Embed test-ca files into the test binaries

When cross compiling to operating systems like Fuchsia, it's a little complicated to build the test binaries, copy them and the test-ca files to the target, and make sure that everything is executed with the correct working directory. This PR makes it much easier to test rustls by embedding the test-ca files directly into the test binaries, which now can recreate a temporary test-ca directory as needed. This allows us to just copy the executable over, which really simplifies testing.
rustls · Mar 1, 2019 · 399ed16 · 399ed16
1 parent bc8cec0
commit 399ed16
Show file tree

Hide file tree

Showing 9 changed files with 242 additions and 100 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -35,6 +35,7 @@ webpki-roots = "0.16"
 ct-logs = "0.5"
 regex = "1.0"
 vecio = "0.1"
+tempfile = "3.0"
 
 [[example]]
 name = "bogo_shim"

diff --git a/tests/api.rs b/tests/api.rs
@@ -2,7 +2,6 @@
 use std::sync::Arc;
 use std::sync::Mutex;
 use std::sync::atomic::{AtomicUsize, Ordering};
-use std::fs;
 use std::mem;
 use std::fmt;
 use std::io::{self, Write, Read};
@@ -26,6 +25,9 @@ use rustls::quic::{self, QuicExt, ClientQuicExt, ServerQuicExt};
 
 use webpki;
 
+#[allow(dead_code)]
+mod common;
+
 fn transfer(left: &mut dyn Session, right: &mut dyn Session) -> usize {
     let mut buf = [0u8; 262144];
     let mut total = 0;
@@ -58,35 +60,31 @@ enum KeyType {
 static ALL_KEY_TYPES: [KeyType; 2] = [ KeyType::RSA, KeyType::ECDSA ];
 
 impl KeyType {
-    fn path_for(&self, part: &str) -> String {
+    fn bytes_for(&self, part: &str) -> &'static [u8] {
         match self {
-            KeyType::RSA => format!("test-ca/rsa/{}", part),
-            KeyType::ECDSA => format!("test-ca/ecdsa/{}", part),
+            KeyType::RSA => common::bytes_for("rsa", part),
+            KeyType::ECDSA => common::bytes_for("ecdsa", part),
         }
     }
 
     fn get_chain(&self) -> Vec<Certificate> {
-        pemfile::certs(&mut io::BufReader::new(fs::File::open(self.path_for("end.fullchain"))
-                                               .unwrap()))
+        pemfile::certs(&mut io::BufReader::new(self.bytes_for("end.fullchain")))
             .unwrap()
     }
 
     fn get_key(&self) -> PrivateKey {
-        pemfile::pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(self.path_for("end.key"))
-                                                            .unwrap()))
+        pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("end.key")))
                 .unwrap()[0]
             .clone()
     }
 
     fn get_client_chain(&self) -> Vec<Certificate> {
-        pemfile::certs(&mut io::BufReader::new(fs::File::open(self.path_for("client.fullchain"))
-                                               .unwrap()))
+        pemfile::certs(&mut io::BufReader::new(self.bytes_for("client.fullchain")))
             .unwrap()
     }
 
     fn get_client_key(&self) -> PrivateKey {
-        pemfile::pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(self.path_for("client.key"))
-                                                            .unwrap()))
+        pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("client.key")))
                 .unwrap()[0]
             .clone()
     }
@@ -115,7 +113,7 @@ fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig {
 
 fn make_client_config(kt: KeyType) -> ClientConfig {
     let mut cfg = ClientConfig::new();
-    let mut rootbuf = io::BufReader::new(fs::File::open(kt.path_for("ca.cert")).unwrap());
+    let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert"));
     cfg.root_store.add_pem_file(&mut rootbuf).unwrap();
 
     cfg

diff --git a/tests/bugs.rs b/tests/bugs.rs
@@ -7,7 +7,9 @@ use crate::common::OpenSSLServer;
 // but B is not.
 #[test]
 fn partial_chain() {
-    let mut server = OpenSSLServer::new_rsa(3000);
+    let test_ca = common::new_test_ca();
+
+    let mut server = OpenSSLServer::new_rsa(test_ca.path(), 3000);
     server.partial_chain();
     server.run();
     server.client()

diff --git a/tests/client_suites.rs b/tests/client_suites.rs
@@ -7,7 +7,9 @@ use crate::common::OpenSSLServer;
 
 #[test]
 fn ecdhe_rsa_aes_128_gcm_sha256() {
-    let mut server = OpenSSLServer::new_rsa(5000);
+    let test_ca = common::new_test_ca();
+
+    let mut server = OpenSSLServer::new_rsa(test_ca.path(), 5000);
     server.run();
     server.client()
         .verbose()
@@ -19,7 +21,9 @@ fn ecdhe_rsa_aes_128_gcm_sha256() {
 
 #[test]
 fn ecdhe_rsa_aes_256_gcm_sha384() {
-    let mut server = OpenSSLServer::new_rsa(5010);
+    let test_ca = common::new_test_ca();
+
+    let mut server = OpenSSLServer::new_rsa(test_ca.path(), 5010);
     server.run();
     server.client()
         .verbose()
@@ -31,7 +35,9 @@ fn ecdhe_rsa_aes_256_gcm_sha384() {
 
 #[test]
 fn ecdhe_ecdsa_aes_128_gcm_sha256() {
-    let mut server = OpenSSLServer::new_ecdsa(5020);
+    let test_ca = common::new_test_ca();
+
+    let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 5020);
     server.run();
     server.client()
         .verbose()
@@ -43,7 +49,9 @@ fn ecdhe_ecdsa_aes_128_gcm_sha256() {
 
 #[test]
 fn ecdhe_ecdsa_aes_256_gcm_sha384() {
-    let mut server = OpenSSLServer::new_ecdsa(5030);
+    let test_ca = common::new_test_ca();
+
+    let mut server = OpenSSLServer::new_ecdsa(test_ca.path(), 5030);
     server.run();
     server.client()
         .verbose()