From 9a5de8e2ea8d75d106b14bcc17e8ed63e1adbe38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Valentin=20H=C4=83loiu?= <valentin.haloiu@gmail.com>
Date: Wed, 26 Apr 2023 06:45:20 +0000
Subject: [PATCH] Fix HTTPS client certificate test

These tests have been broken (and disabled) for a while. This pull-request fixes the tests and re-enables them.

Bug: #47052
Change-Id: Ib8c83959e5f00a2a5dc29959f87adbaa963385fe
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/296863
Commit-Queue: Daco Harkes <dacoharkes@google.com>
Reviewed-by: Daco Harkes <dacoharkes@google.com>
---
 .../io/https_client_certificate_test.dart     | 22 ++++++++--------
 tests/standalone/standalone_kernel.status     |  1 -
 .../io/https_client_certificate_test.dart     | 25 ++++++++++---------
 tests/standalone_2/standalone_2_kernel.status |  1 -
 4 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/tests/standalone/io/https_client_certificate_test.dart b/tests/standalone/io/https_client_certificate_test.dart
index 8b7a0045621..d584df70331 100644
--- a/tests/standalone/io/https_client_certificate_test.dart
+++ b/tests/standalone/io/https_client_certificate_test.dart
@@ -6,12 +6,10 @@
 // OtherResources=certificates/server_key.pem
 // OtherResources=certificates/trusted_certs.pem
 
-import "dart:async";
 import "dart:io";
 
 import "package:async_helper/async_helper.dart";
 import "package:expect/expect.dart";
-import "package:path/path.dart";
 
 const HOST_NAME = "localhost";
 String localFile(path) => Platform.script.resolve(path).toFilePath();
@@ -19,14 +17,18 @@ String localFile(path) => Platform.script.resolve(path).toFilePath();
 SecurityContext serverContext = new SecurityContext()
   ..useCertificateChain(localFile('certificates/server_chain.pem'))
   ..usePrivateKey(localFile('certificates/server_key.pem'),
-      password: 'dartdart');
-// TODO: Specify which client certificate roots to trust.
+      password: 'dartdart')
+  ..setTrustedCertificates(
+    localFile('certificates/client_authority.pem'),
+  )
+  ..setClientAuthorities(
+    localFile('certificates/client_authority.pem'),
+  );
 
 SecurityContext clientContext = new SecurityContext()
   ..setTrustedCertificates(localFile('certificates/trusted_certs.pem'))
-// TODO: Set a client certificate here.
-  ..useCertificateChain(localFile('certificates/server_chain.pem'))
-  ..usePrivateKey(localFile('certificates/server_key.pem'),
+  ..useCertificateChain(localFile('certificates/client1.pem'))
+  ..usePrivateKey(localFile('certificates/client1_key.pem'),
       password: 'dartdart');
 
 void main() {
@@ -36,7 +38,7 @@ void main() {
       .then((server) {
     server.listen((HttpRequest request) {
       Expect.isNotNull(request.certificate);
-      Expect.equals('CN=localhost', request.certificate!.subject);
+      Expect.equals('/CN=user1', request.certificate!.subject);
       request.response.write("Hello");
       request.response.close();
     });
@@ -46,8 +48,8 @@ void main() {
         .getUrl(Uri.parse("https://$HOST_NAME:${server.port}/"))
         .then((request) => request.close())
         .then((response) {
-      Expect.equals('CN=localhost', response.certificate!.subject);
-      Expect.equals('CN=myauthority', response.certificate!.issuer);
+      Expect.equals('/CN=localhost', response.certificate!.subject);
+      Expect.equals('/CN=intermediateauthority', response.certificate!.issuer);
       return response
           .fold<List<int>>(<int>[], (message, data) => message..addAll(data));
     }).then((message) {
diff --git a/tests/standalone/standalone_kernel.status b/tests/standalone/standalone_kernel.status
index 12f239f2fb2..28fa71e0504 100644
--- a/tests/standalone/standalone_kernel.status
+++ b/tests/standalone/standalone_kernel.status
@@ -90,7 +90,6 @@ io/http_response_deadline_test: Skip # Flaky.
 io/http_reuse_server_port_test: Skip # Flaky.
 io/http_server_close_response_after_error_test: Skip # Flaky.
 io/http_shutdown_test: Skip # Flaky.
-io/https_client_certificate_test: Crash
 io/raw_datagram_socket_test: Skip # Flaky.
 io/raw_secure_server_closing_test: Skip # Flaky
 io/raw_socket_test: Crash
diff --git a/tests/standalone_2/io/https_client_certificate_test.dart b/tests/standalone_2/io/https_client_certificate_test.dart
index f2da08ae881..28332bec6e3 100644
--- a/tests/standalone_2/io/https_client_certificate_test.dart
+++ b/tests/standalone_2/io/https_client_certificate_test.dart
@@ -4,12 +4,10 @@
 
 // @dart = 2.9
 
-import "dart:async";
 import "dart:io";
 
 import "package:async_helper/async_helper.dart";
 import "package:expect/expect.dart";
-import "package:path/path.dart";
 
 const HOST_NAME = "localhost";
 String localFile(path) => Platform.script.resolve(path).toFilePath();
@@ -17,25 +15,28 @@ String localFile(path) => Platform.script.resolve(path).toFilePath();
 SecurityContext serverContext = new SecurityContext()
   ..useCertificateChain(localFile('certificates/server_chain.pem'))
   ..usePrivateKey(localFile('certificates/server_key.pem'),
-      password: 'dartdart');
-// TODO: Specify which client certificate roots to trust.
+      password: 'dartdart')
+  ..setTrustedCertificates(
+    localFile('certificates/client_authority.pem'),
+  )
+  ..setClientAuthorities(
+    localFile('certificates/client_authority.pem'),
+  );
 
 SecurityContext clientContext = new SecurityContext()
   ..setTrustedCertificates(localFile('certificates/trusted_certs.pem'))
-// TODO: Set a client certificate here.
-  ..useCertificateChain(localFile('certificates/server_chain.pem'))
-  ..usePrivateKey(localFile('certificates/server_key.pem'),
+  ..useCertificateChain(localFile('certificates/client1.pem'))
+  ..usePrivateKey(localFile('certificates/client1_key.pem'),
       password: 'dartdart');
 
 void main() {
   asyncStart();
-  HttpServer
-      .bindSecure(HOST_NAME, 0, serverContext,
+  HttpServer.bindSecure(HOST_NAME, 0, serverContext,
           backlog: 5, requestClientCertificate: true)
       .then((server) {
     server.listen((HttpRequest request) {
       Expect.isNotNull(request.certificate);
-      Expect.equals('CN=localhost', request.certificate.subject);
+      Expect.equals('/CN=user1', request.certificate.subject);
       request.response.write("Hello");
       request.response.close();
     });
@@ -45,8 +46,8 @@ void main() {
         .getUrl(Uri.parse("https://$HOST_NAME:${server.port}/"))
         .then((request) => request.close())
         .then((response) {
-      Expect.equals('CN=localhost', response.certificate.subject);
-      Expect.equals('CN=myauthority', response.certificate.issuer);
+      Expect.equals('/CN=localhost', response.certificate.subject);
+      Expect.equals('/CN=intermediateauthority', response.certificate.issuer);
       return response.fold(<int>[], (message, data) => message..addAll(data));
     }).then((message) {
       String received = new String.fromCharCodes(message);
diff --git a/tests/standalone_2/standalone_2_kernel.status b/tests/standalone_2/standalone_2_kernel.status
index 12f239f2fb2..28fa71e0504 100644
--- a/tests/standalone_2/standalone_2_kernel.status
+++ b/tests/standalone_2/standalone_2_kernel.status
@@ -90,7 +90,6 @@ io/http_response_deadline_test: Skip # Flaky.
 io/http_reuse_server_port_test: Skip # Flaky.
 io/http_server_close_response_after_error_test: Skip # Flaky.
 io/http_shutdown_test: Skip # Flaky.
-io/https_client_certificate_test: Crash
 io/raw_datagram_socket_test: Skip # Flaky.
 io/raw_secure_server_closing_test: Skip # Flaky
 io/raw_socket_test: Crash