fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-27 04:40:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-core/tests
History
Thomas Haller 068d316822 libnm/802-1x: refactor setting certificate from path 
NMSetting8021x has various utility functions to set
the certificate:
  - nm_setting_802_1x_set_ca_cert()
  - nm_setting_802_1x_set_client_cert()
  - nm_setting_802_1x_set_private_key()
  - nm_setting_802_1x_set_phase2_ca_cert()
  - nm_setting_802_1x_set_phase2_client_cert()
  - nm_setting_802_1x_set_phase2_private_key()

They support:

 - accepting a plain PKCS11 URI, with scheme set to
   NM_SETTING_802_1X_CK_SCHEME_PKCS11.
 - accepting a filename, with scheme set to
   NM_SETTING_802_1X_CK_SCHEME_BLOB or
   NM_SETTING_802_1X_CK_SCHEME_PATH.

In the latter case, the function tries to load the file and verify it.
In case of the private-key setters, this also involves accepting a
password. Depending on whether the scheme is BLOB or PATH, the function
will either set the certificate to a PATH blob, or take the blob that
was read from file.

The functions seem misdesigned to me, because their behavior is
rather obscure. E.g. they behave fundamentally different, depending
on whether scheme is PKCS11 or BLOB/PATH.

Anyway, improve them:

- refactor the common code into a function _cert_impl_set(). Previously,
  their non-trivial implementations were copy+pasted several times,
  now they all use the same implementation.
- if the function is going to fail, don't touch the setting. Previously,
  the functions would first clear the certificate before trying to
  validate the input. It's more logical, that if a functions is going
  to fail to check for failure first and don't modify the settings.
- not every blob can be represented. For example, if we have a blob
  which starts with "file://", then there is no way to set it, simply
  because we don't support a prefix for blobs (like "data:;base64,").
  This means, if we try to set the certificate to a particular binary,
  we must check that the binary is interpreted with the expected scheme.
  Add this check.
2018-09-04 07:38:30 +02:00
..
certs libnm-core: support private keys encrypted with AES-{192,256}-CBC 2018-08-28 11:05:01 +02:00
meson.build build: create "config-extra.h" header instead of passing directory variables via CFLAGS 2018-07-17 17:46:39 +02:00
nm-core-tests-enum-types.c.template build: use template files for enum types' sources generation 2017-12-18 11:25:06 +01:00
nm-core-tests-enum-types.h.template build: use template files for enum types' sources generation 2017-12-18 11:25:06 +01:00
test-compare.c shared: move shared files to subdirectory "shared/nm-utils/" 2016-06-16 10:45:53 +02:00
test-crypto.c libnm/crypto: refactor nmtst_crypto_rsa_key_encrypt() and clear memory 2018-09-04 07:38:30 +02:00
test-general-enums.h utils: support unknown numeric values in nm_utils_enum_to_str() and nm_utils_enum_from_str() 2017-02-20 13:45:32 +01:00
test-general.c tests: minor code cleanup in tests 2018-08-30 11:17:09 +02:00
test-keyfile.c tests: minor code cleanup in tests 2018-08-30 11:17:09 +02:00
test-secrets.c build: use default NM_BUILD_* defines for tests 2018-05-31 15:59:38 +02:00
test-setting.c libnm/802-1x: refactor setting certificate from path 2018-09-04 07:38:30 +02:00
test-settings-defaults.c shared: move shared files to subdirectory "shared/nm-utils/" 2016-06-16 10:45:53 +02:00