2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include <folly/io/async/SSLContext.h>
18 #include <folly/FileUtil.h>
19 #include <folly/portability/GTest.h>
20 #include <folly/ssl/OpenSSLPtrTypes.h>
23 using namespace testing;
27 class SSLContextTest : public testing::Test {
30 void verifySSLCipherList(const vector<string>& ciphers);
33 void SSLContextTest::verifySSLCipherList(const vector<string>& ciphers) {
35 ssl::SSLUniquePtr ssl(ctx.createSSL());
36 for (auto& cipher : ciphers) {
37 ASSERT_STREQ(cipher.c_str(), SSL_get_cipher_list(ssl.get(), i++));
39 ASSERT_EQ(nullptr, SSL_get_cipher_list(ssl.get(), i));
42 TEST_F(SSLContextTest, TestSetCipherString) {
43 ctx.ciphers("AES128-SHA:ECDHE-RSA-AES256-SHA384");
44 verifySSLCipherList({"AES128-SHA", "ECDHE-RSA-AES256-SHA384"});
47 TEST_F(SSLContextTest, TestSetCipherList) {
48 const vector<string> ciphers = {"ECDHE-RSA-AES128-SHA", "AES256-SHA"};
49 ctx.setCipherList(ciphers);
50 verifySSLCipherList(ciphers);
53 TEST_F(SSLContextTest, TestLoadCertKey) {
54 std::string certData, keyData, anotherKeyData;
55 const char* certPath = "folly/io/async/test/certs/tests-cert.pem";
56 const char* keyPath = "folly/io/async/test/certs/tests-key.pem";
57 const char* anotherKeyPath = "folly/io/async/test/certs/client_key.pem";
58 folly::readFile(certPath, certData);
59 folly::readFile(keyPath, keyData);
60 folly::readFile(anotherKeyPath, anotherKeyData);
63 SCOPED_TRACE("Valid cert/key pair from buffer");
65 tmpCtx.loadCertificateFromBufferPEM(certData);
66 tmpCtx.loadPrivateKeyFromBufferPEM(keyData);
67 EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
71 SCOPED_TRACE("Valid cert/key pair from files");
73 tmpCtx.loadCertificate(certPath);
74 tmpCtx.loadPrivateKey(keyPath);
75 EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
79 SCOPED_TRACE("Invalid cert/key pair from file. Load cert first");
81 tmpCtx.loadCertificate(certPath);
82 EXPECT_THROW(tmpCtx.loadPrivateKey(anotherKeyPath), std::runtime_error);
86 SCOPED_TRACE("Invalid cert/key pair from file. Load key first");
88 tmpCtx.loadPrivateKey(anotherKeyPath);
89 tmpCtx.loadCertificate(certPath);
90 EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
94 SCOPED_TRACE("Invalid key/cert pair from buf. Load cert first");
96 tmpCtx.loadCertificateFromBufferPEM(certData);
98 tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData), std::runtime_error);
102 SCOPED_TRACE("Invalid key/cert pair from buf. Load key first");
104 tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData);
105 tmpCtx.loadCertificateFromBufferPEM(certData);
106 EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
111 "loadCertKeyPairFromBufferPEM() must throw when cert/key mismatch");
114 tmpCtx.loadCertKeyPairFromBufferPEM(certData, anotherKeyData),
120 "loadCertKeyPairFromBufferPEM() must succeed when cert/key match");
122 tmpCtx.loadCertKeyPairFromBufferPEM(certData, keyData);
127 "loadCertKeyPairFromFiles() must throw when cert/key mismatch");
130 tmpCtx.loadCertKeyPairFromFiles(certPath, anotherKeyPath),
135 SCOPED_TRACE("loadCertKeyPairFromFiles() must succeed when cert/key match");
137 tmpCtx.loadCertKeyPairFromFiles(certPath, keyPath);