diff options
author | Sumit Bose <sbose@redhat.com> | 2016-04-12 18:14:08 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-09 11:58:17 +0200 |
commit | 53ef8f81b60929a6c866efdd133627e7d7d61705 (patch) | |
tree | dec625c6cd01e15e73ace5d2e71054e95921e9f4 /src/tests | |
parent | aa35995ef056aa8ae052a47c62c6750b7adf065e (diff) | |
download | sssd-53ef8f81b60929a6c866efdd133627e7d7d61705.tar.gz sssd-53ef8f81b60929a6c866efdd133627e7d7d61705.tar.xz sssd-53ef8f81b60929a6c866efdd133627e7d7d61705.zip |
p11: add OCSP default responder options
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/cmocka/test_utils.c | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index 3aea17f36..aaba2df6d 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -1487,6 +1487,83 @@ static void test_sss_unique_filename_destruct(void **state) sss_unique_filename_test(test_ctx, true); } +static void test_parse_cert_verify_opts(void **state) +{ + int ret; + struct cert_verify_opts *cv_opts; + + ret = parse_cert_verify_opts(global_talloc_context, NULL, &cv_opts); + assert_int_equal(ret, EOK); + assert_true(cv_opts->do_verification); + assert_true(cv_opts->do_ocsp); + assert_null(cv_opts->ocsp_default_responder); + assert_null(cv_opts->ocsp_default_responder_signing_cert); + talloc_free(cv_opts); + + ret = parse_cert_verify_opts(global_talloc_context, "wedfkwefjk", &cv_opts); + assert_int_equal(ret, EOK); + assert_true(cv_opts->do_verification); + assert_true(cv_opts->do_ocsp); + assert_null(cv_opts->ocsp_default_responder); + assert_null(cv_opts->ocsp_default_responder_signing_cert); + talloc_free(cv_opts); + + ret = parse_cert_verify_opts(global_talloc_context, "no_ocsp", &cv_opts); + assert_int_equal(ret, EOK); + assert_true(cv_opts->do_verification); + assert_false(cv_opts->do_ocsp); + assert_null(cv_opts->ocsp_default_responder); + assert_null(cv_opts->ocsp_default_responder_signing_cert); + talloc_free(cv_opts); + + ret = parse_cert_verify_opts(global_talloc_context, "no_verification", + &cv_opts); + assert_int_equal(ret, EOK); + assert_false(cv_opts->do_verification); + assert_true(cv_opts->do_ocsp); + assert_null(cv_opts->ocsp_default_responder); + assert_null(cv_opts->ocsp_default_responder_signing_cert); + talloc_free(cv_opts); + + ret = parse_cert_verify_opts(global_talloc_context, + "no_ocsp,no_verification", &cv_opts); + assert_int_equal(ret, EOK); + assert_false(cv_opts->do_verification); + assert_false(cv_opts->do_ocsp); + assert_null(cv_opts->ocsp_default_responder); + assert_null(cv_opts->ocsp_default_responder_signing_cert); + talloc_free(cv_opts); + + ret = parse_cert_verify_opts(global_talloc_context, + "ocsp_default_responder=", &cv_opts); + assert_int_equal(ret, EINVAL); + + ret = parse_cert_verify_opts(global_talloc_context, + "ocsp_default_responder_signing_cert=", + &cv_opts); + assert_int_equal(ret, EINVAL); + + ret = parse_cert_verify_opts(global_talloc_context, + "ocsp_default_responder=abc", &cv_opts); + assert_int_equal(ret, EINVAL); + + ret = parse_cert_verify_opts(global_talloc_context, + "ocsp_default_responder_signing_cert=def", + &cv_opts); + assert_int_equal(ret, EINVAL); + + ret = parse_cert_verify_opts(global_talloc_context, + "ocsp_default_responder=abc," + "ocsp_default_responder_signing_cert=def", + &cv_opts); + assert_int_equal(ret, EOK); + assert_true(cv_opts->do_verification); + assert_true(cv_opts->do_ocsp); + assert_string_equal(cv_opts->ocsp_default_responder, "abc"); + assert_string_equal(cv_opts->ocsp_default_responder_signing_cert, "def"); + talloc_free(cv_opts); +} + int main(int argc, const char *argv[]) { poptContext pc; @@ -1566,6 +1643,9 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_sss_unique_filename_destruct, unique_file_test_setup, unique_file_test_teardown), + cmocka_unit_test_setup_teardown(test_parse_cert_verify_opts, + setup_add_strings_lists, + teardown_add_strings_lists), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ |