]> git.0d.be Git - empathy.git/commitdiff
tests: Fix empathy-tls-test
authorStef Walter <stefw@gnome.org>
Wed, 6 Feb 2013 08:03:15 +0000 (09:03 +0100)
committerGuillaume Desmottes <guillaume.desmottes@collabora.co.uk>
Wed, 6 Feb 2013 08:52:32 +0000 (09:52 +0100)
 * Create new certificates
 * Add a make target for rebuilding the certificates in the future

https://bugzilla.gnome.org/show_bug.cgi?id=693190

tests/Makefile.am
tests/certificates/Makefile.am
tests/certificates/cert-openssl.conf [new file with mode: 0644]
tests/certificates/certificate-authority.cer [new file with mode: 0644]
tests/certificates/collabora-ca.cer [deleted file]
tests/certificates/dhansak-collabora.cer [deleted file]
tests/certificates/server-cert.cer [new file with mode: 0644]
tests/empathy-tls-test.c

index 8049dd56a17148a6569fe27c530ce84da322c84d..fdd67482a9cadcfa3eb11d8e5b7d572e2b67844c 100644 (file)
@@ -32,8 +32,8 @@ tests_list =  \
      empathy-chatroom-test                       \
      empathy-chatroom-manager-test               \
      empathy-parser-test                         \
-     empathy-live-search-test
-     #empathy-tls-test
+     empathy-live-search-test                    \
+     empathy-tls-test
 
 noinst_PROGRAMS = $(tests_list)
 TESTS = $(tests_list)
index 08fefe9f1a7e9dfe4ee0d0da2c6a52dd0986a9d9..65e71b9bb1ae0426c5c13c7ad157c2fd3796b57a 100644 (file)
@@ -1,3 +1,23 @@
 EXTRA_DIST = \
-       collabora-ca.cer \
-       dhansak-collabora.cer
+       certificate-authority.cer \
+       server-cert.cer
+
+# Not part of the build, but so we can easily repeat the process
+# of generating the testing certificates
+rebuild-certs:
+       openssl req -new -x509 -out certificate-authority.pem \
+               -newkey rsa -keyout certificate-authority.key -nodes \
+               -subj /CN=test-ca.empathy.gnome.org -days 2000 \
+               -config cert-openssl.conf -set_serial 1 -extensions test_ca
+       openssl x509 -in certificate-authority.pem -outform DER \
+               -out certificate-authority.cer
+       openssl req -new -outform PEM -out server-cert.req \
+               -newkey rsa -keyout /dev/null -nodes \
+               -subj /CN=test-server.empathy.gnome.org \
+               -config cert-openssl.conf -extensions test_server
+       openssl x509 -req -in server-cert.req -days 2000 \
+               -CA certificate-authority.pem -CAkey certificate-authority.key \
+               -set_serial 888 -out server-cert.cer -outform DER
+       rm certificate-authority.key
+       rm certificate-authority.pem
+       rm server-cert.req
\ No newline at end of file
diff --git a/tests/certificates/cert-openssl.conf b/tests/certificates/cert-openssl.conf
new file mode 100644 (file)
index 0000000..18bd0d7
--- /dev/null
@@ -0,0 +1,16 @@
+[ req ]
+default_bits           = 1024
+distinguished_name     = req_distinguished_name
+x509_extensions        = v3_ca
+dirstring_type = nobmp
+
+[ req_distinguished_name ]
+commonName                     = Common Name
+commonName_max                 = 64
+
+[ test_ca ]
+basicConstraints=CA:TRUE
+
+[ test_server ]
+basicConstraints=CA:FALSE
+extendedKeyUsage=serverAuth
\ No newline at end of file
diff --git a/tests/certificates/certificate-authority.cer b/tests/certificates/certificate-authority.cer
new file mode 100644 (file)
index 0000000..3cb8c73
Binary files /dev/null and b/tests/certificates/certificate-authority.cer differ
diff --git a/tests/certificates/collabora-ca.cer b/tests/certificates/collabora-ca.cer
deleted file mode 100644 (file)
index 2842c69..0000000
Binary files a/tests/certificates/collabora-ca.cer and /dev/null differ
diff --git a/tests/certificates/dhansak-collabora.cer b/tests/certificates/dhansak-collabora.cer
deleted file mode 100644 (file)
index c411e7d..0000000
Binary files a/tests/certificates/dhansak-collabora.cer and /dev/null differ
diff --git a/tests/certificates/server-cert.cer b/tests/certificates/server-cert.cer
new file mode 100644 (file)
index 0000000..a54ac88
Binary files /dev/null and b/tests/certificates/server-cert.cer differ
index c663aad2d77c16c93ec097c2e3bf9fe6556a1a66..2004383d64060ec11f716ce8e527d06ac045e263 100644 (file)
@@ -411,7 +411,7 @@ test_certificate_mock_basics (Test *test,
   GError *error = NULL;
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", NULL);
+          "server-cert.cer", NULL);
 
   ensure_certificate_proxy (test);
 
@@ -431,7 +431,7 @@ test_certificate_verify_success_with_pkcs11_lookup (Test *test,
   GError *error = NULL;
   EmpathyTLSVerifier *verifier;
   const gchar *reference_identities[] = {
-    "www.collabora.co.uk",
+    "test-server.empathy.gnome.org",
     NULL
   };
 
@@ -442,14 +442,14 @@ test_certificate_verify_success_with_pkcs11_lookup (Test *test,
    */
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", NULL);
+          "server-cert.cer", NULL);
 
   /* We add the collabora directory with the collabora root */
-  add_certificate_to_mock (test, "collabora-ca.cer", NULL);
+  add_certificate_to_mock (test, "certificate-authority.cer", NULL);
 
   ensure_certificate_proxy (test);
 
-  verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+  verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
       reference_identities);
   empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
   g_main_loop_run (test->loop);
@@ -472,7 +472,7 @@ test_certificate_verify_success_with_full_chain (Test *test,
   GError *error = NULL;
   EmpathyTLSVerifier *verifier;
   const gchar *reference_identities[] = {
-    "www.collabora.co.uk",
+    "test-server.empathy.gnome.org",
     NULL
   };
 
@@ -482,14 +482,14 @@ test_certificate_verify_success_with_full_chain (Test *test,
    */
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", "collabora-ca.cer", NULL);
+          "server-cert.cer", "certificate-authority.cer", NULL);
 
   /* We add the collabora directory with the collabora root */
-  add_certificate_to_mock (test, "collabora-ca.cer", NULL);
+  add_certificate_to_mock (test, "certificate-authority.cer", NULL);
 
   ensure_certificate_proxy (test);
 
-  verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+  verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
       reference_identities);
   empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
   g_main_loop_run (test->loop);
@@ -511,18 +511,18 @@ test_certificate_verify_root_not_found (Test *test,
   GError *error = NULL;
   EmpathyTLSVerifier *verifier;
   const gchar *reference_identities[] = {
-    "www.collabora.co.uk",
+    "test-server.empathy.gnome.org",
     NULL
   };
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", NULL);
+          "server-cert.cer", NULL);
 
   /* Note that we're not adding any place to find root certs */
 
   ensure_certificate_proxy (test);
 
-  verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+  verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
       reference_identities);
   empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
   g_main_loop_run (test->loop);
@@ -546,18 +546,18 @@ test_certificate_verify_root_not_anchored (Test *test,
   GError *error = NULL;
   EmpathyTLSVerifier *verifier;
   const gchar *reference_identities[] = {
-    "www.collabora.co.uk",
+    "test-server.empathy.gnome.org",
     NULL
   };
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", "collabora-ca.cer", NULL);
+          "server-cert.cer", "certificate-authority.cer", NULL);
 
   /* Note that we're not adding any place to find root certs */
 
   ensure_certificate_proxy (test);
 
-  verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+  verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
       reference_identities);
   empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
   g_main_loop_run (test->loop);
@@ -586,10 +586,10 @@ test_certificate_verify_identities_invalid (Test *test,
   };
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", "collabora-ca.cer", NULL);
+          "server-cert.cer", "certificate-authority.cer", NULL);
 
   /* We add the collabora directory with the collabora root */
-  add_certificate_to_mock (test, "collabora-ca.cer", NULL);
+  add_certificate_to_mock (test, "certificate-authority.cer", NULL);
 
   ensure_certificate_proxy (test);
 
@@ -622,15 +622,15 @@ test_certificate_verify_uses_reference_identities (Test *test,
   };
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", "collabora-ca.cer", NULL);
+          "server-cert.cer", "certificate-authority.cer", NULL);
 
   /* We add the collabora directory with the collabora root */
-  add_certificate_to_mock (test, "collabora-ca.cer", NULL);
+  add_certificate_to_mock (test, "certificate-authority.cer", NULL);
 
   ensure_certificate_proxy (test);
 
   /* Should be using the reference_identities and not host name for checks */
-  verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+  verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
       reference_identities);
   empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
   g_main_loop_run (test->loop);
@@ -654,7 +654,7 @@ test_certificate_verify_success_with_pinned (Test *test,
   GError *error = NULL;
   EmpathyTLSVerifier *verifier;
   const gchar *reference_identities[] = {
-    "www.collabora.co.uk",
+    "test-server.empathy.gnome.org",
     NULL
   };
 
@@ -664,14 +664,14 @@ test_certificate_verify_success_with_pinned (Test *test,
    */
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", NULL);
+          "server-cert.cer", NULL);
 
   /* We add the collabora directory with the collabora root */
-  add_certificate_to_mock (test, "dhansak-collabora.cer", "www.collabora.co.uk");
+  add_certificate_to_mock (test, "server-cert.cer", "test-server.empathy.gnome.org");
 
   ensure_certificate_proxy (test);
 
-  verifier = empathy_tls_verifier_new (test->cert, "www.collabora.co.uk",
+  verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
       reference_identities);
   empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
   g_main_loop_run (test->loop);
@@ -693,18 +693,18 @@ test_certificate_verify_pinned_wrong_host (Test *test,
   GError *error = NULL;
   EmpathyTLSVerifier *verifier;
   const gchar *reference_identities[] = {
-    "www.collabora.co.uk",
+    "test-server.empathy.gnome.org",
     NULL
   };
 
   test->mock = mock_tls_certificate_new_and_register (test->dbus,
-          "dhansak-collabora.cer", NULL);
+          "server-cert.cer", NULL);
 
   /* Note that we're not adding any place to find root certs */
 
   ensure_certificate_proxy (test);
 
-  verifier = empathy_tls_verifier_new (test->cert, "another.collabora.co.uk",
+  verifier = empathy_tls_verifier_new (test->cert, "another.gnome.org",
       reference_identities);
   empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
   g_main_loop_run (test->loop);