Swiftdiff options
| author | Tim Costen <tim.costen@isode.com> | 2019-09-06 10:32:12 (GMT) |
|---|---|---|
| committer | Tim Costen <tim.costen@isode.com> | 2019-09-19 15:27:01 (GMT) |
| commit | e58cf7d5d7d3bab330bccf6a098dd476fbf4dc86 (patch) | |
| tree | f3632c379e2d92022bdb8af5d980b44883cc2360 /Swiften/QA/TLSTest/CertificateTest.cpp | |
| parent | 8051f94932b6932a2e3eb60a26c758fbfed6d6ad (diff) | |
| download | swift-e58cf7d5d7d3bab330bccf6a098dd476fbf4dc86.zip swift-e58cf7d5d7d3bab330bccf6a098dd476fbf4dc86.tar.bz2 | |
Add support for use of shared certificate chain when setting up TLS context
Actual implementation is in OpenSSL subclass. This allows a permanent
vector of shared certificates to be used when creating multiple OpenSSL
contexts. This replaces the existing use of a vector of unique pointers
to certificates which handed over responsibility for the underlying
OpenSSL certs to the OpenSSL context. To enable this to work, a
new method is added to the OpenSSLCertificate class which enables
the reference count on the the contained OpenSSL certificate to
be incremented - this stops the OpenSSL certificate being deleted
when the OpenSSL context is freed.
Use of conditional compilation was necessary to get the reference
counting to build with the different versions of OpenSSL in use.
Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory)
which generates a vector of certificates, so that it generates a vector
of shared_ptrs rather than unique_ptrs.
Add test of CreateCertificateChain to Swiften CertificateTest
class, together with sample certificate file in PEM form.
JIRA: LINK-1763
Bug:
Release-notes:
Manual:
Test-information:
Tested via development version of Mystique - created multiple
TLS sessions using single certificate chain.
Swift unit tests now build and run again.
New Swiften TLS unit test builds and runs.
Change-Id: I7fa4888b640c94b68712a6bff1f7aa334a358df2
Diffstat (limited to 'Swiften/QA/TLSTest/CertificateTest.cpp')
| -rw-r--r-- | Swiften/QA/TLSTest/CertificateTest.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp index 02ec0f8..21f749c 100644 --- a/Swiften/QA/TLSTest/CertificateTest.cpp +++ b/Swiften/QA/TLSTest/CertificateTest.cpp @@ -30,12 +30,14 @@ class CertificateTest : public CppUnit::TestFixture { CPPUNIT_TEST(testGetSRVNames); CPPUNIT_TEST(testGetDNSNames); CPPUNIT_TEST(testGetXMPPAddresses); + CPPUNIT_TEST(testCreateCertificateChain); CPPUNIT_TEST_SUITE_END(); public: void setUp() { pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest"); readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt")); + readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem")); certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY()); } @@ -88,9 +90,26 @@ class CertificateTest : public CppUnit::TestFixture { CPPUNIT_ASSERT_EQUAL(std::string("*.jabber.org"), testling->getXMPPAddresses()[0]); } + void testCreateCertificateChain() { + // The input chain contains a 2-certificate chain: + // the first certificate has: + // a subject of "O=messaging,CN=Mixer Messaging Configuration,CN=badger.isode.net" + // an issuer of "O=messaging, CN=New Messaging CA" + // the second certificate has: + // a subject of "O=messaging, CN=New Messaging CA" + // an issuer of "O=messaging, CN=New Messaging CA" + // i.e. it is a self-signed certificate + std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData); + CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size())); + CPPUNIT_ASSERT_EQUAL(std::string("Mixer Messaging Configuration"), chain[0]->getCommonNames()[0]); + CPPUNIT_ASSERT_EQUAL(std::string("badger.isode.net"), chain[0]->getCommonNames()[1]); + CPPUNIT_ASSERT_EQUAL(std::string("New Messaging CA"), chain[1]->getCommonNames()[0]); + } + private: std::unique_ptr<PlatformApplicationPathProvider> pathProvider; ByteArray certificateData; + ByteArray chainData; std::unique_ptr<CertificateFactory> certificateFactory; }; |