Avoid recreating certs in each test

einarmo · Sep 11, 2024 · 4d7ae95 · 4d7ae95
1 parent 16b2e9d
commit 4d7ae95
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 5 deletions.
diff --git a/.gitignore b/.gitignore
@@ -9,4 +9,5 @@ log/
 **/pki-client
 **/pki-server
 3rd-party/open62541/build/
-lib/pki*
+lib/pki*
+lib/certs
diff --git a/lib/tests/integration/core_tests.rs b/lib/tests/integration/core_tests.rs
@@ -6,6 +6,7 @@ use log::debug;
 use opcua::{
     client::IdentityToken,
     core::comms::tcp_codec::{Message, TcpCodec},
+    core::config::Config,
     crypto::SecurityPolicy,
     types::{
         ApplicationType, DecodingOptions, MessageSecurityMode, NodeId, ReadValueId, StatusCode,
@@ -19,8 +20,8 @@ use tokio::{
 use tokio_util::codec::Decoder;
 
 use crate::utils::{
-    client_user_token, client_x509_token, default_server, test_server, Tester, CLIENT_USERPASS_ID,
-    TEST_COUNTER,
+    client_user_token, client_x509_token, copy_shared_certs, default_server, test_server, Tester,
+    CLIENT_USERPASS_ID, TEST_COUNTER,
 };
 
 #[tokio::test]
@@ -35,6 +36,8 @@ async fn hello_timeout() {
         .discovery_urls(vec![format!("opc.tcp://{}:{}", hostname(), port)])
         .pki_dir(format!("./pki-server/{test_id}"))
         .hello_timeout(1);
+    copy_shared_certs(test_id, &server.config().application_description());
+
     let (server, handle) = server.build().unwrap();
     let addr = listener.local_addr().unwrap();
 

diff --git a/lib/tests/utils/tester.rs b/lib/tests/utils/tester.rs
@@ -1,9 +1,10 @@
 use std::{
+    fs,
     net::SocketAddr,
-    path::PathBuf,
+    path::{Path, PathBuf},
     sync::{
         atomic::{AtomicU16, Ordering},
-        Arc,
+        Arc, Mutex,
     },
     time::Duration,
 };
@@ -14,6 +15,9 @@ use opcua::{
     server::{ServerBuilder, ServerHandle, ServerUserToken, ANONYMOUS_USER_TOKEN_ID},
     types::{MessageSecurityMode, StatusCode},
 };
+use opcua_core::config::Config;
+use opcua_crypto::CertificateStore;
+use opcua_types::ApplicationDescription;
 use tokio::net::TcpListener;
 use tokio_util::sync::{CancellationToken, DropGuard};
 
@@ -230,6 +234,56 @@ pub fn test_server() -> ServerBuilder {
     default_server().with_node_manager(test_node_manager())
 }
 
+static SHARED_CERT_LOCK: Mutex<()> = Mutex::new(());
+
+pub fn copy_shared_certs(test_id: u16, desc: &ApplicationDescription) {
+    let _lck = SHARED_CERT_LOCK.lock();
+    if !Path::new("certs").exists() {
+        std::fs::create_dir_all("certs/server").unwrap();
+        std::fs::create_dir_all("certs/client").unwrap();
+        CertificateStore::create_certificate_and_key(
+            &desc.clone().into(),
+            true,
+            &Path::new("certs/server/cert.der"),
+            &Path::new("certs/server/private.pem"),
+        )
+        .unwrap();
+        CertificateStore::create_certificate_and_key(
+            &desc.clone().into(),
+            true,
+            &Path::new("certs/client/cert.der"),
+            &Path::new("certs/client/private.pem"),
+        )
+        .unwrap();
+    }
+
+    std::fs::create_dir_all(&format!("pki-server/{test_id}/own")).unwrap();
+    std::fs::create_dir_all(&format!("pki-server/{test_id}/private")).unwrap();
+    std::fs::create_dir_all(&format!("pki-client/{test_id}/own")).unwrap();
+    std::fs::create_dir_all(&format!("pki-client/{test_id}/private")).unwrap();
+
+    fs::copy(
+        "certs/server/cert.der",
+        &format!("pki-server/{test_id}/own/cert.der"),
+    )
+    .unwrap();
+    fs::copy(
+        "certs/server/private.pem",
+        &format!("pki-server/{test_id}/private/private.pem"),
+    )
+    .unwrap();
+    fs::copy(
+        "certs/client/cert.der",
+        &format!("pki-client/{test_id}/own/cert.der"),
+    )
+    .unwrap();
+    fs::copy(
+        "certs/client/private.pem",
+        &format!("pki-client/{test_id}/private/private.pem"),
+    )
+    .unwrap();
+}
+
 impl Tester {
     async fn listener() -> TcpListener {
         TcpListener::bind(format!("{}:0", hostname()))
@@ -249,6 +303,8 @@ impl Tester {
             .discovery_urls(vec![format!("opc.tcp://{}:{}", hostname(), addr.port())])
             .pki_dir(format!("./pki-server/{test_id}"));
 
+        copy_shared_certs(test_id, &server.config().application_description());
+
         let (server, handle) = server.build().unwrap();
         let token = CancellationToken::new();
 
@@ -277,6 +333,8 @@ impl Tester {
             .pki_dir(format!("./pki-server/{test_id}"))
             .discovery_urls(vec![format!("opc.tcp://{}:{}", hostname(), addr.port())]);
 
+        copy_shared_certs(test_id, &server.config().application_description());
+
         let (server, handle) = server.build().unwrap();
 
         tokio::task::spawn(server.run_with(listener));
@@ -304,6 +362,9 @@ impl Tester {
         let server = server
             .pki_dir(format!("./pki-server/{test_id}"))
             .discovery_urls(vec![format!("opc.tcp://{}:{}", hostname(), addr.port())]);
+
+        copy_shared_certs(test_id, &server.config().application_description());
+
         let client = client.pki_dir(format!("./pki-client/{test_id}"));
 
         let (server, handle) = server.build().unwrap();