Added two tests for Verifier, covering Tofu success cases.

TODO: implement failing tests and check that the proper errors are returned.
2023-05-26 18:58:38 -04:00 · 2023-05-26 18:58:38 -04:00 · 799ff9ef17
commit 799ff9ef17
parent 6e5ba46c26
2 changed files with 35 additions and 3 deletions
--- a/src/sender/verifier.rs
+++ b/src/sender/verifier.rs
@ -13,7 +13,21 @@ use {
 #[derive(Debug)]
 /// A verifier is used to verify certificates sent by the receiving server
-/// during the tls handshake.
+/// during the tls handshake. For convenience the [CertificateStore] trait
 /// is implemented for [std::collections::HashMap<String, String>] and
 /// [std::collections::BTreeMap<String, String>], so a Verifier can easily
 /// be constructed from those types.
 ///
 /// This type is passed to [rustls::client::DangerousClientConfig::set_certificate_verifier]
 /// in order to allow Tofu certificate validation.
 /// # Examples
 /// Create a Verifier from a HashMap
 /// ```
 /// use std::collections::HashMap;
 /// use dory::prelude::{CertificateStore, Verifier};
 ///
 /// let verifier: Verifier<HashMap<String, String>> = HashMap::new().into();
 /// ```
 pub struct Verifier<S: CertificateStore> {
    /// An item which serves as storage for certificates
    pub store: Arc<Mutex<S>>,
@ -86,6 +100,8 @@ mod tests {
    use super::*;
    const CERT: &[u8] = include_bytes!("../../test/certificates/gemini.example.org/cert.der");
    const FP: &'static str =
        include_str!("../../test/certificates/gemini.example.org/fingerprint.txt");
    #[test]
    fn tofu() {
@ -93,7 +109,22 @@ mod tests {
        let cert = rustls::Certificate(CERT.into());
        let name = rustls::ServerName::try_from("gemini.example.org").unwrap();
        let now = time::SystemTime::now();
-        let mut scts: Vec<&[u8]> = vec![];
+        let scts: Vec<&[u8]> = vec![];
-        let res = verifier.verify_server_cert(&cert, &[], &name, &mut scts.iter(), &[], now);
+        let res =
            verifier.verify_server_cert(&cert, &[], &name, &mut scts.iter().copied(), &[], now);
        assert!(res.is_ok());
    }
    #[test]
    fn verify_previously_trusted() {
        let verifier: Verifier<HashMap<String, String>> =
            HashMap::from([("gemini.example.org".to_string(), FP.to_string())]).into();
        let cert = rustls::Certificate(CERT.into());
        let name = rustls::ServerName::try_from("gemini.example.org").unwrap();
        let now = time::SystemTime::now();
        let scts: Vec<&[u8]> = vec![];
        let res =
            verifier.verify_server_cert(&cert, &[], &name, &mut scts.iter().copied(), &[], now);
        assert!(res.is_ok());
    }
 }
--- a/test/certificates/gemini.example.org/fingerprint.txt
+++ b/test/certificates/gemini.example.org/fingerprint.txt
@ -0,0 +1 @@
 018a3210fe625b380e2021c1c3a5a6b0092f105e9350b62b72b97b73206fee69
		`@ -0,0 +1 @@`
							`018a3210fe625b380e2021c1c3a5a6b0092f105e9350b62b72b97b73206fee69`