From d7640d7d0ebc684e8ce66a774b7fd9fc600d2b35 Mon Sep 17 00:00:00 2001 From: Appelmans Date: Fri, 18 Oct 2024 13:07:54 -0700 Subject: [PATCH] Cleans up tests --- tests/unit/s2n_wildcard_hostname_test.c | 127 +++++++++--------------- 1 file changed, 46 insertions(+), 81 deletions(-) diff --git a/tests/unit/s2n_wildcard_hostname_test.c b/tests/unit/s2n_wildcard_hostname_test.c index 724b786d6b1..1ff5254f7b0 100644 --- a/tests/unit/s2n_wildcard_hostname_test.c +++ b/tests/unit/s2n_wildcard_hostname_test.c @@ -94,42 +94,45 @@ int main(int argc, char **argv) S2N_ERR_NO_CERT_FOUND); } - /* Client does not send an SNI extension */ - { - DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT), - s2n_connection_ptr_free); - EXPECT_NOT_NULL(client_conn); - - DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER), - s2n_connection_ptr_free); - EXPECT_NOT_NULL(server_conn); - - DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free); - EXPECT_NOT_NULL(config); - DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = NULL, - s2n_cert_chain_and_key_ptr_free); - EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key, - S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY)); - EXPECT_SUCCESS(s2n_config_disable_x509_verification(config)); - EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key)); - - EXPECT_SUCCESS(s2n_connection_set_config(server_conn, config)); - EXPECT_SUCCESS(s2n_connection_set_config(client_conn, config)); - - DEFER_CLEANUP(struct s2n_test_io_stuffer_pair io_pair = { 0 }, s2n_io_stuffer_pair_free); - EXPECT_OK(s2n_io_stuffer_pair_init(&io_pair)); - EXPECT_OK(s2n_connections_set_io_stuffer_pair(server_conn, client_conn, &io_pair)); - - EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn)); - EXPECT_NULL(s2n_get_server_name(server_conn)); - - s2n_cert_sni_match match_status = 0; - EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status)); - EXPECT_EQUAL(match_status, S2N_SNI_NONE); - } - - /* Server has a certificate that matches the client's SNI extension */ - { + const struct { + const char *cert_path; + const char *key_path; + const char *server_name; + s2n_cert_sni_match expected_match_status; + } test_cases[] = { + /* Client does not send an SNI extension */ + { + .cert_path = S2N_DEFAULT_TEST_CERT_CHAIN, + .key_path = S2N_DEFAULT_TEST_PRIVATE_KEY, + .server_name = NULL, + .expected_match_status = S2N_SNI_NONE, + }, + /* Server has a certificate that matches the client's SNI extension */ + { + .cert_path = S2N_DEFAULT_TEST_CERT_CHAIN, + .key_path = S2N_DEFAULT_TEST_PRIVATE_KEY, + .server_name = "localhost", + .expected_match_status = S2N_SNI_EXACT_MATCH, + }, + /* Server has a certificate with a domain name containing a wildcard character + * which can be matched to the client's SNI extension */ + { + .cert_path = S2N_RSA_2048_SHA256_WILDCARD_CERT, + .key_path = S2N_RSA_2048_SHA256_WILDCARD_KEY, + .server_name = "alligator.localhost", + .expected_match_status = S2N_SNI_WILDCARD_MATCH, + }, + /* Server does not have a certificate that can be matched to the client's + * SNI extension. */ + { + .cert_path = S2N_DEFAULT_TEST_CERT_CHAIN, + .key_path = S2N_DEFAULT_TEST_PRIVATE_KEY, + .server_name = "This cert name is unlikely to exist.", + .expected_match_status = S2N_SNI_NO_MATCH, + }, + }; + + for (size_t i = 0; i < s2n_array_len(test_cases); i++) { DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT), s2n_connection_ptr_free); EXPECT_NOT_NULL(client_conn); @@ -143,7 +146,7 @@ int main(int argc, char **argv) DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free); EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key, - S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY)); + test_cases[i].cert_path, test_cases[i].key_path)); EXPECT_SUCCESS(s2n_config_disable_x509_verification(config)); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key)); @@ -154,56 +157,19 @@ int main(int argc, char **argv) EXPECT_OK(s2n_io_stuffer_pair_init(&io_pair)); EXPECT_OK(s2n_connections_set_io_stuffer_pair(server_conn, client_conn, &io_pair)); - EXPECT_SUCCESS(s2n_set_server_name(client_conn, "localhost")); - EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn)); - EXPECT_NOT_NULL(s2n_get_server_name(server_conn)); - - s2n_cert_sni_match match_status = 0; - EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status)); - EXPECT_EQUAL(match_status, S2N_SNI_EXACT_MATCH); - } - - /* Server has a certificate with a domain name containing a wildcard character - * which can be matched to the client's SNI extension */ - { - DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT), - s2n_connection_ptr_free); - EXPECT_NOT_NULL(client_conn); - - DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER), - s2n_connection_ptr_free); - EXPECT_NOT_NULL(server_conn); - - DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free); - EXPECT_NOT_NULL(config); - DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = NULL, - s2n_cert_chain_and_key_ptr_free); - EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key, - S2N_RSA_2048_SHA256_WILDCARD_CERT, S2N_RSA_2048_SHA256_WILDCARD_KEY)); - EXPECT_SUCCESS(s2n_config_disable_x509_verification(config)); - EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key)); - - EXPECT_SUCCESS(s2n_connection_set_config(server_conn, config)); - EXPECT_SUCCESS(s2n_connection_set_config(client_conn, config)); - - DEFER_CLEANUP(struct s2n_test_io_stuffer_pair io_pair = { 0 }, s2n_io_stuffer_pair_free); - EXPECT_OK(s2n_io_stuffer_pair_init(&io_pair)); - EXPECT_OK(s2n_connections_set_io_stuffer_pair(server_conn, client_conn, &io_pair)); + const char *server_name = test_cases[i].server_name; + if (server_name) { + EXPECT_SUCCESS(s2n_set_server_name(client_conn, server_name)); + } - EXPECT_SUCCESS(s2n_set_server_name(client_conn, "alligator.localhost")); EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn)); - EXPECT_NOT_NULL(s2n_get_server_name(server_conn)); s2n_cert_sni_match match_status = 0; EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status)); - EXPECT_EQUAL(match_status, S2N_SNI_WILDCARD_MATCH); + EXPECT_EQUAL(match_status, test_cases[i].expected_match_status); } - /* Server does not have a certificate that can be matched to the client's - * SNI extension. - * - * This most likely occurs in a failed handshake. Test ensures - * that this information can still be retrieved if the handshake fails. */ + /* Test that cert info can still be retrieved in the case of a failed handshake */ { DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT), s2n_connection_ptr_free); @@ -232,7 +198,6 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_set_server_name(client_conn, "This cert name is unlikely to exist.")); EXPECT_FAILURE_WITH_ERRNO(s2n_negotiate_test_server_and_client(server_conn, client_conn), S2N_ERR_CERT_UNTRUSTED); - EXPECT_NOT_NULL(s2n_get_server_name(server_conn)); s2n_cert_sni_match match_status = 0; EXPECT_SUCCESS(s2n_connection_get_certificate_match(server_conn, &match_status));