Fix tests

Author: ManuelBilbao

crates/signer/src/service.rs

@@ -35,7 +35,7 @@ use cb_metrics::provider::MetricsProvider;
 use eyre::Context;
 use headers::{authorization::Bearer, Authorization};
 use parking_lot::RwLock as ParkingRwLock;
-use rustls::crypto::aws_lc_rs;
+use rustls::crypto::{aws_lc_rs, CryptoProvider};
 use tokio::sync::RwLock;
 use tracing::{debug, error, info, warn};
 use uuid::Uuid;
@@ -131,9 +131,11 @@ impl SigningService {
             .route_layer(middleware::from_fn(log_request))
             .route(STATUS_PATH, get(handle_status));
 
-        aws_lc_rs::default_provider()
-            .install_default()
-            .map_err(|_| eyre::eyre!("Failed to install TLS provider"))?;
+        if CryptoProvider::get_default().is_none() {
+            aws_lc_rs::default_provider()
+                .install_default()
+                .map_err(|_| eyre::eyre!("Failed to install TLS provider"))?;
+        }
         let tls_config =
             RustlsConfig::from_pem(config.tls_certificates.0, config.tls_certificates.1).await?;
 

tests/src/utils.rs

@@ -1,6 +1,7 @@
 use std::{
     collections::HashMap,
     net::{Ipv4Addr, SocketAddr},
+    path::PathBuf,
     sync::{Arc, Once},
 };
 
@@ -20,7 +21,6 @@ use cb_common::{
 };
 use eyre::Result;
 use rcgen::generate_simple_self_signed;
-use tempfile::env::temp_dir;
 
 pub fn get_local_address(port: u16) -> String {
     format!("http://0.0.0.0:{port}")
@@ -112,7 +112,7 @@ pub fn get_signer_config(loader: SignerLoader) -> SignerConfig {
         jwt_auth_fail_limit: DEFAULT_JWT_AUTH_FAIL_LIMIT,
         jwt_auth_fail_timeout_seconds: DEFAULT_JWT_AUTH_FAIL_TIMEOUT_SECONDS,
         inner: SignerType::Local { loader, store: None },
-        tls_certificates: temp_dir(),
+        tls_certificates: PathBuf::new(),
     }
 }
 
@@ -121,7 +121,7 @@ pub fn get_start_signer_config(
     chain: Chain,
     jwts: HashMap<ModuleId, String>,
 ) -> StartSignerConfig {
-    let tls_certificates = generate_simple_self_signed(vec!["cb_signer".to_string()])
+    let tls_certificates = generate_simple_self_signed(vec!["localhost".to_string()])
         .map(|x| (x.cert.pem().as_bytes().to_vec(), x.key_pair.serialize_pem().as_bytes().to_vec()))
         .expect("Failed to generate TLS certificate");
 

tests/tests/signer_jwt_auth.rs

@@ -11,7 +11,7 @@ use cb_common::{
 use cb_signer::service::SigningService;
 use cb_tests::utils::{get_signer_config, get_start_signer_config, setup_test_env};
 use eyre::Result;
-use reqwest::{Response, StatusCode};
+use reqwest::{Certificate, Response, StatusCode};
 use tracing::info;
 
 const JWT_MODULE: &str = "test-module";
@@ -25,8 +25,10 @@ async fn test_signer_jwt_auth_success() -> Result<()> {
 
     // Run a pubkeys request
     let jwt = create_jwt(&module_id, 0, JWT_SECRET)?;
-    let client = reqwest::Client::new();
-    let url = format!("http://{}{}", start_config.endpoint, GET_PUBKEYS_PATH);
+    let client = reqwest::Client::builder()
+        .add_root_certificate(Certificate::from_pem(&start_config.tls_certificates.0)?)
+        .build()?;
+    let url = format!("https://localhost:20100{}", GET_PUBKEYS_PATH);
     let response = client.get(&url).bearer_auth(&jwt).send().await?;
 
     // Verify the expected pubkeys are returned
@@ -43,8 +45,10 @@ async fn test_signer_jwt_auth_fail() -> Result<()> {
 
     // Run a pubkeys request - this should fail due to invalid JWT
     let jwt = create_jwt(&module_id, 0, "incorrect secret")?;
-    let client = reqwest::Client::new();
-    let url = format!("http://{}{}", start_config.endpoint, GET_PUBKEYS_PATH);
+    let client = reqwest::Client::builder()
+        .add_root_certificate(Certificate::from_pem(&start_config.tls_certificates.0)?)
+        .build()?;
+    let url = format!("https://localhost:20200{}", GET_PUBKEYS_PATH);
     let response = client.get(&url).bearer_auth(&jwt).send().await?;
     assert!(response.status() == StatusCode::UNAUTHORIZED);
     info!(
@@ -63,8 +67,10 @@ async fn test_signer_jwt_rate_limit() -> Result<()> {
 
     // Run as many pubkeys requests as the fail limit
     let jwt = create_jwt(&module_id, 0, "incorrect secret")?;
-    let client = reqwest::Client::new();
-    let url = format!("http://{}{}", start_config.endpoint, GET_PUBKEYS_PATH);
+    let client = reqwest::Client::builder()
+        .add_root_certificate(Certificate::from_pem(&start_config.tls_certificates.0)?)
+        .build()?;
+    let url = format!("https://localhost:20300{}", GET_PUBKEYS_PATH);
     for _ in 0..start_config.jwt_auth_fail_limit {
         let response = client.get(&url).bearer_auth(&jwt).send().await?;
         assert!(response.status() == StatusCode::UNAUTHORIZED);