diff options
Diffstat (limited to 'vespalib')
5 files changed, 98 insertions, 70 deletions
diff --git a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp index cba88f2ba56..4e8bf31e75e 100644 --- a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp +++ b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp @@ -3,78 +3,13 @@ #include <vespa/vespalib/net/tls/tls_context.h> #include <vespa/vespalib/net/tls/transport_security_options.h> #include <vespa/vespalib/net/tls/crypto_codec.h> +#include <vespa/vespalib/test/make_tls_options_for_testing.h> #include <iostream> #include <stdlib.h> using namespace vespalib; using namespace vespalib::net::tls; -/* - * Generated with the following commands: - * - * openssl ecparam -name prime256v1 -genkey -out ca.key - * - * openssl req -new -x509 -nodes -key ca.key \ - * -sha256 -out ca.pem \ - * -subj '/C=US/L=LooneyVille/O=ACME/OU=ACME test CA/CN=acme.example.com' \ - * -days 10000 - * - * openssl ecparam -name prime256v1 -genkey -out host.key - * - * openssl req -new -key host.key -out host.csr \ - * -subj '/C=US/L=LooneyVille/O=Wile. E. Coyote, Ltd./CN=wile.example.com' \ - * -sha256 - * - * openssl x509 -req -in host.csr \ - * -CA ca.pem \ - * -CAkey ca.key \ - * -CAcreateserial \ - * -out host.pem \ - * -days 10000 \ - * -sha256 - * - * TODO generate keypairs and certs at test-time to avoid any hard-coding - * There certs are valid until 2046, so that buys us some time..! - */ - -// ca.pem -constexpr const char* ca_pem = R"(-----BEGIN CERTIFICATE----- -MIIBuDCCAV4CCQDpVjQIixTxvDAKBggqhkjOPQQDAjBkMQswCQYDVQQGEwJVUzEU -MBIGA1UEBwwLTG9vbmV5VmlsbGUxDTALBgNVBAoMBEFDTUUxFTATBgNVBAsMDEFD -TUUgdGVzdCBDQTEZMBcGA1UEAwwQYWNtZS5leGFtcGxlLmNvbTAeFw0xODA4MzEx -MDU3NDVaFw00NjAxMTYxMDU3NDVaMGQxCzAJBgNVBAYTAlVTMRQwEgYDVQQHDAtM -b29uZXlWaWxsZTENMAsGA1UECgwEQUNNRTEVMBMGA1UECwwMQUNNRSB0ZXN0IENB -MRkwFwYDVQQDDBBhY21lLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAE1L7IzCN5pbyVnBATIHieuxq+hf9kWyn5yfjkXMhD52T5ITz1huq4nbiN -YtRoRP7XmipI60R/uiCHzERcsVz4rDAKBggqhkjOPQQDAgNIADBFAiEA6wmZDBca -y0aJ6ABtjbjx/vlmVDxdkaSZSgO8h2CkvIECIFktCkbZhDFfSvbqUScPOGuwkdGQ -L/EW2Bxp+1BPcYoZ ------END CERTIFICATE-----)"; - -// host.pem -constexpr const char* cert_pem = R"(-----BEGIN CERTIFICATE----- -MIIBsTCCAVgCCQD6GfDh0ltpsjAKBggqhkjOPQQDAjBkMQswCQYDVQQGEwJVUzEU -MBIGA1UEBwwLTG9vbmV5VmlsbGUxDTALBgNVBAoMBEFDTUUxFTATBgNVBAsMDEFD -TUUgdGVzdCBDQTEZMBcGA1UEAwwQYWNtZS5leGFtcGxlLmNvbTAeFw0xODA4MzEx -MDU3NDVaFw00NjAxMTYxMDU3NDVaMF4xCzAJBgNVBAYTAlVTMRQwEgYDVQQHDAtM -b29uZXlWaWxsZTEeMBwGA1UECgwVV2lsZS4gRS4gQ295b3RlLCBMdGQuMRkwFwYD -VQQDDBB3aWxlLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -e+Y4hxt66em0STviGUj6ZDbxzoLoubXWRml8JDFrEc2S2433KWw2npxYSKVCyo3a -/Vo33V8/H0WgOXioKEZJxDAKBggqhkjOPQQDAgNHADBEAiAN+87hQuGv3z0Ja2BV -b8PHq2vp3BJHjeMuxWu4BFPn0QIgYlvIHikspgGatXRNMZ1gPC0oCccsJFcie+Cw -zL06UPI= ------END CERTIFICATE-----)"; - -// host.key -constexpr const char* key_pem = R"(-----BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHcCAQEEID6di2PFYn8hPrxPbkFDGkSqF+K8L520In7nx3g0jwzOoAoGCCqGSM49 -AwEHoUQDQgAEe+Y4hxt66em0STviGUj6ZDbxzoLoubXWRml8JDFrEc2S2433KWw2 -npxYSKVCyo3a/Vo33V8/H0WgOXioKEZJxA== ------END EC PRIVATE KEY-----)"; - const char* decode_state_to_str(DecodeResult::State state) noexcept { switch (state) { case DecodeResult::State::Failed: return "Broken"; @@ -143,7 +78,7 @@ bool complete_handshake(CryptoCodec& client, CryptoCodec& server) { TEST("client and server can complete handshake") { // TODO move to fixture - auto tls_opts = TransportSecurityOptions(ca_pem, cert_pem, key_pem); + auto tls_opts = vespalib::test::make_tls_options_for_testing(); auto tls_ctx = TlsContext::create_default_context(tls_opts); auto client = CryptoCodec::create_default_codec(*tls_ctx, CryptoCodec::Mode::Client); auto server = CryptoCodec::create_default_codec(*tls_ctx, CryptoCodec::Mode::Server); @@ -153,7 +88,7 @@ TEST("client and server can complete handshake") { TEST("client can send single data frame to server after handshake") { // TODO move to fixture - auto tls_opts = TransportSecurityOptions(ca_pem, cert_pem, key_pem); + auto tls_opts = vespalib::test::make_tls_options_for_testing(); auto tls_ctx = TlsContext::create_default_context(tls_opts); auto client = CryptoCodec::create_default_codec(*tls_ctx, CryptoCodec::Mode::Client); auto server = CryptoCodec::create_default_codec(*tls_ctx, CryptoCodec::Mode::Server); diff --git a/vespalib/src/vespa/vespalib/CMakeLists.txt b/vespalib/src/vespa/vespalib/CMakeLists.txt index dadfdec49d7..8261bb8874e 100644 --- a/vespalib/src/vespa/vespalib/CMakeLists.txt +++ b/vespalib/src/vespa/vespalib/CMakeLists.txt @@ -13,6 +13,7 @@ vespa_add_library(vespalib $<TARGET_OBJECTS:vespalib_vespalib_net_tls_impl> $<TARGET_OBJECTS:vespalib_vespalib_objects> $<TARGET_OBJECTS:vespalib_vespalib_stllike> + $<TARGET_OBJECTS:vespalib_vespalib_test> $<TARGET_OBJECTS:vespalib_vespalib_testkit> $<TARGET_OBJECTS:vespalib_vespalib_text> $<TARGET_OBJECTS:vespalib_vespalib_time> @@ -22,7 +23,6 @@ vespa_add_library(vespalib $<TARGET_OBJECTS:vespalib_vespalib_xxhash> INSTALL lib64 DEPENDS - vespalib_vespalib_test gcc ) diff --git a/vespalib/src/vespa/vespalib/test/CMakeLists.txt b/vespalib/src/vespa/vespalib/test/CMakeLists.txt index 4c2c65e8793..4eb47735ca7 100644 --- a/vespalib/src/vespa/vespalib/test/CMakeLists.txt +++ b/vespalib/src/vespa/vespalib/test/CMakeLists.txt @@ -1,5 +1,6 @@ # Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -vespa_add_library(vespalib_vespalib_test INTERFACE +vespa_add_library(vespalib_vespalib_test OBJECT SOURCES + make_tls_options_for_testing.cpp DEPENDS ) diff --git a/vespalib/src/vespa/vespalib/test/make_tls_options_for_testing.cpp b/vespalib/src/vespa/vespalib/test/make_tls_options_for_testing.cpp new file mode 100644 index 00000000000..e70914dec2f --- /dev/null +++ b/vespalib/src/vespa/vespalib/test/make_tls_options_for_testing.cpp @@ -0,0 +1,77 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +#include "make_tls_options_for_testing.h" + +/* + * Generated with the following commands: + * + * openssl ecparam -name prime256v1 -genkey -out ca.key + * + * openssl req -new -x509 -nodes -key ca.key \ + * -sha256 -out ca.pem \ + * -subj '/C=US/L=LooneyVille/O=ACME/OU=ACME test CA/CN=acme.example.com' \ + * -days 10000 + * + * openssl ecparam -name prime256v1 -genkey -out host.key + * + * openssl req -new -key host.key -out host.csr \ + * -subj '/C=US/L=LooneyVille/O=Wile. E. Coyote, Ltd./CN=wile.example.com' \ + * -sha256 + * + * openssl x509 -req -in host.csr \ + * -CA ca.pem \ + * -CAkey ca.key \ + * -CAcreateserial \ + * -out host.pem \ + * -days 10000 \ + * -sha256 + * + * TODO generate keypairs and certs at test-time to avoid any hard-coding + * There certs are valid until 2046, so that buys us some time..! + */ + +// ca.pem +constexpr const char* ca_pem = R"(-----BEGIN CERTIFICATE----- +MIIBuDCCAV4CCQDpVjQIixTxvDAKBggqhkjOPQQDAjBkMQswCQYDVQQGEwJVUzEU +MBIGA1UEBwwLTG9vbmV5VmlsbGUxDTALBgNVBAoMBEFDTUUxFTATBgNVBAsMDEFD +TUUgdGVzdCBDQTEZMBcGA1UEAwwQYWNtZS5leGFtcGxlLmNvbTAeFw0xODA4MzEx +MDU3NDVaFw00NjAxMTYxMDU3NDVaMGQxCzAJBgNVBAYTAlVTMRQwEgYDVQQHDAtM +b29uZXlWaWxsZTENMAsGA1UECgwEQUNNRTEVMBMGA1UECwwMQUNNRSB0ZXN0IENB +MRkwFwYDVQQDDBBhY21lLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAE1L7IzCN5pbyVnBATIHieuxq+hf9kWyn5yfjkXMhD52T5ITz1huq4nbiN +YtRoRP7XmipI60R/uiCHzERcsVz4rDAKBggqhkjOPQQDAgNIADBFAiEA6wmZDBca +y0aJ6ABtjbjx/vlmVDxdkaSZSgO8h2CkvIECIFktCkbZhDFfSvbqUScPOGuwkdGQ +L/EW2Bxp+1BPcYoZ +-----END CERTIFICATE-----)"; + +// host.pem +constexpr const char* cert_pem = R"(-----BEGIN CERTIFICATE----- +MIIBsTCCAVgCCQD6GfDh0ltpsjAKBggqhkjOPQQDAjBkMQswCQYDVQQGEwJVUzEU +MBIGA1UEBwwLTG9vbmV5VmlsbGUxDTALBgNVBAoMBEFDTUUxFTATBgNVBAsMDEFD +TUUgdGVzdCBDQTEZMBcGA1UEAwwQYWNtZS5leGFtcGxlLmNvbTAeFw0xODA4MzEx +MDU3NDVaFw00NjAxMTYxMDU3NDVaMF4xCzAJBgNVBAYTAlVTMRQwEgYDVQQHDAtM +b29uZXlWaWxsZTEeMBwGA1UECgwVV2lsZS4gRS4gQ295b3RlLCBMdGQuMRkwFwYD +VQQDDBB3aWxlLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +e+Y4hxt66em0STviGUj6ZDbxzoLoubXWRml8JDFrEc2S2433KWw2npxYSKVCyo3a +/Vo33V8/H0WgOXioKEZJxDAKBggqhkjOPQQDAgNHADBEAiAN+87hQuGv3z0Ja2BV +b8PHq2vp3BJHjeMuxWu4BFPn0QIgYlvIHikspgGatXRNMZ1gPC0oCccsJFcie+Cw +zL06UPI= +-----END CERTIFICATE-----)"; + +// host.key +constexpr const char* key_pem = R"(-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEID6di2PFYn8hPrxPbkFDGkSqF+K8L520In7nx3g0jwzOoAoGCCqGSM49 +AwEHoUQDQgAEe+Y4hxt66em0STviGUj6ZDbxzoLoubXWRml8JDFrEc2S2433KWw2 +npxYSKVCyo3a/Vo33V8/H0WgOXioKEZJxA== +-----END EC PRIVATE KEY-----)"; + +namespace vespalib::test { + +vespalib::net::tls::TransportSecurityOptions make_tls_options_for_testing() { + return vespalib::net::tls::TransportSecurityOptions(ca_pem, cert_pem, key_pem); +} + +} // namespace vespalib::test diff --git a/vespalib/src/vespa/vespalib/test/make_tls_options_for_testing.h b/vespalib/src/vespa/vespalib/test/make_tls_options_for_testing.h new file mode 100644 index 00000000000..a1f1d5958f9 --- /dev/null +++ b/vespalib/src/vespa/vespalib/test/make_tls_options_for_testing.h @@ -0,0 +1,15 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +#pragma once + +#include <vespa/vespalib/net/tls/transport_security_options.h> + +namespace vespalib::test { + +/** + * Make security options allowing you to talk to yourself using + * TLS. This is intended for testing purposes only. + **/ +vespalib::net::tls::TransportSecurityOptions make_tls_options_for_testing(); + +} // namespace vespalib::test |