Support TLSConfiguration.trustRoots(.file)...

adam-fowler · adam-fowler · commit ad02945155b0 · 2021-05-13T12:49:54.000+01:00
Support TLSConfiguration.trustRoots(.file) when converting to a `NWProtocolTLS.Options`
diff --git a/Sources/AsyncHTTPClient/NIOTransportServices/TLSConfiguration.swift b/Sources/AsyncHTTPClient/NIOTransportServices/TLSConfiguration.swift
@@ -128,8 +128,11 @@
                 secTrustRoots = try certificates.compactMap { certificate in
                     try SecCertificateCreateWithData(nil, Data(certificate.toDERBytes()) as CFData)
                 }
-            case .some(.file):
-                preconditionFailure("TLSConfiguration.trustRoots.file is not supported")
+            case .some(.file(let file)):
+                let certificates = try NIOSSLCertificate.fromPEMFile(file)
+                secTrustRoots = try certificates.compactMap { certificate in
+                    try SecCertificateCreateWithData(nil, Data(certificate.toDERBytes()) as CFData)
+                }
 
             case .some(.default), .none:
                 break
diff --git a/Tests/AsyncHTTPClientTests/HTTPClientNIOTSTests.swift b/Tests/AsyncHTTPClientTests/HTTPClientNIOTSTests.swift
@@ -111,4 +111,19 @@ class HTTPClientNIOTSTests: XCTestCase {
             }
         #endif
     }
+    
+    func testTrustRootCertificateLoadFail() {
+        guard isTestingNIOTS() else { return }
+        #if canImport(Network)
+        let tlsConfig = TLSConfiguration.forClient(trustRoots: .file("not/a/certificate"))
+        XCTAssertThrowsError(try tlsConfig.getNWProtocolTLSOptions()) { error in
+            switch error {
+            case let error as NIOSSL.NIOSSLError where error == .failedToLoadCertificate:
+                break
+            default:
+                XCTFail("\(error)")
+            }
+        }
+        #endif
+    }
 }
