Generate test certificates on demand

quinn-rs · Jan 10, 2019 · 08a3201 · 08a3201
1 parent 576613a
commit 08a3201
Show file tree

Hide file tree

Showing 9 changed files with 20 additions and 195 deletions.
diff --git a/certs/ca.der b/certs/ca.der
diff --git a/certs/generate.sh b/certs/generate.sh
diff --git a/certs/openssl.cnf b/certs/openssl.cnf
diff --git a/certs/server.chain b/certs/server.chain
diff --git a/certs/server.rsa b/certs/server.rsa
diff --git a/quinn-proto/Cargo.toml b/quinn-proto/Cargo.toml
@@ -39,3 +39,4 @@ block-modes = "0.3"
 assert_matches = "1.1"
 hex-literal = "0.1.1"
 untrusted = "0.6.2"
+rcgen = "0.1"
diff --git a/quinn-proto/src/tests.rs b/quinn-proto/src/tests.rs
@@ -1,18 +1,18 @@
 use std::collections::VecDeque;
-use std::io::{self, Read, Write};
+use std::io::{self, Write};
 use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket};
 use std::ops::RangeFrom;
 use std::sync::{Arc, Mutex};
 use std::time::Duration;
-use std::{env, fmt, fs, mem, str};
+use std::{env, fmt, mem, str};
 
 use byteorder::{BigEndian, ByteOrder};
 use bytes::Bytes;
 use rand::RngCore;
 use ring::digest;
 use ring::hmac::SigningKey;
 use rustls::internal::msgs::enums::AlertDescription;
-use rustls::{internal::pemfile, KeyLogFile, ProtocolVersion};
+use rustls::{KeyLogFile, ProtocolVersion};
 use slog::{Drain, Logger, KV};
 use untrusted::Input;
 
@@ -57,6 +57,8 @@ fn logger() -> Logger {
 lazy_static! {
     static ref SERVER_PORTS: Mutex<RangeFrom<u16>> = Mutex::new(4433..);
     static ref CLIENT_PORTS: Mutex<RangeFrom<u16>> = Mutex::new(44433..);
+    static ref CERTIFICATE: rcgen::Certificate =
+        rcgen::generate_simple_self_signed(vec!["localhost".into()]);
 }
 
 struct Pair {
@@ -78,34 +80,23 @@ impl Default for Pair {
 }
 
 fn server_config() -> ServerConfig {
-    let certs = {
-        let f =
-            fs::File::open("../certs/server.chain").expect("cannot open '../certs/server.chain'");
-        let mut reader = io::BufReader::new(f);
-        pemfile::certs(&mut reader).expect("cannot read certificates")
-    };
-
-    let keys = {
-        let f = fs::File::open("../certs/server.rsa").expect("cannot open '../certs/server.rsa'");
-        let mut reader = io::BufReader::new(f);
-        pemfile::rsa_private_keys(&mut reader).expect("cannot read private keys")
-    };
+    let key = CERTIFICATE.serialize_private_key_der();
+    let cert = CERTIFICATE.serialize_der();
 
     let mut tls_config = crypto::build_server_config();
     tls_config.set_protocols(&[str::from_utf8(ALPN_QUIC_HTTP).unwrap().into()]);
-    tls_config.set_single_cert(certs, keys[0].clone()).unwrap();
+    tls_config
+        .set_single_cert(vec![rustls::Certificate(cert)], rustls::PrivateKey(key))
+        .unwrap();
     ServerConfig {
         tls_config: Arc::new(tls_config),
         ..Default::default()
     }
 }
 
 fn client_config() -> Arc<ClientConfig> {
-    let mut f = fs::File::open("../certs/ca.der").expect("cannot open '../certs/ca.der'");
-    let mut bytes = Vec::new();
-    f.read_to_end(&mut bytes).expect("error while reading");
-
-    let anchor = webpki::trust_anchor_util::cert_der_as_trust_anchor(Input::from(&bytes)).unwrap();
+    let cert = CERTIFICATE.serialize_der();
+    let anchor = webpki::trust_anchor_util::cert_der_as_trust_anchor(Input::from(&cert)).unwrap();
     let anchor_vec = vec![anchor];
 
     let mut tls_client_config = ClientConfig::new();

diff --git a/quinn/Cargo.toml b/quinn/Cargo.toml
@@ -45,6 +45,7 @@ structopt = "0.2.7"
 tokio = "0.1.6"
 tokio-current-thread = "0.1"
 url = "1.7"
+rcgen = "0.1"
 
 [[example]]
 name = "server"

diff --git a/quinn/src/tests.rs b/quinn/src/tests.rs
@@ -5,7 +5,7 @@ use super::{
 use futures::{Future, Stream};
 use slog::{Drain, Logger, KV};
 use std::{
-    fmt, fs, io,
+    fmt, io,
     net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket},
     str,
 };
@@ -39,9 +39,10 @@ fn echo_dualstack() {
 fn run_echo(client_addr: SocketAddr, server_addr: SocketAddr) {
     let log = logger();
     let mut server_config = ServerConfigBuilder::default();
-    let key = crate::PrivateKey::from_pem(&fs::read("../certs/server.rsa").unwrap()).unwrap();
-    let cert_chain =
-        crate::CertificateChain::from_pem(&fs::read("../certs/server.chain").unwrap()).unwrap();
+    let cert = rcgen::generate_simple_self_signed(vec!["localhost".into()]);
+    let key = crate::PrivateKey::from_der(&cert.serialize_private_key_der()).unwrap();
+    let cert = crate::Certificate::from_der(&cert.serialize_der()).unwrap();
+    let cert_chain = crate::CertificateChain::from_certs(vec![cert.clone()]);
     server_config.set_certificate(cert_chain, key).unwrap();
 
     let mut server = EndpointBuilder::new(Config {
@@ -55,11 +56,7 @@ fn run_echo(client_addr: SocketAddr, server_addr: SocketAddr) {
     let (_, server_driver, server_incoming) = server.from_socket(server_sock).unwrap();
 
     let mut client_config = ClientConfigBuilder::default();
-    client_config
-        .add_certificate_authority(
-            crate::Certificate::from_der(&fs::read("../certs/ca.der").unwrap()).unwrap(),
-        )
-        .unwrap();
+    client_config.add_certificate_authority(cert).unwrap();
     let mut client = Endpoint::new();
     client.logger(log.clone());
     client.default_client_config(client_config.build());