END_TEST
START_TEST(cache_tgcrt_04)
{
cert_t *c1, *c2;
c1 = cert_new_load(TESTCERT);
fail_unless(!!c1, "loading certificate failed");
fail_unless(c1->references == 1, "refcount != 1");
cachemgr_tgcrt_set("daniel.roe.ch", c1);
fail_unless(c1->references == 2, "refcount != 2");
c2 = cachemgr_tgcrt_get("daniel.roe.ch");
fail_unless(c1->references == 3, "refcount != 3");
cachemgr_tgcrt_set("daniel.roe.ch", c1);
fail_unless(c1->references == 3, "refcount != 3");
cachemgr_tgcrt_del("daniel.roe.ch");
fail_unless(c1->references == 2, "refcount != 2");
cachemgr_tgcrt_set("daniel.roe.ch", c1);
fail_unless(c1->references == 3, "refcount != 3");
cert_free(c1);
fail_unless(c1->references == 2, "refcount != 2");
cachemgr_fini();
fail_unless(c1->references == 1, "refcount != 1");
cert_free(c2);
/* deliberate access of free'd cert_t* */
fail_unless(c1->references == 0, "refcount != 0");
fail_unless(cachemgr_preinit() != -1, "reinit");
}
/**
* Load a certificate
*/
static cert_t *builder_load_cert(certificate_type_t type, va_list args)
{
x509_flag_t flags = 0;
chunk_t blob = chunk_empty;
bool pgp = FALSE;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_BLOB_PGP:
pgp = TRUE;
/* FALL */
case BUILD_BLOB_ASN1_DER:
blob = va_arg(args, chunk_t);
continue;
case BUILD_X509_FLAG:
flags |= va_arg(args, x509_flag_t);
continue;
case BUILD_END:
break;
default:
return NULL;
}
break;
}
if (blob.ptr)
{
cert_t *cert = malloc_thing(cert_t);
*cert = cert_empty;
if (pgp)
{
cert->cert = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_GPG,
BUILD_BLOB_PGP, blob,
BUILD_END);
}
else
{
cert->cert = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB_ASN1_DER, blob,
BUILD_X509_FLAG, flags,
BUILD_END);
}
if (cert->cert)
{
return cert;
}
plog(" error in X.509 certificate");
cert_free(cert);
}
return NULL;
}
END_TEST
START_TEST(cache_tgcrt_03)
{
cert_t *c1, *c2;
c1 = cert_new_load(TESTCERT);
fail_unless(!!c1, "loading certificate failed");
cachemgr_tgcrt_set("daniel.roe.ch", c1);
cachemgr_tgcrt_del("daniel.roe.ch");
c2 = cachemgr_tgcrt_get("daniel.roe.ch");
fail_unless(c2 == NULL, "cache returned deleted certificate");
cert_free(c1);
}
/*
* Callback to load a cert/chain/key combo from a single PEM file.
*/
static void
main_loadtgcrt(const char *filename, void *arg)
{
opts_t *opts = arg;
cert_t *cert;
char **names;
cert = cert_new_load(filename);
if (!cert) {
log_err_printf("Failed to load cert and key from PEM file "
"'%s'\n", filename);
log_fini();
exit(EXIT_FAILURE); /* XXX */
}
if (X509_check_private_key(cert->crt, cert->key) != 1) {
log_err_printf("Cert does not match key in PEM file "
"'%s':\n", filename);
ERR_print_errors_fp(stderr);
log_fini();
exit(EXIT_FAILURE); /* XXX */
}
#ifdef DEBUG_CERTIFICATE
log_dbg_printf("Loaded '%s':\n", filename);
log_dbg_print_free(ssl_x509_to_str(cert->crt));
log_dbg_print_free(ssl_x509_to_pem(cert->crt));
#endif /* DEBUG_CERTIFICATE */
if (OPTS_DEBUG(opts)) {
log_dbg_printf("Targets for '%s':", filename);
}
names = ssl_x509_names(cert->crt);
for (char **p = names; *p; p++) {
/* be deliberately vulnerable to NULL prefix attacks */
char *sep;
if ((sep = strchr(*p, '!'))) {
*sep = '\0';
}
if (OPTS_DEBUG(opts)) {
log_dbg_printf(" '%s'", *p);
}
cachemgr_tgcrt_set(*p, cert);
free(*p);
}
if (OPTS_DEBUG(opts)) {
log_dbg_printf("\n");
}
free(names);
cert_free(cert);
}
static void
cachetgcrt_free_val_cb(cache_val_t val)
{
cert_free(val);
}
