Make Wangle tests compatible with remote execution

Summary: When running in a remote execution environment tests need to use bundled resources, in this case PEM files. For building against open source Folly releases we we reduce our dependency on the test SSL server library. TL;DR: the net effect for open source is no change. Reviewed By: rahulg Differential Revision: D50971496 fbshipit-source-id: a0ee582bc7aa4d25bfcb78855a31cffb8b7cf5ee
facebook · Nov 8, 2023 · b735439 · b735439
1 parent edc097f
commit b735439
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 6 deletions.
diff --git a/wangle/ssl/test/SSLContextManagerTest.cpp b/wangle/ssl/test/SSLContextManagerTest.cpp
@@ -24,6 +24,31 @@
 #include <wangle/ssl/ServerSSLContext.h>
 #include <wangle/ssl/TLSTicketKeyManager.h>
 
+#if defined(WANGLE_USE_FOLLY_TESTUTIL)
+#include <folly/experimental/TestUtil.h>
+#include <folly/io/async/test/TestSSLServer.h>
+
+namespace {
+std::string get_resource(const char* res) {
+  return folly::test::find_resource(res).string();
+}
+} // namespace
+
+using folly::test::kClientTestCert;
+using folly::test::kClientTestChain;
+using folly::test::kTestCert;
+#else
+namespace {
+std::string get_resource(const char* res) {
+  return res;
+}
+} // namespace
+
+const char* kClientTestChain = "folly/io/async/test/certs/client_chain.pem";
+const char* kClientTestCert = "folly/io/async/test/certs/client_cert.pem";
+const char* kTestCert = "folly/io/async/test/certs/tests-cert.pem";
+#endif
+
 using std::shared_ptr;
 using namespace folly;
 
@@ -582,7 +607,7 @@ TEST(SSLContextManagerTest, TestAlpnNotAllowMismatch) {
 TEST(SSLContextManagerTest, TestSingleClientCAFileSet) {
   SSLContextManagerForTest sslCtxMgr(
       "vip_ssl_context_manager_test_", getSettings(), nullptr);
-  const std::string clientCAFile = "folly/io/async/test/certs/client_chain.pem";
+  const std::string clientCAFile = get_resource(kClientTestChain);
 
   SSLContextConfig ctxConfig;
   ctxConfig.clientCAFile = clientCAFile;
@@ -622,8 +647,7 @@ TEST(SSLContextManagerTest, TestMultipleClientCAsSet) {
   SSLContextManagerForTest sslCtxMgr(
       "vip_ssl_context_manager_test_", getSettings(), nullptr);
   const std::vector<std::string> clientCAFiles{
-      "folly/io/async/test/certs/client_cert.pem",
-      "folly/io/async/test/certs/tests-cert.pem"};
+      get_resource(kClientTestCert), get_resource(kTestCert)};
 
   SSLContextConfig ctxConfig;
   ctxConfig.clientCAFiles = clientCAFiles;

diff --git a/wangle/ssl/test/TLSTicketKeyManagerTest.cpp b/wangle/ssl/test/TLSTicketKeyManagerTest.cpp
@@ -24,6 +24,31 @@
 #include <wangle/ssl/TLSTicketKeyManager.h>
 #include <wangle/ssl/test/MockSSLStats.h>
 
+#if defined(WANGLE_USE_FOLLY_TESTUTIL)
+#include <folly/experimental/TestUtil.h>
+#include <folly/io/async/test/TestSSLServer.h>
+
+namespace {
+std::string get_resource(const char* res) {
+  return folly::test::find_resource(res).string();
+}
+} // namespace
+
+using folly::test::kTestCA;
+using folly::test::kTestCert;
+using folly::test::kTestKey;
+#else
+namespace {
+std::string get_resource(const char* res) {
+  return res;
+}
+
+const char* kTestCert = "folly/io/async/test/certs/tests-cert.pem";
+const char* kTestKey = "folly/io/async/test/certs/tests-key.pem";
+const char* kTestCA = "folly/io/async/test/certs/ca-cert.pem";
+} // namespace
+#endif
+
 using ::testing::InSequence;
 using wangle::MockSSLStats;
 
@@ -167,8 +192,8 @@ TEST(
   // The OpenSSL bug occurs with TLS 1.3 PSKs only, SSLContext should enable
   // TLS 1.3 by default.
   auto serverCtx = std::make_shared<folly::SSLContext>();
-  serverCtx->loadCertificate("folly/io/async/test/certs/tests-cert.pem");
-  serverCtx->loadPrivateKey("folly/io/async/test/certs/tests-key.pem");
+  serverCtx->loadCertificate(get_resource(kTestCert).c_str());
+  serverCtx->loadPrivateKey(get_resource(kTestKey).c_str());
 
   // don't configure any seeds
   auto ticketHandler = std::make_unique<wangle::TLSTicketKeyManager>();
@@ -185,7 +210,7 @@ TEST(
   auto clientCtx = std::make_shared<folly::SSLContext>();
   clientCtx->setVerificationOption(
       folly::SSLContext::VerifyServerCertificate::IF_PRESENTED);
-  clientCtx->loadTrustedCertificates("folly/io/async/test/certs/ca-cert.pem");
+  clientCtx->loadTrustedCertificates(get_resource(kTestCA).c_str());
 
   TestConnectCallback connectCallback;
   // connect and grab the session (ticket)