X-Git-Url: http://plrg.eecs.uci.edu/git/?p=folly.git;a=blobdiff_plain;f=folly%2Fio%2Fasync%2Ftest%2FSSLContextTest.cpp;h=fafa433b375184a6c6a5db9fb8565af26612a72c;hp=955a1fc8669589fa83be4cadbba7a27c18f6e4df;hb=3e19d28a142149241d81c5e736aa4117fe7cbec8;hpb=36ac103264634cafe2944c33a9677ce9a8b2ac2d

diff --git a/folly/io/async/test/SSLContextTest.cpp b/folly/io/async/test/SSLContextTest.cpp
index 955a1fc8..fafa433b 100644
--- a/folly/io/async/test/SSLContextTest.cpp
+++ b/folly/io/async/test/SSLContextTest.cpp
@@ -15,6 +15,7 @@
  */
 
 #include <folly/io/async/SSLContext.h>
+#include <folly/FileUtil.h>
 #include <folly/portability/GTest.h>
 #include <folly/ssl/OpenSSLPtrTypes.h>
 
@@ -48,4 +49,92 @@ TEST_F(SSLContextTest, TestSetCipherList) {
   ctx.setCipherList(ciphers);
   verifySSLCipherList(ciphers);
 }
+
+TEST_F(SSLContextTest, TestLoadCertKey) {
+  std::string certData, keyData, anotherKeyData;
+  const char* certPath = "folly/io/async/test/certs/tests-cert.pem";
+  const char* keyPath = "folly/io/async/test/certs/tests-key.pem";
+  const char* anotherKeyPath = "folly/io/async/test/certs/client_key.pem";
+  folly::readFile(certPath, certData);
+  folly::readFile(keyPath, keyData);
+  folly::readFile(anotherKeyPath, anotherKeyData);
+
+  {
+    SCOPED_TRACE("Valid cert/key pair from buffer");
+    SSLContext tmpCtx;
+    tmpCtx.loadCertificateFromBufferPEM(certData);
+    tmpCtx.loadPrivateKeyFromBufferPEM(keyData);
+    EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
+  }
+
+  {
+    SCOPED_TRACE("Valid cert/key pair from files");
+    SSLContext tmpCtx;
+    tmpCtx.loadCertificate(certPath);
+    tmpCtx.loadPrivateKey(keyPath);
+    EXPECT_TRUE(tmpCtx.isCertKeyPairValid());
+  }
+
+  {
+    SCOPED_TRACE("Invalid cert/key pair from file. Load cert first");
+    SSLContext tmpCtx;
+    tmpCtx.loadCertificate(certPath);
+    EXPECT_THROW(tmpCtx.loadPrivateKey(anotherKeyPath), std::runtime_error);
+  }
+
+  {
+    SCOPED_TRACE("Invalid cert/key pair from file. Load key first");
+    SSLContext tmpCtx;
+    tmpCtx.loadPrivateKey(anotherKeyPath);
+    tmpCtx.loadCertificate(certPath);
+    EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
+  }
+
+  {
+    SCOPED_TRACE("Invalid key/cert pair from buf. Load cert first");
+    SSLContext tmpCtx;
+    tmpCtx.loadCertificateFromBufferPEM(certData);
+    EXPECT_THROW(
+        tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData), std::runtime_error);
+  }
+
+  {
+    SCOPED_TRACE("Invalid key/cert pair from buf. Load key first");
+    SSLContext tmpCtx;
+    tmpCtx.loadPrivateKeyFromBufferPEM(anotherKeyData);
+    tmpCtx.loadCertificateFromBufferPEM(certData);
+    EXPECT_FALSE(tmpCtx.isCertKeyPairValid());
+  }
+
+  {
+    SCOPED_TRACE(
+        "loadCertKeyPairFromBufferPEM() must throw when cert/key mismatch");
+    SSLContext tmpCtx;
+    EXPECT_THROW(
+        tmpCtx.loadCertKeyPairFromBufferPEM(certData, anotherKeyData),
+        std::runtime_error);
+  }
+
+  {
+    SCOPED_TRACE(
+        "loadCertKeyPairFromBufferPEM() must succeed when cert/key match");
+    SSLContext tmpCtx;
+    tmpCtx.loadCertKeyPairFromBufferPEM(certData, keyData);
+  }
+
+  {
+    SCOPED_TRACE(
+        "loadCertKeyPairFromFiles() must throw when cert/key mismatch");
+    SSLContext tmpCtx;
+    EXPECT_THROW(
+        tmpCtx.loadCertKeyPairFromFiles(certPath, anotherKeyPath),
+        std::runtime_error);
+  }
+
+  {
+    SCOPED_TRACE("loadCertKeyPairFromFiles() must succeed when cert/key match");
+    SSLContext tmpCtx;
+    tmpCtx.loadCertKeyPairFromFiles(certPath, keyPath);
+  }
+}
 } // namespace folly