Commit bd6de903 authored by Carlos Garcia Campos's avatar Carlos Garcia Campos

test: simplify /ssl/tls-interaction test by using SoupServer

The test is still flaky, but due to a glib-networking bug.
parent a45bd0e9
Pipeline #260019 passed with stages
in 1 minute and 32 seconds
......@@ -733,3 +733,11 @@ soup_socket_get_remote_address (SoupSocket *sock)
return priv->remote_addr;
}
GIOStream *
soup_socket_get_connection (SoupSocket *sock)
{
SoupSocketPrivate *priv = soup_socket_get_instance_private (sock);
return priv->conn;
}
......@@ -22,6 +22,7 @@ gboolean soup_socket_is_ssl (SoupSocket *sock);
void soup_socket_disconnect (SoupSocket *sock);
gboolean soup_socket_is_connected (SoupSocket *sock);
GIOStream *soup_socket_get_connection (SoupSocket *sock);
GSocket *soup_socket_get_gsocket (SoupSocket *sock);
GSocket *soup_socket_steal_gsocket (SoupSocket *sock);
GIOStream *soup_socket_get_iostream (SoupSocket *sock);
......
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
#include "test-utils.h"
#include "soup-server-message-private.h"
GUri *uri;
......@@ -106,19 +107,9 @@ test_tls_interaction_request_certificate (GTlsInteraction *interact
GError **error)
{
GTlsCertificate *cert;
const char *ssl_cert_file, *ssl_key_file;
GError *my_error = NULL;
/* Yes, we use the same certificate for the client as for the server. Shrug */
ssl_cert_file = g_test_get_filename (G_TEST_DIST, "test-cert.pem", NULL);
ssl_key_file = g_test_get_filename (G_TEST_DIST, "test-key.pem", NULL);
cert = g_tls_certificate_new_from_files (ssl_cert_file,
ssl_key_file,
&my_error);
g_assert_no_error (my_error);
cert = g_object_get_data (G_OBJECT (interaction), "certificate");
g_tls_connection_set_certificate (connection, cert);
g_object_unref (cert);
return G_TLS_INTERACTION_HANDLED;
}
......@@ -132,102 +123,54 @@ test_tls_interaction_class_init (TestTlsInteractionClass *klass)
}
#define INTERACTION_TEST_HTTP_RESPONSE "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\nOK\r\n"
static gboolean
accept_client_certificate (GTlsConnection *server,
GTlsCertificate *client_cert,
GTlsCertificateFlags errors)
{
return TRUE;
return errors == 0;
}
static void
got_connection (GThreadedSocketService *service,
GSocketConnection *connection,
GObject *source_object)
server_request_started (SoupServer *server,
SoupServerMessage *msg,
GTlsDatabase *tls_db)
{
GIOStream *tls;
GTlsCertificate *server_cert;
GError *error = NULL;
const char *ssl_cert_file, *ssl_key_file;
GMainContext *thread_context;
thread_context = g_main_context_new ();
g_main_context_push_thread_default (thread_context);
ssl_cert_file = g_test_get_filename (G_TEST_DIST, "test-cert.pem", NULL);
ssl_key_file = g_test_get_filename (G_TEST_DIST, "test-key.pem", NULL);
server_cert = g_tls_certificate_new_from_files (ssl_cert_file,
ssl_key_file,
&error);
g_assert_no_error (error);
tls = g_tls_server_connection_new (G_IO_STREAM (connection),
server_cert, &error);
g_assert_no_error (error);
g_object_unref (server_cert);
g_object_set (G_OBJECT (tls),
"authentication-mode", G_TLS_AUTHENTICATION_REQUIRED,
NULL);
g_signal_connect (tls, "accept-certificate",
G_CALLBACK (accept_client_certificate), NULL);
if (g_tls_connection_handshake (G_TLS_CONNECTION (tls), NULL, &error)) {
g_output_stream_write_all (g_io_stream_get_output_stream (tls),
INTERACTION_TEST_HTTP_RESPONSE,
strlen (INTERACTION_TEST_HTTP_RESPONSE),
NULL, NULL, &error);
g_assert_no_error (error);
} else {
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
g_clear_error (&error);
}
g_io_stream_close (tls, NULL, &error);
g_assert_no_error (error);
g_object_unref (tls);
g_main_context_pop_thread_default (thread_context);
g_main_context_unref (thread_context);
SoupSocket *sock;
GIOStream *conn;
sock = soup_server_message_get_soup_socket (msg);
conn = soup_socket_get_connection (sock);
g_tls_connection_set_database (G_TLS_CONNECTION (conn), tls_db);
g_object_set (conn, "authentication-mode", G_TLS_AUTHENTICATION_REQUIRED, NULL);
g_signal_connect (conn, "accept-certificate",
G_CALLBACK (accept_client_certificate),
NULL);
}
static void
do_tls_interaction_test (void)
do_tls_interaction_test (gconstpointer data)
{
GSocketService *service;
GSocketAddress *address, *bound_address;
SoupServer *server = (SoupServer *)data;
SoupSession *session;
SoupMessage *msg;
GBytes *body;
GTlsDatabase *tls_db;
GTlsCertificate *certificate;
GTlsInteraction *interaction;
GUri *test_uri;
GError *error = NULL;
SOUP_TEST_SKIP_IF_NO_TLS;
service = g_threaded_socket_service_new (1);
address = g_inet_socket_address_new_from_string ("127.0.0.1", 0);
g_socket_listener_add_address (G_SOCKET_LISTENER (service), address,
G_SOCKET_TYPE_STREAM,
G_SOCKET_PROTOCOL_TCP,
NULL, &bound_address, &error);
g_assert_no_error (error);
g_object_unref (address);
g_signal_connect (service, "run", G_CALLBACK (got_connection), NULL);
g_socket_service_start (service);
test_uri = g_uri_build (SOUP_HTTP_URI_FLAGS, "https", NULL, "127.0.0.1",
g_inet_socket_address_get_port (G_INET_SOCKET_ADDRESS (bound_address)),
"/", NULL, NULL);
g_object_unref (bound_address);
session = soup_test_session_new (NULL);
g_object_get (session, "tls-database", &tls_db, NULL);
g_signal_connect (server, "request-started",
G_CALLBACK (server_request_started),
tls_db);
/* Without a GTlsInteraction */
msg = soup_message_new_from_uri ("GET", test_uri);
msg = soup_message_new_from_uri ("GET", uri);
body = soup_test_session_async_send (session, msg, NULL, &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
g_clear_error (&error);
......@@ -235,24 +178,29 @@ do_tls_interaction_test (void)
g_object_unref (msg);
interaction = g_object_new (test_tls_interaction_get_type (), NULL);
g_object_set (G_OBJECT (session),
"tls-interaction", interaction,
NULL);
/* Yes, we use the same certificate for the client as for the server. Shrug */
g_object_get (server, "tls-certificate", &certificate, NULL);
g_object_set_data_full (G_OBJECT (interaction),
"certificate",
g_object_ref (certificate),
g_object_unref);
g_object_set (session, "tls-interaction", interaction, NULL);
g_object_unref (interaction);
/* With a GTlsInteraction */
msg = soup_message_new_from_uri ("GET", test_uri);
body = soup_test_session_async_send (session, msg, NULL, NULL);
msg = soup_message_new_from_uri ("GET", uri);
body = soup_test_session_async_send (session, msg, NULL, &error);
g_assert_no_error (error);
soup_test_assert_message_status (msg, SOUP_STATUS_OK);
g_assert_nonnull (soup_message_get_tls_certificate (msg));
g_bytes_unref (body);
g_object_unref (msg);
g_uri_unref (test_uri);
soup_test_session_abort_unref (session);
g_signal_handlers_disconnect_by_data (server, tls_db);
g_socket_service_stop (service);
g_object_unref (service);
soup_test_session_abort_unref (session);
g_object_unref (tls_db);
g_object_unref (certificate);
}
static void
......@@ -283,7 +231,7 @@ main (int argc, char **argv)
} else
uri = NULL;
g_test_add_func ("/ssl/tls-interaction", do_tls_interaction_test);
g_test_add_data_func ("/ssl/tls-interaction", server, do_tls_interaction_test);
for (i = 0; i < G_N_ELEMENTS (strictness_tests); i++) {
g_test_add_data_func (strictness_tests[i].name,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment