2 #define _POSIX_SOURCE /* For getaddrinfo(3) */
6 #define _BSD_SOURCE /* For NI_MAXHOST */
10 #define _XOPEN_SOURCE 600 /* For unsetenv(3) */
17 #define TLSDIR SRCDIR "/server/tls"
18 static const char *ca_certificate
= TLSDIR
"/ca.cert";
19 static char *server_certificate
= TLSDIR
"/server.cert";
20 static char *server_key
= TLSDIR
"/server.key";
21 static char *client_certificate
= TLSDIR
"/client.cert";
22 static char *client_key
= TLSDIR
"/client.key";
23 static const char *client_dn
= "C=CZ,CN=The Client";
24 static const char *username
= "douglas";
25 static const char *password
= "42";
28 static int test_login(const isds_error error
, struct isds_ctx
*context
,
29 const char *url
, const char *username
, const char *password
,
30 const struct isds_pki_credentials
*pki_credentials
,
31 struct isds_otp
*otp
) {
34 err
= isds_login(context
, url
, username
, password
, pki_credentials
, otp
);
36 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
37 isds_strerror(error
), isds_strerror(err
),
38 isds_long_message(context
));
44 int main(int argc
, char **argv
) {
47 struct isds_ctx
*context
= NULL
;
50 INIT_TEST("authentication with client certificate and username and "
53 if (unsetenv("http_proxy")) {
54 ABORT_UNIT("Could not remove http_proxy variable from environment\n");
58 ABORT_UNIT("isds_init() failed\n");
60 context
= isds_ctx_create();
63 ABORT_UNIT("isds_ctx_create() failed\n");
65 if (isds_set_opt(context
, IOPT_TLS_CA_FILE
, ca_certificate
)) {
66 isds_ctx_free(&context
);
68 ABORT_UNIT("Setting CA failed\n");
70 if (isds_set_opt(context
, IOPT_TLS_VERIFY_SERVER
, 0)) {
71 isds_ctx_free(&context
);
73 ABORT_UNIT("Disabling server hostname verification failed\n");
77 const struct service_configuration services
[] = {
78 { SERVICE_DS_Dz_DummyOperation
, NULL
},
81 const struct arguments_basic_authentication server_arguments
= {
87 struct tls_authentication tls_arguments
= {
88 .authority_certificate
= ca_certificate
,
89 .server_certificate
= server_certificate
,
90 .server_key
= server_key
,
91 .client_name
= client_dn
93 struct isds_pki_credentials pki_credentials
= {
95 .certificate_format
= PKI_FORMAT_PEM
,
96 .certificate
= server_certificate
,
97 .key_format
= PKI_FORMAT_PEM
,
101 error
= start_server(&server_process
, &url
,
102 server_certificate_with_password_authentication
,
103 &server_arguments
, &tls_arguments
);
105 isds_ctx_free(&context
);
107 ABORT_UNIT(server_error
);
110 TEST("no client certificate", test_login
, IE_SECURITY
, context
,
111 url
, username
, password
, NULL
, NULL
);
113 TEST("wrong client certificate", test_login
, IE_SECURITY
, context
,
114 url
, username
, password
, &pki_credentials
, NULL
);
116 pki_credentials
.certificate
= client_certificate
;
117 pki_credentials
.key
= client_key
;
119 TEST("invalid username", test_login
, IE_NOT_LOGGED_IN
, context
,
120 url
, "7777777", "nbuusr1", &pki_credentials
, NULL
);
122 TEST("valid login", test_login
, IE_SUCCESS
, context
,
123 url
, username
, password
, &pki_credentials
, NULL
);
125 if (stop_server(server_process
)) {
126 ABORT_UNIT(server_error
);
134 struct tls_authentication tls_arguments
= {
135 .authority_certificate
= ca_certificate
,
136 .server_certificate
= server_certificate
,
137 .server_key
= server_key
,
138 .client_name
= client_dn
140 struct isds_pki_credentials pki_credentials
= {
142 .certificate_format
= PKI_FORMAT_PEM
,
143 .certificate
= client_certificate
,
144 .key_format
= PKI_FORMAT_PEM
,
148 error
= start_server(&server_process
, &url
,
149 server_out_of_order
, NULL
, &tls_arguments
);
151 isds_ctx_free(&context
);
153 ABORT_UNIT(server_error
);
156 TEST("log into out-of-order server", test_login
, IE_SOAP
, context
,
157 url
, username
, password
, &pki_credentials
, NULL
);
159 if (stop_server(server_process
)) {
160 ABORT_UNIT(server_error
);
167 isds_ctx_free(&context
);