aboutsummaryrefslogtreecommitdiffstats
path: root/Source/testing
diff options
context:
space:
mode:
Diffstat (limited to 'Source/testing')
-rw-r--r--Source/testing/Makefile.testcases4
-rw-r--r--Source/testing/certificate_test.c30
-rw-r--r--Source/testing/connection_test.c4
-rw-r--r--Source/testing/identification_test.c166
-rw-r--r--Source/testing/identification_test.h37
-rw-r--r--Source/testing/policy_test.c4
-rw-r--r--Source/testing/rsa_test.c4
-rw-r--r--Source/testing/testcases.c2
8 files changed, 239 insertions, 12 deletions
diff --git a/Source/testing/Makefile.testcases b/Source/testing/Makefile.testcases
index 2a0dbf234..49ec84a95 100644
--- a/Source/testing/Makefile.testcases
+++ b/Source/testing/Makefile.testcases
@@ -136,4 +136,8 @@ $(BUILD_DIR)certificate_test.o : $(TESTCASES_DIR)certificate_test.c $(TESTCASES_
TEST_OBJS+= $(BUILD_DIR)leak_detective_test.o
$(BUILD_DIR)leak_detective_test.o : $(TESTCASES_DIR)leak_detective_test.c $(TESTCASES_DIR)leak_detective_test.h
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+TEST_OBJS+= $(BUILD_DIR)identification_test.o
+$(BUILD_DIR)identification_test.o : $(TESTCASES_DIR)identification_test.c $(TESTCASES_DIR)identification_test.h
$(CC) $(CFLAGS) -c -o $@ $< \ No newline at end of file
diff --git a/Source/testing/certificate_test.c b/Source/testing/certificate_test.c
index 025893c0b..be8a8f7cf 100644
--- a/Source/testing/certificate_test.c
+++ b/Source/testing/certificate_test.c
@@ -20,14 +20,15 @@
* for more details.
*/
+#include <string.h>
+
#include "certificate_test.h"
#include <daemon.h>
-#include <crypto/certificate.h>
+#include <crypto/x509.h>
#include <utils/logger.h>
-
static char certificate_buffer[] = {
0x30,0x82,0x02,0xf9,0x30,0x82,0x01,0xe1,0xa0,0x03,0x02,0x01,0x02,0x02,0x11,0x00,
0xfe,0xae,0xe3,0xcf,0x00,0x27,0x8d,0xa0,0xe1,0xfa,0xb2,0x07,0xd4,0x15,0x40,0x93,
@@ -85,10 +86,27 @@ static char certificate_buffer[] = {
void test_certificate(protected_tester_t *tester)
{
chunk_t certificate = {certificate_buffer, sizeof(certificate_buffer)};
+ identification_t *id;
+ x509_t *cert;
- x509_t *cert = x509_create_from_chunk(certificate);
-
- //certificate_t *cert = certificate_create_from_file("myCert.der");
-
+ cert = x509_create_from_chunk(certificate);
+ id = cert->get_subject(cert);
+ tester->assert_true(tester, strcmp(id->get_string(id), "C=CH, O=Linux strongSwan, CN=maeno") == 0, "subject");
+ id = cert->get_issuer(cert);
+ tester->assert_true(tester, strcmp(id->get_string(id), "C=CH, O=Linux strongSwan, CN=maeno") == 0, "issuer");
+ cert->destroy(cert);
+ /*
+ cert = x509_create_from_file("scripts/complex1.der");
+ id = cert->get_subject(cert);
+ printf("Subject: %s\n", id->get_string(id));
+ id = cert->get_issuer(cert);
+ printf("Issuer: %s\n", id->get_string(id));
cert->destroy(cert);
+
+ cert = x509_create_from_file("scripts/complex2.der");
+ id = cert->get_subject(cert);
+ printf("Subject: %s\n", id->get_string(id));
+ id = cert->get_issuer(cert);
+ printf("Issuer: %s\n", id->get_string(id));
+ cert->destroy(cert);*/
}
diff --git a/Source/testing/connection_test.c b/Source/testing/connection_test.c
index 909136c01..2b2a4d4d8 100644
--- a/Source/testing/connection_test.c
+++ b/Source/testing/connection_test.c
@@ -33,8 +33,8 @@ void test_connection(protected_tester_t *tester)
{
host_t *alice = host_create(AF_INET, "192.168.0.1", 500);
host_t *bob = host_create(AF_INET, "192.168.0.2", 500);
- identification_t *alice_id = identification_create_from_string(AF_INET, "192.168.0.1");
- identification_t *bob_id = identification_create_from_string(AF_INET, "192.168.0.2");
+ identification_t *alice_id = identification_create_from_string("192.168.0.1");
+ identification_t *bob_id = identification_create_from_string("192.168.0.2");
connection_t *connection = connection_create(alice, bob, alice_id, bob_id, RSA_DIGITAL_SIGNATURE);
proposal_t *prop1, *prop2, *prop3, *prop4;
linked_list_t *list;
diff --git a/Source/testing/identification_test.c b/Source/testing/identification_test.c
new file mode 100644
index 000000000..b148b53e0
--- /dev/null
+++ b/Source/testing/identification_test.c
@@ -0,0 +1,166 @@
+/**
+ * @file identification_test.c
+ *
+ * @brief Tests for the identification_t class.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "identification_test.h"
+
+#include <utils/identification.h>
+#include <utils/logger.h>
+
+/*
+ * described in Header-File
+ */
+void test_identification(protected_tester_t *tester)
+{
+ identification_t *a, *b, *c, *d;
+ bool result;
+
+ { /* test RFC822_ADDR */
+ char *bob_string = "bob@wonderland.net";
+ chunk_t bob_chunk = {bob_string, strlen(bob_string)};
+
+ a = identification_create_from_string("alice@wonderland.net");
+ b = identification_create_from_encoding(ID_RFC822_ADDR, bob_chunk);
+ c = identification_create_from_string("*@wonderland.net");
+ d = identification_create_from_string("*@badlands.com");
+
+ result = a->belongs_to(a, c);
+ tester->assert_true(tester, result, "alice belongs to wonderland");
+ result = b->belongs_to(b, c);
+ tester->assert_true(tester, result, "bob belongs to wonderland");
+ result = a->belongs_to(a, d);
+ tester->assert_false(tester, result, "alice does not belong to badlands");
+ result = b->belongs_to(b, d);
+ tester->assert_false(tester, result, "bob does not belong to badlands");
+ result = c->belongs_to(c, d);
+ tester->assert_false(tester, result, "wonderland is not in badlands");
+ result = a->belongs_to(a, a);
+ tester->assert_true(tester, result, "alice belongs to alice alice");
+ result = a->equals(a, a);
+ tester->assert_true(tester, result, "alice is alice");
+ result = a->equals(a, b);
+ tester->assert_false(tester, result, "alice is not bob");
+
+ a->destroy(a);
+ b->destroy(b);
+ c->destroy(c);
+ d->destroy(d);
+ }
+
+ { /* test FQDN */
+ char *bob_string = "@dave.nirvana.org";
+ chunk_t bob_chunk = {bob_string, strlen(bob_string)};
+
+ a = identification_create_from_string("@carol.nirvana.org");
+ b = identification_create_from_encoding(ID_FQDN, bob_chunk);
+ c = identification_create_from_string("@*.nirvana.org");
+ d = identification_create_from_string("@*.samsara.com");
+
+ result = a->belongs_to(a, c);
+ tester->assert_true(tester, result, "carol belongs to nirvana");
+ result = b->belongs_to(b, c);
+ tester->assert_true(tester, result, "dave belongs to nirvana");
+ result = a->belongs_to(a, d);
+ tester->assert_false(tester, result, "carol does not belong to samsara");
+ result = b->belongs_to(b, d);
+ tester->assert_false(tester, result, "dave does not belong to samsara");
+ result = c->belongs_to(c, d);
+ tester->assert_false(tester, result, "nirvana is not in samsara");
+ result = a->belongs_to(a, a);
+ tester->assert_true(tester, result, "carol belongs to carol carol");
+ result = a->equals(a, a);
+ tester->assert_true(tester, result, "carol is carol");
+ result = a->equals(a, b);
+ tester->assert_false(tester, result, "carol is not dave");
+
+ a->destroy(a);
+ b->destroy(b);
+ c->destroy(c);
+ d->destroy(d);
+ }
+
+
+ { /* test ID IPV4 ADDR, no wildcards yet */
+ char bob_addr[] = {192,168,0,2};
+ chunk_t bob_chunk = chunk_from_buf(bob_addr);
+
+ a = identification_create_from_string("192.168.0.1");
+ b = identification_create_from_encoding(ID_IPV4_ADDR, bob_chunk);
+ c = identification_create_from_string("192.168.0.2"); /* as bob */
+
+ result = a->equals(a, a);
+ tester->assert_true(tester, result, "IPV4_ADDR of alice equals IPV4_ADDR of alice");
+ result = b->equals(b, c);
+ tester->assert_true(tester, result, "IPV4_ADDR of bob equals IPV4_ADDR of carol");
+ result = a->equals(a, b);
+ tester->assert_false(tester, result, "IPV4_ADDR of alice doesn't equal IPV4_ADDR of bob");
+
+ a->destroy(a);
+ b->destroy(b);
+ c->destroy(c);
+ }
+
+ { /* test ID IPV6 ADDR, no wildcards yet */
+ char bob_addr[] = {0x20,0x01,0x0d,0xb8,0x85,0xa3,0x08,0xd3,0x13,0x19,0x8a,0x2e,0x03,0x70,0x73,0x44};
+ chunk_t bob_chunk = chunk_from_buf(bob_addr);
+
+ a = identification_create_from_string("2001:0db8:85a3:08d3:1319:8a2e:0370:7345");
+ b = identification_create_from_encoding(ID_IPV6_ADDR, bob_chunk);
+ c = identification_create_from_string("2001:0db8:85a3:08d3:1319:8a2e:0370:7344"); /* as bob */
+
+ result = a->equals(a, a);
+ tester->assert_true(tester, result, "IPV6_ADDR of alice equals IPV6_ADDR of alice");
+ result = b->equals(b, c);
+ tester->assert_true(tester, result, "IPV6_ADDR of bob equals IPV6_ADDR of carol");
+ result = a->equals(a, b);
+ tester->assert_false(tester, result, "IPV6_ADDR of alice doesn't equal IPV6_ADDR of bob");
+
+ a->destroy(a);
+ b->destroy(b);
+ c->destroy(c);
+ }
+
+ { /* test ID DER_ASN1_DN */
+ a = identification_create_from_string("C=CH, O=Linux strongSwan, CN=alice");
+ b = identification_create_from_string("O=Linux strongSwan, C=CH, CN=bob");
+ c = identification_create_from_string("C=CH, O=Linux strongSwan, CN=*");
+ d = identification_create_from_string("C=CH, O=Linux openswan, CN=*");
+
+ result = a->equals(a, a);
+ tester->assert_true(tester, result, "DN of alice equals DN of alice");
+ result = a->equals(a, b);
+ tester->assert_false(tester, result, "DN of alice doesn't equal DN of bob");
+ result = a->belongs_to(a, c);
+ tester->assert_true(tester, result, "DN of alice belongs to DN of carol");
+ /* TODO: This does NOT work, wildcard check should work with unordered RDNs */
+ result = b->belongs_to(b, c);
+ tester->assert_true(tester, result, "DN of bob belongs to DN of carol");
+ result = b->belongs_to(b, d);
+ tester->assert_false(tester, result, "DN of bob doesn't belong to DN of dave");
+
+ a->destroy(a);
+ b->destroy(b);
+ c->destroy(c);
+ d->destroy(d);
+ }
+}
diff --git a/Source/testing/identification_test.h b/Source/testing/identification_test.h
new file mode 100644
index 000000000..b1078c52f
--- /dev/null
+++ b/Source/testing/identification_test.h
@@ -0,0 +1,37 @@
+/**
+ * @file identification_test.h
+ *
+ * @brief Tests for the identification_t class.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef IDENTIFICATION_TEST_H_
+#define IDENTIFICATION_TEST_H_
+
+#include <utils/tester.h>
+
+/**
+ * @brief Test function used to test the identification functionality.
+ *
+ * @param tester associated tester object
+ *
+ * @ingroup testcases
+ */
+void test_identification(protected_tester_t *tester);
+
+#endif /* IDENTIFICATION_TEST_H_ */
diff --git a/Source/testing/policy_test.c b/Source/testing/policy_test.c
index 0b09877e0..38fc7cd53 100644
--- a/Source/testing/policy_test.c
+++ b/Source/testing/policy_test.c
@@ -46,8 +46,8 @@ void test_policy(protected_tester_t *tester)
logger = logger_manager->get_logger(logger_manager, TESTER);
logger->disable_level(logger, FULL);
- alice = identification_create_from_string(ID_IPV4_ADDR, "152.96.193.131");
- bob = identification_create_from_string(ID_IPV4_ADDR, "152.96.193.130");
+ alice = identification_create_from_string("152.96.193.131");
+ bob = identification_create_from_string("152.96.193.130");
policy = policy_create(alice, bob);
tester->assert_true(tester, (policy != NULL), "policy construction");
diff --git a/Source/testing/rsa_test.c b/Source/testing/rsa_test.c
index a3ab3e4ea..696901531 100644
--- a/Source/testing/rsa_test.c
+++ b/Source/testing/rsa_test.c
@@ -26,7 +26,7 @@
#include <daemon.h>
#include <utils/logger.h>
-#include <crypto/certificate.h>
+#include <crypto/x509.h>
char private_key_buffer[] = {
0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x00,0x6f,0x25,0x74,0x63,0x2a,0x2f,
@@ -205,7 +205,7 @@ void test_rsa(protected_tester_t *tester)
/* key loading */
private_key = rsa_private_key_create_from_file("alice.der", NULL);
tester->assert_true(tester, private_key != NULL, "loading private key from file");
- certificate = certificate_create_from_file("alice-cert.der");
+ certificate = x509_create_from_file("alice-cert.der");
tester->assert_true(tester, public_key != NULL, "loading certificate from file");
public_key = certificate->get_public_key(certificate);
tester->assert_true(tester, public_key != NULL, "loading public key from certificate");
diff --git a/Source/testing/testcases.c b/Source/testing/testcases.c
index 0f4201b42..72ba52c3f 100644
--- a/Source/testing/testcases.c
+++ b/Source/testing/testcases.c
@@ -63,6 +63,7 @@
#include "child_sa_test.h"
#include "certificate_test.h"
#include "leak_detective_test.h"
+#include "identification_test.h"
/* output for test messages */
extern FILE * stderr;
@@ -131,6 +132,7 @@ test_t kernel_interface_test = {test_kernel_interface, "Kernel Interface"};
test_t child_sa_test = {test_child_sa, "Child SA"};
test_t certificate_test = {test_certificate, "X509 Certificate"};
test_t leak_detective_test = {test_leak_detective, "LEAK detective"};
+test_t identification_test = {test_identification, "identification"};
daemon_t* charon;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 23:38:10 +0000