Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-04 13:10:20 +01:00
Code Issues Projects Releases Packages Wiki Activity

net: Add unit test for accepting a self-signed cert.

Browse source
This commit is contained in:
Josh Matthews 2020-06-09 14:26:43 -04:00
parent 2550600131
commit c8692d83ab
3 changed files with 103 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
components/net/connector.rs
View file

@ -41,7 +41,7 @@ pub struct ConnectionCerts {
} }
impl ConnectionCerts { impl ConnectionCerts {
pub(crate) fn new() -> Self { pub fn new() -> Self {
Self { Self {
certs: Arc::new(Mutex::new(HashMap::new())), certs: Arc::new(Mutex::new(HashMap::new())),
} }
@ -101,11 +101,11 @@ pub type TlsConfig = SslConnectorBuilder;
pub struct ExtraCerts(Arc<Mutex<Vec<Vec<u8>>>>); pub struct ExtraCerts(Arc<Mutex<Vec<Vec<u8>>>>);
impl ExtraCerts { impl ExtraCerts {
pub(crate) fn new() -> Self { pub fn new() -> Self {
Self(Arc::new(Mutex::new(vec![]))) Self(Arc::new(Mutex::new(vec![])))
} }
pub(crate) fn add(&self, bytes: Vec<u8>) { pub fn add(&self, bytes: Vec<u8>) {
self.0.lock().unwrap().push(bytes); self.0.lock().unwrap().push(bytes);
} }
} }
@ -119,7 +119,7 @@ lazy_static! {
static ref HOST_INDEX: Index<Ssl, Host> = Ssl::new_ex_index().unwrap(); static ref HOST_INDEX: Index<Ssl, Host> = Ssl::new_ex_index().unwrap();
} }
pub(crate) fn create_tls_config( pub fn create_tls_config(
certs: &str, certs: &str,
alpn: &[u8], alpn: &[u8],
extra_certs: ExtraCerts, extra_certs: ExtraCerts,

95
components/net/tests/fetch.rs
View file

@ -22,7 +22,7 @@ use hyper::body::Body;
use hyper::{Request as HyperRequest, Response as HyperResponse}; use hyper::{Request as HyperRequest, Response as HyperResponse};
use mime::{self, Mime}; use mime::{self, Mime};
use msg::constellation_msg::TEST_PIPELINE_ID; use msg::constellation_msg::TEST_PIPELINE_ID;
use net::connector::{create_tls_config, ALPN_H2_H1}; use net::connector::{create_tls_config, ConnectionCerts, ExtraCerts, ALPN_H2_H1};
use net::fetch::cors_cache::CorsCache; use net::fetch::cors_cache::CorsCache;
use net::fetch::methods::{self, CancellationListener, FetchContext}; use net::fetch::methods::{self, CancellationListener, FetchContext};
use net::filemanager_thread::FileManager; use net::filemanager_thread::FileManager;
@ -682,7 +682,12 @@ fn test_fetch_with_hsts() {
let (server, url) = make_ssl_server(handler, cert_path.clone(), key_path.clone()); let (server, url) = make_ssl_server(handler, cert_path.clone(), key_path.clone());
let certs = fs::read_to_string(cert_path).expect("Couldn't find certificate file"); let certs = fs::read_to_string(cert_path).expect("Couldn't find certificate file");
let tls_config = create_tls_config(&certs, ALPN_H2_H1); let tls_config = create_tls_config(
&certs,
ALPN_H2_H1,
ExtraCerts::new(),
ConnectionCerts::new(),
);
let mut context = FetchContext { let mut context = FetchContext {
state: Arc::new(HttpState::new(tls_config)), state: Arc::new(HttpState::new(tls_config)),
@ -735,7 +740,12 @@ fn test_load_adds_host_to_hsts_list_when_url_is_https() {
url.as_mut_url().set_scheme("https").unwrap(); url.as_mut_url().set_scheme("https").unwrap();
let certs = fs::read_to_string(cert_path).expect("Couldn't find certificate file"); let certs = fs::read_to_string(cert_path).expect("Couldn't find certificate file");
let tls_config = create_tls_config(&certs, ALPN_H2_H1); let tls_config = create_tls_config(
&certs,
ALPN_H2_H1,
ExtraCerts::new(),
ConnectionCerts::new(),
);
let mut context = FetchContext { let mut context = FetchContext {
state: Arc::new(HttpState::new(tls_config)), state: Arc::new(HttpState::new(tls_config)),
@ -776,6 +786,85 @@ fn test_load_adds_host_to_hsts_list_when_url_is_https() {
.is_host_secure(url.host_str().unwrap())); .is_host_secure(url.host_str().unwrap()));
} }
#[test]
fn test_fetch_self_signed() {
let handler = move |_: HyperRequest<Body>, response: &mut HyperResponse<Body>| {
*response.body_mut() = b"Yay!".to_vec().into();
};
let client_cert_path = Path::new("../../resources/certs").canonicalize().unwrap();
let cert_path = Path::new("../../resources/self_signed_certificate_for_testing.crt")
.canonicalize()
.unwrap();
let key_path = Path::new("../../resources/privatekey_for_testing.key")
.canonicalize()
.unwrap();
let (_server, mut url) = make_ssl_server(handler, cert_path.clone(), key_path.clone());
url.as_mut_url().set_scheme("https").unwrap();
let cert_data = fs::read_to_string(cert_path.clone()).expect("Couldn't find certificate file");
let client_cert_data =
fs::read_to_string(client_cert_path.clone()).expect("Couldn't find certificate file");
let extra_certs = ExtraCerts::new();
let tls_config = create_tls_config(
&client_cert_data,
ALPN_H2_H1,
extra_certs.clone(),
ConnectionCerts::new(),
);
let mut context = FetchContext {
state: Arc::new(HttpState::new(tls_config)),
user_agent: DEFAULT_USER_AGENT.into(),
devtools_chan: None,
filemanager: FileManager::new(create_embedder_proxy(), Weak::new()),
file_token: FileTokenCheck::NotRequired,
cancellation_listener: Arc::new(Mutex::new(CancellationListener::new(None))),
timing: ServoArc::new(Mutex::new(ResourceFetchTiming::new(
ResourceTimingType::Navigation,
))),
};
let mut request = RequestBuilder::new(url.clone())
.method(Method::GET)
.body(None)
.destination(Destination::Document)
.origin(url.clone().origin())
.pipeline_id(Some(TEST_PIPELINE_ID))
.build();
let response = fetch_with_context(&mut request, &mut context);
assert!(matches!(
response.get_network_error(),
Some(NetworkError::SslValidation(..))
));
extra_certs.add(cert_data.as_bytes().into());
// FIXME: something weird happens inside the SSL server after the first
// connection encounters a verification error, and it no longer
// accepts new connections that should work fine. We are forced
// to start a new server and connect to that to verfiy that
// the self-signed cert is now accepted.
let (server, mut url) = make_ssl_server(handler, cert_path.clone(), key_path.clone());
url.as_mut_url().set_scheme("https").unwrap();
let mut request = RequestBuilder::new(url.clone())
.method(Method::GET)
.body(None)
.destination(Destination::Document)
.origin(url.clone().origin())
.pipeline_id(Some(TEST_PIPELINE_ID))
.build();
let response = fetch_with_context(&mut request, &mut context);
assert!(response.status.unwrap().0.is_success());
let _ = server.close();
}
#[test] #[test]
fn test_fetch_with_sri_network_error() { fn test_fetch_with_sri_network_error() {
static MESSAGE: &'static [u8] = b"alert('Hello, Network Error');"; static MESSAGE: &'static [u8] = b"alert('Hello, Network Error');";

9
components/net/tests/main.rs
View file

@ -29,7 +29,7 @@ use hyper::server::conn::Http;
use hyper::server::Server as HyperServer; use hyper::server::Server as HyperServer;
use hyper::service::service_fn_ok; use hyper::service::service_fn_ok;
use hyper::{Body, Request as HyperRequest, Response as HyperResponse}; use hyper::{Body, Request as HyperRequest, Response as HyperResponse};
use net::connector::{create_tls_config, ALPN_H2_H1}; use net::connector::{create_tls_config, ConnectionCerts, ExtraCerts, ALPN_H2_H1};
use net::fetch::cors_cache::CorsCache; use net::fetch::cors_cache::CorsCache;
use net::fetch::methods::{self, CancellationListener, FetchContext}; use net::fetch::methods::{self, CancellationListener, FetchContext};
use net::filemanager_thread::FileManager; use net::filemanager_thread::FileManager;
@ -91,7 +91,12 @@ fn new_fetch_context(
pool_handle: Option<Weak<CoreResourceThreadPool>>, pool_handle: Option<Weak<CoreResourceThreadPool>>,
) -> FetchContext { ) -> FetchContext {
let certs = resources::read_string(Resource::SSLCertificates); let certs = resources::read_string(Resource::SSLCertificates);
let tls_config = create_tls_config(&certs, ALPN_H2_H1); let tls_config = create_tls_config(
&certs,
ALPN_H2_H1,
ExtraCerts::new(),
ConnectionCerts::new(),
);
let sender = fc.unwrap_or_else(|| create_embedder_proxy()); let sender = fc.unwrap_or_else(|| create_embedder_proxy());
FetchContext { FetchContext {