android/vendor/rustls-native-certs-0.6.2/tests/smoketests.rs - toolchain/sccache - Git at Google

 use std::convert::TryInto;
 use std::sync::Arc;

 use std::panic;

 use std::env;
 use std::io::{Read, Write};
 use std::net::TcpStream;
 use std::path::PathBuf;

 // #[serial] is used on all these tests to run them sequentially. If they're run in parallel,
 // the global env var configuration in the env var test interferes with the others.
 use serial_test::serial;

 fn check_site(domain: &str) {
     let mut roots = rustls::RootCertStore::empty();
     for cert in rustls_native_certs::load_native_certs().unwrap() {
         roots
             .add(&rustls::Certificate(cert.0))
             .unwrap();
     }

     let config = rustls::ClientConfig::builder()
         .with_safe_defaults()
         .with_root_certificates(roots)
         .with_no_client_auth();

     let mut conn =
         rustls::ClientConnection::new(Arc::new(config), domain.try_into().unwrap()).unwrap();
     let mut sock = TcpStream::connect(format!("{}:443", domain)).unwrap();
     let mut tls = rustls::Stream::new(&mut conn, &mut sock);
     tls.write_all(
         format!(
             "GET / HTTP/1.1\r\n\
                        Host: {}\r\n\
                        Connection: close\r\n\
                        Accept-Encoding: identity\r\n\
                        \r\n",
             domain
         )
         .as_bytes(),
     )
     .unwrap();
     let mut plaintext = [0u8; 1024];
     let len = tls.read(&mut plaintext).unwrap();
     assert!(plaintext[..len].starts_with(b"HTTP/1.1 ")); // or whatever
 }

 #[test]
 #[serial]
 fn google() {
     check_site("google.com");
 }

 #[test]
 #[serial]
 fn amazon() {
     check_site("amazon.com");
 }

 #[test]
 #[serial]
 fn facebook() {
     check_site("facebook.com");
 }

 #[test]
 #[serial]
 fn netflix() {
     check_site("netflix.com");
 }

 #[test]
 #[serial]
 fn ebay() {
     check_site("ebay.com");
 }

 #[test]
 #[serial]
 fn apple() {
     check_site("apple.com");
 }

 #[test]
 #[serial]
 fn badssl_with_env() {
     let result = panic::catch_unwind(|| check_site("self-signed.badssl.com"));
     // Self-signed certs should never be trusted by default:
     assert!(result.is_err());

     // But they should be trusted if SSL_CERT_FILE is set:
     env::set_var(
         "SSL_CERT_FILE",
         // The CA cert, downloaded directly from the site itself:
         PathBuf::from("./tests/badssl-com-chain.pem"),
     );
     check_site("self-signed.badssl.com");
     env::remove_var("SSL_CERT_FILE");
 }
	use std::convert::TryInto;
	use std::sync::Arc;

	use std::panic;

	use std::env;
	use std::io::{Read, Write};
	use std::net::TcpStream;
	use std::path::PathBuf;

	// #[serial] is used on all these tests to run them sequentially. If they're run in parallel,
	// the global env var configuration in the env var test interferes with the others.
	use serial_test::serial;

	fn check_site(domain: &str) {
	let mut roots = rustls::RootCertStore::empty();
	for cert in rustls_native_certs::load_native_certs().unwrap() {
	roots
	.add(&rustls::Certificate(cert.0))
	.unwrap();
	}

	let config = rustls::ClientConfig::builder()
	.with_safe_defaults()
	.with_root_certificates(roots)
	.with_no_client_auth();

	let mut conn =
	rustls::ClientConnection::new(Arc::new(config), domain.try_into().unwrap()).unwrap();
	let mut sock = TcpStream::connect(format!("{}:443", domain)).unwrap();
	let mut tls = rustls::Stream::new(&mut conn, &mut sock);
	tls.write_all(
	format!(
	"GET / HTTP/1.1\r\n\
	Host: {}\r\n\
	Connection: close\r\n\
	Accept-Encoding: identity\r\n\
	\r\n",
	domain
	)
	.as_bytes(),
	)
	.unwrap();
	let mut plaintext = [0u8; 1024];
	let len = tls.read(&mut plaintext).unwrap();
	assert!(plaintext[..len].starts_with(b"HTTP/1.1 ")); // or whatever
	}

	#[test]
	#[serial]
	fn google() {
	check_site("google.com");
	}

	#[test]
	#[serial]
	fn amazon() {
	check_site("amazon.com");
	}

	#[test]
	#[serial]
	fn facebook() {
	check_site("facebook.com");
	}

	#[test]
	#[serial]
	fn netflix() {
	check_site("netflix.com");
	}

	#[test]
	#[serial]
	fn ebay() {
	check_site("ebay.com");
	}

	#[test]
	#[serial]
	fn apple() {
	check_site("apple.com");
	}

	#[test]
	#[serial]
	fn badssl_with_env() {
	let result = panic::catch_unwind(\|\| check_site("self-signed.badssl.com"));
	// Self-signed certs should never be trusted by default:
	assert!(result.is_err());

	// But they should be trusted if SSL_CERT_FILE is set:
	env::set_var(
	"SSL_CERT_FILE",
	// The CA cert, downloaded directly from the site itself:
	PathBuf::from("./tests/badssl-com-chain.pem"),
	);
	check_site("self-signed.badssl.com");
	env::remove_var("SSL_CERT_FILE");
	}