update tests to use same openssl server (#2)

* add CI
tofay · Nov 7, 2024 · ce3ca17 · ce3ca17
1 parent 62b0c76
commit ce3ca17
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 61 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,47 @@
+
+name: Rust
+on:
+  push:
+    branches: [main]
+  pull_request:
+permissions:
+  contents: read
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Install toolchain
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: stable
+      - name: Cache build artifacts
+        uses: Swatinem/rust-cache@v2
+      - name: cargo test
+        run: cargo test --all-features
+      # https://github.com/rust-lang/cargo/issues/6669
+      - name: cargo test --doc
+        run: cargo test --doc --all-features
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Install toolchain
+        uses: dtolnay/rust-toolchain@v1
+        with:
+          toolchain: stable
+          components: rustfmt, clippy
+      - name: Cache build artifacts
+        uses: Swatinem/rust-cache@v2
+      - name: cargo fmt (check)
+        run: cargo fmt -- --check -l
+      - name: cargo clippy (warnings)
+        run: cargo clippy --all-targets --all-features -- -D warnings
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,6 +23,7 @@ x25519 = []
 chacha = []
 
 [dev-dependencies]
+antidote = "1.0.0"
 lazy_static = "1.4.0"
 once_cell = "1.8.0"
 rstest = "0.23.0"

diff --git a/src/verify.rs b/src/verify.rs
@@ -196,6 +196,6 @@ impl SignatureVerificationAlgorithm for MyAlgorithm {
                 verifier.verify(signature)?;
                 Ok(())
             })
-            .map_err(|e| InvalidSignature)
+            .map_err(|_| InvalidSignature)
     }
 }
diff --git a/tests/it.rs b/tests/it.rs
@@ -1,12 +1,4 @@
-/// Integration tests, based on rustls-symcrypt integration tests
-use std::env;
-use std::fs::File;
-use std::io::{BufReader, Read, Write};
-use std::net::TcpStream;
-use std::path::PathBuf;
-use std::process::{Child, Command};
-use std::sync::{Arc, Mutex};
-use std::thread;
+//! Integration tests, based on rustls-symcrypt integration tests
 
 use rstest::rstest;
 use rustls::crypto::SupportedKxGroup;
@@ -18,6 +10,13 @@ use rustls_openssl::{
 };
 #[cfg(feature = "chacha")]
 use rustls_openssl::{TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256};
+use std::env;
+use std::fs::File;
+use std::io::{BufReader, Read, Write};
+use std::net::TcpStream;
+use std::path::PathBuf;
+use std::process::{Child, Command};
+use std::sync::Arc;
 
 static TEST_CERT_PATH: once_cell::sync::Lazy<PathBuf> = once_cell::sync::Lazy::new(|| {
     let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
@@ -26,13 +25,19 @@ static TEST_CERT_PATH: once_cell::sync::Lazy<PathBuf> = once_cell::sync::Lazy::n
     path
 });
 
-// Note: must run with feature flags enabled Ie:
-// cargo test --features x25519,chacha
+static OPENSSL_SERVER_PROCESS: once_cell::sync::Lazy<antidote::Mutex<Option<Child>>> =
+    once_cell::sync::Lazy::new(|| antidote::Mutex::new(maybe_start_server()));
+
+const PORT: u32 = 4443;
 
-// Make test function that accepts an array for both
+fn maybe_start_server() -> Option<Child> {
+    if TcpStream::connect(format!("localhost:{}", PORT)).is_ok() {
+        eprintln!("Server already running");
+        return None;
+    }
+
+    eprintln!("Starting openssl server...");
 
-// Test assumes user has openssl on the machine and is in the PATH.
-fn start_openssl_server() -> Child {
     // Spawn openssl server
     // openssl s_server -accept 4443 -cert localhost.crt  -key localhost.key
 
@@ -47,18 +52,22 @@ fn start_openssl_server() -> Child {
         .into_string()
         .unwrap();
 
-    Command::new("openssl")
+    let child = Command::new("openssl")
         .arg("s_server")
         .arg("-accept")
-        .arg("4443")
+        .arg(PORT.to_string())
         .arg("-cert")
         .arg(cert_path)
         .arg("-key")
         .arg(key_path)
-        .stdout(std::process::Stdio::null())
-        .stderr(std::process::Stdio::null())
+        .arg("-quiet")
+        .stdout(std::process::Stdio::inherit())
+        .stderr(std::process::Stdio::inherit())
         .spawn()
-        .expect("Failed to start OpenSSL server.")
+        .expect("Failed to start OpenSSL server.");
+    // sleep to allow the server to start
+    std::thread::sleep(std::time::Duration::from_secs(1));
+    Some(child)
 }
 
 fn test_with_config(
@@ -96,7 +105,7 @@ fn test_with_config(
 
     let server_name = "localhost".try_into().unwrap();
 
-    let mut sock = TcpStream::connect("localhost:4443").unwrap();
+    let mut sock = TcpStream::connect(format!("localhost:{}", PORT)).unwrap();
 
     let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap();
     let mut tls = rustls::Stream::new(&mut conn, &mut sock);
@@ -114,10 +123,10 @@ fn test_with_config(
 
     let ciphersuite = tls.conn.negotiated_cipher_suite().unwrap();
 
-    let mut exit_buffer: [u8; 1] = [0]; // Size 1 because "Q" is a single byte command
-    exit_buffer[0] = b'Q'; // Assign the ASCII value of "Q" to the buffer
+    let mut exit_buffer: [u8; 1] = [0]; // Size 1 because "q" is a single byte command
+    exit_buffer[0] = b'q'; // Assign the ASCII value of "q" to the buffer
 
-    // Write the "Q" command to the TLS connection stream
+    // Write the "q" command to the TLS connection stream
     tls.write_all(&exit_buffer).unwrap();
     ciphersuite.suite()
 }
@@ -168,7 +177,7 @@ fn test_with_custom_config_to_internet(
     let ciphersuite = tls.conn.negotiated_cipher_suite().unwrap();
 
     let mut exit_buffer: [u8; 1] = [0]; // Size 1 because "Q" is a single byte command
-    exit_buffer[0] = b'Q'; // Assign the ASCII value of "Q" to the buffer
+    exit_buffer[0] = b'q'; // Assign the ASCII value of "Q" to the buffer
 
     // Write the "Q" command to the TLS connection stream
     tls.write_all(&exit_buffer).unwrap();
@@ -227,23 +236,10 @@ fn test_tls(
     #[case] group: &'static dyn SupportedKxGroup,
     #[case] expected: CipherSuite,
 ) {
-    let server_thread = {
-        let openssl_server = Arc::new(Mutex::new(start_openssl_server()));
-        thread::spawn(move || {
-            openssl_server
-                .lock()
-                .unwrap()
-                .wait()
-                .expect("OpenSSL server crashed unexpectedly");
-        })
-    };
-
-    // Wait for the server to start
-    thread::sleep(std::time::Duration::from_secs(1));
-
+    let lock = OPENSSL_SERVER_PROCESS.lock();
     let actual_suite = test_with_config(suite, group);
     assert_eq!(actual_suite, expected);
-    drop(server_thread);
+    drop(lock);
 }
 
 #[rstest]
@@ -271,21 +267,7 @@ fn test_to_internet(
 
 #[test]
 fn test_default_client() {
-    // Spawn a concurrent thread that starts the server
-    let server_thread = {
-        let openssl_server = Arc::new(Mutex::new(start_openssl_server()));
-        thread::spawn(move || {
-            openssl_server
-                .lock()
-                .unwrap()
-                .wait()
-                .expect("OpenSSL server crashed unexpectedly");
-        })
-    };
-
-    // Wait for the server to start
-    thread::sleep(std::time::Duration::from_secs(1));
-
+    let lock = OPENSSL_SERVER_PROCESS.lock();
     // Add default webpki roots to the root store
     let mut root_store = rustls::RootCertStore {
         roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(),
@@ -311,7 +293,7 @@ fn test_default_client() {
 
     let server_name = "localhost".try_into().unwrap();
 
-    let mut sock = TcpStream::connect("localhost:4443").unwrap();
+    let mut sock = TcpStream::connect(format!("localhost:{}", PORT)).unwrap();
 
     let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap();
     let mut tls = rustls::Stream::new(&mut conn, &mut sock);
@@ -329,12 +311,9 @@ fn test_default_client() {
 
     let ciphersuite = tls.conn.negotiated_cipher_suite().unwrap();
 
-    let mut exit_buffer: [u8; 1] = [0]; // Size 1 because "Q" is a single byte command
-    exit_buffer[0] = b'Q'; // Assign the ASCII value of "Q" to the buffer
-
-    // Write the "Q" command to the TLS connection stream
+    let exit_buffer: [u8; 1] = [b'q'];
     tls.write_all(&exit_buffer).unwrap();
 
     assert_eq!(ciphersuite.suite(), CipherSuite::TLS13_AES_256_GCM_SHA384);
-    drop(server_thread);
+    drop(lock);
 }