prosa-utils 0.4.2

ProSA utils
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545

//! Definition of [OpenSSL](https://www.openssl.org/) configuration
//!
//! Implement:
//! - [`SslStore`](https://docs.rs/prosa-utils/latest/prosa_utils/config/ssl/trait.SslStore.html#impl-SslStore%3CX509,+X509Store%3E-for-Store)
//! - [`SslConfigContext`](https://docs.rs/prosa-utils/latest/prosa_utils/config/ssl/trait.SslConfigContext.html#impl-SslConfigContext%3CSslConnectorBuilder,+SslAcceptorBuilder%3E-for-SslConfig)

use std::{
    collections::HashMap,
    ffi::OsStr,
    fs::{self, File},
    io::Write as _,
    net::IpAddr,
    ops::DerefMut,
    time,
};

use bytes::{BufMut as _, BytesMut};
use openssl::{
    asn1::{Asn1Integer, Asn1Time},
    bn::{BigNum, MsbOption},
    ec::{Asn1Flag, EcGroup, EcKey},
    hash::MessageDigest,
    nid::Nid,
    pkey::PKey,
    ssl::{
        AlpnError, SslAcceptor, SslAcceptorBuilder, SslConnectorBuilder, SslContextBuilder,
        SslFiletype, SslMethod, SslVerifyMode,
    },
    x509::{
        X509, X509NameBuilder,
        extension::SubjectAlternativeName,
        store::{X509Store, X509StoreBuilder},
    },
};

use crate::config::{
    ConfigError, os_country,
    ssl::{SslConfig, SslConfigContext, SslStore, Store},
};

impl SslStore<X509, X509Store> for Store {
    fn get_file_certificates(path: &std::path::Path) -> Result<Vec<X509>, ConfigError> {
        if path.is_file() {
            match &path.extension().and_then(OsStr::to_str) {
                Some("pem" | "crt") => match fs::read(path) {
                    Ok(pem_file) => Ok(vec![X509::from_pem(&pem_file)?]),
                    Err(io) => Err(ConfigError::IoFile(
                        path.to_str().unwrap_or_default().into(),
                        io,
                    )),
                },
                Some("der" | "cer") => match fs::read(path) {
                    Ok(der_file) => Ok(vec![X509::from_der(&der_file)?]),
                    Err(io) => Err(ConfigError::IoFile(
                        path.to_str().unwrap_or_default().into(),
                        io,
                    )),
                },
                _ => Ok(Vec::new()),
            }
        } else if path.is_symlink() {
            if let Ok(link) = path.read_link() {
                <Self as SslStore<X509, X509Store>>::get_file_certificates(&link)
            } else {
                Ok(Vec::new())
            }
        } else if let Ok(path_dir) = path.read_dir() {
            let mut cert_list = Vec::new();
            for dir_entry in path_dir.flatten() {
                cert_list.append(
                    &mut <Self as SslStore<X509, X509Store>>::get_file_certificates(
                        &dir_entry.path(),
                    )?,
                );
            }

            Ok(cert_list)
        } else {
            Ok(Vec::new())
        }
    }

    /// Method to get an OpenSSL cert store
    ///
    /// ```
    /// use prosa_utils::config::ssl::{Store, SslStore};
    ///
    /// let store = Store::File { path: "./target".into() };
    /// let openssl_store: openssl::x509::store::X509Store = store.get_store().unwrap();
    /// ```
    fn get_store(&self) -> Result<X509Store, ConfigError> {
        let mut store = X509StoreBuilder::new()?;
        match self {
            Store::System => {
                store.set_default_paths()?;
                Ok(store.build())
            }
            Store::File { path } => match glob::glob(path) {
                Ok(certs) => {
                    for cert_path in certs.flatten() {
                        for cert in
                            <Self as SslStore<X509, X509Store>>::get_file_certificates(&cert_path)?
                        {
                            store.add_cert(cert)?;
                        }
                    }

                    Ok(store.build())
                }
                Err(e) => Err(ConfigError::WrongPathPattern(path.clone(), e)),
            },
            Store::Cert { certs } => {
                for cert in certs {
                    store.add_cert(X509::from_pem(cert.as_bytes())?)?;
                }

                Ok(store.build())
            }
        }
    }

    /// Method to get all OpenSSL certificate with their names as key
    ///
    /// ```
    /// use std::collections::HashMap;
    /// use openssl::x509::X509;
    /// use prosa_utils::config::ssl::{Store, SslStore};
    ///
    /// let store = Store::File { path: "./target".into() };
    /// let certs_map: HashMap<String, X509> = store.get_certs().unwrap();
    ///
    /// // No cert in target
    /// assert!(certs_map.is_empty());
    /// ```
    fn get_certs(&self) -> Result<HashMap<String, X509>, ConfigError> {
        match self {
            Store::System => {
                #[cfg(ossl300)]
                {
                    let store: X509Store = self.get_store()?;
                    let mut certs_map = HashMap::new();

                    for cert in store.all_certificates() {
                        if let Some(name) = cert
                            .subject_name()
                            .entries_by_nid(Nid::COMMONNAME)
                            .last()
                            .and_then(|cn| cn.data().as_utf8().map(|cn| cn.to_string()).ok())
                        {
                            certs_map.insert(name, cert);
                        }
                    }

                    Ok(certs_map)
                }

                #[cfg(not(ossl300))]
                Ok(HashMap::new())
            }
            Store::File { path } => match glob::glob(path) {
                Ok(certs) => {
                    let mut certs_map = HashMap::new();
                    for cert_path in certs.flatten() {
                        let certs =
                            <Self as SslStore<X509, X509Store>>::get_file_certificates(&cert_path)?;
                        for cert in certs {
                            if let Some(name) = cert
                                .subject_name()
                                .entries_by_nid(Nid::COMMONNAME)
                                .last()
                                .and_then(|cn| cn.data().as_utf8().map(|cn| cn.to_string()).ok())
                            {
                                certs_map.insert(name, cert);
                            } else if let Some(cert_name) = cert_path.to_str().and_then(|p| {
                                p.strip_suffix(".pem").or(p
                                    .strip_suffix(".crt")
                                    .or(p.strip_suffix(".der").or(p.strip_suffix(".cer"))))
                            }) {
                                certs_map.insert(cert_name.into(), cert);
                            }
                        }
                    }

                    Ok(certs_map)
                }
                Err(e) => Err(ConfigError::WrongPathPattern(path.clone(), e)),
            },
            Store::Cert { certs } => {
                let mut certs_map = HashMap::new();
                for cert_pem in certs {
                    let cert = X509::from_pem(cert_pem.as_bytes())?;
                    if let Some(name) = cert
                        .subject_name()
                        .entries_by_nid(Nid::COMMONNAME)
                        .last()
                        .and_then(|cn| cn.data().as_utf8().map(|cn| cn.to_string()).ok())
                    {
                        certs_map.insert(name, cert);
                    }
                }

                Ok(certs_map)
            }
        }
    }
}

/// Method to init an SSL context for a socket
pub(crate) fn init_openssl_context<B>(
    config: &SslConfig,
    mut context_builder: B,
    is_server: bool,
    host: Option<&str>,
) -> Result<B, ConfigError>
where
    B: DerefMut<Target = SslContextBuilder>,
{
    if let Some(pkcs12_path) = &config.pkcs12 {
        match fs::read(pkcs12_path) {
            Ok(pkcs12_file) => {
                let pkcs12 = ::openssl::pkcs12::Pkcs12::from_der(pkcs12_file.as_ref())?
                    .parse2(config.passphrase.as_ref().unwrap_or(&String::from("")))?;

                if let Some(pkey) = pkcs12.pkey {
                    context_builder.set_private_key(&pkey)?;
                }

                if let Some(cert) = pkcs12.cert {
                    context_builder.set_certificate(&cert)?;
                }

                if let Some(ca) = pkcs12.ca {
                    for cert in ca {
                        context_builder.add_extra_chain_cert(cert)?;
                    }
                }
            }
            Err(io) => return Err(ConfigError::IoFile(pkcs12_path.to_string(), io)),
        }
    } else if let (Some(cert_path), Some(key_path)) = (&config.cert, &config.key) {
        context_builder.set_certificate_file(cert_path, SslFiletype::PEM)?;

        match fs::read(key_path) {
            Ok(key_file) => {
                let pkey = if key_path.ends_with(".der") || key_path.ends_with(".cer") {
                    PKey::private_key_from_der(key_file.as_slice())?
                } else if let Some(passphrase) = &config.passphrase {
                    PKey::private_key_from_pem_passphrase(
                        key_file.as_slice(),
                        passphrase.as_bytes(),
                    )?
                } else {
                    PKey::private_key_from_pem(key_file.as_slice())?
                };

                context_builder.set_private_key(&pkey)?;
            }
            Err(io) => return Err(ConfigError::IoFile(key_path.to_string(), io)),
        }
    } else if is_server {
        let mut group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1)?;
        group.set_asn1_flag(Asn1Flag::NAMED_CURVE);
        let pkey = PKey::from_ec_key(EcKey::generate(&group)?)?;
        context_builder.set_private_key(&pkey)?;

        let mut cert = X509::builder()?;
        cert.set_version(2)?;
        cert.set_pubkey(&pkey)?;

        let mut serial_bn = BigNum::new()?;
        serial_bn.pseudo_rand(64, MsbOption::MAYBE_ZERO, true)?;
        let serial_number = Asn1Integer::from_bn(&serial_bn)?;
        cert.set_serial_number(&serial_number)?;

        let begin_valid_time =
            Asn1Time::from_unix(time::UNIX_EPOCH.elapsed().unwrap().as_secs() as i64 - 360)?;
        cert.set_not_before(&begin_valid_time)?;
        let end_valid_time = Asn1Time::days_from_now(1461)?; // 4 years from now
        cert.set_not_after(&end_valid_time)?;

        let mut x509_name = X509NameBuilder::new()?;
        if let Some(cn) = os_country() {
            x509_name.append_entry_by_text("C", cn.as_str())?;
        }
        x509_name.append_entry_by_text("CN", "ProSA")?;
        let x509_name = x509_name.build();
        cert.set_subject_name(&x509_name)?;
        cert.set_issuer_name(&x509_name)?;

        // Add DNS or IP subject alternative name if needed to check the certificate
        if let Some(host) = host {
            if let Ok(ip) = host.parse::<IpAddr>() {
                if !ip.is_unspecified() && !ip.is_loopback() {
                    let mut subject_alternative_name = SubjectAlternativeName::new();
                    let x509_extension = subject_alternative_name
                        .ip(host)
                        .build(&cert.x509v3_context(None, None))?;
                    cert.append_extension2(&x509_extension)?;
                }
            } else {
                let mut subject_alternative_name = SubjectAlternativeName::new();
                let x509_extension = subject_alternative_name
                    .dns(host)
                    .build(&cert.x509v3_context(None, None))?;
                cert.append_extension2(&x509_extension)?;
            }
        }

        cert.sign(&pkey, MessageDigest::sha256())?;
        let cert_x509 = cert.build();

        // Write out the certificate if a path for it is specify
        if let Some(cert_path) = &config.cert {
            let mut cert_file =
                File::create(cert_path).map_err(|e| ConfigError::IoFile(cert_path.clone(), e))?;
            if cert_path.ends_with(".der") || cert_path.ends_with(".cer") {
                cert_file
                    .write_all(&cert_x509.to_der()?)
                    .map_err(|e| ConfigError::IoFile(cert_path.clone(), e))?;
            } else {
                cert_file
                    .write_all(&cert_x509.to_pem()?)
                    .map_err(|e| ConfigError::IoFile(cert_path.clone(), e))?;
            }
        }

        context_builder.set_certificate(&cert_x509)?;
    }

    if let Some(store) = &config.store {
        context_builder.set_cert_store(store.get_store()?);
        if is_server {
            context_builder.set_verify(SslVerifyMode::PEER);
        }
    } else if !is_server {
        context_builder.set_cert_store(Store::default().get_store()?);
    } else {
        context_builder.set_verify(SslVerifyMode::NONE);
    }

    if !config.alpn.is_empty() {
        if is_server {
            let alpn_list = config.alpn.clone();
            context_builder.set_alpn_select_callback(move |_ssl, alpn| {
                let mut cli_alpn = HashMap::new();

                let mut current_split = alpn;
                while let Some(length) = current_split.first() {
                    if current_split.len() > *length as usize {
                        let (left, right) = current_split.split_at(*length as usize + 1);
                        cli_alpn.insert(String::from_utf8(left[1..].to_vec()).unwrap(), &left[1..]);
                        current_split = right;
                    } else {
                        return Err(AlpnError::ALERT_FATAL);
                    }
                }

                for alpn_name in &alpn_list {
                    if let Some(alpn) = cli_alpn.get(alpn_name) {
                        return Ok(alpn);
                    }
                }

                Err(AlpnError::NOACK)
            });
        } else {
            let mut alpn_bytes = BytesMut::new();
            for alpn in &config.alpn {
                alpn_bytes.put_u8(alpn.len() as u8);
                alpn_bytes.put(alpn.as_bytes());
            }

            context_builder.set_alpn_protos(&alpn_bytes)?;
        }
    }

    Ok(context_builder)
}

impl SslConfigContext<SslConnectorBuilder, SslAcceptorBuilder> for SslConfig {
    /// Method to init an OpenSSL context for a client socket
    ///
    /// ```
    /// use std::io;
    /// use std::pin::Pin;
    /// use tokio::net::TcpStream;
    /// use tokio_openssl::SslStream;
    /// use openssl::ssl::{ErrorCode, Ssl, SslMethod, SslVerifyMode};
    /// use prosa_utils::config::ssl::{SslConfig, SslConfigContext};
    ///
    /// async fn client() -> Result<(), io::Error> {
    ///     let mut stream = TcpStream::connect("localhost:4443").await?;
    ///
    ///     let client_config = SslConfig::default();
    ///     if let Ok(mut ssl_context_builder) = client_config.init_tls_client_context() {
    ///         let ssl_context = ssl_context_builder.build();
    ///         let ssl = Ssl::new(&ssl_context.context()).unwrap();
    ///         let mut stream = SslStream::new(ssl, stream).unwrap();
    ///         if let Err(e) = Pin::new(&mut stream).connect().await {
    ///             if e.code() != ErrorCode::ZERO_RETURN {
    ///                 eprintln!("Can't connect the client: {}", e);
    ///             }
    ///         }
    ///
    ///         // SSL stream ...
    ///     }
    ///
    ///     Ok(())
    /// }
    /// ```
    fn init_tls_client_context(&self) -> Result<openssl::ssl::SslConnectorBuilder, ConfigError> {
        let mut ssl_connector = openssl::ssl::SslConnector::builder(SslMethod::tls_client())?;
        init_openssl_context(self, ssl_connector.deref_mut(), false, None)?;
        Ok(ssl_connector)
    }

    /// Method to init an OpenSSL context for a server socket
    ///
    /// ```
    /// use std::io;
    /// use std::pin::Pin;
    /// use tokio::net::TcpListener;
    /// use tokio_openssl::SslStream;
    /// use openssl::ssl::{ErrorCode, Ssl, SslMethod, SslVerifyMode};
    /// use prosa_utils::config::ssl::{SslConfig, SslConfigContext};
    ///
    /// async fn server() -> Result<(), io::Error> {
    ///     let listener = TcpListener::bind("0.0.0.0:4443").await?;
    ///
    ///     let server_config = SslConfig::new_cert_key("cert.pem".into(), "cert.key".into(), Some("passphrase".into()));
    ///     if let Ok(mut ssl_context_builder) = server_config.init_tls_server_context(Some("localhost")) {
    ///         ssl_context_builder.set_verify(SslVerifyMode::NONE);
    ///         let ssl_context = ssl_context_builder.build();
    ///
    ///         loop {
    ///             let (stream, cli_addr) = listener.accept().await?;
    ///             let ssl = Ssl::new(&ssl_context.context()).unwrap();
    ///             let mut stream = SslStream::new(ssl, stream).unwrap();
    ///             if let Err(e) = Pin::new(&mut stream).accept().await {
    ///                 if e.code() != ErrorCode::ZERO_RETURN {
    ///                     eprintln!("Can't accept the client {}: {}", cli_addr, e);
    ///                 }
    ///             }
    ///
    ///             // SSL stream ...
    ///         }
    ///     }
    ///
    ///     Ok(())
    /// }
    /// ```
    fn init_tls_server_context(
        &self,
        host: Option<&str>,
    ) -> Result<openssl::ssl::SslAcceptorBuilder, ConfigError> {
        let mut ssl_acceptor = SslAcceptor::mozilla_modern(SslMethod::tls_server())?;
        init_openssl_context(self, ssl_acceptor.deref_mut(), true, host)?;
        Ok(ssl_acceptor)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_store() {
        let store_le_x1_x2 = Store::Cert {
            certs: vec![
                "-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----"
                    .to_string(),
                "-----BEGIN CERTIFICATE-----
MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
/q4AaOeMSQ+2b1tbFfLn
-----END CERTIFICATE-----"
                    .to_string(),
            ],
        };

        let certs: HashMap<String, ::openssl::x509::X509> = store_le_x1_x2.get_certs().unwrap();
        assert!(!certs.is_empty());

        let ossl_store: ::openssl::x509::store::X509Store = store_le_x1_x2.get_store().unwrap();
        assert!(!ossl_store.all_certificates().is_empty())
    }

    #[cfg(ossl300)]
    #[test]
    fn test_system_store() {
        let certs_map: HashMap<String, X509> = Store::System.get_certs().unwrap();
        assert!(!certs_map.is_empty());
    }

    #[test]
    fn test_tls_server_context() {
        let ssl_config = SslConfig::default();
        let ssl_acceptor_builder: ::openssl::ssl::SslAcceptorBuilder =
            ssl_config.init_tls_server_context(None).unwrap();
        let ssl_acceptor = ssl_acceptor_builder.build();

        // Check for self signed certificate
        assert!(ssl_acceptor.context().private_key().is_some());
        assert!(ssl_acceptor.context().certificate().is_some());
    }
}