Cleans up tests

aws · Oct 18, 2024 · d7640d7 · d7640d7
1 parent a6fab76
commit d7640d7
Showing 1 changed file with 46 additions and 81 deletions.
diff --git a/tests/unit/s2n_wildcard_hostname_test.c b/tests/unit/s2n_wildcard_hostname_test.c
@@ -94,42 +94,45 @@ int main(int argc, char **argv)
  S2N_ERR_NO_CERT_FOUND);
  }
 
- /* Client does not send an SNI extension */
- {
- DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT),
- s2n_connection_ptr_free);
- EXPECT_NOT_NULL(client_conn);
-
- DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
- s2n_connection_ptr_free);
- EXPECT_NOT_NULL(server_conn);
-
- DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
- EXPECT_NOT_NULL(config);
- DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = NULL,
- s2n_cert_chain_and_key_ptr_free);
- EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key,
- S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY));
- EXPECT_SUCCESS(s2n_config_disable_x509_verification(config));
- EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
-
- EXPECT_SUCCESS(s2n_connection_set_config(server_conn, config));
- EXPECT_SUCCESS(s2n_connection_set_config(client_conn, config));
-
- DEFER_CLEANUP(struct s2n_test_io_stuffer_pair io_pair = { 0 }, s2n_io_stuffer_pair_free);
- EXPECT_OK(s2n_io_stuffer_pair_init(&io_pair));
- EXPECT_OK(s2n_connections_set_io_stuffer_pair(server_conn, client_conn, &io_pair));
-
- EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn));
- EXPECT_NULL(s2n_get_server_name(server_conn));
-
- s2n_cert_sni_match match_status = 0;
- EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status));
- EXPECT_EQUAL(match_status, S2N_SNI_NONE);
- }
-
- /* Server has a certificate that matches the client's SNI extension */
- {
+ const struct {
+ const char *cert_path;
+ const char *key_path;
+ const char *server_name;
+ s2n_cert_sni_match expected_match_status;
+ } test_cases[] = {
+ /* Client does not send an SNI extension */
+ {
+ .cert_path = S2N_DEFAULT_TEST_CERT_CHAIN,
+ .key_path = S2N_DEFAULT_TEST_PRIVATE_KEY,
+ .server_name = NULL,
+ .expected_match_status = S2N_SNI_NONE,
+ },
+ /* Server has a certificate that matches the client's SNI extension */
+ {
+ .cert_path = S2N_DEFAULT_TEST_CERT_CHAIN,
+ .key_path = S2N_DEFAULT_TEST_PRIVATE_KEY,
+ .server_name = "localhost",
+ .expected_match_status = S2N_SNI_EXACT_MATCH,
+ },
+ /* Server has a certificate with a domain name containing a wildcard character
+ * which can be matched to the client's SNI extension */
+ {
+ .cert_path = S2N_RSA_2048_SHA256_WILDCARD_CERT,
+ .key_path = S2N_RSA_2048_SHA256_WILDCARD_KEY,
+ .server_name = "alligator.localhost",
+ .expected_match_status = S2N_SNI_WILDCARD_MATCH,
+ },
+ /* Server does not have a certificate that can be matched to the client's
+ * SNI extension. */
+ {
+ .cert_path = S2N_DEFAULT_TEST_CERT_CHAIN,
+ .key_path = S2N_DEFAULT_TEST_PRIVATE_KEY,
+ .server_name = "This cert name is unlikely to exist.",
+ .expected_match_status = S2N_SNI_NO_MATCH,
+ },
+ };
+
+ for (size_t i = 0; i < s2n_array_len(test_cases); i++) {
  DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT),
  s2n_connection_ptr_free);
  EXPECT_NOT_NULL(client_conn);
@@ -143,7 +146,7 @@ int main(int argc, char **argv)
  DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = NULL,
  s2n_cert_chain_and_key_ptr_free);
  EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key,
- S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY));
+ test_cases[i].cert_path, test_cases[i].key_path));
  EXPECT_SUCCESS(s2n_config_disable_x509_verification(config));
  EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
 
@@ -154,56 +157,19 @@ int main(int argc, char **argv)
  EXPECT_OK(s2n_io_stuffer_pair_init(&io_pair));
  EXPECT_OK(s2n_connections_set_io_stuffer_pair(server_conn, client_conn, &io_pair));
 
- EXPECT_SUCCESS(s2n_set_server_name(client_conn, "localhost"));
- EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn));
- EXPECT_NOT_NULL(s2n_get_server_name(server_conn));
-
- s2n_cert_sni_match match_status = 0;
- EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status));
- EXPECT_EQUAL(match_status, S2N_SNI_EXACT_MATCH);
- }
-
- /* Server has a certificate with a domain name containing a wildcard character
- * which can be matched to the client's SNI extension */
- {
- DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT),
- s2n_connection_ptr_free);
- EXPECT_NOT_NULL(client_conn);
-
- DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER),
- s2n_connection_ptr_free);
- EXPECT_NOT_NULL(server_conn);
-
- DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
- EXPECT_NOT_NULL(config);
- DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = NULL,
- s2n_cert_chain_and_key_ptr_free);
- EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key,
- S2N_RSA_2048_SHA256_WILDCARD_CERT, S2N_RSA_2048_SHA256_WILDCARD_KEY));
- EXPECT_SUCCESS(s2n_config_disable_x509_verification(config));
- EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
-
- EXPECT_SUCCESS(s2n_connection_set_config(server_conn, config));
- EXPECT_SUCCESS(s2n_connection_set_config(client_conn, config));
-
- DEFER_CLEANUP(struct s2n_test_io_stuffer_pair io_pair = { 0 }, s2n_io_stuffer_pair_free);
- EXPECT_OK(s2n_io_stuffer_pair_init(&io_pair));
- EXPECT_OK(s2n_connections_set_io_stuffer_pair(server_conn, client_conn, &io_pair));
+ const char *server_name = test_cases[i].server_name;
+ if (server_name) {
+ EXPECT_SUCCESS(s2n_set_server_name(client_conn, server_name));
+ }
 
- EXPECT_SUCCESS(s2n_set_server_name(client_conn, "alligator.localhost"));
  EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn));
- EXPECT_NOT_NULL(s2n_get_server_name(server_conn));
 
  s2n_cert_sni_match match_status = 0;
  EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status));
- EXPECT_EQUAL(match_status, S2N_SNI_WILDCARD_MATCH);
+ EXPECT_EQUAL(match_status, test_cases[i].expected_match_status);
  }
 
- /* Server does not have a certificate that can be matched to the client's
- * SNI extension.
- *
- * This most likely occurs in a failed handshake. Test ensures
- * that this information can still be retrieved if the handshake fails. */
+ /* Test that cert info can still be retrieved in the case of a failed handshake */
  {
  DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT),
  s2n_connection_ptr_free);
@@ -232,7 +198,6 @@ int main(int argc, char **argv)
  EXPECT_SUCCESS(s2n_set_server_name(client_conn, "This cert name is unlikely to exist."));
  EXPECT_FAILURE_WITH_ERRNO(s2n_negotiate_test_server_and_client(server_conn, client_conn),
  S2N_ERR_CERT_UNTRUSTED);
- EXPECT_NOT_NULL(s2n_get_server_name(server_conn));
 
  s2n_cert_sni_match match_status = 0;
  EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status));