Skip to content

Commit

Permalink
Add test for new_with_extra_roots
Browse files Browse the repository at this point in the history
  • Loading branch information
stormshield-gt committed Aug 27, 2024
1 parent 6a60b20 commit 5d19173
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 5 deletions.
7 changes: 7 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion rustls-platform-verifier/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ crate-type = ["cdylib", "rlib"]
# Enables a C interface to use for testing where `cargo` can't be used.
# This feature is not stable, nor is the interface exported when it is enabled.
# Do not rely on this or use it in production.
ffi-testing = ["android_logger", "rustls/ring"]
ffi-testing = ["android_logger", "rustls/ring", "paste"]
# Enables APIs that expose lower-level verifier types for debugging purposes.
dbg = []
# Enables `log::debug` base64-encoded logging of all end-entity certificates processed
Expand All @@ -34,6 +34,7 @@ log = { version = "0.4" }
base64 = { version = "0.22", optional = true } # Only used when the `cert-logging` feature is enabled.
jni = { version = "0.19", default-features = false, optional = true } # Only used during doc generation
once_cell = "1.9"
paste = { version = "1.0", default-features = false, optional = true } # Only used when `ffi-testing` feature is enabled

[target.'cfg(all(unix, not(target_os = "android"), not(target_os = "macos"), not(target_os = "ios"), not(target_os = "tvos"), not(target_arch = "wasm32")))'.dependencies]
rustls-native-certs = "0.7"
Expand Down Expand Up @@ -63,6 +64,7 @@ winapi = { version = "0.3", features = ["wincrypt", "winerror"] }

[dev-dependencies]
rustls = { version = "0.23", default-features = false, features = ["ring"] }
paste = { version = "1.0", default-features = false } # Only used when `ffi-testing` feature is enabled

[package.metadata.docs.rs]
rustdoc-args = ["--cfg", "docsrs"]
Expand Down
49 changes: 45 additions & 4 deletions rustls-platform-verifier/src/tests/verification_mock/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,14 @@ macro_rules! mock_root_test_cases {
pub fn $name() {
super::$name()
}

paste::paste!{
#[cfg(all($target, not(windows), not(target_os = "android")))]
#[test]
pub fn [<$name _extra>](){
super::[<$name _extra>]()
}
}
)+

}
Expand All @@ -49,16 +57,30 @@ macro_rules! mock_root_test_cases {
pub static ALL_TEST_CASES: &'static [fn()] = &[
$(
#[cfg($target)]
$name
$name,

paste::paste!{
#[cfg(all($target, not(windows), not(target_os = "android")))]
[<$name _extra>]
}

),+

];
};

{@ $( $name:ident [ $target:meta ] => $test_case:expr ),+ , } => {
$(
#[cfg($target)]
pub(super) fn $name() {
test_with_mock_root(&$test_case);
test_with_mock_root(&$test_case, Roots::OnlyExtra);
}

paste::paste!{
#[cfg(all($target, not(windows), not(target_os = "android")))]
pub(super) fn [<$name _extra>]() {
test_with_mock_root(&$test_case, Roots::ExtraAndPlatform);
}
}
)+
};
Expand Down Expand Up @@ -301,11 +323,18 @@ mock_root_test_cases! {
},
}

fn test_with_mock_root<E: std::error::Error + PartialEq + 'static>(test_case: &TestCase<E>) {
fn test_with_mock_root<E: std::error::Error + PartialEq + 'static>(
test_case: &TestCase<E>,
root_src: Roots,
) {
ensure_global_state();
log::info!("verifying {:?}", test_case.expected_result);

let verifier = Verifier::new_with_fake_root(ROOT1); // TODO: time
let verifier = match root_src {
Roots::OnlyExtra => Verifier::new_with_fake_root(ROOT1), // TODO: time
#[cfg(all(unix, not(target_os = "android")))]
Roots::ExtraAndPlatform => Verifier::new_with_extra_roots([ROOT1]),
};
let mut chain = test_case
.chain
.iter()
Expand Down Expand Up @@ -337,3 +366,15 @@ fn test_with_mock_root<E: std::error::Error + PartialEq + 'static>(test_case: &T
);
// TODO: get into specifics of errors returned when it fails.
}

enum Roots {
/// Test with only extra roots, without loading the platform trust store.
///
/// We want to keep things reproducible given the background-managed nature of trust roots on platforms.
OnlyExtra,
/// Test with loading the extra roots and the platform trust store.
///
/// Right now, not all platforms are supported.
#[cfg(all(unix, not(target_os = "android")))]
ExtraAndPlatform,
}

0 comments on commit 5d19173

Please sign in to comment.