argc == 2) { - return dump_trust_module (argv[1]); - } else if (argc == 3) { - return compare_trust_modules (argv[1], argv[2]); - } else { - fprintf (stderr, "usage: frob-nss-trust module\n"); - fprintf (stderr, " frob-nss-trust module1 module2\n"); - return 2; - } -} diff --git a/trust/tests/frob-oid.c b/trust/tests/frob-oid.c deleted file mode 100644 index 5a2499a..0000000 --- a/trust/tests/frob-oid.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *oid = NULL; - char *buf; - int len; - int ret; - - if (argc != 2) { - fprintf (stderr, "usage: frob-oid 1.1.1\n"); - return 2; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - /* AttributeType is a OBJECT IDENTIFIER */ - ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid); - err_if_fail (ret, "AttributeType"); - - ret = asn1_write_value (oid, "", argv[1], strlen (argv[1])); - err_if_fail (ret, "asn1_write_value"); - - len = 0; - ret = asn1_der_coding (oid, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (oid, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - free (buf); - - asn1_delete_structure (&oid); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/tests/frob-pow.c b/trust/tests/frob-pow.c deleted file mode 100644 index f029b2a..0000000 --- a/trust/tests/frob-pow.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include - -static unsigned int -nearest_pow_2 (int num) -{ - unsigned int n = num ? 1 : 0; - while (n < num && n > 0) - n <<= 1; - return n; -} - -int -main (void) -{ - int i; - - for (i = 0; i < 40; i++) - printf ("nearest_pow_2 (%d) == %u\n", i, nearest_pow_2 (i)); - - return 0; -} diff --git a/trust/tests/frob-token.c b/trust/tests/frob-token.c deleted file mode 100644 index 5d57ec1..0000000 --- a/trust/tests/frob-token.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include "token.h" - -int -main (int argc, - char *argv[]) -{ - p11_token *token; - p11_index *index; - int count; - - if (argc != 2) { - fprintf (stderr, "usage: frob-token path\n"); - return 2; - } - - token = p11_token_new (1, argv[1], "Label"); - count = p11_token_load (token); - - printf ("%d files loaded\n", count); - index = p11_token_index (token); - printf ("%d objects loaded\n", p11_index_size (index)); - - p11_token_free (token); - return 0; -} diff --git a/trust/tests/input/anchors/cacert3.der b/trust/tests/input/anchors/cacert3.der deleted file mode 100644 index 56f8c88..0000000 Binary files a/trust/tests/input/anchors/cacert3.der and /dev/null differ diff --git a/trust/tests/input/anchors/testing-ca.der b/trust/tests/input/anchors/testing-ca.der deleted file mode 100644 index d3f70ea..0000000 Binary files a/trust/tests/input/anchors/testing-ca.der and /dev/null differ diff --git a/trust/tests/input/blacklist/self-server.der b/trust/tests/input/blacklist/self-server.der deleted file mode 100644 index 68fe9af..0000000 Binary files a/trust/tests/input/blacklist/self-server.der and /dev/null differ diff --git a/trust/tests/input/cacert-ca.der b/trust/tests/input/cacert-ca.der deleted file mode 100644 index 719b0ff..0000000 Binary files a/trust/tests/input/cacert-ca.der and /dev/null differ diff --git a/trust/tests/input/distrusted.pem b/trust/tests/input/distrusted.pem deleted file mode 100644 index 8de6ff0..0000000 --- a/trust/tests/input/distrusted.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN -QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n -i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L -WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 -6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg -MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV -BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT -MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p -bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA -A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p -mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 -voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH -AwIMEVJlZCBIYXQgSXMgdGhlIENB ------END TRUSTED CERTIFICATE----- diff --git a/trust/tests/input/verisign-v1.p11-kit b/trust/tests/input/verisign-v1.p11-kit deleted file mode 100644 index eaa080d..0000000 --- a/trust/tests/input/verisign-v1.p11-kit +++ /dev/null @@ -1,17 +0,0 @@ -[p11-kit-object-v1] -trusted: true - ------BEGIN CERTIFICATE----- -MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f -zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi -TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW -NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV -Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb ------END CERTIFICATE----- diff --git a/trust/tests/test-asn1.c b/trust/tests/test-asn1.c deleted file mode 100644 index df75dfd..0000000 --- a/trust/tests/test-asn1.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "asn1.h" -#include "debug.h" -#include "oid.h" -#include "x509.h" - -#include -#include -#include - -struct { - p11_dict *asn1_defs; -} test; - -static void -setup (void *unused) -{ - test.asn1_defs = p11_asn1_defs_load (); - assert_ptr_not_null (test.asn1_defs); -} - -static void -teardown (void *unused) -{ - p11_dict_free (test.asn1_defs); - memset (&test, 0, sizeof (test)); -} - -static void -test_tlv_length (void) -{ - struct { - const char *der; - size_t der_len; - int expected; - } tlv_lengths[] = { - { "\x01\x01\x00", 3, 3 }, - { "\x01\x01\x00\x01\x02", 5, 3 }, - { "\x01\x05\x00", 3, -1 }, - { NULL } - }; - - int length; - int i; - - for (i = 0; tlv_lengths[i].der != NULL; i++) { - length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len); - assert_num_eq (tlv_lengths[i].expected, length); - } -} - -static const unsigned char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static void -test_asn1_cache (void) -{ - p11_asn1_cache *cache; - p11_dict *defs; - node_asn *asn; - node_asn *check; - - cache = p11_asn1_cache_new (); - assert_ptr_not_null (cache); - - defs = p11_asn1_cache_defs (cache); - assert_ptr_not_null (defs); - - asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client), NULL); - assert_ptr_not_null (defs); - - /* Place the parsed data in the cache */ - p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - - /* Get it back out */ - check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - assert_ptr_eq (asn, check); - - /* Flush should remove it */ - p11_asn1_cache_flush (cache); - check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - assert_ptr_eq (NULL, check); - - p11_asn1_cache_free (cache); -} - -static void -test_asn1_free (void) -{ - p11_dict *defs; - node_asn *asn; - - defs = p11_asn1_defs_load (); - assert_ptr_not_null (defs); - - asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client), NULL); - assert_ptr_not_null (asn); - - p11_asn1_free (asn); - p11_asn1_free (NULL); - p11_dict_free (defs); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_tlv_length, "/asn1/tlv_length"); - - p11_fixture (NULL, NULL); - p11_test (test_asn1_cache, "/asn1/asn1_cache"); - p11_test (test_asn1_free, "/asn1/free"); - - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-base64.c b/trust/tests/test-base64.c deleted file mode 100644 index ce303e8..0000000 --- a/trust/tests/test-base64.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "base64.h" -#include "debug.h" -#include "message.h" - -#include -#include -#include -#include - -static void -check_decode_msg (const char *file, - int line, - const char *function, - const char *input, - ssize_t input_len, - const unsigned char *expected, - ssize_t expected_len) -{ - unsigned char decoded[8192]; - int length; - - if (input_len < 0) - input_len = strlen (input); - if (expected_len < 0) - expected_len = strlen ((char *)expected); - length = p11_b64_pton (input, input_len, decoded, sizeof (decoded)); - - if (expected == NULL) { - if (length >= 0) - p11_test_fail (file, line, function, "decoding should have failed"); - - } else { - if (length < 0) - p11_test_fail (file, line, function, "decoding failed"); - if (expected_len != length) - p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", - (unsigned long)expected_len, (unsigned long)length); - if (memcmp (decoded, expected, length) != 0) - p11_test_fail (file, line, function, "decoded wrong"); - } -} - -#define check_decode_success(input, input_len, expected, expected_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) - -#define check_decode_failure(input, input_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) - -static void -test_decode_simple (void) -{ - check_decode_success ("", 0, (unsigned char *)"", 0); - check_decode_success ("MQ==", 0, (unsigned char *)"1", 0); - check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1); - check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1); - check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1); -} - -static void -test_decode_thawte (void) -{ - const char *input = - "MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB" - "rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf" - "Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw" - "MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV" - "BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa" - "Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl" - "LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u" - "MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl" - "ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm" - "gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8" - "YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf" - "b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9" - "9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S" - "zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk" - "OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV" - "HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA" - "2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW" - "oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu" - "t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c" - "KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM" - "m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu" - "MdRAGmI0Nj81Aa6sY6A="; - - const unsigned char output[] = { - 0x30, 0x82, 0x04, 0x2a, 0x30, 0x82, 0x03, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x60, - 0x01, 0x97, 0xb7, 0x46, 0xa7, 0xea, 0xb4, 0xb4, 0x9a, 0xd6, 0x4b, 0x2f, 0xf7, 0x90, 0xfb, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, - 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, - 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, - 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, - 0x30, 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xb2, 0xbf, 0x27, 0x2c, 0xfb, 0xdb, 0xd8, 0x5b, 0xdd, 0x78, 0x7b, 0x1b, 0x9e, 0x77, 0x66, - 0x81, 0xcb, 0x3e, 0xbc, 0x7c, 0xae, 0xf3, 0xa6, 0x27, 0x9a, 0x34, 0xa3, 0x68, 0x31, 0x71, 0x38, - 0x33, 0x62, 0xe4, 0xf3, 0x71, 0x66, 0x79, 0xb1, 0xa9, 0x65, 0xa3, 0xa5, 0x8b, 0xd5, 0x8f, 0x60, - 0x2d, 0x3f, 0x42, 0xcc, 0xaa, 0x6b, 0x32, 0xc0, 0x23, 0xcb, 0x2c, 0x41, 0xdd, 0xe4, 0xdf, 0xfc, - 0x61, 0x9c, 0xe2, 0x73, 0xb2, 0x22, 0x95, 0x11, 0x43, 0x18, 0x5f, 0xc4, 0xb6, 0x1f, 0x57, 0x6c, - 0x0a, 0x05, 0x58, 0x22, 0xc8, 0x36, 0x4c, 0x3a, 0x7c, 0xa5, 0xd1, 0xcf, 0x86, 0xaf, 0x88, 0xa7, - 0x44, 0x02, 0x13, 0x74, 0x71, 0x73, 0x0a, 0x42, 0x59, 0x02, 0xf8, 0x1b, 0x14, 0x6b, 0x42, 0xdf, - 0x6f, 0x5f, 0xba, 0x6b, 0x82, 0xa2, 0x9d, 0x5b, 0xe7, 0x4a, 0xbd, 0x1e, 0x01, 0x72, 0xdb, 0x4b, - 0x74, 0xe8, 0x3b, 0x7f, 0x7f, 0x7d, 0x1f, 0x04, 0xb4, 0x26, 0x9b, 0xe0, 0xb4, 0x5a, 0xac, 0x47, - 0x3d, 0x55, 0xb8, 0xd7, 0xb0, 0x26, 0x52, 0x28, 0x01, 0x31, 0x40, 0x66, 0xd8, 0xd9, 0x24, 0xbd, - 0xf6, 0x2a, 0xd8, 0xec, 0x21, 0x49, 0x5c, 0x9b, 0xf6, 0x7a, 0xe9, 0x7f, 0x55, 0x35, 0x7e, 0x96, - 0x6b, 0x8d, 0x93, 0x93, 0x27, 0xcb, 0x92, 0xbb, 0xea, 0xac, 0x40, 0xc0, 0x9f, 0xc2, 0xf8, 0x80, - 0xcf, 0x5d, 0xf4, 0x5a, 0xdc, 0xce, 0x74, 0x86, 0xa6, 0x3e, 0x6c, 0x0b, 0x53, 0xca, 0xbd, 0x92, - 0xce, 0x19, 0x06, 0x72, 0xe6, 0x0c, 0x5c, 0x38, 0x69, 0xc7, 0x04, 0xd6, 0xbc, 0x6c, 0xce, 0x5b, - 0xf6, 0xf7, 0x68, 0x9c, 0xdc, 0x25, 0x15, 0x48, 0x88, 0xa1, 0xe9, 0xa9, 0xf8, 0x98, 0x9c, 0xe0, - 0xf3, 0xd5, 0x31, 0x28, 0x61, 0x11, 0x6c, 0x67, 0x96, 0x8d, 0x39, 0x99, 0xcb, 0xc2, 0x45, 0x24, - 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa, - 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1a, 0x40, - 0xd8, 0x95, 0x65, 0xac, 0x09, 0x92, 0x89, 0xc6, 0x39, 0xf4, 0x10, 0xe5, 0xa9, 0x0e, 0x66, 0x53, - 0x5d, 0x78, 0xde, 0xfa, 0x24, 0x91, 0xbb, 0xe7, 0x44, 0x51, 0xdf, 0xc6, 0x16, 0x34, 0x0a, 0xef, - 0x6a, 0x44, 0x51, 0xea, 0x2b, 0x07, 0x8a, 0x03, 0x7a, 0xc3, 0xeb, 0x3f, 0x0a, 0x2c, 0x52, 0x16, - 0xa0, 0x2b, 0x43, 0xb9, 0x25, 0x90, 0x3f, 0x70, 0xa9, 0x33, 0x25, 0x6d, 0x45, 0x1a, 0x28, 0x3b, - 0x27, 0xcf, 0xaa, 0xc3, 0x29, 0x42, 0x1b, 0xdf, 0x3b, 0x4c, 0xc0, 0x33, 0x34, 0x5b, 0x41, 0x88, - 0xbf, 0x6b, 0x2b, 0x65, 0xaf, 0x28, 0xef, 0xb2, 0xf5, 0xc3, 0xaa, 0x66, 0xce, 0x7b, 0x56, 0xee, - 0xb7, 0xc8, 0xcb, 0x67, 0xc1, 0xc9, 0x9c, 0x1a, 0x18, 0xb8, 0xc4, 0xc3, 0x49, 0x03, 0xf1, 0x60, - 0x0e, 0x50, 0xcd, 0x46, 0xc5, 0xf3, 0x77, 0x79, 0xf7, 0xb6, 0x15, 0xe0, 0x38, 0xdb, 0xc7, 0x2f, - 0x28, 0xa0, 0x0c, 0x3f, 0x77, 0x26, 0x74, 0xd9, 0x25, 0x12, 0xda, 0x31, 0xda, 0x1a, 0x1e, 0xdc, - 0x29, 0x41, 0x91, 0x22, 0x3c, 0x69, 0xa7, 0xbb, 0x02, 0xf2, 0xb6, 0x5c, 0x27, 0x03, 0x89, 0xf4, - 0x06, 0xea, 0x9b, 0xe4, 0x72, 0x82, 0xe3, 0xa1, 0x09, 0xc1, 0xe9, 0x00, 0x19, 0xd3, 0x3e, 0xd4, - 0x70, 0x6b, 0xba, 0x71, 0xa6, 0xaa, 0x58, 0xae, 0xf4, 0xbb, 0xe9, 0x6c, 0xb6, 0xef, 0x87, 0xcc, - 0x9b, 0xbb, 0xff, 0x39, 0xe6, 0x56, 0x61, 0xd3, 0x0a, 0xa7, 0xc4, 0x5c, 0x4c, 0x60, 0x7b, 0x05, - 0x77, 0x26, 0x7a, 0xbf, 0xd8, 0x07, 0x52, 0x2c, 0x62, 0xf7, 0x70, 0x63, 0xd9, 0x39, 0xbc, 0x6f, - 0x1c, 0xc2, 0x79, 0xdc, 0x76, 0x29, 0xaf, 0xce, 0xc5, 0x2c, 0x64, 0x04, 0x5e, 0x88, 0x36, 0x6e, - 0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0, - }; - - check_decode_success (input, -1, output, sizeof (output)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_decode_simple, "/base64/decode-simple"); - p11_test (test_decode_thawte, "/base64/decode-thawte"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c deleted file mode 100644 index 29bac07..0000000 --- a/trust/tests/test-builder.c +++ /dev/null @@ -1,2236 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "attrs.h" -#include "builder.h" -#include "debug.h" -#include "digest.h" -#include "index.h" -#include "message.h" -#include "oid.h" -#include "pkcs11x.h" - -struct { - p11_builder *builder; - p11_index *index; -} test; - -static CK_TRUST trusted = CKT_NSS_TRUSTED; -static CK_TRUST trusted_delegator = CKT_NSS_TRUSTED_DELEGATOR; -static CK_TRUST not_trusted = CKT_NSS_NOT_TRUSTED; -static CK_TRUST trust_unknown = CKT_NSS_TRUST_UNKNOWN; -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; -static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; -static CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION; -static CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE; -static CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509 = CKC_X_509; -static CK_ULONG certificate_authority = 2; -static CK_ULONG other_entity = 3; -static CK_BBOOL truev = CK_TRUE; -static CK_BBOOL falsev = CK_FALSE; - -static void -setup (void *unused) -{ - test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN); - assert_ptr_not_null (test.builder); - - test.index = p11_index_new (p11_builder_build, NULL, NULL, p11_builder_changed, test.builder); - assert_ptr_not_null (test.index); -} - -static void -teardown (void *unused) -{ - p11_builder_free (test.builder); - p11_index_free (test.index); - memset (&test, 0, sizeof (test)); -} - -static void -test_get_cache (void) -{ - p11_asn1_cache *cache; - - cache = p11_builder_get_cache (test.builder); - assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4)); -} - -static void -test_build_data (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE check[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_PRIVATE, &falsev, sizeof (falsev) }, - { CKA_LABEL, "", 0 }, - { CKA_VALUE, "the value", 9 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (check, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_LABEL, "the label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, - { CKA_START_DATE, "20110523", 8 }, - { CKA_END_DATE, "20210520", 8, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_LABEL, "the label", 9 }, - { CKA_ID, "\xf0""a\xd8?\x95\x8fMx\xb1G\xb3\x13""9\x97\x8e\xa9\xc2Q\xba\x9b", 20}, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_empty (void) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - CK_ULONG domain = 0; - CK_ULONG category = 0; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_URL, "http://blah", 11 }, - { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_LABEL, "the label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_VALUE, "", 0 }, - { CKA_START_DATE, "", 0 }, - { CKA_END_DATE, "", 0, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, "", 0 }, - { CKA_SERIAL_NUMBER, "", 0 }, - { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_LABEL, "the label", 9 }, - { CKA_JAVA_MIDP_SECURITY_DOMAIN, &domain, sizeof (domain) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_digest_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static const unsigned char entrust_pretend_ca[] = { - 0x30, 0x82, 0x04, 0x5c, 0x30, 0x82, 0x03, 0x44, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x38, - 0x63, 0xb9, 0x66, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, - 0x05, 0x00, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, - 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, - 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, - 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, - 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, - 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, - 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, - 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x39, 0x31, - 0x32, 0x32, 0x34, 0x31, 0x37, 0x35, 0x30, 0x35, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, - 0x32, 0x34, 0x31, 0x38, 0x32, 0x30, 0x35, 0x31, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, - 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, - 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, - 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, - 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, - 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, - 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, - 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, - 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, - 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, - 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, - 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, - 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, - 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, - 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, - 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, - 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, - 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, - 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, - 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, - 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, - 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, - 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x74, 0x30, 0x72, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, - 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x00, 0x07, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, - 0xbe, 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, 0xbe, - 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x41, 0x00, 0x04, 0x10, 0x30, 0x0e, 0x1b, 0x08, - 0x56, 0x35, 0x2e, 0x30, 0x3a, 0x34, 0x2e, 0x30, 0x03, 0x02, 0x04, 0x90, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x59, 0x47, 0xac, 0x21, 0x84, 0x8a, 0x17, 0xc9, 0x9c, 0x89, 0x53, 0x1e, 0xba, 0x80, 0x85, 0x1a, - 0xc6, 0x3c, 0x4e, 0x3e, 0xb1, 0x9c, 0xb6, 0x7c, 0xc6, 0x92, 0x5d, 0x18, 0x64, 0x02, 0xe3, 0xd3, - 0x06, 0x08, 0x11, 0x61, 0x7c, 0x63, 0xe3, 0x2b, 0x9d, 0x31, 0x03, 0x70, 0x76, 0xd2, 0xa3, 0x28, - 0xa0, 0xf4, 0xbb, 0x9a, 0x63, 0x73, 0xed, 0x6d, 0xe5, 0x2a, 0xdb, 0xed, 0x14, 0xa9, 0x2b, 0xc6, - 0x36, 0x11, 0xd0, 0x2b, 0xeb, 0x07, 0x8b, 0xa5, 0xda, 0x9e, 0x5c, 0x19, 0x9d, 0x56, 0x12, 0xf5, - 0x54, 0x29, 0xc8, 0x05, 0xed, 0xb2, 0x12, 0x2a, 0x8d, 0xf4, 0x03, 0x1b, 0xff, 0xe7, 0x92, 0x10, - 0x87, 0xb0, 0x3a, 0xb5, 0xc3, 0x9d, 0x05, 0x37, 0x12, 0xa3, 0xc7, 0xf4, 0x15, 0xb9, 0xd5, 0xa4, - 0x39, 0x16, 0x9b, 0x53, 0x3a, 0x23, 0x91, 0xf1, 0xa8, 0x82, 0xa2, 0x6a, 0x88, 0x68, 0xc1, 0x79, - 0x02, 0x22, 0xbc, 0xaa, 0xa6, 0xd6, 0xae, 0xdf, 0xb0, 0x14, 0x5f, 0xb8, 0x87, 0xd0, 0xdd, 0x7c, - 0x7f, 0x7b, 0xff, 0xaf, 0x1c, 0xcf, 0xe6, 0xdb, 0x07, 0xad, 0x5e, 0xdb, 0x85, 0x9d, 0xd0, 0x2b, - 0x0d, 0x33, 0xdb, 0x04, 0xd1, 0xe6, 0x49, 0x40, 0x13, 0x2b, 0x76, 0xfb, 0x3e, 0xe9, 0x9c, 0x89, - 0x0f, 0x15, 0xce, 0x18, 0xb0, 0x85, 0x78, 0x21, 0x4f, 0x6b, 0x4f, 0x0e, 0xfa, 0x36, 0x67, 0xcd, - 0x07, 0xf2, 0xff, 0x08, 0xd0, 0xe2, 0xde, 0xd9, 0xbf, 0x2a, 0xaf, 0xb8, 0x87, 0x86, 0x21, 0x3c, - 0x04, 0xca, 0xb7, 0x94, 0x68, 0x7f, 0xcf, 0x3c, 0xe9, 0x98, 0xd7, 0x38, 0xff, 0xec, 0xc0, 0xd9, - 0x50, 0xf0, 0x2e, 0x4b, 0x58, 0xae, 0x46, 0x6f, 0xd0, 0x2e, 0xc3, 0x60, 0xda, 0x72, 0x55, 0x72, - 0xbd, 0x4c, 0x45, 0x9e, 0x61, 0xba, 0xbf, 0x84, 0x81, 0x92, 0x03, 0xd1, 0xd2, 0x69, 0x7c, 0xc5, -}; - -static const unsigned char entrust_public_key[] = { - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, - 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, - 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, - 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, - 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, - 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, - 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, - 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, - 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, - 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, - 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, - 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, - 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, - 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, - 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, - 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, - 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -static void -test_build_certificate_non_ca (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &other_entity, sizeof (other_entity) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_v1_ca (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_staple_ca (void) -{ - CK_ULONG category = 2; /* CA */ - - CK_ATTRIBUTE stapled[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, - { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - /* Adding the stapled extension *first*, and then the certificate */ - - /* Add a stapled certificate */ - rv = p11_index_add (test.index, stapled, 4, NULL); - assert_num_eq (CKR_OK, rv); - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - /* - * Even though the certificate is not a valid CA, the presence of the - * stapled certificate extension transforms it into a CA. - */ - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_staple_ca_backwards (void) -{ - CK_ULONG category = 2; /* CA */ - - CK_ATTRIBUTE stapled[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, - { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_INVALID }, - }; - - CK_RV rv; - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE handle; - - /* Adding the certificate *first*, and then the stapled extension */ - - rv = p11_index_add (test.index, input, 4, &handle); - assert_num_eq (CKR_OK, rv); - - /* Add a stapled certificate */ - rv = p11_index_add (test.index, stapled, 4, NULL); - assert_num_eq (CKR_OK, rv); - - /* - * Even though the certificate is not a valid CA, the presence of the - * stapled certificate extension transforms it into a CA. - */ - attrs = p11_index_lookup (test.index, handle); - test_check_attrs (expected, attrs); -} - -static void -test_build_certificate_no_type (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_build_certificate_bad_type (void) -{ - CK_CERTIFICATE_TYPE type = CKC_WTLS; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_build_extension (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE check[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_PRIVATE, &falsev, sizeof (falsev) }, - { CKA_OBJECT_ID, "\x06\x03\x55\x1d\x50", 5 }, - { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_LABEL, "", 0 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (check, attrs); - p11_attrs_free (attrs); -} - -/* This certificate has and end date in 2067 */ -static const unsigned char cert_distant_end_date[] = { - 0x30, 0x82, 0x01, 0x6a, 0x30, 0x82, 0x01, 0x14, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03, - 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, - 0x2d, 0x69, 0x6e, 0x2d, 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x33, - 0x30, 0x33, 0x32, 0x37, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x36, - 0x37, 0x31, 0x32, 0x32, 0x39, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x28, 0x31, 0x26, - 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, 0x2d, 0x69, 0x6e, 0x2d, - 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xe2, - 0x2d, 0x35, 0x70, 0x75, 0xc0, 0x07, 0x56, 0x40, 0x7d, 0x63, 0xbc, 0xd2, 0x60, 0xb3, 0xcf, 0xb8, - 0x3d, 0x27, 0x6e, 0x10, 0xcd, 0x42, 0x50, 0x51, 0x9d, 0x79, 0x30, 0x79, 0x5a, 0xe3, 0xc3, 0x51, - 0x38, 0x85, 0x4c, 0xb4, 0x91, 0xd9, 0xe6, 0x8d, 0x69, 0x6a, 0xd4, 0x9c, 0x1c, 0x49, 0xc2, 0x25, - 0x2a, 0xc9, 0x2b, 0xf2, 0xf4, 0x8e, 0x8a, 0x3f, 0x8b, 0x4c, 0x97, 0xc3, 0x16, 0x96, 0x99, 0x02, - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x1b, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x03, 0x2a, 0x03, 0x04, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0xc2, 0x83, - 0x27, 0x32, 0x80, 0x74, 0x73, 0xe2, 0xa3, 0x92, 0xaa, 0x7c, 0xd8, 0x50, 0xf4, 0x61, 0x50, 0xb1, - 0x63, 0x9e, 0x29, 0xef, 0x38, 0x1d, 0xc0, 0x55, 0x20, 0x0f, 0x7e, 0xe9, 0x1f, 0xa1, 0x54, 0x1a, - 0x5f, 0x8c, 0x26, 0x1b, 0x66, 0x96, 0x0e, 0x64, 0x52, 0x1c, 0x00, 0x96, 0xfb, 0x81, 0x77, 0xa2, - 0x3a, 0x1d, 0x49, 0x0c, 0x03, 0xd5, 0x19, 0xf2, 0x6a, 0x01, 0x29, 0x31, 0xfb, 0xf5, -}; - -static void -test_build_distant_end_date (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)cert_distant_end_date, sizeof (cert_distant_end_date) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_END_DATE, "20671229", 8 }, - { CKA_START_DATE, "20130327", 8 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_valid_bool (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_BBOOL value = CK_TRUE; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_PRIVATE, &value, sizeof (value) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_bool (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_PRIVATE, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "123"; - input[0].ulValueLen = 3; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - - input[0].pValue = NULL; - input[0].ulValueLen = sizeof (CK_BBOOL); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_ulong (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_ULONG value = 2; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_CERTIFICATE_CATEGORY, &value, sizeof (value) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_ulong (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_CERTIFICATE_CATEGORY, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "123"; - input[0].ulValueLen = 3; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - - input[0].pValue = NULL; - input[0].ulValueLen = sizeof (CK_ULONG); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_utf8 (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_LABEL, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_utf8 (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_LABEL, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "\xfex23"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_dates (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_DATE date; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_START_DATE, &date, sizeof (CK_DATE) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - memcpy (date.year, "2000", sizeof (date.year)); - memcpy (date.month, "10", sizeof (date.month)); - memcpy (date.day, "10", sizeof (date.day)); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); - attrs = NULL; - - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); -} - -static void -test_invalid_dates (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_DATE date; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_START_DATE, &date, sizeof (CK_DATE) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - memcpy (date.year, "AAAA", sizeof (date.year)); - memcpy (date.month, "BB", sizeof (date.month)); - memcpy (date.day, "CC", sizeof (date.day)); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - memcpy (date.year, "2000", sizeof (date.year)); - memcpy (date.month, "15", sizeof (date.month)); - memcpy (date.day, "80", sizeof (date.day)); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_name (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SUBJECT, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); - attrs = NULL; - - input[0].pValue = (void *)test_cacert3_ca_issuer; - input[0].ulValueLen = sizeof (test_cacert3_ca_issuer); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); -} - -static void -test_invalid_name (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SUBJECT, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "blah"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_serial (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SERIAL_NUMBER, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - attrs = NULL; - - input[0].pValue = (void *)test_cacert3_ca_serial; - input[0].ulValueLen = sizeof (test_cacert3_ca_serial); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_serial (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SERIAL_NUMBER, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "blah"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = (void *)test_cacert3_ca_subject; - input[0].ulValueLen = sizeof (test_cacert3_ca_subject); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_cert (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_VALUE, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - attrs = NULL; - - input[0].pValue = (void *)test_cacert3_ca_der; - input[0].ulValueLen = sizeof (test_cacert3_ca_der); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_cert (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_VALUE, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "blah"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = (void *)test_cacert3_ca_subject; - input[0].ulValueLen = sizeof (test_cacert3_ca_subject); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_invalid_schema (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_URL, "http://blah", 11 }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - /* Missing CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY */ - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - - p11_message_loud (); -} - -static void -test_create_not_settable (void) -{ - /* - * CKA_X_PUBLIC_KEY_INFO cannot be created/modified - */ - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); - p11_attrs_free (merge); - - p11_message_loud (); - - p11_attrs_free (attrs); -} - -static void -test_create_but_loadable (void) -{ - /* - * CKA_X_PUBLIC_KEY_INFO cannot be set on creation, but can be set if we're - * loading from our store. This is signified by batching. - */ - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_index_load (test.index); - - attrs = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_index_finish (test.index); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (input, attrs); - p11_attrs_free (attrs); -} - -static void -test_create_unsupported (void) -{ - CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_generated (void) -{ - CK_OBJECT_CLASS klass = CKO_NSS_TRUST; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_bad_attribute (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the value", 9 }, - { CKA_COLOR, "blue", 4 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_missing_attribute (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_no_class (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_token_mismatch (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_TOKEN, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_modify_success (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE modify[] = { - { CKA_VALUE, "new value long", 14 }, - { CKA_LABEL, "new label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "new value long", 14 }, - { CKA_LABEL, "new label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_modify_read_only (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE modify[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - p11_message_quiet (); - - extra = NULL; - merge = p11_attrs_dup (modify); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); - p11_attrs_free (merge); - - p11_message_loud (); - - p11_attrs_free (attrs); -} - -static void -test_modify_unchanged (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - /* - * Although CKA_CLASS is read-only, changing to same value - * shouldn't fail - */ - - CK_ATTRIBUTE modify[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the other", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the other", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_modify_not_modifiable (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE modify[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - p11_message_quiet (); - - extra = NULL; - merge = p11_attrs_dup (modify); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); - p11_attrs_free (merge); - - p11_message_loud (); - - p11_attrs_free (attrs); -} - -static CK_ATTRIBUTE cacert3_assert_distrust_server[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_client[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_code[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_CODE_SIGNING_STR, sizeof (P11_OID_CODE_SIGNING_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_email[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_EMAIL_PROTECTION_STR, sizeof (P11_OID_EMAIL_PROTECTION_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_system[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_END_SYSTEM_STR, sizeof (P11_OID_IPSEC_END_SYSTEM_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_tunnel[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_TUNNEL_STR, sizeof (P11_OID_IPSEC_TUNNEL_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_user[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_USER_STR, sizeof (P11_OID_IPSEC_USER_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_time[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_TIME_STAMPING_STR, sizeof (P11_OID_TIME_STAMPING_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static void -test_changed_trusted_certificate (void) -{ - static CK_ATTRIBUTE cacert3_trusted_certificate[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, - { CKA_START_DATE, "20110523", 8 }, - { CKA_END_DATE, "20210520", 8, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_INVALID }, - }; - - static unsigned char eku_server_and_client[] = { - 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, - }; - - CK_ATTRIBUTE eku_extension_server_and_client[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_VALUE, eku_server_and_client, sizeof (eku_server_and_client) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static char eku_client_email[] = { - 0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01, 0x04, 0x0c, - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, - }; - - static CK_ATTRIBUTE reject_extension_email[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_VALUE, eku_client_email, sizeof (eku_client_email) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE nss_trust_server_and_client_distrust_email[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_CLIENT_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CODE_SIGNING, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_IPSEC_END_SYSTEM, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_IPSEC_TUNNEL, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_IPSEC_USER, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_TIME_STAMPING, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_DIGITAL_SIGNATURE, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_NON_REPUDIATION, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_KEY_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_DATA_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_KEY_AGREEMENT, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_KEY_CERT_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_CRL_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE server_anchor_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE client_anchor_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - /* - * We should get an NSS trust object and various assertions here. - * The first two attributes of each object are enough to look it up, - * and then we check the rest of the attributes match. - */ - - CK_ATTRIBUTE *expected[] = { - nss_trust_server_and_client_distrust_email, - cacert3_assert_distrust_email, - server_anchor_assertion, - client_anchor_assertion, - NULL, - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - int i; - - /* - * A trusted cetrificate, trusted for server and client purposes, - * and explicitly rejects the email and timestamping purposes. - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - - /* The other objects */ - for (i = 0; expected[i]; i++) { - handle = p11_index_find (test.index, expected[i], 2); - assert (handle != 0); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - - test_check_attrs (expected[i], attrs); - } -} - -static void -test_changed_distrust_value (void) -{ - CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate), }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_PRIVATE, &falsev, sizeof (falsev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE eku_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE reject_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE nss_trust_nothing[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_INVALID, } - }; - - /* - * We should get an NSS trust object and various assertions here. - * The first two attributes of each object are enough to look it up, - * and then we check the rest of the attributes match. - */ - - CK_ATTRIBUTE *expected[] = { - nss_trust_nothing, - cacert3_assert_distrust_server, - cacert3_assert_distrust_client, - cacert3_assert_distrust_code, - cacert3_assert_distrust_email, - cacert3_assert_distrust_system, - cacert3_assert_distrust_tunnel, - cacert3_assert_distrust_user, - cacert3_assert_distrust_time, - NULL - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - int i; - - /* - * A distrusted certificate with a value, plus some extra - * extensions (which should be ignored). - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - /* The other objects */ - for (i = 0; expected[i]; i++) { - handle = p11_index_find (test.index, expected[i], 2); - assert (handle != 0); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - - test_check_attrs (expected[i], attrs); - } -} - -static void -test_changed_distrust_serial (void) -{ - CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate), }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE nss_trust_distrust[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_INVALID, } - }; - - /* - * We should get an NSS trust object and various assertions here. - * The first two attributes of each object are enough to look it up, - * and then we check the rest of the attributes match. - */ - - CK_ATTRIBUTE *expected[] = { - nss_trust_distrust, - cacert3_assert_distrust_server, - cacert3_assert_distrust_client, - cacert3_assert_distrust_code, - cacert3_assert_distrust_email, - cacert3_assert_distrust_system, - cacert3_assert_distrust_tunnel, - cacert3_assert_distrust_user, - cacert3_assert_distrust_time, - NULL - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - int i; - - /* - * A distrusted certificate without a value. - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - for (i = 0; expected[i]; i++) { - handle = p11_index_find (test.index, expected[i], 2); - assert (handle != 0); - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - test_check_attrs (expected[i], attrs); - } -} - -static void -test_changed_dup_certificates (void) -{ - static CK_ATTRIBUTE trusted_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE trusted_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE distrust_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE unknown_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_TRUST_SERVER_AUTH, &trust_unknown, sizeof (trust_unknown) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE match_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE anchor_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE distrust_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE match_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE handle1; - CK_OBJECT_HANDLE handle2; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - /* - * A trusted certificate, should create trutsed nss trust - * and anchor assertions - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - handle = p11_index_find (test.index, match_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, match_assertion, -1); - assert (handle != 0); - handle = p11_index_find (test.index, trusted_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, anchor_assertion, -1); - assert (handle != 0); - - /* Now we add a distrusted certificate, should update the objects */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - handle = p11_index_find (test.index, trusted_nss, -1); - assert (handle == 0); - handle = p11_index_find (test.index, distrust_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, anchor_assertion, -1); - assert (handle == 0); - handle = p11_index_find (test.index, distrust_assertion, -1); - assert (handle != 0); - - /* Now remove the trusted cetrificate, should update again */ - rv = p11_index_remove (test.index, handle2); - assert_num_eq (CKR_OK, rv); - - handle = p11_index_find (test.index, trusted_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, distrust_nss, -1); - assert (handle == 0); - handle = p11_index_find (test.index, anchor_assertion, -1); - assert (handle != 0); - handle = p11_index_find (test.index, distrust_assertion, -1); - assert (handle == 0); - - /* Now remove the original certificate, unknown nss and no assertions */ - rv = p11_index_remove (test.index, handle1); - assert_num_eq (CKR_OK, rv); - - handle = p11_index_find (test.index, unknown_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, match_assertion, -1); - assert (handle == 0); -} - -static void -test_changed_without_id (void) -{ - static CK_ATTRIBUTE trusted_without_id[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, NULL, 0, }, - { CKA_INVALID }, - }; - - CK_OBJECT_CLASS klass = 0; - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - /* - * A cetrificate without a CKA_ID that's created should still - * automatically create compat objects. - */ - - CK_OBJECT_HANDLE handle; - CK_RV rv; - - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - klass = CKO_NSS_TRUST; - handle = p11_index_find (test.index, match, -1); - assert (handle != 0); - - klass = CKO_X_TRUST_ASSERTION; - handle = p11_index_find (test.index, match, -1); - assert (handle != 0); -} - -static void -test_changed_staple_ca (void) -{ - CK_ULONG category = 0; - - CK_ATTRIBUTE stapled[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, - { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE match[] = { - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_RV rv; - - attrs = NULL; - rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); - assert_num_eq (CKR_OK, rv); - - /* Not a CA at this point, until we staple */ - category = 0; - assert (p11_index_find (test.index, match, -1) == 0); - - /* Add a stapled basic constraint */ - rv = p11_index_add (test.index, stapled, 4, NULL); - assert_num_eq (CKR_OK, rv); - - /* Now should be a CA */ - category = 2; - assert (p11_index_find (test.index, match, -1) != 0); - - p11_attrs_free (attrs); -} - -static void -test_changed_staple_ku (void) -{ - CK_ATTRIBUTE stapled_ds_and_np[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) }, - { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE nss_trust_ds_and_np[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "the id", 6 }, - { CKA_TRUST_SERVER_AUTH, &trusted, sizeof (trusted) }, - { CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) }, - { CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) }, - { CKA_TRUST_CODE_SIGNING, &trusted, sizeof (trusted) }, - { CKA_TRUST_IPSEC_END_SYSTEM, &trusted, sizeof (trusted) }, - { CKA_TRUST_IPSEC_TUNNEL, &trusted, sizeof (trusted) }, - { CKA_TRUST_IPSEC_USER, &trusted, sizeof (trusted) }, - { CKA_TRUST_TIME_STAMPING, &trusted, sizeof (trusted) }, - { CKA_TRUST_DIGITAL_SIGNATURE, &trusted, sizeof (trusted) }, - { CKA_TRUST_NON_REPUDIATION, &trusted, sizeof (trusted) }, - { CKA_TRUST_KEY_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_DATA_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_KEY_AGREEMENT, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_KEY_CERT_SIGN, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_CRL_SIGN, &trust_unknown, sizeof (trust_unknown) }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - handle = p11_index_find (test.index, nss_trust_ds_and_np, 2); - assert (handle != 0); - - attrs = p11_index_lookup (test.index, handle); - test_check_attrs (nss_trust_ds_and_np, attrs); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_get_cache, "/builder/get_cache"); - p11_test (test_build_data, "/builder/build_data"); - p11_test (test_build_certificate, "/builder/build_certificate"); - p11_test (test_build_certificate_empty, "/builder/build_certificate_empty"); - p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca"); - p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca"); - p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca"); - p11_test (test_build_certificate_staple_ca_backwards, "/builder/build-certificate-staple-ca-backwards"); - p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type"); - p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type"); - p11_test (test_build_extension, "/builder/build_extension"); - p11_test (test_build_distant_end_date, "/builder/build_distant_end_date"); - - p11_test (test_valid_bool, "/builder/valid-bool"); - p11_test (test_valid_ulong, "/builder/valid-ulong"); - p11_test (test_valid_utf8, "/builder/valid-utf8"); - p11_test (test_valid_dates, "/builder/valid-date"); - p11_test (test_valid_name, "/builder/valid-name"); - p11_test (test_valid_serial, "/builder/valid-serial"); - p11_test (test_valid_cert, "/builder/valid-cert"); - p11_test (test_invalid_bool, "/builder/invalid-bool"); - p11_test (test_invalid_ulong, "/builder/invalid-ulong"); - p11_test (test_invalid_utf8, "/builder/invalid-utf8"); - p11_test (test_invalid_dates, "/builder/invalid-date"); - p11_test (test_invalid_name, "/builder/invalid-name"); - p11_test (test_invalid_serial, "/builder/invalid-serial"); - p11_test (test_invalid_cert, "/builder/invalid-cert"); - p11_test (test_invalid_schema, "/builder/invalid-schema"); - - p11_test (test_create_not_settable, "/builder/create_not_settable"); - p11_test (test_create_but_loadable, "/builder/create_but_loadable"); - p11_test (test_create_unsupported, "/builder/create_unsupported"); - p11_test (test_create_generated, "/builder/create_generated"); - p11_test (test_create_bad_attribute, "/builder/create_bad_attribute"); - p11_test (test_create_missing_attribute, "/builder/create_missing_attribute"); - p11_test (test_create_no_class, "/builder/create_no_class"); - p11_test (test_create_token_mismatch, "/builder/create_token_mismatch"); - p11_test (test_modify_success, "/builder/modify_success"); - p11_test (test_modify_read_only, "/builder/modify_read_only"); - p11_test (test_modify_unchanged, "/builder/modify_unchanged"); - p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable"); - - p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate"); - p11_test (test_changed_distrust_value, "/builder/changed_distrust_value"); - p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial"); - p11_test (test_changed_without_id, "/builder/changed_without_id"); - p11_test (test_changed_staple_ca, "/builder/changed_staple_ca"); - p11_test (test_changed_staple_ku, "/builder/changed_staple_ku"); - p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-bundle.c b/trust/tests/test-bundle.c deleted file mode 100644 index 85c0b5f..0000000 --- a/trust/tests/test-bundle.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include -#include -#include -#include - -struct { - CK_FUNCTION_LIST module; - p11_enumerate ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_not_reached (); - free (test.directory); - - p11_enumerate_cleanup (&test.ex); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -test_file (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3.pem"); - - free (destination); -} - -static void -test_file_multiple (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3-twice.pem"); - - free (destination); -} - -static void -test_file_without (void) -{ - char *destination; - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_data (test.directory, "extract.pem", "", 0); - - free (destination); -} - -static void -test_directory (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_pem_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL)); - test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/files/cacert3.pem"); - test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/files/cacert3.pem"); -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_pem_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/pem/test_file"); - p11_test (test_file_multiple, "/pem/test_file_multiple"); - p11_test (test_file_without, "/pem/test_file_without"); - p11_test (test_directory, "/pem/test_directory"); - p11_test (test_directory_empty, "/pem/test_directory_empty"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-cer.c b/trust/tests/test-cer.c deleted file mode 100644 index ba0b9ca..0000000 --- a/trust/tests/test-cer.c +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include -#include -#include -#include - -struct { - CK_FUNCTION_LIST module; - p11_enumerate ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_fail ("rmdir() failed", test.directory); - free (test.directory); - - p11_enumerate_cleanup (&test.ex); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -test_file (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - ret = p11_extract_x509_file (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der"); - - free (destination); -} - -static void -test_file_multiple (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - p11_message_quiet (); - - ret = p11_extract_x509_file (&test.ex, destination); - assert_num_eq (true, ret); - - assert (strstr (p11_message_last (), "multiple certificates") != NULL); - - p11_message_loud (); - - test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der"); - - free (destination); -} - -static void -test_file_without (void) -{ - char *destination; - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - p11_message_quiet (); - - ret = p11_extract_x509_file (&test.ex, destination); - assert_num_eq (false, ret); - - assert (strstr (p11_message_last (), "no certificate") != NULL); - - p11_message_loud (); - - free (destination); -} - -static void -test_directory (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_x509_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL)); - test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/files/cacert3.der"); - test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/files/cacert3.der"); -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_x509_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/x509/test_file"); - p11_test (test_file_multiple, "/x509/test_file_multiple"); - p11_test (test_file_without, "/x509/test_file_without"); - p11_test (test_directory, "/x509/test_directory"); - p11_test (test_directory_empty, "/x509/test_directory_empty"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-digest.c b/trust/tests/test-digest.c deleted file mode 100644 index f2cb669..0000000 --- a/trust/tests/test-digest.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include -#include - -#include "digest.h" - -const char *sha1_input[] = { - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL -}; - -const char *sha1_checksum[] = { - "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", - "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", - NULL -}; - -static void -test_sha1 (void) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - size_t len; - int i; - - for (i = 0; sha1_input[i] != NULL; i++) { - memset (checksum, 0, sizeof (checksum)); - len = strlen (sha1_input[i]); - - p11_digest_sha1 (checksum, sha1_input[i], len, NULL); - assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); - - if (len > 6) { - p11_digest_sha1 (checksum, sha1_input[i], 6, sha1_input[i] + 6, len - 6, NULL); - assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); - } - } -} - -static void -test_sha1_long (void) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - char *expected = "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F"; - char *input; - - input = malloc (1000000); - assert (input != NULL); - memset (input, 'a', 1000000); - - p11_digest_sha1 (checksum, input, 1000000, NULL); - assert (memcmp (expected, checksum, P11_DIGEST_SHA1_LEN) == 0); - - free (input); -} - -const char *md5_input[] = { - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - NULL -}; - -const char *md5_checksum[] = { - "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e", - "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61", - "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", - "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0", - "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b", - NULL -}; - -static void -test_md5 (void) -{ - unsigned char checksum[P11_DIGEST_MD5_LEN]; - size_t len; - int i; - - for (i = 0; md5_input[i] != NULL; i++) { - memset (checksum, 0, sizeof (checksum)); - len = strlen (md5_input[i]); - - p11_digest_md5 (checksum, md5_input[i], len, NULL); - assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); - - if (len > 5) { - p11_digest_md5 (checksum, md5_input[i], 5, md5_input[i] + 5, len - 5, NULL); - assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); - } - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_sha1, "/digest/sha1"); - p11_test (test_sha1_long, "/digest/sha1-long"); - p11_test (test_md5, "/digest/md5"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-enumerate.c b/trust/tests/test-enumerate.c deleted file mode 100644 index 75d3f16..0000000 --- a/trust/tests/test-enumerate.c +++ /dev/null @@ -1,536 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include - - -static void -test_file_name_for_label (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_enumerate ex; - char *name; - - p11_enumerate_init (&ex); - - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - name = p11_enumerate_filename (&ex); - assert_str_eq ("The_Label_", name); - free (name); - - p11_enumerate_cleanup (&ex); -} - -static void -test_file_name_for_class (void) -{ - p11_enumerate ex; - char *name; - - p11_enumerate_init (&ex); - - ex.klass = CKO_CERTIFICATE; - - name = p11_enumerate_filename (&ex); - assert_str_eq ("certificate", name); - free (name); - - ex.klass = CKO_DATA; - - name = p11_enumerate_filename (&ex); - assert_str_eq ("unknown", name); - free (name); - - p11_enumerate_cleanup (&ex); -} - -static void -test_comment_for_label (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_enumerate ex; - char *comment; - - p11_enumerate_init (&ex); - - ex.flags = P11_EXTRACT_COMMENT; - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - comment = p11_enumerate_comment (&ex, true); - assert_str_eq ("# The Label!\n", comment); - free (comment); - - comment = p11_enumerate_comment (&ex, false); - assert_str_eq ("\n# The Label!\n", comment); - free (comment); - - p11_enumerate_cleanup (&ex); -} - -static void -test_comment_not_enabled (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_enumerate ex; - char *comment; - - p11_enumerate_init (&ex); - - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - comment = p11_enumerate_comment (&ex, true); - assert_ptr_eq (NULL, comment); - - comment = p11_enumerate_comment (&ex, false); - assert_ptr_eq (NULL, comment); - - p11_enumerate_cleanup (&ex); -} - -struct { - CK_FUNCTION_LIST module; - CK_FUNCTION_LIST_PTR modules[2]; - p11_enumerate ex; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - /* Prefill the modules */ - test.modules[0] = &test.module; - test.modules[1] = NULL; - test.ex.modules = test.modules; -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - /* Don't free the modules */ - test.ex.modules = NULL; - - p11_enumerate_cleanup (&test.ex); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_OBJECT_CLASS public_key_class = CKO_PUBLIC_KEY; -static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; -static CK_BBOOL truev = CK_TRUE; - -static CK_ATTRIBUTE cacert3_trusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 11 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_distrusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Another CaCert", 11 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_distrusted_by_key[] = { - { CKA_CLASS, &public_key_class, sizeof (public_key_class) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_server_client[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_ID, "ID1", 3 }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_VALUE, "\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 31 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_invalid[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_ID, "ID1", 3 }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x25\x04\x07\x69\x6e\x76\x61\x6c\x69\x64", 16 }, - { CKA_INVALID }, -}; - -static void -test_info_simple_certificate (void) -{ - void *value; - size_t length; - CK_RV rv; - - assert_ptr_not_null (test.ex.asn1_defs); - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (CKO_CERTIFICATE, test.ex.klass); - assert_ptr_not_null (test.ex.attrs); - value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length); - assert_ptr_not_null (value); - assert (memcmp (value, test_cacert3_ca_der, length) == 0); - assert_ptr_not_null (test.ex.cert_der); - assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0); - assert_ptr_not_null (test.ex.cert_asn); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_info_limit_purposes (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - /* This should not match the above, with the stapled certificat ext */ - assert_ptr_eq (NULL, test.ex.limit_to_purposes); - p11_enumerate_opt_purpose (&test.ex, "1.1.1"); - assert_ptr_not_null (test.ex.limit_to_purposes); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_info_invalid_purposes (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_enumerate_ready (&test.ex, NULL); - - p11_kit_be_quiet (); - - /* No results due to invalid purpose on certificate */ - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_kit_be_loud (); -} - -static void -test_info_skip_non_certificate (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - - p11_enumerate_ready (&test.ex, NULL); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (CKO_CERTIFICATE, test.ex.klass); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_message_loud (); -} - -static void -test_limit_to_purpose_match (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR); - p11_enumerate_ready (&test.ex, NULL); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - p11_message_loud (); -} - -static void -test_limit_to_purpose_no_match (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_enumerate_opt_purpose (&test.ex, "3.3.3.3"); - p11_enumerate_ready (&test.ex, NULL); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_message_loud (); -} - -static void -test_duplicate_extract (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_duplicate_distrusted (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_ATTRIBUTE attrs[] = { - { CKA_X_DISTRUSTED, NULL, 0 }, - }; - - CK_BBOOL val; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - - test.ex.flags = P11_ENUMERATE_COLLAPSE; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_load_attributes (test.ex.iter, attrs, 1); - assert_num_eq (CKR_OK, rv); - assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val)); - assert_num_eq (val, CK_TRUE); - free (attrs[0].pValue); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_trusted_match (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_ENUMERATE_ANCHORS; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_distrust_match (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_BBOOL boolv; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_ENUMERATE_BLACKLIST; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv)) - boolv = CK_FALSE; - assert_num_eq (CK_TRUE, boolv); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_override_by_issuer_serial (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_BBOOL distrusted = CK_FALSE; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - assert (p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &distrusted)); - assert_num_eq (CK_TRUE, distrusted); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_override_by_public_key (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key); - - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - /* No results returned, because distrust is not a cert */ - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_test (test_file_name_for_label, "/extract/test_file_name_for_label"); - p11_test (test_file_name_for_class, "/extract/test_file_name_for_class"); - p11_test (test_comment_for_label, "/extract/test_comment_for_label"); - p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled"); - - p11_fixture (setup, teardown); - p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate"); - p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes"); - p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes"); - p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate"); - p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match"); - p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match"); - p11_test (test_duplicate_extract, "/extract/test_duplicate_extract"); - p11_test (test_duplicate_distrusted, "/extract/test-duplicate-distrusted"); - p11_test (test_trusted_match, "/extract/test_trusted_match"); - p11_test (test_distrust_match, "/extract/test_distrust_match"); - p11_test (test_override_by_issuer_serial, "/extract/override-by-issuer-and-serial"); - p11_test (test_override_by_public_key, "/extract/override-by-public-key"); - - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-extract.in b/trust/tests/test-extract.in deleted file mode 100644 index 59f6cd6..0000000 --- a/trust/tests/test-extract.in +++ /dev/null @@ -1,189 +0,0 @@ -#!/bin/sh - -set -euf - -# ----------------------------------------------------------------------------- -# Basic fundamentals - -prefix=@prefix@ -exec_prefix=@exec_prefix@ -datarootdir=@datarootdir@ -datadir=@datadir@ -sysconfdir=@sysconfdir@ -libdir=@libdir@ -privatedir=@privatedir@ -with_trust_paths=@with_trust_paths@ -script=$(basename $0) - -# ----------------------------------------------------------------------------- -# Testing - -warning() -{ - echo "$script: $@" >&2 -} - -assert_fail() -{ - warning $@ - exit 1 -} - -assert_contains() -{ - if ! grep -qF $2 $1; then - assert_fail "$1 does not contain $2" - fi -} - -assert_not_contains() -{ - if grep -qF $2 $1; then - assert_fail "$1 contains $2" - fi -} - -teardown() -{ - for x in $TD; do - if [ -d $x ]; then - rmdir $x - elif [ -f $x ]; then - rm $x - fi - done - TD="" -} - -teardown_dirty() -{ - echo "not ok $TEST_NUMBER $TEST_NAME" - teardown -} - -openssl_quiet() -( - command='/Generating a|-----|^[.+]+$|writing new private key/d' - exec 3>&1 - openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&- -) - -skip() -{ - TEST_SKIP=yes - echo "ok $TEST_NUMBER # skip $TEST_NAME: $@" -} - -setup() -{ - # Parse the trust paths - oldifs="$IFS" - IFS=: - set $with_trust_paths - IFS="$oldifs" - - if [ ! -d $1 ]; then - skip "$1 is not a directory" - return - fi - - SOURCE_1=$1 - if [ $# -lt 2 ]; then - warning "certain tests neutered if only 1 trust path: $with_trust_paths" - SOURCE_2=$1 - else - SOURCE_2=$2 - fi - - # Make a temporary directory - dir=$(mktemp -d) - cd $dir - CLEANUP="$dir $TD" - - # Generate a unique identifier - CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') - CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') - CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') - - # Generate relevant certificates - openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ - -out cert_1.pem -subj /CN=$CERT_1_CN - openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ - -out cert_2.pem -subj /CN=$CERT_2_CN - openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ - -out cert_3.pem -subj /CN=$CERT_3_CN - - TD="cert_1.pem cert_2.pem cert_3.pem $TD" - - mkdir -p $SOURCE_1/anchors - cp cert_1.pem $SOURCE_1/anchors/ - - mkdir -p $SOURCE_2/anchors - cp cert_2.pem $SOURCE_2/anchors/ - cp cert_3.pem $SOURCE_2/anchors/ - - TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD" -} - -run() -{ - TOTAL=0 - for TEST_NAME in $@; do - TOTAL=$(expr $TOTAL + 1) - done - - echo "1..$TOTAL" - - TEST_NUMBER=0 - for TEST_NAME in $@; do - TEST_NUMBER=$(expr $TEST_NUMBER + 1) - ( - trap teardown_dirty EXIT - trap "teardown_dirty; exit 127" INT TERM - TD="" - - TEST_SKIP=no - setup - - if [ $TEST_SKIP != "yes" ]; then - $TEST_NAME - fi - if [ $TEST_SKIP != "yes" ]; then - echo "ok $TEST_NUMBER $TEST_NAME" - fi - - trap - EXIT - teardown - ) - done -} - -# ----------------------------------------------------------------------------- -# Main tests - -test_extract() -{ - trust extract --filter=ca-anchors --format=pem-bundle \ - --purpose=server-auth --comment \ - extract-test.pem - - assert_contains extract-test.pem $CERT_1_CN - assert_contains extract-test.pem $CERT_2_CN - assert_contains extract-test.pem $CERT_3_CN -} - -test_blacklist() -{ - mkdir -p $SOURCE_1/blacklist - cp cert_3.pem $SOURCE_1/blacklist - TD="$SOURCE_1/blacklist/cert_3.pem $TD" - - trust extract --filter=ca-anchors --format=pem-bundle \ - --purpose=server-auth --comment \ - blacklist-test.pem - - assert_contains blacklist-test.pem $CERT_1_CN - assert_not_contains blacklist-test.pem $CERT_3_CN -} - -run test_extract test_blacklist diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c deleted file mode 100644 index fc861b2..0000000 --- a/trust/tests/test-index.c +++ /dev/null @@ -1,1144 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include -#include - -#include "attrs.h" -#include "debug.h" -#include "index.h" -#include "message.h" - -struct { - p11_index *index; -} test; - -static void -setup (void *unused) -{ - test.index = p11_index_new (NULL, NULL, NULL, NULL, NULL); - assert_ptr_not_null (test.index); -} - -static void -teardown (void *unused) -{ - p11_index_free (test.index); - memset (&test, 0, sizeof (test)); -} - -static void -test_take_lookup (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); - - check = p11_index_lookup (test.index, 1UL); - assert_ptr_eq (NULL, check); - - check = p11_index_lookup (test.index, 0UL); - assert_ptr_eq (NULL, check); -} - -static void -test_add_lookup (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - rv = p11_index_add (test.index, original, 2, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); -} - -static void -test_size (void) -{ - static CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_RV rv; - - rv = p11_index_add (test.index, original, 2, NULL); - assert (rv == CKR_OK); - - rv = p11_index_add (test.index, original, 2, NULL); - assert (rv == CKR_OK); - - rv = p11_index_add (test.index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (3, p11_index_size (test.index)); -} - -static int -compar_ulong (const void *one, - const void *two) -{ - const CK_ULONG *u1 = one; - const CK_ULONG *u2 = two; - - if (*u1 == *u2) - return 0; - if (*u1 < *u2) - return -1; - return 1; -} - -static void -test_snapshot (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - static const int NUM = 16; - CK_OBJECT_HANDLE expected[NUM]; - CK_OBJECT_HANDLE *snapshot; - int i; - - for (i = 0; i < NUM; i++) - p11_index_add (test.index, original, 2, expected + i); - - snapshot = p11_index_snapshot (test.index, NULL, NULL, 0); - assert_ptr_not_null (snapshot); - - for (i = 0; i < NUM; i++) - assert (snapshot[i] != 0); - assert (snapshot[NUM] == 0); - - qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong); - - for (i = 0; i < NUM; i++) - assert_num_eq (expected[i], snapshot[i]); - - free (snapshot); -} - -static void -test_snapshot_base (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - static const int NUM = 16; - CK_OBJECT_HANDLE expected[NUM]; - CK_OBJECT_HANDLE *snapshot; - CK_RV rv; - int i; - - for (i = 0; i < NUM; i++) { - rv = p11_index_add (test.index, original, 2, expected + i); - assert (rv == CKR_OK); - } - - snapshot = p11_index_snapshot (test.index, test.index, NULL, 0); - assert_ptr_not_null (snapshot); - - for (i = 0; i < NUM * 2; i++) - assert (snapshot[i] != 0); - assert (snapshot[NUM * 2] == 0); - - qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong); - - for (i = 0; i < NUM * 2; i++) - assert_num_eq (expected[i / 2], snapshot[i]); - - free (snapshot); -} - -static void -test_remove (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - assert_ptr_eq (attrs, check); - - rv = p11_index_remove (test.index, 1UL); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = p11_index_remove (test.index, handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - assert_ptr_eq (NULL, check); -} - -static void -test_set (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; - - CK_ATTRIBUTE changed[] = { - { CKA_LABEL, "naay", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); - - rv = p11_index_set (test.index, handle, &change, 1); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (changed, check); - - rv = p11_index_set (test.index, 1UL, &change, 1); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_update (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; - - CK_ATTRIBUTE changed[] = { - { CKA_LABEL, "naay", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); - - attrs = p11_attrs_build (NULL, &change, NULL); - rv = p11_index_update (test.index, handle, attrs); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (changed, check); - - attrs = p11_attrs_build (NULL, &change, NULL); - rv = p11_index_update (test.index, 1L, attrs); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_find (void) -{ - CK_ATTRIBUTE first[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "two", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE third[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "three", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match3[] = { - { CKA_VALUE, "three", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_any[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_none[] = { - { CKA_VALUE, "blonononon", 10 }, - { CKA_LABEL, "yay", 3 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE check; - CK_OBJECT_HANDLE one; - CK_OBJECT_HANDLE two; - CK_OBJECT_HANDLE three; - - p11_index_add (test.index, first, 2, &one); - p11_index_add (test.index, second, 2, &two); - p11_index_add (test.index, third, 2, &three); - - check = p11_index_find (test.index, match3, -1); - assert_num_eq (three, check); - - check = p11_index_find (test.index, match3, 1); - assert_num_eq (three, check); - - check = p11_index_find (test.index, match_any, -1); - assert (check == one || check == two || check == three); - - check = p11_index_find (test.index, match_any, 1); - assert (check == one || check == two || check == three); - - check = p11_index_find (test.index, match_none, -1); - assert_num_eq (0, check); - - check = p11_index_find (test.index, match_none, 2); - assert_num_eq (0, check); -} - -static bool -handles_are (CK_OBJECT_HANDLE *handles, - ...) -{ - CK_OBJECT_HANDLE handle; - bool matched = true; - int count; - int num; - va_list va; - int i; - - if (!handles) - return false; - - /* Count number of handles */ - for (num = 0; handles[num]; num++); - - va_start (va, handles); - - for (count = 0; matched; count++) { - handle = va_arg (va, CK_OBJECT_HANDLE); - if (handle == 0) - break; - - for (i = 0; handles[i]; i++) { - if (handle == handles[i]) - break; - } - - if (handles[i] != handle) - matched = false; - } - - va_end (va); - - return matched && (count == num); -} - -static void -test_find_all (void) -{ - CK_ATTRIBUTE first[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "even", 4 }, - { CKA_VALUE, "two", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE third[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "three", 5 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_odd[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_3[] = { - { CKA_VALUE, "three", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_any[] = { - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_none[] = { - { CKA_VALUE, "blonononon", 10 }, - { CKA_LABEL, "yay", 3 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE *check; - CK_OBJECT_HANDLE one; - CK_OBJECT_HANDLE two; - CK_OBJECT_HANDLE three; - - p11_index_add (test.index, first, 3, &one); - p11_index_add (test.index, second, 3, &two); - p11_index_add (test.index, third, 3, &three); - - check = p11_index_find_all (test.index, match_3, -1); - assert (handles_are (check, three, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_none, -1); - assert (handles_are (check, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_odd, -1); - assert (handles_are (check, one, three, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_any, -1); - assert (handles_are (check, one, two, three, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_none, -1); - assert_ptr_not_null (check); - assert_num_eq (0, check[0]); - free (check); - - /* A double check of this method */ - one = 0UL; - check = &one; - assert (!handles_are (check, 29292929, 0UL)); - assert (!handles_are (NULL, 0UL)); -} - -static void -test_find_realloc (void) -{ - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE *check; - int i; - - for (i = 0; i < 1000; i++) - p11_index_add (test.index, attrs, 3, NULL); - - check = p11_index_find_all (test.index, match, -1); - assert_ptr_not_null (check); - - for (i = 0; i < 1000; i++) - assert (check[i] != 0); - assert_num_eq (0, check[1000]); - - free (check); -} - -static void -test_replace_all (void) -{ - CK_ATTRIBUTE first[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "even", 4 }, - { CKA_VALUE, "two", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE third[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "three", 5 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE fifth[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "five", 4 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE eins[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "replace", 7 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE sieben[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "seven", 5 }, - { CKA_APPLICATION, "replace", 7 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE neun[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "nine", 4 }, - { CKA_APPLICATION, "replace", 7 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE check; - CK_OBJECT_HANDLE one; - CK_OBJECT_HANDLE two; - CK_OBJECT_HANDLE three; - CK_OBJECT_HANDLE five; - p11_array *array; - CK_RV rv; - - p11_index_add (test.index, first, 3, &one); - assert (one != 0); - p11_index_add (test.index, second, 3, &two); - assert (two != 0); - p11_index_add (test.index, third, 3, &three); - assert (three != 0); - p11_index_add (test.index, fifth, 3, &five); - assert (five != 0); - - array = p11_array_new (p11_attrs_free); - p11_array_push (array, p11_attrs_buildn (NULL, eins, 3)); - p11_array_push (array, p11_attrs_buildn (NULL, sieben, 3)); - p11_array_push (array, p11_attrs_buildn (NULL, neun, 3)); - - rv = p11_index_replace_all (test.index, match, CKA_VALUE, array); - assert (rv == CKR_OK); - - assert_num_eq (0, array->num); - p11_array_free (array); - - /* eins should have replaced one */ - check = p11_index_find (test.index, eins, -1); - assert_num_eq (one, check); - - /* two should still be around */ - check = p11_index_find (test.index, second, -1); - assert_num_eq (two, check); - - /* three should have been removed */ - check = p11_index_find (test.index, third, -1); - assert_num_eq (0, check); - - /* five should have been removed */ - check = p11_index_find (test.index, fifth, -1); - assert_num_eq (0, check); - - /* sieben should have been added */ - check = p11_index_find (test.index, sieben, -1); - assert (check != one && check != two && check != three && check != five); - - /* neun should have been added */ - check = p11_index_find (test.index, neun, -1); - assert (check != one && check != two && check != three && check != five); - - assert_num_eq (4, p11_index_size (test.index)); -} - -static CK_RV -on_index_build_fail (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - CK_ATTRIBUTE *match = data; - - if (p11_attrs_match (merge, match)) - return CKR_FUNCTION_FAILED; - - return CKR_OK; -} - -static void -test_replace_all_build_fails (void) -{ - CK_ATTRIBUTE replace[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_INVALID } - }; - - p11_array *array; - p11_index *index; - CK_RV rv; - - index = p11_index_new (on_index_build_fail, NULL, NULL, NULL, &match); - assert_ptr_not_null (index); - - array = p11_array_new (p11_attrs_free); - if (!p11_array_push (array, p11_attrs_dup (replace))) - assert_not_reached (); - - rv = p11_index_replace_all (index, NULL, CKA_INVALID, array); - assert_num_eq (rv, CKR_FUNCTION_FAILED); - - p11_array_free (array); - p11_index_free (index); -} - - -static CK_RV -on_build_populate (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - CK_ATTRIBUTE more[] = { - { CKA_APPLICATION, "vigorous", 8 }, - { CKA_LABEL, "naay", 4 }, - }; - - assert_str_eq (data, "blah"); - assert_ptr_not_null (index); - assert_ptr_not_null (merge); - - *populate = p11_attrs_buildn (*populate, more, 2); - return CKR_OK; -} - -static void -test_build_populate (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_ATTRIBUTE after[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "vigorous", 8 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *check; - p11_index *index; - CK_RV rv; - - index = p11_index_new (on_build_populate, NULL, NULL, NULL, "blah"); - assert_ptr_not_null (index); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (index, handle); - assert_ptr_not_null (check); - - test_check_attrs (after, check); - - rv = p11_index_set (index, handle, original, 2); - assert (rv == CKR_OK); - - check = p11_index_lookup (index, handle); - assert_ptr_not_null (check); - - test_check_attrs (after, check); - - p11_index_free (index); -} - -static CK_RV -on_build_fail (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - CK_ATTRIBUTE check[] = { - { CKA_LABEL, "nay", 3 }, - { CKA_INVALID } - }; - - assert_str_eq (data, "testo"); - assert_ptr_not_null (merge); - - if (p11_attrs_match (merge, check)) - return CKR_DEVICE_ERROR; - - return CKR_OK; -} - - -static void -test_build_fail (void) -{ - CK_ATTRIBUTE okay[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE fails[] = { - { CKA_LABEL, "nay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (on_build_fail, NULL, NULL, NULL, "testo"); - assert_ptr_not_null (index); - - rv = p11_index_add (index, okay, 2, &handle); - assert (rv == CKR_OK); - - rv = p11_index_add (index, fails, 2, NULL); - assert (rv == CKR_DEVICE_ERROR); - - rv = p11_index_set (index, handle, fails, 2); - assert (rv == CKR_DEVICE_ERROR); - - rv = p11_index_set (index, handle, okay, 2); - assert (rv == CKR_OK); - - p11_index_free (index); -} - -static int on_change_called = 0; -static bool on_change_removing = false; -static bool on_change_batching = false; - -static void -on_change_check (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE check[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - assert_str_eq (data, "change-check"); - assert_ptr_not_null (index); - assert_ptr_not_null (attrs); - - if (!on_change_batching) { - if (on_change_removing) - assert_num_eq (0, handle); - else - assert (handle != 0); - } - - test_check_attrs (check, attrs); - on_change_called++; -} - -static void -test_change_called (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); - assert_ptr_not_null (index); - - on_change_removing = false; - on_change_called = 0; - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (1, on_change_called); - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (2, on_change_called); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - assert_num_eq (3, on_change_called); - - on_change_removing = true; - - rv = p11_index_remove (index, handle); - assert (rv == CKR_OK); - - assert_num_eq (4, on_change_called); - - p11_index_free (index); -} - -static void -test_change_batch (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); - assert_ptr_not_null (index); - - on_change_batching = true; - on_change_called = 0; - - p11_index_load (index); - - assert (p11_index_loading (index)); - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - /* Nested batch is a noop */ - p11_index_load (index); - - rv = p11_index_remove (index, handle); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - /* - * Batch finishes when first finish call is called, - * even when batches are nested - */ - p11_index_finish (index); - - assert (!p11_index_loading (index)); - - /* - * Only three calls, because later operations on the - * same handle override the earlier one. - */ - assert_num_eq (3, on_change_called); - - /* This is a noop */ - p11_index_finish (index); - - assert (!p11_index_loading (index)); - - p11_index_free (index); -} - -static void -on_change_nested (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - CK_RV rv; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - assert_str_eq (data, "change-nested"); - on_change_called++; - - /* A nested call */ - rv = p11_index_add (index, second, 2, NULL); - assert (rv == CKR_OK); -} - -static void -test_change_nested (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, NULL, on_change_nested, "change-nested"); - assert_ptr_not_null (index); - - on_change_called = 0; - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - assert_num_eq (1, on_change_called); - - - on_change_called = 0; - p11_index_load (index); - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - p11_index_finish (index); - assert_num_eq (1, on_change_called); - - p11_index_free (index); -} - -static CK_RV -on_remove_callback (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs) -{ - int *removed = data; - assert_ptr_not_null (removed); - assert_num_eq (*removed, 0); - *removed = 1; - return CKR_OK; -} - -static void -test_remove_callback (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - int removed = 0; - CK_RV rv; - - index = p11_index_new (NULL, NULL, on_remove_callback, NULL, &removed); - assert_ptr_not_null (index); - - rv = p11_index_add (index, original, 2, &handle); - assert_num_eq (rv, CKR_OK); - - assert_ptr_not_null (p11_index_lookup (index, handle)); - - rv = p11_index_remove (index, handle); - assert_num_eq (rv, CKR_OK); - - assert_num_eq (removed, 1); - assert_ptr_eq (p11_index_lookup (index, handle), NULL); - - p11_index_free (index); -} - -static CK_RV -on_remove_fail (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs) -{ - assert_str_eq (data, "remove-fail"); - return CKR_DEVICE_REMOVED; -} - -static void -test_remove_fail (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, on_remove_fail, NULL, "remove-fail"); - assert_ptr_not_null (index); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - assert_ptr_not_null (p11_index_lookup (index, handle)); - - rv = p11_index_remove (index, handle); - assert_num_eq (rv, CKR_DEVICE_REMOVED); - - assert_ptr_not_null (p11_index_lookup (index, handle)); - - p11_index_free (index); -} - -int -main (int argc, - char *argv[]) -{ - p11_message_quiet (); - - p11_fixture (setup, teardown); - p11_test (test_add_lookup, "/index/add_lookup"); - p11_test (test_take_lookup, "/index/take_lookup"); - p11_test (test_size, "/index/size"); - p11_test (test_remove, "/index/remove"); - p11_test (test_snapshot, "/index/snapshot"); - p11_test (test_snapshot_base, "/index/snapshot_base"); - p11_test (test_set, "/index/set"); - p11_test (test_update, "/index/update"); - p11_test (test_find, "/index/find"); - p11_test (test_find_all, "/index/find_all"); - p11_test (test_find_realloc, "/index/find_realloc"); - p11_test (test_replace_all, "/index/replace_all"); - - p11_fixture (NULL, NULL); - p11_test (test_build_populate, "/index/build_populate"); - p11_test (test_build_fail, "/index/build_fail"); - p11_test (test_change_called, "/index/change_called"); - p11_test (test_change_batch, "/index/change_batch"); - p11_test (test_change_nested, "/index/change_nested"); - p11_test (test_replace_all_build_fails, "/index/replace-all-build-fails"); - p11_test (test_remove_callback, "/index/remove-callback"); - p11_test (test_remove_fail, "/index/remove-fail"); - - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c deleted file mode 100644 index c272a88..0000000 --- a/trust/tests/test-module.c +++ /dev/null @@ -1,1217 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define CRYPTOKI_EXPORTS - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "attrs.h" -#include "digest.h" -#include "library.h" -#include "path.h" -#include "parser.h" -#include "pkcs11x.h" -#include "token.h" - -#include - -/* - * This is the number of input paths. Should match the - * paths below near : - * - * paths='%s' - */ -#define NUM_SLOTS 3 - -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_BBOOL vtrue = CK_TRUE; -static CK_BBOOL vfalse = CK_FALSE; - -struct { - CK_FUNCTION_LIST *module; - CK_SLOT_ID slots[NUM_SLOTS]; - char *directory; - p11_asn1_cache *cache; - p11_parser *parser; -} test; - -static void -setup (void *unused) -{ - CK_C_INITIALIZE_ARGS args; - const char *paths; - char *arguments; - CK_ULONG count; - CK_RV rv; - - memset (&test, 0, sizeof (test)); - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&test.module); - assert (rv == CKR_OK); - - memset (&args, 0, sizeof (args)); - paths = SRCDIR "/input" P11_PATH_SEP \ - SRCDIR "/files/self-signed-with-ku.der" P11_PATH_SEP \ - SRCDIR "/files/thawte.pem"; - if (asprintf (&arguments, "paths='%s'", paths) < 0) - assert (false && "not reached"); - args.pReserved = arguments; - args.flags = CKF_OS_LOCKING_OK; - - rv = test.module->C_Initialize (&args); - assert (rv == CKR_OK); - - free (arguments); - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); - assert (rv == CKR_OK); - assert (count == NUM_SLOTS); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (test.parser) - p11_parser_free (test.parser); - p11_asn1_cache_free (test.cache); - - rv = test.module->C_Finalize (NULL); - assert (rv == CKR_OK); - - free (test.directory); - - memset (&test, 0, sizeof (test)); -} - -static void -setup_writable (void *unused) -{ - CK_C_INITIALIZE_ARGS args; - char *arguments; - CK_ULONG count; - CK_RV rv; - - memset (&test, 0, sizeof (test)); - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&test.module); - assert (rv == CKR_OK); - - test.directory = p11_test_directory ("test-module"); - - memset (&args, 0, sizeof (args)); - if (asprintf (&arguments, "paths='%s'", test.directory) < 0) - assert (false && "not reached"); - args.pReserved = arguments; - args.flags = CKF_OS_LOCKING_OK; - - rv = test.module->C_Initialize (&args); - assert (rv == CKR_OK); - - free (arguments); - - count = 1; - rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); - assert_num_eq (rv, CKR_OK); - assert_num_eq (count, 1); - - test.cache = p11_asn1_cache_new (); - test.parser = p11_parser_new (test.cache); - p11_parser_formats (test.parser, p11_parser_format_persist, NULL); -} - -static void -test_get_slot_list (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_ULONG count; - CK_RV rv; - int i; - - rv = test.module->C_GetSlotList (TRUE, NULL, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - count = 1; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_BUFFER_TOO_SMALL, rv); - assert_num_eq (NUM_SLOTS, count); - - count = NUM_SLOTS; - memset (slots, 0, sizeof (slots)); - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - for (i = 0; i < NUM_SLOTS; i++) - assert (slots[i] != 0); -} - -static void -test_null_initialize (void) -{ - CK_FUNCTION_LIST *module; - CK_RV rv; - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&module); - assert_num_eq (rv, CKR_OK); - - rv = module->C_Initialize (NULL); - assert_num_eq (rv, CKR_OK); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static void -test_multi_initialize (void) -{ - static CK_C_INITIALIZE_ARGS args = - { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; - CK_FUNCTION_LIST *module; - CK_SESSION_HANDLE session; - CK_SLOT_ID slots[8]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&module); - assert_num_eq (rv, CKR_OK); - - rv = module->C_Initialize (&args); - assert_num_eq (rv, CKR_OK); - - count = 8; - rv = module->C_GetSlotList (CK_TRUE, slots, &count); - assert_num_eq (rv, CKR_OK); - assert_num_cmp (count, >, 0); - - rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (info.slotID, slots[0]); - - rv = module->C_Initialize (&args); - assert_num_eq (rv, CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (info.slotID, slots[0]); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv); -} - -static void -test_get_slot_info (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_SLOT_INFO info; - char description[64]; - CK_ULONG count; - size_t length; - CK_RV rv; - int i; - - /* These are the paths passed in in setup() */ - const char *paths[] = { - SRCDIR "/input", - SRCDIR "/files/self-signed-with-ku.der", - SRCDIR "/files/thawte.pem" - }; - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_GetSlotInfo (slots[i], &info); - assert_num_eq (CKR_OK, rv); - - memset (description, ' ', sizeof (description)); - length = strlen(paths[i]); - if (length > sizeof (description)) - length = sizeof (description); - memcpy (description, paths[i], length); - assert (memcmp (info.slotDescription, description, sizeof (description)) == 0); - } -} - -static void -test_get_token_info (void) -{ - CK_C_INITIALIZE_ARGS args; - CK_FUNCTION_LIST *module; - CK_SLOT_ID slots[NUM_SLOTS]; - CK_TOKEN_INFO info; - char label[32]; - CK_ULONG count; - CK_RV rv; - int i; - - /* These are the paths passed in in setup() */ - const char *labels[] = { - "System Trust", - "Default Trust", - "the-basename", - }; - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&module); - assert (rv == CKR_OK); - - memset (&args, 0, sizeof (args)); - args.pReserved = "paths='" \ - SYSCONFDIR "/input" P11_PATH_SEP \ - DATADIR "/files/blah" P11_PATH_SEP \ - "/some/other/path/the-basename'"; - args.flags = CKF_OS_LOCKING_OK; - - rv = module->C_Initialize (&args); - assert (rv == CKR_OK); - - count = NUM_SLOTS; - rv = module->C_GetSlotList (CK_TRUE, slots, &count); - assert (rv == CKR_OK); - assert (count == NUM_SLOTS); - - for (i = 0; i < NUM_SLOTS; i++) { - rv = module->C_GetTokenInfo (slots[i], &info); - assert_num_eq (CKR_OK, rv); - - memset (label, ' ', sizeof (label)); - memcpy (label, labels[i], strlen (labels[i])); - assert (memcmp (info.label, label, sizeof (label)) == 0); - } - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static void -test_get_session_info (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_SESSION_HANDLE sessions[NUM_SLOTS]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - int i; - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - /* Open two sessions with each token */ - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetSessionInfo (sessions[i], &info); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (slots[i], info.slotID); - assert_num_eq (CKF_SERIAL_SESSION, info.flags); - } -} - -static void -test_close_all_sessions (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_SESSION_HANDLE sessions[NUM_SLOTS][2]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - int i; - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - /* Open two sessions with each token */ - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - } - - /* Close all the sessions on the first token */ - rv = test.module->C_CloseAllSessions (slots[0]); - assert_num_eq (CKR_OK, rv); - - /* Those sessions should be closed */ - rv = test.module->C_GetSessionInfo (sessions[0][0], &info); - assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); - rv = test.module->C_GetSessionInfo (sessions[0][1], &info); - assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); - - /* Other sessions should still be open */ - for (i = 1; i < NUM_SLOTS; i++) { - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - } -} - -static CK_ULONG -find_objects (CK_ATTRIBUTE *match, - CK_OBJECT_HANDLE *sessions, - CK_OBJECT_HANDLE *objects, - CK_ULONG max_objects) -{ - CK_SESSION_HANDLE session; - CK_RV rv; - CK_ULONG found; - CK_ULONG count; - int i, j; - - found = 0; - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match)); - assert (rv == CKR_OK); - rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count); - assert (rv == CKR_OK); - rv = test.module->C_FindObjectsFinal (session); - assert (rv == CKR_OK); - - for (j = found ; j < found + count; j++) - sessions[j] = session; - found += count; - } - - assert (found < max_objects); - return found; -} - -static void -check_trust_object_equiv (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE trust, - CK_ATTRIBUTE *cert) -{ - unsigned char subject[1024]; - unsigned char issuer[1024]; - unsigned char serial[128]; - CK_BBOOL private; - CK_BBOOL token; - CK_RV rv; - - /* The following attributes should be equivalent to the certificate */ - CK_ATTRIBUTE equiv[] = { - { CKA_TOKEN, &token, sizeof (token) }, - { CKA_PRIVATE, &private, sizeof (private) }, - { CKA_ISSUER, issuer, sizeof (issuer) }, - { CKA_SUBJECT, subject, sizeof (subject) }, - { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, - { CKA_INVALID, }, - }; - - rv = test.module->C_GetAttributeValue (session, trust, equiv, 5); - assert_num_eq (CKR_OK, rv); - - test_check_attrs (equiv, cert); -} - -static void -check_trust_object_hashes (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE trust, - CK_ATTRIBUTE *cert) -{ - unsigned char sha1[P11_DIGEST_SHA1_LEN]; - unsigned char md5[P11_DIGEST_MD5_LEN]; - unsigned char check[128]; - CK_ATTRIBUTE *value; - CK_RV rv; - - CK_ATTRIBUTE hashes[] = { - { CKA_CERT_SHA1_HASH, sha1, sizeof (sha1) }, - { CKA_CERT_MD5_HASH, md5, sizeof (md5) }, - { CKA_INVALID, }, - }; - - rv = test.module->C_GetAttributeValue (session, trust, hashes, 2); - assert (rv == CKR_OK); - - value = p11_attrs_find_valid (cert, CKA_VALUE); - assert_ptr_not_null (value); - - p11_digest_md5 (check, value->pValue, value->ulValueLen, NULL); - assert (memcmp (md5, check, sizeof (md5)) == 0); - - p11_digest_sha1 (check, value->pValue, value->ulValueLen, NULL); - assert (memcmp (sha1, check, sizeof (sha1)) == 0); -} - -static void -check_has_trust_object (CK_ATTRIBUTE *cert) -{ - CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; - CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) }; - CK_OBJECT_HANDLE objects[2]; - CK_SESSION_HANDLE sessions[2]; - CK_ATTRIBUTE *match; - CK_ATTRIBUTE *attr; - CK_ULONG count; - - attr = p11_attrs_find_valid (cert, CKA_ID); - assert_ptr_not_null (attr); - - match = p11_attrs_build (NULL, &klass, attr, NULL); - count = find_objects (match, sessions, objects, 2); - assert_num_eq (1, count); - - check_trust_object_equiv (sessions[0], objects[0], cert); - check_trust_object_hashes (sessions[0], objects[0], cert); - - p11_attrs_free (match); -} - -static void -check_certificate (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE handle) -{ - unsigned char label[4096]= { 0, }; - CK_OBJECT_CLASS klass; - unsigned char value[4096]; - unsigned char subject[1024]; - unsigned char issuer[1024]; - unsigned char serial[128]; - unsigned char id[128]; - CK_CERTIFICATE_TYPE type; - CK_BYTE check[3]; - CK_DATE start; - CK_DATE end; - CK_ULONG category; - CK_BBOOL private; - CK_BBOOL token; - CK_RV rv; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_TOKEN, &token, sizeof (token) }, - { CKA_PRIVATE, &private, sizeof (private) }, - { CKA_VALUE, value, sizeof (value) }, - { CKA_ISSUER, issuer, sizeof (issuer) }, - { CKA_SUBJECT, subject, sizeof (subject) }, - { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_START_DATE, &start, sizeof (start) }, - { CKA_END_DATE, &end, sizeof (end) }, - { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, - { CKA_CHECK_VALUE, check, sizeof (check) }, - { CKA_ID, id, sizeof (id) }, - { CKA_LABEL, label, sizeof (label) }, - { CKA_INVALID, }, - }; - - /* Note that we don't pass the CKA_INVALID attribute in */ - rv = test.module->C_GetAttributeValue (session, handle, attrs, 14); - assert_num_eq (rv, CKR_OK); - - /* If this is the cacert3 certificate, check its values */ - if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) { - CK_BBOOL trusted; - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE anchor[] = { - { CKA_TRUSTED, &trusted, sizeof (trusted) }, - { CKA_INVALID, }, - }; - - CK_ATTRIBUTE check[] = { - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID, }, - }; - - test_check_cacert3_ca (attrs, NULL); - - /* Get anchor specific attributes */ - rv = test.module->C_GetAttributeValue (session, handle, anchor, 1); - assert (rv == CKR_OK); - - /* It lives in the trusted directory */ - test_check_attrs (check, anchor); - - /* Other certificates, we can't check the values */ - } else { - test_check_object (attrs, CKO_CERTIFICATE, NULL); - } - - check_has_trust_object (attrs); -} - -static void -test_find_certificates (void) -{ - CK_OBJECT_CLASS klass = CKO_CERTIFICATE; - - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE objects[16]; - CK_SESSION_HANDLE sessions[16]; - CK_ULONG count; - CK_ULONG i; - - count = find_objects (match, sessions, objects, 16); - assert_num_eq (8, count); - - for (i = 0; i < count; i++) - check_certificate (sessions[i], objects[i]); -} - -static void -test_find_builtin (void) -{ - CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST; - - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE objects[16]; - CK_SESSION_HANDLE sessions[16]; - CK_ULONG count; - - /* One per token */ - count = find_objects (match, sessions, objects, 16); - assert_num_eq (NUM_SLOTS, count); -} - -static void -test_session_object (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_ULONG size; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert (rv == CKR_OK); - - rv = test.module->C_GetObjectSize (session, handle, &size); - assert (rv == CKR_OK); -} - -static void -test_session_find (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_FindObjectsInit (session, original, 2); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (1, count); - assert_num_eq (handle, check); - - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_session_find_no_attr (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_COLOR, "blah", 4 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, original, 3, &handle); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_FindObjectsInit (session, match, 1); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_lookup_invalid (void) -{ - CK_SESSION_HANDLE session; - CK_ULONG size; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_GetObjectSize (session, 88888, &size); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_remove_token (void) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjectsInit (session, NULL, 0); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjects (session, &handle, 1, &count); - assert_num_eq (rv, CKR_OK); - assert_num_eq (1, count); - - rv = test.module->C_DestroyObject (session, handle); - if (rv != CKR_TOKEN_WRITE_PROTECTED) - assert_num_eq (rv, CKR_SESSION_READ_ONLY); -} - -static void -test_setattr_token (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjectsInit (session, NULL, 0); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjects (session, &handle, 1, &count); - assert_num_eq (rv, CKR_OK); - assert_num_eq (1, count); - - rv = test.module->C_SetAttributeValue (session, handle, original, 2); - if (rv != CKR_TOKEN_WRITE_PROTECTED) - assert_num_eq (rv, CKR_ATTRIBUTE_READ_ONLY); -} - -static void -test_session_copy (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE copy; - CK_ULONG size; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CopyObject (session, handle, original, 2, ©); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetObjectSize (session, copy, &size); - assert_num_eq (CKR_OK, rv); -} - -static void -test_session_setattr (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert (rv == CKR_OK); - - rv = test.module->C_SetAttributeValue (session, handle, original, 2); - assert (rv == CKR_OK); -} - -static void -test_session_remove (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert (rv == CKR_OK); - - rv = test.module->C_DestroyObject (session, handle); - assert (rv == CKR_OK); - - rv = test.module->C_DestroyObject (session, handle); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_find_serial_der_decoded (void) -{ - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - - CK_ATTRIBUTE object[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_decoded[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_SERIAL_NUMBER, "\x01\x02\x03", 3 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - /* - * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are - * not DER encoded. It shouldn't be doing this. We never return any certificate - * serial numbers that are not DER encoded. - * - * So work around the issue here while the NSS guys fix this issue. - * This code should be removed in future versions. - * - * See work_around_broken_nss_serial_number_lookups(). - */ - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, object, 2, &handle); - assert_num_eq (CKR_OK, rv); - - /* Do a standard find for the same object */ - rv = test.module->C_FindObjectsInit (session, object, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (1, count); - assert_num_eq (handle, check); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); - - /* Do a find for the serial number decoded */ - rv = test.module->C_FindObjectsInit (session, match_decoded, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (1, count); - assert_num_eq (handle, check); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_find_serial_der_mismatch (void) -{ - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - - CK_ATTRIBUTE object[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_SERIAL_NUMBER, NULL, 0 }, - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, object, 2, &handle); - assert_num_eq (CKR_OK, rv); - - /* Do a find with a null serial number, no match */ - rv = test.module->C_FindObjectsInit (session, match, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); - - /* Do a find with a wrong length, no match */ - match[0].pValue = "at"; - match[0].ulValueLen = 2; - rv = test.module->C_FindObjectsInit (session, match, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); - - /* Do a find with a right length, wrong value, no match */ - match[0].pValue = "one"; - match[0].ulValueLen = 3; - rv = test.module->C_FindObjectsInit (session, match, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_login_logout (void) -{ - CK_SESSION_HANDLE session; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - /* Just testing our stubs for now */ - - rv = test.module->C_Login (session, CKU_USER, NULL, 0); - assert (rv == CKR_USER_TYPE_INVALID); - - rv = test.module->C_Logout (session); - assert (rv == CKR_USER_NOT_LOGGED_IN); -} - -static void -test_token_writable (void) -{ - CK_TOKEN_INFO info; - CK_RV rv; - - rv = test.module->C_GetTokenInfo (test.slots[0], &info); - - assert_num_eq (rv, CKR_OK); - assert_num_eq (info.flags & CKF_WRITE_PROTECTED, 0); -} - -static void -test_session_read_only_create (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - /* Read-only session */ - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, - NULL, NULL, &session); - assert (rv == CKR_OK); - - /* Create a token object */ - rv = test.module->C_CreateObject (session, original, 4, &handle); - assert_num_eq (rv, CKR_SESSION_READ_ONLY); -} - -static void -test_create_and_write (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - /* Read-only session */ - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, - NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - /* Create a token object */ - rv = test.module->C_CreateObject (session, original, 4, &handle); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "yay.p11-kit", NULL); - p11_parser_formats (test.parser, p11_parser_format_persist, NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -static void -test_modify_and_write (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_VALUE, "eight", 5 }, - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_MODIFIABLE, &vtrue, sizeof (vtrue) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "nine", 4 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - /* Read-only session */ - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, - NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - /* Create a token object */ - rv = test.module->C_CreateObject (session, original, 5, &handle); - assert_num_eq (rv, CKR_OK); - - /* Now modify the object */ - original[0].pValue = "nine"; - original[0].ulValueLen = 4; - - rv = test.module->C_SetAttributeValue (session, handle, original, 5); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "yay.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_fixture (setup, teardown); - p11_test (test_get_slot_list, "/module/get_slot_list"); - p11_test (test_get_slot_info, "/module/get_slot_info"); - - p11_fixture (NULL, NULL); - p11_test (test_null_initialize, "/module/initialize-null"); - p11_test (test_multi_initialize, "/module/initialize-multi"); - p11_test (test_get_token_info, "/module/get_token_info"); - - p11_fixture (setup, teardown); - p11_test (test_get_session_info, "/module/get_session_info"); - p11_test (test_close_all_sessions, "/module/close_all_sessions"); - p11_test (test_find_certificates, "/module/find_certificates"); - p11_test (test_find_builtin, "/module/find_builtin"); - p11_test (test_lookup_invalid, "/module/lookup_invalid"); - p11_test (test_remove_token, "/module/remove_token"); - p11_test (test_setattr_token, "/module/setattr_token"); - p11_test (test_session_object, "/module/session_object"); - p11_test (test_session_find, "/module/session_find"); - p11_test (test_session_find_no_attr, "/module/session_find_no_attr"); - p11_test (test_session_copy, "/module/session_copy"); - p11_test (test_session_remove, "/module/session_remove"); - p11_test (test_session_setattr, "/module/session_setattr"); - p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded"); - p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch"); - p11_test (test_login_logout, "/module/login_logout"); - - p11_fixture (setup_writable, teardown); - p11_test (test_token_writable, "/module/token-writable"); - p11_test (test_session_read_only_create, "/module/session-read-only-create"); - p11_test (test_create_and_write, "/module/create-and-write"); - p11_test (test_modify_and_write, "/module/modify-and-write"); - - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-oid.c b/trust/tests/test-oid.c deleted file mode 100644 index 0635d0a..0000000 --- a/trust/tests/test-oid.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "debug.h" -#include "oid.h" - -#include - -#include "pkix.asn.h" - -static void -test_known_oids (void) -{ - char buffer[128]; - node_asn *definitions = NULL; - node_asn *node; - int ret; - int len; - int i; - - struct { - const unsigned char *oid; - size_t length; - const char *string; - } known_oids[] = { - { P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), P11_OID_SUBJECT_KEY_IDENTIFIER_STR, }, - { P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), P11_OID_KEY_USAGE_STR, }, - { P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), P11_OID_BASIC_CONSTRAINTS_STR }, - { P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), P11_OID_EXTENDED_KEY_USAGE_STR }, - { P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), P11_OID_OPENSSL_REJECT_STR }, - { P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), P11_OID_SERVER_AUTH_STR }, - { P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), P11_OID_CLIENT_AUTH_STR }, - { P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), P11_OID_CODE_SIGNING_STR }, - { P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), P11_OID_EMAIL_PROTECTION_STR }, - { P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), P11_OID_IPSEC_END_SYSTEM_STR }, - { P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), P11_OID_IPSEC_TUNNEL_STR }, - { P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), P11_OID_IPSEC_USER_STR }, - { P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), P11_OID_TIME_STAMPING_STR }, - { P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), P11_OID_RESERVED_PURPOSE_STR }, - { NULL }, - }; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL); - assert (ret == ASN1_SUCCESS); - - for (i = 0; known_oids[i].oid != NULL; i++) { - - assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length)); - assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid)); - assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid)); - - if (i > 0) - assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid)); - - /* AttributeType is a OBJECT IDENTIFIER */ - ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node); - assert (ret == ASN1_SUCCESS); - - ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL); - assert (ret == ASN1_SUCCESS); - - len = sizeof (buffer); - ret = asn1_read_value (node, "", buffer, &len); - assert (ret == ASN1_SUCCESS); - - assert_str_eq (known_oids[i].string, buffer); - - asn1_delete_structure (&node); - } - - asn1_delete_structure (&definitions); -} - -static void -test_hash (void) -{ - assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, 0); - assert_num_cmp (p11_oid_hash (P11_OID_CN), ==, p11_oid_hash (P11_OID_CN)); - assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, p11_oid_hash (P11_OID_BASIC_CONSTRAINTS)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_known_oids, "/oids/known"); - p11_test (test_hash, "/oids/hash"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-openssl.c b/trust/tests/test-openssl.c deleted file mode 100644 index 583ce24..0000000 --- a/trust/tests/test-openssl.c +++ /dev/null @@ -1,658 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include -#include -#include -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -struct { - CK_FUNCTION_LIST module; - p11_enumerate ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_not_reached (); - free (test.directory); - - p11_enumerate_cleanup (&test.ex); - p11_kit_iter_free (test.ex.iter); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; -static CK_BBOOL vtrue = CK_TRUE; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE verisign_v1_attrs[] = { - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_server[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_reject_email[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -setup_objects (const CK_ATTRIBUTE *attrs, - ...) GNUC_NULL_TERMINATED; - -static void -setup_objects (const CK_ATTRIBUTE *attrs, - ...) -{ - static CK_ULONG id_value = 8888; - - CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) }; - CK_ATTRIBUTE *copy; - va_list va; - - va_start (va, attrs); - while (attrs != NULL) { - copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL); - assert (copy != NULL); - mock_module_take_object (MOCK_SLOT_ONE_ID, copy); - attrs = va_arg (va, const CK_ATTRIBUTE *); - } - va_end (va); - - id_value++; -} - -static void -test_file (void) -{ - char *destination; - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-trusted-server-alias.pem"); - - free (destination); -} - -static void -test_plain (void) -{ - char *destination; - bool ret; - - setup_objects (cacert3_authority_attrs, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-trusted-alias.pem"); - - free (destination); -} - -static void -test_keyid (void) -{ - char *destination; - bool ret; - - static CK_ATTRIBUTE cacert3_plain[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE extension_subject_key_identifier[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x0e\x04\x07\x00\x01\x02\x03\x04\x05\x06", 16 }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_plain, extension_subject_key_identifier, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-trusted-keyid.pem"); - - free (destination); -} - -static void -test_not_authority (void) -{ - char *destination; - bool ret; - - static CK_ATTRIBUTE cacert3_not_trusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_not_trusted, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-not-trusted.pem"); - - free (destination); -} - -static void -test_distrust_all (void) -{ - char *destination; - bool ret; - - static CK_ATTRIBUTE cacert3_blacklist[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_DISTRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_blacklist, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/files/cacert3-distrust-all.pem"); - - free (destination); -} - -static void -test_file_multiple (void) -{ - char *destination; - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - setup_objects (verisign_v1_attrs, - NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/files/multiple.pem"); - free (destination); -} - -static void -test_file_without (void) -{ - char *destination; - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_data (test.directory, "extract.pem", "", 0); - - free (destination); -} - -/* From extract-openssl.c */ -void p11_openssl_canon_string (char *str, size_t *len); - -static void -test_canon_string (void) -{ - struct { - char *input; - int input_len; - char *output; - int output_len; - } fixtures[] = { - { "A test", -1, "a test", -1 }, - { " Strip spaces ", -1, "strip spaces", -1 }, - { " Collapse \n\t spaces", -1, "collapse spaces", -1 }, - { "Ignore non-ASCII \303\204", -1, "ignore non-ascii \303\204", -1 }, - { "no-space", -1, "no-space", -1 }, - }; - - char *str; - size_t len; - size_t out; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - if (fixtures[i].input_len < 0) - len = strlen (fixtures[i].input); - else - len = fixtures[i].input_len; - str = strndup (fixtures[i].input, len); - - p11_openssl_canon_string (str, &len); - - if (fixtures[i].output_len < 0) - out = strlen (fixtures[i].output); - else - out = fixtures[i].output_len; - assert_num_eq (out, len); - assert_str_eq (fixtures[i].output, str); - - free (str); - } -} - -bool p11_openssl_canon_string_der (p11_buffer *der); - -static void -test_canon_string_der (void) -{ - struct { - unsigned char input[100]; - int input_len; - unsigned char output[100]; - int output_len; - } fixtures[] = { - /* UTF8String */ - { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, - { 0x0c, 0x0e, 0xc3, 0x84, ' ', 'u', 't', 'f', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', }, 16, - }, - - /* NumericString */ - { { 0x12, 0x04, '0', '1', '2', '3', }, 6, - { 0x0c, 0x04, '0', '1', '2', '3' }, 6, - }, - - /* IA5String */ - { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, - { 0x0c, 0x02, 'a', 'b', }, 4, - }, - - /* TeletexString */ - { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, - }, - - /* PrintableString */ - { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, - }, - - /* No change, not a known string type */ - { { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9 - }, - - /* UniversalString */ - { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, - { 0x0c, 0x08, 'f', 'u', 'n', ' ', 0xf0, 0x90, 0x8c, 0x99 }, 10, - }, - - /* BMPString */ - { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, - { 0x0c, 0x06, 'v', 0xc3, 0xb6, 'g', 'e', 'l' }, 8, - }, - }; - - p11_buffer buf; - bool ret; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_string_der (&buf); - assert_num_eq (true, ret); - - assert_num_eq (fixtures[i].output_len, buf.len); - assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); - - p11_buffer_uninit (&buf); - } -} - -bool p11_openssl_canon_name_der (p11_dict *asn1_defs, - p11_buffer *der); - -static void -test_canon_name_der (void) -{ - struct { - unsigned char input[100]; - int input_len; - unsigned char output[100]; - int output_len; - } fixtures[] = { - { { '0', 'T', '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, - 0x13, 0x0b, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'I', 'n', - 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, - 0x0b, 0x13, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', - 'w', 'w', '.', 'C', 'A', 'c', 'e', 'r', 't', '.', 'o', 'r', - 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x13, - 0x13, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'C', 'l', 'a', 's', - 's', 0x20, '3', 0x20, 'R', 'o', 'o', 't', }, 86, - { '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, - 0x0c, 0x0b, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'i', 'n', - 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, - 0x0b, 0x0c, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', - 'w', 'w', '.', 'c', 'a', 'c', 'e', 'r', 't', '.', 'o', 'r', - 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x0c, - 0x13, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'c', 'l', 'a', 's', - 's', 0x20, '3', 0x20, 'r', 'o', 'o', 't', }, 84, - }, - { { '0', 0x00, }, 2, - { }, 0, - }, - }; - - p11_buffer buf; - p11_dict *asn1_defs; - bool ret; - int i; - - asn1_defs = p11_asn1_defs_load (); - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_name_der (asn1_defs, &buf); - assert_num_eq (true, ret); - - assert_num_eq (fixtures[i].output_len, buf.len); - assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); - - p11_buffer_uninit (&buf); - } - - p11_dict_free (asn1_defs); -} - -static void -test_canon_string_der_fail (void) -{ - struct { - unsigned char input[100]; - int input_len; - } fixtures[] = { - { { 0x0c, 0x02, 0xc3, 0xc4 /* Invalid UTF-8 */ }, 4 }, - { { 0x1e, 0x01, 0x00 /* Invalid UCS2 */ }, 3 }, - { { 0x1c, 0x02, 0x00, 0x01 /* Invalid UCS4 */ }, 4 }, - }; - - p11_buffer buf; - bool ret; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_string_der (&buf); - assert_num_eq (false, ret); - - p11_buffer_uninit (&buf); - } -} - -static void -test_directory (void) -{ - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - /* Accesses the above objects */ - setup_objects (cacert3_authority_attrs, - NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_openssl_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem", -#ifdef OS_UNIX - "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0", -#endif - NULL)); - test_check_file (test.directory, "Custom_Label.pem", - SRCDIR "/files/cacert3-trusted-server-alias.pem"); - test_check_file (test.directory, "Custom_Label.1.pem", - SRCDIR "/files/cacert3-trusted-server-alias.pem"); -#ifdef OS_UNIX - test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem"); - test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem"); - test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem"); - test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem"); -#endif -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_openssl_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/openssl/test_file"); - p11_test (test_plain, "/openssl/test_plain"); - p11_test (test_keyid, "/openssl/test_keyid"); - p11_test (test_not_authority, "/openssl/test_not_authority"); - p11_test (test_distrust_all, "/openssl/test_distrust_all"); - p11_test (test_file_multiple, "/openssl/test_file_multiple"); - p11_test (test_file_without, "/openssl/test_file_without"); - - p11_fixture (NULL, NULL); - p11_test (test_canon_string, "/openssl/test_canon_string"); - p11_test (test_canon_string_der, "/openssl/test_canon_string_der"); - p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail"); - p11_test (test_canon_name_der, "/openssl/test_canon_name_der"); - - p11_fixture (setup, teardown); - p11_test (test_directory, "/openssl/test_directory"); - p11_test (test_directory_empty, "/openssl/test_directory_empty"); - - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c deleted file mode 100644 index c6cfe9a..0000000 --- a/trust/tests/test-parser.c +++ /dev/null @@ -1,569 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "array.h" -#include "attrs.h" -#include "builder.h" -#include "debug.h" -#include "message.h" -#include "oid.h" -#include "parser.h" -#include "pkcs11x.h" - -struct { - p11_parser *parser; - p11_array *parsed; - p11_asn1_cache *cache; -} test; - -static void -setup (void *unused) -{ - test.cache = p11_asn1_cache_new (); - test.parser = p11_parser_new (test.cache); - assert_ptr_not_null (test.parser); - - test.parsed = p11_parser_parsed (test.parser); - assert_ptr_not_null (test.parsed); -} - -static void -teardown (void *unused) -{ - p11_parser_free (test.parser); - p11_asn1_cache_free (test.cache); - memset (&test, 0, sizeof (test)); -} - -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; -static CK_BBOOL falsev = CK_FALSE; -static CK_BBOOL truev = CK_TRUE; -static CK_CERTIFICATE_TYPE x509 = CKC_X_509; - -static CK_ATTRIBUTE certificate_match[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_INVALID, }, -}; - -static CK_ATTRIBUTE * -parsed_attrs (CK_ATTRIBUTE *match, - int length) -{ - int i; - - if (length < 0) - length = p11_attrs_count (match); - for (i = 0; i < test.parsed->num; i++) { - if (p11_attrs_matchn (test.parsed->elem[i], match, length)) - return test.parsed->elem[i]; - } - - return NULL; -} - -static void -test_parse_der_certificate (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_pem_certificate (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.pem", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_p11_kit_persist (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_persist, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/input/verisign-v1.p11-kit", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_openssl_trusted (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE eku_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE reject_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *expected[] = { - cacert3, - eku_extension, - reject_extension, - NULL - }; - - CK_ATTRIBUTE *cert; - CK_ATTRIBUTE *object; - int ret; - int i; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3-trusted.pem", NULL, - P11_PARSE_FLAG_ANCHOR); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* - * Should have gotten: - * - 1 certificate - * - 2 stapled extensions - */ - assert_num_eq (3, test.parsed->num); - - /* The certificate */ - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected[0], cert); - - /* The other objects */ - for (i = 1; expected[i]; i++) { - object = parsed_attrs (expected[i], 2); - assert_ptr_not_null (object); - - test_check_attrs (expected[i], object); - test_check_id (cert, object); - } -} - -static void -test_parse_openssl_distrusted (void) -{ - static const char distrust_public_key[] = { - 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, 0xc7, 0x0d, - 0x61, 0xa2, 0x2f, 0xc0, 0x5a, 0xad, 0x45, 0x83, 0x22, 0x33, 0x42, 0xea, 0xec, 0x42, 0x5e, 0xa6, - 0x0d, 0x42, 0x4c, 0x1c, 0x9a, 0x12, 0x0b, 0x5f, 0xe7, 0x25, 0xf9, 0x8b, 0x83, 0x0c, 0x0a, 0xc5, - 0x2f, 0x5a, 0x58, 0x56, 0xb8, 0xad, 0x87, 0x6d, 0xbc, 0x80, 0x5d, 0xdd, 0x49, 0x45, 0x39, 0x5f, - 0xb9, 0x08, 0x3a, 0x63, 0xe4, 0x92, 0x33, 0x61, 0x79, 0x19, 0x1b, 0x9d, 0xab, 0x3a, 0xd5, 0x7f, - 0xa7, 0x8b, 0x7f, 0x8a, 0x5a, 0xf6, 0xd7, 0xde, 0xaf, 0xa1, 0xe5, 0x53, 0x31, 0x29, 0x7d, 0x9c, - 0x03, 0x55, 0x3e, 0x47, 0x78, 0xcb, 0xb9, 0x7a, 0x98, 0x8c, 0x5f, 0x8d, 0xda, 0x09, 0x0f, 0xc8, - 0xfb, 0xf1, 0x7a, 0x80, 0xee, 0x12, 0x77, 0x0a, 0x00, 0x8b, 0x70, 0xfa, 0x62, 0xbf, 0xaf, 0xee, - 0x0b, 0x58, 0x16, 0xf9, 0x9c, 0x5c, 0xde, 0x93, 0xb8, 0x4f, 0xdf, 0x4d, 0x7b, 0x02, 0x03, 0x01, - 0x00, 0x01, - }; - - CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate), }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE eku_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, - { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE reject_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *expected[] = { - distrust_cert, - eku_extension, - reject_extension, - NULL - }; - - CK_ATTRIBUTE *cert; - CK_ATTRIBUTE *object; - int ret; - int i; - - /* - * OpenSSL style is to litter the blacklist in with the anchors, - * so we parse this as an anchor, but expect it to be blacklisted - */ - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/distrusted.pem", NULL, - P11_PARSE_FLAG_ANCHOR); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* - * Should have gotten: - * - 1 certificate - * - 2 stapled extensions - */ - assert_num_eq (3, test.parsed->num); - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected[0], cert); - - /* The other objects */ - for (i = 1; expected[i]; i++) { - object = parsed_attrs (expected[i], 2); - assert_ptr_not_null (object); - - test_check_attrs (expected[i], object); - test_check_id (cert, object); - } -} - -static void -test_openssl_trusted_no_trust (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - char expected_value[] = { - 0x30, 0x82, 0x04, 0x99, 0x30, 0x82, 0x03, 0x81, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5d, - 0x20, 0x61, 0x8e, 0x8c, 0x0e, 0xb9, 0x34, 0x40, 0x93, 0xb9, 0xb1, 0xd8, 0x63, 0x95, 0xb6, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64, - 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, - 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x30, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x31, 0x35, 0x31, 0x31, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x7f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, - 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, - 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x55, - 0x53, 0x45, 0x52, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xd9, 0x4d, 0x20, 0x3a, 0xe6, 0x29, 0x30, 0x86, 0xf2, 0xe9, 0x86, 0x89, 0x76, 0x34, 0x4e, - 0x68, 0x1f, 0x96, 0x44, 0xf7, 0xd1, 0xf9, 0xd6, 0x82, 0x4e, 0xa6, 0x38, 0x9e, 0xee, 0xcb, 0x5b, - 0xe1, 0x8e, 0x2e, 0xbd, 0xf2, 0x57, 0x80, 0xfd, 0xc9, 0x3f, 0xfc, 0x90, 0x73, 0x44, 0xbc, 0x8f, - 0xbb, 0x57, 0x5b, 0xe5, 0x2d, 0x1f, 0x14, 0x30, 0x75, 0x36, 0xf5, 0x7f, 0xbc, 0xcf, 0x56, 0xf4, - 0x7f, 0x81, 0xff, 0xae, 0x91, 0xcd, 0xd8, 0xd2, 0x6a, 0xcb, 0x97, 0xf9, 0xf7, 0xcd, 0x90, 0x6a, - 0x45, 0x2d, 0xc4, 0xbb, 0xa4, 0x85, 0x13, 0x68, 0x57, 0x5f, 0xef, 0x29, 0xba, 0x2a, 0xca, 0xea, - 0xf5, 0xcc, 0xa4, 0x04, 0x9b, 0x63, 0xcd, 0x00, 0xeb, 0xfd, 0xed, 0x8d, 0xdd, 0x23, 0xc6, 0x7b, - 0x1e, 0x57, 0x1d, 0x36, 0x7f, 0x1f, 0x08, 0x9a, 0x0d, 0x61, 0xdb, 0x5a, 0x6c, 0x71, 0x02, 0x53, - 0x28, 0xc2, 0xfa, 0x8d, 0xfd, 0xab, 0xbb, 0xb3, 0xf1, 0x8d, 0x74, 0x4b, 0xdf, 0xbd, 0xbd, 0xcc, - 0x06, 0x93, 0x63, 0x09, 0x95, 0xc2, 0x10, 0x7a, 0x9d, 0x25, 0x90, 0x32, 0x9d, 0x01, 0xc2, 0x39, - 0x53, 0xb0, 0xe0, 0x15, 0x6b, 0xc7, 0xd7, 0x74, 0xe5, 0xa4, 0x22, 0x9b, 0xe4, 0x94, 0xff, 0x84, - 0x91, 0xfb, 0x2d, 0xb3, 0x19, 0x43, 0x2d, 0x93, 0x0f, 0x9c, 0x12, 0x09, 0xe4, 0x67, 0xb9, 0x27, - 0x7a, 0x32, 0xad, 0x7a, 0x2a, 0xcc, 0x41, 0x58, 0xc0, 0x6e, 0x59, 0x5f, 0xee, 0x38, 0x2b, 0x17, - 0x22, 0x9c, 0x89, 0xfa, 0x6e, 0xe7, 0xe5, 0x57, 0x35, 0xf4, 0x5a, 0xed, 0x92, 0x95, 0x93, 0x2d, - 0xf9, 0xcc, 0x24, 0x3f, 0xa5, 0x1c, 0x3d, 0x27, 0xbd, 0x22, 0x03, 0x73, 0xcc, 0xf5, 0xca, 0xf3, - 0xa9, 0xf4, 0xdc, 0xfe, 0xcf, 0xe9, 0xd0, 0x5c, 0xd0, 0x0f, 0xab, 0x87, 0xfc, 0x83, 0xfd, 0xc8, - 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34, - 0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xaf, 0xa4, 0x40, 0xaf, 0x9f, 0x16, - 0xfe, 0xab, 0x31, 0xfd, 0xfb, 0xd5, 0x97, 0x8b, 0xf5, 0x91, 0xa3, 0x24, 0x86, 0x16, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, - 0x02, 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, - 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x01, 0x03, 0x04, 0x30, 0x44, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, 0x35, 0x86, 0x33, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, - 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x84, 0xae, 0x2d, - 0x68, 0x38, 0x11, 0x6c, 0x83, 0x51, 0x62, 0xc0, 0x91, 0xc2, 0x98, 0xbc, 0xc6, 0x3b, 0xfa, 0xa5, - 0xc5, 0xbd, 0x3b, 0x09, 0xe6, 0x6e, 0x60, 0x6f, 0x30, 0x03, 0x86, 0x22, 0x1a, 0xb2, 0x8b, 0xf3, - 0xc6, 0xce, 0x1e, 0xbb, 0x1b, 0x79, 0xe0, 0x16, 0x14, 0x4d, 0xd2, 0x9a, 0x05, 0x4b, 0xff, 0x8f, - 0xec, 0xf0, 0x28, 0x29, 0xea, 0x2a, 0x04, 0x1d, 0x3d, 0xaf, 0x11, 0x12, 0xd5, 0x49, 0x98, 0x50, - 0x42, 0x9f, 0x61, 0x66, 0x3a, 0xb6, 0x40, 0x99, 0x04, 0x0c, 0x6b, 0x10, 0x32, 0xe9, 0xf7, 0xcf, - 0x86, 0x58, 0x4f, 0x2d, 0xcd, 0xd3, 0xac, 0x7e, 0xe8, 0x5b, 0x6a, 0x83, 0x7c, 0x0d, 0xa0, 0x9c, - 0x5c, 0x50, 0x36, 0x75, 0x0d, 0x6d, 0x7e, 0x42, 0xb7, 0xdf, 0xa6, 0xdc, 0x90, 0x5c, 0x6f, 0x23, - 0x4e, 0x97, 0x1d, 0xf3, 0x22, 0x75, 0xbf, 0x03, 0x35, 0xe6, 0x5d, 0x7f, 0xc7, 0xf9, 0x9b, 0x2c, - 0x87, 0xf6, 0x8e, 0xd6, 0x25, 0x96, 0x59, 0x9d, 0xcf, 0xea, 0x10, 0x1e, 0xef, 0x6e, 0xea, 0x5a, - 0x9b, 0x77, 0x18, 0x34, 0xcc, 0x81, 0x77, 0xaf, 0x9a, 0x87, 0xc2, 0x0a, 0xe5, 0xe5, 0x9e, 0x13, - 0x95, 0x53, 0xbd, 0xbd, 0x49, 0x1a, 0xa5, 0x76, 0x12, 0xf6, 0xdc, 0xf2, 0x91, 0xb7, 0xe9, 0x1a, - 0xe1, 0xbc, 0x4d, 0x3d, 0x95, 0x71, 0x7d, 0xf8, 0x8d, 0x7c, 0x3e, 0x03, 0x4f, 0x53, 0xed, 0xfe, - 0x52, 0xfd, 0xca, 0x5f, 0x93, 0xe1, 0x1a, 0x01, 0x1b, 0x02, 0xb7, 0x73, 0x4e, 0xba, 0x66, 0xe9, - 0x78, 0x8b, 0x50, 0xfe, 0x11, 0xcb, 0xd1, 0x67, 0xd0, 0x22, 0x4f, 0x77, 0xea, 0xcd, 0x14, 0x15, - 0x40, 0xae, 0x66, 0x5d, 0xe8, 0x2e, 0x7f, 0x1e, 0x88, 0x6f, 0x55, 0x79, 0xd6, 0xb9, 0x7e, 0xe3, - 0xb5, 0xfd, 0x91, 0xa0, 0xc0, 0xf2, 0x26, 0x87, 0x4b, 0x2f, 0x9d, 0xf5, 0xa0, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_VALUE, expected_value, sizeof (expected_value) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/openssl-trust-no-trust.pem", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_anchor (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *cert; - int ret; - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", NULL, - P11_PARSE_FLAG_ANCHOR); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* - * Should have gotten: - * - 1 certificate - */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (cacert3, cert); -} - -static void -test_parse_thawte (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/thawte.pem", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -/* TODO: A certificate that uses generalTime needs testing */ - -static void -test_parse_invalid_file (void) -{ - int ret; - - p11_message_quiet (); - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, "/nonexistant", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_FAILURE, ret); - - p11_message_loud (); -} - -static void -test_parse_unrecognized (void) -{ - int ret; - - p11_message_quiet (); - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/files/unrecognized-file.txt", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_UNRECOGNIZED, ret); - - p11_message_loud (); -} - -static void -test_parse_no_asn1_cache (void) -{ - p11_parser *parser; - int ret; - - parser = p11_parser_new (NULL); - assert_ptr_not_null (parser); - - p11_parser_formats (parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (parser, SRCDIR "/files/cacert3.der", NULL, P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, p11_parser_parsed (parser)->num); - - p11_parser_free (parser); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_parse_der_certificate, "/parser/parse_der_certificate"); - p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate"); - p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist"); - p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted"); - p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted"); - p11_test (test_openssl_trusted_no_trust, "/parser/openssl-trusted-no-trust"); - p11_test (test_parse_anchor, "/parser/parse_anchor"); - p11_test (test_parse_thawte, "/parser/parse_thawte"); - p11_test (test_parse_invalid_file, "/parser/parse_invalid_file"); - p11_test (test_parse_unrecognized, "/parser/parse_unrecognized"); - - p11_fixture (NULL, NULL); - p11_test (test_parse_no_asn1_cache, "/parser/null-asn1-cache"); - - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-pem.c b/trust/tests/test-pem.c deleted file mode 100644 index 0c7d60a..0000000 --- a/trust/tests/test-pem.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "compat.h" -#include "pem.h" - -struct { - const char *input; - struct { - const char *type; - const char *data; - unsigned int length; - } output[8]; -} success_fixtures[] = { - { - /* one block */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - NULL, - } - } - }, - - { - /* one block, with header */ - "-----BEGIN BLOCK1-----\n" - "Header1: value1 \n" - " Header2: value2\n" - "\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - NULL, - } - } - }, - - { - /* two blocks, junk data */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "blah blah\n" - "-----BEGIN TWO-----\n" - "oy5L157C671HyJMCf9FiK9prvPZfSch6V4EoUfylFoI1Bq6SbL53kg==\n" - "-----END TWO-----\n" - "trailing data", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - "TWO", - "\xa3\x2e\x4b\xd7\x9e\xc2\xeb\xbd\x47\xc8\x93\x02\x7f\xd1\x62\x2b" - "\xda\x6b\xbc\xf6\x5f\x49\xc8\x7a\x57\x81\x28\x51\xfc\xa5\x16\x82" - "\x35\x06\xae\x92\x6c\xbe\x77\x92", - 40 - }, - { - NULL, - } - } - }, - - { - NULL, - } -}; - -typedef struct { - int input_index; - int output_index; - int parsed; -} Closure; - -static void -on_parse_pem_success (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - Closure *cl = user_data; - - assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length); - assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents, - success_fixtures[cl->input_index].output[cl->output_index].length) == 0); - - cl->output_index++; - cl->parsed++; -} - -static void -test_pem_success (void) -{ - Closure cl; - int ret; - int i; - int j; - - for (i = 0; success_fixtures[i].input != NULL; i++) { - cl.input_index = i; - cl.output_index = 0; - cl.parsed = 0; - - ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input), - on_parse_pem_success, &cl); - - assert (success_fixtures[i].output[cl.output_index].type == NULL); - - /* Count number of outputs, return from p11_pem_parse() should match */ - for (j = 0; success_fixtures[i].output[j].type != NULL; j++); - assert_num_eq (j, ret); - assert_num_eq (ret, cl.parsed); - } -} - -const char *failure_fixtures[] = { - /* too short at end of opening line */ - "-----BEGIN BLOCK1---\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - - /* truncated */ - "-----BEGIN BLOCK1---", - - /* no ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n", - - /* wrong ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK2-----", - - /* wrong ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END INVALID-----", - - /* too short at end of ending line */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1---", - - /* invalid base64 data */ - "-----BEGIN BLOCK1-----\n" - "!!!!NNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - - NULL, -}; - -static void -on_parse_pem_failure (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - assert (false && "not reached"); -} - -static void -test_pem_failure (void) -{ - int ret; - int i; - - for (i = 0; failure_fixtures[i] != NULL; i++) { - ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]), - on_parse_pem_failure, NULL); - assert_num_eq (0, ret); - } -} - -typedef struct { - const char *input; - size_t length; - const char *type; - const char *output; -} WriteFixture; - -static WriteFixture write_fixtures[] = { - { - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, "BLOCK1", - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n", - }, - { - "\x50\x31\x31\x2d\x4b\x49\x54\x0a\x0a\x50\x72\x6f\x76\x69\x64\x65" - "\x73\x20\x61\x20\x77\x61\x79\x20\x74\x6f\x20\x6c\x6f\x61\x64\x20" - "\x61\x6e\x64\x20\x65\x6e\x75\x6d\x65\x72\x61\x74\x65\x20\x50\x4b" - "\x43\x53\x23\x31\x31\x20\x6d\x6f\x64\x75\x6c\x65\x73\x2e\x20\x50" - "\x72\x6f\x76\x69\x64\x65\x73\x20\x61\x20\x73\x74\x61\x6e\x64\x61" - "\x72\x64\x0a\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e" - "\x20\x73\x65\x74\x75\x70\x20\x66\x6f\x72\x20\x69\x6e\x73\x74\x61" - "\x6c\x6c\x69\x6e\x67\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x6d\x6f" - "\x64\x75\x6c\x65\x73\x20\x69\x6e\x20\x73\x75\x63\x68\x20\x61\x20" - "\x77\x61\x79\x20\x74\x68\x61\x74\x20\x74\x68\x65\x79\x27\x72\x65" - "\x0a\x64\x69\x73\x63\x6f\x76\x65\x72\x61\x62\x6c\x65\x2e\x0a\x0a" - "\x41\x6c\x73\x6f\x20\x73\x6f\x6c\x76\x65\x73\x20\x70\x72\x6f\x62" - "\x6c\x65\x6d\x73\x20\x77\x69\x74\x68\x20\x63\x6f\x6f\x72\x64\x69" - "\x6e\x61\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f" - "\x66\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x62\x79\x20\x64\x69\x66" - "\x66\x65\x72\x65\x6e\x74\x0a\x63\x6f\x6d\x70\x6f\x6e\x65\x6e\x74" - "\x73\x20\x6f\x72\x20\x6c\x69\x62\x72\x61\x72\x69\x65\x73\x20\x6c" - "\x69\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x73\x61\x6d" - "\x65\x20\x70\x72\x6f\x63\x65\x73\x73\x2e\x0a", - 299, "LONG TYPE WITH SPACES", - "-----BEGIN LONG TYPE WITH SPACES-----\n" - "UDExLUtJVAoKUHJvdmlkZXMgYSB3YXkgdG8gbG9hZCBhbmQgZW51bWVyYXRlIFBL\n" - "Q1MjMTEgbW9kdWxlcy4gUHJvdmlkZXMgYSBzdGFuZGFyZApjb25maWd1cmF0aW9u\n" - "IHNldHVwIGZvciBpbnN0YWxsaW5nIFBLQ1MjMTEgbW9kdWxlcyBpbiBzdWNoIGEg\n" - "d2F5IHRoYXQgdGhleSdyZQpkaXNjb3ZlcmFibGUuCgpBbHNvIHNvbHZlcyBwcm9i\n" - "bGVtcyB3aXRoIGNvb3JkaW5hdGluZyB0aGUgdXNlIG9mIFBLQ1MjMTEgYnkgZGlm\n" - "ZmVyZW50CmNvbXBvbmVudHMgb3IgbGlicmFyaWVzIGxpdmluZyBpbiB0aGUgc2Ft\n" - "ZSBwcm9jZXNzLgo=\n" - "-----END LONG TYPE WITH SPACES-----\n" - }, - { - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf", - 28, "BLOCK1", - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrw==\n" - "-----END BLOCK1-----\n", - }, - { - NULL, - } -}; - -static void -on_parse_written (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - WriteFixture *fixture = user_data; - - assert_str_eq (fixture->type, type); - assert_num_eq (fixture->length, length); - assert (memcmp (contents, fixture->input, length) == 0); -} - -static void -test_pem_write (void) -{ - WriteFixture *fixture; - p11_buffer buf; - unsigned int count; - int i; - - for (i = 0; write_fixtures[i].input != NULL; i++) { - fixture = write_fixtures + i; - - if (!p11_buffer_init_null (&buf, 0)) - assert_not_reached (); - - if (!p11_pem_write ((unsigned char *)fixture->input, - fixture->length, - fixture->type, &buf)) - assert_not_reached (); - assert_str_eq (fixture->output, buf.data); - assert_num_eq (strlen (fixture->output), buf.len); - - count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture); - assert_num_eq (1, count); - - p11_buffer_uninit (&buf); - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_pem_success, "/pem/success"); - p11_test (test_pem_failure, "/pem/failure"); - p11_test (test_pem_write, "/pem/write"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-persist.c b/trust/tests/test-persist.c deleted file mode 100644 index 107f131..0000000 --- a/trust/tests/test-persist.c +++ /dev/null @@ -1,607 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include -#include - -#include "array.h" -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "persist.h" -#include "pkcs11.h" -#include "pkcs11x.h" - -static void -test_magic (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "value: \"blah\"\n" - "application: \"test-persist\"\n"; - - const char *other = " " - "\n\n[p11-kit-object-v1]\n" - "class: data\n" - "value: \"blah\"\n" - "application: \"test-persist\"\n"; - - assert (p11_persist_magic ((unsigned char *)input, strlen (input))); - assert (!p11_persist_magic ((unsigned char *)input, 5)); - assert (p11_persist_magic ((unsigned char *)other, strlen (other))); - assert (!p11_persist_magic ((unsigned char *)"blah", 4)); -} - -static p11_array * -args_to_array (void *arg, - ...) GNUC_NULL_TERMINATED; - -static p11_array * -args_to_array (void *arg, - ...) -{ - p11_array *array = p11_array_new (NULL); - - va_list (va); - va_start (va, arg); - - while (arg != NULL) { - p11_array_push (array, arg); - arg = va_arg (va, void *); - } - - va_end (va); - - return array; -} - -static void -check_read_msg (const char *file, - int line, - const char *function, - const char *input, - p11_array *expected) -{ - p11_array *objects; - p11_persist *persist; - int i; - - persist = p11_persist_new (); - objects = p11_array_new (p11_attrs_free); - - if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) { - if (expected == NULL) - p11_test_fail (file, line, function, "decoding should have failed"); - for (i = 0; i < expected->num; i++) { - if (i >= objects->num) - p11_test_fail (file, line, function, "too few objects read"); - test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]); - } - if (i != objects->num) - p11_test_fail (file, line, function, "too many objects read"); - } else { - if (expected != NULL) - p11_test_fail (file, line, function, "decoding failed"); - } - - p11_array_free (objects); - p11_persist_free (persist); - p11_array_free (expected); -} - -static void -check_write_msg (const char *file, - int line, - const char *function, - const char *expected, - p11_array *input) -{ - p11_persist *persist; - p11_buffer buf; - int i; - - persist = p11_persist_new (); - p11_buffer_init_null (&buf, 0); - - for (i = 0; i < input->num; i++) { - if (!p11_persist_write (persist, input->elem[i], &buf)) - p11_test_fail (file, line, function, "persist write failed"); - } - - if (strcmp (buf.data, expected) != 0) { - p11_test_fail (file, line, function, "persist doesn't match: (\n%s----\n%s\n)", \ - expected, (char *)buf.data); - } - - p11_buffer_uninit (&buf); - p11_array_free (input); - p11_persist_free (persist); -} - -#define check_read_success(input, objs) \ - check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs) - -#define check_read_failure(input) \ - check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL) - -#define check_write_success(expected, inputs) \ - check_write_msg (__FILE__, __LINE__, __FUNCTION__, expected, args_to_array inputs) - -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509 = CKC_X_509; -static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_BBOOL truev = CK_TRUE; -static CK_BBOOL falsev = CK_FALSE; - -static void -test_simple (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "value: \"blah\"\n" - "application: \"test-persist\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "blah", 4 }, - { CKA_APPLICATION, "test-persist", 12 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_number (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "value-len: 29202390\n" - "application: \"test-persist\"\n\n"; - - CK_ULONG value = 29202390; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE_LEN, &value, sizeof (value) }, - { CKA_APPLICATION, "test-persist", 12 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_bool (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "private: true\n" - "modifiable: false\n" - "application: \"test-persist\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_PRIVATE, &truev, sizeof (truev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_APPLICATION, "test-persist", 12 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_oid (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "object-id: 1.2.3.4\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_constant (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "certificate-type: x-509-attr-cert\n" - "key-type: rsa\n" - "x-assertion-type: x-pinned-certificate\n" - "certificate-category: authority\n" - "mechanism-type: rsa-pkcs-key-pair-gen\n" - "trust-server-auth: nss-trust-unknown\n\n"; - - CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; - CK_CERTIFICATE_TYPE type = CKC_X_509_ATTR_CERT; - CK_X_ASSERTION_TYPE ass = CKT_X_PINNED_CERTIFICATE; - CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_KEY_PAIR_GEN; - CK_ULONG category = 2; - CK_KEY_TYPE key = CKK_RSA; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, - { CKA_KEY_TYPE, &key, sizeof (key) }, - { CKA_X_ASSERTION_TYPE, &ass, sizeof (ass) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_MECHANISM_TYPE, &mech, sizeof (mech) }, - { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_unknown (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "38383838: \"the-value-here\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { 38383838, "the-value-here", 14 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_multiple (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "object-id: 1.2.3.4\n\n" - "[p11-kit-object-v1]\n" - "class: nss-trust\n" - "trust-server-auth: nss-trust-unknown\n\n"; - - CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; - - CK_ATTRIBUTE attrs1[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE attrs2[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs1, attrs2, NULL)); - check_write_success (output, (attrs1, attrs2, NULL)); -} - -static void -test_pem_block (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "id: \"292c92\"\n" - "trusted: true\n" - "-----BEGIN CERTIFICATE-----\n" - "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" - "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" - "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" - "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" - "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" - "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" - "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" - "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" - "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" - "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" - "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" - "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" - "-----END CERTIFICATE-----\n" - "\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_ID, "292c92", 6, }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_pem_middle (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: certificate\n" - "id: \"292c92\"\n" - "-----BEGIN CERTIFICATE-----\n" - "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" - "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" - "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" - "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" - "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" - "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" - "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" - "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" - "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" - "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" - "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" - "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" - "-----END CERTIFICATE-----\n" - "\n" - "trusted: true"; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - check_read_success (input, (expected, NULL)); -} - -static void -test_pem_invalid (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: certificate\n" - "-----BEGIN CERT-----\n" - "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" - "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" - "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" - "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" - "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" - "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" - "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" - "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" - "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" - "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" - "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" - "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" - "-----END CERTIFICATEXXX-----\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_pem_unsupported (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: certificate\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_pem_first (void) -{ - const char *input = "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "[p11-kit-object-v1]\n" - "class: certificate\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_skip_unknown (void) -{ - const char *input = "[version-2]\n" - "class: data\n" - "object-id: 1.2.3.4\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "[p11-kit-object-v1]\n" - "class: nss-trust\n" - "trust-server-auth: nss-trust-unknown"; - - CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; - - CK_ATTRIBUTE expected2[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - check_read_success (input, (expected2, NULL)); - - p11_message_loud (); -} - -static void -test_bad_value (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "value: \"%38%\"\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_bad_oid (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "object-id: 1.2"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_bad_field (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "invalid-field: true"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_attribute_first (void) -{ - const char *input = "class: data\n" - "[p11-kit-object-v1]\n" - "invalid-field: true"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_not_boolean (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "private: \"x\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_PRIVATE, "x", 1 }, - { CKA_INVALID }, - }; - - check_write_success (output, (attrs, NULL)); -} - -static void -test_not_ulong (void) -{ - char buffer[sizeof (CK_ULONG) + 1]; - char *output; - - CK_ATTRIBUTE attrs[] = { - { CKA_BITS_PER_PIXEL, "xx", 2 }, - { CKA_VALUE, buffer, sizeof (CK_ULONG) }, - { CKA_INVALID }, - }; - - memset (buffer, 'x', sizeof (buffer)); - buffer[sizeof (CK_ULONG)] = 0; - - if (asprintf (&output, "[p11-kit-object-v1]\n" - "bits-per-pixel: \"xx\"\n" - "value: \"%s\"\n\n", buffer) < 0) - assert_not_reached (); - - check_write_success (output, (attrs, NULL)); - free (output); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_magic, "/persist/magic"); - p11_test (test_simple, "/persist/simple"); - p11_test (test_number, "/persist/number"); - p11_test (test_bool, "/persist/bool"); - p11_test (test_oid, "/persist/oid"); - p11_test (test_constant, "/persist/constant"); - p11_test (test_unknown, "/persist/unknown"); - p11_test (test_multiple, "/persist/multiple"); - p11_test (test_pem_block, "/persist/pem_block"); - p11_test (test_pem_middle, "/persist/pem-middle"); - p11_test (test_pem_invalid, "/persist/pem_invalid"); - p11_test (test_pem_unsupported, "/persist/pem_unsupported"); - p11_test (test_pem_first, "/persist/pem_first"); - p11_test (test_bad_value, "/persist/bad_value"); - p11_test (test_bad_oid, "/persist/bad_oid"); - p11_test (test_bad_field, "/persist/bad_field"); - p11_test (test_skip_unknown, "/persist/skip_unknown"); - p11_test (test_attribute_first, "/persist/attribute_first"); - p11_test (test_not_boolean, "/persist/not-boolean"); - p11_test (test_not_ulong, "/persist/not-ulong"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-save.c b/trust/tests/test-save.c deleted file mode 100644 index be16141..0000000 --- a/trust/tests/test-save.c +++ /dev/null @@ -1,595 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "message.h" -#include "path.h" -#include "save.h" -#include "test.h" - -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -struct { - char *directory; -} test; - -static void -setup (void *unused) -{ - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - if (rmdir (test.directory) < 0) - assert_fail ("rmdir() failed", strerror (errno)); - free (test.directory); -} - -static void -write_zero_file (const char *directory, - const char *name) -{ - char *filename; - int res; - int fd; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); - assert (fd != -1); - res = close (fd); - assert (res >= 0); - - free (filename); -} - -static void -test_file_write (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der"); -} - -static void -test_file_exists (void) -{ - p11_save_file *file; - char *filename; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - p11_message_quiet (); - - file = p11_save_open_file (filename, NULL, 0); - assert (file != NULL); - - if (p11_save_finish_file (file, NULL, true)) - assert_not_reached (); - - p11_message_loud (); - - unlink (filename); - free (filename); -} - -static void -test_file_bad_directory (void) -{ - p11_save_file *file; - char *filename; - - if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - p11_message_quiet (); - - file = p11_save_open_file (filename, NULL, 0); - assert (file == NULL); - - p11_message_loud (); - - free (filename); -} - -static void -test_file_overwrite (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - file = p11_save_open_file (filename, NULL, P11_SAVE_OVERWRITE); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der"); -} - -static void -test_file_unique (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - file = p11_save_open_file (filename, NULL, P11_SAVE_UNIQUE); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/empty-file"); - test_check_file (test.directory, "extract-file.1", SRCDIR "/files/cacert3.der"); -} - -static void -test_file_auto_empty (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, NULL, -1); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/empty-file"); -} - -static void -test_file_auto_length (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, "The simple string is hairy", -1); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/files/simple-string"); -} - -static void -test_write_with_null (void) -{ - bool ret; - - ret = p11_save_write (NULL, "test", 4); - assert_num_eq (false, ret); -} - -static void -test_write_and_finish_with_null (void) -{ - bool ret; - - ret = p11_save_write_and_finish (NULL, "test", 4); - assert_num_eq (false, ret); -} - -static void -test_file_abort (void) -{ - struct stat st; - p11_save_file *file; - char *filename; - char *path; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - path = NULL; - ret = p11_save_finish_file (file, &path, false); - assert_num_eq (true, ret); - assert (path == NULL); - - if (stat (filename, &st) >= 0 || errno != ENOENT) - assert_fail ("file should not exist", filename); - - free (filename); -} - - -static void -test_directory_empty (void) -{ - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, (NULL, NULL)); - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_files (void) -{ - char *path; - char *check; - p11_save_file *file; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - file = p11_save_open_file_in (dir, "blah", ".cer"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, strlen (test_text)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - -#ifdef OS_UNIX - ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination"); - assert_num_eq (true, ret); -#endif - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("blah.cer", "file.txt", -#ifdef OS_UNIX - "link.ext", -#endif - NULL)); - test_check_file (subdir, "blah.cer", SRCDIR "/files/cacert3.der"); - test_check_data (subdir, "file.txt", test_text, strlen (test_text)); -#ifdef OS_UNIX - test_check_symlink (subdir, "link.ext", "/the/destination"); -#endif - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_dups (void) -{ - char *path; - char *check; - p11_save_file *file; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, 5); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, 10); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), - test_text, 15); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), - test_text, 8); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), - test_text, 16); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), - test_text, 14); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), - test_text, 15); - assert_num_eq (true, ret); - -#ifdef OS_UNIX - ret = p11_save_symlink_in (dir, "link", ".0", "/destination1"); - assert_num_eq (true, ret); - - ret = p11_save_symlink_in (dir, "link", ".0", "/destination2"); - assert_num_eq (true, ret); -#endif - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt", - "no-ext", "no-ext.1", - "with-num.0", "with-num.1", -#ifdef OS_UNIX - "link.0", "link.1", -#endif - NULL)); - test_check_data (subdir, "file.txt", test_text, 5); - test_check_data (subdir, "file.1.txt", test_text, 10); - test_check_data (subdir, "file.2.txt", test_text, 15); - test_check_data (subdir, "no-ext", test_text, 8); - test_check_data (subdir, "no-ext.1", test_text, 16); - test_check_data (subdir, "with-num.0", test_text, 14); - test_check_data (subdir, "with-num.1", test_text, 15); -#ifdef OS_UNIX - test_check_symlink (subdir, "link.0", "/destination1"); - test_check_symlink (subdir, "link.1", "/destination2"); -#endif - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_exists (void) -{ - p11_save_dir *dir; - char *subdir; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - -#ifdef OS_UNIX - if (mkdir (subdir, S_IRWXU) < 0) -#else - if (mkdir (subdir) < 0) -#endif - assert_fail ("mkdir() failed", subdir); - - p11_message_quiet (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_eq (NULL, dir); - - p11_message_loud (); - - rmdir (subdir); - free (subdir); -} - -static void -test_directory_overwrite (void) -{ - char *path; - char *check; - p11_save_file *file; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - /* Some initial files into this directory, which get overwritten */ - dir = p11_save_open_directory (subdir, 0); - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), "", 0) && - p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL), "", 0) && - p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL), "", 0) && - p11_save_finish_directory (dir, true); - assert (ret && dir); - - /* Now the actual test, using the same directory */ - dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE); - assert_ptr_not_null (dir); - - file = p11_save_open_file_in (dir, "blah", ".cer"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, strlen (test_text)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, 10); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL)); - test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - test_check_data (subdir, "file.txt", test_text, strlen (test_text)); - test_check_data (subdir, "file.1.txt", test_text, 10); - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_file_write, "/save/test_file_write"); - p11_test (test_file_exists, "/save/test_file_exists"); - p11_test (test_file_bad_directory, "/save/test_file_bad_directory"); - p11_test (test_file_overwrite, "/save/test_file_overwrite"); - p11_test (test_file_unique, "/save/file-unique"); - p11_test (test_file_auto_empty, "/save/test_file_auto_empty"); - p11_test (test_file_auto_length, "/save/test_file_auto_length"); - - p11_fixture (NULL, NULL); - p11_test (test_write_with_null, "/save/test_write_with_null"); - p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null"); - - p11_fixture (setup, teardown); - p11_test (test_file_abort, "/save/test_file_abort"); - - p11_test (test_directory_empty, "/save/test_directory_empty"); - p11_test (test_directory_files, "/save/test_directory_files"); - p11_test (test_directory_dups, "/save/test_directory_dups"); - p11_test (test_directory_exists, "/save/test_directory_exists"); - p11_test (test_directory_overwrite, "/save/test_directory_overwrite"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c deleted file mode 100644 index a24539e..0000000 --- a/trust/tests/test-token.c +++ /dev/null @@ -1,789 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "attrs.h" -#include "debug.h" -#include "parser.h" -#include "path.h" -#include "pkcs11x.h" -#include "message.h" -#include "token.h" - -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_BBOOL falsev = CK_FALSE; -static CK_BBOOL truev = CK_TRUE; - -struct { - p11_token *token; - p11_index *index; - p11_parser *parser; - char *directory; -} test; - -static void -setup (void *path) -{ - test.token = p11_token_new (333, path, "Label"); - assert_ptr_not_null (test.token); - - test.index = p11_token_index (test.token); - assert_ptr_not_null (test.token); - - test.parser = p11_token_parser (test.token); - assert_ptr_not_null (test.parser); -} - -static void -setup_temp (void *unused) -{ - test.directory = p11_test_directory ("test-module"); - setup (test.directory); -} - -static void -teardown (void *path) -{ - p11_token_free (test.token); - memset (&test, 0, sizeof (test)); -} - -static void -teardown_temp (void *unused) -{ - p11_test_directory_delete (test.directory); - teardown (test.directory); - free (test.directory); -} - -static void -test_token_load (void *path) -{ - p11_index *index; - int count; - - count = p11_token_load (test.token); - assert_num_eq (6, count); - - /* A certificate and trust object for each parsed object */ - index = p11_token_index (test.token); - assert (((count - 1) * 2) + 1 <= p11_index_size (index)); -} - -static void -test_token_flags (void *path) -{ - /* - * blacklist comes from the input/distrust.pem file. It is not in the blacklist - * directory, but is an OpenSSL trusted certificate file, and is marked - * in the blacklist style for OpenSSL. - */ - - CK_ATTRIBUTE blacklist[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_LABEL, "Red Hat Is the CA", 17 }, - { CKA_SERIAL_NUMBER, "\x02\x01\x01", 3 }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - /* - * blacklist2 comes from the input/blacklist/self-server.der file. It is - * explicitly put on the blacklist, even though it containts no trust - * policy information. - */ - - const unsigned char self_server_subject[] = { - 0x30, 0x4b, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, - 0x01, 0x19, 0x16, 0x03, 0x43, 0x4f, 0x4d, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26, - 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x45, 0x58, 0x41, 0x4d, 0x50, 0x4c, 0x45, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - }; - - CK_ATTRIBUTE blacklist2[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)self_server_subject, sizeof (self_server_subject) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - /* - * anchor comes from the input/anchors/cacert3.der file. It is - * explicitly marked as an anchor, even though it containts no trust - * policy information. - */ - - CK_ATTRIBUTE anchor[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - const unsigned char cacert_root_subject[] = { - 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, - 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, - 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, - }; - - /* - * notrust comes from the input/cacert-ca.der file. It contains no - * trust information, and is not explicitly marked as an anchor, so - * it's neither trusted or distrusted. - */ - - CK_ATTRIBUTE notrust[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)cacert_root_subject, sizeof (cacert_root_subject) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *expected[] = { - anchor, - blacklist, - blacklist2, - notrust, - NULL, - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *object; - int i; - - if (p11_token_load (test.token) < 0) - assert_not_reached (); - - /* The other objects */ - for (i = 0; expected[i]; i++) { - handle = p11_index_find (p11_token_index (test.token), expected[i], 2); - assert (handle != 0); - - object = p11_index_lookup (p11_token_index (test.token), handle); - assert_ptr_not_null (object); - - test_check_attrs (expected[i], object); - } -} - -static void -test_token_path (void *path) -{ - assert_str_eq (path, p11_token_get_path (test.token)); -} - -static void -test_token_label (void *path) -{ - assert_str_eq ("Label", p11_token_get_label (test.token)); -} - -static void -test_token_slot (void *path) -{ - assert_num_eq (333, p11_token_get_slot (test.token)); -} - -static void -test_not_writable (void) -{ - p11_token *token; - - if (getuid () != 0) { - token = p11_token_new (333, "/", "Label"); - assert (!p11_token_is_writable (token)); - p11_token_free (token); - } - - token = p11_token_new (333, "", "Label"); - assert (!p11_token_is_writable (token)); - p11_token_free (token); - - token = p11_token_new (333, "/non-existant", "Label"); - assert (!p11_token_is_writable (token)); - p11_token_free (token); -} - -static void -test_writable_exists (void) -{ - /* A writable directory since we created it */ - assert (p11_token_is_writable (test.token)); -} - -static void -test_writable_no_exist (void) -{ - char *directory; - p11_token *token; - char *path; - - directory = p11_test_directory ("test-module"); - - path = p11_path_build (directory, "subdir", NULL); - assert (path != NULL); - - token = p11_token_new (333, path, "Label"); - free (path); - - /* A writable directory since parent is writable */ - assert (p11_token_is_writable (token)); - - p11_token_free (token); - - if (rmdir (directory) < 0) - assert_not_reached (); - - free (directory); -} - -static void -test_load_already (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - CK_OBJECT_HANDLE handle; - int ret; - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - handle = p11_index_find (test.index, cert, -1); - assert (handle != 0); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert_num_eq (p11_index_find (test.index, cert, -1), handle); -} - -static void -test_load_unreadable (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - int ret; - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - assert (p11_index_find (test.index, cert, -1) != 0); - - p11_test_file_write (test.directory, "test.cer", "", 0); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert (p11_index_find (test.index, cert, -1) == 0); -} - -static void -test_load_gone (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - int ret; - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - assert (p11_index_find (test.index, cert, -1) != 0); - - p11_test_file_delete (test.directory, "test.cer"); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert (p11_index_find (test.index, cert, -1) == 0); -} - -static void -test_load_found (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - int ret; - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert (p11_index_find (test.index, cert, -1) == 0); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - assert (p11_index_find (test.index, cert, -1) != 0); -} - -static void -test_reload_changed (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE verisign[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE handle; - int ret; - - /* Just one file */ - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - handle = p11_index_find (test.index, cacert3, -1); - assert (handle != 0); - - /* Replace the file with verisign */ - p11_test_file_write (test.directory, "test.cer", verisign_v1_ca, - sizeof (verisign_v1_ca)); - - /* Add another file with cacert3, but not reloaded */ - p11_test_file_write (test.directory, "another.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - if (!p11_token_reload (test.token, attrs)) - assert_not_reached (); - - assert (p11_index_find (test.index, cacert3, -1) == 0); - assert (p11_index_find (test.index, verisign, -1) != 0); -} - -static void -test_reload_gone (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE verisign[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE handle; - int ret; - - /* Just one file */ - p11_test_file_write (test.directory, "cacert3.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - p11_test_file_write (test.directory, "verisign.cer", verisign_v1_ca, - sizeof (verisign_v1_ca)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 2); - handle = p11_index_find (test.index, cacert3, -1); - assert (handle != 0); - assert (p11_index_find (test.index, verisign, -1) != 0); - - p11_test_file_delete (test.directory, "cacert3.cer"); - p11_test_file_delete (test.directory, "verisign.cer"); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - if (p11_token_reload (test.token, attrs)) - assert_not_reached (); - - assert (p11_index_find (test.index, cacert3, -1) == 0); - assert (p11_index_find (test.index, verisign, -1) != 0); -} - -static void -test_reload_no_origin (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - if (p11_token_reload (test.token, cacert3)) - assert_not_reached (); -} - -static void -test_write_new (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "Yay!", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "Yay!", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - rv = p11_index_add (test.index, original, 4, &handle); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "Yay_.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -static void -test_write_no_label (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "", 0 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - rv = p11_index_add (test.index, original, 4, &handle); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "data.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -static void -test_modify_multiple (void) -{ - const char *test_data = - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"first\"\n" - "value: \"1\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"second\"\n" - "value: \"2\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"third\"\n" - "value: \"3\"\n"; - - CK_ATTRIBUTE first[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "first", 5 }, - { CKA_VALUE, "1", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE second[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "zwei", 4 }, - { CKA_VALUE, "2", 2 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE third[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "third", 5 }, - { CKA_VALUE, "3", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - int ret; - CK_RV rv; - - p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); - - /* Reload now that we have this new file */ - p11_token_load (test.token); - - handle = p11_index_find (test.index, &match, 1); - - rv = p11_index_update (test.index, handle, p11_attrs_dup (second)); - assert_num_eq (rv, CKR_OK); - - /* Now read in the file and make sure it has all the objects */ - path = p11_path_build (test.directory, "Test.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 3); - - /* The modified one will be first */ - test_check_attrs (second, parsed->elem[0]); - test_check_attrs (first, parsed->elem[1]); - test_check_attrs (third, parsed->elem[2]); -} - -static void -test_remove_one (void) -{ - const char *test_data = - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"first\"\n" - "value: \"1\"\n" - "\n"; - - CK_ATTRIBUTE match = { CKA_LABEL, "first", 5 }; - - CK_OBJECT_HANDLE handle; - CK_RV rv; - - p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); - test_check_directory (test.directory, ("Test.p11-kit", NULL)); - - /* Reload now that we have this new file */ - p11_token_load (test.token); - - handle = p11_index_find (test.index, &match, 1); - assert_num_cmp (handle, !=, 0); - - rv = p11_index_remove (test.index, handle); - assert_num_eq (rv, CKR_OK); - - /* No other files in the test directory, all files gone */ - test_check_directory (test.directory, (NULL, NULL)); -} - -static void -test_remove_multiple (void) -{ - const char *test_data = - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"first\"\n" - "value: \"1\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"second\"\n" - "value: \"2\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"third\"\n" - "value: \"3\"\n"; - - CK_ATTRIBUTE first[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "first", 5 }, - { CKA_VALUE, "1", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE third[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "third", 5 }, - { CKA_VALUE, "3", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - int ret; - CK_RV rv; - - p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); - - /* Reload now that we have this new file */ - p11_token_load (test.token); - - handle = p11_index_find (test.index, &match, 1); - assert_num_cmp (handle, !=, 0); - - rv = p11_index_remove (test.index, handle); - assert_num_eq (rv, CKR_OK); - - /* Now read in the file and make sure it has all the objects */ - path = p11_path_build (test.directory, "Test.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 2); - - /* The modified one will be first */ - test_check_attrs (first, parsed->elem[0]); - test_check_attrs (third, parsed->elem[1]); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_testx (test_token_load, SRCDIR "/input", "/token/load"); - p11_testx (test_token_flags, SRCDIR "/input", "/token/flags"); - p11_testx (test_token_path, "/wheee", "/token/path"); - p11_testx (test_token_label, "/wheee", "/token/label"); - p11_testx (test_token_slot, "/unneeded", "/token/slot"); - - p11_fixture (NULL, NULL); - p11_test (test_not_writable, "/token/not-writable"); - p11_test (test_writable_no_exist, "/token/writable-no-exist"); - - p11_fixture (setup_temp, teardown_temp); - p11_test (test_writable_exists, "/token/writable-exists"); - p11_test (test_load_found, "/token/load-found"); - p11_test (test_load_already, "/token/load-already"); - p11_test (test_load_unreadable, "/token/load-unreadable"); - p11_test (test_load_gone, "/token/load-gone"); - p11_test (test_reload_changed, "/token/reload-changed"); - p11_test (test_reload_gone, "/token/reload-gone"); - p11_test (test_reload_no_origin, "/token/reload-no-origin"); - p11_test (test_write_new, "/token/write-new"); - p11_test (test_write_no_label, "/token/write-no-label"); - p11_test (test_modify_multiple, "/token/modify-multiple"); - p11_test (test_remove_one, "/token/remove-one"); - p11_test (test_remove_multiple, "/token/remove-multiple"); - - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-trust.c b/trust/tests/test-trust.c deleted file mode 100644 index 20306e0..0000000 --- a/trust/tests/test-trust.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "debug.h" -#include "message.h" -#include "path.h" -#include "test.h" - -#include "test-trust.h" - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef OS_UNIX -#include -#endif - -void -test_check_object_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - CK_OBJECT_CLASS klass, - const char *label) -{ - CK_BBOOL vfalse = CK_FALSE; - - CK_ATTRIBUTE expected[] = { - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_CLASS, &klass, sizeof (klass) }, - { label ? CKA_LABEL : CKA_INVALID, (void *)label, label ? strlen (label) : 0 }, - { CKA_INVALID }, - }; - - test_check_attrs_msg (file, line, function, expected, attrs); -} - -void -test_check_cacert3_ca_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - const char *label) -{ - CK_CERTIFICATE_TYPE x509 = CKC_X_509; - CK_ULONG category = 2; /* authority */ - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, - { CKA_START_DATE, "20110523", 8 }, - { CKA_END_DATE, "20210520", 8, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_INVALID }, - }; - - test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label); - test_check_attrs_msg (file, line, function, expected, attrs); -} - -void -test_check_id_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr) -{ - CK_ATTRIBUTE *one; - CK_ATTRIBUTE *two; - - one = p11_attrs_find (expected, CKA_ID); - two = p11_attrs_find (attr, CKA_ID); - - test_check_attr_msg (file, line, function, CKA_INVALID, one, two); -} - -void -test_check_attrs_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attrs) -{ - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE *attr; - - if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass)) - klass = CKA_INVALID; - - while (!p11_attrs_terminator (expected)) { - attr = p11_attrs_find (attrs, expected->type); - test_check_attr_msg (file, line, function, klass, expected, attr); - expected++; - } -} - -void -test_check_attr_msg (const char *file, - int line, - const char *function, - CK_OBJECT_CLASS klass, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr) -{ - assert (expected != NULL); - - if (attr == NULL) { - p11_test_fail (file, line, function, - "attribute does not match: (expected %s but found NULL)", - p11_attr_to_string (expected, klass)); - } - - if (!p11_attr_equal (attr, expected)) { - p11_test_fail (file, line, function, - "attribute does not match: (expected %s but found %s)", - p11_attr_to_string (expected, klass), - attr ? p11_attr_to_string (attr, klass) : "(null)"); - } -} - -static char * -read_file (const char *file, - int line, - const char *function, - const char *filename, - long *len) -{ - struct stat sb; - FILE *f = NULL; - char *data; - - f = fopen (filename, "rb"); - if (f == NULL) - p11_test_fail (file, line, function, "Couldn't open file: %s", filename); - - /* Figure out size */ - if (stat (filename, &sb) < 0) - p11_test_fail (file, line, function, "Couldn't stat file: %s", filename); - - *len = sb.st_size; - data = malloc (*len ? *len : 1); - assert (data != NULL); - - /* And read in one block */ - if (fread (data, 1, *len, f) != *len) - p11_test_fail (file, line, function, "Couldn't read file: %s", filename); - - fclose (f); - - return data; -} - -void -test_check_file_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *reference) -{ - char *refdata; - long reflen; - - refdata = read_file (file, line, function, reference, &reflen); - test_check_data_msg (file, line, function, directory, name, refdata, reflen); - free (refdata); -} - -void -test_check_data_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const void *refdata, - long reflen) -{ - char *filedata; - char *filename; - long filelen; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - filedata = read_file (file, line, function, filename, &filelen); - - if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0) - p11_test_fail (file, line, function, "File contents not as expected: %s", filename); - - if (unlink (filename) < 0) - p11_test_fail (file, line, function, "Couldn't remove file: %s", filename); - free (filename); - free (filedata); -} - -#ifdef OS_UNIX - -void -test_check_symlink_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *destination) -{ - char buf[1024] = { 0, }; - char *filename; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - if (readlink (filename, buf, sizeof (buf)) < 0) - p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename); - - if (strcmp (destination, buf) != 0) - p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf); - - if (unlink (filename) < 0) - p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename); - free (filename); -} - -#endif /* OS_UNIX */ - -p11_dict * -test_check_directory_files (const char *file, - ...) -{ - p11_dict *files; - va_list va; - - files = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - - va_start (va, file); - - while (file != NULL) { - if (!p11_dict_set (files, (void *)file, (void *)file)) - return_val_if_reached (NULL); - file = va_arg (va, const char *); - } - - va_end (va); - - return files; -} - -void -test_check_directory_msg (const char *file, - int line, - const char *function, - const char *directory, - p11_dict *files) -{ - p11_dictiter iter; - struct dirent *dp; - const char *name; - DIR *dir; - - dir = opendir (directory); - if (dir == NULL) - p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory); - - while ((dp = readdir (dir)) != NULL) { - if (strcmp (dp->d_name, ".") == 0 || - strcmp (dp->d_name, "..") == 0) - continue; - - if (!p11_dict_remove (files, dp->d_name)) - p11_test_fail (file, line, function, "Unexpected file in directory: %s", dp->d_name); - } - - closedir (dir); - -#ifdef OS_UNIX - if (chmod (directory, S_IRWXU) < 0) - p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno)); -#endif - - p11_dict_iterate (files, &iter); - while (p11_dict_next (&iter, (void **)&name, NULL)) - p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name); - - p11_dict_free (files); -} diff --git a/trust/tests/test-trust.h b/trust/tests/test-trust.h deleted file mode 100644 index b70bbdb..0000000 --- a/trust/tests/test-trust.h +++ /dev/null @@ -1,409 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "dict.h" -#include "pkcs11.h" -#include "test.h" - -#include -#include - -#ifndef TEST_DATA_H_ -#define TEST_DATA_H_ - -#define test_check_object(attrs, klass, label) \ - test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label) - -void test_check_object_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - CK_OBJECT_CLASS klass, - const char *label); - -#define test_check_cacert3_ca(attrs, label) \ - test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label) - -void test_check_cacert3_ca_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - const char *label); - -#define test_check_attrs(expected, attrs) \ - test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) - -void test_check_attrs_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attrs); - -#define test_check_attr(expected, attr) \ - test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr) - -void test_check_attr_msg (const char *file, - int line, - const char *function, - CK_OBJECT_CLASS klass, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr); - -#define test_check_id(expected, attrs) \ - test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) - -void test_check_id_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr); - -static const unsigned char test_cacert3_ca_der[] = { - 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, - 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, - 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, - 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, - 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, - 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, - 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, - 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, - 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, - 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, - 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, - 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, - 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, - 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, - 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, - 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, - 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, - 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, - 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, - 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, - 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, - 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, - 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, - 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, - 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, - 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, - 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, - 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, - 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, - 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, - 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, - 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, - 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, - 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, - 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, - 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, - 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, - 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, - 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, - 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, - 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, - 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, - 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, - 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, - 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, - 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, - 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, - 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, - 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, - 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, - 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, - 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, - 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, - 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, - 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, - 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, - 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, - 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, - 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, - 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, - 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, - 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, - 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, - 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, - 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, - 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, - 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, - 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, - 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, - 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, - 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, - 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, - 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, - 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, - 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, - 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, - 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, - 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, - 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, - 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, - 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, - 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, - 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, - 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, -}; - -static const char test_cacert3_ca_subject[] = { - 0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, - 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74, -}; - -static const char test_cacert3_ca_issuer[] = { - 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, - 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, - 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, -}; - -static const char test_cacert3_ca_serial[] = { - 0x02, 0x03, 0x0a, 0x41, 0x8a, -}; - -static const char test_cacert3_ca_public_key[] = { - 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, - 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, 0xa9, 0xdd, - 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, 0x89, 0x7d, - 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, 0x99, 0x73, - 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, 0x7f, 0x64, - 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, 0x69, 0x01, - 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, 0xc5, 0x79, - 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, 0x9f, 0xcb, - 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, 0x8d, 0x09, - 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, 0xe3, 0xeb, - 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, 0x33, 0xbf, - 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, 0xa4, 0xd9, - 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, 0xec, 0x85, - 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, 0xd5, 0x3b, - 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, 0x15, 0x71, - 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, 0x8c, 0xf9, - 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, 0x64, 0x27, - 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, 0x5d, 0xaa, - 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, 0x0e, 0x42, - 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, 0x62, 0x34, - 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, 0xa0, 0x5b, - 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, 0xb7, 0xa2, - 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, 0x6c, 0x5f, - 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, 0x47, 0xd5, - 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, 0x03, 0x68, - 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, 0x3a, 0x98, - 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, 0xae, 0x60, - 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, 0x56, 0xe7, - 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, 0xa1, 0xd1, - 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, 0x2c, 0x86, - 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, 0x9d, 0xaf, - 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, 0x42, 0x74, - 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, 0x05, 0xfb, - 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -static const unsigned char verisign_v1_ca[] = { - 0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0, - 0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, - 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36, - 0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, - 0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, - 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, - 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d, - 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e, - 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f, - 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73, - 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06, - 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2, - 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9, - 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a, - 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, - 0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09, - 0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96, - 0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d, - 0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe, - 0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15, - 0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36, - 0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa, - 0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b, -}; - -static const unsigned char verisign_v1_ca_subject[] = { - 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, - 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, -}; - -static const unsigned char verisign_v1_ca_public_key[] = { - 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, - 0x6d, 0xa3, 0x56, 0x61, 0x2d, 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, - 0x86, 0x80, 0x0a, 0x91, 0x0e, 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, - 0x9b, 0x24, 0x5d, 0x0d, 0x1f, 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, - 0x06, 0x9b, 0x10, 0xa1, 0x73, 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, - 0xa8, 0x3f, 0xaa, 0x12, 0x06, 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, - 0x09, 0xcd, 0x14, 0x11, 0xe2, 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, - 0x91, 0x29, 0xbb, 0x36, 0xc9, 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, - 0xb0, 0x7b, 0x30, 0xba, 0x2a, 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, - 0x00, 0x01, -}; - -static const char test_text[] = "This is the file text"; - -static const char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static const char test_eku_server[] = { - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, -}; - -static const char test_eku_email[] = { - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 -}; - -static const char test_eku_none[] = { - 0x30, 0x00, -}; - -void test_check_file_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *filename, - const char *reference); - -void test_check_data_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *filename, - const void *refdata, - long reflen); - -#ifdef OS_UNIX - -void test_check_symlink_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *destination); - -#endif /* OS_UNIX */ - -p11_dict * test_check_directory_files (const char *file, - ...) GNUC_NULL_TERMINATED; - -void test_check_directory_msg (const char *file, - int line, - const char *function, - const char *directory, - p11_dict *files); - -#define test_check_file(directory, name, reference) \ - (test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference)) - -#define test_check_data(directory, name, data, length) \ - (test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length)) - -#ifdef OS_UNIX - -#define test_check_symlink(directory, name, destination) \ - (test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination)) - -#endif /* OS_UNIX */ - -#define test_check_directory(directory, files) \ - (test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \ - test_check_directory_files files)) - -#endif /* TEST_DATA_H_ */ diff --git a/trust/tests/test-utf8.c b/trust/tests/test-utf8.c deleted file mode 100644 index 9b2c3d5..0000000 --- a/trust/tests/test-utf8.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "utf8.h" - -#include -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -static void -test_ucs2be (void) -{ - char *output; - size_t length; - int i; - - struct { - const char *output; - size_t output_len; - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { "This is a test", 14, - { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, 's', 0x00, ' ', 0x00, 'i', 0x00, 's', 0x00, ' ', - 0x00, 'a', 0x00, ' ', 0x00, 't', 0x00, 'e', 0x00, 's', 0x00, 't' }, 28, - }, - { "V\303\266gel", 6, - { 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 10, - }, - { "M\303\244nwich \340\264\205", 12, - { 0x00, 'M', 0x00, 0xE4, 0x00, 'n', 0x00, 'w', 0x00, 'i', 0x00, 'c', 0x00, 'h', - 0x00, ' ', 0x0D, 0x05 }, 18, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs2be (fixtures[i].input, - fixtures[i].input_len, - &length); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, output); - free (output); - } -} - -static void -test_ucs2be_fail (void) -{ - char *output; - size_t length; - int i; - - struct { - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, }, 7 /* truncated */ } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs2be (fixtures[i].input, - fixtures[i].input_len, - &length); - assert_ptr_eq (NULL, output); - } -} - -static void -test_ucs4be (void) -{ - char *output; - size_t length; - int i; - - struct { - const char *output; - size_t output_len; - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { "This is a test", 14, - { 0x00, 0x00, 0x00, 'T', - 0x00, 0x00, 0x00, 'h', - 0x00, 0x00, 0x00, 'i', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 'i', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 'a', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 't', - 0x00, 0x00, 0x00, 'e', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, 't', - }, 56, - }, - { "Fun \360\220\214\231", 8, - { 0x00, 0x00, 0x00, 'F', - 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x01, 0x03, 0x19, /* U+10319: looks like an antenna */ - }, 20, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs4be (fixtures[i].input, - fixtures[i].input_len, - &length); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, output); - - free (output); - } -} - -static void -test_ucs4be_fail (void) -{ - char *output; - size_t length; - int i; - - struct { - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { { 0x00, 0x00, 'T', - }, 7 /* truncated */ }, - { { 0x00, 0x00, 0x00, 'F', - 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', - 0x00, 0x00, 0x00, ' ', - 0xD8, 0x00, 0xDF, 0x19, - }, 20, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs4be (fixtures[i].input, - fixtures[i].input_len, - &length); - assert_ptr_eq (NULL, output); - } -} - -static void -test_utf8 (void) -{ - bool ret; - int i; - - struct { - const char *input; - size_t input_len; - } fixtures[] = { - { "This is a test", 14 }, - { "Good news everyone", -1 }, - { "Fun \360\220\214\231", -1 }, - { "Fun invalid here: \xfe", 4 }, /* but limited length */ - { "V\303\266gel", 6, }, - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - ret = p11_utf8_validate (fixtures[i].input, - fixtures[i].input_len); - assert_num_eq (true, ret); - } -} - -static void -test_utf8_fail (void) -{ - bool ret; - int i; - - struct { - const char *input; - size_t input_len; - } fixtures[] = { - { "This is a test\x80", 15 }, - { "Good news everyone\x88", -1 }, - { "Bad \xe0v following chars should be |0x80", -1 }, - { "Truncated \xe0", -1 }, - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - ret = p11_utf8_validate (fixtures[i].input, - fixtures[i].input_len); - assert_num_eq (false, ret); - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_ucs2be, "/utf8/ucs2be"); - p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail"); - p11_test (test_ucs4be, "/utf8/ucs4be"); - p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail"); - p11_test (test_utf8, "/utf8/utf8"); - p11_test (test_utf8_fail, "/utf8/utf8_fail"); - return p11_test_run (argc, argv); -} diff --git a/trust/tests/test-x509.c b/trust/tests/test-x509.c deleted file mode 100644 index 9f7d258..0000000 --- a/trust/tests/test-x509.c +++ /dev/null @@ -1,416 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "asn1.h" -#include "debug.h" -#include "oid.h" -#include "x509.h" - -#include -#include -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -struct { - p11_dict *asn1_defs; -} test; - -static void -setup (void *unused) -{ - test.asn1_defs = p11_asn1_defs_load (); - assert_ptr_not_null (test.asn1_defs); -} - -static void -teardown (void *unused) -{ - p11_dict_free (test.asn1_defs); - memset (&test, 0, sizeof (test)); -} - -static const char test_ku_ds_and_np[] = { - 0x03, 0x03, 0x07, 0xc0, 0x00, -}; - -static const char test_ku_none[] = { - 0x03, 0x03, 0x07, 0x00, 0x00, -}; - -static const char test_ku_cert_crl_sign[] = { - 0x03, 0x03, 0x07, 0x06, 0x00, -}; - -static const char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static const char test_eku_none[] = { - 0x30, 0x00, -}; - -static const char test_eku_client_email_and_timestamp[] = { - 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, -}; - -static const unsigned char test_cacert3_ca_der[] = { - 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, - 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, - 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, - 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, - 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, - 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, - 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, - 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, - 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, - 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, - 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, - 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, - 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, - 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, - 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, - 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, - 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, - 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, - 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, - 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, - 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, - 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, - 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, - 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, - 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, - 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, - 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, - 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, - 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, - 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, - 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, - 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, - 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, - 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, - 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, - 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, - 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, - 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, - 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, - 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, - 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, - 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, - 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, - 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, - 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, - 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, - 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, - 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, - 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, - 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, - 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, - 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, - 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, - 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, - 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, - 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, - 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, - 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, - 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, - 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, - 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, - 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, - 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, - 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, - 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, - 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, - 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, - 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, - 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, - 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, - 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, - 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, - 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, - 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, - 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, - 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, - 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, - 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, - 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, - 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, - 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, - 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, - 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, - 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, -}; - -struct { - const char *eku; - size_t length; - const char *expected[16]; -} extended_key_usage_fixtures[] = { - { test_eku_server_and_client, sizeof (test_eku_server_and_client), - { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, }, - { test_eku_none, sizeof (test_eku_none), - { NULL, }, }, - { test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp), - { P11_OID_CLIENT_AUTH_STR, P11_OID_EMAIL_PROTECTION_STR, P11_OID_TIME_STAMPING_STR }, }, - { NULL }, -}; - -static void -test_parse_extended_key_usage (void) -{ - p11_array *ekus; - int i, j, count; - - for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) { - ekus = p11_x509_parse_extended_key_usage (test.asn1_defs, - (const unsigned char *)extended_key_usage_fixtures[i].eku, - extended_key_usage_fixtures[i].length); - assert_ptr_not_null (ekus); - - for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++); - - assert_num_eq (count, ekus->num); - for (j = 0; j < count; j++) - assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); - - p11_array_free (ekus); - } -} - -struct { - const char *ku; - size_t length; - unsigned int expected; -} key_usage_fixtures[] = { - { test_ku_ds_and_np, sizeof (test_ku_ds_and_np), P11_KU_DIGITAL_SIGNATURE | P11_KU_NON_REPUDIATION }, - { test_ku_none, sizeof (test_ku_none), 0 }, - { test_ku_cert_crl_sign, sizeof (test_ku_cert_crl_sign), P11_KU_KEY_CERT_SIGN | P11_KU_CRL_SIGN }, - { NULL }, -}; - -static void -test_parse_key_usage (void) -{ - unsigned int ku; - int i; - bool ret; - - for (i = 0; key_usage_fixtures[i].ku != NULL; i++) { - ku = 0; - - ret = p11_x509_parse_key_usage (test.asn1_defs, - (const unsigned char *)key_usage_fixtures[i].ku, - key_usage_fixtures[i].length, &ku); - assert_num_eq (true, ret); - - assert_num_eq (key_usage_fixtures[i].expected, ku); - } -} - -static void -test_parse_extension (void) -{ - node_asn *cert; - unsigned char *ext; - size_t length; - bool is_ca; - - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - assert_ptr_not_null (cert); - - ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS, - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), - &length); - assert_ptr_not_null (ext); - assert (length > 0); - - asn1_delete_structure (&cert); - - if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca)) - assert_fail ("failed to parse message", "basic constraints"); - - free (ext); -} -static void -test_parse_extension_not_found (void) -{ - node_asn *cert; - unsigned char *ext; - size_t length; - - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - assert_ptr_not_null (cert); - - ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT, - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), - &length); - assert_ptr_eq (NULL, ext); - - asn1_delete_structure (&cert); -} - -static void -test_directory_string (void) -{ - struct { - unsigned char input[100]; - int input_len; - char *output; - int output_len; - } fixtures[] = { - /* UTF8String */ - { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, - "\xc3\x84 UTF8 string ", 15, - }, - - /* NumericString */ - { { 0x12, 0x04, '0', '1', '2', '3', }, 6, - "0123", 4, - }, - - /* IA5String */ - { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, - " AB ", 4 - }, - - /* TeletexString */ - { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - "A nice", 7 - }, - - /* PrintableString */ - { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - "A nice", 7, - }, - - /* UniversalString */ - { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, - "Fun \xf0\x90\x8c\x99", 8 - }, - - /* BMPString */ - { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, - "V\xc3\xb6gel", 6 - }, - }; - - char *string; - bool unknown; - size_t length; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - string = p11_x509_parse_directory_string (fixtures[i].input, - fixtures[i].input_len, - &unknown, &length); - assert_ptr_not_null (string); - assert_num_eq (false, unknown); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, string); - free (string); - } -} - -static void -test_directory_string_unknown (void) -{ - /* Not a valid choice in DirectoryString */ - unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }; - char *string; - bool unknown = false; - size_t length; - - string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length); - assert_ptr_eq (NULL, string); - assert_num_eq (true, unknown); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage"); - p11_test (test_parse_key_usage, "/x509/parse-key-usage"); - p11_test (test_parse_extension, "/x509/parse-extension"); - p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found"); - - p11_fixture (NULL, NULL); - p11_test (test_directory_string, "/x509/directory-string"); - p11_test (test_directory_string_unknown, "/x509/directory-string-unknown"); - return p11_test_run (argc, argv); -} -- cgit v1.1