Browse Source

Repair link_handshake unit tests to mock tor_tls_get_own_cert()

The tests previously assumed that the link handshake code would be
calling get_my_certs() -- when I changed it to call get_own_cert()
instead for the (case 2) 22460 fix, the tests failed, since the tls
connection wasn't really there.

This change makes us start mocking out the tor_tls_get_own_cert()
function too.

It also corrects the behavior of the mock_get_peer_cert() function
-- it should have been returning a newly allocated copy.
Nick Mathewson 6 years ago
parent
commit
8e9392c267
1 changed files with 27 additions and 1 deletions
  1. 27 1
      src/test/test_link_handshake.c

+ 27 - 1
src/test/test_link_handshake.c

@@ -66,6 +66,14 @@ mock_send_authenticate(or_connection_t *conn, int type)
   return 0;
 }
 
+static tor_x509_cert_t *mock_own_cert = NULL;
+static tor_x509_cert_t *
+mock_get_own_cert(tor_tls_t *tls)
+{
+  (void)tls;
+  return tor_x509_cert_dup(mock_own_cert);
+}
+
 /* Test good certs cells */
 static void
 test_link_handshake_certs_ok(void *arg)
@@ -84,6 +92,7 @@ test_link_handshake_certs_ok(void *arg)
   MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
   MOCK(connection_or_send_netinfo, mock_send_netinfo);
+  MOCK(tor_tls_get_own_cert, mock_get_own_cert);
 
   key1 = pk_generate(2);
   key2 = pk_generate(3);
@@ -94,6 +103,12 @@ test_link_handshake_certs_ok(void *arg)
   tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
                                  key1, key2, 86400), ==, 0);
 
+  {
+    const tor_x509_cert_t *link = NULL;
+    tt_assert(!tor_tls_get_my_certs(1, &link, NULL));
+    mock_own_cert = tor_x509_cert_dup(link);
+  }
+
   c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
   c1->link_proto = 3;
   tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0);
@@ -174,6 +189,9 @@ test_link_handshake_certs_ok(void *arg)
   UNMOCK(tor_tls_cert_matches_key);
   UNMOCK(connection_or_write_var_cell_to_buf);
   UNMOCK(connection_or_send_netinfo);
+  UNMOCK(tor_tls_get_own_cert);
+  tor_x509_cert_free(mock_own_cert);
+  mock_own_cert = NULL;
   memset(c1->identity_digest, 0, sizeof(c1->identity_digest));
   memset(c2->identity_digest, 0, sizeof(c2->identity_digest));
   connection_free_(TO_CONN(c1));
@@ -656,11 +674,12 @@ AUTHCHALLENGE_FAIL(nonzero_circid,
                    d->cell->circ_id = 1337)
 
 static tor_x509_cert_t *mock_peer_cert = NULL;
+
 static tor_x509_cert_t *
 mock_get_peer_cert(tor_tls_t *tls)
 {
   (void)tls;
-  return mock_peer_cert;
+  return tor_x509_cert_dup(mock_peer_cert);
 }
 
 static int
@@ -694,6 +713,7 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg)
   (void) test;
   UNMOCK(connection_or_write_var_cell_to_buf);
   UNMOCK(tor_tls_get_peer_cert);
+  UNMOCK(tor_tls_get_own_cert);
   UNMOCK(tor_tls_get_tlssecrets);
   UNMOCK(connection_or_close_for_error);
   UNMOCK(channel_set_circid_type);
@@ -710,7 +730,10 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg)
     crypto_pk_free(d->key2);
     tor_free(d);
   }
+  tor_x509_cert_free(mock_peer_cert);
+  tor_x509_cert_free(mock_own_cert);
   mock_peer_cert = NULL;
+  mock_own_cert = NULL;
 
   return 1;
 }
@@ -724,6 +747,7 @@ authenticate_data_setup(const struct testcase_t *test)
 
   MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
   MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
+  MOCK(tor_tls_get_own_cert, mock_get_own_cert);
   MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets);
   MOCK(connection_or_close_for_error, mock_close_for_err);
   MOCK(channel_set_circid_type, mock_set_circid_type);
@@ -773,6 +797,8 @@ authenticate_data_setup(const struct testcase_t *test)
   tor_x509_cert_get_der(link_cert, &der, &sz);
   mock_peer_cert = tor_x509_cert_decode(der, sz);
   tt_assert(mock_peer_cert);
+  mock_own_cert = tor_x509_cert_decode(der, sz);
+  tt_assert(mock_own_cert);
   tt_assert(! tor_tls_get_my_certs(0, &auth_cert, &id_cert));
   tor_x509_cert_get_der(auth_cert, &der, &sz);
   d->c2->handshake_state->auth_cert = tor_x509_cert_decode(der, sz);