From e3cddc8d9fc6a1bc98be241ffa600285e50e2376 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Wed, 2 Mar 2011 18:17:57 -0600 Subject: [PATCH] keyfile: allow paths to be used for certificates and private keys No reason it should have to be bare byte arrays, ick. --- src/settings/plugins/keyfile/reader.c | 221 ++++++++++++++---- .../keyfile/tests/keyfiles/Makefile.am | 14 +- .../keyfile/tests/keyfiles/Test_Wired_TLS_New | 22 ++ .../keyfile/tests/keyfiles/Test_Wired_TLS_Old | 22 ++ .../keyfile/tests/keyfiles/test-ca-cert.pem | 27 +++ .../tests/keyfiles/test-key-and-cert.pem | 118 ++++++++++ .../plugins/keyfile/tests/test-keyfile.c | 120 ++++++++++ 7 files changed, 493 insertions(+), 51 deletions(-) create mode 100644 src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_New create mode 100644 src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_Old create mode 100644 src/settings/plugins/keyfile/tests/keyfiles/test-ca-cert.pem create mode 100644 src/settings/plugins/keyfile/tests/keyfiles/test-key-and-cert.pem diff --git a/src/settings/plugins/keyfile/reader.c b/src/settings/plugins/keyfile/reader.c index 1f3526d453..83342b3881 100644 --- a/src/settings/plugins/keyfile/reader.c +++ b/src/settings/plugins/keyfile/reader.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -165,7 +166,7 @@ next: } static void -ip4_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +ip4_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) { GPtrArray *addresses; const char *setting_name = nm_setting_get_name (setting); @@ -271,7 +272,7 @@ next: } static void -ip4_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +ip4_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) { GPtrArray *routes; const char *setting_name = nm_setting_get_name (setting); @@ -285,7 +286,7 @@ ip4_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) } static void -ip4_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +ip4_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) { const char *setting_name = nm_setting_get_name (setting); GArray *array = NULL; @@ -458,7 +459,7 @@ next: } static void -ip6_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +ip6_addr_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) { GPtrArray *addresses; const char *setting_name = nm_setting_get_name (setting); @@ -587,7 +588,7 @@ next: } static void -ip6_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +ip6_route_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) { GPtrArray *routes; const char *setting_name = nm_setting_get_name (setting); @@ -608,7 +609,7 @@ free_one_ip6_dns (gpointer data, gpointer user_data) } static void -ip6_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +ip6_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) { const char *setting_name = nm_setting_get_name (setting); GPtrArray *array = NULL; @@ -645,7 +646,7 @@ ip6_dns_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) } static void -mac_address_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +mac_address_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) { const char *setting_name = nm_setting_get_name (setting); struct ether_addr *eth; @@ -728,10 +729,11 @@ read_hash_of_string (GKeyFile *file, NMSetting *setting, const char *key) g_strfreev (keys); } -static void -ssid_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) +static GByteArray * +get_uchar_array (GKeyFile *keyfile, + const char *setting_name, + const char *key) { - const char *setting_name = nm_setting_get_name (setting); GByteArray *array = NULL; char *p, *tmp_string; gint *tmp_list; @@ -760,42 +762,135 @@ ssid_parser (NMSetting *setting, const char *key, GKeyFile *keyfile) if (new_format) { array = g_byte_array_sized_new (strlen (tmp_string)); g_byte_array_append (array, (guint8 *) tmp_string, strlen (tmp_string)); - goto done; } + g_free (tmp_string); } - g_free (tmp_string); - /* Old format; list of ints */ - tmp_list = g_key_file_get_integer_list (keyfile, setting_name, key, &length, NULL); - array = g_byte_array_sized_new (length); - for (i = 0; i < length; i++) { - int val = tmp_list[i]; - unsigned char v = (unsigned char) (val & 0xFF); + if (!array) { + /* Old format; list of ints */ + tmp_list = g_key_file_get_integer_list (keyfile, setting_name, key, &length, NULL); + array = g_byte_array_sized_new (length); + for (i = 0; i < length; i++) { + int val = tmp_list[i]; + unsigned char v = (unsigned char) (val & 0xFF); - if (val < 0 || val > 255) { - g_warning ("%s: %s / %s ignoring invalid byte element '%d' (not " - " between 0 and 255 inclusive)", __func__, setting_name, - key, val); - } else - g_byte_array_append (array, (const unsigned char *) &v, sizeof (v)); + if (val < 0 || val > 255) { + g_warning ("%s: %s / %s ignoring invalid byte element '%d' (not " + " between 0 and 255 inclusive)", __func__, setting_name, + key, val); + } else + g_byte_array_append (array, (const unsigned char *) &v, sizeof (v)); + } + g_free (tmp_list); } - g_free (tmp_list); -done: - if (array->len) + if (array->len == 0) { + g_byte_array_free (array, TRUE); + array = NULL; + } + return array; +} + +static void +ssid_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) +{ + const char *setting_name = nm_setting_get_name (setting); + GByteArray *array; + + array = get_uchar_array (keyfile, setting_name, key); + if (array) { g_object_set (setting, key, array, NULL); - else { + g_byte_array_free (array, TRUE); + } else { + g_warning ("%s: ignoring invalid SSID for %s / %s", + __func__, setting_name, key); + } +} + +static char * +get_cert_path (const char *keyfile_path, GByteArray *cert_path) +{ + const char *base; + char *p = NULL, *path, *dirname, *tmp; + + g_return_val_if_fail (keyfile_path != NULL, NULL); + g_return_val_if_fail (cert_path != NULL, NULL); + + base = path = g_malloc0 (cert_path->len + 1); + memcpy (path, cert_path->data, cert_path->len); + + if (path[0] == '/') + return path; + + p = strrchr (path, '/'); + if (p) + base = p + 1; + + dirname = g_path_get_dirname (keyfile_path); + tmp = g_build_path ("/", dirname, base, NULL); + g_free (dirname); + g_free (path); + return tmp; +} + +#define SCHEME_PATH "file://" + +static void +cert_parser (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path) +{ + const char *setting_name = nm_setting_get_name (setting); + GByteArray *array; + gboolean success = FALSE; + + array = get_uchar_array (keyfile, setting_name, key); + if (array) { + /* Value could be either: + * 1) the raw key/cert data as a blob + * 2) a path scheme (ie, starts with "file://") + * 3) a plain path + */ + if ( (array->len > strlen (SCHEME_PATH)) + && g_str_has_prefix ((const char *) array->data, SCHEME_PATH) + && (array->data[array->len - 1] == '\0')) { + /* It's the PATH scheme, can just set plain data */ + g_object_set (setting, key, array, NULL); + success = TRUE; + } else if ( (array->len < 500) + && g_utf8_validate ((const char *) array->data, array->len, NULL)) { + GByteArray *val; + char *path; + + path = get_cert_path (keyfile_path, array); + if (g_file_test (path, G_FILE_TEST_EXISTS)) { + /* Construct the proper value as required for the PATH scheme */ + val = g_byte_array_sized_new (strlen (SCHEME_PATH) + array->len + 1); + g_byte_array_append (val, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH)); + g_byte_array_append (val, array->data, array->len); + g_byte_array_append (val, (const guint8 *) "\0", 1); + g_object_set (setting, key, val, NULL); + g_byte_array_free (val, TRUE); + success = TRUE; + } + g_free (path); + } + + if (!success) { + /* Assume it's a simple blob value of the certificate or private key's data */ + g_object_set (setting, key, array, NULL); + } + + g_byte_array_free (array, TRUE); + } else { g_warning ("%s: ignoring invalid SSID for %s / %s", __func__, setting_name, key); } - g_byte_array_free (array, TRUE); } typedef struct { const char *setting_name; const char *key; gboolean check_for_key; - void (*parser) (NMSetting *setting, const char *key, GKeyFile *keyfile); + void (*parser) (NMSetting *setting, const char *key, GKeyFile *keyfile, const char *keyfile_path); } KeyParser; /* A table of keys that require further parsing/conversion because they are @@ -857,9 +952,38 @@ static KeyParser key_parsers[] = { NM_SETTING_WIRELESS_SSID, TRUE, ssid_parser }, + { NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_CA_CERT, + TRUE, + cert_parser }, + { NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_CLIENT_CERT, + TRUE, + cert_parser }, + { NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_PRIVATE_KEY, + TRUE, + cert_parser }, + { NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_PHASE2_CA_CERT, + TRUE, + cert_parser }, + { NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_PHASE2_CLIENT_CERT, + TRUE, + cert_parser }, + { NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, + TRUE, + cert_parser }, { NULL, NULL, FALSE } }; +typedef struct { + GKeyFile *keyfile; + const char *keyfile_path; +} ReadInfo; + static void read_one_setting_value (NMSetting *setting, const char *key, @@ -867,7 +991,7 @@ read_one_setting_value (NMSetting *setting, GParamFlags flags, gpointer user_data) { - GKeyFile *file = user_data; + ReadInfo *info = user_data; const char *setting_name; GType type; GError *err = NULL; @@ -907,7 +1031,7 @@ read_one_setting_value (NMSetting *setting, * like IP addresses and routes where more than one value is actually * encoded by the setting property, this won't be true. */ - if (check_for_key && !g_key_file_has_key (file, setting_name, key, &err)) { + if (check_for_key && !g_key_file_has_key (info->keyfile, setting_name, key, &err)) { /* Key doesn't exist or an error ocurred, thus nothing to do. */ if (err) { g_warning ("Error loading setting '%s' value: %s", setting_name, err->message); @@ -920,7 +1044,7 @@ read_one_setting_value (NMSetting *setting, * parsers below. */ if (parser && parser->setting_name) { - (*parser->parser) (setting, key, file); + (*parser->parser) (setting, key, info->keyfile, info->keyfile_path); return; } @@ -929,30 +1053,30 @@ read_one_setting_value (NMSetting *setting, if (type == G_TYPE_STRING) { char *str_val; - str_val = g_key_file_get_string (file, setting_name, key, NULL); + str_val = g_key_file_get_string (info->keyfile, setting_name, key, NULL); g_object_set (setting, key, str_val, NULL); g_free (str_val); } else if (type == G_TYPE_UINT) { int int_val; - int_val = g_key_file_get_integer (file, setting_name, key, NULL); + int_val = g_key_file_get_integer (info->keyfile, setting_name, key, NULL); if (int_val < 0) g_warning ("Casting negative value (%i) to uint", int_val); g_object_set (setting, key, int_val, NULL); } else if (type == G_TYPE_INT) { int int_val; - int_val = g_key_file_get_integer (file, setting_name, key, NULL); + int_val = g_key_file_get_integer (info->keyfile, setting_name, key, NULL); g_object_set (setting, key, int_val, NULL); } else if (type == G_TYPE_BOOLEAN) { gboolean bool_val; - bool_val = g_key_file_get_boolean (file, setting_name, key, NULL); + bool_val = g_key_file_get_boolean (info->keyfile, setting_name, key, NULL); g_object_set (setting, key, bool_val, NULL); } else if (type == G_TYPE_CHAR) { int int_val; - int_val = g_key_file_get_integer (file, setting_name, key, NULL); + int_val = g_key_file_get_integer (info->keyfile, setting_name, key, NULL); if (int_val < G_MININT8 || int_val > G_MAXINT8) g_warning ("Casting value (%i) to char", int_val); @@ -961,7 +1085,7 @@ read_one_setting_value (NMSetting *setting, char *tmp_str; guint64 uint_val; - tmp_str = g_key_file_get_value (file, setting_name, key, NULL); + tmp_str = g_key_file_get_value (info->keyfile, setting_name, key, NULL); uint_val = g_ascii_strtoull (tmp_str, NULL, 10); g_free (tmp_str); g_object_set (setting, key, uint_val, NULL); @@ -971,7 +1095,7 @@ read_one_setting_value (NMSetting *setting, gsize length; int i; - tmp = g_key_file_get_integer_list (file, setting_name, key, &length, NULL); + tmp = g_key_file_get_integer_list (info->keyfile, setting_name, key, &length, NULL); array = g_byte_array_sized_new (length); for (i = 0; i < length; i++) { @@ -995,7 +1119,7 @@ read_one_setting_value (NMSetting *setting, int i; GSList *list = NULL; - sa = g_key_file_get_string_list (file, setting_name, key, &length, NULL); + sa = g_key_file_get_string_list (info->keyfile, setting_name, key, &length, NULL); for (i = 0; i < length; i++) list = g_slist_prepend (list, sa[i]); @@ -1005,9 +1129,9 @@ read_one_setting_value (NMSetting *setting, g_slist_free (list); g_strfreev (sa); } else if (type == DBUS_TYPE_G_MAP_OF_STRING) { - read_hash_of_string (file, setting, key); + read_hash_of_string (info->keyfile, setting, key); } else if (type == DBUS_TYPE_G_UINT_ARRAY) { - if (!read_array_of_uint (file, setting, key)) { + if (!read_array_of_uint (info->keyfile, setting, key)) { g_warning ("Unhandled setting property type (read): '%s/%s' : '%s'", setting_name, key, G_VALUE_TYPE_NAME (value)); } @@ -1018,15 +1142,16 @@ read_one_setting_value (NMSetting *setting, } static NMSetting * -read_setting (GKeyFile *file, const char *name) +read_setting (GKeyFile *file, const char *keyfile_path, const char *setting_name) { NMSetting *setting; + ReadInfo info = { file, keyfile_path }; - setting = nm_connection_create_setting (name); + setting = nm_connection_create_setting (setting_name); if (setting) - nm_setting_enumerate_values (setting, read_one_setting_value, (gpointer) file); + nm_setting_enumerate_values (setting, read_one_setting_value, &info); else - g_warning ("Invalid setting name '%s'", name); + g_warning ("Invalid setting name '%s'", setting_name); return setting; } @@ -1095,7 +1220,7 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error) continue; } - setting = read_setting (key_file, groups[i]); + setting = read_setting (key_file, filename, groups[i]); if (setting) nm_connection_add_setting (connection, setting); } diff --git a/src/settings/plugins/keyfile/tests/keyfiles/Makefile.am b/src/settings/plugins/keyfile/tests/keyfiles/Makefile.am index d6ee018340..0ce032096b 100644 --- a/src/settings/plugins/keyfile/tests/keyfiles/Makefile.am +++ b/src/settings/plugins/keyfile/tests/keyfiles/Makefile.am @@ -1,4 +1,4 @@ -EXTRA_DIST = \ +KEYFILES = \ Test_Wired_Connection \ Test_GSM_Connection \ Test_Wireless_Connection \ @@ -6,10 +6,18 @@ EXTRA_DIST = \ Test_Wired_Connection_IP6 \ ATT_Data_Connect_BT \ ATT_Data_Connect_Plain \ - Test_String_SSID + Test_String_SSID \ + Test_Wired_TLS_Old \ + Test_Wired_TLS_New + +CERTS = \ + test-ca-cert.pem \ + test-key-and-cert.pem + +EXTRA_DIST = $(KEYFILES) $(CERTS) check-local: - @for f in $(EXTRA_DIST); do \ + @for f in $(KEYFILES); do \ chmod 0600 $(abs_srcdir)/$$f; \ done diff --git a/src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_New b/src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_New new file mode 100644 index 0000000000..4cd8668626 --- /dev/null +++ b/src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_New @@ -0,0 +1,22 @@ + +[connection] +id=Wired TLS +uuid=5ee46013-9469-4c6a-a60a-0c7a1e1c7488 +type=802-3-ethernet + +[802-1x] +eap=tls; +identity=Bill Smith +ca-cert=test-ca-cert.pem +client-cert=test-key-and-cert.pem +private-key=test-key-and-cert.pem +private-key-password=12345testing + +[ipv4] +method=auto + +[802-3-ethernet] +duplex=full + +[ipv6] +method=ignore diff --git a/src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_Old b/src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_Old new file mode 100644 index 0000000000..61afdd91c8 --- /dev/null +++ b/src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_Old @@ -0,0 +1,22 @@ + +[connection] +id=Wired TLS +uuid=5ee46013-9469-4c6a-a60a-0c7a1e1c7488 +type=802-3-ethernet + +[802-1x] +eap=tls; +identity=Bill Smith +ca-cert=102;105;108;101;58;47;47;47;104;111;109;101;47;100;99;98;119;47;68;101;115;107;116;111;112;47;99;101;114;116;105;110;102;114;97;47;67;65;47;101;97;112;116;101;115;116;95;99;97;95;99;101;114;116;46;112;101;109;0; +client-cert=102;105;108;101;58;47;47;47;104;111;109;101;47;100;99;98;119;47;68;101;115;107;116;111;112;47;99;101;114;116;105;110;102;114;97;47;99;108;105;101;110;116;46;112;101;109;0; +private-key=102;105;108;101;58;47;47;47;104;111;109;101;47;100;99;98;119;47;68;101;115;107;116;111;112;47;99;101;114;116;105;110;102;114;97;47;99;108;105;101;110;116;46;112;101;109;0; +private-key-password=12345testing + +[ipv4] +method=auto + +[802-3-ethernet] +duplex=full + +[ipv6] +method=ignore diff --git a/src/settings/plugins/keyfile/tests/keyfiles/test-ca-cert.pem b/src/settings/plugins/keyfile/tests/keyfiles/test-ca-cert.pem new file mode 100644 index 0000000000..ef1be20d2b --- /dev/null +++ b/src/settings/plugins/keyfile/tests/keyfiles/test-ca-cert.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgIJAOvnZPt59yIZMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD +VQQGEwJVUzESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcw +FQYDVQQKEw5NeSBDb21wYW55IEx0ZDEQMA4GA1UECxMHVGVzdGluZzENMAsGA1UE +AxMEdGVzdDEcMBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0LmNvbTAeFw0wOTAzMTAx +NTEyMTRaFw0xOTAzMDgxNTEyMTRaMIGLMQswCQYDVQQGEwJVUzESMBAGA1UECBMJ +QmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5NeSBDb21wYW55 +IEx0ZDEQMA4GA1UECxMHVGVzdGluZzENMAsGA1UEAxMEdGVzdDEcMBoGCSqGSIb3 +DQEJARYNdGVzdEB0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKot9j+/+CX1/gZLgJHIXCRgCItKLGnf7qGbgqB9T2ACBqR0jllKWwDKrcWU +xjXNIc+GF9Wnv+lX6G0Okn4Zt3/uRNobL+2b/yOF7M3Td3/9W873zdkQQX930YZc +Rr8uxdRPP5bxiCgtcw632y21sSEbG9mjccAUnV/0jdvfmMNj0i8gN6E0fMBiJ9S3 +FkxX/KFvt9JWE9CtoyL7ki7UIDq+6vj7Gd5N0B3dOa1y+rRHZzKlJPcSXQSEYUS4 +HmKDwiKSVahft8c4tDn7KPi0vex91hlgZVd3usL2E/Vq7o5D9FAZ5kZY0AdFXwdm +J4lO4Mj7ac7GE4vNERNcXVIX59sCAwEAAaOB8zCB8DAdBgNVHQ4EFgQUuDU3Mr7P +T3n1e3Sy8hBauoDFahAwgcAGA1UdIwSBuDCBtYAUuDU3Mr7PT3n1e3Sy8hBauoDF +ahChgZGkgY4wgYsxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAO +BgNVBAcTB05ld2J1cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMRAwDgYDVQQL +EwdUZXN0aW5nMQ0wCwYDVQQDEwR0ZXN0MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRl +c3QuY29tggkA6+dk+3n3IhkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC +AQEAVRG4aALIvCXCiKfe7K+iJxjBVRDFPEf7JWA9LGgbFOn6pNvbxonrR+0BETdc +JV1ET4ct2xsE7QNFIkp9GKRC+6J32zCo8qtLCD5+v436r8TUG2/t2JRMkb9I2XVT +p7RJoot6M0Ltf8KNQUPYh756xmKZ4USfQUwc58MOSDGY8VWEXJOYij9Pf0e0c52t +qiCEjXH7uXiS8Pgq9TYm7AkWSOrglYhSa83x0f8mtT8Q15nBESIHZ6o8FAS2bBgn +B0BkrKRjtBUkuJG3vTox+bYINh2Gxi1JZHWSV1tN5z3hd4VFcKqanW5OgQwToBqp +3nniskIjbH0xjgZf/nVMyLnjxg== +-----END CERTIFICATE----- diff --git a/src/settings/plugins/keyfile/tests/keyfiles/test-key-and-cert.pem b/src/settings/plugins/keyfile/tests/keyfiles/test-key-and-cert.pem new file mode 100644 index 0000000000..dec9aa1b8f --- /dev/null +++ b/src/settings/plugins/keyfile/tests/keyfiles/test-key-and-cert.pem @@ -0,0 +1,118 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,4DE0615F23D82107 + +QPNCO5Dobvz9dDhN32KkZRoEifW+HDm2PCbRQhKDiscGwB6LgypvVjHNsZiFKwzz +L4R51UqgQeJx7GSGJqE626e9z9J+UNBhop02aOO2X0eSPdvBzr/uJ6Umiyr1xqD7 +zWf7u9l5kXElDJRhK+87GMBewp4Ie9NeXDjhF8hzC5Kiulen4AH3AYnfH3S7DimU +h8GFMg8inrudrTbcjBhCdPeHG2jCygOxw3InRFz7uaN6LIhOaPQvmvpP4Cc1WRnW +ZPq9o+eU3fPWPD5t+Op/VzYLvKwgBy/yK1rQXUm6ZMO7MhhRJ94ZCsJv+nVWpJlv +QyBlxDKxwfkfYbDELdnnDQdHdMbKatLqa0KhSkgpp8LywBtanPz731tyT0r7b3na +eLdra59lRU7ZQLPEdS3lPZd2O/KQvWf8wbg7MjXS9LxQ7R5HOPu6DNJlwXVZBmmo +cAfu2q8ubU2IePvWLD1GOrBi6hE9TiGvFJkw+wBK+t72sz3njv9Xm/zlxruaEk5m +RW/kybU3FP4PtjriBbskz3/VZaaxuRN7OoOYTkmyHmG1ADgcRUV6fea19qqsBlN8 +xb+SRtoH28oT/JVWU5neE2dbNzk5LeVO+w70NNdR5s5xqkBhbGGaJxvXwNP4ltFr +T06SMh8znOLKwWB00aRtwfU7jOwR3mOleQO4ugIHmau3zp1TqzAHW8XtpuV7qVeI +ESZOZuf0vW43BtNzgLXt1+r+bmsMsRwhnyomL9M0TUyyBdVYY9GkzTG9pOESheRo +RSvAZ8qKGUliTpgBcbt2v1+NqkszcHa6FxuvS8YU4uo5/GqsgTxHTNIB232hIrrZ +EIm6QL9TC5oFXMjy6UNqoCm5Nb8DBJ6aErt7pt7aoktqUW3O3QIzQT3IbZ4nAcTt +lVF4d7j29I9t7bcC8GOVU1neilguZUss4ghJg9x4zI5UZdR7hZ8fbFT47TyxB+j5 +r0YdmjbjVTaSyaN2JGh1wvb4TzawGNVx/U2EJE16HigOtPfsfQRJ3x+FROKBdVa4 +aIFYXkRBeIPxX6n9pcw0lBCsnXo6/5iTjQSk2VqO3rHO/wyWiEjNczhL33dY2A8W +GG5ECMO5SqXZHQQzpABqK94dxe3UC8aEESO5NhEqDuV7qQGol0qPKrUA3wb0jb2e +DrejJ9HS2m1SUDmjpvvmEGy6GN7CRibbKt5rNZdJNNvWArOF5d0F6wkixQLl73oE +lq5gLQQk9n7ClleKLhlQpBCorxilBbzmSUekkJLi0eaZiBBFWBX9udqnUZloXTgO +8qwuO8K/GPR9Jy1/UH2Vh1H+wivaqKTVgEb0NotzgzECgTEFKJafl7rUNs1OZRZ3 +VBjevi6+iDpxVFgF71kXfdUC4ph0E1XDl0ja2rrKQGivMkUhWJ57+4EV5+hBkAnt +G0RV45NwHXLrK2bd8F9PlRk2XHW6mIcFRXsW1DjeBhk/sQjvlO9R01GRSgcXtekJ +tmX17FWrMrzXHpvy1IC3fk4RVnSjpzQ8O+17YE8/la9wVaeZZzHyYFmMT7VXjIhW +QozJQ0vJ2jxJRh5GYn3tpJzdaeRfvTBik0pChNdUTnWP+BJ35xoCTs8iwJbmgVZ1 +-----END RSA PRIVATE KEY----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=Testing, CN=test/emailAddress=test@test.com + Validity + Not Before: Mar 10 15:13:16 2009 GMT + Not After : Mar 8 15:13:16 2019 GMT + Subject: C=US, ST=Berkshire, O=My Company Ltd, OU=Testing, CN=test1/emailAddress=test@test.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:cd:34:b1:2e:b0:04:c6:f4:2b:a2:c0:a0:39:7a: + 82:ed:96:c4:f7:19:83:91:5c:b4:e7:9c:de:ec:48: + ec:2d:e4:51:08:26:42:ac:d3:98:26:7a:72:f7:49: + c2:9e:66:05:c6:47:29:fe:3b:ac:6b:af:6f:5e:a8: + 03:5a:73:33:ba:19:03:00:35:f5:00:bc:a8:be:14: + ce:46:69:e3:6d:ed:34:37:85:55:87:62:b3:b7:c9: + c0:cc:9a:aa:61:05:5b:cd:a2:17:42:d3:e5:6f:1c: + 60:8d:c2:15:41:46:f8:12:54:d0:38:57:e1:fd:8d: + 44:c8:fb:56:b3:b9:6c:e9:f8:9e:21:11:57:1b:8b: + f9:cf:e3:17:e7:d8:fd:ac:d1:01:c6:92:30:f3:2d: + c9:d6:c1:f0:3d:fd:ca:30:dd:75:74:e7:d1:6b:75: + d8:c5:4d:43:61:fe:f6:ad:7e:4c:63:7c:03:17:a2: + 06:8f:d0:8b:69:d3:7a:07:0f:0b:a2:cf:0c:70:38: + ba:cc:55:35:60:84:58:d8:d2:be:1f:ef:76:a9:ba: + ae:6a:dc:08:97:80:de:42:00:b7:d4:ce:9a:b0:36: + 2a:c7:6f:45:04:7c:ea:41:19:d8:b9:19:04:1f:11: + a9:22:80:bd:69:08:15:0d:3c:de:cd:7e:88:6c:0f: + a3:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + CE:03:7E:EF:E7:DE:C9:87:BF:DE:56:F4:C8:A3:40:F6:C8:6F:05:8C + X509v3 Authority Key Identifier: + keyid:B8:35:37:32:BE:CF:4F:79:F5:7B:74:B2:F2:10:5A:BA:80:C5:6A:10 + DirName:/C=US/ST=Berkshire/L=Newbury/O=My Company Ltd/OU=Testing/CN=test/emailAddress=test@test.com + serial:EB:E7:64:FB:79:F7:22:19 + + Signature Algorithm: md5WithRSAEncryption + 7a:20:93:63:40:73:7d:33:01:2e:c0:13:52:a4:a7:e1:4d:82: + f4:fb:b2:7b:d0:2b:5a:3f:0e:3c:28:61:71:ab:01:4d:fe:89: + b5:cd:2f:97:59:93:53:9d:51:86:48:dd:b9:e4:73:5e:22:0b: + 12:0d:25:39:76:16:44:06:0c:40:45:21:6b:a6:b1:e0:bf:76: + 1b:36:f3:1e:41:82:57:d9:59:b7:60:40:43:1c:1d:79:f6:48: + 32:5c:4e:e2:06:89:96:41:d2:54:1f:4a:6f:f6:78:a5:3c:02: + 85:21:e2:65:e1:8a:6d:24:19:95:f8:c0:35:ab:bd:ff:3d:f1: + fb:50:2d:30:1e:67:a6:7c:50:f9:d5:77:66:77:5a:14:0f:5c: + cd:21:09:9b:a3:92:57:19:dd:01:a4:18:c5:f9:70:e4:17:43: + 8d:b1:e6:61:e9:50:89:83:4f:ce:a4:57:68:58:40:70:ae:71: + 1c:47:66:d2:30:54:50:ea:3a:87:32:64:3b:18:42:fe:5a:19: + 07:64:f7:f1:b1:10:07:fd:a7:d2:a7:a8:05:79:5b:25:ba:69: + 7b:1a:3e:b1:3e:e4:17:17:01:ba:eb:54:ae:83:00:ed:66:62: + 8d:c0:3e:8a:b4:27:5f:e9:01:ce:20:c3:34:a9:28:c0:6f:c7: + 3b:65:fe:f9 +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCVVMx +EjAQBgNVBAgTCUJlcmtzaGlyZTEQMA4GA1UEBxMHTmV3YnVyeTEXMBUGA1UEChMO +TXkgQ29tcGFueSBMdGQxEDAOBgNVBAsTB1Rlc3RpbmcxDTALBgNVBAMTBHRlc3Qx +HDAaBgkqhkiG9w0BCQEWDXRlc3RAdGVzdC5jb20wHhcNMDkwMzEwMTUxMzE2WhcN +MTkwMzA4MTUxMzE2WjB6MQswCQYDVQQGEwJVUzESMBAGA1UECBMJQmVya3NoaXJl +MRcwFQYDVQQKEw5NeSBDb21wYW55IEx0ZDEQMA4GA1UECxMHVGVzdGluZzEOMAwG +A1UEAxMFdGVzdDExHDAaBgkqhkiG9w0BCQEWDXRlc3RAdGVzdC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNNLEusATG9CuiwKA5eoLtlsT3GYOR +XLTnnN7sSOwt5FEIJkKs05gmenL3ScKeZgXGRyn+O6xrr29eqANaczO6GQMANfUA +vKi+FM5GaeNt7TQ3hVWHYrO3ycDMmqphBVvNohdC0+VvHGCNwhVBRvgSVNA4V+H9 +jUTI+1azuWzp+J4hEVcbi/nP4xfn2P2s0QHGkjDzLcnWwfA9/cow3XV059FrddjF +TUNh/vatfkxjfAMXogaP0Itp03oHDwuizwxwOLrMVTVghFjY0r4f73apuq5q3AiX +gN5CALfUzpqwNirHb0UEfOpBGdi5GQQfEakigL1pCBUNPN7NfohsD6NDAgMBAAGj +ggEfMIIBGzAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzgN+7+feyYe/3lb0yKNA9shvBYww +gcAGA1UdIwSBuDCBtYAUuDU3Mr7PT3n1e3Sy8hBauoDFahChgZGkgY4wgYsxCzAJ +BgNVBAYTAlVTMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1cnkx +FzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMRAwDgYDVQQLEwdUZXN0aW5nMQ0wCwYD +VQQDEwR0ZXN0MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRlc3QuY29tggkA6+dk+3n3 +IhkwDQYJKoZIhvcNAQEEBQADggEBAHogk2NAc30zAS7AE1Kkp+FNgvT7snvQK1o/ +DjwoYXGrAU3+ibXNL5dZk1OdUYZI3bnkc14iCxINJTl2FkQGDEBFIWumseC/dhs2 +8x5BglfZWbdgQEMcHXn2SDJcTuIGiZZB0lQfSm/2eKU8AoUh4mXhim0kGZX4wDWr +vf898ftQLTAeZ6Z8UPnVd2Z3WhQPXM0hCZujklcZ3QGkGMX5cOQXQ42x5mHpUImD +T86kV2hYQHCucRxHZtIwVFDqOocyZDsYQv5aGQdk9/GxEAf9p9KnqAV5WyW6aXsa +PrE+5BcXAbrrVK6DAO1mYo3APoq0J1/pAc4gwzSpKMBvxztl/vk= +-----END CERTIFICATE----- diff --git a/src/settings/plugins/keyfile/tests/test-keyfile.c b/src/settings/plugins/keyfile/tests/test-keyfile.c index e315059b46..c9f7ab6dcc 100644 --- a/src/settings/plugins/keyfile/tests/test-keyfile.c +++ b/src/settings/plugins/keyfile/tests/test-keyfile.c @@ -37,6 +37,7 @@ #include #include #include +#include #include "nm-test-helpers.h" @@ -1952,6 +1953,122 @@ test_write_gsm_connection (void) g_object_unref (connection); } +#define TEST_WIRED_TLS_OLD_FILE TEST_KEYFILES_DIR"/Test_Wired_TLS_Old" + +static void +test_read_wired_8021x_tls_old_connection (void) +{ + NMConnection *connection; + NMSetting *s_wired; + NMSetting8021x *s_8021x; + GError *error = NULL; + const char *tmp; + gboolean success; + + connection = connection_from_file (TEST_WIRED_TLS_OLD_FILE, &error); + if (connection == NULL) { + g_assert (error); + g_warning ("Failed to read %s: %s", TEST_WIRED_TLS_OLD_FILE, error->message); + g_assert (connection); + } + + success = nm_connection_verify (connection, &error); + if (!success) { + g_assert (error); + g_warning ("Failed to verify %s: %s", TEST_WIRED_TLS_OLD_FILE, error->message); + g_assert (success); + } + + /* ===== Wired Setting ===== */ + s_wired = nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRED); + g_assert (s_wired != NULL); + + /* ===== 802.1x Setting ===== */ + s_8021x = (NMSetting8021x *) nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X); + g_assert (s_8021x != NULL); + + g_assert (nm_setting_802_1x_get_num_eap_methods (s_8021x) == 1); + tmp = nm_setting_802_1x_get_eap_method (s_8021x, 0); + g_assert (g_strcmp0 (tmp, "tls") == 0); + + tmp = nm_setting_802_1x_get_identity (s_8021x); + g_assert (g_strcmp0 (tmp, "Bill Smith") == 0); + + tmp = nm_setting_802_1x_get_private_key_password (s_8021x); + g_assert (g_strcmp0 (tmp, "12345testing") == 0); + + tmp = nm_setting_802_1x_get_ca_cert_path (s_8021x); + g_assert (g_strcmp0 (tmp, "/home/dcbw/Desktop/certinfra/CA/eaptest_ca_cert.pem") == 0); + + tmp = nm_setting_802_1x_get_client_cert_path (s_8021x); + g_assert (g_strcmp0 (tmp, "/home/dcbw/Desktop/certinfra/client.pem") == 0); + + tmp = nm_setting_802_1x_get_private_key_path (s_8021x); + g_assert (g_strcmp0 (tmp, "/home/dcbw/Desktop/certinfra/client.pem") == 0); + + g_object_unref (connection); +} + +#define TEST_WIRED_TLS_NEW_FILE TEST_KEYFILES_DIR"/Test_Wired_TLS_New" + +static void +test_read_wired_8021x_tls_new_connection (void) +{ + NMConnection *connection; + NMSetting *s_wired; + NMSetting8021x *s_8021x; + GError *error = NULL; + const char *tmp; + gboolean success; + + connection = connection_from_file (TEST_WIRED_TLS_NEW_FILE, &error); + if (connection == NULL) { + g_assert (error); + g_warning ("Failed to read %s: %s", TEST_WIRED_TLS_NEW_FILE, error->message); + g_assert (connection); + } + + success = nm_connection_verify (connection, &error); + if (!success) { + g_assert (error); + g_warning ("Failed to verify %s: %s", TEST_WIRED_TLS_NEW_FILE, error->message); + g_assert (success); + } + + /* ===== Wired Setting ===== */ + s_wired = nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRED); + g_assert (s_wired != NULL); + + /* ===== 802.1x Setting ===== */ + s_8021x = (NMSetting8021x *) nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X); + g_assert (s_8021x != NULL); + + g_assert (nm_setting_802_1x_get_num_eap_methods (s_8021x) == 1); + tmp = nm_setting_802_1x_get_eap_method (s_8021x, 0); + g_assert (g_strcmp0 (tmp, "tls") == 0); + + tmp = nm_setting_802_1x_get_identity (s_8021x); + g_assert (g_strcmp0 (tmp, "Bill Smith") == 0); + + tmp = nm_setting_802_1x_get_private_key_password (s_8021x); + g_assert (g_strcmp0 (tmp, "12345testing") == 0); + + tmp = nm_setting_802_1x_get_ca_cert_path (s_8021x); + g_assert (g_strcmp0 (tmp, "test-ca-cert.pem") == 0); + + tmp = nm_setting_802_1x_get_client_cert_path (s_8021x); + g_assert (g_strcmp0 (tmp, "test-key-and-cert.pem") == 0); + + tmp = nm_setting_802_1x_get_private_key_path (s_8021x); + g_assert (g_strcmp0 (tmp, "test-key-and-cert.pem") == 0); + + g_object_unref (connection); +} + +#define TEST_WIRED_TLS_CA_CERT TEST_KEYFILES_DIR"/test-ca-cert.pem" +#define TEST_WIRED_TLS_CLI_CERT TEST_KEYFILES_DIR"/test-key-and-cert.pem" +#define TEST_WIRED_TLS_PRIVKEY TEST_KEYFILES_DIR"/test-key-and-cert.pem" + int main (int argc, char **argv) { GError *error = NULL; @@ -1983,6 +2100,9 @@ int main (int argc, char **argv) test_read_gsm_connection (); test_write_gsm_connection (); + test_read_wired_8021x_tls_old_connection (); + test_read_wired_8021x_tls_new_connection (); + base = g_path_get_basename (argv[0]); fprintf (stdout, "%s: SUCCESS\n", base); g_free (base);