proxygen
SSLContextTest.cpp
Go to the documentation of this file.
1 /*
2  * Copyright 2017-present Facebook, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <folly/io/async/SSLContext.h>
18 #include <folly/FileUtil.h>
19 #include <folly/portability/GTest.h>
20 #include <folly/ssl/OpenSSLPtrTypes.h>
21 
22 using namespace std;
23 using namespace testing;
24 
25 namespace folly {
26 
27 class SSLContextTest : public testing::Test {
28  public:
29  SSLContext ctx;
30  void verifySSLCipherList(const vector<string>& ciphers);
31 };
32 
33 void SSLContextTest::verifySSLCipherList(const vector<string>& ciphers) {
34  int i = 0;
35  ssl::SSLUniquePtr ssl(ctx.createSSL());
36  for (auto& cipher : ciphers) {
37  ASSERT_STREQ(cipher.c_str(), SSL_get_cipher_list(ssl.get(), i++));
38  }
39  ASSERT_EQ(nullptr, SSL_get_cipher_list(ssl.get(), i));
40 }
41 
42 TEST_F(SSLContextTest, TestSetCipherString) {
43  ctx.ciphers("AES128-SHA:ECDHE-RSA-AES256-SHA384");
44  verifySSLCipherList({"AES128-SHA", "ECDHE-RSA-AES256-SHA384"});
45 }
46 
47 TEST_F(SSLContextTest, TestSetCipherList) {
48  const vector<string> ciphers = {"ECDHE-RSA-AES128-SHA", "AES256-SHA"};
49  ctx.setCipherList(ciphers);
50  verifySSLCipherList(ciphers);
51 }
52 
53 TEST_F(SSLContextTest, TestLoadCertKey) {
54  std::string certData, keyData, anotherKeyData;
55  const char* certPath = "folly/io/async/test/certs/tests-cert.pem";
56  const char* keyPath = "folly/io/async/test/certs/tests-key.pem";
57  const char* anotherKeyPath = "folly/io/async/test/certs/client_key.pem";
58  folly::readFile(certPath, certData);
59  folly::readFile(keyPath, keyData);
60  folly::readFile(anotherKeyPath, anotherKeyData);
61 
62  {
63  SCOPED_TRACE("Valid cert/key pair from buffer");
64  SSLContext tmpCtx;
65  tmpCtx.loadCertificateFromBufferPEM(certData);
66  tmpCtx.loadPrivateKeyFromBufferPEM(keyData);
67  EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
68  }
69 
70  {
71  SCOPED_TRACE("Valid cert/key pair from files");
72  SSLContext tmpCtx;
73  tmpCtx.loadCertificate(certPath);
74  tmpCtx.loadPrivateKey(keyPath);
75  EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
76  }
77 
78  {
79  SCOPED_TRACE("Invalid cert/key pair from file. Load cert first");
80  SSLContext tmpCtx;
81  tmpCtx.loadCertificate(certPath);
82  EXPECT_THROW(tmpCtx.loadPrivateKey(anotherKeyPath), std::runtime_error);
83  }
84 
85  {
86  SCOPED_TRACE("Invalid cert/key pair from file. Load key first");
87  SSLContext tmpCtx;
88  tmpCtx.loadPrivateKey(anotherKeyPath);
89  tmpCtx.loadCertificate(certPath);
90  EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
91  }
92 
93  {
94  SCOPED_TRACE("Invalid key/cert pair from buf. Load cert first");
95  SSLContext tmpCtx;
96  tmpCtx.loadCertificateFromBufferPEM(certData);
97  EXPECT_THROW(
98  tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData), std::runtime_error);
99  }
100 
101  {
102  SCOPED_TRACE("Invalid key/cert pair from buf. Load key first");
103  SSLContext tmpCtx;
104  tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData);
105  tmpCtx.loadCertificateFromBufferPEM(certData);
106  EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
107  }
108 
109  {
110  SCOPED_TRACE(
111  "loadCertKeyPairFromBufferPEM() must throw when cert/key mismatch");
112  SSLContext tmpCtx;
113  EXPECT_THROW(
114  tmpCtx.loadCertKeyPairFromBufferPEM(certData, anotherKeyData),
115  std::runtime_error);
116  }
117 
118  {
119  SCOPED_TRACE(
120  "loadCertKeyPairFromBufferPEM() must succeed when cert/key match");
121  SSLContext tmpCtx;
122  tmpCtx.loadCertKeyPairFromBufferPEM(certData, keyData);
123  }
124 
125  {
126  SCOPED_TRACE(
127  "loadCertKeyPairFromFiles() must throw when cert/key mismatch");
128  SSLContext tmpCtx;
129  EXPECT_THROW(
130  tmpCtx.loadCertKeyPairFromFiles(certPath, anotherKeyPath),
131  std::runtime_error);
132  }
133 
134  {
135  SCOPED_TRACE("loadCertKeyPairFromFiles() must succeed when cert/key match");
136  SSLContext tmpCtx;
137  tmpCtx.loadCertKeyPairFromFiles(certPath, keyPath);
138  }
139 }
140 } // namespace folly
folly::SSLContext::loadCertificateFromBufferPEM
virtual void loadCertificateFromBufferPEM(folly::StringPiece cert)
Definition: SSLContext.cpp:227
folly::SSLContext::loadCertKeyPairFromBufferPEM
virtual void loadCertKeyPairFromBufferPEM(folly::StringPiece cert, folly::StringPiece pkey)
Definition: SSLContext.cpp:294
ASSERT_STREQ
#define ASSERT_STREQ(s1, s2)
Definition: gtest.h:2004
folly::readFile
bool readFile(int fd, Container &out, size_t num_bytes=std::numeric_limits< size_t >::max())
Definition: FileUtil.h:125
i
i
Definition: gtest_output_test_golden_lin.txt:83
EXPECT_THROW
#define EXPECT_THROW(statement, expected_exception)
Definition: gtest.h:1843
ASSERT_EQ
#define ASSERT_EQ(val1, val2)
Definition: gtest.h:1956
folly::SSLContext::isCertKeyPairValid
virtual bool isCertKeyPairValid() const
Definition: SSLContext.cpp:316
std
STL namespace.
SCOPED_TRACE
#define SCOPED_TRACE(message)
Definition: gtest.h:2115
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
cipher
CipherSuite cipher
Definition: ClientProtocol.cpp:1006
folly::SSLContext::loadCertKeyPairFromFiles
virtual void loadCertKeyPairFromFiles(const char *certPath, const char *keyPath, const char *certFormat="PEM", const char *keyFormat="PEM")
Definition: SSLContext.cpp:304
folly::SSLContext::loadPrivateKeyFromBufferPEM
virtual void loadPrivateKeyFromBufferPEM(folly::StringPiece pkey)
Definition: SSLContext.cpp:268
folly::SSLContext::loadPrivateKey
virtual void loadPrivateKey(const char *path, const char *format="PEM")
Definition: SSLContext.cpp:253
folly::SSLContext::loadCertificate
virtual void loadCertificate(const char *path, const char *format="PEM")
Definition: SSLContext.cpp:207
EXPECT_TRUE
#define EXPECT_TRUE(condition)
Definition: gtest.h:1859
string
const char * string
Definition: Conv.cpp:212
EXPECT_FALSE
#define EXPECT_FALSE(condition)
Definition: gtest.h:1862
folly::ssl::SSLUniquePtr
std::unique_ptr< SSL, SSLDeleter > SSLUniquePtr
Definition: OpenSSLPtrTypes.h:112
folly::TEST_F
TEST_F(SSLContextTest, TestLoadCertKey)
Definition: SSLContextTest.cpp:53