use TLS in integration test

4 years ago · f8a402c3a1
parent c62b6edde2
commit f8a402c3a1
9 changed files with 53 additions and 2 deletions
--- a/cmake/unit_tests.cmake
+++ b/cmake/unit_tests.cmake
@ -81,6 +81,14 @@ target_link_libraries(alltests PUBLIC
 target_include_directories(alltests PUBLIC test lib ${FUSE3_INCLUDE_DIRS} ${GMOCK_INCLUDE_DIRS} ${GTEST_INCLUDE_DIRS})
 target_compile_options(alltests PUBLIC ${FUSE3_CFLAGS_OTHER} ${GMOCK_CFLAGS} ${GTEST_CFLAGS})

+add_custom_command(OUTPUT server-key.pem
+	COMMAND openssl req -x509 -newkey rsa:4096 -keyout server-key.pem -out server-cert.pem -days 365 -nodes -batch -subj '/CN=localhost'
+	COMMAND openssl req -x509 -newkey rsa:4096 -keyout client-key.pem -out client-cert.pem -days 365 -nodes -batch -subj '/CN=localhost'
+)
+
+add_custom_target(gen-tls DEPENDS server-key.pem)
+add_dependencies(alltests gen-tls)
+
 enable_testing()
 gtest_discover_tests(alltests TEST_PREFIX alltests:)

--- a/include/webfuse/provider/client_config.h
+++ b/include/webfuse/provider/client_config.h
@ -108,6 +108,19 @@ extern WFP_API void wfp_client_config_set_certpath(
    struct wfp_client_config * config,
    char const * cert_path);

+//------------------------------------------------------------------------------
+/// \brief Sets the path of ca file to verify servers.
+///
+/// \note To enable TLS both, private key and certificate, must be specified.
+///       Otherwise, TLS is not used.
+///
+/// \param config pointer to client configuration
+/// \param ca_filepath path of the ca file (pem file)
+//------------------------------------------------------------------------------
+extern WFP_API void wfp_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath);
+
 //------------------------------------------------------------------------------
 /// \brief Sets the onconnected handler.
 ///
--- a/lib/webfuse/provider/api.c
+++ b/lib/webfuse/provider/api.c
@ -95,6 +95,13 @@ void wfp_client_config_set_certpath(
    wfp_impl_client_config_set_certpath(config, cert_path);
 }

+void wfp_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath)
+{
+    wfp_impl_client_config_set_ca_filepath(config, ca_filepath);
+}
+
 void wfp_client_config_set_onconnected(
    struct wfp_client_config * config,
    wfp_connected_fn * handler)
--- a/lib/webfuse/provider/impl/client.c
+++ b/lib/webfuse/provider/impl/client.c
@ -43,7 +43,10 @@ struct wfp_client * wfp_impl_client_create(

    if ((NULL != config->cert_path) && (NULL != config->key_path))
    {
-        
+		client->info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
+        client->info.client_ssl_cert_filepath = config->cert_path;
+        client->info.client_ssl_private_key_filepath = config->key_path;
+        client->info.client_ssl_ca_filepath = config->ca_filepath;
    }

    client->context = lws_create_context(&client->info);
--- a/lib/webfuse/provider/impl/client_config.c
+++ b/lib/webfuse/provider/impl/client_config.c
@ -10,6 +10,7 @@ struct wfp_client_config * wfp_impl_client_config_create(void)
    config->user_data = NULL;
    config->key_path = NULL;
    config->cert_path = NULL;
+    config->ca_filepath = NULL;

    return config;
 }
@ -19,6 +20,7 @@ void wfp_impl_client_config_dispose(
 {
    free(config->key_path);
    free(config->cert_path);
+    free(config->ca_filepath);
    free(config);
 }

@ -45,6 +47,14 @@ void wfp_impl_client_config_set_certpath(
    config->cert_path = strdup(cert_path);
 }

+void wfp_impl_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath)
+{
+    free(config->ca_filepath);
+    config->ca_filepath = strdup(ca_filepath); 
+}
+
 void wfp_impl_client_config_set_onconnected(
    struct wfp_client_config * config,
    wfp_connected_fn * handler)
--- a/lib/webfuse/provider/impl/client_config.h
+++ b/lib/webfuse/provider/impl/client_config.h
@ -15,6 +15,7 @@ struct wfp_client_config
    void * user_data;
    char * key_path;
    char * cert_path;
+    char * ca_filepath;
 };

 extern struct wfp_client_config * wfp_impl_client_config_create(void);
@ -34,6 +35,10 @@ extern void wfp_impl_client_config_set_certpath(
    struct wfp_client_config * config,
    char const * cert_path);

+extern void wfp_impl_client_config_set_ca_filepath(
+    struct wfp_client_config * config,
+    char const * ca_filepath);
+
 extern void wfp_impl_client_config_set_onconnected(
    struct wfp_client_config * config,
    wfp_connected_fn * handler);
--- a/test/webfuse/tests/integration/provider.cc
+++ b/test/webfuse/tests/integration/provider.cc
@ -19,6 +19,9 @@ public:
    : is_shutdown_requested(false)
    {
        config = wfp_client_config_create();
+        wfp_client_config_set_certpath(config, "client-cert.pem");
+        wfp_client_config_set_keypath(config, "client-key.pem");
+        wfp_client_config_set_ca_filepath(config, "server-cert.pem");

        fs = wfp_static_filesystem_create(config);
        wfp_static_filesystem_add_text(fs, "hello.txt", 0444, "Hello, World");
--- a/test/webfuse/tests/integration/server.cc
+++ b/test/webfuse/tests/integration/server.cc
@ -63,6 +63,8 @@ public:
        wf_server_config_set_mountpoint_factory(config, 
            &webfuse_test_server_create_mountpoint,
            reinterpret_cast<void*>(base_dir));
+        wf_server_config_set_keypath(config, "server-key.pem");
+        wf_server_config_set_certpath(config, "server-cert.pem");

        server = wf_server_create(config);

--- a/test/webfuse/tests/integration/test_integration.cc
+++ b/test/webfuse/tests/integration/test_integration.cc
@ -38,7 +38,7 @@ namespace
            void SetUp()
            {
                server = new Server();
-                provider = new Provider("ws://localhost:8080/");
+                provider = new Provider("wss://localhost:8080/");
            }

            void TearDown()