fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-12 18:30:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

keyfile: allow paths to be used for certificates and private keys

Browse source 
No reason it should have to be bare byte arrays, ick.
This commit is contained in:
Dan Williams 2011-03-02 18:17:57 -06:00
parent c9246b53ff
commit e3cddc8d9f
7 changed files with 493 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

221
src/settings/plugins/keyfile/reader.c
View file

@ -33,6 +33,7 @@
#include <nm-setting-wired.h>
#include <nm-setting-wireless.h>
#include <nm-setting-bluetooth.h>
#include <nm-setting-8021x.h>
#include <arpa/inet.h>
#include <netinet/ether.h>
#include <string.h>
@ -165,7 +166,7 @@ next:
}
static void
ip4_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
ip4_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
GPtrArray *addresses;
const char *setting_name = nm_setting_get_name (setting);
@ -271,7 +272,7 @@ next:
}
static void
ip4_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
ip4_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
GPtrArray *routes;
const char *setting_name = nm_setting_get_name (setting);
@ -285,7 +286,7 @@ ip4_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
}
static void
ip4_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
ip4_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
const char *setting_name = nm_setting_get_name (setting);
GArray *array = NULL;
@ -458,7 +459,7 @@ next:
}
static void
ip6_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
ip6_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
GPtrArray *addresses;
const char *setting_name = nm_setting_get_name (setting);
@ -587,7 +588,7 @@ next:
}
static void
ip6_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
ip6_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
GPtrArray *routes;
const char *setting_name = nm_setting_get_name (setting);
@ -608,7 +609,7 @@ free_one_ip6_dns (gpointer data, gpointer user_data)
}
static void
ip6_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
ip6_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
const char *setting_name = nm_setting_get_name (setting);
GPtrArray *array = NULL;
@ -645,7 +646,7 @@ ip6_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
}
static void
mac_address_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
mac_address_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
const char *setting_name = nm_setting_get_name (setting);
struct ether_addr *eth;
@ -728,10 +729,11 @@ read_hash_of_string (GKeyFile *file, NMSetting *setting, const char *key)
g_strfreev (keys);
}
static void
ssid_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
static GByteArray *
get_uchar_array (GKeyFile *keyfile,
const char *setting_name,
const char *key)
{
const char *setting_name = nm_setting_get_name (setting);
GByteArray *array = NULL;
char *p, *tmp_string;
gint *tmp_list;
@ -760,42 +762,135 @@ ssid_parser (NMSetting *setting, const char *key, GKeyFile *keyfile)
if (new_format) {
array = g_byte_array_sized_new (strlen (tmp_string));
g_byte_array_append (array, (guint8 *) tmp_string, strlen (tmp_string));
goto done;
}
g_free (tmp_string);
}
g_free (tmp_string);
/* Old format; list of ints */
tmp_list = g_key_file_get_integer_list (keyfile, setting_name, key, &length, NULL);
array = g_byte_array_sized_new (length);
for (i = 0; i < length; i++) {
int val = tmp_list[i];
unsigned char v = (unsigned char) (val & 0xFF);
if (!array) {
/* Old format; list of ints */
tmp_list = g_key_file_get_integer_list (keyfile, setting_name, key, &length, NULL);
array = g_byte_array_sized_new (length);
for (i = 0; i < length; i++) {
int val = tmp_list[i];
unsigned char v = (unsigned char) (val & 0xFF);
if (val < 0 || val > 255) {
g_warning ("%s: %s / %s ignoring invalid byte element '%d' (not "
" between 0 and 255 inclusive)", __func__, setting_name,
key, val);
} else
g_byte_array_append (array, (const unsigned char *) &v, sizeof (v));
if (val < 0 || val > 255) {
g_warning ("%s: %s / %s ignoring invalid byte element '%d' (not "
" between 0 and 255 inclusive)", __func__, setting_name,
key, val);
} else
g_byte_array_append (array, (const unsigned char *) &v, sizeof (v));
}
g_free (tmp_list);
}
g_free (tmp_list);
done:
if (array->len)
if (array->len == 0) {
g_byte_array_free (array, TRUE);
array = NULL;
}
return array;
}
static void
ssid_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
const char *setting_name = nm_setting_get_name (setting);
GByteArray *array;
array = get_uchar_array (keyfile, setting_name, key);
if (array) {
g_object_set (setting, key, array, NULL);
else {
g_byte_array_free (array, TRUE);
} else {
g_warning ("%s: ignoring invalid SSID for %s / %s",
__func__, setting_name, key);
}
}
static char *
get_cert_path (const char *keyfile_path, GByteArray *cert_path)
{
const char *base;
char *p = NULL, *path, *dirname, *tmp;
g_return_val_if_fail (keyfile_path != NULL, NULL);
g_return_val_if_fail (cert_path != NULL, NULL);
base = path = g_malloc0 (cert_path->len + 1);
memcpy (path, cert_path->data, cert_path->len);
if (path[0] == '/')
return path;
p = strrchr (path, '/');
if (p)
base = p + 1;
dirname = g_path_get_dirname (keyfile_path);
tmp = g_build_path ("/", dirname, base, NULL);
g_free (dirname);
g_free (path);
return tmp;
}
#define SCHEME_PATH "file://"
static void
cert_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path)
{
const char *setting_name = nm_setting_get_name (setting);
GByteArray *array;
gboolean success = FALSE;
array = get_uchar_array (keyfile, setting_name, key);
if (array) {
/* Value could be either:
* 1) the raw key/cert data as a blob
* 2) a path scheme (ie, starts with "file://")
* 3) a plain path
*/
if ( (array->len > strlen (SCHEME_PATH))
&& g_str_has_prefix ((const char *) array->data, SCHEME_PATH)
&& (array->data[array->len - 1] == '\0')) {
/* It's the PATH scheme, can just set plain data */
g_object_set (setting, key, array, NULL);
success = TRUE;
} else if ( (array->len < 500)
&& g_utf8_validate ((const char *) array->data, array->len, NULL)) {
GByteArray *val;
char *path;
path = get_cert_path (keyfile_path, array);
if (g_file_test (path, G_FILE_TEST_EXISTS)) {
/* Construct the proper value as required for the PATH scheme */
val = g_byte_array_sized_new (strlen (SCHEME_PATH) + array->len + 1);
g_byte_array_append (val, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH));
g_byte_array_append (val, array->data, array->len);
g_byte_array_append (val, (const guint8 *) "\0", 1);
g_object_set (setting, key, val, NULL);
g_byte_array_free (val, TRUE);
success = TRUE;
}
g_free (path);
}
if (!success) {
/* Assume it's a simple blob value of the certificate or private key's data */
g_object_set (setting, key, array, NULL);
}
g_byte_array_free (array, TRUE);
} else {
g_warning ("%s: ignoring invalid SSID for %s / %s",
__func__, setting_name, key);
}
g_byte_array_free (array, TRUE);
}
typedef struct {
const char *setting_name;
const char *key;
gboolean check_for_key;
void (*parser) (NMSetting *setting, const char *key, GKeyFile *keyfile);
void (*parser) (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path);
} KeyParser;
/* A table of keys that require further parsing/conversion because they are
@ -857,9 +952,38 @@ static KeyParser key_parsers[] = {
NM_SETTING_WIRELESS_SSID,
TRUE,
ssid_parser },
{ NM_SETTING_802_1X_SETTING_NAME,
NM_SETTING_802_1X_CA_CERT,
TRUE,
cert_parser },
{ NM_SETTING_802_1X_SETTING_NAME,
NM_SETTING_802_1X_CLIENT_CERT,
TRUE,
cert_parser },
{ NM_SETTING_802_1X_SETTING_NAME,
NM_SETTING_802_1X_PRIVATE_KEY,
TRUE,
cert_parser },
{ NM_SETTING_802_1X_SETTING_NAME,
NM_SETTING_802_1X_PHASE2_CA_CERT,
TRUE,
cert_parser },
{ NM_SETTING_802_1X_SETTING_NAME,
NM_SETTING_802_1X_PHASE2_CLIENT_CERT,
TRUE,
cert_parser },
{ NM_SETTING_802_1X_SETTING_NAME,
NM_SETTING_802_1X_PHASE2_PRIVATE_KEY,
TRUE,
cert_parser },
{ NULL, NULL, FALSE }
};
typedef struct {
GKeyFile *keyfile;
const char *keyfile_path;
} ReadInfo;
static void
read_one_setting_value (NMSetting *setting,
const char *key,
@ -867,7 +991,7 @@ read_one_setting_value (NMSetting *setting,
GParamFlags flags,
gpointer user_data)
{
GKeyFile *file = user_data;
ReadInfo *info = user_data;
const char *setting_name;
GType type;
GError *err = NULL;
@ -907,7 +1031,7 @@ read_one_setting_value (NMSetting *setting,
* like IP addresses and routes where more than one value is actually
* encoded by the setting property, this won't be true.
*/
if (check_for_key && !g_key_file_has_key (file, setting_name, key, &err)) {
if (check_for_key && !g_key_file_has_key (info->keyfile, setting_name, key, &err)) {
/* Key doesn't exist or an error ocurred, thus nothing to do. */
if (err) {
g_warning ("Error loading setting '%s' value: %s", setting_name, err->message);
@ -920,7 +1044,7 @@ read_one_setting_value (NMSetting *setting,
* parsers below.
*/
if (parser && parser->setting_name) {
(*parser->parser) (setting, key, file);
(*parser->parser) (setting, key, info->keyfile, info->keyfile_path);
return;
}
@ -929,30 +1053,30 @@ read_one_setting_value (NMSetting *setting,
if (type == G_TYPE_STRING) {
char *str_val;
str_val = g_key_file_get_string (file, setting_name, key, NULL);
str_val = g_key_file_get_string (info->keyfile, setting_name, key, NULL);
g_object_set (setting, key, str_val, NULL);
g_free (str_val);
} else if (type == G_TYPE_UINT) {
int int_val;
int_val = g_key_file_get_integer (file, setting_name, key, NULL);
int_val = g_key_file_get_integer (info->keyfile, setting_name, key, NULL);
if (int_val < 0)
g_warning ("Casting negative value (%i) to uint", int_val);
g_object_set (setting, key, int_val, NULL);
} else if (type == G_TYPE_INT) {
int int_val;
int_val = g_key_file_get_integer (file, setting_name, key, NULL);
int_val = g_key_file_get_integer (info->keyfile, setting_name, key, NULL);
g_object_set (setting, key, int_val, NULL);
} else if (type == G_TYPE_BOOLEAN) {
gboolean bool_val;
bool_val = g_key_file_get_boolean (file, setting_name, key, NULL);
bool_val = g_key_file_get_boolean (info->keyfile, setting_name, key, NULL);
g_object_set (setting, key, bool_val, NULL);
} else if (type == G_TYPE_CHAR) {
int int_val;
int_val = g_key_file_get_integer (file, setting_name, key, NULL);
int_val = g_key_file_get_integer (info->keyfile, setting_name, key, NULL);
if (int_val < G_MININT8 || int_val > G_MAXINT8)
g_warning ("Casting value (%i) to char", int_val);
@ -961,7 +1085,7 @@ read_one_setting_value (NMSetting *setting,
char *tmp_str;
guint64 uint_val;
tmp_str = g_key_file_get_value (file, setting_name, key, NULL);
tmp_str = g_key_file_get_value (info->keyfile, setting_name, key, NULL);
uint_val = g_ascii_strtoull (tmp_str, NULL, 10);
g_free (tmp_str);
g_object_set (setting, key, uint_val, NULL);
@ -971,7 +1095,7 @@ read_one_setting_value (NMSetting *setting,
gsize length;
int i;
tmp = g_key_file_get_integer_list (file, setting_name, key, &length, NULL);
tmp = g_key_file_get_integer_list (info->keyfile, setting_name, key, &length, NULL);
array = g_byte_array_sized_new (length);
for (i = 0; i < length; i++) {
@ -995,7 +1119,7 @@ read_one_setting_value (NMSetting *setting,
int i;
GSList *list = NULL;
sa = g_key_file_get_string_list (file, setting_name, key, &length, NULL);
sa = g_key_file_get_string_list (info->keyfile, setting_name, key, &length, NULL);
for (i = 0; i < length; i++)
list = g_slist_prepend (list, sa[i]);
@ -1005,9 +1129,9 @@ read_one_setting_value (NMSetting *setting,
g_slist_free (list);
g_strfreev (sa);
} else if (type == DBUS_TYPE_G_MAP_OF_STRING) {
read_hash_of_string (file, setting, key);
read_hash_of_string (info->keyfile, setting, key);
} else if (type == DBUS_TYPE_G_UINT_ARRAY) {
if (!read_array_of_uint (file, setting, key)) {
if (!read_array_of_uint (info->keyfile, setting, key)) {
g_warning ("Unhandled setting property type (read): '%s/%s' : '%s'",
setting_name, key, G_VALUE_TYPE_NAME (value));
}
@ -1018,15 +1142,16 @@ read_one_setting_value (NMSetting *setting,
}
static NMSetting *
read_setting (GKeyFile *file, const char *name)
read_setting (GKeyFile *file, const char *keyfile_path, const char *setting_name)
{
NMSetting *setting;
ReadInfo info = { file, keyfile_path };
setting = nm_connection_create_setting (name);
setting = nm_connection_create_setting (setting_name);
if (setting)
nm_setting_enumerate_values (setting, read_one_setting_value, (gpointer) file);
nm_setting_enumerate_values (setting, read_one_setting_value, &info);
else
g_warning ("Invalid setting name '%s'", name);
g_warning ("Invalid setting name '%s'", setting_name);
return setting;
}
@ -1095,7 +1220,7 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error)
continue;
}
setting = read_setting (key_file, groups[i]);
setting = read_setting (key_file, filename, groups[i]);
if (setting)
nm_connection_add_setting (connection, setting);
}

14
src/settings/plugins/keyfile/tests/keyfiles/Makefile.am
View file

@ -1,4 +1,4 @@
EXTRA_DIST = \
KEYFILES = \
Test_Wired_Connection \
Test_GSM_Connection \
Test_Wireless_Connection \
@ -6,10 +6,18 @@ EXTRA_DIST = \
Test_Wired_Connection_IP6 \
ATT_Data_Connect_BT \
ATT_Data_Connect_Plain \
Test_String_SSID
Test_String_SSID \
Test_Wired_TLS_Old \
Test_Wired_TLS_New
CERTS = \
test-ca-cert.pem \
test-key-and-cert.pem
EXTRA_DIST = $(KEYFILES) $(CERTS)
check-local:
@for f in $(EXTRA_DIST); do \
@for f in $(KEYFILES); do \
chmod 0600 $(abs_srcdir)/$$f; \
done

22
src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_New Normal file
View file

@ -0,0 +1,22 @@
[connection]
id=Wired TLS
uuid=5ee46013-9469-4c6a-a60a-0c7a1e1c7488
type=802-3-ethernet
[802-1x]
eap=tls;
identity=Bill Smith
ca-cert=test-ca-cert.pem
client-cert=test-key-and-cert.pem
private-key=test-key-and-cert.pem
private-key-password=12345testing
[ipv4]
method=auto
[802-3-ethernet]
duplex=full
[ipv6]
method=ignore

22
src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_Old Normal file
View file

@ -0,0 +1,22 @@
[connection]
id=Wired TLS
uuid=5ee46013-9469-4c6a-a60a-0c7a1e1c7488
type=802-3-ethernet
[802-1x]
eap=tls;
identity=Bill Smith
ca-cert=102;105;108;101;58;47;47;47;104;111;109;101;47;100;99;98;119;47;68;101;115;107;116;111;112;47;99;101;114;116;105;110;102;114;97;47;67;65;47;101;97;112;116;101;115;116;95;99;97;95;99;101;114;116;46;112;101;109;0;
client-cert=102;105;108;101;58;47;47;47;104;111;109;101;47;100;99;98;119;47;68;101;115;107;116;111;112;47;99;101;114;116;105;110;102;114;97;47;99;108;105;101;110;116;46;112;101;109;0;
private-key=102;105;108;101;58;47;47;47;104;111;109;101;47;100;99;98;119;47;68;101;115;107;116;111;112;47;99;101;114;116;105;110;102;114;97;47;99;108;105;101;110;116;46;112;101;109;0;
private-key-password=12345testing
[ipv4]
method=auto
[802-3-ethernet]
duplex=full
[ipv6]
method=ignore

27
src/settings/plugins/keyfile/tests/keyfiles/test-ca-cert.pem Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEjzCCA3egAwIBAgIJAOvnZPt59yIZMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
VQQGEwJVUzESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcw
FQYDVQQKEw5NeSBDb21wYW55IEx0ZDEQMA4GA1UECxMHVGVzdGluZzENMAsGA1UE
AxMEdGVzdDEcMBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0LmNvbTAeFw0wOTAzMTAx
NTEyMTRaFw0xOTAzMDgxNTEyMTRaMIGLMQswCQYDVQQGEwJVUzESMBAGA1UECBMJ
QmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5NeSBDb21wYW55
IEx0ZDEQMA4GA1UECxMHVGVzdGluZzENMAsGA1UEAxMEdGVzdDEcMBoGCSqGSIb3
DQEJARYNdGVzdEB0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKot9j+/+CX1/gZLgJHIXCRgCItKLGnf7qGbgqB9T2ACBqR0jllKWwDKrcWU
xjXNIc+GF9Wnv+lX6G0Okn4Zt3/uRNobL+2b/yOF7M3Td3/9W873zdkQQX930YZc
Rr8uxdRPP5bxiCgtcw632y21sSEbG9mjccAUnV/0jdvfmMNj0i8gN6E0fMBiJ9S3
FkxX/KFvt9JWE9CtoyL7ki7UIDq+6vj7Gd5N0B3dOa1y+rRHZzKlJPcSXQSEYUS4
HmKDwiKSVahft8c4tDn7KPi0vex91hlgZVd3usL2E/Vq7o5D9FAZ5kZY0AdFXwdm
J4lO4Mj7ac7GE4vNERNcXVIX59sCAwEAAaOB8zCB8DAdBgNVHQ4EFgQUuDU3Mr7P
T3n1e3Sy8hBauoDFahAwgcAGA1UdIwSBuDCBtYAUuDU3Mr7PT3n1e3Sy8hBauoDF
ahChgZGkgY4wgYsxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAO
BgNVBAcTB05ld2J1cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMRAwDgYDVQQL
EwdUZXN0aW5nMQ0wCwYDVQQDEwR0ZXN0MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRl
c3QuY29tggkA6+dk+3n3IhkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
AQEAVRG4aALIvCXCiKfe7K+iJxjBVRDFPEf7JWA9LGgbFOn6pNvbxonrR+0BETdc
JV1ET4ct2xsE7QNFIkp9GKRC+6J32zCo8qtLCD5+v436r8TUG2/t2JRMkb9I2XVT
p7RJoot6M0Ltf8KNQUPYh756xmKZ4USfQUwc58MOSDGY8VWEXJOYij9Pf0e0c52t
qiCEjXH7uXiS8Pgq9TYm7AkWSOrglYhSa83x0f8mtT8Q15nBESIHZ6o8FAS2bBgn
B0BkrKRjtBUkuJG3vTox+bYINh2Gxi1JZHWSV1tN5z3hd4VFcKqanW5OgQwToBqp
3nniskIjbH0xjgZf/nVMyLnjxg==
-----END CERTIFICATE-----

118
src/settings/plugins/keyfile/tests/keyfiles/test-key-and-cert.pem Normal file
View file

@ -0,0 +1,118 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4DE0615F23D82107
QPNCO5Dobvz9dDhN32KkZRoEifW+HDm2PCbRQhKDiscGwB6LgypvVjHNsZiFKwzz
L4R51UqgQeJx7GSGJqE626e9z9J+UNBhop02aOO2X0eSPdvBzr/uJ6Umiyr1xqD7
zWf7u9l5kXElDJRhK+87GMBewp4Ie9NeXDjhF8hzC5Kiulen4AH3AYnfH3S7DimU
h8GFMg8inrudrTbcjBhCdPeHG2jCygOxw3InRFz7uaN6LIhOaPQvmvpP4Cc1WRnW
ZPq9o+eU3fPWPD5t+Op/VzYLvKwgBy/yK1rQXUm6ZMO7MhhRJ94ZCsJv+nVWpJlv
QyBlxDKxwfkfYbDELdnnDQdHdMbKatLqa0KhSkgpp8LywBtanPz731tyT0r7b3na
eLdra59lRU7ZQLPEdS3lPZd2O/KQvWf8wbg7MjXS9LxQ7R5HOPu6DNJlwXVZBmmo
cAfu2q8ubU2IePvWLD1GOrBi6hE9TiGvFJkw+wBK+t72sz3njv9Xm/zlxruaEk5m
RW/kybU3FP4PtjriBbskz3/VZaaxuRN7OoOYTkmyHmG1ADgcRUV6fea19qqsBlN8
xb+SRtoH28oT/JVWU5neE2dbNzk5LeVO+w70NNdR5s5xqkBhbGGaJxvXwNP4ltFr
T06SMh8znOLKwWB00aRtwfU7jOwR3mOleQO4ugIHmau3zp1TqzAHW8XtpuV7qVeI
ESZOZuf0vW43BtNzgLXt1+r+bmsMsRwhnyomL9M0TUyyBdVYY9GkzTG9pOESheRo
RSvAZ8qKGUliTpgBcbt2v1+NqkszcHa6FxuvS8YU4uo5/GqsgTxHTNIB232hIrrZ
EIm6QL9TC5oFXMjy6UNqoCm5Nb8DBJ6aErt7pt7aoktqUW3O3QIzQT3IbZ4nAcTt
lVF4d7j29I9t7bcC8GOVU1neilguZUss4ghJg9x4zI5UZdR7hZ8fbFT47TyxB+j5
r0YdmjbjVTaSyaN2JGh1wvb4TzawGNVx/U2EJE16HigOtPfsfQRJ3x+FROKBdVa4
aIFYXkRBeIPxX6n9pcw0lBCsnXo6/5iTjQSk2VqO3rHO/wyWiEjNczhL33dY2A8W
GG5ECMO5SqXZHQQzpABqK94dxe3UC8aEESO5NhEqDuV7qQGol0qPKrUA3wb0jb2e
DrejJ9HS2m1SUDmjpvvmEGy6GN7CRibbKt5rNZdJNNvWArOF5d0F6wkixQLl73oE
lq5gLQQk9n7ClleKLhlQpBCorxilBbzmSUekkJLi0eaZiBBFWBX9udqnUZloXTgO
8qwuO8K/GPR9Jy1/UH2Vh1H+wivaqKTVgEb0NotzgzECgTEFKJafl7rUNs1OZRZ3
VBjevi6+iDpxVFgF71kXfdUC4ph0E1XDl0ja2rrKQGivMkUhWJ57+4EV5+hBkAnt
G0RV45NwHXLrK2bd8F9PlRk2XHW6mIcFRXsW1DjeBhk/sQjvlO9R01GRSgcXtekJ
tmX17FWrMrzXHpvy1IC3fk4RVnSjpzQ8O+17YE8/la9wVaeZZzHyYFmMT7VXjIhW
QozJQ0vJ2jxJRh5GYn3tpJzdaeRfvTBik0pChNdUTnWP+BJ35xoCTs8iwJbmgVZ1
-----END RSA PRIVATE KEY-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=Testing, CN=test/emailAddress=test@test.com
Validity
Not Before: Mar 10 15:13:16 2009 GMT
Not After : Mar 8 15:13:16 2019 GMT
Subject: C=US, ST=Berkshire, O=My Company Ltd, OU=Testing, CN=test1/emailAddress=test@test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:cd:34:b1:2e:b0:04:c6:f4:2b:a2:c0:a0:39:7a:
82:ed:96:c4:f7:19:83:91:5c:b4:e7:9c:de:ec:48:
ec:2d:e4:51:08:26:42:ac:d3:98:26:7a:72:f7:49:
c2:9e:66:05:c6:47:29:fe:3b:ac:6b:af:6f:5e:a8:
03:5a:73:33:ba:19:03:00:35:f5:00:bc:a8:be:14:
ce:46:69:e3:6d:ed:34:37:85:55:87:62:b3:b7:c9:
c0:cc:9a:aa:61:05:5b:cd:a2:17:42:d3:e5:6f:1c:
60:8d:c2:15:41:46:f8:12:54:d0:38:57:e1:fd:8d:
44:c8:fb:56:b3:b9:6c:e9:f8:9e:21:11:57:1b:8b:
f9:cf:e3:17:e7:d8:fd:ac:d1:01:c6:92:30:f3:2d:
c9:d6:c1:f0:3d:fd:ca:30:dd:75:74:e7:d1:6b:75:
d8:c5:4d:43:61:fe:f6:ad:7e:4c:63:7c:03:17:a2:
06:8f:d0:8b:69:d3:7a:07:0f:0b:a2:cf:0c:70:38:
ba:cc:55:35:60:84:58:d8:d2:be:1f:ef:76:a9:ba:
ae:6a:dc:08:97:80:de:42:00:b7:d4:ce:9a:b0:36:
2a:c7:6f:45:04:7c:ea:41:19:d8:b9:19:04:1f:11:
a9:22:80:bd:69:08:15:0d:3c:de:cd:7e:88:6c:0f:
a3:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
CE:03:7E:EF:E7:DE:C9:87:BF:DE:56:F4:C8:A3:40:F6:C8:6F:05:8C
X509v3 Authority Key Identifier:
keyid:B8:35:37:32:BE:CF:4F:79:F5:7B:74:B2:F2:10:5A:BA:80:C5:6A:10
DirName:/C=US/ST=Berkshire/L=Newbury/O=My Company Ltd/OU=Testing/CN=test/emailAddress=test@test.com
serial:EB:E7:64:FB:79:F7:22:19
Signature Algorithm: md5WithRSAEncryption
7a:20:93:63:40:73:7d:33:01:2e:c0:13:52:a4:a7:e1:4d:82:
f4:fb:b2:7b:d0:2b:5a:3f:0e:3c:28:61:71:ab:01:4d:fe:89:
b5:cd:2f:97:59:93:53:9d:51:86:48:dd:b9:e4:73:5e:22:0b:
12:0d:25:39:76:16:44:06:0c:40:45:21:6b:a6:b1:e0:bf:76:
1b:36:f3:1e:41:82:57:d9:59:b7:60:40:43:1c:1d:79:f6:48:
32:5c:4e:e2:06:89:96:41:d2:54:1f:4a:6f:f6:78:a5:3c:02:
85:21:e2:65:e1:8a:6d:24:19:95:f8:c0:35:ab:bd:ff:3d:f1:
fb:50:2d:30:1e:67:a6:7c:50:f9:d5:77:66:77:5a:14:0f:5c:
cd:21:09:9b:a3:92:57:19:dd:01:a4:18:c5:f9:70:e4:17:43:
8d:b1:e6:61:e9:50:89:83:4f:ce:a4:57:68:58:40:70:ae:71:
1c:47:66:d2:30:54:50:ea:3a:87:32:64:3b:18:42:fe:5a:19:
07:64:f7:f1:b1:10:07:fd:a7:d2:a7:a8:05:79:5b:25:ba:69:
7b:1a:3e:b1:3e:e4:17:17:01:ba:eb:54:ae:83:00:ed:66:62:
8d:c0:3e:8a:b4:27:5f:e9:01:ce:20:c3:34:a9:28:c0:6f:c7:
3b:65:fe:f9
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCVVMx
EjAQBgNVBAgTCUJlcmtzaGlyZTEQMA4GA1UEBxMHTmV3YnVyeTEXMBUGA1UEChMO
TXkgQ29tcGFueSBMdGQxEDAOBgNVBAsTB1Rlc3RpbmcxDTALBgNVBAMTBHRlc3Qx
HDAaBgkqhkiG9w0BCQEWDXRlc3RAdGVzdC5jb20wHhcNMDkwMzEwMTUxMzE2WhcN
MTkwMzA4MTUxMzE2WjB6MQswCQYDVQQGEwJVUzESMBAGA1UECBMJQmVya3NoaXJl
MRcwFQYDVQQKEw5NeSBDb21wYW55IEx0ZDEQMA4GA1UECxMHVGVzdGluZzEOMAwG
A1UEAxMFdGVzdDExHDAaBgkqhkiG9w0BCQEWDXRlc3RAdGVzdC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNNLEusATG9CuiwKA5eoLtlsT3GYOR
XLTnnN7sSOwt5FEIJkKs05gmenL3ScKeZgXGRyn+O6xrr29eqANaczO6GQMANfUA
vKi+FM5GaeNt7TQ3hVWHYrO3ycDMmqphBVvNohdC0+VvHGCNwhVBRvgSVNA4V+H9
jUTI+1azuWzp+J4hEVcbi/nP4xfn2P2s0QHGkjDzLcnWwfA9/cow3XV059FrddjF
TUNh/vatfkxjfAMXogaP0Itp03oHDwuizwxwOLrMVTVghFjY0r4f73apuq5q3AiX
gN5CALfUzpqwNirHb0UEfOpBGdi5GQQfEakigL1pCBUNPN7NfohsD6NDAgMBAAGj
ggEfMIIBGzAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzgN+7+feyYe/3lb0yKNA9shvBYww
gcAGA1UdIwSBuDCBtYAUuDU3Mr7PT3n1e3Sy8hBauoDFahChgZGkgY4wgYsxCzAJ
BgNVBAYTAlVTMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1cnkx
FzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMRAwDgYDVQQLEwdUZXN0aW5nMQ0wCwYD
VQQDEwR0ZXN0MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRlc3QuY29tggkA6+dk+3n3
IhkwDQYJKoZIhvcNAQEEBQADggEBAHogk2NAc30zAS7AE1Kkp+FNgvT7snvQK1o/
DjwoYXGrAU3+ibXNL5dZk1OdUYZI3bnkc14iCxINJTl2FkQGDEBFIWumseC/dhs2
8x5BglfZWbdgQEMcHXn2SDJcTuIGiZZB0lQfSm/2eKU8AoUh4mXhim0kGZX4wDWr
vf898ftQLTAeZ6Z8UPnVd2Z3WhQPXM0hCZujklcZ3QGkGMX5cOQXQ42x5mHpUImD
T86kV2hYQHCucRxHZtIwVFDqOocyZDsYQv5aGQdk9/GxEAf9p9KnqAV5WyW6aXsa
PrE+5BcXAbrrVK6DAO1mYo3APoq0J1/pAc4gwzSpKMBvxztl/vk=
-----END CERTIFICATE-----

120
src/settings/plugins/keyfile/tests/test-keyfile.c
View file

@ -37,6 +37,7 @@
#include <nm-setting-serial.h>
#include <nm-setting-ppp.h>
#include <nm-setting-gsm.h>
#include <nm-setting-8021x.h>
#include "nm-test-helpers.h"
@ -1952,6 +1953,122 @@ test_write_gsm_connection (void)
g_object_unref (connection);
}
#define TEST_WIRED_TLS_OLD_FILE TEST_KEYFILES_DIR"/Test_Wired_TLS_Old"
static void
test_read_wired_8021x_tls_old_connection (void)
{
NMConnection *connection;
NMSetting *s_wired;
NMSetting8021x *s_8021x;
GError *error = NULL;
const char *tmp;
gboolean success;
connection = connection_from_file (TEST_WIRED_TLS_OLD_FILE, &error);
if (connection == NULL) {
g_assert (error);
g_warning ("Failed to read %s: %s", TEST_WIRED_TLS_OLD_FILE, error->message);
g_assert (connection);
}
success = nm_connection_verify (connection, &error);
if (!success) {
g_assert (error);
g_warning ("Failed to verify %s: %s", TEST_WIRED_TLS_OLD_FILE, error->message);
g_assert (success);
}
/* ===== Wired Setting ===== */
s_wired = nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRED);
g_assert (s_wired != NULL);
/* ===== 802.1x Setting ===== */
s_8021x = (NMSetting8021x *) nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X);
g_assert (s_8021x != NULL);
g_assert (nm_setting_802_1x_get_num_eap_methods (s_8021x) == 1);
tmp = nm_setting_802_1x_get_eap_method (s_8021x, 0);
g_assert (g_strcmp0 (tmp, "tls") == 0);
tmp = nm_setting_802_1x_get_identity (s_8021x);
g_assert (g_strcmp0 (tmp, "Bill Smith") == 0);
tmp = nm_setting_802_1x_get_private_key_password (s_8021x);
g_assert (g_strcmp0 (tmp, "12345testing") == 0);
tmp = nm_setting_802_1x_get_ca_cert_path (s_8021x);
g_assert (g_strcmp0 (tmp, "/home/dcbw/Desktop/certinfra/CA/eaptest_ca_cert.pem") == 0);
tmp = nm_setting_802_1x_get_client_cert_path (s_8021x);
g_assert (g_strcmp0 (tmp, "/home/dcbw/Desktop/certinfra/client.pem") == 0);
tmp = nm_setting_802_1x_get_private_key_path (s_8021x);
g_assert (g_strcmp0 (tmp, "/home/dcbw/Desktop/certinfra/client.pem") == 0);
g_object_unref (connection);
}
#define TEST_WIRED_TLS_NEW_FILE TEST_KEYFILES_DIR"/Test_Wired_TLS_New"
static void
test_read_wired_8021x_tls_new_connection (void)
{
NMConnection *connection;
NMSetting *s_wired;
NMSetting8021x *s_8021x;
GError *error = NULL;
const char *tmp;
gboolean success;
connection = connection_from_file (TEST_WIRED_TLS_NEW_FILE, &error);
if (connection == NULL) {
g_assert (error);
g_warning ("Failed to read %s: %s", TEST_WIRED_TLS_NEW_FILE, error->message);
g_assert (connection);
}
success = nm_connection_verify (connection, &error);
if (!success) {
g_assert (error);
g_warning ("Failed to verify %s: %s", TEST_WIRED_TLS_NEW_FILE, error->message);
g_assert (success);
}
/* ===== Wired Setting ===== */
s_wired = nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRED);
g_assert (s_wired != NULL);
/* ===== 802.1x Setting ===== */
s_8021x = (NMSetting8021x *) nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X);
g_assert (s_8021x != NULL);
g_assert (nm_setting_802_1x_get_num_eap_methods (s_8021x) == 1);
tmp = nm_setting_802_1x_get_eap_method (s_8021x, 0);
g_assert (g_strcmp0 (tmp, "tls") == 0);
tmp = nm_setting_802_1x_get_identity (s_8021x);
g_assert (g_strcmp0 (tmp, "Bill Smith") == 0);
tmp = nm_setting_802_1x_get_private_key_password (s_8021x);
g_assert (g_strcmp0 (tmp, "12345testing") == 0);
tmp = nm_setting_802_1x_get_ca_cert_path (s_8021x);
g_assert (g_strcmp0 (tmp, "test-ca-cert.pem") == 0);
tmp = nm_setting_802_1x_get_client_cert_path (s_8021x);
g_assert (g_strcmp0 (tmp, "test-key-and-cert.pem") == 0);
tmp = nm_setting_802_1x_get_private_key_path (s_8021x);
g_assert (g_strcmp0 (tmp, "test-key-and-cert.pem") == 0);
g_object_unref (connection);
}
#define TEST_WIRED_TLS_CA_CERT TEST_KEYFILES_DIR"/test-ca-cert.pem"
#define TEST_WIRED_TLS_CLI_CERT TEST_KEYFILES_DIR"/test-key-and-cert.pem"
#define TEST_WIRED_TLS_PRIVKEY TEST_KEYFILES_DIR"/test-key-and-cert.pem"
int main (int argc, char **argv)
{
GError *error = NULL;
@ -1983,6 +2100,9 @@ int main (int argc, char **argv)
test_read_gsm_connection ();
test_write_gsm_connection ();
test_read_wired_8021x_tls_old_connection ();
test_read_wired_8021x_tls_new_connection ();
base = g_path_get_basename (argv[0]);
fprintf (stdout, "%s: SUCCESS\n", base);
g_free (base);