Commit f42568dc authored by Sylvain Berfini's avatar Sylvain Berfini 🎩

Added tests + changes to make tls authentication on LinphoneAuthInfo work

parent 39ee572c
......@@ -323,6 +323,18 @@ static const LinphoneAuthInfo *find_auth_info(LinphoneCore *lc, const char *user
return ret;
}
const LinphoneAuthInfo *_linphone_core_find_tls_auth_info(LinphoneCore *lc) {
bctbx_list_t *elem;
for (elem=lc->auth_info;elem!=NULL;elem=elem->next) {
LinphoneAuthInfo *pinfo = (LinphoneAuthInfo*)elem->data;
if (pinfo->tls_cert && pinfo->tls_key) {
return pinfo;
} else if (pinfo->tls_cert_path && pinfo->tls_key_path) {
return pinfo;
}
}
return NULL;
}
const LinphoneAuthInfo *_linphone_core_find_auth_info(LinphoneCore *lc, const char *realm, const char *username, const char *domain, bool_t ignore_realm){
const LinphoneAuthInfo *ai=NULL;
......
......@@ -1196,12 +1196,17 @@ static bool_t fill_auth_info_with_client_certificate(LinphoneCore *lc, SalAuthIn
}
static bool_t fill_auth_info(LinphoneCore *lc, SalAuthInfo* sai) {
LinphoneAuthInfo *ai=(LinphoneAuthInfo*)_linphone_core_find_auth_info(lc,sai->realm,sai->username,sai->domain, FALSE);
LinphoneAuthInfo *ai = NULL;
if (sai->mode == SalAuthModeTls) {
ai = (LinphoneAuthInfo*)_linphone_core_find_tls_auth_info(lc);
} else {
ai = (LinphoneAuthInfo*)_linphone_core_find_auth_info(lc,sai->realm,sai->username,sai->domain, FALSE);
}
if (ai) {
if (sai->mode == SalAuthModeHttpDigest) {
sai->userid=ms_strdup(ai->userid?ai->userid:ai->username);
sai->password=ai->passwd?ms_strdup(ai->passwd):NULL;
sai->ha1=ai->ha1?ms_strdup(ai->ha1):NULL;
sai->userid = ms_strdup(ai->userid ? ai->userid : ai->username);
sai->password = ai->passwd?ms_strdup(ai->passwd) : NULL;
sai->ha1 = ai->ha1 ? ms_strdup(ai->ha1) : NULL;
} else if (sai->mode == SalAuthModeTls) {
if (ai->tls_cert && ai->tls_key) {
sal_certificates_chain_parse(sai, ai->tls_cert, SAL_CERTIFICATE_RAW_FORMAT_PEM);
......@@ -1221,6 +1226,9 @@ static bool_t fill_auth_info(LinphoneCore *lc, SalAuthInfo* sai) {
}
return TRUE;
} else {
if (sai->mode == SalAuthModeTls) {
return fill_auth_info_with_client_certificate(lc, sai);
}
return FALSE;
}
}
......
......@@ -7963,11 +7963,11 @@ void linphone_core_set_tls_key(LinphoneCore *lc, const char *tls_key) {
}
void linphone_core_set_tls_cert_path(LinphoneCore *lc, const char *tls_cert_path) {
lp_config_set_string(lc->config, "sip", "client_cert_key", tls_cert_path);
lp_config_set_string(lc->config, "sip", "client_cert_chain", tls_cert_path);
}
void linphone_core_set_tls_key_path(LinphoneCore *lc, const char *tls_key_path) {
lp_config_set_string(lc->config, "sip", "client_cert_chain", tls_key_path);
lp_config_set_string(lc->config, "sip", "client_cert_key", tls_key_path);
}
const char *linphone_core_get_tls_cert(const LinphoneCore *lc) {
......
......@@ -397,6 +397,7 @@ void linphone_call_params_set_custom_sdp_media_attributes(LinphoneCallParams *pa
void linphone_auth_info_write_config(struct _LpConfig *config, LinphoneAuthInfo *obj, int pos);
void linphone_core_write_auth_info(LinphoneCore *lc, LinphoneAuthInfo *ai);
const LinphoneAuthInfo *_linphone_core_find_tls_auth_info(LinphoneCore *lc);
const LinphoneAuthInfo *_linphone_core_find_auth_info(LinphoneCore *lc, const char *realm, const char *username, const char *domain, bool_t ignore_realm);
void linphone_core_update_proxy_register(LinphoneCore *lc);
......
......@@ -66,7 +66,12 @@ set(CERTIFICATE_CN_FILES
certificates/cn/openssl-cn.cnf
)
set(CERTIFICATE_FILES ${CERTIFICATE_ALT_FILES} ${CERTIFICATE_CN_FILES})
set(CERTIFICATE_CLIENT_FILES
certificates/client/cert.pem
certificates/client/key.pem
)
set(CERTIFICATE_FILES ${CERTIFICATE_ALT_FILES} ${CERTIFICATE_CN_FILES} ${CERTIFICATE_CLIENT_FILES})
set(RC_FILES
rcfiles/carddav_rc
......@@ -109,6 +114,8 @@ set(RC_FILES
rcfiles/pauline_rc_rtcp_xr
rcfiles/pauline_sips_rc
rcfiles/pauline_tcp_rc
rcfiles/pauline_tls_client_rc
rcfiles/pauline_tls_client_2_rc
rcfiles/pauline_tunnel_verify_server_certificate_rc
rcfiles/pauline_v4proxy_rc
rcfiles/pauline_wild_rc
......
......@@ -28,7 +28,10 @@ CERTIFICATE_CN_FILES = certificates/cn/agent.pem \
certificates/cn/cafile.pem \
certificates/cn/openssl-cn.cnf
CERTIFICATE_FILES = $(CERTIFICATE_ALT_FILES) $(CERTIFICATE_CN_FILES)
CERTIFICATE_CLIENT_FILES = certificates/client/cert.pem \
certificates/client/key.pem
CERTIFICATE_FILES = $(CERTIFICATE_ALT_FILES) $(CERTIFICATE_CN_FILES) $(CERTIFICATE_CLIENT_FILES)
RCFILES = \
rcfiles/empty_rc\
......@@ -63,6 +66,8 @@ RCFILES = \
rcfiles/pauline_rc_rtcp_xr\
rcfiles/pauline_sips_rc\
rcfiles/pauline_tcp_rc\
rcfiles/pauline_tls_client_rc\
rcfiles/pauline_tls_client_2_rc\
rcfiles/pauline_wild_rc\
rcfiles/pauline_zrtp_aes256_rc\
rcfiles/pauline_zrtp_b256_rc\
......
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14 (0xe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
Validity
Not Before: Sep 20 14:00:00 2016 GMT
Not After : Sep 20 14:00:00 2017 GMT
Subject: C=FR, ST=Rhone-Alpes Auvergne, L=Grenoble, O=Belledonne Communications, CN=sip:sip.example.org/emailAddress=info@belledonne-communications.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9e:31:b6:30:07:0e:de:8b:dd:41:66:ec:52:84:
37:2c:bf:98:bc:8f:d3:8e:0d:0f:97:de:b0:4a:c6:
26:c3:c5:29:4d:4e:ed:6c:0c:fe:06:61:49:16:67:
23:90:c9:5b:00:49:f0:e0:5e:42:81:2a:73:c7:c7:
11:9e:41:53:28:46:73:d1:12:8a:bb:bf:e7:f5:84:
6a:06:e6:5c:02:de:95:1d:a0:fc:a5:f7:bf:e8:c8:
c9:95:9f:07:c3:96:96:09:4d:11:f4:48:a3:89:49:
30:c0:6b:e6:ad:a4:0f:b7:5a:f2:20:78:2c:35:da:
fe:4c:83:70:93:65:09:b1:bb:17:46:72:1d:22:c1:
07:b3:4d:93:cd:cf:8a:6d:12:7f:54:b3:48:df:d6:
02:6f:f2:9c:a0:6c:5e:09:6b:26:63:94:09:cf:0c:
42:e6:fa:99:08:c1:9f:18:4b:54:fb:2c:0a:cc:c0:
b2:a6:1d:47:d9:1d:f2:53:e2:27:f8:71:41:f6:45:
e6:50:dd:47:4b:71:a2:bb:94:74:0e:e1:c4:fd:f6:
c3:41:c5:4c:1e:f9:8b:9c:c7:7e:80:59:f9:5b:e7:
ab:76:fd:5a:9d:d8:bd:6f:f9:58:78:e4:72:82:44:
85:32:7d:c2:27:f6:52:69:69:e8:e6:70:00:aa:64:
45:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
CB:57:BF:89:AF:D9:DB:CC:E0:F8:79:71:AD:7F:03:63:20:0A:49:63
X509v3 Authority Key Identifier:
keyid:06:5F:5D:C7:16:AF:62:F8:2D:6E:71:03:88:A0:D6:1D:2B:04:7F:BA
Signature Algorithm: sha256WithRSAEncryption
3e:6c:d5:87:db:04:2b:1b:73:93:9e:ea:fe:10:4a:38:9b:3e:
63:8f:f2:8d:8a:d0:bc:b2:4a:63:e0:3c:31:71:00:cf:81:4a:
ae:4c:51:fc:5d:51:b7:0a:86:48:5b:1f:a6:cc:ca:d2:c3:95:
da:4b:34:dc:8c:dd:1b:27:fb:d2:a8:e4:5e:5a:cc:01:f0:63:
58:74:72:1b:5f:c9:51:87:49:dd:ff:13:77:4c:2f:59:38:7f:
0a:48:94:17:67:b9:7e:6a:1f:c8:29:67:e0:d4:79:c9:8c:5b:
25:09:1d:46:f2:3a:e4:29:85:73:32:c5:94:72:59:31:57:9c:
65:d5
-----BEGIN CERTIFICATE-----
MIID5jCCA0+gAwIBAgIBDjANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx
EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTYwOTIwMTQwMDAwWhcN
MTcwOTIwMTQwMDAwWjCBtDELMAkGA1UEBhMCRlIxHTAbBgNVBAgMFFJob25lLUFs
cGVzIEF1dmVyZ25lMREwDwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVk
b25uZSBDb21tdW5pY2F0aW9uczEcMBoGA1UEAwwTc2lwOnNpcC5leGFtcGxlLm9y
ZzExMC8GCSqGSIb3DQEJARYiaW5mb0BiZWxsZWRvbm5lLWNvbW11bmljYXRpb25z
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ4xtjAHDt6L3UFm
7FKENyy/mLyP044ND5fesErGJsPFKU1O7WwM/gZhSRZnI5DJWwBJ8OBeQoEqc8fH
EZ5BUyhGc9ESiru/5/WEagbmXALelR2g/KX3v+jIyZWfB8OWlglNEfRIo4lJMMBr
5q2kD7da8iB4LDXa/kyDcJNlCbG7F0ZyHSLBB7NNk83Pim0Sf1SzSN/WAm/ynKBs
XglrJmOUCc8MQub6mQjBnxhLVPssCszAsqYdR9kd8lPiJ/hxQfZF5lDdR0txoruU
dA7hxP32w0HFTB75i5zHfoBZ+Vvnq3b9Wp3YvW/5WHjkcoJEhTJ9wif2Umlp6OZw
AKpkRW8CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT
TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFMtXv4mv2dvM4Ph5ca1/
A2MgCkljMB8GA1UdIwQYMBaAFAZfXccWr2L4LW5xA4ig1h0rBH+6MA0GCSqGSIb3
DQEBCwUAA4GBAD5s1YfbBCsbc5Oe6v4QSjibPmOP8o2K0LyySmPgPDFxAM+BSq5M
UfxdUbcKhkhbH6bMytLDldpLNNyM3Rsn+9Ko5F5azAHwY1h0chtfyVGHSd3/E3dM
L1k4fwpIlBdnuX5qH8gpZ+DUecmMWyUJHUbyOuQphXMyxZRyWTFXnGXV
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAnjG2MAcO3ovdQWbsUoQ3LL+YvI/Tjg0Pl96wSsYmw8UpTU7t
bAz+BmFJFmcjkMlbAEnw4F5CgSpzx8cRnkFTKEZz0RKKu7/n9YRqBuZcAt6VHaD8
pfe/6MjJlZ8Hw5aWCU0R9EijiUkwwGvmraQPt1ryIHgsNdr+TINwk2UJsbsXRnId
IsEHs02Tzc+KbRJ/VLNI39YCb/KcoGxeCWsmY5QJzwxC5vqZCMGfGEtU+ywKzMCy
ph1H2R3yU+In+HFB9kXmUN1HS3Giu5R0DuHE/fbDQcVMHvmLnMd+gFn5W+erdv1a
ndi9b/lYeORygkSFMn3CJ/ZSaWno5nAAqmRFbwIDAQABAoIBAB52XCrrcQWR0U1i
0GcjZqyLSJIm8AoOoc4Q58m+VoCkWsu0QyvnZJM98KELw2GCJK/tjSDnhc7xqdHy
l4Xt9mFvD6ZW97gnwDcbBH/HpDg5PGW0NnKPPrlI0Oiq8wfK26F24do0kqlBGs4y
+Py+9vfL34w5F+pW/Vkmhmsbrb43h0YU44M7BkqG/5ah2f6bsEV8NeqyMWhkn5m7
GONv8Zot0aKeLz/krgQ4+ataQ6CBrSgwIiZ3FO/BTLIMC0g1qHamajpwZbA3/SBx
8viziHVcZl3KJqPnwFVBySuDmxw9DCULPIBBnKXW0ieZ4uL8rBd0NvGu5lD9b+CN
TglCzkECgYEAyvrNIdXvqYClqizdQRfIIUJsPk1fezqF6q36TT8WC1PaRYYL1VkG
8oTNMJdAU9uxqeZTG4SRkBhWcktN5VBArvWrPAzdSqkhU3YbztXLyTbxGTmdYsIO
1Lgm0yJ3pQAtm3js9T+A2gtU2aZFYAEY1J9+4q6Xj6fjvsyl2XgpqMkCgYEAx4Qd
hl+XUj0Y0Wpj880aB7ao1BFIwzNa2B3h5+zM7hD0WrY4nu1gBCJIDLjzVPdy9f/h
VMk9RDtWiutvO6x4nSOEfutCcFQkD3xXY7A7NCb+nEZMqOUvb6F7Igy6MU78Bbnr
Ci0hBMDUXmX5Adpaht16E9pL2ttpv1wjmWQIUHcCgYBy6VWkaCdMAKbJFqkTptEH
80CwbME3VERoPaJMhQCH3Sre3Spp2ALU3VYEwjwKvX9xPhGirIRz3TNjdTpeLfbQ
lggg8O9+yw0w4NaRW/wIp/AKZdGyDUa0KqTgNs0hPl6Te/w6Q39A8dVReo4f8b8K
8Fi3IDxxeYy3gcgKu7pp8QKBgQCIBHq4bBzWlQ6BXj2sLUysq4tnoCzx3uX05lJn
cdm4B1j/KrFpL71AtDpYahKB/3yhVwPAcL1S8f0rEhywGwHTZy5h9HND7yjyYbuW
G8QQ5vC3i3mhvzVarkUqznB1QzqvkLM7Kc8T1X4yqORcrgb/YKhkNnN2ThVGv0MJ
xNeiOwKBgQCGIgZ7y22u5OJhbh6lRh4yosiGAZ2G+cviH8KO5Wco4tG/DKabR1SE
ZYlo1MjIY/CEq2JPHa7ZXucRUKg78Mcy544FmMKDb/IpnGkjc+vhrYhjvMum/vTO
t6PwzTGGIJfVaLFYyTpr+ykDEOmsLWGDiTpXujbINQulHgczNR99EQ==
-----END RSA PRIVATE KEY-----
[sip]
sip_port=-1
sip_tcp_port=-1
sip_tls_port=-1
default_proxy=0
ping_with_options=0
composing_idle_timeout=1
[auth_info_0]
username=pauline
userid=pauline
passwd=secret
realm=sip.example.org
[proxy_0]
realm=sip.example.org
reg_proxy=sip2.linphone.org:5063;transport=tls
reg_route=sip2.linphone.org:5063;transport=tls
reg_identity=sip:pauline@sip.example.org
reg_expires=3600
reg_sendregister=1
publish=0
dial_escape_plus=0
#[friend_0]
#url="Mariette" <sip:marie@sip.example.org>
#pol=accept
#subscribe=0
[rtp]
audio_rtp_port=18070-28000
video_rtp_port=39072-49000
[video]
display=0
capture=0
show_local=0
size=qcif
enabled=0
self_view=0
automatically_initiate=0
automatically_accept=0
device=StaticImage: Static picture
[sound]
echocancellation=0 #to not overload cpu in case of VG
[net]
dns_srv_enabled=0 #no srv needed in general
stun_server=stun.linphone.org
[sip]
sip_port=-1
sip_tcp_port=-1
sip_tls_port=-1
default_proxy=0
ping_with_options=0
client_cert_chain=tester/certificates/client/cert.pem
client_cert_key=tester/certificates/client/key.pem
composing_idle_timeout=1
[auth_info_0]
username=pauline
userid=pauline
passwd=secret
realm=sip.example.org
[proxy_0]
realm=sip.example.org
reg_proxy=sip2.linphone.org:5063;transport=tls
reg_route=sip2.linphone.org:5063;transport=tls
reg_identity=sip:pauline@sip.example.org
reg_expires=3600
reg_sendregister=1
publish=0
dial_escape_plus=0
#[friend_0]
#url="Mariette" <sip:marie@sip.example.org>
#pol=accept
#subscribe=0
[rtp]
audio_rtp_port=18070-28000
video_rtp_port=39072-49000
[video]
display=0
capture=0
show_local=0
size=qcif
enabled=0
self_view=0
automatically_initiate=0
automatically_accept=0
device=StaticImage: Static picture
[sound]
echocancellation=0 #to not overload cpu in case of VG
[net]
dns_srv_enabled=0 #no srv needed in general
stun_server=stun.linphone.org
......@@ -947,6 +947,83 @@ static void redirect(void){
}
}
static void tls_auth_global_client_cert(void) {
if (transport_supported(LinphoneTransportTls)) {
LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_rc", TRUE);
linphone_core_manager_destroy(pauline);
}
}
static void tls_auth_global_client_cert_api(void) {
if (transport_supported(LinphoneTransportTls)) {
LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE);
char *cert_path = bc_tester_res("certificates/client/cert.pem");
char *key_path = bc_tester_res("certificates/client/key.pem");
char *cert = read_file(cert_path);
char *key = read_file(key_path);
LinphoneCore *lc = pauline->lc;
linphone_core_set_tls_cert(lc, cert);
linphone_core_set_tls_key(lc, key);
BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1));
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
ms_free(cert_path);
ms_free(key_path);
}
}
static void tls_auth_global_client_cert_api_path(void) {
if (transport_supported(LinphoneTransportTls)) {
LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE);
char *cert = bc_tester_res("certificates/client/cert.pem");
char *key = bc_tester_res("certificates/client/key.pem");
LinphoneCore *lc = pauline->lc;
linphone_core_set_tls_cert_path(lc, cert);
linphone_core_set_tls_key_path(lc, key);
BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1));
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
}
}
static void tls_auth_info_client_cert_api(void) {
if (transport_supported(LinphoneTransportTls)) {
LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE);
char *cert_path = bc_tester_res("certificates/client/cert.pem");
char *key_path = bc_tester_res("certificates/client/key.pem");
char *cert = read_file(cert_path);
char *key = read_file(key_path);
LinphoneCore *lc = pauline->lc;
LinphoneAuthInfo *authInfo = (LinphoneAuthInfo *)lc->auth_info->data;
linphone_auth_info_set_tls_cert(authInfo, cert);
linphone_auth_info_set_tls_key(authInfo, key);
BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1));
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
ms_free(cert_path);
ms_free(key_path);
}
}
static void tls_auth_info_client_cert_api_path(void) {
if (transport_supported(LinphoneTransportTls)) {
LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE);
char *cert = bc_tester_res("certificates/client/cert.pem");
char *key = bc_tester_res("certificates/client/key.pem");
LinphoneCore *lc = pauline->lc;
LinphoneAuthInfo *authInfo = (LinphoneAuthInfo *)lc->auth_info->data;
linphone_auth_info_set_tls_cert_path(authInfo, cert);
linphone_auth_info_set_tls_key_path(authInfo, key);
BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1));
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
}
}
test_t register_tests[] = {
TEST_NO_TAG("Simple register", simple_register),
TEST_NO_TAG("Simple register unregister", simple_unregister),
......@@ -982,7 +1059,12 @@ test_t register_tests[] = {
TEST_NO_TAG("Io recv error with recovery", io_recv_error_retry_immediatly),
TEST_NO_TAG("Io recv error with late recovery", io_recv_error_late_recovery),
TEST_NO_TAG("Io recv error without active registration", io_recv_error_without_active_register),
TEST_NO_TAG("Simple redirect", redirect)
TEST_NO_TAG("Simple redirect", redirect),
TEST_NO_TAG("Global TLS client certificate authentication", tls_auth_global_client_cert),
TEST_NO_TAG("Global TLS client certificate authentication using API", tls_auth_global_client_cert_api),
TEST_NO_TAG("Global TLS client certificate authentication using API 2", tls_auth_global_client_cert_api_path),
TEST_NO_TAG("AuthInfo TLS client certificate authentication using API", tls_auth_info_client_cert_api),
TEST_NO_TAG("AuthInfo TLS client certificate authentication using API 2", tls_auth_info_client_cert_api_path),
};
test_suite_t register_test_suite = {"Register", NULL, NULL, liblinphone_tester_before_each, liblinphone_tester_after_each,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment