mirror of https://github.com/ctz/rustls
Move `MockServerVerifier` to tests::common
This commit is contained in:
parent
e13d868c06
commit
f89b8e3886
|
@ -5,18 +5,20 @@ use std::io;
|
|||
use std::ops::{Deref, DerefMut};
|
||||
use std::sync::Arc;
|
||||
|
||||
use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName};
|
||||
use pki_types::{
|
||||
CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName, UnixTime,
|
||||
};
|
||||
use webpki::anchor_from_trusted_cert;
|
||||
|
||||
use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
||||
use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier};
|
||||
use rustls::internal::msgs::codec::Reader;
|
||||
use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage};
|
||||
use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier};
|
||||
use rustls::Connection;
|
||||
use rustls::Error;
|
||||
use rustls::RootCertStore;
|
||||
use rustls::{ClientConfig, ClientConnection};
|
||||
use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData};
|
||||
use rustls::{
|
||||
ClientConfig, ClientConnection, Connection, ConnectionCommon, DigitallySignedStruct, Error,
|
||||
RootCertStore, ServerConfig, ServerConnection, SideData, SignatureScheme,
|
||||
};
|
||||
|
||||
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
||||
pub use rustls::crypto::aws_lc_rs as provider;
|
||||
|
@ -706,3 +708,125 @@ impl io::Read for FailsReads {
|
|||
Err(io::Error::from(self.errkind))
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct MockServerVerifier {
|
||||
cert_rejection_error: Option<Error>,
|
||||
tls12_signature_error: Option<Error>,
|
||||
tls13_signature_error: Option<Error>,
|
||||
signature_schemes: Vec<SignatureScheme>,
|
||||
}
|
||||
|
||||
impl ServerCertVerifier for MockServerVerifier {
|
||||
fn verify_server_cert(
|
||||
&self,
|
||||
end_entity: &CertificateDer<'_>,
|
||||
intermediates: &[CertificateDer<'_>],
|
||||
server_name: &ServerName<'_>,
|
||||
oscp_response: &[u8],
|
||||
now: UnixTime,
|
||||
) -> Result<ServerCertVerified, Error> {
|
||||
println!(
|
||||
"verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?})",
|
||||
end_entity, intermediates, server_name, oscp_response, now
|
||||
);
|
||||
if let Some(error) = &self.cert_rejection_error {
|
||||
Err(error.clone())
|
||||
} else {
|
||||
Ok(ServerCertVerified::assertion())
|
||||
}
|
||||
}
|
||||
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer<'_>,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, Error> {
|
||||
println!(
|
||||
"verify_tls12_signature({:?}, {:?}, {:?})",
|
||||
message, cert, dss
|
||||
);
|
||||
if let Some(error) = &self.tls12_signature_error {
|
||||
Err(error.clone())
|
||||
} else {
|
||||
Ok(HandshakeSignatureValid::assertion())
|
||||
}
|
||||
}
|
||||
|
||||
fn verify_tls13_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer<'_>,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, Error> {
|
||||
println!(
|
||||
"verify_tls13_signature({:?}, {:?}, {:?})",
|
||||
message, cert, dss
|
||||
);
|
||||
if let Some(error) = &self.tls13_signature_error {
|
||||
Err(error.clone())
|
||||
} else {
|
||||
Ok(HandshakeSignatureValid::assertion())
|
||||
}
|
||||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
|
||||
self.signature_schemes.clone()
|
||||
}
|
||||
}
|
||||
|
||||
impl MockServerVerifier {
|
||||
pub fn accepts_anything() -> Self {
|
||||
MockServerVerifier {
|
||||
cert_rejection_error: None,
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn rejects_certificate(err: Error) -> Self {
|
||||
MockServerVerifier {
|
||||
cert_rejection_error: Some(err),
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn rejects_tls12_signatures(err: Error) -> Self {
|
||||
MockServerVerifier {
|
||||
tls12_signature_error: Some(err),
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn rejects_tls13_signatures(err: Error) -> Self {
|
||||
MockServerVerifier {
|
||||
tls13_signature_error: Some(err),
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn offers_no_signature_schemes() -> Self {
|
||||
MockServerVerifier {
|
||||
signature_schemes: vec![],
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for MockServerVerifier {
|
||||
fn default() -> Self {
|
||||
MockServerVerifier {
|
||||
cert_rejection_error: None,
|
||||
tls12_signature_error: None,
|
||||
tls13_signature_error: None,
|
||||
signature_schemes: vec![
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA256,
|
||||
SignatureScheme::ED25519,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,13 +5,10 @@
|
|||
mod common;
|
||||
use crate::common::{
|
||||
do_handshake, do_handshake_until_both_error, make_client_config_with_versions,
|
||||
make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES,
|
||||
make_pair_for_arc_configs, make_server_config, ErrorFromPeer, MockServerVerifier,
|
||||
ALL_KEY_TYPES,
|
||||
};
|
||||
use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
|
||||
use rustls::DigitallySignedStruct;
|
||||
use rustls::{AlertDescription, Error, InvalidMessage, SignatureScheme};
|
||||
|
||||
use pki_types::{CertificateDer, ServerName, UnixTime};
|
||||
use rustls::{AlertDescription, Error, InvalidMessage};
|
||||
|
||||
use std::sync::Arc;
|
||||
|
||||
|
@ -153,125 +150,3 @@ fn client_can_override_certificate_verification_and_offer_no_signature_schemes()
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct MockServerVerifier {
|
||||
cert_rejection_error: Option<Error>,
|
||||
tls12_signature_error: Option<Error>,
|
||||
tls13_signature_error: Option<Error>,
|
||||
signature_schemes: Vec<SignatureScheme>,
|
||||
}
|
||||
|
||||
impl ServerCertVerifier for MockServerVerifier {
|
||||
fn verify_server_cert(
|
||||
&self,
|
||||
end_entity: &CertificateDer<'_>,
|
||||
intermediates: &[CertificateDer<'_>],
|
||||
server_name: &ServerName<'_>,
|
||||
oscp_response: &[u8],
|
||||
now: UnixTime,
|
||||
) -> Result<ServerCertVerified, Error> {
|
||||
println!(
|
||||
"verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?})",
|
||||
end_entity, intermediates, server_name, oscp_response, now
|
||||
);
|
||||
if let Some(error) = &self.cert_rejection_error {
|
||||
Err(error.clone())
|
||||
} else {
|
||||
Ok(ServerCertVerified::assertion())
|
||||
}
|
||||
}
|
||||
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer<'_>,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, Error> {
|
||||
println!(
|
||||
"verify_tls12_signature({:?}, {:?}, {:?})",
|
||||
message, cert, dss
|
||||
);
|
||||
if let Some(error) = &self.tls12_signature_error {
|
||||
Err(error.clone())
|
||||
} else {
|
||||
Ok(HandshakeSignatureValid::assertion())
|
||||
}
|
||||
}
|
||||
|
||||
fn verify_tls13_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer<'_>,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, Error> {
|
||||
println!(
|
||||
"verify_tls13_signature({:?}, {:?}, {:?})",
|
||||
message, cert, dss
|
||||
);
|
||||
if let Some(error) = &self.tls13_signature_error {
|
||||
Err(error.clone())
|
||||
} else {
|
||||
Ok(HandshakeSignatureValid::assertion())
|
||||
}
|
||||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
|
||||
self.signature_schemes.clone()
|
||||
}
|
||||
}
|
||||
|
||||
impl MockServerVerifier {
|
||||
pub fn accepts_anything() -> Self {
|
||||
MockServerVerifier {
|
||||
cert_rejection_error: None,
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn rejects_certificate(err: Error) -> Self {
|
||||
MockServerVerifier {
|
||||
cert_rejection_error: Some(err),
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn rejects_tls12_signatures(err: Error) -> Self {
|
||||
MockServerVerifier {
|
||||
tls12_signature_error: Some(err),
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn rejects_tls13_signatures(err: Error) -> Self {
|
||||
MockServerVerifier {
|
||||
tls13_signature_error: Some(err),
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn offers_no_signature_schemes() -> Self {
|
||||
MockServerVerifier {
|
||||
signature_schemes: vec![],
|
||||
..Default::default()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for MockServerVerifier {
|
||||
fn default() -> Self {
|
||||
MockServerVerifier {
|
||||
cert_rejection_error: None,
|
||||
tls12_signature_error: None,
|
||||
tls13_signature_error: None,
|
||||
signature_schemes: vec![
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA256,
|
||||
SignatureScheme::ED25519,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue