cloudflare/cloudflared
Publicmirrored from https://github.com/cloudflare/cloudflaredAvailable
tlsconfig/tlsconfig_test.go
84lines · modecode
| 1 | // TODO: Remove the above build tag and include this test when we start compiling with Golang 1.10.0+ |
| 2 | |
| 3 | package tlsconfig |
| 4 | |
| 5 | import ( |
| 6 | "crypto/tls" |
| 7 | "testing" |
| 8 | |
| 9 | "github.com/stretchr/testify/assert" |
| 10 | ) |
| 11 | |
| 12 | // testcert.pem and testcert2.pem are Generated using `openssl req -newkey rsa:512 -nodes -x509 -days 3650` |
| 13 | const ( |
| 14 | testcertCommonName = "localhost" |
| 15 | ) |
| 16 | |
| 17 | func TestGetFromEmptyConfig(t *testing.T) { |
| 18 | c := &TLSParameters{} |
| 19 | |
| 20 | tlsConfig, err := GetConfig(c) |
| 21 | assert.NoError(t, err) |
| 22 | assert.Empty(t, tlsConfig.Certificates) |
| 23 | |
| 24 | assert.Empty(t, tlsConfig.NameToCertificate) |
| 25 | |
| 26 | assert.Nil(t, tlsConfig.ClientCAs) |
| 27 | assert.Equal(t, tls.NoClientCert, tlsConfig.ClientAuth) |
| 28 | |
| 29 | assert.Nil(t, tlsConfig.RootCAs) |
| 30 | |
| 31 | assert.Len(t, tlsConfig.CurvePreferences, 1) |
| 32 | assert.Equal(t, tls.CurveP256, tlsConfig.CurvePreferences[0]) |
| 33 | } |
| 34 | |
| 35 | func TestGetConfig(t *testing.T) { |
| 36 | cert, err := tls.LoadX509KeyPair("testcert.pem", "testkey.pem") |
| 37 | assert.NoError(t, err) |
| 38 | |
| 39 | c := &TLSParameters{ |
| 40 | Cert: "testcert.pem", |
| 41 | Key: "testkey.pem", |
| 42 | ClientCAs: []string{"testcert.pem", "testcert2.pem"}, |
| 43 | RootCAs: []string{"testcert.pem", "testcert2.pem"}, |
| 44 | ServerName: "test", |
| 45 | CurvePreferences: []tls.CurveID{tls.CurveP384}, |
| 46 | } |
| 47 | tlsConfig, err := GetConfig(c) |
| 48 | assert.NoError(t, err) |
| 49 | assert.Len(t, tlsConfig.Certificates, 1) |
| 50 | assert.Equal(t, cert, tlsConfig.Certificates[0]) |
| 51 | |
| 52 | assert.Equal(t, cert, *tlsConfig.NameToCertificate[testcertCommonName]) |
| 53 | |
| 54 | assert.NotNil(t, tlsConfig.ClientCAs) |
| 55 | assert.Equal(t, tls.RequireAndVerifyClientCert, tlsConfig.ClientAuth) |
| 56 | |
| 57 | assert.NotNil(t, tlsConfig.RootCAs) |
| 58 | |
| 59 | assert.Len(t, tlsConfig.CurvePreferences, 1) |
| 60 | assert.Equal(t, tls.CurveP384, tlsConfig.CurvePreferences[0]) |
| 61 | } |
| 62 | |
| 63 | func TestCertReloader(t *testing.T) { |
| 64 | expectedCert, err := tls.LoadX509KeyPair("testcert.pem", "testkey.pem") |
| 65 | assert.NoError(t, err) |
| 66 | |
| 67 | certReloader, err := NewCertReloader("testcert.pem", "testkey.pem") |
| 68 | assert.NoError(t, err) |
| 69 | |
| 70 | chi := &tls.ClientHelloInfo{ServerName: testcertCommonName} |
| 71 | cert, err := certReloader.Cert(chi) |
| 72 | assert.NoError(t, err) |
| 73 | assert.Equal(t, expectedCert, *cert) |
| 74 | |
| 75 | c := &TLSParameters{ |
| 76 | GetCertificate: certReloader, |
| 77 | } |
| 78 | tlsConfig, err := GetConfig(c) |
| 79 | assert.NoError(t, err) |
| 80 | |
| 81 | cert, err = tlsConfig.GetCertificate(chi) |
| 82 | assert.NoError(t, err) |
| 83 | assert.Equal(t, expectedCert, *cert) |
| 84 | } |
| 85 | |