search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Help: Use stable 'if' namespace instead of experimental
[empathy-mirror.git] / tests / empathy-tls-test.c
blob9b62ae4e0ec7fae7ff6539ec3477a1c9eb9e5d9b
1 #include "config.h"
2
3 #include <telepathy-glib/telepathy-glib.h>
4 #include <telepathy-glib/telepathy-glib-dbus.h>
5
6 #include "empathy-tls-verifier.h"
7 #include "mock-pkcs11.h"
8 #include "test-helper.h"
9
10 #define MOCK_TLS_CERTIFICATE_PATH "/mock/certificate"
11
12 /* Forward decl */
13 GType mock_tls_certificate_get_type (void);
14
15 #define MOCK_TLS_CERTIFICATE(obj) \
16 (G_TYPE_CHECK_INSTANCE_CAST((obj), mock_tls_certificate_get_type (), \
17 MockTLSCertificate))
18
19 typedef struct _MockTLSCertificate {
20 GObject parent;
21 guint state;
22 GPtrArray *rejections;
23 gchar *cert_type;
24 GPtrArray *cert_data;
25 } MockTLSCertificate;
26
27 typedef struct _MockTLSCertificateClass {
28 GObjectClass parent;
29 TpDBusPropertiesMixinClass dbus_props_class;
30 } MockTLSCertificateClass;
31
32 enum {
33 PROP_0,
34 PROP_STATE,
35 PROP_REJECTIONS,
36 PROP_CERTIFICATE_TYPE,
37 PROP_CERTIFICATE_CHAIN_DATA
38 };
39
40 static void mock_tls_certificate_iface_init (gpointer, gpointer);
41
42 G_DEFINE_TYPE_WITH_CODE(MockTLSCertificate, mock_tls_certificate, G_TYPE_OBJECT,
43 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_AUTHENTICATION_TLS_CERTIFICATE,
44 mock_tls_certificate_iface_init)
45 G_IMPLEMENT_INTERFACE (TP_TYPE_SVC_DBUS_PROPERTIES,
46 tp_dbus_properties_mixin_iface_init)
47 )
48
49 static void
50 mock_tls_certificate_init (MockTLSCertificate *self)
51 {
52 self->state = TP_TLS_CERTIFICATE_STATE_PENDING;
53 self->cert_type = g_strdup ("x509");
54 self->cert_data = g_ptr_array_new_with_free_func ((GDestroyNotify)
55 g_array_unref);
56 self->rejections = g_ptr_array_new ();
57 }
58
59 static void
60 mock_tls_certificate_get_property (GObject *object,
61 guint property_id,
62 GValue *value,
63 GParamSpec *pspec)
64 {
65 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (object);
66
67 switch (property_id)
68 {
69 case PROP_STATE:
70 g_value_set_uint (value, self->state);
71 break;
72 case PROP_REJECTIONS:
73 g_value_set_boxed (value, self->rejections);
74 break;
75 case PROP_CERTIFICATE_TYPE:
76 g_value_set_string (value, self->cert_type);
77 break;
78 case PROP_CERTIFICATE_CHAIN_DATA:
79 g_value_set_boxed (value, self->cert_data);
80 break;
81 default:
82 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
83 break;
84 }
85 }
86
87 static void
88 mock_tls_certificate_finalize (GObject *object)
89 {
90 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (object);
91
92 tp_clear_boxed (TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST,
93 &self->rejections);
94 g_free (self->cert_type);
95 self->cert_type = NULL;
96 g_ptr_array_unref (self->cert_data);
97 self->cert_data = NULL;
98
99 G_OBJECT_CLASS (mock_tls_certificate_parent_class)->finalize (object);
100 }
101
102 static void
103 mock_tls_certificate_class_init (MockTLSCertificateClass *klass)
104 {
105 GObjectClass *oclass = G_OBJECT_CLASS (klass);
106 GParamSpec *pspec;
107
108 static TpDBusPropertiesMixinPropImpl object_props[] = {
109 { "State", "state", NULL },
110 { "Rejections", "rejections", NULL },
111 { "CertificateType", "certificate-type", NULL },
112 { "CertificateChainData", "certificate-chain-data", NULL },
113 { NULL }
114 };
115
116 static TpDBusPropertiesMixinIfaceImpl prop_interfaces[] = {
117 { TP_IFACE_AUTHENTICATION_TLS_CERTIFICATE,
118 tp_dbus_properties_mixin_getter_gobject_properties,
119 NULL,
120 object_props,
121 },
122 { NULL }
123 };
124
125 oclass->get_property = mock_tls_certificate_get_property;
126 oclass->finalize = mock_tls_certificate_finalize;
127
128 pspec = g_param_spec_uint ("state",
129 "State of this certificate",
130 "The state of this TLS certificate.",
131 0, TP_NUM_TLS_CERTIFICATE_STATES - 1,
132 TP_TLS_CERTIFICATE_STATE_PENDING,
133 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
134 g_object_class_install_property (oclass, PROP_STATE, pspec);
135
136 pspec = g_param_spec_boxed ("rejections",
137 "The reject reasons",
138 "The reasons why this TLS certificate has been rejected",
139 TP_ARRAY_TYPE_TLS_CERTIFICATE_REJECTION_LIST,
140 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
141 g_object_class_install_property (oclass, PROP_REJECTIONS, pspec);
142
143 pspec = g_param_spec_string ("certificate-type",
144 "The certificate type",
145 "The type of this certificate.",
146 NULL,
147 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
148 g_object_class_install_property (oclass, PROP_CERTIFICATE_TYPE, pspec);
149
150 pspec = g_param_spec_boxed ("certificate-chain-data",
151 "The certificate chain data",
152 "The raw PEM-encoded trust chain of this certificate.",
153 TP_ARRAY_TYPE_UCHAR_ARRAY_LIST,
154 G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
155 g_object_class_install_property (oclass, PROP_CERTIFICATE_CHAIN_DATA, pspec);
156
157 klass->dbus_props_class.interfaces = prop_interfaces;
158 tp_dbus_properties_mixin_class_init (oclass,
159 G_STRUCT_OFFSET (MockTLSCertificateClass, dbus_props_class));
160 }
161
162 static void
163 mock_tls_certificate_accept (TpSvcAuthenticationTLSCertificate *base,
164 DBusGMethodInvocation *context)
165 {
166 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (base);
167 self->state = TP_TLS_CERTIFICATE_STATE_ACCEPTED;
168 tp_svc_authentication_tls_certificate_emit_accepted (self);
169 tp_svc_authentication_tls_certificate_return_from_accept (context);
170 }
171
172 static void
173 mock_tls_certificate_reject (TpSvcAuthenticationTLSCertificate *base,
174 const GPtrArray *in_Rejections,
175 DBusGMethodInvocation *context)
176 {
177 MockTLSCertificate *self = MOCK_TLS_CERTIFICATE (base);
178 self->state = TP_TLS_CERTIFICATE_STATE_REJECTED;
179 tp_svc_authentication_tls_certificate_emit_rejected (self, in_Rejections);
180 tp_svc_authentication_tls_certificate_return_from_reject (context);
181 }
182
183 static void
184 mock_tls_certificate_iface_init (gpointer g_iface,
185 gpointer iface_data)
186 {
187 TpSvcAuthenticationTLSCertificateClass *klass =
188 (TpSvcAuthenticationTLSCertificateClass *) g_iface;
189
190 tp_svc_authentication_tls_certificate_implement_accept (klass,
191 mock_tls_certificate_accept);
192 tp_svc_authentication_tls_certificate_implement_reject (klass,
193 mock_tls_certificate_reject);
194 }
195
196 #if 0
197 static void
198 mock_tls_certificate_assert_rejected (MockTLSCertificate *self,
199 TpTLSCertificateRejectReason reason)
200 {
201 GValueArray *rejection;
202 TpTLSCertificateRejectReason rejection_reason;
203 gchar *rejection_error;
204 GHashTable *rejection_details;
205 guint i;
206
207 g_assert (self->state == TP_TLS_CERTIFICATE_STATE_REJECTED);
208 g_assert (self->rejections);
209 g_assert (self->rejections->len > 0);
210
211 for (i = 0; i < self->rejections->len; ++i)
212 {
213 rejection = g_ptr_array_index (self->rejections, i);
214 tp_value_array_unpack (rejection, 3,
215 G_TYPE_UINT, &rejection_reason,
216 G_TYPE_STRING, &rejection_error,
217 TP_HASH_TYPE_STRING_VARIANT_MAP, &rejection_details,
218 NULL);
219 g_free (rejection_error);
220 g_hash_table_unref (rejection_details);
221
222 if (rejection_reason == reason)
223 return;
224 }
225
226 g_assert ("Certificate was not rejected for right reason" && 0);
227 }
228 #endif
229
230 static MockTLSCertificate *
231 mock_tls_certificate_new_and_register (TpDBusDaemon *dbus,
232 const gchar *path,
233 ...)
234 {
235 MockTLSCertificate *cert;
236 GError *error = NULL;
237 gchar *filename, *contents;
238 GArray *der;
239 gsize length;
240 va_list va;
241
242 cert = g_object_new (mock_tls_certificate_get_type (), NULL);
243
244 va_start (va, path);
245 while (path != NULL) {
246 filename = g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
247 "tests", "certificates", path, NULL);
248 g_file_get_contents (filename, &contents, &length, &error);
249 g_assert_no_error (error);
250
251 der = g_array_sized_new (TRUE, TRUE, sizeof (guchar), length);
252 g_array_append_vals (der, contents, length);
253 g_ptr_array_add (cert->cert_data, der);
254
255 g_free (contents);
256 g_free (filename);
257
258 path = va_arg (va, gchar*);
259 }
260 va_end (va);
261
262 tp_dbus_daemon_register_object (dbus, MOCK_TLS_CERTIFICATE_PATH, cert);
263 return cert;
264 }
265
266 /* ----------------------------------------------------------------------------
267 * TESTS
268 */
269
270 typedef struct {
271 GMainLoop *loop;
272 GTlsDatabase *database;
273 TpDBusDaemon *dbus;
274 const gchar *dbus_name;
275 MockTLSCertificate *mock;
276 TpTLSCertificate *cert;
277 GAsyncResult *result;
278 } Test;
279
280 static void
281 setup (Test *test, gconstpointer data)
282 {
283 GError *error = NULL;
284 GckModule *module;
285 const gchar *trust_uris[2] = { MOCK_SLOT_ONE_URI, NULL };
286 gchar *path = NULL;
287
288 test->loop = g_main_loop_new (NULL, FALSE);
289
290 path = g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
291 "tests",
292 "certificates",
293 "certificate-authority.pem",
294 NULL);
295 test->database = g_tls_file_database_new (path, &error);
296 g_assert_no_error (error);
297
298 test->dbus = tp_dbus_daemon_dup (&error);
299 g_assert_no_error (error);
300
301 test->dbus_name = tp_dbus_daemon_get_unique_name (test->dbus);
302
303 test->result = NULL;
304 test->cert = NULL;
305
306 /* Add our mock module as the only PKCS#11 module */
307 module = gck_module_new (&mock_default_functions);
308 mock_C_Initialize (NULL);
309
310 gcr_pkcs11_set_modules (NULL);
311 gcr_pkcs11_add_module (module);
312 gcr_pkcs11_set_trust_lookup_uris (trust_uris);
313
314 g_free (path);
315 }
316
317 static void
318 teardown (Test *test, gconstpointer data)
319 {
320 mock_C_Finalize (NULL);
321
322 test->dbus_name = NULL;
323
324 if (test->mock)
325 {
326 tp_dbus_daemon_unregister_object (test->dbus, test->mock);
327 g_object_unref (test->mock);
328 test->mock = NULL;
329 }
330
331 if (test->result)
332 g_object_unref (test->result);
333 test->result = NULL;
334
335 if (test->cert)
336 g_object_unref (test->cert);
337 test->cert = NULL;
338
339 g_clear_object (&test->database);
340
341 g_main_loop_unref (test->loop);
342 test->loop = NULL;
343
344 g_object_unref (test->dbus);
345 test->dbus = NULL;
346 }
347
348 static void
349 add_certificate_to_mock (Test *test,
350 const gchar *certificate,
351 const gchar *peer)
352 {
353 GError *error = NULL;
354 GcrCertificate *cert;
355 gchar *contents;
356 gsize length;
357 gchar *path;
358
359 path = g_build_filename (g_getenv ("EMPATHY_SRCDIR"),
360 "tests", "certificates", certificate, NULL);
361
362 g_file_get_contents (path, &contents, &length, &error);
363 g_assert_no_error (error);
364
365 cert = gcr_simple_certificate_new ((const guchar *)contents, length);
366 mock_module_add_certificate (cert);
367 mock_module_add_assertion (cert,
368 peer ? CKT_X_PINNED_CERTIFICATE : CKT_X_ANCHORED_CERTIFICATE,
369 GCR_PURPOSE_SERVER_AUTH, peer);
370 g_object_unref (cert);
371
372 g_free (contents);
373 g_free (path);
374 }
375
376 static void
377 fetch_callback_result (GObject *object,
378 GAsyncResult *res,
379 gpointer user_data)
380 {
381 Test *test = user_data;
382 g_assert (!test->result);
383 test->result = g_object_ref (res);
384 g_main_loop_quit (test->loop);
385 }
386
387 static void
388 ensure_certificate_proxy (Test *test)
389 {
390 GError *error = NULL;
391 GQuark features[] = { TP_TLS_CERTIFICATE_FEATURE_CORE, 0 };
392
393 if (test->cert)
394 return;
395
396 /* Create and prepare a certificate */
397 /* We don't use tp_tls_certificate_new() as we don't pass a parent */
398 test->cert = g_object_new (TP_TYPE_TLS_CERTIFICATE,
399 "dbus-daemon", test->dbus,
400 "bus-name", test->dbus_name,
401 "object-path", MOCK_TLS_CERTIFICATE_PATH,
402 NULL);
403
404 tp_proxy_prepare_async (test->cert, features, fetch_callback_result, test);
405 g_main_loop_run (test->loop);
406 tp_proxy_prepare_finish (test->cert, test->result, &error);
407 g_assert_no_error (error);
408
409 /* Clear for any future async stuff */
410 g_object_unref (test->result);
411 test->result = NULL;
412 }
413
414 /* A simple test to make sure the test infrastructure is working */
415 static void
416 test_certificate_mock_basics (Test *test,
417 gconstpointer data G_GNUC_UNUSED)
418 {
419 GError *error = NULL;
420
421 test->mock = mock_tls_certificate_new_and_register (test->dbus,
422 "server-cert.cer", NULL);
423
424 ensure_certificate_proxy (test);
425
426 tp_tls_certificate_accept_async (test->cert, fetch_callback_result, test);
427 g_main_loop_run (test->loop);
428 tp_tls_certificate_accept_finish (test->cert, test->result, &error);
429 g_assert_no_error (error);
430
431 g_assert (test->mock->state == TP_TLS_CERTIFICATE_STATE_ACCEPTED);
432 }
433
434 #if 0
435
436 static void
437 test_certificate_verify_success_with_pkcs11_lookup (Test *test,
438 gconstpointer data G_GNUC_UNUSED)
439 {
440 TpTLSCertificateRejectReason reason = 0;
441 GError *error = NULL;
442 EmpathyTLSVerifier *verifier;
443 const gchar *reference_identities[] = {
444 "test-server.empathy.gnome.org",
445 NULL
446 };
447
448 /*
449 * In this test the mock TLS connection only has one certificate
450 * not a full certificat echain. The root anchor certificate is
451 * retrieved from PKCS#11 storage.
452 */
453
454 test->mock = mock_tls_certificate_new_and_register (test->dbus,
455 "server-cert.cer", NULL);
456
457 /* We add the collabora directory with the collabora root */
458 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
459
460 ensure_certificate_proxy (test);
461
462 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
463 reference_identities);
464 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
465 g_main_loop_run (test->loop);
466
467 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
468 NULL, &error);
469 g_assert_no_error (error);
470
471 /* Yay the verification was a success! */
472
473 g_clear_error (&error);
474 g_object_unref (verifier);
475 }
476
477 #endif
478
479 static void
480 test_certificate_verify_success_with_full_chain (Test *test,
481 gconstpointer data G_GNUC_UNUSED)
482 {
483 TpTLSCertificateRejectReason reason = 0;
484 GError *error = NULL;
485 EmpathyTLSVerifier *verifier;
486 const gchar *reference_identities[] = {
487 "test-server.empathy.gnome.org",
488 NULL
489 };
490
491 /*
492 * In this test the mock TLS connection has a full certificate
493 * chain. We look for an anchor certificate in the chain.
494 */
495
496 test->mock = mock_tls_certificate_new_and_register (test->dbus,
497 "server-cert.cer", "certificate-authority.cer", NULL);
498
499 /* We add the collabora directory with the collabora root */
500 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
501
502 ensure_certificate_proxy (test);
503
504 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
505 reference_identities);
506 empathy_tls_verifier_set_database (verifier, test->database);
507 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
508 g_main_loop_run (test->loop);
509 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
510 NULL, &error);
511 g_assert_no_error (error);
512
513 /* Yay the verification was a success! */
514
515 g_clear_error (&error);
516 g_object_unref (verifier);
517 }
518
519 static void
520 test_certificate_verify_root_not_found (Test *test,
521 gconstpointer data G_GNUC_UNUSED)
522 {
523 TpTLSCertificateRejectReason reason = 0;
524 GError *error = NULL;
525 EmpathyTLSVerifier *verifier;
526 const gchar *reference_identities[] = {
527 "test-server.empathy.gnome.org",
528 NULL
529 };
530
531 test->mock = mock_tls_certificate_new_and_register (test->dbus,
532 "server-cert.cer", NULL);
533
534 /* Note that we're not adding any place to find root certs */
535
536 ensure_certificate_proxy (test);
537
538 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
539 reference_identities);
540 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
541 g_main_loop_run (test->loop);
542
543 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
544 NULL, &error);
545
546 /* And it should say we're untrusted */
547 g_assert_error (error, G_IO_ERROR,
548 TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED);
549
550 g_clear_error (&error);
551 g_object_unref (verifier);
552 }
553
554 static void
555 test_certificate_verify_root_not_anchored (Test *test,
556 gconstpointer data G_GNUC_UNUSED)
557 {
558 TpTLSCertificateRejectReason reason = 0;
559 GError *error = NULL;
560 EmpathyTLSVerifier *verifier;
561 const gchar *reference_identities[] = {
562 "test-server.empathy.gnome.org",
563 NULL
564 };
565
566 test->mock = mock_tls_certificate_new_and_register (test->dbus,
567 "server-cert.cer", "certificate-authority.cer", NULL);
568
569 /* Note that we're not adding any place to find root certs */
570
571 ensure_certificate_proxy (test);
572
573 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
574 reference_identities);
575 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
576 g_main_loop_run (test->loop);
577
578 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
579 NULL, &error);
580
581 /* And it should say we're untrusted */
582 g_assert_error (error, G_IO_ERROR,
583 TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED);
584
585 g_clear_error (&error);
586 g_object_unref (verifier);
587 }
588
589 static void
590 test_certificate_verify_identities_invalid (Test *test,
591 gconstpointer data G_GNUC_UNUSED)
592 {
593 TpTLSCertificateRejectReason reason = 0;
594 GError *error = NULL;
595 EmpathyTLSVerifier *verifier;
596 const gchar *reference_identities[] = {
597 "invalid.host.name",
598 NULL
599 };
600
601 test->mock = mock_tls_certificate_new_and_register (test->dbus,
602 "server-cert.cer", "certificate-authority.cer", NULL);
603
604 /* We add the collabora directory with the collabora root */
605 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
606
607 ensure_certificate_proxy (test);
608
609 verifier = empathy_tls_verifier_new (test->cert, "invalid.host.name",
610 reference_identities);
611 empathy_tls_verifier_set_database (verifier, test->database);
612 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
613 g_main_loop_run (test->loop);
614
615 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
616 NULL, &error);
617
618 /* And it should say we're self-signed (oddly enough) */
619 g_assert_error (error, G_IO_ERROR,
620 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
621
622 g_clear_error (&error);
623 g_object_unref (verifier);
624 }
625
626 static void
627 test_certificate_verify_uses_reference_identities (Test *test,
628 gconstpointer data G_GNUC_UNUSED)
629 {
630 TpTLSCertificateRejectReason reason = 0;
631 GError *error = NULL;
632 EmpathyTLSVerifier *verifier;
633 const gchar *reference_identities[] = {
634 "invalid.host.name",
635 NULL
636 };
637
638 test->mock = mock_tls_certificate_new_and_register (test->dbus,
639 "server-cert.cer", "certificate-authority.cer", NULL);
640
641 /* We add the collabora directory with the collabora root */
642 add_certificate_to_mock (test, "certificate-authority.cer", NULL);
643
644 ensure_certificate_proxy (test);
645
646 /* Should be using the reference_identities and not host name for checks */
647 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
648 reference_identities);
649 empathy_tls_verifier_set_database (verifier, test->database);
650 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
651 g_main_loop_run (test->loop);
652
653 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
654 NULL, &error);
655
656 /* And it should say we're self-signed (oddly enough) */
657 g_assert_error (error, G_IO_ERROR,
658 TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH);
659
660 g_clear_error (&error);
661 g_object_unref (verifier);
662 }
663
664 static void
665 test_certificate_verify_success_with_pinned (Test *test,
666 gconstpointer data G_GNUC_UNUSED)
667 {
668 TpTLSCertificateRejectReason reason = 0;
669 GError *error = NULL;
670 EmpathyTLSVerifier *verifier;
671 const gchar *reference_identities[] = {
672 "test-server.empathy.gnome.org",
673 NULL
674 };
675
676 /*
677 * In this test the mock TLS connection has a certificate that has
678 * been pinned for the test-server.empathy.gnome.org peer.
679 */
680
681 test->mock = mock_tls_certificate_new_and_register (test->dbus,
682 "server-cert.cer", NULL);
683
684 /* We add the collabora directory with the collabora root */
685 add_certificate_to_mock (test, "server-cert.cer", "test-server.empathy.gnome.org");
686
687 ensure_certificate_proxy (test);
688
689 verifier = empathy_tls_verifier_new (test->cert, "test-server.empathy.gnome.org",
690 reference_identities);
691 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
692 g_main_loop_run (test->loop);
693 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
694 NULL, &error);
695 g_assert_no_error (error);
696
697 /* Yay the verification was a success! */
698
699 g_clear_error (&error);
700 g_object_unref (verifier);
701 }
702
703 static void
704 test_certificate_verify_pinned_wrong_host (Test *test,
705 gconstpointer data G_GNUC_UNUSED)
706 {
707 TpTLSCertificateRejectReason reason = 0;
708 GError *error = NULL;
709 EmpathyTLSVerifier *verifier;
710 const gchar *reference_identities[] = {
711 "test-server.empathy.gnome.org",
712 NULL
713 };
714
715 test->mock = mock_tls_certificate_new_and_register (test->dbus,
716 "server-cert.cer", NULL);
717
718 /* We add the collabora directory with the collabora root */
719 add_certificate_to_mock (test, "server-cert.cer", "test-server.empathy.gnome.org");
720
721 ensure_certificate_proxy (test);
722
723 verifier = empathy_tls_verifier_new (test->cert, "another.gnome.org",
724 reference_identities);
725 empathy_tls_verifier_verify_async (verifier, fetch_callback_result, test);
726 g_main_loop_run (test->loop);
727
728 empathy_tls_verifier_verify_finish (verifier, test->result, &reason,
729 NULL, &error);
730
731 /* And it should say we're untrusted */
732 g_assert_error (error, G_IO_ERROR,
733 TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED);
734
735 g_clear_error (&error);
736 g_object_unref (verifier);
737 }
738
739 int
740 main (int argc,
741 char **argv)
742 {
743 int result;
744
745 test_init (argc, argv);
746
747 g_test_add ("/tls/certificate_basics", Test, NULL,
748 setup, test_certificate_mock_basics, teardown);
749 #if 0
750 g_test_add ("/tls/certificate_verify_success_with_pkcs11_lookup", Test, NULL,
751 setup, test_certificate_verify_success_with_pkcs11_lookup, teardown);
752 #endif
753 g_test_add ("/tls/certificate_verify_success_with_full_chain", Test, NULL,
754 setup, test_certificate_verify_success_with_full_chain, teardown);
755 g_test_add ("/tls/certificate_verify_root_not_found", Test, NULL,
756 setup, test_certificate_verify_root_not_found, teardown);
757 g_test_add ("/tls/certificate_verify_root_not_anchored", Test, NULL,
758 setup, test_certificate_verify_root_not_anchored, teardown);
759 g_test_add ("/tls/certificate_verify_identities_invalid", Test, NULL,
760 setup, test_certificate_verify_identities_invalid, teardown);
761 g_test_add ("/tls/certificate_verify_uses_reference_identities", Test, NULL,
762 setup, test_certificate_verify_uses_reference_identities, teardown);
763 g_test_add ("/tls/certificate_verify_success_with_pinned", Test, NULL,
764 setup, test_certificate_verify_success_with_pinned, teardown);
765 g_test_add ("/tls/certificate_verify_pinned_wrong_host", Test, NULL,
766 setup, test_certificate_verify_pinned_wrong_host, teardown);
767
768 result = g_test_run ();
769 test_deinit ();
770 return result;
771 }
empathy mirror