1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2011 Collabora Ltd.
5 * SPDX-License-Identifier: LGPL-2.1-or-later
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General
18 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "gtesttlsbackend.h"
25 static GType _g_test_tls_certificate_get_type (void);
26 static GType _g_test_tls_connection_get_type (void);
27 static GTlsDatabase * _g_test_tls_backend_get_default_database (GTlsBackend * backend);
28 static GType _g_test_tls_database_get_type (void);
30 struct _GTestTlsBackend {
31 GObject parent_instance;
34 static void g_test_tls_backend_iface_init (GTlsBackendInterface *iface);
36 #define g_test_tls_backend_get_type _g_test_tls_backend_get_type
37 G_DEFINE_TYPE_WITH_CODE (GTestTlsBackend, g_test_tls_backend, G_TYPE_OBJECT,
38 G_IMPLEMENT_INTERFACE (G_TYPE_TLS_BACKEND,
39 g_test_tls_backend_iface_init)
40 g_io_extension_point_set_required_type (
41 g_io_extension_point_register (G_TLS_BACKEND_EXTENSION_POINT_NAME),
43 g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
49 g_test_tls_backend_init (GTestTlsBackend *backend)
54 g_test_tls_backend_class_init (GTestTlsBackendClass *backend_class)
59 g_test_tls_backend_iface_init (GTlsBackendInterface *iface)
61 iface->get_certificate_type = _g_test_tls_certificate_get_type;
62 iface->get_client_connection_type = _g_test_tls_connection_get_type;
63 iface->get_server_connection_type = _g_test_tls_connection_get_type;
64 iface->get_dtls_client_connection_type = _g_test_tls_connection_get_type;
65 iface->get_dtls_server_connection_type = _g_test_tls_connection_get_type;
66 iface->get_default_database = _g_test_tls_backend_get_default_database;
67 iface->get_file_database_type = _g_test_tls_database_get_type;
71 _g_test_tls_backend_get_default_database (GTlsBackend * backend)
73 static GTlsDatabase *default_db;
78 default_db = g_initable_new (_g_test_tls_database_get_type (),
82 g_assert_no_error (error);
88 /* Test certificate type */
90 typedef struct _GTestTlsCertificate GTestTlsCertificate;
91 typedef struct _GTestTlsCertificateClass GTestTlsCertificateClass;
93 struct _GTestTlsCertificate {
94 GTlsCertificate parent_instance;
97 GTlsCertificate *issuer;
99 gchar *private_key_pkcs11_uri;
102 struct _GTestTlsCertificateClass {
103 GTlsCertificateClass parent_class;
108 PROP_CERT_CERTIFICATE = 1,
109 PROP_CERT_CERTIFICATE_PEM,
110 PROP_CERT_PRIVATE_KEY,
111 PROP_CERT_PRIVATE_KEY_PEM,
113 PROP_CERT_PKCS11_URI,
114 PROP_CERT_PRIVATE_KEY_PKCS11_URI,
115 PROP_CERT_NOT_VALID_BEFORE,
116 PROP_CERT_NOT_VALID_AFTER,
117 PROP_CERT_SUBJECT_NAME,
118 PROP_CERT_ISSUER_NAME,
120 PROP_CERT_IP_ADDRESSES,
123 static void g_test_tls_certificate_initable_iface_init (GInitableIface *iface);
125 #define g_test_tls_certificate_get_type _g_test_tls_certificate_get_type
126 G_DEFINE_TYPE_WITH_CODE (GTestTlsCertificate, g_test_tls_certificate, G_TYPE_TLS_CERTIFICATE,
127 G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
128 g_test_tls_certificate_initable_iface_init))
130 static GTlsCertificateFlags
131 g_test_tls_certificate_verify (GTlsCertificate *cert,
132 GSocketConnectable *identity,
133 GTlsCertificate *trusted_ca)
135 /* For now, all of the tests expect the certificate to verify */
140 g_test_tls_certificate_get_property (GObject *object,
145 GTestTlsCertificate *cert = (GTestTlsCertificate *) object;
146 GPtrArray *data = NULL;
147 const gchar *dns_name = "a.example.com";
151 case PROP_CERT_CERTIFICATE_PEM:
152 g_value_set_string (value, cert->cert_pem);
154 case PROP_CERT_PRIVATE_KEY_PEM:
155 g_value_set_string (value, cert->key_pem);
157 case PROP_CERT_ISSUER:
158 g_value_set_object (value, cert->issuer);
160 case PROP_CERT_PKCS11_URI:
161 /* This test value simulates a backend that ignores the value
162 because it is unsupported */
163 if (g_strcmp0 (cert->pkcs11_uri, "unsupported") != 0)
164 g_value_set_string (value, cert->pkcs11_uri);
166 case PROP_CERT_PRIVATE_KEY_PKCS11_URI:
167 g_value_set_string (value, cert->private_key_pkcs11_uri);
169 case PROP_CERT_NOT_VALID_BEFORE:
170 g_value_take_boxed (value, g_date_time_new_from_iso8601 ("2020-10-12T17:49:44Z", NULL));
172 case PROP_CERT_NOT_VALID_AFTER:
173 g_value_take_boxed (value, g_date_time_new_from_iso8601 ("2045-10-06T17:49:44Z", NULL));
175 case PROP_CERT_SUBJECT_NAME:
176 g_value_set_string (value, "DC=COM,DC=EXAMPLE,CN=server.example.com");
178 case PROP_CERT_ISSUER_NAME:
179 g_value_set_string (value, "DC=COM,DC=EXAMPLE,OU=Certificate Authority,CN=ca.example.com,emailAddress=ca@example.com");
181 case PROP_CERT_DNS_NAMES:
182 data = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
183 g_ptr_array_add (data, g_bytes_new_static (dns_name, strlen (dns_name)));
184 g_value_take_boxed (value, data);
186 case PROP_CERT_IP_ADDRESSES:
187 data = g_ptr_array_new_with_free_func (g_object_unref);
188 g_ptr_array_add (data, g_inet_address_new_from_string ("192.0.2.1"));
189 g_value_take_boxed (value, data);
192 g_assert_not_reached ();
198 g_test_tls_certificate_set_property (GObject *object,
203 GTestTlsCertificate *cert = (GTestTlsCertificate *) object;
207 case PROP_CERT_CERTIFICATE_PEM:
208 cert->cert_pem = g_value_dup_string (value);
210 case PROP_CERT_PRIVATE_KEY_PEM:
211 cert->key_pem = g_value_dup_string (value);
213 case PROP_CERT_ISSUER:
214 cert->issuer = g_value_dup_object (value);
216 case PROP_CERT_PKCS11_URI:
217 cert->pkcs11_uri = g_value_dup_string (value);
219 case PROP_CERT_PRIVATE_KEY_PKCS11_URI:
220 cert->private_key_pkcs11_uri = g_value_dup_string (value);
222 case PROP_CERT_CERTIFICATE:
223 case PROP_CERT_PRIVATE_KEY:
227 g_assert_not_reached ();
233 g_test_tls_certificate_finalize (GObject *object)
235 GTestTlsCertificate *cert = (GTestTlsCertificate *) object;
237 g_free (cert->cert_pem);
238 g_free (cert->key_pem);
239 g_free (cert->pkcs11_uri);
240 g_free (cert->private_key_pkcs11_uri);
241 g_clear_object (&cert->issuer);
243 G_OBJECT_CLASS (g_test_tls_certificate_parent_class)->finalize (object);
247 g_test_tls_certificate_class_init (GTestTlsCertificateClass *test_class)
249 GObjectClass *gobject_class = G_OBJECT_CLASS (test_class);
250 GTlsCertificateClass *certificate_class = G_TLS_CERTIFICATE_CLASS (test_class);
252 gobject_class->get_property = g_test_tls_certificate_get_property;
253 gobject_class->set_property = g_test_tls_certificate_set_property;
254 gobject_class->finalize = g_test_tls_certificate_finalize;
256 certificate_class->verify = g_test_tls_certificate_verify;
258 g_object_class_override_property (gobject_class, PROP_CERT_CERTIFICATE, "certificate");
259 g_object_class_override_property (gobject_class, PROP_CERT_CERTIFICATE_PEM, "certificate-pem");
260 g_object_class_override_property (gobject_class, PROP_CERT_PRIVATE_KEY, "private-key");
261 g_object_class_override_property (gobject_class, PROP_CERT_PRIVATE_KEY_PEM, "private-key-pem");
262 g_object_class_override_property (gobject_class, PROP_CERT_ISSUER, "issuer");
263 g_object_class_override_property (gobject_class, PROP_CERT_PKCS11_URI, "pkcs11-uri");
264 g_object_class_override_property (gobject_class, PROP_CERT_PRIVATE_KEY_PKCS11_URI, "private-key-pkcs11-uri");
265 g_object_class_override_property (gobject_class, PROP_CERT_NOT_VALID_BEFORE, "not-valid-before");
266 g_object_class_override_property (gobject_class, PROP_CERT_NOT_VALID_AFTER, "not-valid-after");
267 g_object_class_override_property (gobject_class, PROP_CERT_SUBJECT_NAME, "subject-name");
268 g_object_class_override_property (gobject_class, PROP_CERT_ISSUER_NAME, "issuer-name");
269 g_object_class_override_property (gobject_class, PROP_CERT_DNS_NAMES, "dns-names");
270 g_object_class_override_property (gobject_class, PROP_CERT_IP_ADDRESSES, "ip-addresses");
274 g_test_tls_certificate_init (GTestTlsCertificate *certificate)
279 g_test_tls_certificate_initable_init (GInitable *initable,
280 GCancellable *cancellable,
287 g_test_tls_certificate_initable_iface_init (GInitableIface *iface)
289 iface->init = g_test_tls_certificate_initable_init;
292 /* Dummy connection type; since GTlsClientConnection and
293 * GTlsServerConnection are just interfaces, we can implement them
294 * both on a single object.
297 typedef struct _GTestTlsConnection GTestTlsConnection;
298 typedef struct _GTestTlsConnectionClass GTestTlsConnectionClass;
300 struct _GTestTlsConnection {
301 GTlsConnection parent_instance;
304 struct _GTestTlsConnectionClass {
305 GTlsConnectionClass parent_class;
310 PROP_CONN_BASE_IO_STREAM = 1,
311 PROP_CONN_BASE_SOCKET,
312 PROP_CONN_USE_SYSTEM_CERTDB,
313 PROP_CONN_REQUIRE_CLOSE_NOTIFY,
314 PROP_CONN_REHANDSHAKE_MODE,
315 PROP_CONN_CERTIFICATE,
316 PROP_CONN_PEER_CERTIFICATE,
317 PROP_CONN_PEER_CERTIFICATE_ERRORS,
318 PROP_CONN_VALIDATION_FLAGS,
319 PROP_CONN_SERVER_IDENTITY,
321 PROP_CONN_ACCEPTED_CAS,
322 PROP_CONN_AUTHENTICATION_MODE
325 static void g_test_tls_connection_initable_iface_init (GInitableIface *iface);
327 #define g_test_tls_connection_get_type _g_test_tls_connection_get_type
328 G_DEFINE_TYPE_WITH_CODE (GTestTlsConnection, g_test_tls_connection, G_TYPE_TLS_CONNECTION,
329 G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION, NULL)
330 G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION, NULL)
331 G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED, NULL)
332 G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CONNECTION, NULL)
333 G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
334 g_test_tls_connection_initable_iface_init))
337 g_test_tls_connection_get_property (GObject *object,
345 g_test_tls_connection_set_property (GObject *object,
353 g_test_tls_connection_close (GIOStream *stream,
354 GCancellable *cancellable,
361 g_test_tls_connection_class_init (GTestTlsConnectionClass *connection_class)
363 GObjectClass *gobject_class = G_OBJECT_CLASS (connection_class);
364 GIOStreamClass *io_stream_class = G_IO_STREAM_CLASS (connection_class);
366 gobject_class->get_property = g_test_tls_connection_get_property;
367 gobject_class->set_property = g_test_tls_connection_set_property;
369 /* Need to override this because when initable_init fails it will
370 * dispose the connection, which will close it, which would
371 * otherwise try to close its input/output streams, which don't
374 io_stream_class->close_fn = g_test_tls_connection_close;
376 g_object_class_override_property (gobject_class, PROP_CONN_BASE_IO_STREAM, "base-io-stream");
377 g_object_class_override_property (gobject_class, PROP_CONN_BASE_SOCKET, "base-socket");
378 g_object_class_override_property (gobject_class, PROP_CONN_USE_SYSTEM_CERTDB, "use-system-certdb");
379 g_object_class_override_property (gobject_class, PROP_CONN_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
380 g_object_class_override_property (gobject_class, PROP_CONN_REHANDSHAKE_MODE, "rehandshake-mode");
381 g_object_class_override_property (gobject_class, PROP_CONN_CERTIFICATE, "certificate");
382 g_object_class_override_property (gobject_class, PROP_CONN_PEER_CERTIFICATE, "peer-certificate");
383 g_object_class_override_property (gobject_class, PROP_CONN_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors");
384 g_object_class_override_property (gobject_class, PROP_CONN_VALIDATION_FLAGS, "validation-flags");
385 g_object_class_override_property (gobject_class, PROP_CONN_SERVER_IDENTITY, "server-identity");
386 g_object_class_override_property (gobject_class, PROP_CONN_USE_SSL3, "use-ssl3");
387 g_object_class_override_property (gobject_class, PROP_CONN_ACCEPTED_CAS, "accepted-cas");
388 g_object_class_override_property (gobject_class, PROP_CONN_AUTHENTICATION_MODE, "authentication-mode");
392 g_test_tls_connection_init (GTestTlsConnection *connection)
397 g_test_tls_connection_initable_init (GInitable *initable,
398 GCancellable *cancellable,
401 g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_UNAVAILABLE,
402 "TLS Connection support is not available");
407 g_test_tls_connection_initable_iface_init (GInitableIface *iface)
409 iface->init = g_test_tls_connection_initable_init;
412 /* Test database type */
414 typedef struct _GTestTlsDatabase GTestTlsDatabase;
415 typedef struct _GTestTlsDatabaseClass GTestTlsDatabaseClass;
417 struct _GTestTlsDatabase {
418 GTlsDatabase parent_instance;
422 struct _GTestTlsDatabaseClass {
423 GTlsDatabaseClass parent_class;
428 PROP_DATABASE_ANCHORS = 1,
431 static void g_test_tls_database_initable_iface_init (GInitableIface *iface);
432 static void g_test_tls_file_database_file_database_interface_init (GInitableIface *iface);
434 #define g_test_tls_database_get_type _g_test_tls_database_get_type
435 G_DEFINE_TYPE_WITH_CODE (GTestTlsDatabase, g_test_tls_database, G_TYPE_TLS_DATABASE,
436 G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
437 g_test_tls_database_initable_iface_init);
438 G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
439 g_test_tls_file_database_file_database_interface_init))
442 g_test_tls_database_get_property (GObject *object,
447 GTestTlsDatabase *db = (GTestTlsDatabase *) object;
451 case PROP_DATABASE_ANCHORS:
452 g_value_set_string (value, db->anchors);
455 g_assert_not_reached ();
461 g_test_tls_database_set_property (GObject *object,
466 GTestTlsDatabase *db = (GTestTlsDatabase *) object;
470 case PROP_DATABASE_ANCHORS:
471 g_free (db->anchors);
472 db->anchors = g_value_dup_string (value);
475 g_assert_not_reached ();
481 g_test_tls_database_finalize (GObject *object)
483 GTestTlsDatabase *db = (GTestTlsDatabase *) object;
485 g_free (db->anchors);
487 G_OBJECT_CLASS (g_test_tls_database_parent_class)->finalize (object);
491 g_test_tls_database_class_init (GTestTlsDatabaseClass *test_class)
493 GObjectClass *gobject_class = G_OBJECT_CLASS (test_class);
495 gobject_class->get_property = g_test_tls_database_get_property;
496 gobject_class->set_property = g_test_tls_database_set_property;
497 gobject_class->finalize = g_test_tls_database_finalize;
499 g_object_class_override_property (gobject_class, PROP_DATABASE_ANCHORS, "anchors");
503 g_test_tls_database_init (GTestTlsDatabase *database)
508 g_test_tls_database_initable_init (GInitable *initable,
509 GCancellable *cancellable,
516 g_test_tls_file_database_file_database_interface_init (GInitableIface *iface)
521 g_test_tls_database_initable_iface_init (GInitableIface *iface)
523 iface->init = g_test_tls_database_initable_init;