trust: Support a p11-kit specific serialization format

This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
author: Stef Walter <stefw@gnome.org> 2013-03-15 11:50:24 +0100
committer: Stef Walter <stefw@gnome.org> 2013-03-15 18:18:47 +0100
commit: 7fd74a78fcad81227be3650239669bca5851a1db (patch)
tree: 64f60c20357a7fd34f9aee30ac12dcfa2ebb1109 /trust/tests
parent: 48004b92d4c65080ac71f6a48297abd4d83dfdcb (diff)
8 files changed, 563 insertions, 41 deletions
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
index a675a56..fa70120 100644
--- a/trust/tests/Makefile.am
+++ b/trust/tests/Makefile.am
@@ -26,6 +26,7 @@ LDADD = \
 	$(NULL)
 
 CHECK_PROGS = \
+	test-persist \
 	test-parser \
 	test-index \
 	test-builder \
diff --git a/trust/tests/input/verisign-v1.p11-kit b/trust/tests/input/verisign-v1.p11-kit
new file mode 100644
index 0000000..eaa080d
--- /dev/null
+++ b/trust/tests/input/verisign-v1.p11-kit
@@ -0,0 +1,17 @@
+[p11-kit-object-v1]
+trusted: true
+
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
+zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
+TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
+CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
+NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
+Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
+-----END CERTIFICATE-----
diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c
index f879706..3d3d067 100644
--- a/trust/tests/test-builder.c
+++ b/trust/tests/test-builder.c
@@ -341,45 +341,6 @@ test_build_certificate_non_ca (CuTest *cu)
 	teardown (cu);
 }
 
-static const unsigned char verisign_v1_ca[] = {
-	0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0,
-	0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-	0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06,
-	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
-	0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63,
-	0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73,
-	0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61,
-	0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36,
-	0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30,
-	0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09,
-	0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
-	0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e,
-	0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61,
-	0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d,
-	0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d,
-	0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
-	0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d,
-	0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e,
-	0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f,
-	0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73,
-	0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06,
-	0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2,
-	0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9,
-	0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a,
-	0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06,
-	0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
-	0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09,
-	0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96,
-	0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d,
-	0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe,
-	0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15,
-	0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36,
-	0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa,
-	0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b,
-};
-
 static void
 test_build_certificate_v1_ca (CuTest *cu)
 {
diff --git a/trust/tests/test-data.h b/trust/tests/test-data.h
index b07830d..9daff87 100644
--- a/trust/tests/test-data.h
+++ b/trust/tests/test-data.h
@@ -230,4 +230,43 @@ static const char test_cacert3_ca_serial[] = {
 	0x02, 0x03, 0x0a, 0x41, 0x8a,
 };
 
+static const unsigned char verisign_v1_ca[] = {
+	0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0,
+	0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+	0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06,
+	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
+	0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63,
+	0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73,
+	0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61,
+	0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36,
+	0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30,
+	0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09,
+	0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
+	0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e,
+	0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61,
+	0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d,
+	0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d,
+	0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
+	0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d,
+	0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e,
+	0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f,
+	0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73,
+	0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06,
+	0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2,
+	0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9,
+	0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a,
+	0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06,
+	0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
+	0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09,
+	0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96,
+	0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d,
+	0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe,
+	0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15,
+	0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36,
+	0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa,
+	0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b,
+};
+
 #endif /* TEST_DATA_H_ */
diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c
index 772dc8a..52eafe0 100644
--- a/trust/tests/test-module.c
+++ b/trust/tests/test-module.c
@@ -513,7 +513,7 @@ test_find_certificates (CuTest *cu)
 	setup (cu);
 
 	count = find_objects (cu, match, sessions, objects, 16);
-	CuAssertIntEquals (cu, 7, count);
+	CuAssertIntEquals (cu, 8, count);
 
 	for (i = 0; i < count; i++)
 		check_certificate (cu, sessions[i], objects[i]);
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index a63d7a5..69049f7 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -156,6 +156,37 @@ test_parse_pem_certificate (CuTest *cu)
 }
 
 static void
+test_parse_p11_kit_persist (CuTest *cu)
+{
+	CK_ATTRIBUTE *cert;
+	int ret;
+
+	CK_ATTRIBUTE expected[] = {
+		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
+		{ CKA_CLASS, &certificate, sizeof (certificate) },
+		{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
+		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
+		{ CKA_TRUSTED, &truev, sizeof (truev) },
+		{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
+		{ CKA_INVALID },
+	};
+
+	setup (cu);
+
+	ret = p11_parse_file (test.parser, SRCDIR "/input/verisign-v1.p11-kit",
+	                      P11_PARSE_FLAG_NONE);
+	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+
+	/* Should have gotten certificate  */
+	CuAssertIntEquals (cu, 1, p11_index_size (test.index));
+
+	cert = parsed_attrs (certificate_match);
+	test_check_attrs (cu, expected, cert);
+
+	teardown (cu);
+}
+
+static void
 test_parse_openssl_trusted (CuTest *cu)
 {
 	CK_ATTRIBUTE cacert3[] = {
@@ -420,6 +451,7 @@ main (void)
 
 	SUITE_ADD_TEST (suite, test_parse_der_certificate);
 	SUITE_ADD_TEST (suite, test_parse_pem_certificate);
+	SUITE_ADD_TEST (suite, test_parse_p11_kit_persist);
 	SUITE_ADD_TEST (suite, test_parse_openssl_trusted);
 	SUITE_ADD_TEST (suite, test_parse_openssl_distrusted);
 	SUITE_ADD_TEST (suite, test_parse_anchor);
diff --git a/trust/tests/test-persist.c b/trust/tests/test-persist.c
new file mode 100644
index 0000000..d3bd117
--- /dev/null
+++ b/trust/tests/test-persist.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+#include "CuTest.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "array.h"
+#include "attrs.h"
+#include "compat.h"
+#include "debug.h"
+#include "library.h"
+#include "persist.h"
+#include "pkcs11.h"
+#include "pkcs11x.h"
+
+#include "test-data.h"
+
+static void
+test_magic (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "value: \"blah\"\n"
+	                    "application: \"test-persist\"\n";
+
+	const char *other = "            "
+			"\n\n[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "value: \"blah\"\n"
+	                    "application: \"test-persist\"\n";
+
+	CuAssertTrue (tc, p11_persist_magic ((unsigned char *)input, strlen (input)));
+	CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)input, 5));
+	CuAssertTrue (tc, p11_persist_magic ((unsigned char *)other, strlen (other)));
+	CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)"blah", 4));
+}
+
+static p11_array *
+args_to_array (void *arg,
+               ...) GNUC_NULL_TERMINATED;
+
+static p11_array *
+args_to_array (void *arg,
+               ...)
+{
+	p11_array *array = p11_array_new (NULL);
+
+	va_list (va);
+	va_start (va, arg);
+
+	while (arg != NULL) {
+		p11_array_push (array, arg);
+		arg = va_arg (va, void *);
+	}
+
+	va_end (va);
+
+	return array;
+}
+
+static void
+check_read_msg (CuTest *tc,
+                const char *file,
+                int line,
+                const char *input,
+                p11_array *expected)
+{
+	p11_array *objects;
+	p11_persist *persist;
+	int i;
+
+	persist = p11_persist_new ();
+	objects = p11_array_new (p11_attrs_free);
+
+	if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) {
+		CuAssert_Line (tc, file, line, "decoding should have failed", expected != NULL);
+		for (i = 0; i < expected->num; i++) {
+			CuAssert_Line (tc, file, line, "too few objects read", i < objects->num);
+			test_check_attrs_msg (tc, file, line, expected->elem[i], objects->elem[i]);
+		}
+		CuAssert_Line (tc, file, line, "too many objects read", i == objects->num);
+	} else {
+		CuAssert_Line (tc, file, line, "decoding failed", expected == NULL);
+	}
+
+	p11_array_free (objects);
+	p11_persist_free (persist);
+	p11_array_free (expected);
+}
+
+#define check_read_success(tc, input, objs) \
+	check_read_msg (tc, __FILE__, __LINE__, input, args_to_array objs)
+
+#define check_read_failure(tc, input) \
+	check_read_msg (tc, __FILE__, __LINE__, input, NULL)
+
+static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
+static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
+static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
+static CK_OBJECT_CLASS data = CKO_DATA;
+static CK_BBOOL truev = CK_TRUE;
+static CK_BBOOL falsev = CK_FALSE;
+
+static void
+test_simple (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "value: \"blah\"\n"
+	                    "application: \"test-persist\"\n";
+
+	CK_ATTRIBUTE expected[] = {
+		{ CKA_CLASS, &data, sizeof (data) },
+		{ CKA_VALUE, "blah", 4 },
+		{ CKA_APPLICATION, "test-persist", 12 },
+		{ CKA_INVALID },
+	};
+
+	check_read_success (tc, input, (expected, NULL));
+}
+
+static void
+test_number (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "value: 29202390239\n"
+	                    "application: \"test-persist\"\n";
+
+	CK_ULONG value = 29202390239;
+
+	CK_ATTRIBUTE expected[] = {
+		{ CKA_CLASS, &data, sizeof (data) },
+		{ CKA_VALUE, &value, sizeof (value) },
+		{ CKA_APPLICATION, "test-persist", 12 },
+		{ CKA_INVALID },
+	};
+
+	check_read_success (tc, input, (expected, NULL));
+}
+
+static void
+test_bool (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "private: true\n"
+	                    "modifiable: false\n"
+	                    "application: \"test-persist\"\n";
+
+	CK_ATTRIBUTE expected[] = {
+		{ CKA_CLASS, &data, sizeof (data) },
+		{ CKA_PRIVATE, &truev, sizeof (truev) },
+		{ CKA_MODIFIABLE, &falsev, sizeof (falsev) },
+		{ CKA_APPLICATION, "test-persist", 12 },
+		{ CKA_INVALID },
+	};
+
+	check_read_success (tc, input, (expected, NULL));
+}
+
+static void
+test_oid (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "object-id: 1.2.3.4";
+
+	CK_ATTRIBUTE expected[] = {
+		{ CKA_CLASS, &data, sizeof (data) },
+		{ CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 },
+		{ CKA_INVALID },
+	};
+
+	check_read_success (tc, input, (expected, NULL));
+}
+
+static void
+test_constant (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "trust-server-auth: nss-trust-unknown";
+
+	CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
+
+	CK_ATTRIBUTE expected[] = {
+		{ CKA_CLASS, &data, sizeof (data) },
+		{ CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
+		{ CKA_INVALID },
+	};
+
+	check_read_success (tc, input, (expected, NULL));
+}
+
+static void
+test_multiple (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "object-id: 1.2.3.4\n"
+	                    "[p11-kit-object-v1]\n"
+	                    "class: nss-trust\n"
+	                    "trust-server-auth: nss-trust-unknown";
+
+	CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
+
+	CK_ATTRIBUTE expected1[] = {
+		{ CKA_CLASS, &data, sizeof (data) },
+		{ CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 },
+		{ CKA_INVALID },
+	};
+
+	CK_ATTRIBUTE expected2[] = {
+		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
+		{ CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
+		{ CKA_INVALID },
+	};
+
+	check_read_success (tc, input, (expected1, expected2, NULL));
+}
+
+static void
+test_pem_block (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: certificate\n"
+	                    "id: \"292c92\"\n"
+	    "-----BEGIN CERTIFICATE-----\n"
+	    "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
+	    "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
+	    "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
+	    "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
+	    "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
+	    "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
+	    "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
+	    "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
+	    "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
+	    "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
+	    "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
+	    "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
+	    "-----END CERTIFICATE-----\n"
+	                    "\n"
+	                    "trusted: true";
+
+	CK_ATTRIBUTE expected[] = {
+		{ CKA_CLASS, &certificate, sizeof (certificate) },
+		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
+		{ CKA_TRUSTED, &truev, sizeof (truev) },
+		{ CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) },
+		{ CKA_INVALID },
+	};
+
+	check_read_success (tc, input, (expected, NULL));
+}
+
+static void
+test_pem_invalid (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: certificate\n"
+	    "-----BEGIN CERT-----\n"
+	    "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
+	    "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
+	    "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
+	    "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
+	    "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
+	    "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
+	    "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
+	    "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
+	    "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
+	    "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
+	    "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
+	    "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
+	    "-----END CERTIFICATEXXX-----\n";
+
+	p11_message_quiet ();
+
+	check_read_failure (tc, input);
+
+	p11_message_loud ();
+}
+
+static void
+test_pem_unsupported (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: certificate\n"
+	                    "-----BEGIN BLOCK1-----\n"
+	                    "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
+	                    "-----END BLOCK1-----\n";
+
+	p11_message_quiet ();
+
+	check_read_failure (tc, input);
+
+	p11_message_loud ();
+}
+
+static void
+test_pem_first (CuTest *tc)
+{
+	const char *input = "-----BEGIN BLOCK1-----\n"
+	                    "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
+	                    "-----END BLOCK1-----\n"
+	                    "[p11-kit-object-v1]\n"
+	                    "class: certificate\n";
+
+	p11_message_quiet ();
+
+	check_read_failure (tc, input);
+
+	p11_message_loud ();
+}
+
+static void
+test_skip_unknown (CuTest *tc)
+{
+	const char *input = "[version-2]\n"
+	                    "class: data\n"
+	                    "object-id: 1.2.3.4\n"
+	                    "-----BEGIN BLOCK1-----\n"
+	                    "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
+	                    "-----END BLOCK1-----\n"
+	                    "[p11-kit-object-v1]\n"
+	                    "class: nss-trust\n"
+	                    "trust-server-auth: nss-trust-unknown";
+
+	CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
+
+	CK_ATTRIBUTE expected2[] = {
+		{ CKA_CLASS, &nss_trust, sizeof (nss_trust) },
+		{ CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
+		{ CKA_INVALID },
+	};
+
+	p11_message_quiet ();
+
+	check_read_success (tc, input, (expected2, NULL));
+
+	p11_message_loud ();
+}
+
+static void
+test_bad_value (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "value: \"%38%\"\n";
+
+	p11_message_quiet ();
+
+	check_read_failure (tc, input);
+
+	p11_message_loud ();
+}
+
+static void
+test_bad_oid (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "object-id: 1.2";
+
+	p11_message_quiet ();
+
+	check_read_failure (tc, input);
+
+	p11_message_loud ();
+}
+
+static void
+test_bad_field (CuTest *tc)
+{
+	const char *input = "[p11-kit-object-v1]\n"
+	                    "class: data\n"
+	                    "invalid-field: true";
+
+	p11_message_quiet ();
+
+	check_read_failure (tc, input);
+
+	p11_message_loud ();
+}
+
+static void
+test_attribute_first (CuTest *tc)
+{
+	const char *input = "class: data\n"
+	                    "[p11-kit-object-v1]\n"
+	                    "invalid-field: true";
+
+	p11_message_quiet ();
+
+	check_read_failure (tc, input);
+
+	p11_message_loud ();
+}
+
+int
+main (void)
+{
+	CuString *output = CuStringNew ();
+	CuSuite* suite = CuSuiteNew ();
+	int ret;
+
+	putenv ("P11_KIT_STRICT=1");
+	p11_debug_init ();
+	p11_library_init ();
+
+	SUITE_ADD_TEST (suite, test_magic);
+	SUITE_ADD_TEST (suite, test_simple);
+	SUITE_ADD_TEST (suite, test_number);
+	SUITE_ADD_TEST (suite, test_bool);
+	SUITE_ADD_TEST (suite, test_oid);
+	SUITE_ADD_TEST (suite, test_constant);
+	SUITE_ADD_TEST (suite, test_multiple);
+	SUITE_ADD_TEST (suite, test_pem_block);
+	SUITE_ADD_TEST (suite, test_pem_invalid);
+	SUITE_ADD_TEST (suite, test_pem_unsupported);
+	SUITE_ADD_TEST (suite, test_pem_first);
+	SUITE_ADD_TEST (suite, test_bad_value);
+	SUITE_ADD_TEST (suite, test_bad_oid);
+	SUITE_ADD_TEST (suite, test_bad_field);
+	SUITE_ADD_TEST (suite, test_skip_unknown);
+	SUITE_ADD_TEST (suite, test_attribute_first);
+
+	CuSuiteRun (suite);
+	CuSuiteSummary (suite, output);
+	CuSuiteDetails (suite, output);
+	printf ("%s\n", output->buffer);
+	ret = suite->failCount;
+	CuSuiteDelete (suite);
+	CuStringDelete (output);
+
+	return ret;
+}
diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c
index 5cca233..c62fae2 100644
--- a/trust/tests/test-token.c
+++ b/trust/tests/test-token.c
@@ -74,7 +74,7 @@ test_token_load (CuTest *cu)
 	setup (cu, SRCDIR "/input");
 
 	count = p11_token_load (test.token);
-	CuAssertIntEquals (cu, 6, count);
+	CuAssertIntEquals (cu, 7, count);
 
 	/* A certificate and trust object for each parsed object + builtin */
 	index = p11_token_index (test.token);
author	Stef Walter <stefw@gnome.org>	2013-03-15 11:50:24 +0100
committer	Stef Walter <stefw@gnome.org>	2013-03-15 18:18:47 +0100
commit	7fd74a78fcad81227be3650239669bca5851a1db (patch)
tree	64f60c20357a7fd34f9aee30ac12dcfa2ebb1109 /trust/tests
parent	48004b92d4c65080ac71f6a48297abd4d83dfdcb (diff)