e2e_tests: Update mismatced key/certificate test to use parsec provider

gowthamsk-arm · tgonzalezorlandoarm · commit 3cf322b0ae93 · 2024-05-15T21:12:35.000+01:00
Signed-off-by: Gowtham Suresh Kumar &lt;gowtham.sureshkumar@arm.com&gt;
diff --git a/parsec-openssl-provider-shared/e2e_tests/src/lib.rs b/parsec-openssl-provider-shared/e2e_tests/src/lib.rs
@@ -176,3 +176,28 @@ impl Client {
         }
     }
 }
+
+pub fn check_mismatched_key_certificate(key: String, certificate: String) {
+    unsafe {
+        let provider_path = String::from("../../target/debug/");
+        let provider_name = String::from("libparsec_openssl_provider_shared");
+        let lib_ctx = LibCtx::new().unwrap();
+        let _provider: Provider = load_provider(&lib_ctx, &provider_name, provider_path);
+
+        let mut parsec_pkey: *mut EVP_PKEY = std::ptr::null_mut();
+
+        let mut ctx_builder = SslContextBuilder::new(SslMethod::tls_client()).unwrap();
+
+        ctx_builder
+            .set_certificate_file(certificate, SslFiletype::PEM)
+            .unwrap();
+
+        let mut param = ossl_param!(PARSEC_PROVIDER_KEY_NAME, OSSL_PARAM_UTF8_PTR, key);
+        load_key(&lib_ctx, &mut param, &mut parsec_pkey, RSA);
+
+        let key: openssl::pkey::PKey<Private> = openssl::pkey::PKey::from_ptr(parsec_pkey as _);
+
+        // The match function gets called here to compare public and private key and it should throw an error.
+        ctx_builder.set_private_key(&key).unwrap_err();
+    }
+}
diff --git a/parsec-openssl-provider-shared/e2e_tests/tests/handshake.rs b/parsec-openssl-provider-shared/e2e_tests/tests/handshake.rs
@@ -200,35 +200,19 @@ fn test_handshake_client_authentication_with_fake_ca() {
 // public key from the x509 certificate.
 #[test]
 fn test_client_with_mismatched_rsa_key_and_certificate() {
-    let mut ctx_builder = SslContext::builder(SslMethod::tls_client()).unwrap();
-
-    ctx_builder
-        .set_certificate_file(
-            String::from("../../tests/tls/fake_client/parsec_rsa.pem"),
-            SslFiletype::PEM,
-        )
-        .unwrap();
-
-    ctx_builder
-        .set_private_key_file(String::from("PARSEC_TEST_RSA_KEY"), SslFiletype::PEM)
-        .unwrap_err();
+    check_mismatched_key_certificate(
+        String::from("PARSEC_TEST_RSA_KEY"),
+        String::from("../../tests/tls/fake_client/parsec_rsa.pem"),
+    );
 }
 
 // This is a negative test case. When a client is configured with a wrong certificate for a private
 // key, the key management match function should report an error about the mismatched private key and
 // public key from the x509 certificate.
 #[test]
 fn test_client_with_mismatched_ecdsa_key_and_certificate() {
-    let mut ctx_builder = SslContext::builder(SslMethod::tls_client()).unwrap();
-
-    ctx_builder
-        .set_certificate_file(
-            String::from("../../tests/tls/fake_client/parsec_ecdsa.pem"),
-            SslFiletype::PEM,
-        )
-        .unwrap();
-
-    ctx_builder
-        .set_private_key_file(String::from("PARSEC_TEST_ECDSA_KEY"), SslFiletype::PEM)
-        .unwrap_err();
+    check_mismatched_key_certificate(
+        String::from("PARSEC_TEST_ECDSA_KEY"),
+        String::from("../../tests/tls/fake_client/parsec_ecdsa.pem"),
+    );
 }
