5 files changed, 224 insertions, 8 deletions

diff --git a/.gitignore b/.gitignore
index 9afe821..0cad57c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -82,6 +82,8 @@ tests/wocky-xmpp-stanza-test
 tests/wocky-connector-test
 tests/*report.xml
 
+tests/certs/*.pem
+
 examples/wocky-connect
 
 coverage/
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8e2adf9..6021f2b 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,3 +1,17 @@
+############################################################################
+# x509 certificates:
+.PRECIOUS: %-key.pem
+CERTTOOL := $(shell which certtool)
+GENKEY   := $(CERTTOOL) --generate-privkey --outfile
+CA_KEY   := $(realpath certs/ca-key.pem)
+CA_CERT  := $(realpath certs/ca-cert.pem)
+TLS_KEY  := $(realpath certs/tls-key.pem)
+TLS_CERT := $(realpath certs/tls-cert.pem)
+TLSDEFS  := -DTLS_CA_KEY_FILE='"$(CA_KEY)"'      \
+            -DTLS_CA_CRT_FILE='"$(CA_CERT)"'     \
+            -DTLS_SERVER_KEY_FILE='"$(TLS_KEY)"' \
+            -DTLS_SERVER_CRT_FILE='"$(TLS_CERT)"'
+############################################################################
 TEST_PROGS = wocky-xmpp-reader-test \
   wocky-xmpp-readwrite-test \
   wocky-xmpp-connection-test \
@@ -17,6 +31,7 @@ wocky_xmpp_readwrite_test_SOURCES = \
 wocky_xmpp_reader_test_SOURCES = \
   wocky-xmpp-reader-test.c
 
+wocky_connector_test_DEPENDENCIES = $(TLS_CERT)
 wocky_connector_test_SOURCES = \
    wocky-connector-test.c        \
    wocky-test-sasl-auth-server.c \
@@ -25,6 +40,8 @@ wocky_connector_test_SOURCES = \
    wocky-test-connector-server.h \
    test-resolver.h        	 \
    test-resolver.c
+wocky_connector_test_LDADD = $(LDADD) @LIBSASL2_LIBS@
+wocky_connector_test_CFLAGS = $(AM_CFLAGS) @LIBSASL2_CFLAGS@ $(TLSDEFS)
 
 wocky_connector_test_LDADD = $(LDADD) @LIBSASL2_LIBS@
 wocky_connector_test_CFLAGS = $(AM_CFLAGS) @LIBSASL2_CFLAGS@
@@ -37,8 +54,6 @@ wocky_test_sasl_auth_SOURCES = \
    wocky-test-sasl-auth.c \
    wocky-test-sasl-auth-server.c \
    wocky-test-sasl-auth-server.h \
-   wocky-test-connector-server.c \
-   wocky-test-connector-server.h \
    wocky-test-stream.c \
    wocky-test-stream.h
 
@@ -86,6 +101,27 @@ test-%: wocky-%-test
 include $(top_srcdir)/tools/check-coding-style.mk
 check-local: test check-coding-style
 
+############################################################################
+# x509 certificates:
+%-key.pem:
+	$(GENKEY) $@
+
+%-cert.pem: %-key.pem %-cert.cfg certs/ca-cert.pem 
+	@echo $@ DEPS: $^
+	$(CERTTOOL) --generate-certificate                  \
+                    --load-ca-certificate certs/ca-cert.pem \
+	            --load-ca-privkey certs/ca-key.pem      \
+	            --load-privkey $*-key.pem               \
+	            --template $*-cert.cfg                  \
+	            --outfile $@
+
+certs/ca-cert.pem: certs/ca-key.pem certs/ca-cert.cfg
+	$(CERTTOOL) --generate-self-signed            \
+	            --load-privkey $<                 \
+	            --template     $(basename $@).cfg \
+	            --outfile      $@
+############################################################################
+
 SUPPRESSIONS=threadlocal.supp
 
 # valgrind any given test by running make test.valgrind
diff --git a/tests/certs/ca-cert.cfg b/tests/certs/ca-cert.cfg
new file mode 100644
index 0000000..8af05f3
--- /dev/null
+++ b/tests/certs/ca-cert.cfg
@@ -0,0 +1,89 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Collabora"
+
+# The organizational unit of the subject.
+unit = "Wocky Test Suite"
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Confused"
+
+# The country of the subject. Two letter code.
+country = UK
+
+# The common name of the certificate owner.
+cn = "Wocky XMPP Library"
+
+# A user id of the certificate owner.
+#uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
+
+# This is deprecated and should not be used in new
+# certificates.
+# pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 001
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 7
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+#dns_name = "www.none.org"
+#dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+#ip_address = "192.168.1.1"
+
+# An email in case of a person
+email = "postmaster@collabora.co.uk"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "file:///tmp/wocky-tests/crl"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is prefered to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+#ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
diff --git a/tests/certs/tls-cert.cfg b/tests/certs/tls-cert.cfg
new file mode 100644
index 0000000..c28c044
--- /dev/null
+++ b/tests/certs/tls-cert.cfg
@@ -0,0 +1,89 @@
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Collabora"
+
+# The organizational unit of the subject.
+unit = "Wocky Test Suite"
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Dazed"
+
+# The country of the subject. Two letter code.
+country = UK
+
+# The common name of the certificate owner.
+cn = "Wocky XMPP Library"
+
+# A user id of the certificate owner.
+#uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
+
+# This is deprecated and should not be used in new
+# certificates.
+# pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 002
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 7
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "weasel-juice.org"
+#dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+#ip_address = "192.168.1.1"
+
+# An email in case of a person
+#email = "postmaster@collabora.co.uk"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+#crl_dist_points = "file:///tmp/wocky-tests/crl"
+
+# Whether this is a CA certificate or not
+#ca
+
+# Whether this certificate will be used for a TLS client
+tls_www_client
+
+# Whether this certificate will be used for a TLS server
+tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+#signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is prefered to use different
+# keys for encryption and signing.
+encryption_key
+
+# Whether this key will be used to sign other certificates.
+#cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+#ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+time_stamping_key
diff --git a/tests/wocky-test-connector-server.c b/tests/wocky-test-connector-server.c
index cc87ea6..4fe9b14 100644
--- a/tests/wocky-test-connector-server.c
+++ b/tests/wocky-test-connector-server.c
@@ -281,12 +281,12 @@ handle_starttls (TestConnectorServer *self,
       /* set up the tls server session */
       /* gnutls_global_set_log_function ((gnutls_log_func)debug_gnutls);
        * gnutls_global_set_log_level (10); */
-      priv->tls_sess =
-       g_tls_session_server_new (priv->stream,
-           1024,
-           "/home/vivek/src/certs/key.pem",
-           "/home/vivek/src/certs/cert.pem",
-           NULL, NULL);
+      priv->tls_sess = g_tls_session_server_new (priv->stream,
+          1024,
+          TLS_SERVER_KEY_FILE,
+          TLS_SERVER_CRT_FILE,
+          TLS_CA_CRT_FILE,
+          NULL);
 
       wocky_xmpp_connection_send_stanza_async (conn, proceed, NULL, starttls,
           self);