From: Selva Nair <selva.n...@gmail.com> - find_certificate_in_store tested using 'SUBJ:', 'THUMB:' and 'ISSUER:' select strings. Uses test certificates imported into the store during the import test.
Change-Id: Ib5138465e6228538af592ca98b3d877277355f59 Signed-off-by: Selva Nair <selva.n...@gmail.com> --- tests/unit_tests/openvpn/test_cryptoapi.c | 102 ++++++++++++++++++++++ 1 file changed, 102 insertions(+) diff --git a/tests/unit_tests/openvpn/test_cryptoapi.c b/tests/unit_tests/openvpn/test_cryptoapi.c index 54dbd094..ccb3207c 100644 --- a/tests/unit_tests/openvpn/test_cryptoapi.c +++ b/tests/unit_tests/openvpn/test_cryptoapi.c @@ -237,6 +237,105 @@ cleanup(void **state) return 0; } +static void +test_find_cert_bythumb(void **state) +{ + (void) state; + char select_string[64]; + struct gc_arena gc = gc_new(); + const CERT_CONTEXT *ctx; + + import_certs(state); /* a no-op if already imported */ + assert_non_null(user_store); + + for (struct test_cert *c = certs; c->cert; c++) + { + openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); + ctx = find_certificate_in_store(select_string, user_store); + if (ctx) + { + /* check we got the right certificate and is valid */ + assert_int_equal(c->valid, 1); + char *friendly_name = get_cert_name(ctx, &gc); + assert_string_equal(c->friendly_name, friendly_name); + CertFreeCertificateContext(ctx); + } + else + { + /* find should fail only if the certificate has expired */ + assert_int_equal(c->valid, 0); + } + } + + gc_free(&gc); +} + +static void +test_find_cert_byname(void **state) +{ + (void) state; + char select_string[64]; + struct gc_arena gc = gc_new(); + const CERT_CONTEXT *ctx; + + import_certs(state); /* a no-op if already imported */ + assert_non_null(user_store); + + for (struct test_cert *c = certs; c->cert; c++) + { + openvpn_snprintf(select_string, sizeof(select_string), "SUBJ:%s", c->cname); + ctx = find_certificate_in_store(select_string, user_store); + /* In this case we expect a successful return as there is at least one valid + * cert that matches the common name. But the returned cert may not exactly match + * c->cert as multiple certs with same common names exist in the db. We check that + * the return cert is one from our db, has a matching common name and is valid. + */ + assert_non_null(ctx); + + char *friendly_name = get_cert_name(ctx, &gc); + struct test_cert *found = lookup_cert(friendly_name); + assert_non_null(found); + assert_string_equal(found->cname, c->cname); + assert_int_equal(found->valid, 1); + CertFreeCertificateContext(ctx); + } + + gc_free(&gc); +} + +static void +test_find_cert_byissuer(void **state) +{ + (void) state; + char select_string[64]; + struct gc_arena gc = gc_new(); + const CERT_CONTEXT *ctx; + + import_certs(state); /* a no-op if already imported */ + assert_non_null(user_store); + + for (struct test_cert *c = certs; c->cert; c++) + { + openvpn_snprintf(select_string, sizeof(select_string), "ISSUER:%s", c->issuer); + ctx = find_certificate_in_store(select_string, user_store); + /* In this case we expect a successful return as there is at least one valid + * cert that matches the issuer. But the returned cert may not exactly match + * c->cert as multiple certs with same issuer exist in the db. We check that + * the returned cert is one from our db, has a matching issuer name and is valid. + */ + assert_non_null(ctx); + + char *friendly_name = get_cert_name(ctx, &gc); + struct test_cert *found = lookup_cert(friendly_name); + assert_non_null(found); + assert_string_equal(found->issuer, c->issuer); + assert_int_equal(found->valid, 1); + CertFreeCertificateContext(ctx); + } + + gc_free(&gc); +} + static void test_parse_hexstring(void **state) { @@ -264,6 +363,9 @@ main(void) const struct CMUnitTest tests[] = { cmocka_unit_test(test_parse_hexstring), cmocka_unit_test(import_certs), + cmocka_unit_test(test_find_cert_bythumb), + cmocka_unit_test(test_find_cert_byname), + cmocka_unit_test(test_find_cert_byissuer), }; int ret = cmocka_run_group_tests_name("cryptoapi tests", tests, NULL, cleanup); -- 2.34.1 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel