From ecc2cd1a949e7ed84484d7f2e1f1ddddfaa5c29f Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Sat, 25 Mar 2023 10:34:00 +0100
Subject: [PATCH] test: password cert for SSL listener

---
 apps/emqx/test/emqx_listeners_SUITE.erl | 33 +++++++++++++++++++++----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/apps/emqx/test/emqx_listeners_SUITE.erl b/apps/emqx/test/emqx_listeners_SUITE.erl
index ac4bf6c76..107f3d4e7 100644
--- a/apps/emqx/test/emqx_listeners_SUITE.erl
+++ b/apps/emqx/test/emqx_listeners_SUITE.erl
@@ -35,6 +35,7 @@ init_per_suite(Config) ->
     application:ensure_all_started(esockd),
     application:ensure_all_started(quicer),
     application:ensure_all_started(cowboy),
+    generate_tls_certs(Config),
     lists:foreach(fun set_app_env/1, NewConfig),
     Config.
 
@@ -183,26 +184,48 @@ t_wss_conn(_) ->
     ok = ssl:close(Socket).
 
 t_quic_conn(Config) ->
+    Port = 24568,
     DataDir = ?config(data_dir, Config),
-    generate_quic_tls_certs(Config),
     SSLOpts = #{
         password => ?SERVER_KEY_PASSWORD,
         certfile => filename:join(DataDir, "server-password.pem"),
         cacertfile => filename:join(DataDir, "ca.pem"),
         keyfile => filename:join(DataDir, "server-password.key")
     },
-    emqx_common_test_helpers:ensure_quic_listener(?FUNCTION_NAME, 24568, #{ssl_options => SSLOpts}),
+    emqx_common_test_helpers:ensure_quic_listener(?FUNCTION_NAME, Port, #{ssl_options => SSLOpts}),
     ct:pal("~p", [emqx_listeners:list()]),
     {ok, Conn} = quicer:connect(
         {127, 0, 0, 1},
-        24568,
+        Port,
         [
             {verify, verify_none},
             {alpn, ["mqtt"]}
         ],
         1000
     ),
-    ok = quicer:close_connection(Conn).
+    ok = quicer:close_connection(Conn),
+    emqx_listeners:stop_listener(quic, ?FUNCTION_NAME, #{bind => Port}).
+
+t_ssl_password_cert(Config) ->
+    Port = 24568,
+    DataDir = ?config(data_dir, Config),
+    SSLOptsPWD = #{
+        password => ?SERVER_KEY_PASSWORD,
+        certfile => filename:join(DataDir, "server-password.pem"),
+        cacertfile => filename:join(DataDir, "ca.pem"),
+        keyfile => filename:join(DataDir, "server-password.key")
+    },
+    LConf = #{
+        enabled => true,
+        bind => {{127, 0, 0, 1}, Port},
+        mountpoint => <<>>,
+        zone => default,
+        ssl_options => SSLOptsPWD
+    },
+    ok = emqx_listeners:start_listener(ssl, ?FUNCTION_NAME, LConf),
+    {ok, SSLSocket} = ssl:connect("127.0.0.1", Port, [{verify, verify_none}]),
+    ssl:close(SSLSocket),
+    emqx_listeners:stop_listener(ssl, ?FUNCTION_NAME, LConf).
 
 t_format_bind(_) ->
     ?assertEqual(
@@ -289,7 +312,7 @@ remove_default_limiter(Listeners) ->
         Listeners
     ).
 
-generate_quic_tls_certs(Config) ->
+generate_tls_certs(Config) ->
     DataDir = ?config(data_dir, Config),
     emqx_common_test_helpers:gen_ca(DataDir, "ca"),
     emqx_common_test_helpers:gen_host_cert("server-password", "ca", DataDir, #{