third_party/rust_crates/vendor/rustls/tests/common/mod.rs - fuchsia - Git at Google

 use std::fs::{self, File};
 use std::str;
 use tempfile;

 use std::sync::Arc;
 use std::io::{self, Write};

 use rustls;

 use rustls::{ClientConfig, ClientSession};
 use rustls::{ServerConfig, ServerSession};
 use rustls::Session;
 use rustls::ProtocolVersion;
 use rustls::TLSError;
 use rustls::{Certificate, PrivateKey};
 use rustls::internal::pemfile;
 use rustls::{RootCertStore, NoClientAuth, AllowAnyAuthenticatedClient};

 use webpki;

 macro_rules! embed_files {
     (
         $(
             ($name:ident, $keytype:expr, $path:expr);
         )+
     ) => {
         $(
             const $name: &'static [u8] = include_bytes!(
                 concat!("../../test-ca/", $keytype, "/", $path));
         )+

         pub fn bytes_for(keytype: &str, path: &str) -> &'static [u8] {
             match (keytype, path) {
                 $(
                     ($keytype, $path) => $name,
                 )+
                 _ => panic!("unknown keytype {} with path {}", keytype, path),
             }
         }

         pub fn new_test_ca() -> tempfile::TempDir {
             let dir = tempfile::TempDir::new().unwrap();

             fs::create_dir(dir.path().join("ecdsa")).unwrap();
             fs::create_dir(dir.path().join("rsa")).unwrap();

             $(
                 let mut f = File::create(dir.path().join($keytype).join($path)).unwrap();
                 f.write($name).unwrap();
             )+

             dir
         }
     }
 }

 embed_files! {
     (ECDSA_CA_CERT, "ecdsa", "ca.cert");
     (ECDSA_CA_DER, "ecdsa", "ca.der");
     (ECDSA_CA_KEY, "ecdsa", "ca.key");
     (ECDSA_CLIENT_CERT, "ecdsa", "client.cert");
     (ECDSA_CLIENT_CHAIN, "ecdsa", "client.chain");
     (ECDSA_CLIENT_FULLCHAIN, "ecdsa", "client.fullchain");
     (ECDSA_CLIENT_KEY, "ecdsa", "client.key");
     (ECDSA_CLIENT_REQ, "ecdsa", "client.req");
     (ECDSA_END_CERT, "ecdsa", "end.cert");
     (ECDSA_END_CHAIN, "ecdsa", "end.chain");
     (ECDSA_END_FULLCHAIN, "ecdsa", "end.fullchain");
     (ECDSA_END_KEY, "ecdsa", "end.key");
     (ECDSA_END_REQ, "ecdsa", "end.req");
     (ECDSA_INTER_CERT, "ecdsa", "inter.cert");
     (ECDSA_INTER_KEY, "ecdsa", "inter.key");
     (ECDSA_INTER_REQ, "ecdsa", "inter.req");
     (ECDSA_NISTP256_PEM, "ecdsa", "nistp256.pem");
     (ECDSA_NISTP384_PEM, "ecdsa", "nistp384.pem");

     (RSA_CA_CERT, "rsa", "ca.cert");
     (RSA_CA_DER, "rsa", "ca.der");
     (RSA_CA_KEY, "rsa", "ca.key");
     (RSA_CLIENT_CERT, "rsa", "client.cert");
     (RSA_CLIENT_CHAIN, "rsa", "client.chain");
     (RSA_CLIENT_FULLCHAIN, "rsa", "client.fullchain");
     (RSA_CLIENT_KEY, "rsa", "client.key");
     (RSA_CLIENT_REQ, "rsa", "client.req");
     (RSA_CLIENT_RSA, "rsa", "client.rsa");
     (RSA_END_CERT, "rsa", "end.cert");
     (RSA_END_CHAIN, "rsa", "end.chain");
     (RSA_END_FULLCHAIN, "rsa", "end.fullchain");
     (RSA_END_KEY, "rsa", "end.key");
     (RSA_END_REQ, "rsa", "end.req");
     (RSA_END_RSA, "rsa", "end.rsa");
     (RSA_INTER_CERT, "rsa", "inter.cert");
     (RSA_INTER_KEY, "rsa", "inter.key");
     (RSA_INTER_REQ, "rsa", "inter.req");
 }

 pub fn transfer(left: &mut dyn Session, right: &mut dyn Session) -> usize {
     let mut buf = [0u8; 262144];
     let mut total = 0;

     while left.wants_write() {
         let sz = {
             let into_buf: &mut io::Write = &mut &mut buf[..];
             left.write_tls(into_buf).unwrap()
         };
         total += sz;
         if sz == 0 {
             return total;
         }

         let mut offs = 0;
         loop {
             let from_buf: &mut io::Read = &mut &buf[offs..sz];
             offs += right.read_tls(from_buf).unwrap();
             if sz == offs {
                 break;
             }
         }
     }

     total
 }

 #[derive(Clone, Copy)]
 pub enum KeyType {
     RSA,
     ECDSA
 }

 pub static ALL_KEY_TYPES: [KeyType; 2] = [ KeyType::RSA, KeyType::ECDSA ];

 impl KeyType {
     fn bytes_for(&self, part: &str) -> &'static [u8] {
         match self {
             KeyType::RSA => bytes_for("rsa", part),
             KeyType::ECDSA => bytes_for("ecdsa", part),
         }
     }

     pub fn get_chain(&self) -> Vec<Certificate> {
         pemfile::certs(&mut io::BufReader::new(self.bytes_for("end.fullchain")))
             .unwrap()
     }

     pub fn get_key(&self) -> PrivateKey {
         pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("end.key")))
                 .unwrap()[0]
             .clone()
     }

     fn get_client_chain(&self) -> Vec<Certificate> {
         pemfile::certs(&mut io::BufReader::new(self.bytes_for("client.fullchain")))
             .unwrap()
     }

     fn get_client_key(&self) -> PrivateKey {
         pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("client.key")))
                 .unwrap()[0]
             .clone()
     }
 }

 pub fn make_server_config(kt: KeyType) -> ServerConfig {
     let mut cfg = ServerConfig::new(NoClientAuth::new());
     cfg.set_single_cert(kt.get_chain(), kt.get_key()).unwrap();

     cfg
 }

 pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig {
     let roots = kt.get_chain();
     let mut client_auth_roots = RootCertStore::empty();
     for root in roots {
         client_auth_roots.add(&root).unwrap();
     }

     let client_auth = AllowAnyAuthenticatedClient::new(client_auth_roots);
     let mut cfg = ServerConfig::new(client_auth);
     cfg.set_single_cert(kt.get_chain(), kt.get_key()).unwrap();

     cfg
 }

 pub fn make_client_config(kt: KeyType) -> ClientConfig {
     let mut cfg = ClientConfig::new();
     let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert"));
     cfg.root_store.add_pem_file(&mut rootbuf).unwrap();

     cfg
 }

 pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig {
     let mut cfg = make_client_config(kt);
     cfg.set_single_client_cert(kt.get_client_chain(), kt.get_client_key());
     cfg
 }

 pub fn make_pair(kt: KeyType) -> (ClientSession, ServerSession) {
     make_pair_for_configs(make_client_config(kt),
                           make_server_config(kt))
 }

 pub fn make_pair_for_configs(client_config: ClientConfig,
                              server_config: ServerConfig) -> (ClientSession, ServerSession) {
     make_pair_for_arc_configs(&Arc::new(client_config),
                               &Arc::new(server_config))
 }

 pub fn make_pair_for_arc_configs(client_config: &Arc<ClientConfig>,
                                  server_config: &Arc<ServerConfig>) -> (ClientSession, ServerSession) {
     (
         ClientSession::new(client_config, dns_name("localhost")),
         ServerSession::new(server_config)
     )
 }

 pub fn do_handshake(client: &mut ClientSession, server: &mut ServerSession) -> (usize, usize) {
     let (mut to_client, mut to_server) = (0, 0);
     while server.is_handshaking() || client.is_handshaking() {
         to_server += transfer(client, server);
         server.process_new_packets().unwrap();
         to_client += transfer(server, client);
         client.process_new_packets().unwrap();
     }
     (to_server, to_client)
 }

 pub struct AllClientVersions {
     client_config: ClientConfig,
     index: usize,
 }

 impl AllClientVersions {
     pub fn new(client_config: ClientConfig) -> AllClientVersions {
         AllClientVersions { client_config, index: 0 }
     }
 }

 impl Iterator for AllClientVersions {
     type Item = ClientConfig;

     fn next(&mut self) -> Option<ClientConfig> {
         let mut config = self.client_config.clone();
         self.index += 1;

         match self.index {
             1 => {
                 config.versions = vec![ProtocolVersion::TLSv1_2];
                 Some(config)
             },
             2 => {
                 config.versions = vec![ProtocolVersion::TLSv1_3];
                 Some(config)
             },
             _ => None
         }
     }
 }

 #[derive(PartialEq, Debug)]
 pub enum TLSErrorFromPeer { Client(TLSError), Server(TLSError) }

 pub fn do_handshake_until_error(client: &mut ClientSession,
                                 server: &mut ServerSession)
                                -> Result<(), TLSErrorFromPeer> {
     while server.is_handshaking() || client.is_handshaking() {
         transfer(client, server);
         server.process_new_packets()
             .map_err(|err| TLSErrorFromPeer::Server(err))?;
         transfer(server, client);
         client.process_new_packets()
             .map_err(|err| TLSErrorFromPeer::Client(err))?;
     }

     Ok(())
 }

 pub fn dns_name(name: &'static str) -> webpki::DNSNameRef<'_> {
     webpki::DNSNameRef::try_from_ascii_str(name).unwrap()
 }

 pub struct FailsReads {
     errkind: io::ErrorKind
 }

 impl FailsReads {
     pub fn new(errkind: io::ErrorKind) -> FailsReads {
         FailsReads { errkind }
     }
 }

 impl io::Read for FailsReads {
     fn read(&mut self, _b: &mut [u8]) -> io::Result<usize> {
         Err(io::Error::from(self.errkind))
     }
 }
	use std::fs::{self, File};
	use std::str;
	use tempfile;

	use std::sync::Arc;
	use std::io::{self, Write};

	use rustls;

	use rustls::{ClientConfig, ClientSession};
	use rustls::{ServerConfig, ServerSession};
	use rustls::Session;
	use rustls::ProtocolVersion;
	use rustls::TLSError;
	use rustls::{Certificate, PrivateKey};
	use rustls::internal::pemfile;
	use rustls::{RootCertStore, NoClientAuth, AllowAnyAuthenticatedClient};

	use webpki;

	macro_rules! embed_files {
	(
	$(
	($name:ident, $keytype:expr, $path:expr);
	)+
	) => {
	$(
	const $name: &'static [u8] = include_bytes!(
	concat!("../../test-ca/", $keytype, "/", $path));
	)+

	pub fn bytes_for(keytype: &str, path: &str) -> &'static [u8] {
	match (keytype, path) {
	$(
	($keytype, $path) => $name,
	)+
	_ => panic!("unknown keytype {} with path {}", keytype, path),
	}
	}

	pub fn new_test_ca() -> tempfile::TempDir {
	let dir = tempfile::TempDir::new().unwrap();

	fs::create_dir(dir.path().join("ecdsa")).unwrap();
	fs::create_dir(dir.path().join("rsa")).unwrap();

	$(
	let mut f = File::create(dir.path().join($keytype).join($path)).unwrap();
	f.write($name).unwrap();
	)+

	dir
	}
	}
	}

	embed_files! {
	(ECDSA_CA_CERT, "ecdsa", "ca.cert");
	(ECDSA_CA_DER, "ecdsa", "ca.der");
	(ECDSA_CA_KEY, "ecdsa", "ca.key");
	(ECDSA_CLIENT_CERT, "ecdsa", "client.cert");
	(ECDSA_CLIENT_CHAIN, "ecdsa", "client.chain");
	(ECDSA_CLIENT_FULLCHAIN, "ecdsa", "client.fullchain");
	(ECDSA_CLIENT_KEY, "ecdsa", "client.key");
	(ECDSA_CLIENT_REQ, "ecdsa", "client.req");
	(ECDSA_END_CERT, "ecdsa", "end.cert");
	(ECDSA_END_CHAIN, "ecdsa", "end.chain");
	(ECDSA_END_FULLCHAIN, "ecdsa", "end.fullchain");
	(ECDSA_END_KEY, "ecdsa", "end.key");
	(ECDSA_END_REQ, "ecdsa", "end.req");
	(ECDSA_INTER_CERT, "ecdsa", "inter.cert");
	(ECDSA_INTER_KEY, "ecdsa", "inter.key");
	(ECDSA_INTER_REQ, "ecdsa", "inter.req");
	(ECDSA_NISTP256_PEM, "ecdsa", "nistp256.pem");
	(ECDSA_NISTP384_PEM, "ecdsa", "nistp384.pem");

	(RSA_CA_CERT, "rsa", "ca.cert");
	(RSA_CA_DER, "rsa", "ca.der");
	(RSA_CA_KEY, "rsa", "ca.key");
	(RSA_CLIENT_CERT, "rsa", "client.cert");
	(RSA_CLIENT_CHAIN, "rsa", "client.chain");
	(RSA_CLIENT_FULLCHAIN, "rsa", "client.fullchain");
	(RSA_CLIENT_KEY, "rsa", "client.key");
	(RSA_CLIENT_REQ, "rsa", "client.req");
	(RSA_CLIENT_RSA, "rsa", "client.rsa");
	(RSA_END_CERT, "rsa", "end.cert");
	(RSA_END_CHAIN, "rsa", "end.chain");
	(RSA_END_FULLCHAIN, "rsa", "end.fullchain");
	(RSA_END_KEY, "rsa", "end.key");
	(RSA_END_REQ, "rsa", "end.req");
	(RSA_END_RSA, "rsa", "end.rsa");
	(RSA_INTER_CERT, "rsa", "inter.cert");
	(RSA_INTER_KEY, "rsa", "inter.key");
	(RSA_INTER_REQ, "rsa", "inter.req");
	}

	pub fn transfer(left: &mut dyn Session, right: &mut dyn Session) -> usize {
	let mut buf = [0u8; 262144];
	let mut total = 0;

	while left.wants_write() {
	let sz = {
	let into_buf: &mut io::Write = &mut &mut buf[..];
	left.write_tls(into_buf).unwrap()
	};
	total += sz;
	if sz == 0 {
	return total;
	}

	let mut offs = 0;
	loop {
	let from_buf: &mut io::Read = &mut &buf[offs..sz];
	offs += right.read_tls(from_buf).unwrap();
	if sz == offs {
	break;
	}
	}
	}

	total
	}

	#[derive(Clone, Copy)]
	pub enum KeyType {
	RSA,
	ECDSA
	}

	pub static ALL_KEY_TYPES: [KeyType; 2] = [ KeyType::RSA, KeyType::ECDSA ];

	impl KeyType {
	fn bytes_for(&self, part: &str) -> &'static [u8] {
	match self {
	KeyType::RSA => bytes_for("rsa", part),
	KeyType::ECDSA => bytes_for("ecdsa", part),
	}
	}

	pub fn get_chain(&self) -> Vec<Certificate> {
	pemfile::certs(&mut io::BufReader::new(self.bytes_for("end.fullchain")))
	.unwrap()
	}

	pub fn get_key(&self) -> PrivateKey {
	pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("end.key")))
	.unwrap()[0]
	.clone()
	}

	fn get_client_chain(&self) -> Vec<Certificate> {
	pemfile::certs(&mut io::BufReader::new(self.bytes_for("client.fullchain")))
	.unwrap()
	}

	fn get_client_key(&self) -> PrivateKey {
	pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("client.key")))
	.unwrap()[0]
	.clone()
	}
	}

	pub fn make_server_config(kt: KeyType) -> ServerConfig {
	let mut cfg = ServerConfig::new(NoClientAuth::new());
	cfg.set_single_cert(kt.get_chain(), kt.get_key()).unwrap();

	cfg
	}

	pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig {
	let roots = kt.get_chain();
	let mut client_auth_roots = RootCertStore::empty();
	for root in roots {
	client_auth_roots.add(&root).unwrap();
	}

	let client_auth = AllowAnyAuthenticatedClient::new(client_auth_roots);
	let mut cfg = ServerConfig::new(client_auth);
	cfg.set_single_cert(kt.get_chain(), kt.get_key()).unwrap();

	cfg
	}

	pub fn make_client_config(kt: KeyType) -> ClientConfig {
	let mut cfg = ClientConfig::new();
	let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert"));
	cfg.root_store.add_pem_file(&mut rootbuf).unwrap();

	cfg
	}

	pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig {
	let mut cfg = make_client_config(kt);
	cfg.set_single_client_cert(kt.get_client_chain(), kt.get_client_key());
	cfg
	}

	pub fn make_pair(kt: KeyType) -> (ClientSession, ServerSession) {
	make_pair_for_configs(make_client_config(kt),
	make_server_config(kt))
	}

	pub fn make_pair_for_configs(client_config: ClientConfig,
	server_config: ServerConfig) -> (ClientSession, ServerSession) {
	make_pair_for_arc_configs(&Arc::new(client_config),
	&Arc::new(server_config))
	}

	pub fn make_pair_for_arc_configs(client_config: &Arc<ClientConfig>,
	server_config: &Arc<ServerConfig>) -> (ClientSession, ServerSession) {
	(
	ClientSession::new(client_config, dns_name("localhost")),
	ServerSession::new(server_config)
	)
	}

	pub fn do_handshake(client: &mut ClientSession, server: &mut ServerSession) -> (usize, usize) {
	let (mut to_client, mut to_server) = (0, 0);
	while server.is_handshaking() \|\| client.is_handshaking() {
	to_server += transfer(client, server);
	server.process_new_packets().unwrap();
	to_client += transfer(server, client);
	client.process_new_packets().unwrap();
	}
	(to_server, to_client)
	}

	pub struct AllClientVersions {
	client_config: ClientConfig,
	index: usize,
	}

	impl AllClientVersions {
	pub fn new(client_config: ClientConfig) -> AllClientVersions {
	AllClientVersions { client_config, index: 0 }
	}
	}

	impl Iterator for AllClientVersions {
	type Item = ClientConfig;

	fn next(&mut self) -> Option<ClientConfig> {
	let mut config = self.client_config.clone();
	self.index += 1;

	match self.index {
	1 => {
	config.versions = vec![ProtocolVersion::TLSv1_2];
	Some(config)
	},
	2 => {
	config.versions = vec![ProtocolVersion::TLSv1_3];
	Some(config)
	},
	_ => None
	}
	}
	}

	#[derive(PartialEq, Debug)]
	pub enum TLSErrorFromPeer { Client(TLSError), Server(TLSError) }

	pub fn do_handshake_until_error(client: &mut ClientSession,
	server: &mut ServerSession)
	-> Result<(), TLSErrorFromPeer> {
	while server.is_handshaking() \|\| client.is_handshaking() {
	transfer(client, server);
	server.process_new_packets()
	.map_err(\|err\| TLSErrorFromPeer::Server(err))?;
	transfer(server, client);
	client.process_new_packets()
	.map_err(\|err\| TLSErrorFromPeer::Client(err))?;
	}

	Ok(())
	}

	pub fn dns_name(name: &'static str) -> webpki::DNSNameRef<'_> {
	webpki::DNSNameRef::try_from_ascii_str(name).unwrap()
	}

	pub struct FailsReads {
	errkind: io::ErrorKind
	}

	impl FailsReads {
	pub fn new(errkind: io::ErrorKind) -> FailsReads {
	FailsReads { errkind }
	}
	}

	impl io::Read for FailsReads {
	fn read(&mut self, _b: &mut [u8]) -> io::Result<usize> {
	Err(io::Error::from(self.errkind))
	}
	}