From 5d19173dd734144100019e6cb0e3125d7405920e Mon Sep 17 00:00:00 2001
From: stormshield-gt <143998166+stormshield-gt@users.noreply.github.com.>
Date: Mon, 26 Aug 2024 09:15:27 +0200
Subject: [PATCH] Add test for new_with_extra_roots

---
 Cargo.lock                                    |  7 +++
 rustls-platform-verifier/Cargo.toml           |  4 +-
 .../src/tests/verification_mock/mod.rs        | 49 +++++++++++++++++--
 3 files changed, 55 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index e54f400..90f67de 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -196,6 +196,12 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
+[[package]]
+name = "paste"
+version = "1.0.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.86"
@@ -312,6 +318,7 @@ dependencies = [
  "jni",
  "log",
  "once_cell",
+ "paste",
  "rustls",
  "rustls-native-certs",
  "rustls-platform-verifier-android",
diff --git a/rustls-platform-verifier/Cargo.toml b/rustls-platform-verifier/Cargo.toml
index 4680337..111422f 100644
--- a/rustls-platform-verifier/Cargo.toml
+++ b/rustls-platform-verifier/Cargo.toml
@@ -19,7 +19,7 @@ crate-type = ["cdylib", "rlib"]
 # Enables a C interface to use for testing where `cargo` can't be used.
 # This feature is not stable, nor is the interface exported when it is enabled.
 # Do not rely on this or use it in production.
-ffi-testing = ["android_logger", "rustls/ring"]
+ffi-testing = ["android_logger", "rustls/ring", "paste"]
 # Enables APIs that expose lower-level verifier types for debugging purposes.
 dbg = []
 # Enables `log::debug` base64-encoded logging of all end-entity certificates processed
@@ -34,6 +34,7 @@ log = { version = "0.4" }
 base64 = { version = "0.22", optional = true } # Only used when the `cert-logging` feature is enabled.
 jni = { version = "0.19", default-features = false, optional = true } # Only used during doc generation
 once_cell = "1.9"
+paste = { version = "1.0", default-features = false, optional = true } # Only used when `ffi-testing` feature is enabled
 
 [target.'cfg(all(unix, not(target_os = "android"), not(target_os = "macos"), not(target_os = "ios"), not(target_os = "tvos"), not(target_arch = "wasm32")))'.dependencies]
 rustls-native-certs = "0.7"
@@ -63,6 +64,7 @@ winapi = { version = "0.3", features = ["wincrypt", "winerror"] }
 
 [dev-dependencies]
 rustls = { version = "0.23", default-features = false, features = ["ring"] }
+paste = { version = "1.0", default-features = false } # Only used when `ffi-testing` feature is enabled
 
 [package.metadata.docs.rs]
 rustdoc-args = ["--cfg", "docsrs"]
diff --git a/rustls-platform-verifier/src/tests/verification_mock/mod.rs b/rustls-platform-verifier/src/tests/verification_mock/mod.rs
index 87d0294..9716007 100644
--- a/rustls-platform-verifier/src/tests/verification_mock/mod.rs
+++ b/rustls-platform-verifier/src/tests/verification_mock/mod.rs
@@ -41,6 +41,14 @@ macro_rules! mock_root_test_cases {
                 pub fn $name() {
                     super::$name()
                 }
+
+                paste::paste!{
+                    #[cfg(all($target, not(windows), not(target_os = "android")))]
+                    #[test]
+                    pub fn [<$name _extra>](){
+                        super::[<$name _extra>]()
+                    }
+                }
             )+
 
         }
@@ -49,8 +57,15 @@ macro_rules! mock_root_test_cases {
         pub static ALL_TEST_CASES: &'static [fn()] = &[
             $(
                 #[cfg($target)]
-                $name
+                $name,
+
+                paste::paste!{
+                    #[cfg(all($target, not(windows), not(target_os = "android")))]
+                    [<$name _extra>]
+                }
+
             ),+
+
         ];
     };
 
@@ -58,7 +73,14 @@ macro_rules! mock_root_test_cases {
         $(
             #[cfg($target)]
             pub(super) fn $name() {
-                test_with_mock_root(&$test_case);
+                test_with_mock_root(&$test_case, Roots::OnlyExtra);
+            }
+
+            paste::paste!{
+                #[cfg(all($target, not(windows), not(target_os = "android")))]
+                pub(super) fn [<$name _extra>]() {
+                    test_with_mock_root(&$test_case, Roots::ExtraAndPlatform);
+                }
             }
         )+
     };
@@ -301,11 +323,18 @@ mock_root_test_cases! {
     },
 }
 
-fn test_with_mock_root<E: std::error::Error + PartialEq + 'static>(test_case: &TestCase<E>) {
+fn test_with_mock_root<E: std::error::Error + PartialEq + 'static>(
+    test_case: &TestCase<E>,
+    root_src: Roots,
+) {
     ensure_global_state();
     log::info!("verifying {:?}", test_case.expected_result);
 
-    let verifier = Verifier::new_with_fake_root(ROOT1); // TODO: time
+    let verifier = match root_src {
+        Roots::OnlyExtra => Verifier::new_with_fake_root(ROOT1), // TODO: time
+        #[cfg(all(unix, not(target_os = "android")))]
+        Roots::ExtraAndPlatform => Verifier::new_with_extra_roots([ROOT1]),
+    };
     let mut chain = test_case
         .chain
         .iter()
@@ -337,3 +366,15 @@ fn test_with_mock_root<E: std::error::Error + PartialEq + 'static>(test_case: &T
     );
     // TODO: get into specifics of errors returned when it fails.
 }
+
+enum Roots {
+    /// Test with only extra roots, without loading the platform trust store.
+    ///
+    /// We want to keep things reproducible given the background-managed nature of trust roots on platforms.
+    OnlyExtra,
+    /// Test with loading the extra roots and the platform trust store.
+    ///
+    /// Right now, not all platforms are supported.
+    #[cfg(all(unix, not(target_os = "android")))]
+    ExtraAndPlatform,
+}