From 019ae92605cd49033e5f0b39c9729003b341c3fc Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Fri, 2 Sep 2022 10:42:22 +0200 Subject: [PATCH] Add new test for client configuration --- src/base/err_utils.rs | 4 +- src/tcp_relay_client/client_config.rs | 29 +++++++------ src/tcp_relay_client/mod.rs | 10 ++--- ...lient_invalid_tls_root_certificate_file.rs | 41 +++++++++++++++++++ src/test/mod.rs | 3 +- ...n_file.rs => server_invalid_token_file.rs} | 0 6 files changed, 66 insertions(+), 21 deletions(-) create mode 100644 src/test/client_invalid_tls_root_certificate_file.rs rename src/test/{invalid_token_file.rs => server_invalid_token_file.rs} (100%) diff --git a/src/base/err_utils.rs b/src/base/err_utils.rs index 1bb1915..6c8a4fa 100644 --- a/src/base/err_utils.rs +++ b/src/base/err_utils.rs @@ -2,8 +2,8 @@ use std::fmt::Display; use std::io::ErrorKind; /// Encapsulate errors in [`std::io::Error`] with a message -pub fn encpasulate_error(e: E, msg: &str) -> std::io::Error { - std::io::Error::new(ErrorKind::Other, format!("{}: {}", msg, e)) +pub fn encpasulate_error(e: E, msg: F) -> std::io::Error { + std::io::Error::new(ErrorKind::Other, format!("{}: {}", msg.to_string(), e)) } /// Create a new [`std::io::Error`] diff --git a/src/tcp_relay_client/client_config.rs b/src/tcp_relay_client/client_config.rs index b0b20a3..3a34913 100644 --- a/src/tcp_relay_client/client_config.rs +++ b/src/tcp_relay_client/client_config.rs @@ -1,3 +1,4 @@ +use crate::base::err_utils::encpasulate_error; use bytes::BufMut; use clap::Parser; @@ -45,21 +46,13 @@ pub struct KeysCache { impl ClientConfig { /// Load certificates and put them in cache - pub fn load_certificates(&mut self) { + pub fn load_certificates(&mut self) -> std::io::Result<()> { self._keys_cache = KeysCache { - _root_certificate_cache: self - .root_certificate - .as_ref() - .map(|c| std::fs::read(c).expect("Failed to read root certificate!")), - _tls_cert_cache: self - .tls_cert - .as_ref() - .map(|c| std::fs::read(c).expect("Failed to read client certificate!")), - _tls_key_cache: self - .tls_key - .as_ref() - .map(|c| std::fs::read(c).expect("Failed to read client key!")), + _root_certificate_cache: load_pem_file(&self.root_certificate, "root certificate")?, + _tls_cert_cache: load_pem_file(&self.tls_cert, "client certificate")?, + _tls_key_cache: load_pem_file(&self.tls_cert, "client key")?, }; + Ok(()) } /// Get client token, returning a dummy token if none was specified @@ -95,6 +88,16 @@ impl ClientConfig { } } +fn load_pem_file(path: &Option, name: &str) -> std::io::Result>> { + Ok(match path { + None => None, + Some(p) => Some( + std::fs::read(p) + .map_err(|e| encpasulate_error(e, format!("Failed to load {}!", name)))?, + ), + }) +} + #[cfg(test)] mod test { use crate::tcp_relay_client::client_config::ClientConfig; diff --git a/src/tcp_relay_client/mod.rs b/src/tcp_relay_client/mod.rs index 6ca6424..6ba55ce 100644 --- a/src/tcp_relay_client/mod.rs +++ b/src/tcp_relay_client/mod.rs @@ -7,6 +7,7 @@ use std::sync::Arc; use futures::future::join_all; use reqwest::{Certificate, Identity}; +use crate::base::err_utils::new_err; use crate::base::RemoteConfig; use crate::tcp_relay_client::client_config::ClientConfig; use crate::tcp_relay_client::relay_client::relay_client; @@ -54,15 +55,14 @@ async fn get_server_config(conf: &ClientConfig) -> Result std::io::Result<()> { - args.load_certificates(); + args.load_certificates()?; let args = Arc::new(args); // Check arguments coherence if args.tls_cert.is_some() != args.tls_key.is_some() { - log::error!( - "If you specify one of TLS certificate / key, you must then specify the other!" - ); - panic!(); + return Err(new_err( + "If you specify one of TLS certificate / key, you must then specify the other!", + )); } if args.get_client_keypair().is_some() { diff --git a/src/test/client_invalid_tls_root_certificate_file.rs b/src/test/client_invalid_tls_root_certificate_file.rs new file mode 100644 index 0000000..4a0d59b --- /dev/null +++ b/src/test/client_invalid_tls_root_certificate_file.rs @@ -0,0 +1,41 @@ +use crate::tcp_relay_client::client_config::ClientConfig; +use crate::test::pki::Pki; +use crate::test::{get_port_number, PortsAllocation, LOCALHOST_IP}; + +const VALID_TOKEN: &str = "AvalidTOKEN"; + +fn port(index: u16) -> u16 { + get_port_number(PortsAllocation::TestsWithoutPortOpened, index) +} + +#[tokio::test()] +async fn invalid_file_type() { + let _ = env_logger::builder().is_test(true).try_init(); + + let pki = Pki::load(); + + crate::tcp_relay_client::run_app(ClientConfig { + token: Some(VALID_TOKEN.to_string()), + relay_url: format!("https://{}:{}", LOCALHOST_IP, port(0)), + listen_address: LOCALHOST_IP.to_string(), + root_certificate: Some(pki.expired_client_key.file_path()), + ..Default::default() + }) + .await + .unwrap_err(); +} + +#[tokio::test()] +async fn non_existing_file() { + let _ = env_logger::builder().is_test(true).try_init(); + + crate::tcp_relay_client::run_app(ClientConfig { + token: Some(VALID_TOKEN.to_string()), + relay_url: format!("https://{}:{}", LOCALHOST_IP, port(0)), + listen_address: LOCALHOST_IP.to_string(), + root_certificate: Some("/bad/path/to/file".to_string()), + ..Default::default() + }) + .await + .unwrap_err(); +} diff --git a/src/test/mod.rs b/src/test/mod.rs index 37d8331..15551b8 100644 --- a/src/test/mod.rs +++ b/src/test/mod.rs @@ -24,13 +24,14 @@ mod dummy_tcp_sockets; mod pki; mod test_files_utils; +mod client_invalid_tls_root_certificate_file; mod client_try_tls_while_there_is_no_tls; -mod invalid_token_file; mod invalid_with_token_auth; mod server_invalid_tls_config_invalid_cert; mod server_invalid_tls_config_invalid_key; mod server_invalid_tls_config_invalid_paths; mod server_invalid_tls_config_missing_key; +mod server_invalid_token_file; mod valid_token_with_custom_increment; mod valid_with_multiple_token_auth; mod valid_with_token_auth; diff --git a/src/test/invalid_token_file.rs b/src/test/server_invalid_token_file.rs similarity index 100% rename from src/test/invalid_token_file.rs rename to src/test/server_invalid_token_file.rs