From 6687220e48af9bdbd4b6ea0a094ceaf1230266ef Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 30 Apr 2016 13:45:25 +0200
Subject: [PATCH] tests: added check for cert handler validity

---
 tests/Makefile.am   |  2 +-
 tests/test-get-cert | 68 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100755 tests/test-get-cert

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 103b1c9f..b89c70ca 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -30,7 +30,7 @@ dist_check_SCRIPTS = test-iroute test-pass-script \
 if HAVE_CWRAP
 dist_check_SCRIPTS += test-pass test-pass-cert test-cert test-group-pass \
 	test-pass-group-cert test-pass-group-cert-no-pass test-sighup \
-	test-enc-key test-sighup-key-change
+	test-enc-key test-sighup-key-change test-get-cert
 endif
 
 AM_CPPFLAGS += \
diff --git a/tests/test-get-cert b/tests/test-get-cert
new file mode 100755
index 00000000..e6e5a8f0
--- /dev/null
+++ b/tests/test-get-cert
@@ -0,0 +1,68 @@
+#!/bin/sh
+#
+# Copyright (C) 2013 Nikos Mavrogiannopoulos
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+SERV="${SERV:-../src/ocserv}"
+srcdir=${srcdir:-.}
+NO_NEED_ROOT=1
+PORT=4445
+
+TMPFILE=getcert.$$.tmp
+TMPFILE2=getcert2.$$.tmp
+
+. `dirname $0`/common.sh
+
+echo "Testing ocserv certificate GET handlers... "
+
+update_config test-user-cert.config
+launch_simple_sr_server -d 1 -f -c ${CONFIG}
+PID=$!
+
+wait_server $PID
+
+echo -n "Connecting to GET PEM certificate... "
+( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/cert.pem --insecure > $TMPFILE 2>/dev/null ) ||
+	fail $PID "Could not get certificate!"
+
+cmp $TMPFILE "${srcdir}/server-cert.pem"
+if test $? != 0;then
+	fail $PID "failed, certs not match"
+fi
+
+echo "ok"
+
+echo -n "Connecting to GET DER certificate... "
+( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/cert.cer --insecure > $TMPFILE 2>/dev/null ) ||
+	fail $PID "Could not get DER certificate!"
+
+certtool --inder -i <"$TMPFILE" >$TMPFILE2
+certtool -i <"${srcdir}/server-cert.pem" >$TMPFILE
+cmp "$TMPFILE" "$TMPFILE2"
+if test $? != 0;then
+	fail $PID "failed, certs not match"
+fi
+
+echo "ok"
+
+
+cleanup
+
+rm -f "$TMPFILE" "$TMPFILE2"
+
+exit 0