1
// SPDX-License-Identifier: BSD-2-Clause
2
/*
3
 * Copyright © The libcoap-rs Contributors, all rights reserved.
4
 * This file is part of the libcoap-rs project, see the README file for
5
 * general information on this project and the NOTICE.md and LICENSE files
6
 * for information regarding copyright ownership and terms of use.
7
 *
8
 * tests/dtls_rpk_client_server_test.rs - Tests for DTLS PKI clients+servers.
9
 */
10

            
11
#![cfg(feature = "dtls-pki")]
12

            
13
use std::path::PathBuf;
14

            
15
use libcoap_rs::crypto::pki_rpk::{
16
    Asn1PrivateKeyType, DerFileKeyComponent, NonCertVerifying, Pki, PkiKeyDef, PkiRpkContextBuilder,
17
};
18

            
19
use crate::common::dtls::dtls_client_server_request_common;
20

            
21
mod common;
22

            
23
#[test]
24
3
pub fn dtls_pki_pem_file_client_server_request() {
25
3
    let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
26
3
    let key_storage = manifest_dir.join("./resources/test-keys");
27
3
    let client_key = PkiKeyDef::with_pem_files(
28
3
        Some(key_storage.join("./ca/ca.crt.pem")),
29
3
        key_storage.join("./client/client.crt.pem"),
30
3
        key_storage.join("./client/client.key.pem"),
31
3
    );
32
3
    let server_key = PkiKeyDef::with_pem_files(
33
3
        Some(key_storage.join("./ca/ca.crt.pem")),
34
3
        key_storage.join("./server/server.crt.pem"),
35
3
        key_storage.join("./server/server.key.pem"),
36
3
    );
37
3

            
38
6
    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {
39
6
        ctx.verify_peer_cert().check_common_ca(true).build()
40
6
    };
41
3
    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)
42
3
}
43

            
44
#[test]
45
3
pub fn dtls_pki_pem_memory_client_server_request() {
46
    const PEM_CA_CERT: &str = include_str!("../resources/test-keys/ca/ca.crt.pem");
47
    const PEM_CLIENT_PUBLIC_CERT: &str = include_str!("../resources/test-keys/client/client.crt.pem");
48
    const PEM_SERVER_PUBLIC_CERT: &str = include_str!("../resources/test-keys/server/server.crt.pem");
49
    const PEM_CLIENT_PRIVATE_KEY: &str = include_str!("../resources/test-keys/client/client.key.pem");
50
    const PEM_SERVER_PRIVATE_KEY: &str = include_str!("../resources/test-keys/server/server.key.pem");
51
3
    let client_key = PkiKeyDef::with_pem_memory(
52
3
        Some(Vec::from(PEM_CA_CERT)),
53
3
        Vec::from(PEM_CLIENT_PUBLIC_CERT),
54
3
        Vec::from(PEM_CLIENT_PRIVATE_KEY),
55
3
    );
56
3
    let server_key = PkiKeyDef::with_pem_memory(
57
3
        Some(Vec::from(PEM_CA_CERT)),
58
3
        Vec::from(PEM_SERVER_PUBLIC_CERT),
59
3
        Vec::from(PEM_SERVER_PRIVATE_KEY),
60
3
    );
61
3

            
62
6
    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {
63
6
        ctx.verify_peer_cert().check_common_ca(true).build()
64
6
    };
65
3
    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)
66
3
}
67

            
68
#[test]
69
3
pub fn dtls_pki_asn1_file_client_server_request() {
70
3
    let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
71
3
    let key_storage = manifest_dir.join("./resources/test-keys");
72
3
    let client_key = PkiKeyDef::with_asn1_files(
73
3
        None::<DerFileKeyComponent>,
74
3
        key_storage.join("./client/client.crt.der"),
75
3
        key_storage.join("./client/client.key.der"),
76
3
        Asn1PrivateKeyType::Ec,
77
3
    );
78
3
    let server_key = PkiKeyDef::with_asn1_files(
79
3
        // For some inexplicable reason, setting the CA cert fails _only_ with ASN1 files using the
80
3
        // OpenSSL library.
81
3
        // I'm pretty sure this is a libcoap issue, so we'll not set the CA cert there for now.
82
3
        #[cfg(not(dtls_backend = "openssl"))]
83
3
        Some(key_storage.join("./ca/ca.crt.der")),
84
3
        #[cfg(dtls_backend = "openssl")]
85
3
        None::<DerFileKeyComponent>,
86
3
        key_storage.join("./server/server.crt.der"),
87
3
        key_storage.join("./server/server.key.der"),
88
3
        Asn1PrivateKeyType::Ec,
89
3
    );
90
3

            
91
6
    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {
92
6
        ctx.verify_peer_cert().check_common_ca(true).build()
93
6
    };
94
3
    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)
95
3
}
96

            
97
#[test]
98
// GnuTLS does not like DER-encoded EC keys from memory (for some reason. Loading them from files as
99
// done in the test above works fine).
100
#[cfg_attr(dtls_backend = "gnutls", ignore)]
101
2
pub fn dtls_pki_asn1_memory_client_server_request() {
102
    const DER_CA_CERT: &[u8] = include_bytes!("../resources/test-keys/ca/ca.crt.der");
103
    const DER_CLIENT_PUBLIC_CERT: &[u8] = include_bytes!("../resources/test-keys/client/client.crt.der");
104
    const DER_SERVER_PUBLIC_CERT: &[u8] = include_bytes!("../resources/test-keys/server/server.crt.der");
105
    const DER_CLIENT_PRIVATE_KEY: &[u8] = include_bytes!("../resources/test-keys/client/client.key.der");
106
    const DER_SERVER_PRIVATE_KEY: &[u8] = include_bytes!("../resources/test-keys/server/server.key.der");
107
2
    let client_key = PkiKeyDef::with_asn1_memory(
108
2
        Some(Vec::from(DER_CA_CERT)),
109
2
        Vec::from(DER_CLIENT_PUBLIC_CERT),
110
2
        Vec::from(DER_CLIENT_PRIVATE_KEY),
111
2
        Asn1PrivateKeyType::Ec,
112
2
    );
113
2
    let server_key = PkiKeyDef::with_asn1_memory(
114
2
        Some(Vec::from(DER_CA_CERT)),
115
2
        Vec::from(DER_SERVER_PUBLIC_CERT),
116
2
        Vec::from(DER_SERVER_PRIVATE_KEY),
117
2
        Asn1PrivateKeyType::Ec,
118
2
    );
119
2

            
120
4
    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {
121
4
        ctx.verify_peer_cert().check_common_ca(true).build()
122
4
    };
123
2
    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)
124
2
}