Add test for TLS functionality

mjgarton · mjgarton · commit 96777ad394ba · 2022-01-11T14:00:23.000Z
This adds a basic test to ensure that connecting works properly with TLS
enabled.
diff --git a/Cargo.toml b/Cargo.toml
@@ -37,3 +37,4 @@ mysql_async = "0.20.0"
 slab = "0.4.2"
 tokio = "0.1.19"
 futures = "0.1.26"
+rcgen = "0.8.14"
diff --git a/tests/main.rs b/tests/main.rs
@@ -5,6 +5,14 @@ extern crate mysql_common as myc;
 extern crate nom;
 
 use mysql::prelude::*;
+use mysql::DriverError;
+use mysql::OptsBuilder;
+use mysql::SslOpts;
+use rcgen::generate_simple_self_signed;
+use rustls::Certificate;
+use rustls::PrivateKey;
+use rustls::ServerConfig;
+use std::error::Error;
 use std::io;
 use std::net;
 use std::thread;
@@ -21,6 +29,8 @@ struct TestingShim<Q, P, E, I> {
     on_p: P,
     on_e: E,
     on_i: I,
+    server_tls: Option<rustls::ServerConfig>,
+    client_tls: Option<SslOpts>,
 }
 
 impl<Q, P, E, I> MysqlShim<net::TcpStream> for TestingShim<Q, P, E, I>
@@ -63,6 +73,10 @@ where
     ) -> io::Result<()> {
         (self.on_q)(query, results)
     }
+
+    fn tls_config(&self) -> Option<&rustls::ServerConfig> {
+        self.server_tls.as_ref()
+    }
 }
 
 impl<Q, P, E, I> TestingShim<Q, P, E, I>
@@ -82,6 +96,8 @@ where
             on_p,
             on_e,
             on_i,
+            server_tls: None,
+            client_tls: None,
         }
     }
 
@@ -95,21 +111,59 @@ where
         self
     }
 
+    fn with_server_tls(mut self) -> Self {
+        let cert = generate_simple_self_signed(vec!["localhost".to_string()]).unwrap();
+
+        self.server_tls = Some(
+            ServerConfig::builder()
+                .with_safe_defaults()
+                .with_no_client_auth()
+                .with_single_cert(
+                    vec![Certificate(cert.serialize_der().unwrap())],
+                    PrivateKey(cert.get_key_pair().serialize_der()),
+                )
+                .unwrap(),
+        );
+
+        self
+    }
+
+    fn with_client_tls(mut self) -> Self {
+        self.client_tls = Some(SslOpts::default().with_danger_accept_invalid_certs(true));
+        self
+    }
+
     fn test<C>(self, c: C)
     where
         C: FnOnce(&mut mysql::Conn) -> (),
     {
+        self.test_with_result(c).unwrap()
+    }
+
+    fn test_with_result<C>(self, c: C) -> Result<(), Box<dyn Error + 'static>>
+    where
+        C: FnOnce(&mut mysql::Conn) -> (),
+    {
+        let client_tls = self.client_tls.clone();
+
         let listener = net::TcpListener::bind("127.0.0.1:0").unwrap();
         let port = listener.local_addr().unwrap().port();
         let jh = thread::spawn(move || {
             let (s, _) = listener.accept().unwrap();
             MysqlIntermediary::run_on_tcp(self, s)
         });
 
-        let mut db = mysql::Conn::new(&format!("mysql://127.0.0.1:{}", port)).unwrap();
+        let opts = OptsBuilder::default()
+            .ip_or_hostname(Some("localhost"))
+            .tcp_port(port)
+            .ssl_opts(client_tls);
+
+        let mut db = mysql::Conn::new(opts)?;
         c(&mut db);
         drop(db);
         jh.join().unwrap().unwrap();
+
+        Ok(())
     }
 }
 
@@ -121,9 +175,60 @@ fn it_connects() {
         |_, _, _| unreachable!(),
         |_, _| unreachable!(),
     )
+    .test(|_| {});
+}
+
+#[test]
+fn it_connects_tls_server_only() {
+    // Client can connect ok without SSL when SSL is enabled on the server.
+    TestingShim::new(
+        |_, _| unreachable!(),
+        |_| unreachable!(),
+        |_, _, _| unreachable!(),
+        |_, _| unreachable!(),
+    )
+    .with_server_tls()
+    .test(|_| {})
+}
+
+#[test]
+fn it_connects_tls_both() {
+    // SSL connection when ssl enabled on server and used by client
+    TestingShim::new(
+        |_, _| unreachable!(),
+        |_| unreachable!(),
+        |_, _, _| unreachable!(),
+        |_, _| unreachable!(),
+    )
+    .with_server_tls()
+    .with_client_tls()
     .test(|_| {})
 }
 
+#[test]
+fn it_does_not_connect_tls_client_only() {
+    // Client requesting tls fails as expected when server does not support it.
+    match TestingShim::new(
+        |_, _| unreachable!(),
+        |_| unreachable!(),
+        |_, _, _| unreachable!(),
+        |_, _| unreachable!(),
+    )
+    .with_client_tls()
+    .test_with_result(|_| {})
+    {
+        Ok(()) => {
+            panic!("client should not have connected")
+        }
+        Err(e) => match e.downcast_ref::<mysql::Error>() {
+            Some(mysql::Error::DriverError(DriverError::TlsNotSupported)) => {
+                // this is what we expect.
+            }
+            _ => panic!("unexpected error {}", e),
+        },
+    }
+}
+
 #[test]
 fn it_inits_ok() {
     TestingShim::new(
