traefik/pkg/tls/certificate_store_test.go

108 lines
2.5 KiB
Go
Raw Normal View History

2018-07-06 08:30:03 +00:00
package tls
import (
"crypto/tls"
"fmt"
"strings"
"testing"
"time"
"github.com/patrickmn/go-cache"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/traefik/traefik/v2/pkg/safe"
2018-07-06 08:30:03 +00:00
)
func TestGetBestCertificate(t *testing.T) {
// FIXME Add tests for defaultCert
2018-07-06 08:30:03 +00:00
testCases := []struct {
desc string
domainToCheck string
dynamicCert string
expectedCert string
uppercase bool
2018-07-06 08:30:03 +00:00
}{
{
desc: "Empty Store, returns no certs",
domainToCheck: "snitest.com",
dynamicCert: "",
expectedCert: "",
},
{
desc: "Best Match with no corresponding",
2018-07-06 08:30:03 +00:00
domainToCheck: "snitest.com",
dynamicCert: "snitest.org",
expectedCert: "",
2018-07-06 08:30:03 +00:00
},
{
desc: "Best Match",
domainToCheck: "snitest.com",
dynamicCert: "snitest.com",
2018-07-06 08:30:03 +00:00
expectedCert: "snitest.com",
},
{
desc: "Best Match with dynamic wildcard",
2018-07-06 08:30:03 +00:00
domainToCheck: "www.snitest.com",
dynamicCert: "*.snitest.com",
expectedCert: "*.snitest.com",
},
{
desc: "Best Match with dynamic wildcard only, case insensitive",
domainToCheck: "bar.www.snitest.com",
dynamicCert: "*.www.snitest.com",
expectedCert: "*.www.snitest.com",
uppercase: true,
},
2018-07-06 08:30:03 +00:00
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
dynamicMap := map[string]*tls.Certificate{}
if test.dynamicCert != "" {
cert, err := loadTestCert(test.dynamicCert, test.uppercase)
2018-07-06 08:30:03 +00:00
require.NoError(t, err)
dynamicMap[strings.ToLower(test.dynamicCert)] = cert
2018-07-06 08:30:03 +00:00
}
store := &CertificateStore{
DynamicCerts: safe.New(dynamicMap),
CertCache: cache.New(1*time.Hour, 10*time.Minute),
}
var expected *tls.Certificate
if test.expectedCert != "" {
cert, err := loadTestCert(test.expectedCert, test.uppercase)
2018-07-06 08:30:03 +00:00
require.NoError(t, err)
expected = cert
}
clientHello := &tls.ClientHelloInfo{
ServerName: test.domainToCheck,
}
actual := store.GetBestCertificate(clientHello)
assert.Equal(t, expected, actual)
})
}
}
func loadTestCert(certName string, uppercase bool) (*tls.Certificate, error) {
replacement := "wildcard"
if uppercase {
replacement = "uppercase_wildcard"
}
2018-07-06 08:30:03 +00:00
staticCert, err := tls.LoadX509KeyPair(
2020-09-15 11:08:03 +00:00
fmt.Sprintf("../../integration/fixtures/https/%s.cert", strings.ReplaceAll(certName, "*", replacement)),
fmt.Sprintf("../../integration/fixtures/https/%s.key", strings.ReplaceAll(certName, "*", replacement)),
2018-07-06 08:30:03 +00:00
)
if err != nil {
return nil, err
}
return &staticCert, nil
}