1 /* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
3 Copyright (C) 2010 Collabora Ltd
5 The Gnome Keyring Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Library General Public License as
7 published by the Free Software Foundation; either version 2 of the
8 License, or (at your option) any later version.
10 The Gnome Keyring Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Library General Public License for more details.
15 You should have received a copy of the GNU Library General Public
16 License along with the Gnome Library; see the file COPYING.LIB. If not,
17 write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
20 Author: Stef Walter <stefw@collabora.co.uk>
25 #include "gcr/gcr-base.h"
26 #include "gcr/gcr-internal.h"
28 #include "egg/egg-asn1x.h"
29 #include "egg/egg-asn1-defs.h"
30 #include "egg/egg-testing.h"
32 #include "gck/gck-mock.h"
33 #include "gck/gck-test.h"
34 #include <p11-kit/pkcs11.h>
35 #include "gck/pkcs11x.h"
42 /* ---------------------------------------------------------------------------
43 * A Mock certificate that checks that it's always called on the
44 * same thread. A GcrCertificate implemented on top of a non-thread-safe
45 * crypto library would require this behavior.
48 GType mock_certificate_get_type (void);
50 #define MOCK_CERTIFICATE(obj) \
51 (G_TYPE_CHECK_INSTANCE_CAST ((obj), mock_certificate_get_type (), MockCertificate))
53 typedef struct _MockCertificate {
60 typedef struct _MockCertificateClass {
61 GObjectClass parent_class;
62 } MockCertificateClass;
64 static void mock_certificate_iface (GcrCertificateIface *iface);
65 G_DEFINE_TYPE_WITH_CODE (MockCertificate, mock_certificate, G_TYPE_OBJECT,
66 GCR_CERTIFICATE_MIXIN_IMPLEMENT_COMPARABLE ();
67 G_IMPLEMENT_INTERFACE (GCR_TYPE_CERTIFICATE, mock_certificate_iface);
71 mock_certificate_init (MockCertificate *self)
73 self->created_on = g_thread_self ();
77 mock_certificate_finalize (GObject *obj)
79 MockCertificate *self = MOCK_CERTIFICATE (obj);
80 g_assert (self->created_on == g_thread_self ());
82 G_OBJECT_CLASS (mock_certificate_parent_class)->finalize (obj);
86 mock_certificate_class_init (MockCertificateClass *klass)
88 GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
89 gobject_class->finalize = mock_certificate_finalize;
90 gobject_class->get_property = gcr_certificate_mixin_get_property;
91 gcr_certificate_mixin_class_init (gobject_class);
95 mock_certificate_real_get_der_data (GcrCertificate *base, gsize *n_data)
97 MockCertificate *self = MOCK_CERTIFICATE (base);
98 g_assert (self->created_on == g_thread_self ());
99 *n_data = self->n_data;
104 mock_certificate_iface (GcrCertificateIface *iface)
106 iface->get_der_data = (gpointer)mock_certificate_real_get_der_data;
109 static GcrCertificate*
110 mock_certificate_new (gconstpointer data, gsize n_data)
112 MockCertificate *self = g_object_new (mock_certificate_get_type (), NULL);
113 self->data = g_memdup (data, n_data);
114 self->n_data = n_data;
115 g_assert (self->created_on == g_thread_self ());
116 return GCR_CERTIFICATE (self);
119 /* ----------------------------------------------------------------------------
124 /* A self signed certificate */
125 GcrCertificate *cert_self;
127 /* Simple CA + issued */
128 GcrCertificate *cert_ca;
129 GcrCertificate *cert_signed;
131 /* Root + intermediate + issued */
132 GcrCertificate *cert_root;
133 GcrCertificate *cert_inter;
134 GcrCertificate *cert_host;
136 CK_FUNCTION_LIST funcs;
140 setup (Test *test, gconstpointer unused)
142 GList *modules = NULL;
143 CK_FUNCTION_LIST_PTR f;
146 const gchar *uris[2];
150 rv = gck_mock_C_GetFunctionList (&f);
151 gck_assert_cmprv (rv, ==, CKR_OK);
152 memcpy (&test->funcs, f, sizeof (test->funcs));
155 rv = (test->funcs.C_Initialize) (NULL);
156 gck_assert_cmprv (rv, ==, CKR_OK);
159 module = gck_module_new (&test->funcs);
160 modules = g_list_prepend (modules, module);
161 gcr_pkcs11_set_modules (modules);
162 uris[0] = GCK_MOCK_SLOT_ONE_URI;
164 gcr_pkcs11_set_trust_lookup_uris (uris);
165 gcr_pkcs11_set_trust_store_uri (GCK_MOCK_SLOT_ONE_URI);
166 gck_list_unref_free (modules);
168 /* A self-signed certificate */
169 if (!g_file_get_contents (SRCDIR "/files/der-certificate.crt", &contents, &n_contents, NULL))
170 g_assert_not_reached ();
171 test->cert_self = gcr_simple_certificate_new ((const guchar *)contents, n_contents);
174 /* A signed certificate */
175 if (!g_file_get_contents (SRCDIR "/files/dhansak-collabora.cer", &contents, &n_contents, NULL))
176 g_assert_not_reached ();
177 test->cert_signed = mock_certificate_new (contents, n_contents);
180 /* The signer for the above certificate */
181 if (!g_file_get_contents (SRCDIR "/files/collabora-ca.cer", &contents, &n_contents, NULL))
182 g_assert_not_reached ();
183 test->cert_ca = mock_certificate_new (contents, n_contents);
187 if (!g_file_get_contents (SRCDIR "/files/startcom-ca.cer", &contents, &n_contents, NULL))
188 g_assert_not_reached ();
189 test->cert_root = mock_certificate_new (contents, n_contents);
192 /* An intermediate */
193 if (!g_file_get_contents (SRCDIR "/files/startcom-intermediate.cer", &contents, &n_contents, NULL))
194 g_assert_not_reached ();
195 test->cert_inter = mock_certificate_new (contents, n_contents);
198 /* Signed by above intermediate */
199 if (!g_file_get_contents (SRCDIR "/files/jabber-server.cer", &contents, &n_contents, NULL))
200 g_assert_not_reached ();
201 test->cert_host = mock_certificate_new (contents, n_contents);
206 add_certificate_to_module (GcrCertificate *certificate)
208 GckBuilder builder = GCK_BUILDER_INIT;
210 gsize n_data, n_subject;
213 data = gcr_certificate_get_der_data (certificate, &n_data);
216 subject = gcr_certificate_get_subject_raw (certificate, &n_subject);
219 /* Add a certificate to the module */
220 gck_builder_add_data (&builder, CKA_VALUE, data, n_data);
221 gck_builder_add_ulong (&builder, CKA_CLASS, CKO_CERTIFICATE);
222 gck_builder_add_ulong (&builder, CKA_CERTIFICATE_TYPE, CKC_X_509);
223 gck_builder_add_data (&builder, CKA_SUBJECT, subject, n_subject);
224 gck_mock_module_add_object (gck_builder_end (&builder));
230 add_anchor_to_module (GcrCertificate *certificate, const gchar *purpose)
232 GckBuilder builder = GCK_BUILDER_INIT;
236 data = gcr_certificate_get_der_data (certificate, &n_data);
239 /* And add a pinned certificate for the signed certificate */
240 gck_builder_add_data (&builder, CKA_X_CERTIFICATE_VALUE, data, n_data);
241 gck_builder_add_ulong (&builder, CKA_CLASS, CKO_X_TRUST_ASSERTION);
242 gck_builder_add_ulong (&builder, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
243 gck_builder_add_string (&builder, CKA_X_PURPOSE, purpose);
244 gck_mock_module_add_object (gck_builder_end (&builder));
248 add_pinned_to_module (GcrCertificate *certificate, const gchar *purpose, const gchar *host)
250 GckBuilder builder = GCK_BUILDER_INIT;
254 data = gcr_certificate_get_der_data (certificate, &n_data);
257 /* And add a pinned certificate for the signed certificate */
258 gck_builder_add_data (&builder, CKA_X_CERTIFICATE_VALUE, data, n_data);
259 gck_builder_add_ulong (&builder, CKA_CLASS, CKO_X_TRUST_ASSERTION);
260 gck_builder_add_ulong (&builder, CKA_X_ASSERTION_TYPE, CKT_X_PINNED_CERTIFICATE);
261 gck_builder_add_string (&builder, CKA_X_PURPOSE, purpose);
262 gck_builder_add_string (&builder, CKA_X_PEER, host);
263 gck_mock_module_add_object (gck_builder_end (&builder));
267 teardown (Test *test, gconstpointer unused)
271 g_object_unref (test->cert_self);
272 g_object_unref (test->cert_signed);
273 g_object_unref (test->cert_ca);
275 rv = (test->funcs.C_Finalize) (NULL);
276 gck_assert_cmprv (rv, ==, CKR_OK);
278 _gcr_uninitialize_library ();
282 test_new (Test *test, gconstpointer unused)
284 GcrCertificateChain *chain;
286 chain = gcr_certificate_chain_new ();
288 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
289 GCR_CERTIFICATE_CHAIN_UNKNOWN);
290 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 0);
292 g_assert (gcr_certificate_chain_get_endpoint (chain) == NULL);
294 g_object_unref (chain);
298 test_new_with_cert (Test *test, gconstpointer unused)
300 GcrCertificateChain *chain;
301 GcrCertificate *check;
302 guint status, length;
304 chain = gcr_certificate_chain_new ();
305 gcr_certificate_chain_add (chain, test->cert_signed);
306 gcr_certificate_chain_add (chain, test->cert_ca);
308 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
309 GCR_CERTIFICATE_CHAIN_UNKNOWN);
310 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 2);
314 g_object_get (chain, "status", &status, "length", &length, NULL);
315 g_assert_cmpuint (status, ==, GCR_CERTIFICATE_CHAIN_UNKNOWN);
316 g_assert_cmpuint (length, ==, 2);
318 check = gcr_certificate_chain_get_certificate (chain, 1);
319 g_assert (check == test->cert_ca);
321 /* Not yet completed */
322 check = gcr_certificate_chain_get_anchor (chain);
323 g_assert (check == NULL);
325 check = gcr_certificate_chain_get_endpoint (chain);
326 g_assert (check == test->cert_signed);
328 g_object_unref (chain);
332 test_selfsigned (Test *test, gconstpointer unused)
334 GcrCertificateChain *chain;
335 GError *error = NULL;
337 chain = gcr_certificate_chain_new ();
339 /* Add a self-signed certificate */
340 gcr_certificate_chain_add (chain, test->cert_self);
342 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
343 NULL, 0, NULL, &error))
344 g_assert_not_reached ();
345 g_assert_no_error (error);
347 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
348 GCR_CERTIFICATE_CHAIN_SELFSIGNED);
350 g_object_unref (chain);
354 test_incomplete (Test *test, gconstpointer unused)
356 GcrCertificateChain *chain;
357 GError *error = NULL;
359 chain = gcr_certificate_chain_new ();
361 /* Add a signed certificate */
362 gcr_certificate_chain_add (chain, test->cert_signed);
364 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
365 NULL, 0, NULL, &error))
366 g_assert_not_reached ();
367 g_assert_no_error (error);
369 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
370 GCR_CERTIFICATE_CHAIN_INCOMPLETE);
372 g_object_unref (chain);
376 test_empty (Test *test, gconstpointer unused)
378 GcrCertificateChain *chain;
379 GError *error = NULL;
381 chain = gcr_certificate_chain_new ();
383 /* Add no certificate */
385 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
386 NULL, 0, NULL, &error))
387 g_assert_not_reached ();
388 g_assert_no_error (error);
390 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
391 GCR_CERTIFICATE_CHAIN_UNKNOWN);
393 g_object_unref (chain);
397 test_trim_extras (Test *test, gconstpointer unused)
399 GcrCertificateChain *chain;
400 GError *error = NULL;
402 chain = gcr_certificate_chain_new ();
404 /* Add two unrelated certificates */
405 gcr_certificate_chain_add (chain, test->cert_self);
406 gcr_certificate_chain_add (chain, test->cert_signed);
408 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 2);
410 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
411 NULL, 0, NULL, &error))
412 g_assert_not_reached ();
413 g_assert_no_error (error);
415 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
416 GCR_CERTIFICATE_CHAIN_SELFSIGNED);
417 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 1);
419 g_object_unref (chain);
423 fetch_async_result (GObject *source, GAsyncResult *result, gpointer user_data)
425 *((GAsyncResult**)user_data) = result;
426 g_object_ref (result);
427 egg_test_wait_stop ();
431 test_complete_async (Test *test, gconstpointer unused)
433 GcrCertificateChain *chain;
434 GError *error = NULL;
435 GAsyncResult *result = NULL;
437 chain = gcr_certificate_chain_new ();
439 /* Add a whole bunch of certificates */
440 gcr_certificate_chain_add (chain, test->cert_signed);
441 gcr_certificate_chain_add (chain, test->cert_ca);
442 gcr_certificate_chain_add (chain, test->cert_self);
444 gcr_certificate_chain_build_async (chain, GCR_PURPOSE_CLIENT_AUTH,
445 NULL, 0, NULL, fetch_async_result, &result);
446 egg_test_wait_until (500);
447 if (!gcr_certificate_chain_build_finish (chain, result, &error))
448 g_assert_not_reached ();
449 g_assert_no_error (error);
450 g_object_unref (result);
452 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
453 GCR_CERTIFICATE_CHAIN_SELFSIGNED);
454 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 2);
456 g_object_unref (chain);
460 test_with_anchor (Test *test, gconstpointer unused)
462 GcrCertificateChain *chain;
463 GError *error = NULL;
465 chain = gcr_certificate_chain_new ();
467 /* Two certificates in chain with ca trust anchor */
468 gcr_certificate_chain_add (chain, test->cert_signed);
469 gcr_certificate_chain_add (chain, test->cert_ca);
470 add_anchor_to_module (test->cert_ca, GCR_PURPOSE_CLIENT_AUTH);
472 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 2);
474 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
475 NULL, 0, NULL, &error))
476 g_assert_not_reached ();
477 g_assert_no_error (error);
479 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
480 GCR_CERTIFICATE_CHAIN_ANCHORED);
481 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 2);
482 g_assert (gcr_certificate_chain_get_anchor (chain) == test->cert_ca);
484 g_object_unref (chain);
488 test_with_anchor_and_lookup_ca (Test *test, gconstpointer unused)
490 GcrCertificateChain *chain;
491 GError *error = NULL;
493 chain = gcr_certificate_chain_new ();
495 /* One signed certificate, with CA in pkcs11, and trust anchor */
496 gcr_certificate_chain_add (chain, test->cert_signed);
497 add_certificate_to_module (test->cert_ca);
498 add_anchor_to_module (test->cert_ca, GCR_PURPOSE_CLIENT_AUTH);
500 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 1);
502 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
503 NULL, 0, NULL, &error))
504 g_assert_not_reached ();
505 g_assert_no_error (error);
507 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
508 GCR_CERTIFICATE_CHAIN_ANCHORED);
509 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 2);
510 g_assert (gcr_certificate_chain_get_anchor (chain) != NULL);
512 g_object_unref (chain);
516 test_with_pinned (Test *test, gconstpointer unused)
518 GcrCertificateChain *chain;
519 GError *error = NULL;
521 chain = gcr_certificate_chain_new ();
523 /* One certificate, and add CA to pkcs11 */
524 gcr_certificate_chain_add (chain, test->cert_signed);
525 gcr_certificate_chain_add (chain, test->cert_ca);
526 add_pinned_to_module (test->cert_signed, GCR_PURPOSE_CLIENT_AUTH, "pinned.example.com");
528 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 2);
530 /* But we don't allow the lookup to happen */
531 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
532 "pinned.example.com", 0, NULL, &error))
533 g_assert_not_reached ();
534 g_assert_no_error (error);
536 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
537 GCR_CERTIFICATE_CHAIN_PINNED);
538 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 1);
539 g_assert (gcr_certificate_chain_get_anchor (chain) == NULL);
541 g_object_unref (chain);
545 test_without_lookups (Test *test, gconstpointer unused)
547 GcrCertificateChain *chain;
548 GError *error = NULL;
550 chain = gcr_certificate_chain_new ();
552 /* One certificate, and add CA to pkcs11 */
553 gcr_certificate_chain_add (chain, test->cert_signed);
554 add_certificate_to_module (test->cert_ca);
556 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 1);
558 /* But we don't allow the lookup to happen */
559 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
560 NULL, GCR_CERTIFICATE_CHAIN_NO_LOOKUPS,
562 g_assert_not_reached ();
563 g_assert_no_error (error);
565 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
566 GCR_CERTIFICATE_CHAIN_INCOMPLETE);
567 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 1);
568 g_assert (gcr_certificate_chain_get_anchor (chain) == NULL);
570 g_object_unref (chain);
574 test_with_lookup_error (Test *test, gconstpointer unused)
576 GcrCertificateChain *chain;
577 GError *error = NULL;
579 /* Make the lookup fail */
580 test->funcs.C_GetAttributeValue = gck_mock_fail_C_GetAttributeValue;
582 chain = gcr_certificate_chain_new ();
584 /* Two certificates in chain with ca trust anchor */
585 gcr_certificate_chain_add (chain, test->cert_signed);
586 add_certificate_to_module (test->cert_ca);
588 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 1);
590 if (gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
591 NULL, 0, NULL, &error))
592 g_assert_not_reached ();
593 g_assert_error (error, GCK_ERROR, CKR_FUNCTION_FAILED);
594 g_clear_error (&error);
596 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
597 GCR_CERTIFICATE_CHAIN_UNKNOWN);
599 g_object_unref (chain);
603 test_wrong_order_anchor (Test *test, gconstpointer unused)
605 GcrCertificateChain *chain;
606 GError *error = NULL;
608 chain = gcr_certificate_chain_new ();
610 /* Two certificates in chain with ca trust anchor */
611 gcr_certificate_chain_add (chain, test->cert_host);
612 gcr_certificate_chain_add (chain, test->cert_root);
613 gcr_certificate_chain_add (chain, test->cert_inter);
614 add_anchor_to_module (test->cert_root, GCR_PURPOSE_CLIENT_AUTH);
616 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 3);
618 if (!gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
619 NULL, 0, NULL, &error))
620 g_assert_not_reached ();
621 g_assert_no_error (error);
623 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
624 GCR_CERTIFICATE_CHAIN_ANCHORED);
625 g_assert_cmpuint (gcr_certificate_chain_get_length (chain), ==, 3);
626 g_assert (gcr_certificate_chain_get_anchor (chain) == test->cert_root);
628 g_object_unref (chain);
632 test_with_anchor_error (Test *test, gconstpointer unused)
634 GcrCertificateChain *chain;
635 GError *error = NULL;
637 /* Make the lookup fail */
638 test->funcs.C_GetAttributeValue = gck_mock_fail_C_GetAttributeValue;
640 chain = gcr_certificate_chain_new ();
642 /* Two certificates in chain with ca trust anchor */
643 gcr_certificate_chain_add (chain, test->cert_signed);
644 add_certificate_to_module (test->cert_ca);
646 if (gcr_certificate_chain_build (chain, GCR_PURPOSE_CLIENT_AUTH,
647 NULL, 0, NULL, &error))
648 g_assert_not_reached ();
649 g_assert_error (error, GCK_ERROR, CKR_FUNCTION_FAILED);
650 g_clear_error (&error);
652 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
653 GCR_CERTIFICATE_CHAIN_UNKNOWN);
655 g_object_unref (chain);
659 test_with_anchor_error_async (Test *test, gconstpointer unused)
661 GcrCertificateChain *chain;
662 GError *error = NULL;
663 GAsyncResult *result;
665 /* Make the lookup fail */
666 test->funcs.C_GetAttributeValue = gck_mock_fail_C_GetAttributeValue;
668 chain = gcr_certificate_chain_new ();
670 /* Two certificates in chain with ca trust anchor */
671 gcr_certificate_chain_add (chain, test->cert_signed);
672 add_certificate_to_module (test->cert_ca);
674 gcr_certificate_chain_build_async (chain, GCR_PURPOSE_CLIENT_AUTH,
675 NULL, 0, NULL, fetch_async_result, &result);
676 egg_test_wait_until (500);
677 if (gcr_certificate_chain_build_finish (chain, result, &error))
678 g_assert_not_reached ();
679 g_assert_error (error, GCK_ERROR, CKR_FUNCTION_FAILED);
680 g_clear_error (&error);
681 g_object_unref (result);
683 g_assert_cmpuint (gcr_certificate_chain_get_status (chain), ==,
684 GCR_CERTIFICATE_CHAIN_UNKNOWN);
686 g_object_unref (chain);
690 main (int argc, char **argv)
692 #if !GLIB_CHECK_VERSION(2,35,0)
695 g_test_init (&argc, &argv, NULL);
696 g_set_prgname ("test-certificate-chain");
698 g_test_add ("/gcr/certificate-chain/new", Test, NULL, setup, test_new, teardown);
699 g_test_add ("/gcr/certificate-chain/new_with_cert", Test, NULL, setup, test_new_with_cert, teardown);
700 g_test_add ("/gcr/certificate-chain/selfsigned", Test, NULL, setup, test_selfsigned, teardown);
701 g_test_add ("/gcr/certificate-chain/incomplete", Test, NULL, setup, test_incomplete, teardown);
702 g_test_add ("/gcr/certificate-chain/empty", Test, NULL, setup, test_empty, teardown);
703 g_test_add ("/gcr/certificate-chain/trim_extras", Test, NULL, setup, test_trim_extras, teardown);
704 g_test_add ("/gcr/certificate-chain/complete_async", Test, NULL, setup, test_complete_async, teardown);
705 g_test_add ("/gcr/certificate-chain/with_anchor", Test, NULL, setup, test_with_anchor, teardown);
706 g_test_add ("/gcr/certificate-chain/with_anchor_and_lookup_ca", Test, NULL, setup, test_with_anchor_and_lookup_ca, teardown);
707 g_test_add ("/gcr/certificate-chain/with_pinned", Test, NULL, setup, test_with_pinned, teardown);
708 g_test_add ("/gcr/certificate-chain/without_lookups", Test, NULL, setup, test_without_lookups, teardown);
709 g_test_add ("/gcr/certificate-chain/wrong_order_anchor", Test, NULL, setup, test_wrong_order_anchor, teardown);
710 g_test_add ("/gcr/certificate-chain/with_lookup_error", Test, NULL, setup, test_with_lookup_error, teardown);
711 g_test_add ("/gcr/certificate-chain/with_anchor_error", Test, NULL, setup, test_with_anchor_error, teardown);
712 g_test_add ("/gcr/certificate-chain/with_anchor_error_async", Test, NULL, setup, test_with_anchor_error_async, teardown);
714 return egg_tests_run_with_loop ();