tls-certificate.c source code [gtk/subprojects/glib/gio/tests/tls-certificate.c]

1	/ GLib testing framework examples and tests*
2	*
3	* Copyright (C) 2011 Collabora Ltd.
4	*
5	* This library is free software; you can redistribute it and/or
6	* modify it under the terms of the GNU Lesser General Public
7	* License as published by the Free Software Foundation; either
8	* version 2.1 of the License, or (at your option) any later version.
9	*
10	* This library is distributed in the hope that it will be useful,
11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	* Lesser General Public License for more details.
14	*
15	* You should have received a copy of the GNU Lesser General
16	* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
17	*
18	* Author: Nicolas Dufresne <nicolas.dufresne@collabora.com>
19	*/
20
21	#include "config.h"
22
23	#include <gio/gio.h>
24
25	#include "gtesttlsbackend.h"
26
27	typedef struct
28	{
29	gchar *cert_pems[`3`];
30	gchar *cert_crlf_pem;
31	gchar *key_pem;
32	gchar *key_crlf_pem;
33	gchar *key8_pem;
34	} Reference;
35
36	static void
37	pem_parser (const Reference *ref)
38	{
39	GTlsCertificate *cert;
40	gchar *pem;
41	gsize pem_len = `0`;
42	gchar *parsed_cert_pem = NULL;
43	const gchar *parsed_key_pem = NULL;
44	GError *error = NULL;
45
46	/ Check PEM parsing in certificate, private key order. /
47	g_file_get_contents (filename: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert-key.pem", NULL), contents: &pem, length: &pem_len, error: &error);
48	g_assert_no_error (error);
49	g_assert_nonnull (pem);
50	g_assert_cmpuint (pem_len, >=, `10`);
51
52	cert = g_tls_certificate_new_from_pem (data: pem, length: -`1`, error: &error);
53	g_assert_no_error (error);
54	g_assert_nonnull (cert);
55
56	g_object_get (object: cert,
57	first_property_name: "certificate-pem", &parsed_cert_pem,
58	NULL);
59	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
60	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`0`]);
61	g_free (mem: parsed_cert_pem);
62	parsed_cert_pem = NULL;
63	g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
64	parsed_key_pem = NULL;
65
66	g_object_unref (object: cert);
67
68	/ Make sure length is respected and parser detect invalid PEM*
69	* when cert is truncated. */
70	cert = g_tls_certificate_new_from_pem (data: pem, length: `10`, error: &error);
71	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
72	g_clear_error (err: &error);
73
74	/ Make sure length is respected and parser detect invalid PEM*
75	* when cert exists but key is truncated. */
76	cert = g_tls_certificate_new_from_pem (data: pem, length: pem_len - `10`, error: &error);
77	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
78	g_clear_error (err: &error);
79	g_free (mem: pem);
80
81	/ Check PEM parsing in private key, certificate order /
82	g_file_get_contents (filename: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key-cert.pem", NULL), contents: &pem, NULL, error: &error);
83	g_assert_no_error (error);
84	g_assert_nonnull (pem);
85
86	cert = g_tls_certificate_new_from_pem (data: pem, length: -`1`, error: &error);
87	g_assert_no_error (error);
88	g_assert_nonnull (cert);
89
90	g_object_get (object: cert,
91	first_property_name: "certificate-pem", &parsed_cert_pem,
92	NULL);
93	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
94	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`0`]);
95	g_free (mem: parsed_cert_pem);
96	parsed_cert_pem = NULL;
97	g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
98	parsed_key_pem = NULL;
99
100	g_free (mem: pem);
101	g_object_unref (object: cert);
102
103	/ Check certificate only PEM /
104	g_file_get_contents (filename: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL), contents: &pem, NULL, error: &error);
105	g_assert_no_error (error);
106	g_assert_nonnull (pem);
107
108	cert = g_tls_certificate_new_from_pem (data: pem, length: -`1`, error: &error);
109	g_assert_no_error (error);
110	g_assert_nonnull (cert);
111
112	g_object_get (object: cert,
113	first_property_name: "certificate-pem", &parsed_cert_pem,
114	NULL);
115	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
116	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`0`]);
117	g_free (mem: parsed_cert_pem);
118	parsed_cert_pem = NULL;
119	g_assert_null (parsed_key_pem);
120
121	g_free (mem: pem);
122	g_object_unref (object: cert);
123
124	/ Check error with private key only PEM /
125	g_file_get_contents (filename: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key.pem", NULL), contents: &pem, NULL, error: &error);
126	g_assert_no_error (error);
127	g_assert_nonnull (pem);
128
129	cert = g_tls_certificate_new_from_pem (data: pem, length: -`1`, error: &error);
130	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
131	g_clear_error (err: &error);
132	g_assert_null (cert);
133	g_free (mem: pem);
134	}
135
136	static void
137	pem_parser_handles_chain (const Reference *ref)
138	{
139	GTlsCertificate *cert;
140	GTlsCertificate *issuer;
141	GTlsCertificate *original_cert;
142	gchar *pem;
143	gchar *parsed_cert_pem = NULL;
144	const gchar *parsed_key_pem = NULL;
145	GError *error = NULL;
146
147	/ Check that a chain with exactly three certificates is returned /
148	g_file_get_contents (filename: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert-list.pem", NULL), contents: &pem, NULL, error: &error);
149	g_assert_no_error (error);
150	g_assert_nonnull (pem);
151
152	cert = original_cert = g_tls_certificate_new_from_pem (data: pem, length: -`1`, error: &error);
153	g_free (mem: pem);
154	g_assert_no_error (error);
155	g_assert_nonnull (cert);
156
157	g_object_get (object: cert,
158	first_property_name: "certificate-pem", &parsed_cert_pem,
159	NULL);
160	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`0`]);
161	g_clear_pointer (&parsed_cert_pem, g_free);
162
163	/ Make sure the private key was parsed /
164	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
165	g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
166	parsed_key_pem = NULL;
167
168	/ Now test the second cert /
169	issuer = g_tls_certificate_get_issuer (cert);
170	g_assert_nonnull (issuer);
171
172	cert = issuer;
173	issuer = g_tls_certificate_get_issuer (cert);
174	g_assert_nonnull (issuer);
175
176	g_object_get (object: cert,
177	first_property_name: "certificate-pem", &parsed_cert_pem,
178	NULL);
179	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`1`]);
180	g_clear_pointer (&parsed_cert_pem, g_free);
181
182	/ Only the first cert should have a private key /
183	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
184	g_assert_null (parsed_key_pem);
185
186	/ Now test the final cert /
187	cert = issuer;
188	issuer = g_tls_certificate_get_issuer (cert);
189	g_assert_null (issuer);
190
191	g_object_get (object: cert,
192	first_property_name: "certificate-pem", &parsed_cert_pem,
193	NULL);
194	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`2`]);
195	g_clear_pointer (&parsed_cert_pem, g_free);
196
197	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
198	g_assert_null (parsed_key_pem);
199
200	g_object_unref (object: original_cert);
201	}
202
203	static void
204	pem_parser_no_sentinel (void)
205	{
206	GTlsCertificate *cert;
207	gchar *pem;
208	gsize pem_len = `0`;
209	gchar *pem_copy;
210	GError *error = NULL;
211
212	/ Check certificate from not-nul-terminated PEM /
213	g_file_get_contents (filename: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL), contents: &pem, length: &pem_len, error: &error);
214	g_assert_no_error (error);
215	g_assert_nonnull (pem);
216	g_assert_cmpuint (pem_len, >=, `10`);
217
218	pem_copy = g_new (char, pem_len);
219	/ Do not copy the terminating nul: /
220	memmove (dest: pem_copy, src: pem, n: pem_len);
221	g_free (mem: pem);
222
223	/ Check whether the parser respects the @length parameter.*
224	* pem_copy is allocated exactly pem_len bytes, so accessing memory
225	* outside its bounds will be detected by, for example, valgrind or
226	* asan. */
227	cert = g_tls_certificate_new_from_pem (data: pem_copy, length: pem_len, error: &error);
228	g_assert_no_error (error);
229	g_assert_nonnull (cert);
230
231	g_free (mem: pem_copy);
232	g_object_unref (object: cert);
233	}
234
235	static void
236	from_file (const Reference *ref)
237	{
238	GTlsCertificate *cert;
239	gchar *parsed_cert_pem = NULL;
240	const gchar *parsed_key_pem = NULL;
241	GError *error = NULL;
242
243	cert = g_tls_certificate_new_from_file (file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key-cert.pem", NULL),
244	error: &error);
245	g_assert_no_error (error);
246	g_assert_nonnull (cert);
247
248	g_object_get (object: cert,
249	first_property_name: "certificate-pem", &parsed_cert_pem,
250	NULL);
251	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
252	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`0`]);
253	g_free (mem: parsed_cert_pem);
254	parsed_cert_pem = NULL;
255	g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
256	parsed_key_pem = NULL;
257
258	g_object_unref (object: cert);
259	}
260
261	static void
262	from_files (const Reference *ref)
263	{
264	GTlsCertificate *cert;
265	gchar *parsed_cert_pem = NULL;
266	const gchar *parsed_key_pem = NULL;
267	GError *error = NULL;
268
269	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL),
270	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key.pem", NULL),
271	error: &error);
272	g_assert_no_error (error);
273	g_assert_nonnull (cert);
274
275	g_object_get (object: cert,
276	first_property_name: "certificate-pem", &parsed_cert_pem,
277	NULL);
278	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
279	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`0`]);
280	g_free (mem: parsed_cert_pem);
281	parsed_cert_pem = NULL;
282	g_assert_cmpstr (parsed_key_pem, ==, ref->key_pem);
283	parsed_key_pem = NULL;
284
285	g_object_unref (object: cert);
286
287	/ Missing private key /
288	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL),
289	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert2.pem", NULL),
290	error: &error);
291	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
292	g_clear_error (err: &error);
293	g_assert_null (cert);
294
295	/ Missing header private key /
296	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL),
297	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key_missing-header.pem", NULL),
298	error: &error);
299	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
300	g_clear_error (err: &error);
301	g_assert_null (cert);
302
303	/ Missing footer private key /
304	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL),
305	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key_missing-footer.pem", NULL),
306	error: &error);
307	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
308	g_clear_error (err: &error);
309	g_assert_null (cert);
310
311	/ Missing certificate /
312	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key.pem", NULL),
313	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key.pem", NULL),
314	error: &error);
315	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
316	g_clear_error (err: &error);
317	g_assert_null (cert);
318
319	/ Using this method twice with a file containing both private key and*
320	* certificate as a way to enforce private key presence is a fair use
321	*/
322	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key-cert.pem", NULL),
323	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key-cert.pem", NULL),
324	error: &error);
325	g_assert_no_error (error);
326	g_assert_nonnull (cert);
327	g_object_unref (object: cert);
328	}
329
330	static void
331	from_files_crlf (const Reference *ref)
332	{
333	GTlsCertificate *cert;
334	gchar *parsed_cert_pem = NULL;
335	const gchar *parsed_key_pem = NULL;
336	GError *error = NULL;
337
338	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert-crlf.pem", NULL),
339	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key-crlf.pem", NULL),
340	error: &error);
341	g_assert_no_error (error);
342	g_assert_nonnull (cert);
343
344	g_object_get (object: cert,
345	first_property_name: "certificate-pem", &parsed_cert_pem,
346	NULL);
347	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
348	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_crlf_pem);
349	g_free (mem: parsed_cert_pem);
350	parsed_cert_pem = NULL;
351	g_assert_cmpstr (parsed_key_pem, ==, ref->key_crlf_pem);
352	parsed_key_pem = NULL;
353
354	g_object_unref (object: cert);
355	}
356
357	static void
358	from_files_pkcs8 (const Reference *ref)
359	{
360	GTlsCertificate *cert;
361	gchar *parsed_cert_pem = NULL;
362	const gchar *parsed_key_pem = NULL;
363	GError *error = NULL;
364
365	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL),
366	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key8.pem", NULL),
367	error: &error);
368	g_assert_no_error (error);
369	g_assert_nonnull (cert);
370
371	g_object_get (object: cert,
372	first_property_name: "certificate-pem", &parsed_cert_pem,
373	NULL);
374	parsed_key_pem = g_test_tls_connection_get_private_key_pem (cert);
375	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[`0`]);
376	g_free (mem: parsed_cert_pem);
377	parsed_cert_pem = NULL;
378	g_assert_cmpstr (parsed_key_pem, ==, ref->key8_pem);
379	parsed_key_pem = NULL;
380
381	g_object_unref (object: cert);
382	}
383
384	static void
385	from_files_pkcs8enc (const Reference *ref)
386	{
387	GTlsCertificate *cert;
388	GError *error = NULL;
389
390	/ Mare sure an error is returned for encrypted key /
391	cert = g_tls_certificate_new_from_files (cert_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL),
392	key_file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key8enc.pem", NULL),
393	error: &error);
394	g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
395	g_clear_error (err: &error);
396	g_assert_null (cert);
397	}
398
399	static void
400	list_from_file (const Reference *ref)
401	{
402	GList list, l;
403	GError *error = NULL;
404	int i;
405
406	list = g_tls_certificate_list_new_from_file (file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert-list.pem", NULL),
407	error: &error);
408	g_assert_no_error (error);
409	g_assert_cmpint (g_list_length (list), ==, `3`);
410
411	l = list;
412	for (i = `0`; i < `3`; i++)
413	{
414	GTlsCertificate *cert = l->data;
415	gchar *parsed_cert_pem = NULL;
416	g_object_get (object: cert,
417	first_property_name: "certificate-pem", &parsed_cert_pem,
418	NULL);
419	g_assert_cmpstr (parsed_cert_pem, ==, ref->cert_pems[i]);
420	g_free (mem: parsed_cert_pem);
421	l = g_list_next (l);
422	}
423
424	g_list_free_full (list, free_func: g_object_unref);
425
426	/ Empty list is not an error /
427	list = g_tls_certificate_list_new_from_file (file: g_test_get_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "nothing.pem", NULL),
428	error: &error);
429	g_assert_no_error (error);
430	g_assert_cmpint (g_list_length (list), ==, `0`);
431	}
432
433	static void
434	from_pkcs11_uri (void)
435	{
436	GError *error = NULL;
437	GTlsCertificate *cert;
438	gchar *pkcs11_uri = NULL;
439
440	cert = g_tls_certificate_new_from_pkcs11_uris (pkcs11_uri: "pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, error: &error);
441	g_assert_no_error (error);
442	g_assert_nonnull (cert);
443
444	g_object_get (object: cert, first_property_name: "pkcs11-uri", &pkcs11_uri, NULL);
445	g_assert_cmpstr ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", ==, pkcs11_uri);
446	g_free (mem: pkcs11_uri);
447
448	g_object_unref (object: cert);
449	}
450
451	static void
452	from_unsupported_pkcs11_uri (void)
453	{
454	GError *error = NULL;
455	GTlsCertificate *cert;
456
457	/ This is a magic value in gtesttlsbackend.c simulating an unsupported backend /
458	cert = g_tls_certificate_new_from_pkcs11_uris (pkcs11_uri: "unsupported", NULL, error: &error);
459	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED);
460	g_assert_null (cert);
461
462	g_clear_error (err: &error);
463	}
464
465	int
466	main (int argc,
467	char *argv[])
468	{
469	int rtv;
470	Reference ref;
471	GError *error = NULL;
472	gchar *path;
473
474	g_test_init (argc: &argc, argv: &argv, NULL);
475
476	_g_test_tls_backend_get_type ();
477
478	/ Load reference PEM /
479	path = g_test_build_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert1.pem", NULL);
480	g_file_get_contents (filename: path, contents: &ref.cert_pems[`0`], NULL, error: &error);
481	g_assert_no_error (error);
482	g_assert_nonnull (ref.cert_pems[`0`]);
483	g_free (mem: path);
484	path = g_test_build_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert2.pem", NULL);
485	g_file_get_contents (filename: path, contents: &ref.cert_pems[`1`], NULL, error: &error);
486	g_assert_no_error (error);
487	g_assert_nonnull (ref.cert_pems[`1`]);
488	g_free (mem: path);
489	path = g_test_build_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert3.pem", NULL);
490	g_file_get_contents (filename: path, contents: &ref.cert_pems[`2`], NULL, error: &error);
491	g_assert_no_error (error);
492	g_assert_nonnull (ref.cert_pems[`2`]);
493	g_free (mem: path);
494	path = g_test_build_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "cert-crlf.pem", NULL);
495	g_file_get_contents (filename: path, contents: &ref.cert_crlf_pem, NULL, error: &error);
496	g_assert_no_error (error);
497	g_assert_nonnull (ref.cert_crlf_pem);
498	g_free (mem: path);
499	path = g_test_build_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key.pem", NULL);
500	g_file_get_contents (filename: path, contents: &ref.key_pem, NULL, error: &error);
501	g_assert_no_error (error);
502	g_assert_nonnull (ref.key_pem);
503	g_free (mem: path);
504	path = g_test_build_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key-crlf.pem", NULL);
505	g_file_get_contents (filename: path, contents: &ref.key_crlf_pem, NULL, error: &error);
506	g_assert_no_error (error);
507	g_assert_nonnull (ref.key_crlf_pem);
508	g_free (mem: path);
509	path = g_test_build_filename (file_type: G_TEST_DIST, first_path: "cert-tests", "key8.pem", NULL);
510	g_file_get_contents (filename: path, contents: &ref.key8_pem, NULL, error: &error);
511	g_assert_no_error (error);
512	g_assert_nonnull (ref.key8_pem);
513	g_free (mem: path);
514
515	g_test_add_data_func (testpath: "/tls-certificate/pem-parser",
516	test_data: &ref, test_func: (GTestDataFunc)pem_parser);
517	g_test_add_data_func (testpath: "/tls-certificate/pem-parser-handles-chain",
518	test_data: &ref, test_func: (GTestDataFunc)pem_parser_handles_chain);
519	g_test_add_data_func (testpath: "/tls-certificate/from_file",
520	test_data: &ref, test_func: (GTestDataFunc)from_file);
521	g_test_add_data_func (testpath: "/tls-certificate/from_files",
522	test_data: &ref, test_func: (GTestDataFunc)from_files);
523	g_test_add_data_func (testpath: "/tls-certificate/from_files_crlf",
524	test_data: &ref, test_func: (GTestDataFunc)from_files_crlf);
525	g_test_add_data_func (testpath: "/tls-certificate/from_files_pkcs8",
526	test_data: &ref, test_func: (GTestDataFunc)from_files_pkcs8);
527	g_test_add_data_func (testpath: "/tls-certificate/from_files_pkcs8enc",
528	test_data: &ref, test_func: (GTestDataFunc)from_files_pkcs8enc);
529	g_test_add_data_func (testpath: "/tls-certificate/list_from_file",
530	test_data: &ref, test_func: (GTestDataFunc)list_from_file);
531	g_test_add_func (testpath: "/tls-certificate/pkcs11-uri",
532	test_func: from_pkcs11_uri);
533	g_test_add_func (testpath: "/tls-certificate/pkcs11-uri-unsupported",
534	test_func: from_unsupported_pkcs11_uri);
535	g_test_add_func (testpath: "/tls-certificate/pem-parser-no-sentinel",
536	test_func: pem_parser_no_sentinel);
537
538	rtv = g_test_run();
539
540	g_free (mem: ref.cert_pems[`0`]);
541	g_free (mem: ref.cert_pems[`1`]);
542	g_free (mem: ref.cert_pems[`2`]);
543	g_free (mem: ref.cert_crlf_pem);
544	g_free (mem: ref.key_pem);
545	g_free (mem: ref.key_crlf_pem);
546	g_free (mem: ref.key8_pem);
547
548	return rtv;
549	}
550

source code of gtk/subprojects/glib/gio/tests/tls-certificate.c