projects / platform / upstream / libsoup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tests/get: use GProxyResolverDefault
[platform/upstream/libsoup.git] / tests / ssl-test.c
1 #ifdef HAVE_CONFIG_H
2 #include "config.h"
3 #endif
4
5 #include "libsoup/soup.h"
6
7 #include "test-utils.h"
8
9 static void
10 do_properties_test_for_session (SoupSession *session, char *uri)
11 {
12         SoupMessage *msg;
13         GTlsCertificate *cert;
14         GTlsCertificateFlags flags;
15
16         msg = soup_message_new ("GET", uri);
17         soup_session_send_message (session, msg);
18         if (msg->status_code != SOUP_STATUS_OK) {
19                 debug_printf (1, "    FAILED: %d %s\n",
20                               msg->status_code, msg->reason_phrase);
21                 errors++;
22         }
23
24         if (soup_message_get_https_status (msg, &cert, &flags)) {
25                 if (!G_IS_TLS_CERTIFICATE (cert)) {
26                         debug_printf (1, "    No certificate?\n");
27                         errors++;
28                 }
29                 if (flags != G_TLS_CERTIFICATE_UNKNOWN_CA) {
30                         debug_printf (1, "    Wrong cert flags (got %x, wanted %x)\n",
31                                       flags, G_TLS_CERTIFICATE_UNKNOWN_CA);
32                         errors++;
33                 }
34         } else {
35                 debug_printf (1, "    Response not https\n");
36                 errors++;
37         }
38         if (soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) {
39                 debug_printf (1, "    CERTIFICATE_TRUSTED set?\n");
40                 errors++;
41         }
42
43         g_object_unref (msg);
44 }
45
46 static void
47 do_properties_tests (char *uri)
48 {
49         SoupSession *session;
50
51         debug_printf (1, "\nSoupMessage properties\n");
52
53         debug_printf (1, "  async\n");
54         session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
55         g_object_set (G_OBJECT (session),
56                       SOUP_SESSION_SSL_CA_FILE, "/dev/null",
57                       SOUP_SESSION_SSL_STRICT, FALSE,
58                       NULL);
59         do_properties_test_for_session (session, uri);
60         soup_test_session_abort_unref (session);
61
62         debug_printf (1, "  sync\n");
63         session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
64         g_object_set (G_OBJECT (session),
65                       SOUP_SESSION_SSL_CA_FILE, "/dev/null",
66                       SOUP_SESSION_SSL_STRICT, FALSE,
67                       NULL);
68         do_properties_test_for_session (session, uri);
69         soup_test_session_abort_unref (session);
70 }
71
72 static void
73 do_one_strict_test (SoupSession *session, char *uri,
74                     gboolean strict, gboolean with_ca_list,
75                     guint expected_status)
76 {
77         SoupMessage *msg;
78
79         /* Note that soup_test_session_new() sets
80          * SOUP_SESSION_SSL_CA_FILE by default, and turns off
81          * SOUP_SESSION_SSL_STRICT.
82          */
83
84         g_object_set (G_OBJECT (session),
85                       SOUP_SESSION_SSL_STRICT, strict,
86                       SOUP_SESSION_SSL_CA_FILE, with_ca_list ? SRCDIR "/test-cert.pem" : "/dev/null",
87                       NULL);
88         /* Close existing connections with old params */
89         soup_session_abort (session);
90
91         msg = soup_message_new ("GET", uri);
92         soup_session_send_message (session, msg);
93         if (msg->status_code != expected_status) {
94                 debug_printf (1, "      FAILED: %d %s (expected %d %s)\n",
95                               msg->status_code, msg->reason_phrase,
96                               expected_status,
97                               soup_status_get_phrase (expected_status));
98                 if (msg->status_code == SOUP_STATUS_SSL_FAILED) {
99                         GTlsCertificateFlags flags = 0;
100
101                         soup_message_get_https_status (msg, NULL, &flags);
102                         debug_printf (1, "              tls error flags: 0x%x\n", flags);
103                 }
104                 errors++;
105         } else if (with_ca_list && SOUP_STATUS_IS_SUCCESSFUL (msg->status_code)) {
106                 if (!(soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)) {
107                         debug_printf (1, "    CERTIFICATE_TRUSTED not set?\n");
108                         errors++;
109                 }
110         } else {
111                 if (with_ca_list && soup_message_get_flags (msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) {
112                         debug_printf (1, "    CERTIFICATE_TRUSTED set?\n");
113                         errors++;
114                 }
115         }
116
117         g_object_unref (msg);
118 }
119
120 static void
121 do_strict_tests (char *uri)
122 {
123         SoupSession *session;
124
125         debug_printf (1, "\nstrict/nonstrict\n");
126
127         session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
128         debug_printf (1, "  async with CA list\n");
129         do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK);
130         debug_printf (1, "  async without CA list\n");
131         do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED);
132         debug_printf (1, "  async non-strict with CA list\n");
133         do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK);
134         debug_printf (1, "  async non-strict without CA list\n");
135         do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK);
136         soup_test_session_abort_unref (session);
137
138         session = soup_test_session_new (SOUP_TYPE_SESSION_SYNC, NULL);
139         debug_printf (1, "  sync with CA list\n");
140         do_one_strict_test (session, uri, TRUE, TRUE, SOUP_STATUS_OK);
141         debug_printf (1, "  sync without CA list\n");
142         do_one_strict_test (session, uri, TRUE, FALSE, SOUP_STATUS_SSL_FAILED);
143         debug_printf (1, "  sync non-strict with CA list\n");
144         do_one_strict_test (session, uri, FALSE, TRUE, SOUP_STATUS_OK);
145         debug_printf (1, "  sync non-strict without CA list\n");
146         do_one_strict_test (session, uri, FALSE, FALSE, SOUP_STATUS_OK);
147         soup_test_session_abort_unref (session);
148 }
149
150 static void
151 property_changed (GObject *object, GParamSpec *param, gpointer user_data)
152 {
153         gboolean *changed = user_data;
154
155         *changed = TRUE;
156 }
157
158 static void
159 do_session_property_tests (void)
160 {
161         gboolean use_system_changed, tlsdb_changed, ca_file_changed;
162         gboolean use_system;
163         GTlsDatabase *tlsdb;
164         char *ca_file;
165         SoupSession *session;
166
167         debug_printf (1, "session properties\n");
168
169         session = soup_session_async_new ();
170         g_signal_connect (session, "notify::ssl-use-system-ca-file",
171                           G_CALLBACK (property_changed), &use_system_changed);
172         g_signal_connect (session, "notify::tls-database",
173                           G_CALLBACK (property_changed), &tlsdb_changed);
174         g_signal_connect (session, "notify::ssl-ca-file",
175                           G_CALLBACK (property_changed), &ca_file_changed);
176
177         g_object_get (G_OBJECT (session),
178                       "ssl-use-system-ca-file", &use_system,
179                       "tls-database", &tlsdb,
180                       "ssl-ca-file", &ca_file,
181                       NULL);
182         if (use_system) {
183                 debug_printf (1, "  ssl-use-system-ca-file defaults to TRUE?\n");
184                 errors++;
185         }
186         if (tlsdb) {
187                 debug_printf (1, "  tls-database set by default?\n");
188                 errors++;
189                 g_object_unref (tlsdb);
190         }
191         if (ca_file) {
192                 debug_printf (1, "  ca-file set by default?\n");
193                 errors++;
194                 g_free (ca_file);
195         }
196
197         use_system_changed = tlsdb_changed = ca_file_changed = FALSE;
198         g_object_set (G_OBJECT (session),
199                       "ssl-use-system-ca-file", TRUE,
200                       NULL);
201         g_object_get (G_OBJECT (session),
202                       "ssl-use-system-ca-file", &use_system,
203                       "tls-database", &tlsdb,
204                       "ssl-ca-file", &ca_file,
205                       NULL);
206         if (!use_system) {
207                 debug_printf (1, "  setting ssl-use-system-ca-file failed\n");
208                 errors++;
209         }
210         if (!tlsdb) {
211                 debug_printf (1, "  setting ssl-use-system-ca-file didn't set tls-database\n");
212                 errors++;
213         } else
214                 g_object_unref (tlsdb);
215         if (ca_file) {
216                 debug_printf (1, "  setting ssl-use-system-ca-file set ssl-ca-file\n");
217                 errors++;
218                 g_free (ca_file);
219         }
220         if (!use_system_changed) {
221                 debug_printf (1, "  setting ssl-use-system-ca-file didn't emit notify::ssl-use-system-ca-file\n");
222                 errors++;
223         }
224         if (!tlsdb_changed) {
225                 debug_printf (1, "  setting ssl-use-system-ca-file didn't emit notify::tls-database\n");
226                 errors++;
227         }
228         if (ca_file_changed) {
229                 debug_printf (1, "  setting ssl-use-system-ca-file emitted notify::ssl-ca-file\n");
230                 errors++;
231         }
232
233         use_system_changed = tlsdb_changed = ca_file_changed = FALSE;
234         g_object_set (G_OBJECT (session),
235                       "ssl-ca-file", SRCDIR "/test-cert.pem",
236                       NULL);
237         g_object_get (G_OBJECT (session),
238                       "ssl-use-system-ca-file", &use_system,
239                       "tls-database", &tlsdb,
240                       "ssl-ca-file", &ca_file,
241                       NULL);
242         if (use_system) {
243                 debug_printf (1, "  setting ssl-ca-file left ssl-use-system-ca-file set\n");
244                 errors++;
245         }
246         if (!tlsdb) {
247                 debug_printf (1, "  setting ssl-ca-file didn't set tls-database\n");
248                 errors++;
249         } else
250                 g_object_unref (tlsdb);
251         if (!ca_file) {
252                 debug_printf (1, "  setting ssl-ca-file failed\n");
253                 errors++;
254         } else
255                 g_free (ca_file);
256         if (!use_system_changed) {
257                 debug_printf (1, "  setting ssl-ca-file didn't emit notify::ssl-use-system-ca-file\n");
258                 errors++;
259         }
260         if (!tlsdb_changed) {
261                 debug_printf (1, "  setting ssl-ca-file didn't emit notify::tls-database\n");
262                 errors++;
263         }
264         if (!ca_file_changed) {
265                 debug_printf (1, "  setting ssl-ca-file didn't emit notify::ssl-ca-file\n");
266                 errors++;
267         }
268
269         use_system_changed = tlsdb_changed = ca_file_changed = FALSE;
270         g_object_set (G_OBJECT (session),
271                       "tls-database", NULL,
272                       NULL);
273         g_object_get (G_OBJECT (session),
274                       "ssl-use-system-ca-file", &use_system,
275                       "tls-database", &tlsdb,
276                       "ssl-ca-file", &ca_file,
277                       NULL);
278         if (use_system) {
279                 debug_printf (1, "  setting tls-database NULL left ssl-use-system-ca-file set\n");
280                 errors++;
281         }
282         if (tlsdb) {
283                 debug_printf (1, "  setting tls-database NULL failed\n");
284                 errors++;
285                 g_object_unref (tlsdb);
286         }
287         if (ca_file) {
288                 debug_printf (1, "  setting tls-database didn't clear ssl-ca-file\n");
289                 errors++;
290                 g_free (ca_file);
291         }
292         if (use_system_changed) {
293                 debug_printf (1, "  setting tls-database emitted notify::ssl-use-system-ca-file\n");
294                 errors++;
295         }
296         if (!tlsdb_changed) {
297                 debug_printf (1, "  setting tls-database didn't emit notify::tls-database\n");
298                 errors++;
299         }
300         if (!ca_file_changed) {
301                 debug_printf (1, "  setting tls-database didn't emit notify::ssl-ca-file\n");
302                 errors++;
303         }
304
305         soup_test_session_abort_unref (session);
306 }
307
308 static void
309 server_handler (SoupServer        *server,
310                 SoupMessage       *msg, 
311                 const char        *path,
312                 GHashTable        *query,
313                 SoupClientContext *client,
314                 gpointer           user_data)
315 {
316         soup_message_set_status (msg, SOUP_STATUS_OK);
317         soup_message_set_response (msg, "text/plain",
318                                    SOUP_MEMORY_STATIC,
319                                    "ok\r\n", 4);
320 }
321
322 int
323 main (int argc, char **argv)
324 {
325         SoupServer *server;
326         char *uri;
327
328         test_init (argc, argv, NULL);
329
330         if (tls_available) {
331                 server = soup_test_server_new_ssl (TRUE);
332                 soup_server_add_handler (server, NULL, server_handler, NULL, NULL);
333                 uri = g_strdup_printf ("https://127.0.0.1:%u/",
334                                        soup_server_get_port (server));
335
336                 do_session_property_tests ();
337                 do_strict_tests (uri);
338                 do_properties_tests (uri);
339
340                 g_free (uri);
341                 soup_test_server_quit_unref (server);
342         }
343
344         test_cleanup ();
345         return errors != 0;
346 }
Domain: Network & Connectivity / Data Network;