From 7223168fcff71b7117db1b8bd693e661ea141bde Mon Sep 17 00:00:00 2001 From: stormshield-gt <143998166+stormshield-gt@users.noreply.github.com.> Date: Mon, 26 Aug 2024 09:15:27 +0200 Subject: [PATCH] Add test for new_with_extra_roots --- Cargo.lock | 19 ++++--- rustls-platform-verifier/Cargo.toml | 4 +- .../src/tests/verification_mock/mod.rs | 49 +++++++++++++++++-- 3 files changed, 61 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8abfc98..83d3e86 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -196,6 +196,12 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + [[package]] name = "proc-macro2" version = "1.0.86" @@ -297,9 +303,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.7.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" +checksum = "fc0a2ce646f8655401bb81e7927b812614bd5d91dbc968696be50603510fcaf0" [[package]] name = "rustls-platform-verifier" @@ -312,13 +318,14 @@ dependencies = [ "jni", "log", "once_cell", + "paste", "rustls", "rustls-native-certs", "rustls-platform-verifier-android", "rustls-webpki", "security-framework", "security-framework-sys", - "webpki-roots", + "webpki-root-certs", "windows-sys", ] @@ -451,10 +458,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] -name = "webpki-roots" -version = "0.26.3" +name = "webpki-root-certs" +version = "0.26.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd7c23921eeb1713a4e851530e9b9756e4fb0e89978582942612524cf09f01cd" +checksum = "d7a7077dce97d094d1a558b1dad6a3baf1c5c3ba5b65ecb18c493ae00b955f9e" dependencies = [ "rustls-pki-types", ] diff --git a/rustls-platform-verifier/Cargo.toml b/rustls-platform-verifier/Cargo.toml index 0e40e1a..ff31e72 100644 --- a/rustls-platform-verifier/Cargo.toml +++ b/rustls-platform-verifier/Cargo.toml @@ -19,7 +19,7 @@ crate-type = ["cdylib", "rlib"] # Enables a C interface to use for testing where `cargo` can't be used. # This feature is not stable, nor is the interface exported when it is enabled. # Do not rely on this or use it in production. -ffi-testing = ["android_logger", "rustls/ring"] +ffi-testing = ["android_logger", "rustls/ring", "paste"] # Enables APIs that expose lower-level verifier types for debugging purposes. dbg = [] # Enables `log::debug` base64-encoded logging of all end-entity certificates processed @@ -34,6 +34,7 @@ log = { version = "0.4" } base64 = { version = "0.22", optional = true } # Only used when the `cert-logging` feature is enabled. jni = { version = "0.19", default-features = false, optional = true } # Only used during doc generation once_cell = "1.9" +paste = { version = "1.0", default-features = false, optional = true } # Only used when `ffi-testing` feature is enabled [target.'cfg(all(unix, not(target_os = "android"), not(target_os = "macos"), not(target_os = "ios"), not(target_os = "tvos"), not(target_arch = "wasm32")))'.dependencies] rustls-native-certs = "0.7" @@ -63,6 +64,7 @@ windows-sys = { version = "0.52", default-features = false, features = ["Win32_F [dev-dependencies] rustls = { version = "0.23", default-features = false, features = ["ring"] } +paste = { version = "1.0", default-features = false } # Only used when `ffi-testing` feature is enabled [package.metadata.docs.rs] rustdoc-args = ["--cfg", "docsrs"] diff --git a/rustls-platform-verifier/src/tests/verification_mock/mod.rs b/rustls-platform-verifier/src/tests/verification_mock/mod.rs index 87d0294..6df6fc7 100644 --- a/rustls-platform-verifier/src/tests/verification_mock/mod.rs +++ b/rustls-platform-verifier/src/tests/verification_mock/mod.rs @@ -41,6 +41,14 @@ macro_rules! mock_root_test_cases { pub fn $name() { super::$name() } + + paste::paste!{ + #[cfg(all($target, not(windows), not(target_os = "android")))] + #[test] + pub fn [<$name _extra>](){ + super::[<$name _extra>]() + } + } )+ } @@ -49,8 +57,15 @@ macro_rules! mock_root_test_cases { pub static ALL_TEST_CASES: &'static [fn()] = &[ $( #[cfg($target)] - $name + $name, + + paste::paste!{ + #[cfg(all($target, not(windows), not(target_os = "android")))] + [<$name _extra>] + } + ),+ + ]; }; @@ -58,7 +73,14 @@ macro_rules! mock_root_test_cases { $( #[cfg($target)] pub(super) fn $name() { - test_with_mock_root(&$test_case); + test_with_mock_root(&$test_case, Roots::OnlyExtra); + } + + paste::paste!{ + #[cfg(all($target, not(windows), not(target_os = "android")))] + pub(super) fn [<$name _extra>]() { + test_with_mock_root(&$test_case, Roots::ExtraAndPlatform); + } } )+ }; @@ -301,11 +323,18 @@ mock_root_test_cases! { }, } -fn test_with_mock_root(test_case: &TestCase) { +fn test_with_mock_root( + test_case: &TestCase, + root_src: Roots, +) { ensure_global_state(); log::info!("verifying {:?}", test_case.expected_result); - let verifier = Verifier::new_with_fake_root(ROOT1); // TODO: time + let verifier = match root_src { + Roots::OnlyExtra => Verifier::new_with_fake_root(ROOT1), // TODO: time + #[cfg(all(unix, not(target_os = "android")))] + Roots::ExtraAndPlatform => Verifier::new_with_extra_roots([ROOT1.into()]), + }; let mut chain = test_case .chain .iter() @@ -337,3 +366,15 @@ fn test_with_mock_root(test_case: &T ); // TODO: get into specifics of errors returned when it fails. } + +enum Roots { + /// Test with only extra roots, without loading the platform trust store. + /// + /// We want to keep things reproducible given the background-managed nature of trust roots on platforms. + OnlyExtra, + /// Test with loading the extra roots and the platform trust store. + /// + /// Right now, not all platforms are supported. + #[cfg(all(unix, not(target_os = "android")))] + ExtraAndPlatform, +}