diff --git a/.gitignore b/.gitignore index 6936990..fe42cc5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /target **/*.rs.bk Cargo.lock +.DS_Store diff --git a/tokio-native-tls/Cargo.toml b/tokio-native-tls/Cargo.toml index 87e3d3e..f69c2b3 100644 --- a/tokio-native-tls/Cargo.toml +++ b/tokio-native-tls/Cargo.toml @@ -33,6 +33,9 @@ cfg-if = "0.1" env_logger = { version = "0.6", default-features = false } futures = { version = "0.3.0", features = ["async-await"] } +tempfile = "3.1" +lazy_static = "1.4.0" + [target.'cfg(all(not(target_os = "macos"), not(windows), not(target_os = "ios")))'.dev-dependencies] openssl = "0.10" diff --git a/tokio-native-tls/scripts/generate-certificate.sh b/tokio-native-tls/scripts/generate-certificate.sh new file mode 100755 index 0000000..e797eac --- /dev/null +++ b/tokio-native-tls/scripts/generate-certificate.sh @@ -0,0 +1,57 @@ +#!/bin/bash +set -e + +cd $1 + +# prepare config file for root CA generation +cat <> root.cnf +[ req ] +distinguished_name = req_dn +[ req_dn ] +[ v3_ca ] +basicConstraints = CA:TRUE +keyUsage = digitalSignature, nonRepudiation, keyCertSign, cRLSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +EOF + +ROOT_CA_KEY=root-ca.key.pem +ROOT_CA=root-ca.pem +ROOT_CA_DER=root-ca.der + +echo "Generate root CA key" +openssl genrsa -out $ROOT_CA_KEY 4096 + +echo "Generate root CA certificate" +openssl req -x509 -new -key $ROOT_CA_KEY -out $ROOT_CA -days 365 -SHA256 -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd" -config root.cnf -extensions v3_ca +openssl x509 -outform der -in $ROOT_CA -out $ROOT_CA_DER + +rm root.cnf + +# prepare config file for server certificate generation +cat <> server.cnf +extendedKeyUsage=serverAuth +subjectAltName = @alt_names +[alt_names] +DNS.1 = foobar.com +EOF + + +SERVER_KEY=server.key.pem +SERVER_CERT=cert.pem +SERVER_CERT_DER=cert.der +IDENTITY=identity.p12 +PASSPHRASE=mypass + +echo "Generate server key" +openssl genrsa -out $SERVER_KEY 4096 + +echo "Generate server certificate" +openssl req -out server.csr -key $SERVER_KEY -new -days 365 -SHA256 -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=foobar.com" +openssl x509 -req -days 365 -SHA256 -in server.csr -CA $ROOT_CA -CAkey $ROOT_CA_KEY -CAcreateserial -out $SERVER_CERT -extfile server.cnf +openssl x509 -outform der -in $SERVER_CERT -out $SERVER_CERT_DER + +openssl pkcs12 -export -out $IDENTITY -inkey $SERVER_KEY -in $SERVER_CERT -passout pass:$PASSPHRASE + +rm server.csr +rm server.cnf diff --git a/tokio-native-tls/tests/smoke.rs b/tokio-native-tls/tests/smoke.rs index 193dc51..058179a 100644 --- a/tokio-native-tls/tests/smoke.rs +++ b/tokio-native-tls/tests/smoke.rs @@ -1,12 +1,32 @@ use futures::join; +use lazy_static::lazy_static; use native_tls::{Certificate, Identity}; -use std::io::Error; +use std::{fs, io::Error, path::PathBuf, process::Command}; use tokio::{ io::{AsyncReadExt, AsyncWrite, AsyncWriteExt}, net::{TcpListener, TcpStream}, }; use tokio_native_tls::{TlsAcceptor, TlsConnector}; +lazy_static! { + static ref CERT_DIR: PathBuf = { + if cfg!(unix) { + let dir = tempfile::TempDir::new().unwrap(); + let path = dir.path().to_str().unwrap(); + + Command::new("sh") + .arg("-c") + .arg(format!("./scripts/generate-certificate.sh {}", path)) + .output() + .expect("failed to execute process"); + + dir.into_path() + } else { + PathBuf::from("tests") + } + }; +} + #[tokio::test] async fn client_to_server() { let mut srv = TcpListener::bind("127.0.0.1:0").await.unwrap(); @@ -26,7 +46,7 @@ async fn client_to_server() { let _peer_cert = native_tls_stream.peer_certificate().unwrap(); let allow_std_stream: &tokio_native_tls::AllowStd<_> = native_tls_stream.get_ref(); let _tokio_tcp_stream: &tokio::net::TcpStream = allow_std_stream.get_ref(); - + let mut data = Vec::new(); socket.read_to_end(&mut data).await.unwrap(); data @@ -115,14 +135,13 @@ async fn one_byte_at_a_time() { } fn context() -> (TlsAcceptor, TlsConnector) { - // Certs borrowed from `rust-native-tls/tests` - let pkcs12 = include_bytes!("identity.p12"); - let der = include_bytes!("root-ca.der"); + let pkcs12 = fs::read(CERT_DIR.join("identity.p12")).unwrap(); + let der = fs::read(CERT_DIR.join("root-ca.der")).unwrap(); - let identity = Identity::from_pkcs12(pkcs12, "mypass").unwrap(); + let identity = Identity::from_pkcs12(&pkcs12, "mypass").unwrap(); let acceptor = native_tls::TlsAcceptor::builder(identity).build().unwrap(); - let cert = Certificate::from_der(der).unwrap(); + let cert = Certificate::from_der(&der).unwrap(); let connector = native_tls::TlsConnector::builder() .add_root_certificate(cert) .build() diff --git a/tokio-rustls/tests/early-data.rs b/tokio-rustls/tests/early-data.rs index 325fcad..4ba9338 100644 --- a/tokio-rustls/tests/early-data.rs +++ b/tokio-rustls/tests/early-data.rs @@ -1,10 +1,11 @@ #![cfg(feature = "early-data")] +use futures_util::{future, future::Future, ready}; +use rustls::ClientConfig; use std::io::{self, BufRead, BufReader, Cursor}; use std::net::SocketAddr; use std::pin::Pin; use std::process::{Child, Command, Stdio}; -use std::process::{Child, Command, Stdio}; use std::sync::Arc; use std::task::{Context, Poll}; use std::time::Duration;