diff options
author | Vivek Dasmohapatra <vivek@collabora.co.uk> | 2009-07-01 17:06:32 +0100 |
---|---|---|
committer | Vivek Dasmohapatra <vivek@collabora.co.uk> | 2009-07-14 17:54:33 +0100 |
commit | 4c439506aa436b146bb600eb8892deacc45d9482 (patch) | |
tree | 26d8fd2445c211ec691c31712c6bb4001949b689 | |
parent | 37e4a629ea89b01d744c73b5ead5b4886e0334a2 (diff) |
Generate x509 key and cert PEM files automatically.
Use generated PEM files in connector tests.
Ignore PEM files in git.
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | tests/Makefile.am | 40 | ||||
-rw-r--r-- | tests/certs/ca-cert.cfg | 89 | ||||
-rw-r--r-- | tests/certs/tls-cert.cfg | 89 | ||||
-rw-r--r-- | tests/wocky-test-connector-server.c | 12 |
5 files changed, 224 insertions, 8 deletions
@@ -82,6 +82,8 @@ tests/wocky-xmpp-stanza-test tests/wocky-connector-test tests/*report.xml +tests/certs/*.pem + examples/wocky-connect coverage/ diff --git a/tests/Makefile.am b/tests/Makefile.am index 8e2adf9..6021f2b 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,3 +1,17 @@ +############################################################################ +# x509 certificates: +.PRECIOUS: %-key.pem +CERTTOOL := $(shell which certtool) +GENKEY := $(CERTTOOL) --generate-privkey --outfile +CA_KEY := $(realpath certs/ca-key.pem) +CA_CERT := $(realpath certs/ca-cert.pem) +TLS_KEY := $(realpath certs/tls-key.pem) +TLS_CERT := $(realpath certs/tls-cert.pem) +TLSDEFS := -DTLS_CA_KEY_FILE='"$(CA_KEY)"' \ + -DTLS_CA_CRT_FILE='"$(CA_CERT)"' \ + -DTLS_SERVER_KEY_FILE='"$(TLS_KEY)"' \ + -DTLS_SERVER_CRT_FILE='"$(TLS_CERT)"' +############################################################################ TEST_PROGS = wocky-xmpp-reader-test \ wocky-xmpp-readwrite-test \ wocky-xmpp-connection-test \ @@ -17,6 +31,7 @@ wocky_xmpp_readwrite_test_SOURCES = \ wocky_xmpp_reader_test_SOURCES = \ wocky-xmpp-reader-test.c +wocky_connector_test_DEPENDENCIES = $(TLS_CERT) wocky_connector_test_SOURCES = \ wocky-connector-test.c \ wocky-test-sasl-auth-server.c \ @@ -25,6 +40,8 @@ wocky_connector_test_SOURCES = \ wocky-test-connector-server.h \ test-resolver.h \ test-resolver.c +wocky_connector_test_LDADD = $(LDADD) @LIBSASL2_LIBS@ +wocky_connector_test_CFLAGS = $(AM_CFLAGS) @LIBSASL2_CFLAGS@ $(TLSDEFS) wocky_connector_test_LDADD = $(LDADD) @LIBSASL2_LIBS@ wocky_connector_test_CFLAGS = $(AM_CFLAGS) @LIBSASL2_CFLAGS@ @@ -37,8 +54,6 @@ wocky_test_sasl_auth_SOURCES = \ wocky-test-sasl-auth.c \ wocky-test-sasl-auth-server.c \ wocky-test-sasl-auth-server.h \ - wocky-test-connector-server.c \ - wocky-test-connector-server.h \ wocky-test-stream.c \ wocky-test-stream.h @@ -86,6 +101,27 @@ test-%: wocky-%-test include $(top_srcdir)/tools/check-coding-style.mk check-local: test check-coding-style +############################################################################ +# x509 certificates: +%-key.pem: + $(GENKEY) $@ + +%-cert.pem: %-key.pem %-cert.cfg certs/ca-cert.pem + @echo $@ DEPS: $^ + $(CERTTOOL) --generate-certificate \ + --load-ca-certificate certs/ca-cert.pem \ + --load-ca-privkey certs/ca-key.pem \ + --load-privkey $*-key.pem \ + --template $*-cert.cfg \ + --outfile $@ + +certs/ca-cert.pem: certs/ca-key.pem certs/ca-cert.cfg + $(CERTTOOL) --generate-self-signed \ + --load-privkey $< \ + --template $(basename $@).cfg \ + --outfile $@ +############################################################################ + SUPPRESSIONS=threadlocal.supp # valgrind any given test by running make test.valgrind diff --git a/tests/certs/ca-cert.cfg b/tests/certs/ca-cert.cfg new file mode 100644 index 0000000..8af05f3 --- /dev/null +++ b/tests/certs/ca-cert.cfg @@ -0,0 +1,89 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Collabora" + +# The organizational unit of the subject. +unit = "Wocky Test Suite" + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Confused" + +# The country of the subject. Two letter code. +country = UK + +# The common name of the certificate owner. +cn = "Wocky XMPP Library" + +# A user id of the certificate owner. +#uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal" + +# This is deprecated and should not be used in new +# certificates. +# pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 001 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 7 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +#dns_name = "www.none.org" +#dns_name = "www.morethanone.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +# An email in case of a person +email = "postmaster@collabora.co.uk" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "file:///tmp/wocky-tests/crl" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is prefered to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key diff --git a/tests/certs/tls-cert.cfg b/tests/certs/tls-cert.cfg new file mode 100644 index 0000000..c28c044 --- /dev/null +++ b/tests/certs/tls-cert.cfg @@ -0,0 +1,89 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Collabora" + +# The organizational unit of the subject. +unit = "Wocky Test Suite" + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Dazed" + +# The country of the subject. Two letter code. +country = UK + +# The common name of the certificate owner. +cn = "Wocky XMPP Library" + +# A user id of the certificate owner. +#uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal" + +# This is deprecated and should not be used in new +# certificates. +# pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 002 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 7 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "weasel-juice.org" +#dns_name = "www.morethanone.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +# An email in case of a person +#email = "postmaster@collabora.co.uk" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +#crl_dist_points = "file:///tmp/wocky-tests/crl" + +# Whether this is a CA certificate or not +#ca + +# Whether this certificate will be used for a TLS client +tls_www_client + +# Whether this certificate will be used for a TLS server +tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +#signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is prefered to use different +# keys for encryption and signing. +encryption_key + +# Whether this key will be used to sign other certificates. +#cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +time_stamping_key diff --git a/tests/wocky-test-connector-server.c b/tests/wocky-test-connector-server.c index cc87ea6..4fe9b14 100644 --- a/tests/wocky-test-connector-server.c +++ b/tests/wocky-test-connector-server.c @@ -281,12 +281,12 @@ handle_starttls (TestConnectorServer *self, /* set up the tls server session */ /* gnutls_global_set_log_function ((gnutls_log_func)debug_gnutls); * gnutls_global_set_log_level (10); */ - priv->tls_sess = - g_tls_session_server_new (priv->stream, - 1024, - "/home/vivek/src/certs/key.pem", - "/home/vivek/src/certs/cert.pem", - NULL, NULL); + priv->tls_sess = g_tls_session_server_new (priv->stream, + 1024, + TLS_SERVER_KEY_FILE, + TLS_SERVER_CRT_FILE, + TLS_CA_CRT_FILE, + NULL); wocky_xmpp_connection_send_stanza_async (conn, proceed, NULL, starttls, self); |