b39d226fb8
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
129 lines
4.1 KiB
Go
129 lines
4.1 KiB
Go
package types
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// go run $GOROOT/src/crypto/tls/generate_cert.go --rsa-bits 1024 --host localhost --start-date "Jan 1 00:00:00 1970" --duration=1000000h
|
|
var cert = `-----BEGIN CERTIFICATE-----
|
|
MIIB9jCCAV+gAwIBAgIQI3edJckNbicw4WIHs5Ws9TANBgkqhkiG9w0BAQsFADAS
|
|
MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
|
|
MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
|
|
iQKBgQCb8oWyME1QRBoMLFei3M8TVKwfZfW74cVjtcugCBMTTOTCouEIgjjmiMv6
|
|
FdMio2uBcgeD9R3dOtjjnA7N+xjwZ4vIPqDlJRE3YbfpV9igVX3sXU7ssHTSH0vs
|
|
R0TuYJwGReIFUnu5QIjGwVorodF+CQ8dTnyXVLeQVU9kvjohHwIDAQABo0swSTAO
|
|
BgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw
|
|
ADAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADgYEADqylUQ/4
|
|
lrxh4h8UUQ2wKATQ2kG2YvMGlaIhr2vPZo2QDBlmL2xzai7YXX3+JZyM15TNCamn
|
|
WtFR7WQIOHzKA1GkR9WkaXKmFbJjhGMSZVCG6ghhTjzB+stBYZXhBsdjCJbkZWBu
|
|
OeI73oivo0MdI+4iCYCo7TnoY4PZGObwcgI=
|
|
-----END CERTIFICATE-----`
|
|
|
|
var key = `-----BEGIN PRIVATE KEY-----
|
|
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJvyhbIwTVBEGgws
|
|
V6LczxNUrB9l9bvhxWO1y6AIExNM5MKi4QiCOOaIy/oV0yKja4FyB4P1Hd062OOc
|
|
Ds37GPBni8g+oOUlETdht+lX2KBVfexdTuywdNIfS+xHRO5gnAZF4gVSe7lAiMbB
|
|
Wiuh0X4JDx1OfJdUt5BVT2S+OiEfAgMBAAECgYA9+PbghQl0aFvhko2RDybLi86K
|
|
+73X2DTVFx3AjvTlqp0OLCQ5eWabVqmYzKuHDGJgoqwR6Irhq80dRpsriCm0YNui
|
|
mMV35bbimOKz9FoCTKx0ZB6xsqrVoFhjVmX3DOD9Txe41H42ZxmccOKZndR/QaXz
|
|
VV+1W/Wbz2VawnkyYQJBAMvF6w2eOJRRoN8e7GM7b7uqkupJPp9axgFREoJZb16W
|
|
mqXUZnH4Cydzc5keG4yknQRHdgz6RrQxnvR7GyKHLfUCQQDD6qG9D5BX0+mNW6TG
|
|
PRwW/L2qWgnmg9lxtSSQat9ZOnBhw2OLPi0zTu4p70oSmU67/YJr50HEoJpRccZJ
|
|
mnJDAkBdBTtY2xpe8qhqUjZ80hweYi5wzwDMQ+bRoQ2+/U6usjdkbgJaEm4dE0H4
|
|
6tqOqHKZCnokUHfIOEKkvjHT4DulAkBAgiJNSTGi6aDOLa28pGR6YS/mRo1Z/HH9
|
|
kcJ/VuFB1Q8p8Zb2QzvI2CVtY2AFbbtSBPALrXKnVqZZSNgcZiFXAkEAvcLKaEXE
|
|
haGMGwq2BLADPHqAR3hdCJL3ikMJwWUsTkTjm973iEIEZfF5j57EzRI4bASm4Zq5
|
|
Zt3BcblLODQ//w==
|
|
-----END PRIVATE KEY-----`
|
|
|
|
func TestClientTLS_CreateTLSConfig(t *testing.T) {
|
|
tests := []struct {
|
|
desc string
|
|
clientTLS ClientTLS
|
|
wantCertLen int
|
|
wantCALen int
|
|
wantErr bool
|
|
}{
|
|
{
|
|
desc: "Configure CA",
|
|
clientTLS: ClientTLS{CA: cert},
|
|
wantCALen: 1,
|
|
wantErr: false,
|
|
},
|
|
{
|
|
desc: "Configure the client keyPair from strings",
|
|
clientTLS: ClientTLS{Cert: cert, Key: key},
|
|
wantCertLen: 1,
|
|
wantErr: false,
|
|
},
|
|
{
|
|
desc: "Configure the client keyPair from files",
|
|
clientTLS: ClientTLS{Cert: "fixtures/cert.pem", Key: "fixtures/key.pem"},
|
|
wantCertLen: 1,
|
|
wantErr: false,
|
|
},
|
|
{
|
|
desc: "Configure InsecureSkipVerify",
|
|
clientTLS: ClientTLS{InsecureSkipVerify: true},
|
|
wantErr: false,
|
|
},
|
|
{
|
|
desc: "Return an error if only the client cert is provided",
|
|
clientTLS: ClientTLS{Cert: cert},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
desc: "Return an error if only the client key is provided",
|
|
clientTLS: ClientTLS{Key: key},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
desc: "Return an error if only the client cert is of type file",
|
|
clientTLS: ClientTLS{Cert: "fixtures/cert.pem", Key: key},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
desc: "Return an error if only the client key is of type file",
|
|
clientTLS: ClientTLS{Cert: cert, Key: "fixtures/key.pem"},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
desc: "Return an error if the client cert does not exist",
|
|
clientTLS: ClientTLS{Cert: "fixtures/cert2.pem", Key: "fixtures/key.pem"},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
desc: "Return an error if the client key does not exist",
|
|
clientTLS: ClientTLS{Cert: "fixtures/cert.pem", Key: "fixtures/key2.pem"},
|
|
wantErr: true,
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
test := test
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
tlsConfig, err := test.clientTLS.CreateTLSConfig(context.Background())
|
|
if test.wantErr {
|
|
require.Error(t, err)
|
|
return
|
|
}
|
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Len(t, tlsConfig.Certificates, test.wantCertLen)
|
|
assert.Equal(t, test.clientTLS.InsecureSkipVerify, tlsConfig.InsecureSkipVerify)
|
|
|
|
if test.wantCALen > 0 {
|
|
assert.Len(t, tlsConfig.RootCAs.Subjects(), test.wantCALen)
|
|
return
|
|
}
|
|
|
|
assert.Nil(t, tlsConfig.RootCAs)
|
|
})
|
|
}
|
|
}
|