From 59e488f70b9ab46b9c5fe1e05817449048356b18 Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <mauchle@macfma.switch.ch>
Date: Tue, 29 Sep 2020 07:04:53 +0200
Subject: [PATCH] first unit test for verifycert

---
 .gitignore            |  1 +
 tests/Makefile.am     |  2 +-
 tests/t_verify_cert.c | 68 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 tests/t_verify_cert.c

diff --git a/.gitignore b/.gitignore
index 8e166fc..de9c6af 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,5 +29,6 @@ tests/t_fticks
 tests/t_rewrite
 tests/t_rewrite_config
 tests/t_resizeattr
+tests/t_verify_cert
 tests/*.log
 tests/*.trs
diff --git a/tests/Makefile.am b/tests/Makefile.am
index af5e1c0..728d734 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -4,7 +4,7 @@ AUTOMAKE_OPTIONS = foreign
 LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) \
                   $(top_srcdir)/build-aux/tap-driver.sh
 
-check_PROGRAMS = t_fticks t_rewrite t_resizeattr t_rewrite_config
+check_PROGRAMS = t_fticks t_rewrite t_resizeattr t_rewrite_config t_verify_cert
 AM_CFLAGS = -g -Wall -Werror @SSL_CFLAGS@ @TARGET_CFLAGS@
 LDADD = $(top_builddir)/librsp.a @SSL_LIBS@
 LDFLAGS = @SSL_LDFLAGS@ @TARGET_LDFLAGS@ @LDFLAGS@
diff --git a/tests/t_verify_cert.c b/tests/t_verify_cert.c
new file mode 100644
index 0000000..0bb511e
--- /dev/null
+++ b/tests/t_verify_cert.c
@@ -0,0 +1,68 @@
+/* Copyright (C) 2020, SWITCH */
+/* See LICENSE for licensing information. */
+
+#include <openssl/x509v3.h>
+#include <string.h>
+#include <stdio.h>
+#include "../radsecproxy.h"
+#include "../debug.h"
+#include "../hostport.h"
+
+/* /CN=test */
+char *simplecert = "-----BEGIN CERTIFICATE-----\n\
+MIHAMIGMAgkAx2VNeC1d5FswCQYHKoZIzj0EATAPMQ0wCwYDVQQDDAR0ZXN0MB4X\n\
+DTIwMDkyODE0MTEzMloXDTIwMTAwODE0MTEzMlowDzENMAsGA1UEAwwEdGVzdDAy\n\
+MBAGByqGSM49AgEGBSuBBAAGAx4ABJxnszX24oQMNcK0IZozUpupFkD/dWBC37qI\n\
+QW4wCQYHKoZIzj0EAQMkADAhAg8Ajl0dHSkadggaqZiD72ACDjWHqYhaIAWTstBv\n\
+g/Q5\n\
+-----END CERTIFICATE-----";
+
+X509 *getcert(char *pem) {
+    X509* certX509;
+    BIO* certBio;
+
+    certBio = BIO_new(BIO_s_mem());
+    BIO_write(certBio, pem , strlen(pem));
+    certX509 = PEM_read_bio_X509(certBio, NULL, NULL, NULL);
+
+    BIO_free(certBio);
+
+    return certX509;
+}
+
+int
+main (int argc, char *argv[])
+{
+    int numtests = 1;
+
+    struct clsrvconf conf;
+    X509 *cert;
+
+    debug_init("t_verify_cert");
+    debug_set_level(5);
+
+    printf("1..%d\n", numtests);
+
+    {
+        struct hostportres hp;
+
+        conf.name = "test";
+        conf.certnamecheck = 1;
+        conf.matchcertattrs = NULL;
+        conf.hostports = list_create();
+        hp.host = "test";
+        hp.prefixlen = 0;
+        list_push(conf.hostports, &hp);
+
+        cert = getcert(simplecert);
+
+        if (verifyconfcert(cert, &conf)) {
+            printf("ok %d - simple cert cn\n", numtests++);
+        } else {
+            printf("not ok %d - simple cert cn\n", numtests++);
+        }
+        X509_free(cert);
+    }
+
+    return 0;
+}