tokio-quiche: re-use test certificate from quiche to silence semgrep

The quiche test certificate files have already been allowlisted in
semgrep, so rather than go through the process to request yet another
exemption just re-use the same files for tokio-quiche too.

tokio-quiche/src/quic/router/mod.rs

@@ -852,11 +852,16 @@ mod tests {
     use tokio::net::UdpSocket;
     use tokio::time;
 
-    fn path_relative_to_manifest_dir(path: &str) -> String {
-        let mut res = std::fs::canonicalize(env!("CARGO_MANIFEST_DIR")).unwrap();
-        res.push(path);
-        res.to_string_lossy().into_owned()
-    }
+    const TEST_CERT_FILE: &str = concat!(
+        env!("CARGO_MANIFEST_DIR"),
+        "/",
+        "../quiche/examples/cert.crt"
+    );
+    const TEST_KEY_FILE: &str = concat!(
+        env!("CARGO_MANIFEST_DIR"),
+        "/",
+        "../quiche/examples/cert.key"
+    );
 
     fn test_connect(host_port: String) {
         let h3i_config = h3i::config::Config::new()
@@ -889,8 +894,8 @@ mod tests {
         };
 
         let tls_cert_settings = TlsCertificatePaths {
-            cert: &path_relative_to_manifest_dir("./certs/proxy-cert.pem"),
-            private_key: &path_relative_to_manifest_dir("./certs/proxy-key.pem"),
+            cert: &TEST_CERT_FILE,
+            private_key: &TEST_KEY_FILE,
             kind: crate::settings::CertificateKind::X509,
         };
 

tokio-quiche/tests/fixtures/mod.rs

@@ -69,8 +69,20 @@ pub use tokio_quiche::ServerH3Connection;
 pub use tokio_quiche::ServerH3Driver;
 
 pub mod h3i_fixtures;
+
 use h3i_fixtures::stream_body;
 
+pub const TEST_CERT_FILE: &str = concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/",
+    "../quiche/examples/cert.crt"
+);
+pub const TEST_KEY_FILE: &str = concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/",
+    "../quiche/examples/cert.key"
+);
+
 pub struct TestConnectionHook {
     was_called: Arc<AtomicBool>,
 }
@@ -220,8 +232,8 @@ where
     let url = format!("http://127.0.0.1:{}", socket.local_addr().unwrap().port());
 
     let tls_cert_settings = TlsCertificatePaths {
-        cert: &path_relative_to_manifest_dir("./certs/proxy-cert.pem"),
-        private_key: &path_relative_to_manifest_dir("./certs/proxy-key.pem"),
+        cert: &TEST_CERT_FILE,
+        private_key: &TEST_KEY_FILE,
         kind: tokio_quiche::settings::CertificateKind::X509,
     };
 
@@ -284,11 +296,3 @@ pub fn map_responses(
 
     map
 }
-
-pub fn path_relative_to_manifest_dir(
-    path: impl AsRef<std::path::Path>,
-) -> String {
-    let mut res = std::fs::canonicalize(env!("CARGO_MANIFEST_DIR")).unwrap();
-    res.push(path);
-    res.to_string_lossy().into_owned()
-}

tokio-quiche/tests/integration_tests/async_callbacks.rs

@@ -63,11 +63,11 @@ async fn test_hello_world_async_callbacks() {
             });
 
             ssl_ctx_builder
-                .set_private_key_file("./certs/proxy-key.pem", SslFiletype::PEM)
+                .set_private_key_file(&TEST_KEY_FILE, SslFiletype::PEM)
                 .unwrap();
 
             ssl_ctx_builder
-                .set_certificate_chain_file("./certs/proxy-cert.pem")
+                .set_certificate_chain_file(&TEST_CERT_FILE)
                 .unwrap();
 
             self.was_called.store(true, Ordering::SeqCst);
@@ -127,11 +127,11 @@ async fn test_async_callbacks_fail_after_initial_send() {
             });
 
             ssl_ctx_builder
-                .set_private_key_file("./certs/proxy-key.pem", SslFiletype::PEM)
+                .set_private_key_file(&TEST_KEY_FILE, SslFiletype::PEM)
                 .unwrap();
 
             ssl_ctx_builder
-                .set_certificate_chain_file("./certs/proxy-cert.pem")
+                .set_certificate_chain_file(&TEST_CERT_FILE)
                 .unwrap();
 
             Some(ssl_ctx_builder)

tokio-quiche/tests/integration_tests/mod.rs

@@ -156,8 +156,8 @@ async fn test_ioworker_state_machine_pause() {
     let url = format!("http://127.0.0.1:{}", socket.local_addr().unwrap().port());
 
     let tls_cert_settings = TlsCertificatePaths {
-        cert: &path_relative_to_manifest_dir("./certs/proxy-cert.pem"),
-        private_key: &path_relative_to_manifest_dir("./certs/proxy-key.pem"),
+        cert: &TEST_CERT_FILE,
+        private_key: &TEST_KEY_FILE,
         kind: tokio_quiche::settings::CertificateKind::X509,
     };
 

tokio-quiche/tests/integration_tests/timeouts.rs

@@ -83,11 +83,11 @@ async fn test_handshake_duration_ioworker() {
             });
 
             ssl_ctx_builder
-                .set_private_key_file("./certs/proxy-key.pem", SslFiletype::PEM)
+                .set_private_key_file(&TEST_KEY_FILE, SslFiletype::PEM)
                 .unwrap();
 
             ssl_ctx_builder
-                .set_certificate_chain_file("./certs/proxy-cert.pem")
+                .set_certificate_chain_file(&TEST_CERT_FILE)
                 .unwrap();
 
             Some(ssl_ctx_builder)