pub/latls
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Init

Browse Source
This commit is contained in:
Kris Kwiatkowski
2026-02-21 08:05:44 +00:00
commit af63ad4870
75 changed files with 11874 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

369
tests/common/mod.rs Normal file
View File

@@ -0,0 +1,369 @@
use std::{path::PathBuf, sync::Arc};
use mio::net::{TcpListener, TcpStream};
use std::collections::HashMap;
use std::fs;
use std::io;
use std::io::{BufReader, Read, Write};
use std::net;
// Token for our listening socket.
pub const LISTENER: mio::Token = mio::Token(0);
// Which mode the server operates in.
#[derive(Clone)]
pub enum ServerMode {
/// Write back received bytes
Echo,
}
/// This binds together a TCP listening socket, some outstanding
/// connections, and a TLS server configuration.
pub struct EchoServer {
server: TcpListener,
connections: HashMap<mio::Token, Connection>,
next_id: usize,
tls_config: Arc<rustls::ServerConfig>,
mode: ServerMode,
}
impl EchoServer {
pub fn new(server: TcpListener, mode: ServerMode, cfg: Arc<rustls::ServerConfig>) -> EchoServer {
EchoServer {
server,
connections: HashMap::new(),
next_id: 2,
tls_config: cfg,
mode,
}
}
pub fn accept(&mut self, registry: &mio::Registry) -> Result<(), io::Error> {
loop {
match self.server.accept() {
Ok((socket, addr)) => {
log::debug!("Accepting new connection from {:?}", addr);
let tls_session =
rustls::ServerConnection::new(self.tls_config.clone()).unwrap();
let mode = self.mode.clone();
let token = mio::Token(self.next_id);
self.next_id += 1;
let mut connection = Connection::new(socket, token, mode, tls_session);
connection.register(registry);
self.connections.insert(token, connection);
}
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => return Ok(()),
Err(err) => {
println!(
"encountered error while accepting connection; err={:?}",
err
);
return Err(err);
}
}
}
}
pub fn conn_event(&mut self, registry: &mio::Registry, event: &mio::event::Event) {
let token = event.token();
if self.connections.contains_key(&token) {
self.connections
.get_mut(&token)
.unwrap()
.ready(registry, event);
if self.connections[&token].is_closed() {
self.connections.remove(&token);
}
}
}
}
/// This is a connection which has been accepted by the server,
/// and is currently being served.
///
/// It has a TCP-level stream, a TLS-level session, and some
/// other state/metadata.
struct Connection {
socket: TcpStream,
token: mio::Token,
closing: bool,
closed: bool,
mode: ServerMode,
tls_session: rustls::ServerConnection,
back: Option<TcpStream>,
}
/// Open a plaintext TCP-level connection for forwarded connections.
fn open_back(_mode: &ServerMode) -> Option<TcpStream> {
None
}
/// This used to be conveniently exposed by mio: map EWOULDBLOCK
/// errors to something less-errory.
fn try_read(r: io::Result<usize>) -> io::Result<Option<usize>> {
match r {
Ok(len) => Ok(Some(len)),
Err(e) if e.kind() == io::ErrorKind::WouldBlock => Ok(None),
Err(e) => Err(e),
}
}
impl Connection {
fn new(
socket: TcpStream,
token: mio::Token,
mode: ServerMode,
tls_session: rustls::ServerConnection,
) -> Connection {
let back = open_back(&mode);
Connection {
socket,
token,
closing: false,
closed: false,
mode,
tls_session,
back,
}
}
/// We're a connection, and we have something to do.
fn ready(&mut self, registry: &mio::Registry, ev: &mio::event::Event) {
if ev.is_readable() {
self.do_tls_read();
self.try_plain_read();
self.try_back_read();
}
if ev.is_writable() {
self.do_tls_write_and_handle_error();
}
if self.closing {
let _ = self.socket.shutdown(net::Shutdown::Both);
self.close_back();
self.closed = true;
self.deregister(registry);
} else {
self.reregister(registry);
}
}
fn close_back(&mut self) {
if self.back.is_some() {
let back = self.back.as_mut().unwrap();
back.shutdown(net::Shutdown::Both).unwrap();
}
self.back = None;
}
fn do_tls_read(&mut self) {
let rc = self.tls_session.read_tls(&mut self.socket);
if rc.is_err() {
let err = rc.unwrap_err();
if let io::ErrorKind::WouldBlock = err.kind() {
return;
}
log::warn!("read error {:?}", err);
self.closing = true;
return;
}
if rc.unwrap() == 0 {
log::debug!("eof");
self.closing = true;
return;
}
let processed = self.tls_session.process_new_packets();
if processed.is_err() {
log::warn!("cannot process packet: {:?}", processed);
self.do_tls_write_and_handle_error();
self.closing = true;
}
}
fn try_plain_read(&mut self) {
let mut buf = Vec::new();
let rc = self.tls_session.reader().read_to_end(&mut buf);
if let Err(ref e) = rc {
if e.kind() != io::ErrorKind::WouldBlock {
log::warn!("plaintext read failed: {:?}", rc);
self.closing = true;
return;
}
}
if !buf.is_empty() {
log::debug!("plaintext read {:?}", buf.len());
self.incoming_plaintext(&buf);
}
}
fn try_back_read(&mut self) {
if self.back.is_none() {
return;
}
let mut buf = [0u8; 1024];
let back = self.back.as_mut().unwrap();
let rc = try_read(back.read(&mut buf));
if rc.is_err() {
log::warn!("backend read failed: {:?}", rc);
self.closing = true;
return;
}
let maybe_len = rc.unwrap();
match maybe_len {
Some(0) => {
log::debug!("back eof");
self.closing = true;
}
Some(len) => {
self.tls_session.writer().write_all(&buf[..len]).unwrap();
}
None => {}
};
}
fn incoming_plaintext(&mut self, buf: &[u8]) {
match self.mode {
ServerMode::Echo => {
self.tls_session.writer().write_all(buf).unwrap();
}
}
}
fn tls_write(&mut self) -> io::Result<usize> {
self.tls_session.write_tls(&mut self.socket)
}
fn do_tls_write_and_handle_error(&mut self) {
let rc = self.tls_write();
if rc.is_err() {
log::warn!("write failed {:?}", rc);
self.closing = true;
}
}
fn register(&mut self, registry: &mio::Registry) {
let event_set = self.event_set();
registry
.register(&mut self.socket, self.token, event_set)
.unwrap();
if self.back.is_some() {
registry
.register(
self.back.as_mut().unwrap(),
self.token,
mio::Interest::READABLE,
)
.unwrap();
}
}
fn reregister(&mut self, registry: &mio::Registry) {
let event_set = self.event_set();
registry
.reregister(&mut self.socket, self.token, event_set)
.unwrap();
}
fn deregister(&mut self, registry: &mio::Registry) {
registry.deregister(&mut self.socket).unwrap();
if self.back.is_some() {
registry.deregister(self.back.as_mut().unwrap()).unwrap();
}
}
fn event_set(&self) -> mio::Interest {
let rd = self.tls_session.wants_read();
let wr = self.tls_session.wants_write();
if rd && wr {
mio::Interest::READABLE | mio::Interest::WRITABLE
} else if wr {
mio::Interest::WRITABLE
} else {
mio::Interest::READABLE
}
}
fn is_closed(&self) -> bool {
self.closed
}
}
pub fn load_certs(filename: &PathBuf) -> Vec<rustls::Certificate> {
let certfile = fs::File::open(filename).expect("cannot open certificate file");
let mut reader = BufReader::new(certfile);
rustls_pemfile::certs(&mut reader)
.unwrap()
.iter()
.map(|v| rustls::Certificate(v.clone()))
.collect()
}
pub fn load_private_key(filename: &PathBuf) -> rustls::PrivateKey {
let keyfile = fs::File::open(filename).expect("cannot open private key file");
let mut reader = BufReader::new(keyfile);
loop {
match rustls_pemfile::read_one(&mut reader).expect("cannot parse private key .pem file") {
Some(rustls_pemfile::Item::RSAKey(key)) => return rustls::PrivateKey(key),
Some(rustls_pemfile::Item::PKCS8Key(key)) => return rustls::PrivateKey(key),
Some(rustls_pemfile::Item::ECKey(key)) => return rustls::PrivateKey(key),
None => break,
_ => {}
}
}
panic!(
"no keys found in {:?} (encrypted keys not supported)",
filename
);
}
#[allow(dead_code)]
pub fn run(listener: TcpListener) {
let versions = &[&rustls::version::TLS13];
let test_dir = std::path::PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests");
let certs = load_certs(&test_dir.join("fixtures").join("leaf-server.pem"));
let privkey = load_private_key(&test_dir.join("fixtures").join("leaf-server-key.pem"));
let config = rustls::ServerConfig::builder()
.with_cipher_suites(rustls::ALL_CIPHER_SUITES)
.with_kx_groups(&rustls::ALL_KX_GROUPS)
.with_protocol_versions(versions)
.unwrap()
.with_no_client_auth()
.with_single_cert(certs, privkey)
.unwrap();
run_with_config(listener, config)
}
pub fn run_with_config(mut listener: TcpListener, config: rustls::ServerConfig) {
let mut poll = mio::Poll::new().unwrap();
poll.registry()
.register(&mut listener, LISTENER, mio::Interest::READABLE)
.unwrap();
let mut tlsserv = EchoServer::new(listener, ServerMode::Echo, Arc::new(config));
let mut events = mio::Events::with_capacity(256);
loop {
if let Err(e) = poll.poll(&mut events, None) {
if e.kind() == std::io::ErrorKind::Interrupted {
log::debug!("I/O error {:?}", e);
continue;
}
panic!("I/O error {:?}", e);
}
for event in events.iter() {
match event.token() {
LISTENER => {
tlsserv
.accept(poll.registry())
.expect("error accepting socket");
}
_ => tlsserv.conn_event(poll.registry(), event),
}
}
}
}

21
tests/fixtures/chain.pem vendored Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIBXzCCAQUCFHzubCyE5kiBqAHQGfctkQN2q3TFMAoGCCqGSM49BAMCME4xCzAJ
BgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UE
CgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMjYwMjIxMDczMzM4WhgPMjA1
MzA3MDkwNzMzMzhaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDz1/dQDHQeTjpDudlzUhWzO9RoRyMD7WHVFfhKmnTPwfNpo
4pBI6zWzPaX+1yIESrFKMB/3z6Kg5XvUYzghiBQwCgYIKoZIzj0EAwIDSAAwRQIh
AOfUKudqSEH+qWvddhwNCzJxVSjTVYM6UUb1y+6gYLmVAiAhEIdRb9+4EkFMyE69
j/eLxFsQw9SDJVW1ikFddk3bDA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBmjCCAT8CFGjUADT9CW6hCEQDXIVshzmwrcMgMAoGCCqGSM49BAMCME4xCzAJ
BgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UE
CgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMjYwMjIxMDczMzM3WhgPMjA1
MzA3MDkwNzMzMzdaME4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsG
A1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQMWMHHlN9e0LjSJf/DincyIZWJqPixcNbY
GfsF09vGm8spLZqE01yp+ZfaRBwAEDEnXRjGy4x3pvbUeYw6S6pwMAoGCCqGSM49
BAMCA0kAMEYCIQCGre8m+M4rLIT99ME+LqO7A4YSojffdutsOgRlf4x3SQIhAJjO
FjLActbhIsCFG17eN6XU+0KXj+6riRP0cSjwrKcH
-----END CERTIFICATE-----

5
tests/fixtures/intermediate-ca-key.pem vendored Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJ866me3sarFhXHOC+YMybl2kXIb0n/HcxkMyaROp7zToAoGCCqGSM49
AwEHoUQDQgAEDFjBx5TfXtC40iX/w4p3MiGViaj4sXDW2Bn7BdPbxpvLKS2ahNNc
qfmX2kQcABAxJ10YxsuMd6b21HmMOkuqcA==
-----END EC PRIVATE KEY-----

11
tests/fixtures/intermediate-ca.pem vendored Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBmjCCAT8CFGjUADT9CW6hCEQDXIVshzmwrcMgMAoGCCqGSM49BAMCME4xCzAJ
BgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UE
CgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMjYwMjIxMDczMzM3WhgPMjA1
MzA3MDkwNzMzMzdaME4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsG
A1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQMWMHHlN9e0LjSJf/DincyIZWJqPixcNbY
GfsF09vGm8spLZqE01yp+ZfaRBwAEDEnXRjGy4x3pvbUeYw6S6pwMAoGCCqGSM49
BAMCA0kAMEYCIQCGre8m+M4rLIT99ME+LqO7A4YSojffdutsOgRlf4x3SQIhAJjO
FjLActbhIsCFG17eN6XU+0KXj+6riRP0cSjwrKcH
-----END CERTIFICATE-----

5
tests/fixtures/intermediate-server-key.pem vendored Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIDrbR20jHToI8OfzNbHDPwVeL7W7U1QJZL5fFZM2k9SOoAoGCCqGSM49
AwEHoUQDQgAEPPX91AMdB5OOkO52XNSFbM71GhHIwPtYdUV+EqadM/B82mjikEjr
NbM9pf7XIgRKsUowH/fPoqDle9RjOCGIFA==
-----END EC PRIVATE KEY-----

10
tests/fixtures/intermediate-server.pem vendored Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBXzCCAQUCFHzubCyE5kiBqAHQGfctkQN2q3TFMAoGCCqGSM49BAMCME4xCzAJ
BgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UE
CgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMjYwMjIxMDczMzM4WhgPMjA1
MzA3MDkwNzMzMzhaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDz1/dQDHQeTjpDudlzUhWzO9RoRyMD7WHVFfhKmnTPwfNpo
4pBI6zWzPaX+1yIESrFKMB/3z6Kg5XvUYzghiBQwCgYIKoZIzj0EAwIDSAAwRQIh
AOfUKudqSEH+qWvddhwNCzJxVSjTVYM6UUb1y+6gYLmVAiAhEIdRb9+4EkFMyE69
j/eLxFsQw9SDJVW1ikFddk3bDA==
-----END CERTIFICATE-----

5
tests/fixtures/leaf-client-key.pem vendored Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIOc/3AzIjB+19/geWYKEmKba86WdhAsluZaPqkjSqERroAoGCCqGSM49
AwEHoUQDQgAEGgqtk8CddQsQKgtS471EXARUxDCEGKputhbgIxYWROyqXnnZ6V6o
as2YGkmj//2MjLRW3R2Po0cuOUzxiVgfqw==
-----END EC PRIVATE KEY-----

13
tests/fixtures/leaf-client.pem vendored Normal file
View File

@@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB6jCCAZCgAwIBAgIUaNQANP0JbqEIRANchWyHObCtwyMwCgYIKoZIzj0EAwIw
TjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MQww
CgYDVQQKDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0yNjAyMjEwNzQ2MjNa
GA8yMDUzMDcwOTA3NDYyM1owSzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRl
MQ0wCwYDVQQHDARDaXR5MQwwCgYDVQQKDANPcmcxDzANBgNVBAMMBmNsaWVudDBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBoKrZPAnXULECoLUuO9RFwEVMQwhBiq
brYW4CMWFkTsql552eleqGrNmBpJo//9jIy0Vt0dj6NHLjlM8YlYH6ujTTBLMAkG
A1UdEwQCMAAwHQYDVR0OBBYEFBqdjBB1UFsM78XwtpXVL7HZzjpYMB8GA1UdIwQY
MBaAFPPmBpkb78hFjPF859+Foy9YAgBTMAoGCCqGSM49BAMCA0gAMEUCIQDNpDHS
mKnhKjYN4FcF1jY6jP849bp1iVRXLohUZiV97AIgKQzXd0i5crkxYZxiuV8+FanV
0AnPOzEyfEJJcVxQKJ0=
-----END CERTIFICATE-----

5
tests/fixtures/leaf-server-key.pem vendored Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIO5y72YFvsXbun4zTR/R0uyXuVEjj85qCd4rNyyFf8n5oAoGCCqGSM49
AwEHoUQDQgAET/XXCFooruxTjbFsUbUx61dj8cJP9u9fiZQjBlArTYHOzhmzOSAE
c/KugBPBgjs/tv0XN+gzytvO8ZP66fm/og==
-----END EC PRIVATE KEY-----

10
tests/fixtures/leaf-server.pem vendored Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBYDCCAQUCFGjUADT9CW6hCEQDXIVshzmwrcMiMAoGCCqGSM49BAMCME4xCzAJ
BgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEMMAoGA1UE
CgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMjYwMjIxMDczMzM3WhgPMjA1
MzA3MDkwNzMzMzdaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABE/11whaKK7sU42xbFG1MetXY/HCT/bvX4mUIwZQK02Bzs4Z
szkgBHPyroATwYI7P7b9FzfoM8rbzvGT+un5v6IwCgYIKoZIzj0EAwIDSQAwRgIh
APbdoZeyZRjCUbfdRxo2IcEEUqBqbUSx41JYSXLhpg7QAiEA6Gs+IfcsUzIeQWOR
MDTn7Ra0gqglMNf126nb1OXFwAg=
-----END CERTIFICATE-----

5
tests/fixtures/root-ca-key.pem vendored Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIKNp0iOcAtuUqCVQO9091W12EehsnotOFDD0VQS5PYUooAoGCCqGSM49
AwEHoUQDQgAE54OuvyHlxoS7qItpOUiY9gdqOPLbsMwkHY81yvAvftR7waKI0TIZ
81Gqg9komHxXja3UP4ZgcrhBprXdBui0ZQ==
-----END EC PRIVATE KEY-----

13
tests/fixtures/root-ca.pem vendored Normal file
View File

@@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB8zCCAZmgAwIBAgIUMKnFU92lhc6e2Bp7EEx67/f9OfIwCgYIKoZIzj0EAwIw
TjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MQww
CgYDVQQKDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0yNjAyMjEwNzMzMzda
GA8yMDUzMDcwOTA3MzMzN1owTjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRl
MQ0wCwYDVQQHDARDaXR5MQwwCgYDVQQKDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9z
dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOeDrr8h5caEu6iLaTlImPYHajjy
27DMJB2PNcrwL37Ue8GiiNEyGfNRqoPZKJh8V42t1D+GYHK4Qaa13QbotGWjUzBR
MB0GA1UdDgQWBBTz5gaZG+/IRYzxfOffhaMvWAIAUzAfBgNVHSMEGDAWgBTz5gaZ
G+/IRYzxfOffhaMvWAIAUzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gA
MEUCIQDaqbbPvBGAvOuGuKkAUxLqeTvvYhUPDxp61ACmTjt4NQIgBRa8b1v7XO5/
A3QagCSPLBLQNGe1l1fSyuVyYkQ4NHI=
-----END CERTIFICATE-----

1
tests/fixtures/root-ca.srl vendored Normal file
View File

@@ -0,0 +1 @@
68D40034FD096EA10844035C856C8739B0ADC323

28
tests/fixtures/rsa-leaf-client-key.pem vendored Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCEhoycxa265DP1
9TRtPJANnUXOzgFEJWyxHov3DLPClJjpTldyUdpWzMdgHvqBy3RWSXfvXKo3NBE+
3gUOdNjWlQDPRHLEeZbmbfYJR34Fq/2qEDIJAPBJIbutGJ7mHN/uptky1mTxkG93
7Yg+iOYe92itA9F/Hp7S30vTHF+BGeGFVySSFANMzVByYApOn5b3aU0Is9yqB2JH
z2/FJK442u1wbDUMlUiu5u0Z2mi83YIaD48zPACqvTJPpOE8dlhwm0T3J/4DeC35
mP+H4WYTomThOgOxXmcwBEvyfhp+AM3bg7P/fkLieOL8V39bCBkFxuQQ2XUSiP1b
UavPH/1FAgMBAAECggEAAxKvo1moxqL7Ws0Icy6qqct8zpJ+UFs3IwBHVJTfJ42U
jMxmlghfMhC7isy3wwIPEjUlP8/77nMZofCPWMoi1mRMHteX0FsqwZseemaa/dIC
0XULWU7D7kjcS4487lm7Dj32NAnpUKSoa7UpVJyODCfGg0SJu2iKsZnAmLDuvKqZ
bMVkH/5l3WubHgwlla1K8z+B+pCB9Vo1nUy0vumgl3R6MUeD+VYMuKC/lC2ii34b
OLCzJtTym9WLcH5uM9EHuzzgJkNkLo5KZ2dwibjOfML5iFl3mMIskFsvN558tJdN
U5yyR73qlzWnCWG/7Zdk3zxFXlxnajDqkfkuo2p9oQKBgQC67HlH09q2osol1hxt
RKcWThjpaCvL+9/g3ZxOi7nQ05ICwqG63rPw9BLCgQ+/ojPvgQzOl71uxfhJUn0G
YubdEys1jxmsq6Xomr+JlqjiVvq7VQb9jui33oNMlFNblCwRkv4WNfRf2osClbJy
kEKzFp+mUiHE/TqW8XdWQ3ZMGQKBgQC1f9qCuL699GQ4UFt78EX/+w0i3vKOCV/G
rXkIPpOoteiP3WbDe8KPtlBI/OA2sx6WOcoCN2njPUvMg1OJYwoG6lW3KtCH7q4d
jbUHA3fujk6qungZzmGyQuP0SF+WPuapfJJTMudv8/Q8iqyw0A0jrika0uomk9GO
hmuN4NMgDQKBgDsps61XUady2Pam0TKIgzYdG+dscEhM/WxH2DxIH1UIUfOLtPLX
oC6IohNsFBb8eOG6f9o3zt5rzI0wjZ/i191rPsbh9yde4NFBgZRD2kpha1S1sdO5
UtE3nWk0nTmkKVqaos9W3nUkT9FOnj+Ch4n1hCx5XHTkDZJO9Q2ZpqypAoGAXxaH
xVrC28QRSYuYElu0YMMHg9BoJU/19KHnuhEGzSnYmJ62+w14xlAOyd5qHV5EVRIb
qoObnyj68D+RYXYYx7y3gYoVzFGYuPUH9Y+0oq+9uSaOS37bokf3I4FTSuTTddJE
2v/dTsLxn1JL3Spy59GTyXDcqa9h55i2+pLiKXUCgYBFBdZcjsTkjubzYgt2eZdF
i1cBwhOHqzXf8YDXlGo+FFHMyi4BsK4ZiMyhclCYe81+qT7fJG2AXq0sU8QppfeT
q/W55cosZsGXbMfN+RG+IXP7WoFL5pO72vu7IHx1h81SxWNG9EijSYr6A9d4coRF
soksgMdIMuQQU1UF1a5m8A==
-----END PRIVATE KEY-----

19
tests/fixtures/rsa-leaf-client.pem vendored Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDJTCCAg0CFDvurK/y+VjruSv6kiAH1rRUsRNbMA0GCSqGSIb3DQEBCwUAME4x
CzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEMMAoG
A1UECgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMjYwMjIxMDczMzQxWhgP
MjA1MzA3MDkwNzMzNDFaME4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTEN
MAsGA1UEBwwEQ2l0eTEMMAoGA1UECgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEhoycxa265DP19TRtPJAN
nUXOzgFEJWyxHov3DLPClJjpTldyUdpWzMdgHvqBy3RWSXfvXKo3NBE+3gUOdNjW
lQDPRHLEeZbmbfYJR34Fq/2qEDIJAPBJIbutGJ7mHN/uptky1mTxkG937Yg+iOYe
92itA9F/Hp7S30vTHF+BGeGFVySSFANMzVByYApOn5b3aU0Is9yqB2JHz2/FJK44
2u1wbDUMlUiu5u0Z2mi83YIaD48zPACqvTJPpOE8dlhwm0T3J/4DeC35mP+H4WYT
omThOgOxXmcwBEvyfhp+AM3bg7P/fkLieOL8V39bCBkFxuQQ2XUSiP1bUavPH/1F
AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABUFayU+Mn+rmHSXMkNabzhjzwBoTuVR
9TxyvlFcMcoEoVqek4JlXNCS4Ipw7vky4ukh6KoQIDzHt7z8rKo5LlALW3pWNxtd
aZI5w4WPSmuMTvUJHfUgCC9b2cmzoKH2YdFfD64KxSBO3KvRlMP7xrLgdedyVojg
pd4igTPVHfUil1gRWemiuPLYtxyuw3CXqzEJ03qyVuisDiDxyxAGKZ7Kh80pMyl5
EzOl5D7zv+8GaTQciR2O1n5+sQwr6i0gQ3zBsHbasL/dryP8ISUyto8blemVt7rJ
8pOH7L23s+nFugPL2LXgyhQKp+1ONS4MvJJnD+0s5OgAYHdpn1AMX/Y=
-----END CERTIFICATE-----

28
tests/fixtures/rsa-leaf-server-key.pem vendored Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDPieSeFN92AlKa
sDv0K5SN7GSPpUypPTFLbyZyXj09THeXs65cGrH1hGeVCmvneLk8rYzDvL1RBygQ
DHKentw6XApNtUQd6iRfm4vCjHecj351OQw1ongn9lmf5DLoo3jxQ+1YDSHsKM0F
t22ZMX/PAvZkv6EoNwU85hn7jUUIN8sWGLb64MFjlszQkkU1d4xhB+eM8j0S8nwl
3+/yj/iefvLUt3U0HxCQgRN34Ok5ifDyDL6qIYIY080GZ1sSb1QQx2GqJ+t3UxYU
jK8LMk+9H7FiNojaV1aryA+T68ny4xtd0u3+n3k3qu03/aKQCQQ30Yto/HmvdcRM
HrUybCT1AgMBAAECggEAVMh7Wc0jIN2AC2uVgoFPNc9toXUg5T53Zd6pcS1ojSMw
9AtWXpAVRTxq6GsSe8RIwC4SBGCVYoWu6yd6p6w0Qa8aEnbLtgDSDTDJHpgtwQqp
2Y+NmleeCI1OPdCGr50gqkdarY7n3ccpQn2Vy3B6SwJlz/CtEHWxsRg7YxVqLxmH
c681YifQHIMKoEq18bH0Kv1aZb62qHTViwhLXgl5wER0g5bB6DGdQBO/MaEuvk3m
bM1doT11AO0HWAOiSL+cqjbKPhvG/+4w6eKjxKbmlf8WaC74/QaT/2PPbrCHRJy2
JK5iWtC1hrMeolr2bQ7/poGsyf12vXUu2Gdvd3my3QKBgQDuA4CetV2OBpvtqPAa
mCOrW+9xL5UhhxLVCnaf5ASUKiYlnXLIJIPXZYXWQfZmkm3IR60HrVKYFRMz7dlt
K17jufDi2J30yWxDhfgt4hW7b+2GaGYV2IB9J6JgsKP7A+xEtui0Fsewl5n4Vcg4
qXV1fR8/7SEMftaYfWMabriKHwKBgQDfONXVzbDYscXvlDSOdKvqnGqw1akZ/HXB
SewAJSQFYhxEew8xFQrEksj9JutgfjyE0O3qMfPKu+7MZRtigYcWkIBM4LkVXbur
1xeQF+wswcvrPk1kgHilWNCLwyS3d59oNWkVTQapi5aNRrUw6WcUF+vuVdPAPEwr
0jEI/pxWawKBgG9/iohOtBXteKxb4KbEsKj8t22Rec4sBaFxdmKuoYp7OEWUvYmO
uYh1Eb5uRiyE2hLhqOgYxMFj1gwUly9yCtCpcXQDP/PFTAdRwhJUgBO/ekjlrTT8
qCx5HbMn7JmRm+QQv3Bl34QVcNaJ8PLCR7kTNUlwH3RIEuV6j6t5RM/HAoGBAK6E
2vnrdMYWRvBGaMivgvFMFUXn5euBK/dQegirAPyMdhk8NOZk0yRYtnblhMTOLTaR
ulCNeVMZl1uJ+N0M87a6hvSUBWAlBmMVKUDo0ycy5OEoto1KvAhZ5cI/cWdXSPPK
Pjv/GqRXk/8kNujkskhNY5HU3FbBTbQ9A0VK+qO9AoGBANS7QFVT1eOgDfRintAY
58XCf+rB36jjxDPmbLXflV6LdSJfhK8HFQIhgu3n2tmyh78mlP7pQZVIA9vHOf4m
MePga9YsjsY8fpkTntje3uOXyDmiCasUK/1YwNmJgpbg9aaScbKDtLAAYRpV5wIj
7TvrmVKy7wOiT51KCbyZaESG
-----END PRIVATE KEY-----

18
tests/fixtures/rsa-leaf-server.pem vendored Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC6zCCAdMCFDvurK/y+VjruSv6kiAH1rRUsRNaMA0GCSqGSIb3DQEBCwUAME4x
CzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEMMAoG
A1UECgwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMjYwMjIxMDczMzQxWhgP
MjA1MzA3MDkwNzMzNDFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAM+J5J4U33YCUpqwO/QrlI3sZI+lTKk9MUtv
JnJePT1Md5ezrlwasfWEZ5UKa+d4uTytjMO8vVEHKBAMcp6e3DpcCk21RB3qJF+b
i8KMd5yPfnU5DDWieCf2WZ/kMuijePFD7VgNIewozQW3bZkxf88C9mS/oSg3BTzm
GfuNRQg3yxYYtvrgwWOWzNCSRTV3jGEH54zyPRLyfCXf7/KP+J5+8tS3dTQfEJCB
E3fg6TmJ8PIMvqohghjTzQZnWxJvVBDHYaon63dTFhSMrwsyT70fsWI2iNpXVqvI
D5PryfLjG13S7f6feTeq7Tf9opAJBDfRi2j8ea91xEwetTJsJPUCAwEAATANBgkq
hkiG9w0BAQsFAAOCAQEAqDx0KKVOXHTe5QHxtmq8PDmRNoixHoMjf1QLSBnup8Os
quVQ1jLrZPdtUgVS+dJjMoEk3yDLya66+WADJDa03PGJ5vis/6Sn0reo0hpaTIxx
bB7h65v8N5AHCIA5iJPPdYo9D7qKOfsnZ3iShWEoD4SjjmcnkLQ4/NFiv2gBF5Xa
LO23STWOIeNvOvNYAwBTJ614EIyI9n1qAKx5whVF1jIoTp1DFda2MYNunSk9tHUE
eoPBolaegzDImX4PVkwDLthlSqzOOueQwHjS4jRqjwO5GVUo3JD4Hs6dMY2T4YO8
n+9Q7JvU9Vei0/3RD7xOPpY47VG38pfi+iPAS7SsbQ==
-----END CERTIFICATE-----

28
tests/fixtures/rsa-root-ca-key.pem vendored Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtW62UGSYLPB4V
ZurqL7bE2nJNyLrcvMQV3zkOVbnR9hrzofCELRCpaIZyQzg2OqX56kyEu94SPNcM
513U+Ega2ij0xmucF3vrB6DjDuusIZzxu771n//QcS2vuIF6GJn1c4P5Zcc0hJGk
nqHmHZ2Z9srEqmTKGgK8ar7HK7pKuBHqR4umdSdPXyjhx+7OPiVQpNY3oWtdCUsE
CqGMIlRNDGpW/JVhYd47KfeI1syhNj08zEX8CvBgXmbNWeGgvCN6FYbF8Pqyq527
seALs2ZiY5FX2QekI3StQoXl2S5QY740OGHt+NkIS7BEtRjSW6fTeg3CI12uyS03
PLDCPVI9AgMBAAECggEABe3gSnPvvqugNcgu2bKnFCWKikmGxpz4Me1QFMLu15UM
x+9ue/7Ulo66JndRGV25JoqScmnAhywoiMrzBSE2yiBTDUgqDw0oklnQ8WMlwV3m
8cejmOAPjlAIqX1shEIKJgB8749BGHU+S/yW+fliVg1AUyimyNjJ5iraepJuzTZf
ECn+Ho4rN2MnOvFolJxVitVA2vrEj2soiysNKmwP9ykxRI6vGUZxIZgRpm+MX/Gg
C+lxAZe+aqikpwTHDLz9fliajubAfoONLJGihlUfWCy3p58I7TPR1FG3neXovQG2
FBXeyByvYlgjaCY1qERu0lEBVjvwk7fgnbfgaff1MQKBgQDYKTyOLtlSF7zEp2/V
he6a7cDQ99z2xGMHf7cwajeq+rOVRZiWRIierGVluXq3YkIpQYt8ATTF36KXgs/N
i0ciitRrIUZGkPGx1vG8tUT0RnSDPRSjN/bWB6heAc4Ok2k+4952ir5YnauZJiMX
hMyExcpFCkoKpkJtD2P0hXwYKQKBgQDNTvEIQSe1ShgSGbi3kwNnE5iBtecdCJtN
0Mc2QrnK7kgb2WBhkNLOX0qCVYhq9flGkmkOnZ0A098B+0lBxAVzrSxVND/fcZxD
P/frJoD8Cjlsvs6byXSCw5OnOI4p2vbVOPG3/tenamT1VnZjd+ui4dmfzc132QVB
mdQJobr79QKBgBQxNfDqO27JvN557Z56lmFumDZtEP0UN1P6ADjLk0urg58ME0bm
PATmgcpQ2z/KM/f6oXcB/dYGIAAbPiIrQofdhB5Fy3TIEWvVclt4a2qOMlAYIpdk
oPA5Yub1MDR4XLp9OsjECSfqAp+ZymlmBFzaxRxR67y27zmU2Hd9CKyRAoGAZ2hY
bLDsgBo2r383E3c/on4zNTnakzwPhQ0gGYtYKwcDWMuPCPU5yGokjCrqj/0eNdZu
hccLGiycyVG43yANIutZRf0QIsoFS7X/d/gnxUqdC9G7HKpGPcqmJvaMXDaGVnTd
ArCgDBnBifSnoof3Lk4VH7E3ySKMzDLfoo5MMLUCgYAzp9jwHOW0LIfC+jtsg6OZ
R3t94M1zDsmqsom9ybA8slJ1lJ1kelRFe/rMq0A1Mgk0NIu2SqVIQMpaZwClyCgz
UU5idCghdDEz+YMZzwGWaXhRONvQ6pjfxRXGHJTP09BXXv9yRMW/VaCv3Ep29pZP
wBRBeeD/nNl1NZRkqDT2bQ==
-----END PRIVATE KEY-----

21
tests/fixtures/rsa-root-ca.pem vendored Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIUXcX7sKMszgJxJBxXW38sZQ4PTMAwDQYJKoZIhvcNAQEL
BQAwTjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5
MQwwCgYDVQQKDANPcmcxEjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0yNjAyMjEwNzMz
NDBaGA8yMDUzMDcwOTA3MzM0MFowTjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0
YXRlMQ0wCwYDVQQHDARDaXR5MQwwCgYDVQQKDANPcmcxEjAQBgNVBAMMCWxvY2Fs
aG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1brZQZJgs8HhVm
6uovtsTack3Iuty8xBXfOQ5VudH2GvOh8IQtEKlohnJDODY6pfnqTIS73hI81wzn
XdT4SBraKPTGa5wXe+sHoOMO66whnPG7vvWf/9BxLa+4gXoYmfVzg/llxzSEkaSe
oeYdnZn2ysSqZMoaArxqvscrukq4EepHi6Z1J09fKOHH7s4+JVCk1jeha10JSwQK
oYwiVE0Malb8lWFh3jsp94jWzKE2PTzMRfwK8GBeZs1Z4aC8I3oVhsXw+rKrnbux
4AuzZmJjkVfZB6QjdK1CheXZLlBjvjQ4Ye342QhLsES1GNJbp9N6DcIjXa7JLTc8
sMI9Uj0CAwEAAaNTMFEwHQYDVR0OBBYEFM5Oy6DzdnkIIXkcHJeex2+qqyv0MB8G
A1UdIwQYMBaAFM5Oy6DzdnkIIXkcHJeex2+qqyv0MA8GA1UdEwEB/wQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBAB8IgDLmfHEQ5dYZlNfDdpAz2WwqJzMicByRqXPx
IaKHyM2yBOExKWwcMJfjJtxAHMQ69HRLm6lC4ny5KOAVCuhpHtnHCNH8sC+/1kjx
K8BrKWXtgssci9NiPCHGtapvJVx5woB6BPYESggoYlHSNisAsauUAI7rG1bohO6C
2dqZu2FyQm95ICJQlGNZ/nMdcB41iHzL0NVcDeoxPVj5+lQiFG+GoVZxcK753Nca
+inzlYfoCIYUlU8/JGXIHmKkjwaHW25zN/g5734WPddSGC/4IFYVx+G9NcTNLZph
A030PCCEq5Ws4eP1ztCGDJ6/q5a3kDRFsPmsukJXcf3CXt0=
-----END CERTIFICATE-----

66
tests/fixtures/setup_fixtures.sh vendored Executable file
View File

@@ -0,0 +1,66 @@
#!/usr/bin/env bash
set -e
SUBJ_CA="/C=US/ST=State/L=City/O=TestOrg/CN=TestRootCA"
SUBJ_IM="/C=US/ST=State/L=City/O=TestOrg/CN=TestIntermediateCA"
SUBJ_SRV="/CN=localhost"
SUBJ_CLI="/C=US/ST=State/L=City/O=TestOrg/CN=TestClient"
SUBJ_RSA_CA="/C=US/ST=State/L=City/O=TestOrg/CN=TestRsaRootCA"
EXT_CA="basicConstraints=critical,CA:TRUE\nsubjectKeyIdentifier=hash\nauthorityKeyIdentifier=keyid:always"
EXT_LEAF="basicConstraints=CA:FALSE\nsubjectKeyIdentifier=hash\nauthorityKeyIdentifier=keyid,issuer"
# Root CA
openssl ecparam -name prime256v1 -genkey -noout -out root-ca-key.pem
openssl req -new -x509 -sha256 -key root-ca-key.pem -days 3650 -out root-ca.pem -subj "$SUBJ_CA"
# Intermediate CA
openssl ecparam -name prime256v1 -genkey -noout -out intermediate-ca-key.pem
openssl req -new -sha256 -key intermediate-ca-key.pem -out _im.csr -subj "$SUBJ_IM"
openssl x509 -req -in _im.csr -CA root-ca.pem -CAkey root-ca-key.pem \
-CAcreateserial -out intermediate-ca.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_CA")
rm _im.csr
# Server leaf cert (signed by root CA)
openssl ecparam -name prime256v1 -genkey -noout -out leaf-server-key.pem
openssl req -new -sha256 -key leaf-server-key.pem -out _srv.csr -subj "$SUBJ_SRV"
openssl x509 -req -in _srv.csr -CA root-ca.pem -CAkey root-ca-key.pem \
-CAcreateserial -out leaf-server.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_LEAF")
rm _srv.csr
# Client leaf cert (signed by root CA)
openssl ecparam -name prime256v1 -genkey -noout -out leaf-client-key.pem
openssl req -new -sha256 -key leaf-client-key.pem -out _cli.csr -subj "$SUBJ_CLI"
openssl x509 -req -in _cli.csr -CA root-ca.pem -CAkey root-ca-key.pem \
-CAcreateserial -out leaf-client.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_LEAF")
rm _cli.csr
# Intermediate server cert + chain
openssl ecparam -name prime256v1 -genkey -noout -out intermediate-server-key.pem
openssl req -new -sha256 -key intermediate-server-key.pem -out _imsrv.csr -subj "$SUBJ_SRV"
openssl x509 -req -in _imsrv.csr -CA intermediate-ca.pem -CAkey intermediate-ca-key.pem \
-CAcreateserial -out intermediate-server.pem -days 3650 -sha256 \
-extfile <(printf "$EXT_LEAF")
rm _imsrv.csr
cat intermediate-server.pem intermediate-ca.pem > chain.pem
# RSA root CA
openssl req -x509 -newkey rsa:2048 -keyout rsa-root-ca-key.pem -nodes \
-out rsa-root-ca.pem -sha256 -days 3650 -subj "$SUBJ_RSA_CA"
# RSA server cert
openssl req -newkey rsa:2048 -keyout rsa-leaf-server-key.pem -nodes \
-out _rsasrv.csr -sha256 -subj "$SUBJ_SRV"
openssl x509 -req -CA rsa-root-ca.pem -CAkey rsa-root-ca-key.pem \
-in _rsasrv.csr -out rsa-leaf-server.pem -days 3650 -CAcreateserial
rm _rsasrv.csr
# RSA client cert
openssl req -newkey rsa:2048 -keyout rsa-leaf-client-key.pem -nodes \
-out _rsacli.csr -sha256 -subj "$SUBJ_CLI"
openssl x509 -req -CA rsa-root-ca.pem -CAkey rsa-root-ca-key.pem \
-in _rsacli.csr -out rsa-leaf-client.pem -days 3650 -CAcreateserial
rm _rsacli.csr

1305
tests/integration.rs Normal file
View File

File diff suppressed because it is too large Load Diff