+
+TEST_F(SSLContextTest, TestLoadCertKey) {
+ std::string certData, keyData, anotherKeyData;
+ const char* certPath = "folly/io/async/test/certs/tests-cert.pem";
+ const char* keyPath = "folly/io/async/test/certs/tests-key.pem";
+ const char* anotherKeyPath = "folly/io/async/test/certs/client_key.pem";
+ folly::readFile(certPath, certData);
+ folly::readFile(keyPath, keyData);
+ folly::readFile(anotherKeyPath, anotherKeyData);
+
+ {
+ SCOPED_TRACE("Valid cert/key pair from buffer");
+ SSLContext tmpCtx;
+ tmpCtx.loadCertificateFromBufferPEM(certData);
+ tmpCtx.loadPrivateKeyFromBufferPEM(keyData);
+ EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
+ }
+
+ {
+ SCOPED_TRACE("Valid cert/key pair from files");
+ SSLContext tmpCtx;
+ tmpCtx.loadCertificate(certPath);
+ tmpCtx.loadPrivateKey(keyPath);
+ EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
+ }
+
+ {
+ SCOPED_TRACE("Invalid cert/key pair from file. Load cert first");
+ SSLContext tmpCtx;
+ tmpCtx.loadCertificate(certPath);
+ EXPECT_THROW(tmpCtx.loadPrivateKey(anotherKeyPath), std::runtime_error);
+ }
+
+ {
+ SCOPED_TRACE("Invalid cert/key pair from file. Load key first");
+ SSLContext tmpCtx;
+ tmpCtx.loadPrivateKey(anotherKeyPath);
+ tmpCtx.loadCertificate(certPath);
+ EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
+ }
+
+ {
+ SCOPED_TRACE("Invalid key/cert pair from buf. Load cert first");
+ SSLContext tmpCtx;
+ tmpCtx.loadCertificateFromBufferPEM(certData);
+ EXPECT_THROW(
+ tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData), std::runtime_error);
+ }
+
+ {
+ SCOPED_TRACE("Invalid key/cert pair from buf. Load key first");
+ SSLContext tmpCtx;
+ tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData);
+ tmpCtx.loadCertificateFromBufferPEM(certData);
+ EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
+ }
+
+ {
+ SCOPED_TRACE(
+ "loadCertKeyPairFromBufferPEM() must throw when cert/key mismatch");
+ SSLContext tmpCtx;
+ EXPECT_THROW(
+ tmpCtx.loadCertKeyPairFromBufferPEM(certData, anotherKeyData),
+ std::runtime_error);
+ }
+
+ {
+ SCOPED_TRACE(
+ "loadCertKeyPairFromBufferPEM() must succeed when cert/key match");
+ SSLContext tmpCtx;
+ tmpCtx.loadCertKeyPairFromBufferPEM(certData, keyData);
+ }
+
+ {
+ SCOPED_TRACE(
+ "loadCertKeyPairFromFiles() must throw when cert/key mismatch");
+ SSLContext tmpCtx;
+ EXPECT_THROW(
+ tmpCtx.loadCertKeyPairFromFiles(certPath, anotherKeyPath),
+ std::runtime_error);
+ }
+
+ {
+ SCOPED_TRACE("loadCertKeyPairFromFiles() must succeed when cert/key match");
+ SSLContext tmpCtx;
+ tmpCtx.loadCertKeyPairFromFiles(certPath, keyPath);
+ }
+}