Blob Blame History Raw
From 252f0445c26644a711dc2c41ee2fcebe42eac742 Mon Sep 17 00:00:00 2001
Message-Id: <252f0445c26644a711dc2c41ee2fcebe42eac742.1377873637.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 13 Aug 2013 11:32:47 +0100
Subject: [PATCH] Change data passed into TLS test cases

For https://bugzilla.redhat.com/show_bug.cgi?id=994158

Currently a 'struct testTLSCertReq' instance is passed into
the TLS test cases. This is not flexible enough to cope with
certificate chains, where one file now corresponds to multiple
certificates. Change the test cases so that we pass in filenames
instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit b93bd78ed36570c1afe594182df927d94ea6ebaa)
---
 tests/virnettlscontexttest.c | 96 +++++++++++++++++++++---------------------
 tests/virnettlssessiontest.c | 99 ++++++++++++++++++++++++--------------------
 2 files changed, 102 insertions(+), 93 deletions(-)

diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index 4211a74..3012c4a 100644
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@@ -42,8 +42,8 @@
 
 struct testTLSContextData {
     bool isServer;
-    struct testTLSCertReq careq;
-    struct testTLSCertReq certreq;
+    const char *cacrt;
+    const char *crt;
     bool expectFail;
 };
 
@@ -63,17 +63,17 @@ static int testTLSContextInit(const void *opaque)
     int ret = -1;
 
     if (data->isServer) {
-        ctxt = virNetTLSContextNewServer(data->careq.filename,
+        ctxt = virNetTLSContextNewServer(data->cacrt,
                                          NULL,
-                                         data->certreq.filename,
+                                         data->crt,
                                          keyfile,
                                          NULL,
                                          true,
                                          true);
     } else {
-        ctxt = virNetTLSContextNewClient(data->careq.filename,
+        ctxt = virNetTLSContextNewClient(data->cacrt,
                                          NULL,
-                                         data->certreq.filename,
+                                         data->crt,
                                          keyfile,
                                          true,
                                          true);
@@ -82,14 +82,14 @@ static int testTLSContextInit(const void *opaque)
     if (ctxt) {
         if (data->expectFail) {
             VIR_WARN("Expected failure %s against %s",
-                     data->careq.filename, data->certreq.filename);
+                     data->cacrt, data->crt);
             goto cleanup;
         }
     } else {
         virErrorPtr err = virGetLastError();
         if (!data->expectFail) {
             VIR_WARN("Unexpected failure %s against %s",
-                     data->careq.filename, data->certreq.filename);
+                     data->cacrt, data->crt);
             goto cleanup;
         }
         VIR_DEBUG("Got error %s", err ? err->message : "<unknown>");
@@ -111,14 +111,14 @@ mymain(void)
 
     testTLSInit();
 
-# define DO_CTX_TEST(_isServer, _caReq, _certReq, _expectFail)          \
+# define DO_CTX_TEST(_isServer, _caCrt, _crt, _expectFail)              \
     do {                                                                \
         static struct testTLSContextData data;                          \
         data.isServer = _isServer;                                      \
-        data.careq = _caReq;                                            \
-        data.certreq = _certReq;                                        \
+        data.cacrt = _caCrt;                                            \
+        data.crt = _crt;                                                \
         data.expectFail = _expectFail;                                  \
-        if (virtTestRun("TLS Context " #_caReq  " + " #_certReq, 1,     \
+        if (virtTestRun("TLS Context " #_caCrt  " + " #_crt, 1,         \
                         testTLSContextInit, &data) < 0)                 \
             ret = -1;                                                   \
     } while (0)
@@ -127,7 +127,7 @@ mymain(void)
                       co, cn, an1, an2, ia1, ia2, bce, bcc, bci,        \
                       kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo)      \
     static struct testTLSCertReq varname = {                            \
-        NULL, #varname ".pem",                                          \
+        NULL, #varname "-ctx.pem",                                      \
         co, cn, an1, an2, ia1, ia2, bce, bcc, bci,                      \
         kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo                     \
     };                                                                  \
@@ -137,7 +137,7 @@ mymain(void)
                       co, cn, an1, an2, ia1, ia2, bce, bcc, bci,        \
                       kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo)      \
     static struct testTLSCertReq varname = {                            \
-        NULL, #varname ".pem",                                          \
+        NULL, #varname "-ctx.pem",                                      \
         co, cn, an1, an2, ia1, ia2, bce, bcc, bci,                      \
         kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo                     \
     };                                                                  \
@@ -167,8 +167,8 @@ mymain(void)
                  true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
                  0, 0);
 
-    DO_CTX_TEST(true, cacertreq, servercertreq, false);
-    DO_CTX_TEST(false, cacertreq, clientcertreq, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercertreq.filename, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcertreq.filename, false);
 
 
     /* Some other CAs which are good */
@@ -215,9 +215,9 @@ mymain(void)
                  true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
                  0, 0);
 
-    DO_CTX_TEST(true, cacert1req, servercert1req, false);
-    DO_CTX_TEST(true, cacert2req, servercert2req, false);
-    DO_CTX_TEST(true, cacert3req, servercert3req, false);
+    DO_CTX_TEST(true, cacert1req.filename, servercert1req.filename, false);
+    DO_CTX_TEST(true, cacert2req.filename, servercert2req.filename, false);
+    DO_CTX_TEST(true, cacert3req.filename, servercert3req.filename, false);
 
     /* Now some bad certs */
 
@@ -266,9 +266,9 @@ mymain(void)
      * be rejected. GNUTLS < 3 does not reject it and
      * we don't anticipate them changing this behaviour
      */
-    DO_CTX_TEST(true, cacert4req, servercert4req, GNUTLS_VERSION_MAJOR >= 3);
-    DO_CTX_TEST(true, cacert5req, servercert5req, true);
-    DO_CTX_TEST(true, cacert6req, servercert6req, true);
+    DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename, GNUTLS_VERSION_MAJOR >= 3);
+    DO_CTX_TEST(true, cacert5req.filename, servercert5req.filename, true);
+    DO_CTX_TEST(true, cacert6req.filename, servercert6req.filename, true);
 
 
     /* Various good servers */
@@ -322,13 +322,13 @@ mymain(void)
                  true, false, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
                  0, 0);
 
-    DO_CTX_TEST(true, cacertreq, servercert7req, false);
-    DO_CTX_TEST(true, cacertreq, servercert8req, false);
-    DO_CTX_TEST(true, cacertreq, servercert9req, false);
-    DO_CTX_TEST(true, cacertreq, servercert10req, false);
-    DO_CTX_TEST(true, cacertreq, servercert11req, false);
-    DO_CTX_TEST(true, cacertreq, servercert12req, false);
-    DO_CTX_TEST(true, cacertreq, servercert13req, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercert7req.filename, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercert8req.filename, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercert9req.filename, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercert10req.filename, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercert11req.filename, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercert12req.filename, false);
+    DO_CTX_TEST(true, cacertreq.filename, servercert13req.filename, false);
     /* Bad servers */
 
     /* usage:cert-sign:critical */
@@ -353,9 +353,9 @@ mymain(void)
                  false, false, NULL, NULL,
                  0, 0);
 
-    DO_CTX_TEST(true, cacertreq, servercert14req, true);
-    DO_CTX_TEST(true, cacertreq, servercert15req, true);
-    DO_CTX_TEST(true, cacertreq, servercert16req, true);
+    DO_CTX_TEST(true, cacertreq.filename, servercert14req.filename, true);
+    DO_CTX_TEST(true, cacertreq.filename, servercert15req.filename, true);
+    DO_CTX_TEST(true, cacertreq.filename, servercert16req.filename, true);
 
 
 
@@ -410,13 +410,13 @@ mymain(void)
                  true, false, GNUTLS_KP_TLS_WWW_CLIENT, GNUTLS_KP_TLS_WWW_SERVER,
                  0, 0);
 
-    DO_CTX_TEST(false, cacertreq, clientcert1req, false);
-    DO_CTX_TEST(false, cacertreq, clientcert2req, false);
-    DO_CTX_TEST(false, cacertreq, clientcert3req, false);
-    DO_CTX_TEST(false, cacertreq, clientcert4req, false);
-    DO_CTX_TEST(false, cacertreq, clientcert5req, false);
-    DO_CTX_TEST(false, cacertreq, clientcert6req, false);
-    DO_CTX_TEST(false, cacertreq, clientcert7req, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert1req.filename, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert2req.filename, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert3req.filename, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert4req.filename, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert5req.filename, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert6req.filename, false);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert7req.filename, false);
     /* Bad clients */
 
     /* usage:cert-sign:critical */
@@ -441,9 +441,9 @@ mymain(void)
                  false, false, NULL, NULL,
                  0, 0);
 
-    DO_CTX_TEST(false, cacertreq, clientcert8req, true);
-    DO_CTX_TEST(false, cacertreq, clientcert9req, true);
-    DO_CTX_TEST(false, cacertreq, clientcert10req, true);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert8req.filename, true);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert9req.filename, true);
+    DO_CTX_TEST(false, cacertreq.filename, clientcert10req.filename, true);
 
 
 
@@ -474,9 +474,9 @@ mymain(void)
                  true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
                  0, -1);
 
-    DO_CTX_TEST(true, cacertexpreq, servercertexpreq, true);
-    DO_CTX_TEST(true, cacertreq, servercertexp1req, true);
-    DO_CTX_TEST(false, cacertreq, clientcertexp1req, true);
+    DO_CTX_TEST(true, cacertexpreq.filename, servercertexpreq.filename, true);
+    DO_CTX_TEST(true, cacertreq.filename, servercertexp1req.filename, true);
+    DO_CTX_TEST(false, cacertreq.filename, clientcertexp1req.filename, true);
 
 
     /* Not activated stuff */
@@ -506,9 +506,9 @@ mymain(void)
                  true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
                  1, 2);
 
-    DO_CTX_TEST(true, cacertnewreq, servercertnewreq, true);
-    DO_CTX_TEST(true, cacertreq, servercertnew1req, true);
-    DO_CTX_TEST(false, cacertreq, clientcertnew1req, true);
+    DO_CTX_TEST(true, cacertnewreq.filename, servercertnewreq.filename, true);
+    DO_CTX_TEST(true, cacertreq.filename, servercertnew1req.filename, true);
+    DO_CTX_TEST(false, cacertreq.filename, clientcertnew1req.filename, true);
 
     testTLSDiscardCert(&cacertreq);
     testTLSDiscardCert(&cacert1req);
diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c
index 370ba52..8636fc8 100644
--- a/tests/virnettlssessiontest.c
+++ b/tests/virnettlssessiontest.c
@@ -39,10 +39,10 @@
 # define VIR_FROM_THIS VIR_FROM_RPC
 
 struct testTLSSessionData {
-    struct testTLSCertReq careq;
-    struct testTLSCertReq othercareq;
-    struct testTLSCertReq serverreq;
-    struct testTLSCertReq clientreq;
+    const char *servercacrt;
+    const char *clientcacrt;
+    const char *servercrt;
+    const char *clientcrt;
     bool expectServerFail;
     bool expectClientFail;
     const char *hostname;
@@ -104,32 +104,29 @@ static int testTLSSessionInit(const void *opaque)
      * want to make sure that problems are being
      * detected at the TLS session validation stage
      */
-    serverCtxt = virNetTLSContextNewServer(data->careq.filename,
+    serverCtxt = virNetTLSContextNewServer(data->servercacrt,
                                            NULL,
-                                           data->serverreq.filename,
+                                           data->servercrt,
                                            keyfile,
                                            data->wildcards,
                                            false,
                                            true);
 
-    clientCtxt = virNetTLSContextNewClient(data->othercareq.filename ?
-                                           data->othercareq.filename :
-                                           data->careq.filename,
+    clientCtxt = virNetTLSContextNewClient(data->clientcacrt,
                                            NULL,
-                                           data->clientreq.filename,
+                                           data->clientcrt,
                                            keyfile,
                                            false,
                                            true);
 
     if (!serverCtxt) {
         VIR_WARN("Unexpected failure loading %s against %s",
-                 data->careq.filename, data->serverreq.filename);
+                 data->servercacrt, data->servercrt);
         goto cleanup;
     }
     if (!clientCtxt) {
         VIR_WARN("Unexpected failure loading %s against %s",
-                 data->othercareq.filename ? data->othercareq.filename :
-                 data->careq.filename, data->clientreq.filename);
+                 data->clientcacrt, data->clientcrt);
         goto cleanup;
     }
 
@@ -140,13 +137,12 @@ static int testTLSSessionInit(const void *opaque)
 
     if (!serverSess) {
         VIR_WARN("Unexpected failure using %s against %s",
-                 data->careq.filename, data->serverreq.filename);
+                 data->servercacrt, data->servercrt);
         goto cleanup;
     }
     if (!clientSess) {
         VIR_WARN("Unexpected failure using %s against %s",
-                 data->othercareq.filename ? data->othercareq.filename :
-                 data->careq.filename, data->clientreq.filename);
+                 data->clientcacrt, data->clientcrt);
         goto cleanup;
     }
 
@@ -242,38 +238,37 @@ mymain(void)
 
     testTLSInit();
 
-# define DO_SESS_TEST(_caReq, _serverReq, _clientReq, _expectServerFail,\
+# define DO_SESS_TEST(_caCrt, _serverCrt, _clientCrt, _expectServerFail, \
                       _expectClientFail, _hostname, _wildcards)         \
     do {                                                                \
         static struct testTLSSessionData data;                          \
-        static struct testTLSCertReq other;                             \
-        data.careq = _caReq;                                            \
-        data.othercareq = other;                                        \
-        data.serverreq = _serverReq;                                    \
-        data.clientreq = _clientReq;                                    \
+        data.servercacrt = _caCrt;                                      \
+        data.clientcacrt = _caCrt;                                      \
+        data.servercrt = _serverCrt;                                    \
+        data.clientcrt = _clientCrt;                                    \
         data.expectServerFail = _expectServerFail;                      \
         data.expectClientFail = _expectClientFail;                      \
         data.hostname = _hostname;                                      \
         data.wildcards = _wildcards;                                    \
-        if (virtTestRun("TLS Session " #_serverReq " + " #_clientReq,   \
+        if (virtTestRun("TLS Session " #_serverCrt " + " #_clientCrt,   \
                         1, testTLSSessionInit, &data) < 0)              \
             ret = -1;                                                   \
     } while (0)
 
-# define DO_SESS_TEST_EXT(_caReq, _othercaReq, _serverReq, _clientReq,  \
+# define DO_SESS_TEST_EXT(_serverCaCrt, _clientCaCrt, _serverCrt, _clientCrt, \
                           _expectServerFail, _expectClientFail,         \
                           _hostname, _wildcards)                        \
     do {                                                                \
         static struct testTLSSessionData data;                          \
-        data.careq = _caReq;                                            \
-        data.othercareq = _othercaReq;                                  \
-        data.serverreq = _serverReq;                                    \
-        data.clientreq = _clientReq;                                    \
+        data.servercacrt = _serverCaCrt;                                \
+        data.clientcacrt = _clientCaCrt;                                \
+        data.servercrt = _serverCrt;                                    \
+        data.clientcrt = _clientCrt;                                    \
         data.expectServerFail = _expectServerFail;                      \
         data.expectClientFail = _expectClientFail;                      \
         data.hostname = _hostname;                                      \
         data.wildcards = _wildcards;                                    \
-        if (virtTestRun("TLS Session " #_serverReq " + " #_clientReq,   \
+        if (virtTestRun("TLS Session " #_serverCrt " + " #_clientCrt,   \
                         1, testTLSSessionInit, &data) < 0)              \
             ret = -1;                                                   \
     } while (0)
@@ -282,7 +277,7 @@ mymain(void)
                       co, cn, an1, an2, ia1, ia2, bce, bcc, bci,        \
                       kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo)      \
     static struct testTLSCertReq varname = {                            \
-        NULL, #varname ".pem",                                          \
+        NULL, #varname "-sess.pem",                                     \
         co, cn, an1, an2, ia1, ia2, bce, bcc, bci,                      \
         kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so                     \
     };                                                                  \
@@ -292,7 +287,7 @@ mymain(void)
                       co, cn, an1, an2, ia1, ia2, bce, bcc, bci,        \
                       kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo)      \
     static struct testTLSCertReq varname = {                            \
-        NULL, #varname ".pem",                                          \
+        NULL, #varname "-sess.pem",                                     \
         co, cn, an1, an2, ia1, ia2, bce, bcc, bci,                      \
         kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so                     \
     };                                                                  \
@@ -335,8 +330,10 @@ mymain(void)
                  true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
                  0, 0);
 
-    DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", NULL);
-    DO_SESS_TEST_EXT(cacertreq, altcacertreq, servercertreq, clientcertaltreq, true, true, "libvirt.org", NULL);
+    DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
+                 false, false, "libvirt.org", NULL);
+    DO_SESS_TEST_EXT(cacertreq.filename, altcacertreq.filename, servercertreq.filename,
+                     clientcertaltreq.filename, true, true, "libvirt.org", NULL);
 
 
     /* When an altname is set, the CN is ignored, so it must be duplicated
@@ -355,13 +352,19 @@ mymain(void)
                  true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
                  0, 0);
 
-    DO_SESS_TEST(cacertreq, servercertalt1req, clientcertreq, false, false, "libvirt.org", NULL);
-    DO_SESS_TEST(cacertreq, servercertalt1req, clientcertreq, false, false, "www.libvirt.org", NULL);
-    DO_SESS_TEST(cacertreq, servercertalt1req, clientcertreq, false, true, "wiki.libvirt.org", NULL);
+    DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
+                 false, false, "libvirt.org", NULL);
+    DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
+                 false, false, "www.libvirt.org", NULL);
+    DO_SESS_TEST(cacertreq.filename, servercertalt1req.filename, clientcertreq.filename,
+                 false, true, "wiki.libvirt.org", NULL);
 
-    DO_SESS_TEST(cacertreq, servercertalt2req, clientcertreq, false, true, "libvirt.org", NULL);
-    DO_SESS_TEST(cacertreq, servercertalt2req, clientcertreq, false, false, "www.libvirt.org", NULL);
-    DO_SESS_TEST(cacertreq, servercertalt2req, clientcertreq, false, false, "wiki.libvirt.org", NULL);
+    DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
+                 false, true, "libvirt.org", NULL);
+    DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
+                 false, false, "www.libvirt.org", NULL);
+    DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename,
+                 false, false, "wiki.libvirt.org", NULL);
 
     const char *const wildcards1[] = {
         "C=UK,CN=dogfood",
@@ -389,12 +392,18 @@ mymain(void)
         NULL,
     };
 
-    DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, true, false, "libvirt.org", wildcards1);
-    DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards2);
-    DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards3);
-    DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, true, false, "libvirt.org", wildcards4);
-    DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards5);
-    DO_SESS_TEST(cacertreq, servercertreq, clientcertreq, false, false, "libvirt.org", wildcards6);
+    DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
+                 true, false, "libvirt.org", wildcards1);
+    DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
+                 false, false, "libvirt.org", wildcards2);
+    DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
+                 false, false, "libvirt.org", wildcards3);
+    DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
+                 true, false, "libvirt.org", wildcards4);
+    DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
+                 false, false, "libvirt.org", wildcards5);
+    DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename,
+                 false, false, "libvirt.org", wildcards6);
 
     testTLSDiscardCert(&clientcertreq);
     testTLSDiscardCert(&clientcertaltreq);
-- 
1.8.3.2