test: password cert for SSL listener

2023-03-25 10:34:00 +01:00 · 2023-03-25 10:34:00 +01:00 · ecc2cd1a94
parent cec77c2b65
commit ecc2cd1a94
1 changed files with 28 additions and 5 deletions
--- a/apps/emqx/test/emqx_listeners_SUITE.erl
+++ b/apps/emqx/test/emqx_listeners_SUITE.erl
@ -35,6 +35,7 @@ init_per_suite(Config) ->
    application:ensure_all_started(esockd),
    application:ensure_all_started(quicer),
    application:ensure_all_started(cowboy),
+    generate_tls_certs(Config),
    lists:foreach(fun set_app_env/1, NewConfig),
    Config.

@ -183,26 +184,48 @@ t_wss_conn(_) ->
    ok = ssl:close(Socket).

 t_quic_conn(Config) ->
+    Port = 24568,
    DataDir = ?config(data_dir, Config),
-    generate_quic_tls_certs(Config),
    SSLOpts = #{
        password => ?SERVER_KEY_PASSWORD,
        certfile => filename:join(DataDir, "server-password.pem"),
        cacertfile => filename:join(DataDir, "ca.pem"),
        keyfile => filename:join(DataDir, "server-password.key")
    },
-    emqx_common_test_helpers:ensure_quic_listener(?FUNCTION_NAME, 24568, #{ssl_options => SSLOpts}),
+    emqx_common_test_helpers:ensure_quic_listener(?FUNCTION_NAME, Port, #{ssl_options => SSLOpts}),
    ct:pal("~p", [emqx_listeners:list()]),
    {ok, Conn} = quicer:connect(
        {127, 0, 0, 1},
-        24568,
+        Port,
        [
            {verify, verify_none},
            {alpn, ["mqtt"]}
        ],
        1000
    ),
-    ok = quicer:close_connection(Conn).
+    ok = quicer:close_connection(Conn),
+    emqx_listeners:stop_listener(quic, ?FUNCTION_NAME, #{bind => Port}).
+
+t_ssl_password_cert(Config) ->
+    Port = 24568,
+    DataDir = ?config(data_dir, Config),
+    SSLOptsPWD = #{
+        password => ?SERVER_KEY_PASSWORD,
+        certfile => filename:join(DataDir, "server-password.pem"),
+        cacertfile => filename:join(DataDir, "ca.pem"),
+        keyfile => filename:join(DataDir, "server-password.key")
+    },
+    LConf = #{
+        enabled => true,
+        bind => {{127, 0, 0, 1}, Port},
+        mountpoint => <<>>,
+        zone => default,
+        ssl_options => SSLOptsPWD
+    },
+    ok = emqx_listeners:start_listener(ssl, ?FUNCTION_NAME, LConf),
+    {ok, SSLSocket} = ssl:connect("127.0.0.1", Port, [{verify, verify_none}]),
+    ssl:close(SSLSocket),
+    emqx_listeners:stop_listener(ssl, ?FUNCTION_NAME, LConf).

 t_format_bind(_) ->
    ?assertEqual(
@ -289,7 +312,7 @@ remove_default_limiter(Listeners) ->
        Listeners
    ).

-generate_quic_tls_certs(Config) ->
+generate_tls_certs(Config) ->
    DataDir = ?config(data_dir, Config),
    emqx_common_test_helpers:gen_ca(DataDir, "ca"),
    emqx_common_test_helpers:gen_host_cert("server-password", "ca", DataDir, #{