From f8a402c3a1ed5069d6e5a032a9b4eecceadff8a7 Mon Sep 17 00:00:00 2001
From: Falk Werner <falk.werner@gmx.net>
Date: Wed, 1 Apr 2020 21:42:50 +0200
Subject: [PATCH] use TLS in integration test

---
 cmake/unit_tests.cmake                             |  8 ++++++++
 include/webfuse/provider/client_config.h           | 13 +++++++++++++
 lib/webfuse/provider/api.c                         |  7 +++++++
 lib/webfuse/provider/impl/client.c                 |  5 ++++-
 lib/webfuse/provider/impl/client_config.c          | 10 ++++++++++
 lib/webfuse/provider/impl/client_config.h          |  5 +++++
 test/webfuse/tests/integration/provider.cc         |  3 +++
 test/webfuse/tests/integration/server.cc           |  2 ++
 test/webfuse/tests/integration/test_integration.cc |  2 +-
 9 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/cmake/unit_tests.cmake b/cmake/unit_tests.cmake
index b1d9b99..31d3c12 100644
--- a/cmake/unit_tests.cmake
+++ b/cmake/unit_tests.cmake
@@ -81,6 +81,14 @@ target_link_libraries(alltests PUBLIC
 target_include_directories(alltests PUBLIC test lib ${FUSE3_INCLUDE_DIRS} ${GMOCK_INCLUDE_DIRS} ${GTEST_INCLUDE_DIRS})
 target_compile_options(alltests PUBLIC ${FUSE3_CFLAGS_OTHER} ${GMOCK_CFLAGS} ${GTEST_CFLAGS})
 
+add_custom_command(OUTPUT server-key.pem
+	COMMAND openssl req -x509 -newkey rsa:4096 -keyout server-key.pem -out server-cert.pem -days 365 -nodes -batch -subj '/CN=localhost'
+	COMMAND openssl req -x509 -newkey rsa:4096 -keyout client-key.pem -out client-cert.pem -days 365 -nodes -batch -subj '/CN=localhost'
+)
+
+add_custom_target(gen-tls DEPENDS server-key.pem)
+add_dependencies(alltests gen-tls)
+
 enable_testing()
 gtest_discover_tests(alltests TEST_PREFIX alltests:)
 
diff --git a/include/webfuse/provider/client_config.h b/include/webfuse/provider/client_config.h
index 0c79dd7..fe138f6 100644
--- a/include/webfuse/provider/client_config.h
+++ b/include/webfuse/provider/client_config.h
@@ -108,6 +108,19 @@ extern WFP_API void wfp_client_config_set_certpath(
     struct wfp_client_config * config,
     char const * cert_path);
 
+//------------------------------------------------------------------------------
+/// \brief Sets the path of ca file to verify servers.
+///
+/// \note To enable TLS both, private key and certificate, must be specified.
+///       Otherwise, TLS is not used.
+///
+/// \param config pointer to client configuration
+/// \param ca_filepath path of the ca file (pem file)
+//------------------------------------------------------------------------------
+extern WFP_API void wfp_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath);
+
 //------------------------------------------------------------------------------
 /// \brief Sets the onconnected handler.
 ///
diff --git a/lib/webfuse/provider/api.c b/lib/webfuse/provider/api.c
index 0704095..dc42fba 100644
--- a/lib/webfuse/provider/api.c
+++ b/lib/webfuse/provider/api.c
@@ -95,6 +95,13 @@ void wfp_client_config_set_certpath(
     wfp_impl_client_config_set_certpath(config, cert_path);
 }
 
+void wfp_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath)
+{
+    wfp_impl_client_config_set_ca_filepath(config, ca_filepath);
+}
+
 void wfp_client_config_set_onconnected(
     struct wfp_client_config * config,
     wfp_connected_fn * handler)
diff --git a/lib/webfuse/provider/impl/client.c b/lib/webfuse/provider/impl/client.c
index c3b432c..f10450f 100644
--- a/lib/webfuse/provider/impl/client.c
+++ b/lib/webfuse/provider/impl/client.c
@@ -43,7 +43,10 @@ struct wfp_client * wfp_impl_client_create(
 
     if ((NULL != config->cert_path) && (NULL != config->key_path))
     {
-        
+		client->info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
+        client->info.client_ssl_cert_filepath = config->cert_path;
+        client->info.client_ssl_private_key_filepath = config->key_path;
+        client->info.client_ssl_ca_filepath = config->ca_filepath;
     }
 
     client->context = lws_create_context(&client->info);
diff --git a/lib/webfuse/provider/impl/client_config.c b/lib/webfuse/provider/impl/client_config.c
index 3bbb3ea..9e6489b 100644
--- a/lib/webfuse/provider/impl/client_config.c
+++ b/lib/webfuse/provider/impl/client_config.c
@@ -10,6 +10,7 @@ struct wfp_client_config * wfp_impl_client_config_create(void)
     config->user_data = NULL;
     config->key_path = NULL;
     config->cert_path = NULL;
+    config->ca_filepath = NULL;
 
     return config;
 }
@@ -19,6 +20,7 @@ void wfp_impl_client_config_dispose(
 {
     free(config->key_path);
     free(config->cert_path);
+    free(config->ca_filepath);
     free(config);
 }
 
@@ -45,6 +47,14 @@ void wfp_impl_client_config_set_certpath(
     config->cert_path = strdup(cert_path);
 }
 
+void wfp_impl_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath)
+{
+    free(config->ca_filepath);
+    config->ca_filepath = strdup(ca_filepath); 
+}
+
 void wfp_impl_client_config_set_onconnected(
     struct wfp_client_config * config,
     wfp_connected_fn * handler)
diff --git a/lib/webfuse/provider/impl/client_config.h b/lib/webfuse/provider/impl/client_config.h
index f8d5b9b..a15ff87 100644
--- a/lib/webfuse/provider/impl/client_config.h
+++ b/lib/webfuse/provider/impl/client_config.h
@@ -15,6 +15,7 @@ struct wfp_client_config
     void * user_data;
     char * key_path;
     char * cert_path;
+    char * ca_filepath;
 };
 
 extern struct wfp_client_config * wfp_impl_client_config_create(void);
@@ -34,6 +35,10 @@ extern void wfp_impl_client_config_set_certpath(
     struct wfp_client_config * config,
     char const * cert_path);
 
+extern void wfp_impl_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath);
+
 extern void wfp_impl_client_config_set_onconnected(
     struct wfp_client_config * config,
     wfp_connected_fn * handler);
diff --git a/test/webfuse/tests/integration/provider.cc b/test/webfuse/tests/integration/provider.cc
index b1fa44d..e635c9b 100644
--- a/test/webfuse/tests/integration/provider.cc
+++ b/test/webfuse/tests/integration/provider.cc
@@ -19,6 +19,9 @@ public:
     : is_shutdown_requested(false)
     {
         config = wfp_client_config_create();
+        wfp_client_config_set_certpath(config, "client-cert.pem");
+        wfp_client_config_set_keypath(config, "client-key.pem");
+        wfp_client_config_set_ca_filepath(config, "server-cert.pem");
 
         fs = wfp_static_filesystem_create(config);
         wfp_static_filesystem_add_text(fs, "hello.txt", 0444, "Hello, World");
diff --git a/test/webfuse/tests/integration/server.cc b/test/webfuse/tests/integration/server.cc
index 931f932..8f15161 100644
--- a/test/webfuse/tests/integration/server.cc
+++ b/test/webfuse/tests/integration/server.cc
@@ -63,6 +63,8 @@ public:
         wf_server_config_set_mountpoint_factory(config, 
             &webfuse_test_server_create_mountpoint,
             reinterpret_cast<void*>(base_dir));
+        wf_server_config_set_keypath(config, "server-key.pem");
+        wf_server_config_set_certpath(config, "server-cert.pem");
 
         server = wf_server_create(config);
 
diff --git a/test/webfuse/tests/integration/test_integration.cc b/test/webfuse/tests/integration/test_integration.cc
index 4cc2844..57c1a91 100644
--- a/test/webfuse/tests/integration/test_integration.cc
+++ b/test/webfuse/tests/integration/test_integration.cc
@@ -38,7 +38,7 @@ namespace
             void SetUp()
             {
                 server = new Server();
-                provider = new Provider("ws://localhost:8080/");
+                provider = new Provider("wss://localhost:8080/");
             }
 
             void TearDown()