checkpoint2

src/apple/context.c

@@ -132,7 +132,7 @@ static int load_key(tlsuv_private_key_t *key_ref, const char *keystr, size_t len
         keylen = len;
     }
 
-    CFArrayRef items;
+    CFArrayRef items = NULL;
 
     SecExternalItemType type = kSecItemTypePrivateKey;
     CFDataRef data = CFDataCreate(kCFAllocatorDefault, key_buf, keylen);
@@ -194,13 +194,44 @@ static int load_key(tlsuv_private_key_t *key_ref, const char *keystr, size_t len
     return rc == 0 ? 0 : -1;
 }
 
+static int load_cert(tls_cert *cert, const char *certstr, size_t len) {
+    char *cert_buf = NULL;
+    size_t cert_len;
+    if (load_file(certstr, &cert_buf, &cert_len) != 0) {
+        cert_buf = (char*)certstr;
+        cert_len = len;
+    }
+
+    SecExternalItemType type = kSecItemTypeCertificate;
+    CFDataRef data = CFDataCreate(kCFAllocatorDefault, cert_buf, cert_len);
+
+    CFArrayRef items = NULL;
+    OSStatus rc = SecItemImport(data, NULL, NULL, &type, 0, NULL, NULL, &items);
+
+    if (cert_buf != certstr) {
+        free(cert_buf);
+    }
+    *cert = items;
+    return rc == 0 ? 0 : -1;
+}
+
+static int tls_set_own_cert(tls_context *ctx, tlsuv_private_key_t pk, tls_cert cert) {
+    struct sectransport_ctx *c = (struct sectransport_ctx *) ctx;
+    struct sectransport_pub_key *key = container_of(pk, struct sectransport_pub_key, api);
+
+    c->key = key->key;
+    c->cert = cert;
+
+    return 0;
+}
+
 static tls_context ctx_api = {
         .version = tls_lib_version,
 //        .strerror = (const char *(*)(long)) tls_error,
         .new_engine = new_engine,
         .free_ctx = tls_free_ctx,
 //        .free_cert = tls_free_cert,
-//        .set_own_cert = tls_set_own_cert,
+        .set_own_cert = tls_set_own_cert,
 //        .set_cert_verify = tls_set_cert_verify,
 //        .verify_signature =  tls_verify_signature,
 //        .parse_pkcs7_certs = parse_pkcs7_certs,
@@ -209,7 +240,7 @@ static tls_context ctx_api = {
         .load_key = load_key,
 //        .load_pkcs11_key = load_pkcs11_key,
 //        .generate_pkcs11_key = gen_pkcs11_key,
-//        .load_cert = load_cert,
+        .load_cert = load_cert,
 //       .generate_csr_to_pem = generate_csr,
 };
 

src/apple/context.h

@@ -12,6 +12,9 @@ struct sectransport_ctx {
     tls_context api;
 
     CFArrayRef ca_bundle;
+
+    SecKeyRef key;
+    CFArrayRef cert;
 };
 
 struct sectransport_priv_key {

src/apple/engine.c

@@ -76,6 +76,8 @@ tlsuv_engine_t new_engine(tls_context *ctx, const char *hostname) {
 
         e->policies = policies;
         SSLSetSessionOption(e->ssl, kSSLSessionOptionBreakOnServerAuth, true);
+        SecKeyRef key;
+        SecKeyCreateSignature(key,)
     }
 
     e->socket = -1;

tests/http_tests.cpp

@@ -408,7 +408,7 @@ TEST_CASE("client_cert_test","[http]") {
                       "GTH3fhaM/pZZGdIC75x/69Y=\n"
                       "-----END PRIVATE KEY-----";
         tlsuv_private_key_t pk = nullptr;
-        int rc = tls->load_key(&pk, key, strlen(key) + 1);
+        int rc = tls->load_key(&pk, key, strlen(key));
         REQUIRE(rc == 0);
         REQUIRE(pk != nullptr);
 
@@ -540,30 +540,6 @@ TEST_CASE("basic_test", "[http]") {
     tlsuv_set_global_connector(nullptr);
 }
 
-TEST_CASE("basic_test2", "[http]") {
-    UvLoopTest test;
-
-    tlsuv_http_t clt;
-    resp_capture resp(resp_body_cb);
-    tlsuv_http_init(test.loop, &clt, "https://fd200fd3-a2d9-457f-bc0b-f9b8ee7d2898.production.netfoundry.io");
-    auto ca_file = "/Users/eugene/work/temp/nibbler-ca.pem";
-    auto tls = default_tls_context(ca_file, strlen(ca_file));
-    tlsuv_http_set_ssl(&clt, testServerTLS());
-    tlsuv_http_req_t *req = tlsuv_http_req(&clt, "GET", "/", resp_capture_cb, &resp);
-
-    test.run();
-
-    THEN("request should be fast and then idle for 5 seconds") {
-        CHECK(resp.code == HTTP_STATUS_OK);
-        CHECK_THAT(resp.http_version, Equals("1.1"));
-        CHECK_THAT(resp.status, Equals("OK"));
-
-        CHECK_THAT(resp.headers["Content-Type"], Catch::Matchers::StartsWith("application/json"));
-    }
-
-    tlsuv_http_close(&clt, nullptr);
-}
-
 TEST_CASE("invalid CA", "[http]") {
     UvLoopTest test;