diff --git a/folly/io/async/test/AsyncSSLSocketTest.cpp b/folly/io/async/test/AsyncSSLSocketTest.cpp index db152388af8..16a65cce7e5 100644 --- a/folly/io/async/test/AsyncSSLSocketTest.cpp +++ b/folly/io/async/test/AsyncSSLSocketTest.cpp @@ -28,6 +28,7 @@ #include #include +#include #include #include #include @@ -121,23 +122,24 @@ void getctx( clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadPrivateKey(kTestKey); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); } std::string getFileAsBuf(const char* fileName) { std::string buffer; - folly::readFile(fileName, buffer); + folly::readFile(find_resource(fileName).c_str(), buffer); return buffer; } folly::ssl::X509UniquePtr readCertFromFile(const std::string& filename) { + auto path = find_resource(filename); folly::ssl::BioUniquePtr bio(BIO_new(BIO_s_file())); if (!bio) { throw std::runtime_error("Couldn't create BIO"); } - if (BIO_read_filename(bio.get(), filename.c_str()) != 1) { + if (BIO_read_filename(bio.get(), path.c_str()) != 1) { throw std::runtime_error("Couldn't read cert file: " + filename); } return folly::ssl::X509UniquePtr( @@ -1057,10 +1059,11 @@ TEST(AsyncSSLSocketTest, SSLParseClientHelloSuccess) { serverCtx->setVerificationOption(SSLContext::VerifyClientCertificate::ALWAYS); serverCtx->setCiphersuitesOrThrow( "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kTestCA); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kTestCA).c_str()); auto clientCtx = std::make_shared(); clientCtx->setVerificationOption( @@ -1072,9 +1075,9 @@ TEST(AsyncSSLSocketTest, SSLParseClientHelloSuccess) { // clientCiphers_ captured and verified below. Remove all of them by setting // eNULL. clientCtx->setCiphersOrThrow("eNULL"); - clientCtx->loadPrivateKey(kTestKey); - clientCtx->loadCertificate(kTestCert); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + clientCtx->loadCertificate(find_resource(kTestCert).c_str()); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -1177,16 +1180,17 @@ TEST(AsyncSSLSocketTest, GetClientCertificate) { auto serverCtx = std::make_shared(); serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); serverCtx->ciphers("ECDHE-RSA-AES128-SHA:AES128-SHA:AES256-SHA"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kClientTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kClientTestCA); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kClientTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kClientTestCA).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("AES256-SHA:AES128-SHA"); - clientCtx->loadPrivateKey(kClientTestKey); - clientCtx->loadCertificate(kClientTestCert); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadPrivateKey(find_resource(kClientTestKey).c_str()); + clientCtx->loadCertificate(find_resource(kClientTestCert).c_str()); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); std::array fds; getfds(fds.data()); @@ -1398,7 +1402,7 @@ TEST(AsyncSSLSocketTest, SSLHandshakeValidationSuccess) { new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true)); SSLHandshakeClient client(std::move(clientSock), true, true); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); SSLHandshakeServer server(std::move(serverSock), true, true); @@ -1436,7 +1440,7 @@ TEST(AsyncSSLSocketTest, SSLHandshakeValidationFailure) { new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true)); SSLHandshakeClient client(std::move(clientSock), true, false); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); SSLHandshakeServer server(std::move(serverSock), true, true); @@ -1464,7 +1468,7 @@ TEST(AsyncSSLSocketTest, SSLCertificateIdentityVerifierReturns) { // the client socket will default to USE_CTX, so set VERIFY here clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); // load root certificate - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); // prepare a basic server (callbacks have a few EXPECTS to fullfil) ReadCallback readCallback(nullptr); @@ -1517,7 +1521,7 @@ TEST(AsyncSSLSocketTest, SSLCertificateIdentityVerifierFailsToConnect) { // the client socket will default to USE_CTX, so set VERIFY here clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); // load root certificate - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); // prepare a basic server (callbacks have a few EXPECTS to fullfil) ReadCallback readCallback(nullptr); @@ -1605,7 +1609,7 @@ TEST( // the client socket will default to USE_CTX, so set VERIFY here clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); // load root certificate - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -1668,14 +1672,14 @@ TEST(AsyncSSLSocketTest, SSLCertificateIdentityVerifierSucceedsOnServer) { // the client socket will default to USE_CTX, so set VERIFY here clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); // load root certificate - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); // load identity and key on client, it's the same identity as server just for // convenience - clientCtx->loadCertificate(kTestCert); - clientCtx->loadPrivateKey(kTestKey); + clientCtx->loadCertificate(find_resource(kTestCert).c_str()); + clientCtx->loadPrivateKey(find_resource(kTestKey).c_str()); // instruct server to verify client serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); - serverCtx->loadTrustedCertificates(kTestCA); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -1749,7 +1753,7 @@ TEST(AsyncSSLSocketTest, OverrideSSLCtxDisableVerify) { new AsyncSSLSocket(dfServerCtx, &eventBase, fds[1], true)); SSLHandshakeClientNoVerify client(std::move(clientSock), false, false); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); SSLHandshakeServerNoVerify server(std::move(serverSock), false, false); @@ -1776,16 +1780,17 @@ TEST(AsyncSSLSocketTest, OverrideSSLCtxEnableVerify) { auto serverCtx = std::make_shared(); serverCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kTestCA); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kTestCA).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - clientCtx->loadPrivateKey(kTestKey); - clientCtx->loadCertificate(kTestCert); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + clientCtx->loadCertificate(find_resource(kTestCert).c_str()); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -1893,16 +1898,17 @@ TEST(AsyncSSLSocketTest, ClientCertHandshakeSuccess) { serverCtx->setVerificationOption( SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kTestCA); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kTestCA).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - clientCtx->loadPrivateKey(kTestKey); - clientCtx->loadCertificate(kTestCert); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + clientCtx->loadCertificate(find_resource(kTestCert).c_str()); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -1954,10 +1960,11 @@ TEST(AsyncSSLSocketTest, NoClientCertHandshakeError) { serverCtx->setVerificationOption( SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kTestCA); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kTestCA).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::NO_VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); @@ -2172,9 +2179,10 @@ TEST(AsyncSSLSocketTest, OpenSSL110AsyncTest) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kTestCA); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kTestCA).c_str()); auto rsaPointers = setupCustomRSA(kTestCert, kTestKey, jobEvbThread.getEventBase()); @@ -2211,9 +2219,10 @@ TEST(AsyncSSLSocketTest, OpenSSL110AsyncTestFailure) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kTestCA); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kTestCA).c_str()); // Set the wrong key for the cert auto rsaPointers = setupCustomRSA(kTestCert, kClientTestKey, jobEvbThread.getEventBase()); @@ -2250,9 +2259,10 @@ TEST(AsyncSSLSocketTest, OpenSSL110AsyncTestClosedWithCallbackPending) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadTrustedCertificates(kTestCA); - serverCtx->setSupportedClientCertificateAuthorityNamesFromFile(kTestCA); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); + serverCtx->setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kTestCA).c_str()); auto rsaPointers = setupCustomRSA(kTestCert, kTestKey, jobEvbThread->getEventBase()); @@ -2314,7 +2324,7 @@ TEST(AsyncSSLSocketTest, LoadCertFromMemory) { auto ctx = std::make_shared(); ctx->loadPrivateKeyFromBufferPEM(key); ctx->loadCertificateFromBufferPEM(cert); - ctx->loadTrustedCertificates(kTestCA); + ctx->loadTrustedCertificates(find_resource(kTestCA).c_str()); ssl::SSLUniquePtr ssl(ctx->createSSL()); @@ -2470,12 +2480,12 @@ TEST(AsyncSSLSocketTest, SSLAcceptRunnerBasic) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -2505,12 +2515,12 @@ TEST(AsyncSSLSocketTest, SSLAcceptRunnerAcceptError) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -2539,12 +2549,12 @@ TEST(AsyncSSLSocketTest, SSLAcceptRunnerAcceptClose) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -2573,12 +2583,12 @@ TEST(AsyncSSLSocketTest, SSLAcceptRunnerAcceptDestroy) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -2607,12 +2617,12 @@ TEST(AsyncSSLSocketTest, SSLAcceptRunnerFiber) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); NetworkSocket fds[2]; getfds(fds); @@ -2658,8 +2668,8 @@ TEST(AsyncSSLSocketTest, SSLAcceptRunnerFiberCloseSessionCb) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); SSL_CTX_set_session_cache_mode( serverCtx->getSSLCtx(), SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_SERVER); @@ -2670,7 +2680,7 @@ TEST(AsyncSSLSocketTest, SSLAcceptRunnerFiberCloseSessionCb) { clientCtx->setVerificationOption(SSLContext::SSLVerifyPeerEnum::VERIFY); clientCtx->ciphers("AES128-SHA256"); - clientCtx->loadTrustedCertificates(kTestCA); + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); clientCtx->setOptions(SSL_OP_NO_TICKET); NetworkSocket fds[2]; @@ -2797,7 +2807,7 @@ TEST(AsyncSSLSocketTest, TTLSDisabled) { ReadCallback readCallback(&writeCallback); HandshakeCallback handshakeCallback(&readCallback); SSLServerAcceptCallback acceptCallback(&handshakeCallback); - TestSSLServer server(&acceptCallback, false); + TestSSLServer server(&acceptCallback); // Set up SSL context. auto sslContext = std::make_shared(); @@ -2927,7 +2937,7 @@ TEST(AsyncSSLSocketTest, ConnectWriteReadCloseTFOWithTFOServerDisabled) { ReadCallback readCallback(&writeCallback); HandshakeCallback handshakeCallback(&readCallback); SSLServerAcceptCallback acceptCallback(&handshakeCallback); - TestSSLServer server(&acceptCallback, false); + TestSSLServer server(&acceptCallback); // Set up SSL context. auto sslContext = std::make_shared(); @@ -3214,8 +3224,8 @@ TEST(AsyncSSLSocketTest, TestSSLSetClientOptionsP256) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->setSupportedGroups(std::vector({"P-256"})); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadPrivateKey(kTestKey); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); ssl::SSLCommonOptions::setClientOptions(*clientCtx); auto clientSocket = @@ -3248,8 +3258,8 @@ TEST(AsyncSSLSocketTest, TestSSLSetClientOptionsX25519) { auto clientCtx = std::make_shared(); auto serverCtx = std::make_shared(); serverCtx->setSupportedGroups(std::vector({"X25519", "P-256"})); - serverCtx->loadCertificate(kTestCert); - serverCtx->loadPrivateKey(kTestKey); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); ssl::SSLCommonOptions::setClientOptions(*clientCtx); auto clientSocket = @@ -3853,8 +3863,8 @@ TEST(AsyncSSLSocketTest, TestSNIClientHelloBehavior) { EventBase eventBase; auto serverCtx = std::make_shared(); auto clientCtx = std::make_shared(); - serverCtx->loadPrivateKey(kTestKey); - serverCtx->loadCertificate(kTestCert); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); auto sessionCb = std::make_unique(); auto sessionCbPtr = sessionCb.get(); diff --git a/folly/io/async/test/SSLContextTest.cpp b/folly/io/async/test/SSLContextTest.cpp index 494cd871272..6d8e04437ef 100644 --- a/folly/io/async/test/SSLContextTest.cpp +++ b/folly/io/async/test/SSLContextTest.cpp @@ -17,16 +17,18 @@ #include #include +#include #include #include #include #include #if !defined(FOLLY_CERTS_DIR) -#define FOLLY_CERTS_DIR "folly/io/async/test/certs" +#define FOLLY_CERTS_DIR "folly/io/async/test" #endif using namespace std; +using folly::test::find_resource; namespace folly { @@ -81,9 +83,9 @@ TEST_F(SSLContextTest, TestLoadCertKey) { const char* certPath = FOLLY_CERTS_DIR "/tests-cert.pem"; const char* keyPath = FOLLY_CERTS_DIR "/tests-key.pem"; const char* anotherKeyPath = FOLLY_CERTS_DIR "/client_key.pem"; - folly::readFile(certPath, certData); - folly::readFile(keyPath, keyData); - folly::readFile(anotherKeyPath, anotherKeyData); + folly::readFile(find_resource(certPath).c_str(), certData); + folly::readFile(find_resource(keyPath).c_str(), keyData); + folly::readFile(find_resource(anotherKeyPath).c_str(), anotherKeyData); { SCOPED_TRACE("Valid cert/key pair from buffer"); @@ -96,23 +98,25 @@ TEST_F(SSLContextTest, TestLoadCertKey) { { SCOPED_TRACE("Valid cert/key pair from files"); SSLContext tmpCtx; - tmpCtx.loadCertificate(certPath); - tmpCtx.loadPrivateKey(keyPath); + tmpCtx.loadCertificate(find_resource(certPath).c_str()); + tmpCtx.loadPrivateKey(find_resource(keyPath).c_str()); EXPECT_TRUE(tmpCtx.isCertKeyPairValid()); } { SCOPED_TRACE("Invalid cert/key pair from file. Load cert first"); SSLContext tmpCtx; - tmpCtx.loadCertificate(certPath); - EXPECT_THROW(tmpCtx.loadPrivateKey(anotherKeyPath), std::runtime_error); + tmpCtx.loadCertificate(find_resource(certPath).c_str()); + EXPECT_THROW( + tmpCtx.loadPrivateKey(find_resource(anotherKeyPath).c_str()), + std::runtime_error); } { SCOPED_TRACE("Invalid cert/key pair from file. Load key first"); SSLContext tmpCtx; - tmpCtx.loadPrivateKey(anotherKeyPath); - tmpCtx.loadCertificate(certPath); + tmpCtx.loadPrivateKey(find_resource(anotherKeyPath).c_str()); + tmpCtx.loadCertificate(find_resource(certPath).c_str()); EXPECT_FALSE(tmpCtx.isCertKeyPairValid()); } @@ -153,28 +157,32 @@ TEST_F(SSLContextTest, TestLoadCertKey) { "loadCertKeyPairFromFiles() must throw when cert/key mismatch"); SSLContext tmpCtx; EXPECT_THROW( - tmpCtx.loadCertKeyPairFromFiles(certPath, anotherKeyPath), + tmpCtx.loadCertKeyPairFromFiles( + find_resource(certPath).c_str(), + find_resource(anotherKeyPath).c_str()), std::runtime_error); } { SCOPED_TRACE("loadCertKeyPairFromFiles() must succeed when cert/key match"); SSLContext tmpCtx; - tmpCtx.loadCertKeyPairFromFiles(certPath, keyPath); + tmpCtx.loadCertKeyPairFromFiles( + find_resource(certPath).c_str(), find_resource(keyPath).c_str()); } } TEST_F(SSLContextTest, TestLoadCertificateChain) { constexpr auto kCertChainPath = FOLLY_CERTS_DIR "/client_chain.pem"; + auto path = find_resource(kCertChainPath); std::unique_ptr ctx2; STACK_OF(X509) * stack; SSL_CTX* sctx; std::string contents; - EXPECT_TRUE(folly::readFile(kCertChainPath, contents)); + EXPECT_TRUE(folly::readFile(path.c_str(), contents)); ctx2 = std::make_unique(); - ctx2->loadCertificate(kCertChainPath, "PEM"); + ctx2->loadCertificate(path.c_str(), "PEM"); stack = nullptr; sctx = ctx2->getSSLCtx(); SSL_CTX_get0_chain_certs(sctx, &stack); @@ -192,7 +200,8 @@ TEST_F(SSLContextTest, TestLoadCertificateChain) { TEST_F(SSLContextTest, TestSetSupportedClientCAs) { constexpr auto kCertChainPath = FOLLY_CERTS_DIR "/client_chain.pem"; - ctx.setSupportedClientCertificateAuthorityNamesFromFile(kCertChainPath); + ctx.setSupportedClientCertificateAuthorityNamesFromFile( + find_resource(kCertChainPath).c_str()); STACK_OF(X509_NAME)* names = SSL_CTX_get_client_CA_list(ctx.getSSLCtx()); EXPECT_EQ(2, sk_X509_NAME_num(names)); diff --git a/folly/io/async/test/SSLSessionTest.cpp b/folly/io/async/test/SSLSessionTest.cpp index 0b039d5b3b1..469049afea1 100644 --- a/folly/io/async/test/SSLSessionTest.cpp +++ b/folly/io/async/test/SSLSessionTest.cpp @@ -18,6 +18,7 @@ #include +#include #include #include #include @@ -60,11 +61,20 @@ class SSLSessionTest : public testing::Test { std::shared_ptr clientCtx, std::shared_ptr serverCtx) { clientCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); +#if defined(FOLLY_TEST_USE_RESOURCES) + clientCtx->loadTrustedCertificates(find_resource(kTestCA).c_str()); +#else clientCtx->loadTrustedCertificates(kTestCA); +#endif serverCtx->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); +#if defined(FOLLY_TEST_USE_RESOURCES) + serverCtx->loadCertificate(find_resource(kTestCert).c_str()); + serverCtx->loadPrivateKey(find_resource(kTestKey).c_str()); +#else serverCtx->loadCertificate(kTestCert); serverCtx->loadPrivateKey(kTestKey); +#endif } folly::EventBase eventBase_; diff --git a/folly/io/async/test/TestSSLServer.cpp b/folly/io/async/test/TestSSLServer.cpp index 963a2ac41db..931cc16e5bb 100644 --- a/folly/io/async/test/TestSSLServer.cpp +++ b/folly/io/async/test/TestSSLServer.cpp @@ -16,6 +16,7 @@ #include +#include #include namespace folly::test { @@ -32,6 +33,7 @@ const char* kTestCertCN = "Asox Company"; const char* kClientTestCert = FOLLY_CERTS_DIR "/client_cert.pem"; const char* kClientTestKey = FOLLY_CERTS_DIR "/client_key.pem"; const char* kClientTestCA = FOLLY_CERTS_DIR "/client_ca_cert.pem"; +const char* kClientTestChain = FOLLY_CERTS_DIR "/client_chain.pem"; TestSSLServer::~TestSSLServer() { if (thread_.joinable()) { @@ -44,8 +46,8 @@ TestSSLServer::~TestSSLServer() { /* static */ std::unique_ptr TestSSLServer::getDefaultSSLContext() { // Set up a default SSL context std::unique_ptr sslContext = std::make_unique(); - sslContext->loadCertificate(kTestCert); - sslContext->loadPrivateKey(kTestKey); + sslContext->loadCertificate(find_resource(kTestCert).c_str()); + sslContext->loadPrivateKey(find_resource(kTestKey).c_str()); sslContext->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); // By default, SSLContext disables OpenSSL's internal session cache. // Enable it here on the server for testing session reuse. @@ -62,8 +64,8 @@ TestSSLServer::TestSSLServer(SSLServerAcceptCallbackBase* acb, bool enableTFO) } void TestSSLServer::loadTestCerts() { - ctx_->loadCertificate(kTestCert); - ctx_->loadPrivateKey(kTestKey); + ctx_->loadCertificate(find_resource(kTestCert).c_str()); + ctx_->loadPrivateKey(find_resource(kTestKey).c_str()); } TestSSLServer::TestSSLServer( diff --git a/folly/io/async/test/TestSSLServer.h b/folly/io/async/test/TestSSLServer.h index 9d0f45307f9..e33659f1d87 100644 --- a/folly/io/async/test/TestSSLServer.h +++ b/folly/io/async/test/TestSSLServer.h @@ -45,6 +45,7 @@ extern const char* kTestCertCN; extern const char* kClientTestCert; extern const char* kClientTestKey; extern const char* kClientTestCA; +extern const char* kClientTestChain; class HandshakeCallback;