GCC Code Coverage Report

Directory: cvmfs/
File: cvmfs/ssl.cc
Date: 2025-02-02 02:34:22
Exec Total Coverage
Lines: 37 48 77.1%
Branches: 54 129 41.9%
Line Branch Exec Source
1 /**
2 * This file is part of the CernVM File System.
3 */
4
5 #include "ssl.h"
6
7 #include <dirent.h>
8
9 #include <cstdlib>
10 #include <string>
11 #include <vector>
12
13 #include "duplex_curl.h"
14 #include "util/platform.h"
15 #include "util/posix.h"
16 #include "util/string.h"
17
18 namespace {
19
20 36 bool HasCertificates(const std::string &directory) {
21 36 DIR *dirp = opendir(directory.c_str());
22
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 36 times.
 36 if (!dirp) return false;
23
24 platform_dirent64 *dirent;
25
1/2
✓ Branch 1 taken 252 times.
✗ Branch 2 not taken.
 252 while ((dirent = platform_readdir(dirp))) {
26
3/6
✓ Branch 2 taken 252 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 252 times.
✗ Branch 6 not taken.
✓ Branch 8 taken 252 times.
✗ Branch 9 not taken.
 504 const std::string filename(directory + "/" + std::string(dirent->d_name));
27
28 platform_stat64 stat;
29
1/2
✗ Branch 2 not taken.
✓ Branch 3 taken 252 times.
 252 if (platform_stat(filename.c_str(), &stat) != 0) continue;
30
3/4
✓ Branch 0 taken 72 times.
✓ Branch 1 taken 180 times.
✓ Branch 2 taken 72 times.
✗ Branch 3 not taken.
 252 if (!(S_ISREG(stat.st_mode) || S_ISLNK(stat.st_mode))) continue;
31
32
6/17
✓ Branch 2 taken 180 times.
✗ Branch 3 not taken.
✗ Branch 4 not taken.
✓ Branch 5 taken 180 times.
✗ Branch 6 not taken.
✓ Branch 7 taken 180 times.
✗ Branch 8 not taken.
✗ Branch 9 not taken.
✓ Branch 10 taken 180 times.
✗ Branch 11 not taken.
✗ Branch 12 not taken.
✓ Branch 13 taken 36 times.
✓ Branch 14 taken 144 times.
✗ Branch 15 not taken.
✗ Branch 16 not taken.
✗ Branch 18 not taken.
✗ Branch 19 not taken.
 540 if (HasSuffix(filename, ".pem", /* ignore case = */ false) ||
33
7/17
✓ Branch 2 taken 180 times.
✗ Branch 3 not taken.
✗ Branch 4 not taken.
✓ Branch 5 taken 180 times.
✗ Branch 6 not taken.
✓ Branch 7 taken 36 times.
✓ Branch 8 taken 144 times.
✓ Branch 9 taken 180 times.
✗ Branch 10 not taken.
✓ Branch 12 taken 180 times.
✗ Branch 13 not taken.
✓ Branch 15 taken 180 times.
✗ Branch 16 not taken.
✗ Branch 17 not taken.
✗ Branch 18 not taken.
✗ Branch 20 not taken.
✗ Branch 21 not taken.
 360 HasSuffix(filename, ".crt", /* ignore case = */ false)) {
34
1/2
✓ Branch 1 taken 36 times.
✗ Branch 2 not taken.
 36 closedir(dirp);
35 36 return true;
36 }
37
3/3
✓ Branch 1 taken 144 times.
✓ Branch 2 taken 72 times.
✓ Branch 3 taken 36 times.
 252 }
38
39 closedir(dirp);
40 return false;
41 }
42
43 } // namespace
44
45
46 170 SslCertificateStore::SslCertificateStore() {
47 170 const char *ca_path_env = getenv("X509_CERT_DIR");
48
1/4
✗ Branch 0 not taken.
✓ Branch 1 taken 170 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
 170 if (ca_path_env && *ca_path_env)
49 ca_path_ = ca_path_env;
50 else
51
1/2
✓ Branch 1 taken 170 times.
✗ Branch 2 not taken.
 170 ca_path_ = "/etc/grid-security/certificates";
52 170 const char *ca_bundle_env = getenv("X509_CERT_BUNDLE");
53
1/4
✗ Branch 0 not taken.
✓ Branch 1 taken 170 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
 170 if (ca_bundle_env && *ca_bundle_env)
54 ca_bundle_ = ca_bundle_env;
55 170 }
56
57
58 bool SslCertificateStore::ApplySslCertificatePath(CURL *handle) const {
59 CURLcode res1 = curl_easy_setopt(handle, CURLOPT_CAPATH, ca_path_.c_str());
60 CURLcode res2 = CURLE_OK;
61 if (!ca_bundle_.empty())
62 res2 = curl_easy_setopt(handle, CURLOPT_CAINFO, ca_bundle_.c_str());
63
64 return (res1 == CURLE_OK) && (res2 == CURLE_OK);
65 }
66
67
68 36 void SslCertificateStore::UseSystemCertificatePath() {
69 36 std::vector<std::string> candidates;
70
71
2/4
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 36 times.
✗ Branch 6 not taken.
 36 candidates.push_back("/etc/ssl/certs");
72
2/4
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 36 times.
✗ Branch 6 not taken.
 36 candidates.push_back("/etc/pki/tls/certs");
73
2/4
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 36 times.
✗ Branch 6 not taken.
 36 candidates.push_back("/etc/ssl");
74
2/4
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 36 times.
✗ Branch 6 not taken.
 36 candidates.push_back("/etc/pki/tls");
75
2/4
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 36 times.
✗ Branch 6 not taken.
 36 candidates.push_back("/etc/pki/ca-trust/extracted/pem");
76
2/4
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 36 times.
✗ Branch 6 not taken.
 36 candidates.push_back("/etc/ssl");
77
78
1/2
✓ Branch 1 taken 36 times.
✗ Branch 2 not taken.
 36 for (unsigned i = 0; i < candidates.size(); ++i) {
79
2/4
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
✓ Branch 4 taken 36 times.
✗ Branch 5 not taken.
 36 if (HasCertificates(candidates[i])) {
80
1/2
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
 36 const std::string bundle_candidate = candidates[i] + "/ca-bundle.crt";
81
2/6
✓ Branch 1 taken 36 times.
✗ Branch 2 not taken.
✓ Branch 3 taken 36 times.
✗ Branch 4 not taken.
✗ Branch 5 not taken.
✗ Branch 6 not taken.
 72 if (ca_bundle_.empty() &&
82
4/8
✓ Branch 1 taken 36 times.
✗ Branch 2 not taken.
✓ Branch 3 taken 36 times.
✗ Branch 4 not taken.
✓ Branch 6 taken 36 times.
✗ Branch 7 not taken.
✓ Branch 8 taken 36 times.
✗ Branch 9 not taken.
 36 (FileExists(bundle_candidate) || SymlinkExists(bundle_candidate)))
83 {
84
1/2
✓ Branch 1 taken 36 times.
✗ Branch 2 not taken.
 36 ca_bundle_ = bundle_candidate;
85 }
86
1/2
✓ Branch 2 taken 36 times.
✗ Branch 3 not taken.
 36 ca_path_ = candidates[i];
87 36 return;
88 36 }
89 }
90
91 // fallback
92 ca_path_ = candidates[0];
93
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 36 times.
 36 }
94