From f42568dc719704e8549c3b4f9acce34fcb99b7bc Mon Sep 17 00:00:00 2001 From: Sylvain Berfini Date: Tue, 20 Sep 2016 18:07:57 +0200 Subject: [PATCH] Added tests + changes to make tls authentication on LinphoneAuthInfo work --- coreapi/authentication.c | 12 ++++ coreapi/callbacks.c | 16 +++-- coreapi/linphonecore.c | 4 +- coreapi/private.h | 1 + tester/CMakeLists.txt | 9 ++- tester/Makefile.am | 7 ++- tester/certificates/client/cert.pem | 75 +++++++++++++++++++++++ tester/certificates/client/key.pem | 27 +++++++++ tester/rcfiles/pauline_tls_client_2_rc | 51 ++++++++++++++++ tester/rcfiles/pauline_tls_client_rc | 54 +++++++++++++++++ tester/register_tester.c | 84 +++++++++++++++++++++++++- 11 files changed, 331 insertions(+), 9 deletions(-) create mode 100644 tester/certificates/client/cert.pem create mode 100644 tester/certificates/client/key.pem create mode 100644 tester/rcfiles/pauline_tls_client_2_rc create mode 100644 tester/rcfiles/pauline_tls_client_rc diff --git a/coreapi/authentication.c b/coreapi/authentication.c index 814e66307..4ea91d1cc 100644 --- a/coreapi/authentication.c +++ b/coreapi/authentication.c @@ -323,6 +323,18 @@ static const LinphoneAuthInfo *find_auth_info(LinphoneCore *lc, const char *user return ret; } +const LinphoneAuthInfo *_linphone_core_find_tls_auth_info(LinphoneCore *lc) { + bctbx_list_t *elem; + for (elem=lc->auth_info;elem!=NULL;elem=elem->next) { + LinphoneAuthInfo *pinfo = (LinphoneAuthInfo*)elem->data; + if (pinfo->tls_cert && pinfo->tls_key) { + return pinfo; + } else if (pinfo->tls_cert_path && pinfo->tls_key_path) { + return pinfo; + } + } + return NULL; +} const LinphoneAuthInfo *_linphone_core_find_auth_info(LinphoneCore *lc, const char *realm, const char *username, const char *domain, bool_t ignore_realm){ const LinphoneAuthInfo *ai=NULL; diff --git a/coreapi/callbacks.c b/coreapi/callbacks.c index 4fbd35951..10f1a99e7 100644 --- a/coreapi/callbacks.c +++ b/coreapi/callbacks.c @@ -1196,12 +1196,17 @@ static bool_t fill_auth_info_with_client_certificate(LinphoneCore *lc, SalAuthIn } static bool_t fill_auth_info(LinphoneCore *lc, SalAuthInfo* sai) { - LinphoneAuthInfo *ai=(LinphoneAuthInfo*)_linphone_core_find_auth_info(lc,sai->realm,sai->username,sai->domain, FALSE); + LinphoneAuthInfo *ai = NULL; + if (sai->mode == SalAuthModeTls) { + ai = (LinphoneAuthInfo*)_linphone_core_find_tls_auth_info(lc); + } else { + ai = (LinphoneAuthInfo*)_linphone_core_find_auth_info(lc,sai->realm,sai->username,sai->domain, FALSE); + } if (ai) { if (sai->mode == SalAuthModeHttpDigest) { - sai->userid=ms_strdup(ai->userid?ai->userid:ai->username); - sai->password=ai->passwd?ms_strdup(ai->passwd):NULL; - sai->ha1=ai->ha1?ms_strdup(ai->ha1):NULL; + sai->userid = ms_strdup(ai->userid ? ai->userid : ai->username); + sai->password = ai->passwd?ms_strdup(ai->passwd) : NULL; + sai->ha1 = ai->ha1 ? ms_strdup(ai->ha1) : NULL; } else if (sai->mode == SalAuthModeTls) { if (ai->tls_cert && ai->tls_key) { sal_certificates_chain_parse(sai, ai->tls_cert, SAL_CERTIFICATE_RAW_FORMAT_PEM); @@ -1221,6 +1226,9 @@ static bool_t fill_auth_info(LinphoneCore *lc, SalAuthInfo* sai) { } return TRUE; } else { + if (sai->mode == SalAuthModeTls) { + return fill_auth_info_with_client_certificate(lc, sai); + } return FALSE; } } diff --git a/coreapi/linphonecore.c b/coreapi/linphonecore.c index f452c70f2..055476c65 100644 --- a/coreapi/linphonecore.c +++ b/coreapi/linphonecore.c @@ -7963,11 +7963,11 @@ void linphone_core_set_tls_key(LinphoneCore *lc, const char *tls_key) { } void linphone_core_set_tls_cert_path(LinphoneCore *lc, const char *tls_cert_path) { - lp_config_set_string(lc->config, "sip", "client_cert_key", tls_cert_path); + lp_config_set_string(lc->config, "sip", "client_cert_chain", tls_cert_path); } void linphone_core_set_tls_key_path(LinphoneCore *lc, const char *tls_key_path) { - lp_config_set_string(lc->config, "sip", "client_cert_chain", tls_key_path); + lp_config_set_string(lc->config, "sip", "client_cert_key", tls_key_path); } const char *linphone_core_get_tls_cert(const LinphoneCore *lc) { diff --git a/coreapi/private.h b/coreapi/private.h index 8b9babb36..72d814d38 100644 --- a/coreapi/private.h +++ b/coreapi/private.h @@ -397,6 +397,7 @@ void linphone_call_params_set_custom_sdp_media_attributes(LinphoneCallParams *pa void linphone_auth_info_write_config(struct _LpConfig *config, LinphoneAuthInfo *obj, int pos); void linphone_core_write_auth_info(LinphoneCore *lc, LinphoneAuthInfo *ai); +const LinphoneAuthInfo *_linphone_core_find_tls_auth_info(LinphoneCore *lc); const LinphoneAuthInfo *_linphone_core_find_auth_info(LinphoneCore *lc, const char *realm, const char *username, const char *domain, bool_t ignore_realm); void linphone_core_update_proxy_register(LinphoneCore *lc); diff --git a/tester/CMakeLists.txt b/tester/CMakeLists.txt index 33fc873be..71358e978 100644 --- a/tester/CMakeLists.txt +++ b/tester/CMakeLists.txt @@ -66,7 +66,12 @@ set(CERTIFICATE_CN_FILES certificates/cn/openssl-cn.cnf ) -set(CERTIFICATE_FILES ${CERTIFICATE_ALT_FILES} ${CERTIFICATE_CN_FILES}) +set(CERTIFICATE_CLIENT_FILES + certificates/client/cert.pem + certificates/client/key.pem +) + +set(CERTIFICATE_FILES ${CERTIFICATE_ALT_FILES} ${CERTIFICATE_CN_FILES} ${CERTIFICATE_CLIENT_FILES}) set(RC_FILES rcfiles/carddav_rc @@ -109,6 +114,8 @@ set(RC_FILES rcfiles/pauline_rc_rtcp_xr rcfiles/pauline_sips_rc rcfiles/pauline_tcp_rc + rcfiles/pauline_tls_client_rc + rcfiles/pauline_tls_client_2_rc rcfiles/pauline_tunnel_verify_server_certificate_rc rcfiles/pauline_v4proxy_rc rcfiles/pauline_wild_rc diff --git a/tester/Makefile.am b/tester/Makefile.am index 62dbcff2b..3cb65ad2d 100644 --- a/tester/Makefile.am +++ b/tester/Makefile.am @@ -28,7 +28,10 @@ CERTIFICATE_CN_FILES = certificates/cn/agent.pem \ certificates/cn/cafile.pem \ certificates/cn/openssl-cn.cnf -CERTIFICATE_FILES = $(CERTIFICATE_ALT_FILES) $(CERTIFICATE_CN_FILES) +CERTIFICATE_CLIENT_FILES = certificates/client/cert.pem \ + certificates/client/key.pem + +CERTIFICATE_FILES = $(CERTIFICATE_ALT_FILES) $(CERTIFICATE_CN_FILES) $(CERTIFICATE_CLIENT_FILES) RCFILES = \ rcfiles/empty_rc\ @@ -63,6 +66,8 @@ RCFILES = \ rcfiles/pauline_rc_rtcp_xr\ rcfiles/pauline_sips_rc\ rcfiles/pauline_tcp_rc\ + rcfiles/pauline_tls_client_rc\ + rcfiles/pauline_tls_client_2_rc\ rcfiles/pauline_wild_rc\ rcfiles/pauline_zrtp_aes256_rc\ rcfiles/pauline_zrtp_b256_rc\ diff --git a/tester/certificates/client/cert.pem b/tester/certificates/client/cert.pem new file mode 100644 index 000000000..0893135ad --- /dev/null +++ b/tester/certificates/client/cert.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14 (0xe) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com + Validity + Not Before: Sep 20 14:00:00 2016 GMT + Not After : Sep 20 14:00:00 2017 GMT + Subject: C=FR, ST=Rhone-Alpes Auvergne, L=Grenoble, O=Belledonne Communications, CN=sip:sip.example.org/emailAddress=info@belledonne-communications.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9e:31:b6:30:07:0e:de:8b:dd:41:66:ec:52:84: + 37:2c:bf:98:bc:8f:d3:8e:0d:0f:97:de:b0:4a:c6: + 26:c3:c5:29:4d:4e:ed:6c:0c:fe:06:61:49:16:67: + 23:90:c9:5b:00:49:f0:e0:5e:42:81:2a:73:c7:c7: + 11:9e:41:53:28:46:73:d1:12:8a:bb:bf:e7:f5:84: + 6a:06:e6:5c:02:de:95:1d:a0:fc:a5:f7:bf:e8:c8: + c9:95:9f:07:c3:96:96:09:4d:11:f4:48:a3:89:49: + 30:c0:6b:e6:ad:a4:0f:b7:5a:f2:20:78:2c:35:da: + fe:4c:83:70:93:65:09:b1:bb:17:46:72:1d:22:c1: + 07:b3:4d:93:cd:cf:8a:6d:12:7f:54:b3:48:df:d6: + 02:6f:f2:9c:a0:6c:5e:09:6b:26:63:94:09:cf:0c: + 42:e6:fa:99:08:c1:9f:18:4b:54:fb:2c:0a:cc:c0: + b2:a6:1d:47:d9:1d:f2:53:e2:27:f8:71:41:f6:45: + e6:50:dd:47:4b:71:a2:bb:94:74:0e:e1:c4:fd:f6: + c3:41:c5:4c:1e:f9:8b:9c:c7:7e:80:59:f9:5b:e7: + ab:76:fd:5a:9d:d8:bd:6f:f9:58:78:e4:72:82:44: + 85:32:7d:c2:27:f6:52:69:69:e8:e6:70:00:aa:64: + 45:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + CB:57:BF:89:AF:D9:DB:CC:E0:F8:79:71:AD:7F:03:63:20:0A:49:63 + X509v3 Authority Key Identifier: + keyid:06:5F:5D:C7:16:AF:62:F8:2D:6E:71:03:88:A0:D6:1D:2B:04:7F:BA + + Signature Algorithm: sha256WithRSAEncryption + 3e:6c:d5:87:db:04:2b:1b:73:93:9e:ea:fe:10:4a:38:9b:3e: + 63:8f:f2:8d:8a:d0:bc:b2:4a:63:e0:3c:31:71:00:cf:81:4a: + ae:4c:51:fc:5d:51:b7:0a:86:48:5b:1f:a6:cc:ca:d2:c3:95: + da:4b:34:dc:8c:dd:1b:27:fb:d2:a8:e4:5e:5a:cc:01:f0:63: + 58:74:72:1b:5f:c9:51:87:49:dd:ff:13:77:4c:2f:59:38:7f: + 0a:48:94:17:67:b9:7e:6a:1f:c8:29:67:e0:d4:79:c9:8c:5b: + 25:09:1d:46:f2:3a:e4:29:85:73:32:c5:94:72:59:31:57:9c: + 65:d5 +-----BEGIN CERTIFICATE----- +MIID5jCCA0+gAwIBAgIBDjANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx +EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK +DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV +BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA +YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTYwOTIwMTQwMDAwWhcN +MTcwOTIwMTQwMDAwWjCBtDELMAkGA1UEBhMCRlIxHTAbBgNVBAgMFFJob25lLUFs +cGVzIEF1dmVyZ25lMREwDwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVk +b25uZSBDb21tdW5pY2F0aW9uczEcMBoGA1UEAwwTc2lwOnNpcC5leGFtcGxlLm9y +ZzExMC8GCSqGSIb3DQEJARYiaW5mb0BiZWxsZWRvbm5lLWNvbW11bmljYXRpb25z +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ4xtjAHDt6L3UFm +7FKENyy/mLyP044ND5fesErGJsPFKU1O7WwM/gZhSRZnI5DJWwBJ8OBeQoEqc8fH +EZ5BUyhGc9ESiru/5/WEagbmXALelR2g/KX3v+jIyZWfB8OWlglNEfRIo4lJMMBr +5q2kD7da8iB4LDXa/kyDcJNlCbG7F0ZyHSLBB7NNk83Pim0Sf1SzSN/WAm/ynKBs +XglrJmOUCc8MQub6mQjBnxhLVPssCszAsqYdR9kd8lPiJ/hxQfZF5lDdR0txoruU +dA7hxP32w0HFTB75i5zHfoBZ+Vvnq3b9Wp3YvW/5WHjkcoJEhTJ9wif2Umlp6OZw +AKpkRW8CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT +TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFMtXv4mv2dvM4Ph5ca1/ +A2MgCkljMB8GA1UdIwQYMBaAFAZfXccWr2L4LW5xA4ig1h0rBH+6MA0GCSqGSIb3 +DQEBCwUAA4GBAD5s1YfbBCsbc5Oe6v4QSjibPmOP8o2K0LyySmPgPDFxAM+BSq5M +UfxdUbcKhkhbH6bMytLDldpLNNyM3Rsn+9Ko5F5azAHwY1h0chtfyVGHSd3/E3dM +L1k4fwpIlBdnuX5qH8gpZ+DUecmMWyUJHUbyOuQphXMyxZRyWTFXnGXV +-----END CERTIFICATE----- diff --git a/tester/certificates/client/key.pem b/tester/certificates/client/key.pem new file mode 100644 index 000000000..40b5542dd --- /dev/null +++ b/tester/certificates/client/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnjG2MAcO3ovdQWbsUoQ3LL+YvI/Tjg0Pl96wSsYmw8UpTU7t +bAz+BmFJFmcjkMlbAEnw4F5CgSpzx8cRnkFTKEZz0RKKu7/n9YRqBuZcAt6VHaD8 +pfe/6MjJlZ8Hw5aWCU0R9EijiUkwwGvmraQPt1ryIHgsNdr+TINwk2UJsbsXRnId +IsEHs02Tzc+KbRJ/VLNI39YCb/KcoGxeCWsmY5QJzwxC5vqZCMGfGEtU+ywKzMCy +ph1H2R3yU+In+HFB9kXmUN1HS3Giu5R0DuHE/fbDQcVMHvmLnMd+gFn5W+erdv1a +ndi9b/lYeORygkSFMn3CJ/ZSaWno5nAAqmRFbwIDAQABAoIBAB52XCrrcQWR0U1i +0GcjZqyLSJIm8AoOoc4Q58m+VoCkWsu0QyvnZJM98KELw2GCJK/tjSDnhc7xqdHy +l4Xt9mFvD6ZW97gnwDcbBH/HpDg5PGW0NnKPPrlI0Oiq8wfK26F24do0kqlBGs4y ++Py+9vfL34w5F+pW/Vkmhmsbrb43h0YU44M7BkqG/5ah2f6bsEV8NeqyMWhkn5m7 +GONv8Zot0aKeLz/krgQ4+ataQ6CBrSgwIiZ3FO/BTLIMC0g1qHamajpwZbA3/SBx +8viziHVcZl3KJqPnwFVBySuDmxw9DCULPIBBnKXW0ieZ4uL8rBd0NvGu5lD9b+CN +TglCzkECgYEAyvrNIdXvqYClqizdQRfIIUJsPk1fezqF6q36TT8WC1PaRYYL1VkG +8oTNMJdAU9uxqeZTG4SRkBhWcktN5VBArvWrPAzdSqkhU3YbztXLyTbxGTmdYsIO +1Lgm0yJ3pQAtm3js9T+A2gtU2aZFYAEY1J9+4q6Xj6fjvsyl2XgpqMkCgYEAx4Qd +hl+XUj0Y0Wpj880aB7ao1BFIwzNa2B3h5+zM7hD0WrY4nu1gBCJIDLjzVPdy9f/h +VMk9RDtWiutvO6x4nSOEfutCcFQkD3xXY7A7NCb+nEZMqOUvb6F7Igy6MU78Bbnr +Ci0hBMDUXmX5Adpaht16E9pL2ttpv1wjmWQIUHcCgYBy6VWkaCdMAKbJFqkTptEH +80CwbME3VERoPaJMhQCH3Sre3Spp2ALU3VYEwjwKvX9xPhGirIRz3TNjdTpeLfbQ +lggg8O9+yw0w4NaRW/wIp/AKZdGyDUa0KqTgNs0hPl6Te/w6Q39A8dVReo4f8b8K +8Fi3IDxxeYy3gcgKu7pp8QKBgQCIBHq4bBzWlQ6BXj2sLUysq4tnoCzx3uX05lJn +cdm4B1j/KrFpL71AtDpYahKB/3yhVwPAcL1S8f0rEhywGwHTZy5h9HND7yjyYbuW +G8QQ5vC3i3mhvzVarkUqznB1QzqvkLM7Kc8T1X4yqORcrgb/YKhkNnN2ThVGv0MJ +xNeiOwKBgQCGIgZ7y22u5OJhbh6lRh4yosiGAZ2G+cviH8KO5Wco4tG/DKabR1SE +ZYlo1MjIY/CEq2JPHa7ZXucRUKg78Mcy544FmMKDb/IpnGkjc+vhrYhjvMum/vTO +t6PwzTGGIJfVaLFYyTpr+ykDEOmsLWGDiTpXujbINQulHgczNR99EQ== +-----END RSA PRIVATE KEY----- diff --git a/tester/rcfiles/pauline_tls_client_2_rc b/tester/rcfiles/pauline_tls_client_2_rc new file mode 100644 index 000000000..8e886b3e2 --- /dev/null +++ b/tester/rcfiles/pauline_tls_client_2_rc @@ -0,0 +1,51 @@ +[sip] +sip_port=-1 +sip_tcp_port=-1 +sip_tls_port=-1 +default_proxy=0 +ping_with_options=0 + +composing_idle_timeout=1 + +[auth_info_0] +username=pauline +userid=pauline +passwd=secret +realm=sip.example.org + +[proxy_0] +realm=sip.example.org +reg_proxy=sip2.linphone.org:5063;transport=tls +reg_route=sip2.linphone.org:5063;transport=tls +reg_identity=sip:pauline@sip.example.org +reg_expires=3600 +reg_sendregister=1 +publish=0 +dial_escape_plus=0 + +#[friend_0] +#url="Mariette" +#pol=accept +#subscribe=0 + +[rtp] +audio_rtp_port=18070-28000 +video_rtp_port=39072-49000 + +[video] +display=0 +capture=0 +show_local=0 +size=qcif +enabled=0 +self_view=0 +automatically_initiate=0 +automatically_accept=0 +device=StaticImage: Static picture + +[sound] +echocancellation=0 #to not overload cpu in case of VG + +[net] +dns_srv_enabled=0 #no srv needed in general +stun_server=stun.linphone.org diff --git a/tester/rcfiles/pauline_tls_client_rc b/tester/rcfiles/pauline_tls_client_rc new file mode 100644 index 000000000..931ae327e --- /dev/null +++ b/tester/rcfiles/pauline_tls_client_rc @@ -0,0 +1,54 @@ +[sip] +sip_port=-1 +sip_tcp_port=-1 +sip_tls_port=-1 +default_proxy=0 +ping_with_options=0 +client_cert_chain=tester/certificates/client/cert.pem +client_cert_key=tester/certificates/client/key.pem + +composing_idle_timeout=1 + +[auth_info_0] +username=pauline +userid=pauline +passwd=secret +realm=sip.example.org + + +[proxy_0] +realm=sip.example.org +reg_proxy=sip2.linphone.org:5063;transport=tls +reg_route=sip2.linphone.org:5063;transport=tls +reg_identity=sip:pauline@sip.example.org +reg_expires=3600 +reg_sendregister=1 +publish=0 +dial_escape_plus=0 + +#[friend_0] +#url="Mariette" +#pol=accept +#subscribe=0 + +[rtp] +audio_rtp_port=18070-28000 +video_rtp_port=39072-49000 + +[video] +display=0 +capture=0 +show_local=0 +size=qcif +enabled=0 +self_view=0 +automatically_initiate=0 +automatically_accept=0 +device=StaticImage: Static picture + +[sound] +echocancellation=0 #to not overload cpu in case of VG + +[net] +dns_srv_enabled=0 #no srv needed in general +stun_server=stun.linphone.org diff --git a/tester/register_tester.c b/tester/register_tester.c index eea6aefa8..5f0349b09 100644 --- a/tester/register_tester.c +++ b/tester/register_tester.c @@ -947,6 +947,83 @@ static void redirect(void){ } } +static void tls_auth_global_client_cert(void) { + if (transport_supported(LinphoneTransportTls)) { + LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_rc", TRUE); + linphone_core_manager_destroy(pauline); + } +} + +static void tls_auth_global_client_cert_api(void) { + if (transport_supported(LinphoneTransportTls)) { + LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE); + char *cert_path = bc_tester_res("certificates/client/cert.pem"); + char *key_path = bc_tester_res("certificates/client/key.pem"); + char *cert = read_file(cert_path); + char *key = read_file(key_path); + LinphoneCore *lc = pauline->lc; + linphone_core_set_tls_cert(lc, cert); + linphone_core_set_tls_key(lc, key); + BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1)); + linphone_core_manager_destroy(pauline); + ms_free(cert); + ms_free(key); + ms_free(cert_path); + ms_free(key_path); + } +} + +static void tls_auth_global_client_cert_api_path(void) { + if (transport_supported(LinphoneTransportTls)) { + LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE); + char *cert = bc_tester_res("certificates/client/cert.pem"); + char *key = bc_tester_res("certificates/client/key.pem"); + LinphoneCore *lc = pauline->lc; + linphone_core_set_tls_cert_path(lc, cert); + linphone_core_set_tls_key_path(lc, key); + BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1)); + linphone_core_manager_destroy(pauline); + ms_free(cert); + ms_free(key); + } +} + +static void tls_auth_info_client_cert_api(void) { + if (transport_supported(LinphoneTransportTls)) { + LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE); + char *cert_path = bc_tester_res("certificates/client/cert.pem"); + char *key_path = bc_tester_res("certificates/client/key.pem"); + char *cert = read_file(cert_path); + char *key = read_file(key_path); + LinphoneCore *lc = pauline->lc; + LinphoneAuthInfo *authInfo = (LinphoneAuthInfo *)lc->auth_info->data; + linphone_auth_info_set_tls_cert(authInfo, cert); + linphone_auth_info_set_tls_key(authInfo, key); + BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1)); + linphone_core_manager_destroy(pauline); + ms_free(cert); + ms_free(key); + ms_free(cert_path); + ms_free(key_path); + } +} + +static void tls_auth_info_client_cert_api_path(void) { + if (transport_supported(LinphoneTransportTls)) { + LinphoneCoreManager *pauline = linphone_core_manager_new2("pauline_tls_client_2_rc", FALSE); + char *cert = bc_tester_res("certificates/client/cert.pem"); + char *key = bc_tester_res("certificates/client/key.pem"); + LinphoneCore *lc = pauline->lc; + LinphoneAuthInfo *authInfo = (LinphoneAuthInfo *)lc->auth_info->data; + linphone_auth_info_set_tls_cert_path(authInfo, cert); + linphone_auth_info_set_tls_key_path(authInfo, key); + BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1)); + linphone_core_manager_destroy(pauline); + ms_free(cert); + ms_free(key); + } +} + test_t register_tests[] = { TEST_NO_TAG("Simple register", simple_register), TEST_NO_TAG("Simple register unregister", simple_unregister), @@ -982,7 +1059,12 @@ test_t register_tests[] = { TEST_NO_TAG("Io recv error with recovery", io_recv_error_retry_immediatly), TEST_NO_TAG("Io recv error with late recovery", io_recv_error_late_recovery), TEST_NO_TAG("Io recv error without active registration", io_recv_error_without_active_register), - TEST_NO_TAG("Simple redirect", redirect) + TEST_NO_TAG("Simple redirect", redirect), + TEST_NO_TAG("Global TLS client certificate authentication", tls_auth_global_client_cert), + TEST_NO_TAG("Global TLS client certificate authentication using API", tls_auth_global_client_cert_api), + TEST_NO_TAG("Global TLS client certificate authentication using API 2", tls_auth_global_client_cert_api_path), + TEST_NO_TAG("AuthInfo TLS client certificate authentication using API", tls_auth_info_client_cert_api), + TEST_NO_TAG("AuthInfo TLS client certificate authentication using API 2", tls_auth_info_client_cert_api_path), }; test_suite_t register_test_suite = {"Register", NULL, NULL, liblinphone_tester_before_each, liblinphone_tester_after_each,