2018-04-20 01:11:55 +08:00
|
|
|
/*
|
|
|
|
* plugin-test.cpp
|
|
|
|
*
|
|
|
|
* This source file is part of the FoundationDB open source project
|
|
|
|
*
|
2022-03-22 04:36:23 +08:00
|
|
|
* Copyright 2013-2022 Apple Inc. and the FoundationDB project authors
|
2018-04-20 01:11:55 +08:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2018-04-13 03:28:52 +08:00
|
|
|
#include <exception>
|
|
|
|
#include <fstream>
|
|
|
|
#include <iostream>
|
|
|
|
#include <sstream>
|
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <dlfcn.h>
|
|
|
|
|
|
|
|
#include <boost/circular_buffer.hpp>
|
|
|
|
|
2018-10-20 09:53:09 +08:00
|
|
|
#include "fdbrpc/ITLSPlugin.h"
|
2018-04-13 03:28:52 +08:00
|
|
|
|
2018-10-20 09:53:09 +08:00
|
|
|
#include "FDBLibTLS/FDBLibTLSPlugin.h"
|
2018-04-13 03:28:52 +08:00
|
|
|
|
|
|
|
#define TESTDATA "./testdata/"
|
|
|
|
|
|
|
|
static std::string load_file(std::string path) {
|
|
|
|
std::ifstream fs(path);
|
|
|
|
std::stringstream ss;
|
|
|
|
|
|
|
|
ss << fs.rdbuf();
|
|
|
|
fs.close();
|
|
|
|
|
|
|
|
return ss.str();
|
|
|
|
}
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
struct client_server_test {
|
|
|
|
std::string ca_path;
|
2018-04-13 03:28:52 +08:00
|
|
|
|
|
|
|
bool client_success;
|
2018-05-09 07:27:21 +08:00
|
|
|
std::string client_path;
|
|
|
|
const char* client_password;
|
|
|
|
std::vector<std::string> client_verify;
|
|
|
|
const char* servername;
|
2018-04-13 03:28:52 +08:00
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
bool server_success;
|
|
|
|
std::string server_path;
|
|
|
|
const char* server_password;
|
|
|
|
std::vector<std::string> server_verify;
|
2018-04-13 03:28:52 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct FDBLibTLSPluginTest {
|
2018-07-12 09:41:46 +08:00
|
|
|
FDBLibTLSPluginTest(Reference<ITLSPlugin> plugin);
|
2018-05-09 07:27:21 +08:00
|
|
|
~FDBLibTLSPluginTest();
|
2018-04-13 03:28:52 +08:00
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
Reference<ITLSPlugin> plugin;
|
2018-04-13 03:28:52 +08:00
|
|
|
|
|
|
|
boost::circular_buffer<uint8_t> client_buffer;
|
|
|
|
boost::circular_buffer<uint8_t> server_buffer;
|
|
|
|
|
|
|
|
int circular_read(boost::circular_buffer<uint8_t>* cb, uint8_t* buf, int len);
|
|
|
|
int circular_write(boost::circular_buffer<uint8_t>* cb, const uint8_t* buf, int len);
|
|
|
|
int client_read(uint8_t* buf, int len);
|
|
|
|
int client_write(const uint8_t* buf, int len);
|
|
|
|
int server_read(uint8_t* buf, int len);
|
|
|
|
int server_write(const uint8_t* buf, int len);
|
|
|
|
|
|
|
|
Reference<ITLSPolicy> create_policy(void);
|
2018-05-09 07:27:21 +08:00
|
|
|
Reference<ITLSSession> create_client_session(Reference<ITLSPolicy> policy, const char* servername);
|
2018-04-13 03:28:52 +08:00
|
|
|
Reference<ITLSSession> create_server_session(Reference<ITLSPolicy> policy);
|
|
|
|
|
|
|
|
void circular_reset(void);
|
|
|
|
void circular_self_test(void);
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
int client_server_test(const struct client_server_test* cst);
|
2018-04-13 03:28:52 +08:00
|
|
|
int set_cert_data_test(void);
|
|
|
|
};
|
|
|
|
|
2018-07-12 09:41:46 +08:00
|
|
|
FDBLibTLSPluginTest::FDBLibTLSPluginTest(Reference<ITLSPlugin> plugin) : plugin(plugin) {
|
2018-04-13 03:28:52 +08:00
|
|
|
circular_reset();
|
|
|
|
circular_self_test();
|
|
|
|
}
|
|
|
|
|
|
|
|
FDBLibTLSPluginTest::~FDBLibTLSPluginTest() {}
|
|
|
|
|
|
|
|
int FDBLibTLSPluginTest::circular_read(boost::circular_buffer<uint8_t>* cb, uint8_t* buf, int len) {
|
|
|
|
int n = 0;
|
|
|
|
|
|
|
|
for (n = 0; n < len; n++) {
|
|
|
|
if (cb->empty())
|
|
|
|
break;
|
|
|
|
buf[n] = (*cb)[0];
|
|
|
|
cb->pop_front();
|
|
|
|
}
|
|
|
|
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
int FDBLibTLSPluginTest::circular_write(boost::circular_buffer<uint8_t>* cb, const uint8_t* buf, int len) {
|
|
|
|
int n = 0;
|
|
|
|
|
|
|
|
for (n = 0; n < len; n++) {
|
|
|
|
if (cb->full())
|
|
|
|
break;
|
|
|
|
cb->push_back(buf[n]);
|
|
|
|
}
|
|
|
|
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
int FDBLibTLSPluginTest::client_read(uint8_t* buf, int len) {
|
|
|
|
// Read bytes from the server from the client's buffer.
|
|
|
|
return circular_read(&client_buffer, buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
int FDBLibTLSPluginTest::client_write(const uint8_t* buf, int len) {
|
|
|
|
// Write bytes from the client into the server's buffer.
|
|
|
|
return circular_write(&server_buffer, buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
int FDBLibTLSPluginTest::server_read(uint8_t* buf, int len) {
|
|
|
|
// Read bytes from the client from the server's buffer.
|
|
|
|
return circular_read(&server_buffer, buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
int FDBLibTLSPluginTest::server_write(const uint8_t* buf, int len) {
|
|
|
|
// Write bytes from the server into the client's buffer.
|
|
|
|
return circular_write(&client_buffer, buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
void FDBLibTLSPluginTest::circular_reset() {
|
|
|
|
client_buffer = boost::circular_buffer<uint8_t>(1024);
|
|
|
|
server_buffer = boost::circular_buffer<uint8_t>(1024);
|
|
|
|
}
|
|
|
|
|
|
|
|
void FDBLibTLSPluginTest::circular_self_test() {
|
|
|
|
uint8_t buf[1024] = { 1, 2, 3 };
|
|
|
|
|
|
|
|
std::cerr << "INFO: running circular buffer self tests...\n";
|
|
|
|
|
|
|
|
assert(server_read(buf, 3) == 0);
|
|
|
|
|
|
|
|
buf[0] = 1, buf[1] = 2, buf[2] = 3;
|
|
|
|
assert(client_write(buf, 2) == 2);
|
|
|
|
|
|
|
|
buf[0] = buf[1] = buf[2] = 255;
|
|
|
|
assert(server_read(buf, 3) == 2);
|
|
|
|
assert(buf[0] == 1 && buf[1] == 2 && buf[2] == 255);
|
|
|
|
|
|
|
|
assert(client_write(buf, 1024) == 1024);
|
|
|
|
assert(client_write(buf, 1) == 0);
|
|
|
|
assert(server_read(buf, 1) == 1);
|
|
|
|
assert(client_write(buf, 1) == 1);
|
|
|
|
assert(client_write(buf, 1) == 0);
|
|
|
|
assert(server_read(buf, 1024) == 1024);
|
|
|
|
assert(server_read(buf, 1024) == 0);
|
|
|
|
|
|
|
|
assert(client_read(buf, 3) == 0);
|
|
|
|
|
|
|
|
buf[0] = 1, buf[1] = 2, buf[2] = 3;
|
|
|
|
assert(server_write(buf, 2) == 2);
|
|
|
|
|
|
|
|
buf[0] = buf[1] = buf[2] = 255;
|
|
|
|
assert(client_read(buf, 3) == 2);
|
|
|
|
assert(buf[0] == 1 && buf[1] == 2 && buf[2] == 255);
|
|
|
|
|
|
|
|
assert(server_write(buf, 1024) == 1024);
|
|
|
|
assert(server_write(buf, 1) == 0);
|
|
|
|
assert(client_read(buf, 1) == 1);
|
|
|
|
assert(server_write(buf, 1) == 1);
|
|
|
|
assert(server_write(buf, 1) == 0);
|
|
|
|
assert(client_read(buf, 1024) == 1024);
|
|
|
|
assert(client_read(buf, 1024) == 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
Reference<ITLSPolicy> FDBLibTLSPluginTest::create_policy(void) {
|
2018-07-12 09:41:46 +08:00
|
|
|
return Reference<ITLSPolicy>(plugin->create_policy());
|
2018-04-13 03:28:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int client_send_func(void* ctx, const uint8_t* buf, int len) {
|
|
|
|
FDBLibTLSPluginTest* pt = (FDBLibTLSPluginTest*)ctx;
|
|
|
|
try {
|
|
|
|
return pt->client_write(buf, len);
|
|
|
|
} catch (const std::runtime_error& e) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int client_recv_func(void* ctx, uint8_t* buf, int len) {
|
|
|
|
FDBLibTLSPluginTest* pt = (FDBLibTLSPluginTest*)ctx;
|
|
|
|
try {
|
|
|
|
return pt->client_read(buf, len);
|
|
|
|
} catch (const std::runtime_error& e) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
Reference<ITLSSession> FDBLibTLSPluginTest::create_client_session(Reference<ITLSPolicy> policy,
|
|
|
|
const char* servername) {
|
|
|
|
return Reference<ITLSSession>(
|
|
|
|
policy->create_session(true, servername, client_send_func, this, client_recv_func, this, NULL));
|
2018-04-13 03:28:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int server_send_func(void* ctx, const uint8_t* buf, int len) {
|
|
|
|
FDBLibTLSPluginTest* pt = (FDBLibTLSPluginTest*)ctx;
|
|
|
|
try {
|
|
|
|
return pt->server_write(buf, len);
|
|
|
|
} catch (const std::runtime_error& e) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int server_recv_func(void* ctx, uint8_t* buf, int len) {
|
|
|
|
FDBLibTLSPluginTest* pt = (FDBLibTLSPluginTest*)ctx;
|
|
|
|
try {
|
|
|
|
return pt->server_read(buf, len);
|
|
|
|
} catch (const std::runtime_error& e) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Reference<ITLSSession> FDBLibTLSPluginTest::create_server_session(Reference<ITLSPolicy> policy) {
|
2018-05-09 07:27:21 +08:00
|
|
|
return Reference<ITLSSession>(
|
|
|
|
policy->create_session(false, NULL, server_send_func, this, server_recv_func, this, NULL));
|
|
|
|
}
|
|
|
|
|
|
|
|
#define MAX_VERIFY_RULES 5
|
|
|
|
|
|
|
|
static void convert_verify_peers(const std::vector<std::string>* verify_rules,
|
|
|
|
const uint8_t* verify_peers[],
|
|
|
|
int verify_peers_len[]) {
|
|
|
|
if (verify_rules->size() > MAX_VERIFY_RULES)
|
|
|
|
throw std::runtime_error("verify");
|
|
|
|
int i = 0;
|
|
|
|
for (auto& verify_rule : *verify_rules) {
|
|
|
|
verify_peers[i] = (const uint8_t*)&verify_rule[0];
|
|
|
|
verify_peers_len[i] = verify_rule.size();
|
|
|
|
i++;
|
|
|
|
}
|
2018-04-13 03:28:52 +08:00
|
|
|
}
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
int FDBLibTLSPluginTest::client_server_test(const struct client_server_test* cst) {
|
|
|
|
const uint8_t* verify_peers[MAX_VERIFY_RULES];
|
|
|
|
int verify_peers_len[MAX_VERIFY_RULES];
|
|
|
|
|
2018-04-13 03:28:52 +08:00
|
|
|
circular_reset();
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
std::string ca_data = load_file(TESTDATA + cst->ca_path);
|
|
|
|
std::string client_data = load_file(TESTDATA + cst->client_path);
|
|
|
|
std::string server_data = load_file(TESTDATA + cst->server_path);
|
|
|
|
|
2018-04-13 03:28:52 +08:00
|
|
|
Reference<ITLSPolicy> client_policy = create_policy();
|
2018-05-09 07:27:21 +08:00
|
|
|
if (!client_policy->set_ca_data((const uint8_t*)&ca_data[0], ca_data.size())) {
|
|
|
|
std::cerr << "FAIL: failed to set client ca data\n";
|
2018-04-13 03:28:52 +08:00
|
|
|
return 1;
|
|
|
|
}
|
2018-05-09 07:27:21 +08:00
|
|
|
if (!client_policy->set_cert_data((const uint8_t*)&client_data[0], client_data.size())) {
|
|
|
|
std::cerr << "FAIL: failed to set client cert data\n";
|
2018-04-13 03:28:52 +08:00
|
|
|
return 1;
|
|
|
|
}
|
2018-05-09 07:27:21 +08:00
|
|
|
if (!client_policy->set_key_data((const uint8_t*)&client_data[0], client_data.size(), cst->client_password)) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "FAIL: failed to set client key data\n";
|
|
|
|
return 1;
|
|
|
|
}
|
2018-05-09 07:27:21 +08:00
|
|
|
if (!cst->client_verify.empty()) {
|
|
|
|
convert_verify_peers(&cst->client_verify, verify_peers, verify_peers_len);
|
|
|
|
if (!client_policy->set_verify_peers(cst->client_verify.size(), verify_peers, verify_peers_len)) {
|
|
|
|
std::cerr << "FAIL: failed to set client verify peers\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
2018-04-13 03:28:52 +08:00
|
|
|
|
|
|
|
Reference<ITLSPolicy> server_policy = create_policy();
|
2018-05-09 07:27:21 +08:00
|
|
|
if (!server_policy->set_ca_data((const uint8_t*)&ca_data[0], ca_data.size())) {
|
|
|
|
std::cerr << "FAIL: failed to set server ca data\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (!server_policy->set_cert_data((const uint8_t*)&server_data[0], server_data.size())) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "FAIL: failed to set server cert data\n";
|
|
|
|
return 1;
|
|
|
|
}
|
2018-05-09 07:27:21 +08:00
|
|
|
if (!server_policy->set_key_data((const uint8_t*)&server_data[0], server_data.size(), cst->server_password)) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "FAIL: failed to set server key data\n";
|
|
|
|
return 1;
|
|
|
|
}
|
2018-05-09 07:27:21 +08:00
|
|
|
convert_verify_peers(&cst->server_verify, verify_peers, verify_peers_len);
|
|
|
|
if (!server_policy->set_verify_peers(cst->server_verify.size(), verify_peers, verify_peers_len)) {
|
|
|
|
std::cerr << "FAIL: failed to set server verify peers\n";
|
2018-04-13 03:28:52 +08:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
Reference<ITLSSession> client_session = create_client_session(client_policy, cst->servername);
|
2018-04-13 03:28:52 +08:00
|
|
|
Reference<ITLSSession> server_session = create_server_session(server_policy);
|
|
|
|
|
|
|
|
if (client_session.getPtr() == NULL || server_session.getPtr() == NULL)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
std::cerr << "INFO: starting TLS handshake...\n";
|
|
|
|
|
|
|
|
bool client_done = false, server_done = false;
|
|
|
|
bool client_failed = false, server_failed = false;
|
|
|
|
int rc, i = 0;
|
|
|
|
do {
|
|
|
|
if (!client_done) {
|
|
|
|
rc = client_session->handshake();
|
|
|
|
if (rc == ITLSSession::SUCCESS) {
|
|
|
|
client_done = true;
|
|
|
|
} else if (rc == ITLSSession::FAILED) {
|
2018-05-09 07:27:21 +08:00
|
|
|
if (cst->client_success) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "FAIL: failed to complete client handshake\n";
|
|
|
|
return 1;
|
|
|
|
} else {
|
|
|
|
std::cerr << "INFO: failed to complete client handshake (as expected)\n";
|
|
|
|
client_failed = true;
|
|
|
|
client_done = true;
|
|
|
|
}
|
|
|
|
} else if (rc != ITLSSession::WANT_READ && rc != ITLSSession::WANT_WRITE) {
|
|
|
|
std::cerr << "FAIL: client handshake returned unknown value: " << rc << "\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!server_done) {
|
|
|
|
rc = server_session->handshake();
|
|
|
|
if (rc == ITLSSession::SUCCESS) {
|
|
|
|
server_done = true;
|
|
|
|
} else if (rc == ITLSSession::FAILED) {
|
2018-05-09 07:27:21 +08:00
|
|
|
if (cst->server_success) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "FAIL: failed to complete server handshake\n";
|
|
|
|
return 1;
|
|
|
|
} else {
|
|
|
|
std::cerr << "INFO: failed to complete server handshake (as expected)\n";
|
|
|
|
server_failed = true;
|
|
|
|
server_done = true;
|
|
|
|
}
|
|
|
|
} else if (rc != ITLSSession::WANT_READ && rc != ITLSSession::WANT_WRITE) {
|
|
|
|
std::cerr << "FAIL: server handshake returned unknown value: " << rc << "\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} while (i++ < 100 && (!client_done || !server_done));
|
|
|
|
|
|
|
|
if (!client_done || !server_done) {
|
|
|
|
std::cerr << "FAIL: failed to complete handshake\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
if (!cst->client_success && !client_failed) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "FAIL: client handshake succeeded when it should have failed\n";
|
2018-05-09 07:27:21 +08:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (!cst->server_success && !server_failed) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "FAIL: server handshake succeeded when it should have failed\n";
|
2018-05-09 07:27:21 +08:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (!cst->client_success || !cst->server_success)
|
2018-04-13 03:28:52 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
std::cerr << "INFO: handshake completed successfully\n";
|
|
|
|
|
|
|
|
//
|
|
|
|
// Write on client and read on server.
|
|
|
|
//
|
|
|
|
std::cerr << "INFO: starting client write test...\n";
|
|
|
|
|
|
|
|
std::string client_msg("FDBLibTLSPlugin Client Write Test");
|
|
|
|
std::string server_msg;
|
|
|
|
size_t cn = 0, sn = 0;
|
|
|
|
uint8_t buf[16];
|
|
|
|
|
|
|
|
client_done = false, server_done = false;
|
|
|
|
i = 0;
|
|
|
|
do {
|
|
|
|
if (!client_done) {
|
|
|
|
rc = client_session->write((const uint8_t*)&client_msg[cn], client_msg.size() - cn);
|
|
|
|
if (rc > 0) {
|
|
|
|
cn += rc;
|
|
|
|
if (cn >= client_msg.size())
|
|
|
|
client_done = true;
|
|
|
|
} else if (rc == ITLSSession::FAILED) {
|
|
|
|
std::cerr << "FAIL: failed to complete client write\n";
|
|
|
|
return 1;
|
|
|
|
} else if (rc != ITLSSession::WANT_READ && rc != ITLSSession::WANT_WRITE) {
|
|
|
|
std::cerr << "FAIL: client write returned unknown value: " << rc << "\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!server_done) {
|
|
|
|
rc = server_session->read(buf, sizeof(buf));
|
|
|
|
if (rc > 0) {
|
|
|
|
sn += rc;
|
|
|
|
for (int j = 0; j < rc; j++)
|
|
|
|
server_msg += buf[j];
|
|
|
|
if (sn >= client_msg.size())
|
|
|
|
server_done = true;
|
|
|
|
} else if (rc == ITLSSession::FAILED) {
|
|
|
|
std::cerr << "FAIL: failed to complete server read\n";
|
|
|
|
return 1;
|
|
|
|
} else if (rc != ITLSSession::WANT_READ && rc != ITLSSession::WANT_WRITE) {
|
|
|
|
std::cerr << "FAIL: server read returned unknown value: " << rc << "\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} while (i++ < 100 && (!client_done || !server_done));
|
|
|
|
|
|
|
|
if (client_msg != server_msg) {
|
|
|
|
std::cerr << "FAIL: got client msg '" << server_msg << "' want '" << client_msg << "'\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::cerr << "INFO: client write test completed successfully\n";
|
|
|
|
|
|
|
|
//
|
|
|
|
// Write on server and read on client.
|
|
|
|
//
|
|
|
|
std::cerr << "INFO: starting server write test...\n";
|
|
|
|
|
|
|
|
server_msg = "FDBLibTLSPlugin Server Write Test";
|
|
|
|
client_msg.clear();
|
|
|
|
cn = 0, sn = 0;
|
|
|
|
|
|
|
|
client_done = false, server_done = false;
|
|
|
|
i = 0;
|
|
|
|
do {
|
|
|
|
if (!server_done) {
|
|
|
|
rc = server_session->write((const uint8_t*)&server_msg[cn], server_msg.size() - cn);
|
|
|
|
if (rc > 0) {
|
|
|
|
cn += rc;
|
|
|
|
if (cn >= server_msg.size())
|
|
|
|
server_done = true;
|
|
|
|
} else if (rc == ITLSSession::FAILED) {
|
|
|
|
std::cerr << "FAIL: failed to complete server write\n";
|
|
|
|
return 1;
|
|
|
|
} else if (rc != ITLSSession::WANT_READ && rc != ITLSSession::WANT_WRITE) {
|
|
|
|
std::cerr << "FAIL: server write returned unknown value: " << rc << "\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!client_done) {
|
|
|
|
rc = client_session->read(buf, sizeof(buf));
|
|
|
|
if (rc > 0) {
|
|
|
|
sn += rc;
|
|
|
|
for (int j = 0; j < rc; j++)
|
|
|
|
client_msg += buf[j];
|
|
|
|
if (sn >= server_msg.size())
|
|
|
|
client_done = true;
|
|
|
|
} else if (rc == ITLSSession::FAILED) {
|
|
|
|
std::cerr << "FAIL: failed to complete client read\n";
|
|
|
|
return 1;
|
|
|
|
} else if (rc != ITLSSession::WANT_READ && rc != ITLSSession::WANT_WRITE) {
|
|
|
|
std::cerr << "FAIL: client read returned unknown value: " << rc << "\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} while (i++ < 100 && (!client_done || !server_done));
|
|
|
|
|
|
|
|
if (server_msg != client_msg) {
|
|
|
|
std::cerr << "FAIL: got server msg '" << client_msg << "' want '" << server_msg << "'\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::cerr << "INFO: server write test completed successfully\n";
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-06-28 09:06:24 +08:00
|
|
|
static void logf(const char* event, void* uid, bool is_error, ...) {
|
2018-04-13 03:28:52 +08:00
|
|
|
va_list args;
|
|
|
|
|
|
|
|
std::string log_type("INFO");
|
|
|
|
if (is_error)
|
|
|
|
log_type = "ERROR";
|
|
|
|
|
|
|
|
std::cerr << log_type << ": " << event;
|
|
|
|
|
|
|
|
va_start(args, is_error);
|
|
|
|
|
|
|
|
const char* s = va_arg(args, const char*);
|
|
|
|
while (s != NULL) {
|
|
|
|
std::cerr << " " << s;
|
|
|
|
s = va_arg(args, const char*);
|
|
|
|
}
|
|
|
|
|
|
|
|
std::cerr << "\n";
|
|
|
|
|
|
|
|
va_end(args);
|
|
|
|
}
|
|
|
|
|
2018-05-09 07:27:21 +08:00
|
|
|
const struct client_server_test client_server_tests[] = {
|
|
|
|
// Single root CA.
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
|
|
|
|
// Multiple root CAs.
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-all.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-4.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-all.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-4.pem",
|
|
|
|
.client_password = "fdb321",
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-4.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-2.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = false,
|
|
|
|
.server_path = "test-server-4.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
|
|
|
|
// Expired certificates.
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-3.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-3.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = false,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "Check.Unexpired=0" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-3.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-3.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "Check.Unexpired=0" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "Check.Valid=0" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-3.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-3.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "Check.Valid=0" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1",
|
|
|
|
"I.CN=FDB LibTLS Plugin Test Intermediate CA 2,Check.Unexpired=0" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-3.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1,Check.Unexpired=0",
|
|
|
|
"I.CN=FDB LibTLS Plugin Test Intermediate CA 2" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-3.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
|
|
|
|
// Match on specific subject and/or issuer.
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "C=US" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "C=US" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "C=AU" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "C=US", "C=AU" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "C=US", "C=JP" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\04\\>" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "CN=FDB LibTLS Plugin Test Server 2\\, \\81 \\<\\01\\+\\02=\\04\\>" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\04" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "CN=FDB LibTLS Plugin Test Client 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "CN=FDB LibTLS Plugin Test Client 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = false,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "O=Apple Pty Limited,OU=FDC Team" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "O=Apple Inc.,OU=FDB Team" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "O=Apple Pty Limited,OU=FDB Team" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "O=Apple Inc.,OU=FDC Team" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = false,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "O=Apple Pty Limited,OU=FDC Team" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDB Team" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDB Team" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDC Team" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = false,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "I.C=US,I.ST=California,I.L=Cupertino,I.O=Apple Inc.,I.OU=FDC Team" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 2" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 2" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>,I.CN=FDB LibTLS Plugin "
|
|
|
|
"Test Intermediate CA 2" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1,O=Apple Inc.,I.C=US,S.C=US" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "CN=FDB LibTLS Plugin Test Server 2\\, \\80 \\<\\01\\+\\02=\\03\\>,I.CN=FDB LibTLS Plugin "
|
|
|
|
"Test Intermediate CA 1" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "I.CN=FDB LibTLS Plugin Test Intermediate CA 1,O=Apple Inc.,I.C=US,S.C=US" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 1" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-2.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-all.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 1" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-4.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-all.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 1", "R.CN=FDB LibTLS Plugin Test Root CA 2" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-4.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-all.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 2" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-4.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "R.CN=FDB LibTLS Plugin Test Root CA 1" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-all.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "R.OU=FDB Team" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-4.pem",
|
|
|
|
.server_password = "fdb123",
|
|
|
|
.server_verify = { "R.OU=FDB Team" },
|
|
|
|
},
|
|
|
|
|
|
|
|
// Client performing name validation via servername.
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = {},
|
|
|
|
.servername = "test.foundationdb.org",
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-1.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = {},
|
|
|
|
.servername = "www.foundationdb.org",
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "" },
|
|
|
|
},
|
2018-06-28 09:06:24 +08:00
|
|
|
|
|
|
|
// Prefix and Suffix Matching
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "O>=Apple Inc.,OU>=FDB" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "O<=Limited,OU<=Team" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "O<=Apple Inc.,OU<=FDB" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = false,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "O>=Limited,OU>=Team" },
|
|
|
|
},
|
Fix Subject Alternative Name matching and add test cases.
The previous change was done in the optimistic hope that NID_subject_alt_name
could be handled in the same fashion as all the rest of the attributes we match
against. However, X509 is not a place for optimisim. Instead, it turns out
that the Subject Alternative Name is an X509v3 extension, and needs to be
handled separately.
Therefore, this change...
* Introduces the idea of Criteria matching against a location in the
certificate, and not just against the entirety of the certificate.
* Extracts the Subject Alternative Name extension, and allows iteration and
matching against its components.
* Extends our constraint language to sensibly match against SubjectAlternativeNames.
The `S.subjectAltName` syntax has been kept, but the value is now required to
provide what type of field the rest of the value is intended to match against.
The code currently supports DNS, EMAIL, URI, and IP. Prefix and suffix
matching is supported.
Both verify-test and plugin-test were updated to cover Subject Alternative Name
matching. I've additionally run plugin-test under valgrind to verify that I've
understood object lifetimes correctly.
2018-06-30 08:10:27 +08:00
|
|
|
|
|
|
|
// Subject Alternative Name
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "S.subjectAltName=DNS:test.foundationdb.org" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "Check.Valid=0" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "S.subjectAltName>=DNS:test." },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "Check.Valid=0" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = true,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "S.subjectAltName<=DNS:.org" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "Check.Valid=0" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "S.subjectAltName<=DNS:.com" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "Check.Valid=0" },
|
|
|
|
},
|
|
|
|
{
|
|
|
|
.ca_path = "test-ca-1.pem",
|
|
|
|
.client_success = false,
|
|
|
|
.client_path = "test-client-2.pem",
|
|
|
|
.client_password = NULL,
|
|
|
|
.client_verify = { "S.subjectAltName<=EMAIL:.com" },
|
|
|
|
.servername = NULL,
|
|
|
|
.server_success = true,
|
|
|
|
.server_path = "test-server-1.pem",
|
|
|
|
.server_password = NULL,
|
|
|
|
.server_verify = { "Check.Valid=0" },
|
|
|
|
},
|
2018-05-09 07:27:21 +08:00
|
|
|
};
|
|
|
|
|
2018-04-13 03:28:52 +08:00
|
|
|
int main(int argc, char** argv) {
|
|
|
|
void* pluginSO = NULL;
|
|
|
|
void* (*getPlugin)(const char*);
|
|
|
|
int failed = 0;
|
|
|
|
|
|
|
|
if (argc != 2) {
|
|
|
|
std::cerr << "usage: " << argv[0] << " <plugin_path>\n";
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
pluginSO = dlopen(argv[1], RTLD_LAZY | RTLD_LOCAL);
|
|
|
|
if (pluginSO == NULL) {
|
|
|
|
std::cerr << "failed to load plugin '" << argv[1] << "': " << dlerror() << "\n";
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
getPlugin = (void* (*)(const char*))dlsym(pluginSO, "get_plugin");
|
|
|
|
if (getPlugin == NULL) {
|
|
|
|
std::cerr << "plugin '" << argv[1] << "' does not provide get_plugin()\n";
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
Reference<ITLSPlugin> plugin =
|
|
|
|
Reference<ITLSPlugin>((ITLSPlugin*)getPlugin(ITLSPlugin::get_plugin_type_name_and_version()));
|
|
|
|
|
2018-07-12 09:41:46 +08:00
|
|
|
FDBLibTLSPluginTest* pt = new FDBLibTLSPluginTest(plugin);
|
2018-04-13 03:28:52 +08:00
|
|
|
|
|
|
|
int test_num = 1;
|
2018-05-09 07:27:21 +08:00
|
|
|
for (auto& cst : client_server_tests) {
|
2018-04-13 03:28:52 +08:00
|
|
|
std::cerr << "== Test " << test_num++ << " ==\n";
|
2018-05-09 07:27:21 +08:00
|
|
|
failed |= pt->client_server_test(&cst);
|
2018-04-13 03:28:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
delete pt;
|
|
|
|
|
|
|
|
return (failed);
|
|
|
|
}
|