OpenVPN 3 Core Library
Loading...
Searching...
No Matches
test_verify_x509_name.cpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8// Copyright (C) 2019-2022 David Sommerseth <davids@openvpn.net>
9//
10// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
11//
12
13//
14
15#include <iostream>
16#include "test_common.hpp"
17#include "openvpn/client/cliconstants.hpp"
18#include "openvpn/common/options.hpp"
19#include "openvpn/ssl/verify_x509_name.hpp"
20
21using namespace openvpn;
22
23namespace unittests {
24
39
40TEST(VerifyX509Name, config_missing_args)
41{
42 // Missing both needed arguments
43 std::string config = "verify-x509-name";
44 EXPECT_THROW(VerifyX509Name err_no_args(parse_testcfg(config)), option_error);
45}
46
47TEST(VerifyX509Name, config_incorrect_type)
48{
49 // Incorrect type
50 std::string config = "verify-x509-name localhost nonsense-arg";
51 EXPECT_THROW(VerifyX509Name err_wrong_type(parse_testcfg(config)),
52 option_error);
53}
54
55TEST(VerifyX509Name, config_correct_default_type)
56{
57 // Missing type argument - defaults to complete subject DN
58 std::string config = "verify-x509-name \"C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, "
59 "emailAddress=me@myhost.mydomain\"";
60 VerifyX509Name ok_default_subj(parse_testcfg(config));
61}
62
63TEST(VerifyX509Name, config_correct_subject)
64{
65 // Correct - type: subject
66 std::string config = "verify-x509-name \"C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, "
67 "emailAddress=me@myhost.mydomain\" subject";
68 VerifyX509Name ok_subj(parse_testcfg(config));
69}
70
71TEST(VerifyX509Name, config_correct_name)
72{
73 // Correct - type: name
74 std::string config = "verify-x509-name localhost name";
75 VerifyX509Name ok_name(parse_testcfg(config));
76}
77
78TEST(VerifyX509Name, config_squote)
79{
80 // ensure that single quote is not treated as name part
81 std::string config = "verify-x509-name 'server.example.org'";
82 VerifyX509Name verify(parse_testcfg(config));
83 ASSERT_TRUE(verify.verify("server.example.org"));
84}
85
86TEST(VerifyX509Name, config_correct_name_prefix)
87{
88 // Correct - type: name-prefix
89 std::string config = "verify-x509-name Server- name-prefix";
90 VerifyX509Name ok_name_prefix(parse_testcfg(config));
91}
92
93TEST(VerifyX509Name, test_subject)
94{
95 std::string config = "verify-x509-name \"C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, "
96 "emailAddress=me@myhost.mydomain\"";
97 VerifyX509Name verify_def(parse_testcfg(config));
98
99 ASSERT_TRUE(verify_def.verify(
100 "C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, "
101 "emailAddress=me@myhost.mydomain"));
102 ASSERT_FALSE(verify_def.verify(
103 "C=KG, ST=NA, O=OpenVPN-TEST-FAIL, CN=Wrong-Server, "
104 "emailAddress=me@myhost.mydomain"));
105 ASSERT_FALSE(verify_def.verify("server-1.example.org"));
106
107 // This is basically the same config as the one above,
108 // just with the 'subject' type defined explicitly
109 config = "verify-x509-name \"C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, "
110 "emailAddress=me@myhost.mydomain\" subject";
111 VerifyX509Name verify_subj(parse_testcfg(config));
112
113 ASSERT_TRUE(verify_subj.verify(
114 "C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, "
115 "emailAddress=me@myhost.mydomain"));
116 ASSERT_FALSE(verify_subj.verify(
117 "C=KG, ST=NA, O=OpenVPN-TEST-FAIL, CN=Wrong-Server, "
118 "emailAddress=me@myhost.mydomain"));
119 ASSERT_FALSE(verify_subj.verify("server-1.example.org"));
120}
121
122TEST(VerifyX509Name, test_name)
123{
124 std::string config = "verify-x509-name server-1.example.org name";
125 VerifyX509Name verify(parse_testcfg(config));
126
127 ASSERT_TRUE(verify.verify("server-1.example.org"));
128 ASSERT_FALSE(verify.verify("server-2.example.org"));
129 ASSERT_FALSE(verify.verify("server"));
130}
131
132TEST(VerifyX509Name, test_name_prefix)
133{
134 std::string config = "verify-x509-name server name-prefix";
135 VerifyX509Name verify(parse_testcfg(config));
136
137 ASSERT_TRUE(verify.verify("server-1.example.org"));
138 ASSERT_TRUE(verify.verify("server-2.sub.example.net"));
139 ASSERT_TRUE(verify.verify("server"));
140 ASSERT_FALSE(verify.verify("some-other.example.org"));
141}
142
143} // namespace unittests
openvpn::OptionList::parse_from_config
void parse_from_config(const std::string &str, Limits *lim)
Definition options.hpp:985
openvpn::VerifyX509Name::verify
bool verify(const std::string &value) const
Definition verify_x509_name.hpp:79
unittests::TEST
TEST(CPUTime, cpu_time_pid)
Definition test_cpu_time.cpp:110
unittests::parse_testcfg
OptionList parse_testcfg(std::string &config)
Definition test_verify_x509_name.cpp:25
test_common.hpp
config
static const char config[]
Definition test_parseargv.cpp:65
verify_x509_name.hpp