1 files changed, 102 insertions, 15 deletions
diff --git a/https/tls_config_test.go b/https/tls_config_test.go
index 4b1b4e0..07f412a 100644
--- a/https/tls_config_test.go
+++ b/https/tls_config_test.go
@@ -28,7 +28,8 @@ import (
 )
 var (
-        port = getPort()
+        port       = getPort()
+        testlogger = &testLogger{}
        ErrorMap = map[string]*regexp.Regexp{
                "HTTP Response to HTTPS":       regexp.MustCompile(`server gave HTTP response to HTTPS client`),
@@ -38,12 +39,21 @@ var (
                "Invalid ClientAuth":           regexp.MustCompile(`invalid ClientAuth`),
                "TLS handshake":                regexp.MustCompile(`tls`),
                "HTTP Request to HTTPS server": regexp.MustCompile(`HTTP`),
-                "Invalid CertPath":             regexp.MustCompile(`missing TLSCertPath`),
+                "Invalid CertPath":             regexp.MustCompile(`missing cert_file`),
-                "Invalid KeyPath":              regexp.MustCompile(`missing TLSKeyPath`),
+                "Invalid KeyPath":              regexp.MustCompile(`missing key_file`),
                "ClientCA set without policy":  regexp.MustCompile(`Client CA's have been configured without a Client Auth Policy`),
+                "Bad password":                 regexp.MustCompile(`hashedSecret too short to be a bcrypted password`),
+                "Unauthorized":                 regexp.MustCompile(`Unauthorized`),
+                "Forbidden":                    regexp.MustCompile(`Forbidden`),
        }
 )
+type testLogger struct{}
+func (t *testLogger) Log(keyvals ...interface{}) error {
+        return nil
+}
 func getPort() string {
        listener, err := net.Listen("tcp", ":0")
        if err != nil {
@@ -61,6 +71,8 @@ type TestInputs struct {
        YAMLConfigPath string
        ExpectedError  *regexp.Regexp
        UseTLSClient   bool
+        Username       string
+        Password       string
 }
 func TestYAMLFiles(t *testing.T) {
@@ -73,7 +85,7 @@ func TestYAMLFiles(t *testing.T) {
                {
                        Name:           `empty config yml`,
                        YAMLConfigPath: "testdata/tls_config_empty.yml",
-                        ExpectedError:  ErrorMap["Invalid CertPath"],
+                        ExpectedError:  nil,
                },
                {
                        Name:           `invalid config yml (invalid structure)`,
@@ -81,6 +93,11 @@ func TestYAMLFiles(t *testing.T) {
                        ExpectedError:  ErrorMap["YAML error"],
                },
                {
+                        Name:           `invalid config yml (invalid key)`,
+                        YAMLConfigPath: "testdata/tls_config_junk_key.yml",
+                        ExpectedError:  ErrorMap["YAML error"],
+                },
+                {
                        Name:           `invalid config yml (cert path empty)`,
                        YAMLConfigPath: "testdata/tls_config_noAuth_certPath_empty.bad.yml",
                        ExpectedError:  ErrorMap["Invalid CertPath"],
@@ -120,6 +137,11 @@ func TestYAMLFiles(t *testing.T) {
                        YAMLConfigPath: "testdata/tls_config_auth_clientCAs_invalid.bad.yml",
                        ExpectedError:  ErrorMap["No such file"],
                },
+                {
+                        Name:           `invalid config yml (invalid user list)`,
+                        YAMLConfigPath: "testdata/tls_config_auth_user_list_invalid.bad.yml",
+                        ExpectedError:  ErrorMap["Bad password"],
+                },
        }
        for _, testInputs := range testTables {
                t.Run(testInputs.Name, testInputs.Test)
@@ -189,7 +211,7 @@ func TestConfigReloading(t *testing.T) {
                                recordConnectionError(errors.New("Panic starting server"))
                        }
                }()
-                err := Listen(server, badYAMLPath)
+                err := Listen(server, badYAMLPath, testlogger)
                recordConnectionError(err)
        }()
@@ -266,21 +288,28 @@ func (test *TestInputs) Test(t *testing.T) {
                                recordConnectionError(errors.New("Panic starting server"))
                        }
                }()
-                err := Listen(server, test.YAMLConfigPath)
+                err := Listen(server, test.YAMLConfigPath, testlogger)
                recordConnectionError(err)
        }()
-        var ClientConnection func() (*http.Response, error)
+        ClientConnection := func() (*http.Response, error) {
-        if test.UseTLSClient {
+                var client *http.Client
-                ClientConnection = func() (*http.Response, error) {
+                var proto string
-                        client := getTLSClient()
+                if test.UseTLSClient {
-                        return client.Get("https://localhost" + port)
+                        client = getTLSClient()
+                        proto = "https"
+                } else {
+                        client = http.DefaultClient
+                        proto = "http"
                }
-        } else {
+                req, err := http.NewRequest("GET", proto+"://localhost"+port, nil)
-                ClientConnection = func() (*http.Response, error) {
+                if err != nil {
-                        client := http.DefaultClient
+                        t.Error(err)
-                        return client.Get("http://localhost" + port)
                }
+                if test.Username != "" {
+                        req.SetBasicAuth(test.Username, test.Password)
+                }
+                return client.Do(req)
        }
        go func() {
                time.Sleep(250 * time.Millisecond)
@@ -360,3 +389,61 @@ func swapFileContents(file1, file2 string) error {
        }
        return nil
 }
+func TestUsers(t *testing.T) {
+        testTables := []*TestInputs{
+                {
+                        Name:           `without basic auth`,
+                        YAMLConfigPath: "testdata/tls_config_users_noTLS.good.yml",
+                        ExpectedError:  ErrorMap["Unauthorized"],
+                },
+                {
+                        Name:           `with correct basic auth`,
+                        YAMLConfigPath: "testdata/tls_config_users_noTLS.good.yml",
+                        Username:       "dave",
+                        Password:       "dave123",
+                        ExpectedError:  nil,
+                },
+                {
+                        Name:           `without basic auth and TLS`,
+                        YAMLConfigPath: "testdata/tls_config_users.good.yml",
+                        UseTLSClient:   true,
+                        ExpectedError:  ErrorMap["Unauthorized"],
+                },
+                {
+                        Name:           `with correct basic auth and TLS`,
+                        YAMLConfigPath: "testdata/tls_config_users.good.yml",
+                        UseTLSClient:   true,
+                        Username:       "dave",
+                        Password:       "dave123",
+                        ExpectedError:  nil,
+                },
+                {
+                        Name:           `with another correct basic auth and TLS`,
+                        YAMLConfigPath: "testdata/tls_config_users.good.yml",
+                        UseTLSClient:   true,
+                        Username:       "carol",
+                        Password:       "carol123",
+                        ExpectedError:  nil,
+                },
+                {
+                        Name:           `with bad password and TLS`,
+                        YAMLConfigPath: "testdata/tls_config_users.good.yml",
+                        UseTLSClient:   true,
+                        Username:       "dave",
+                        Password:       "bad",
+                        ExpectedError:  ErrorMap["Forbidden"],
+                },
+                {
+                        Name:           `with bad username and TLS`,
+                        YAMLConfigPath: "testdata/tls_config_users.good.yml",
+                        UseTLSClient:   true,
+                        Username:       "nonexistent",
+                        Password:       "nonexistent",
+                        ExpectedError:  ErrorMap["Forbidden"],
+                },
+        }
+        for _, testInputs := range testTables {
+                t.Run(testInputs.Name, testInputs.Test)
+        }
+}

diff --git a/https/tls_config_test.go b/https/tls_config_test.go index 4b1b4e0..07f412a 100644 --- a/https/tls_config_test.go +++ b/https/tls_config_test.go
@@ -28,7 +28,8 @@ import (
28	)	28	)
29		29
30	var (	30	var (
31	port = getPort()	31	port = getPort()
		32	testlogger = &testLogger{}
32		33
33	ErrorMap = map[string]*regexp.Regexp{	34	ErrorMap = map[string]*regexp.Regexp{
34	"HTTP Response to HTTPS": regexp.MustCompile(`server gave HTTP response to HTTPS client`),	35	"HTTP Response to HTTPS": regexp.MustCompile(`server gave HTTP response to HTTPS client`),
@@ -38,12 +39,21 @@ var (
38	"Invalid ClientAuth": regexp.MustCompile(`invalid ClientAuth`),	39	"Invalid ClientAuth": regexp.MustCompile(`invalid ClientAuth`),
39	"TLS handshake": regexp.MustCompile(`tls`),	40	"TLS handshake": regexp.MustCompile(`tls`),
40	"HTTP Request to HTTPS server": regexp.MustCompile(`HTTP`),	41	"HTTP Request to HTTPS server": regexp.MustCompile(`HTTP`),
41	"Invalid CertPath": regexp.MustCompile(`missing TLSCertPath`),	42	"Invalid CertPath": regexp.MustCompile(`missing cert_file`),
42	"Invalid KeyPath": regexp.MustCompile(`missing TLSKeyPath`),	43	"Invalid KeyPath": regexp.MustCompile(`missing key_file`),
43	"ClientCA set without policy": regexp.MustCompile(`Client CA's have been configured without a Client Auth Policy`),	44	"ClientCA set without policy": regexp.MustCompile(`Client CA's have been configured without a Client Auth Policy`),
		45	"Bad password": regexp.MustCompile(`hashedSecret too short to be a bcrypted password`),
		46	"Unauthorized": regexp.MustCompile(`Unauthorized`),
		47	"Forbidden": regexp.MustCompile(`Forbidden`),
44	}	48	}
45	)	49	)
46		50
		51	type testLogger struct{}
		52
		53	func (t *testLogger) Log(keyvals ...interface{}) error {
		54	return nil
		55	}
		56
47	func getPort() string {	57	func getPort() string {
48	listener, err := net.Listen("tcp", ":0")	58	listener, err := net.Listen("tcp", ":0")
49	if err != nil {	59	if err != nil {
@@ -61,6 +71,8 @@ type TestInputs struct {
61	YAMLConfigPath string	71	YAMLConfigPath string
62	ExpectedError *regexp.Regexp	72	ExpectedError *regexp.Regexp
63	UseTLSClient bool	73	UseTLSClient bool
		74	Username string
		75	Password string
64	}	76	}
65		77
66	func TestYAMLFiles(t *testing.T) {	78	func TestYAMLFiles(t *testing.T) {
@@ -73,7 +85,7 @@ func TestYAMLFiles(t *testing.T) {
73	{	85	{
74	Name: `empty config yml`,	86	Name: `empty config yml`,
75	YAMLConfigPath: "testdata/tls_config_empty.yml",	87	YAMLConfigPath: "testdata/tls_config_empty.yml",
76	ExpectedError: ErrorMap["Invalid CertPath"],	88	ExpectedError: nil,
77	},	89	},
78	{	90	{
79	Name: `invalid config yml (invalid structure)`,	91	Name: `invalid config yml (invalid structure)`,
@@ -81,6 +93,11 @@ func TestYAMLFiles(t *testing.T) {
81	ExpectedError: ErrorMap["YAML error"],	93	ExpectedError: ErrorMap["YAML error"],
82	},	94	},
83	{	95	{
		96	Name: `invalid config yml (invalid key)`,
		97	YAMLConfigPath: "testdata/tls_config_junk_key.yml",
		98	ExpectedError: ErrorMap["YAML error"],
		99	},
		100	{
84	Name: `invalid config yml (cert path empty)`,	101	Name: `invalid config yml (cert path empty)`,
85	YAMLConfigPath: "testdata/tls_config_noAuth_certPath_empty.bad.yml",	102	YAMLConfigPath: "testdata/tls_config_noAuth_certPath_empty.bad.yml",
86	ExpectedError: ErrorMap["Invalid CertPath"],	103	ExpectedError: ErrorMap["Invalid CertPath"],
@@ -120,6 +137,11 @@ func TestYAMLFiles(t *testing.T) {
120	YAMLConfigPath: "testdata/tls_config_auth_clientCAs_invalid.bad.yml",	137	YAMLConfigPath: "testdata/tls_config_auth_clientCAs_invalid.bad.yml",
121	ExpectedError: ErrorMap["No such file"],	138	ExpectedError: ErrorMap["No such file"],
122	},	139	},
		140	{
		141	Name: `invalid config yml (invalid user list)`,
		142	YAMLConfigPath: "testdata/tls_config_auth_user_list_invalid.bad.yml",
		143	ExpectedError: ErrorMap["Bad password"],
		144	},
123	}	145	}
124	for _, testInputs := range testTables {	146	for _, testInputs := range testTables {
125	t.Run(testInputs.Name, testInputs.Test)	147	t.Run(testInputs.Name, testInputs.Test)
@@ -189,7 +211,7 @@ func TestConfigReloading(t *testing.T) {
189	recordConnectionError(errors.New("Panic starting server"))	211	recordConnectionError(errors.New("Panic starting server"))
190	}	212	}
191	}()	213	}()
192	err := Listen(server, badYAMLPath)	214	err := Listen(server, badYAMLPath, testlogger)
193	recordConnectionError(err)	215	recordConnectionError(err)
194	}()	216	}()
195		217
@@ -266,21 +288,28 @@ func (test TestInputs) Test(t testing.T) {
266	recordConnectionError(errors.New("Panic starting server"))	288	recordConnectionError(errors.New("Panic starting server"))
267	}	289	}
268	}()	290	}()
269	err := Listen(server, test.YAMLConfigPath)	291	err := Listen(server, test.YAMLConfigPath, testlogger)
270	recordConnectionError(err)	292	recordConnectionError(err)
271	}()	293	}()
272		294
273	var ClientConnection func() (*http.Response, error)	295	ClientConnection := func() (*http.Response, error) {
274	if test.UseTLSClient {	296	var client *http.Client
275	ClientConnection = func() (*http.Response, error) {	297	var proto string
276	client := getTLSClient()	298	if test.UseTLSClient {
277	return client.Get("https://localhost" + port)	299	client = getTLSClient()
		300	proto = "https"
		301	} else {
		302	client = http.DefaultClient
		303	proto = "http"
278	}	304	}
279	} else {	305	req, err := http.NewRequest("GET", proto+"://localhost"+port, nil)
280	ClientConnection = func() (*http.Response, error) {	306	if err != nil {
281	client := http.DefaultClient	307	t.Error(err)
282	return client.Get("http://localhost" + port)
283	}	308	}
		309	if test.Username != "" {
		310	req.SetBasicAuth(test.Username, test.Password)
		311	}
		312	return client.Do(req)
284	}	313	}
285	go func() {	314	go func() {
286	time.Sleep(250 * time.Millisecond)	315	time.Sleep(250 * time.Millisecond)
@@ -360,3 +389,61 @@ func swapFileContents(file1, file2 string) error {
360	}	389	}
361	return nil	390	return nil
362	}	391	}
		392
		393	func TestUsers(t *testing.T) {
		394	testTables := []*TestInputs{
		395	{
		396	Name: `without basic auth`,
		397	YAMLConfigPath: "testdata/tls_config_users_noTLS.good.yml",
		398	ExpectedError: ErrorMap["Unauthorized"],
		399	},
		400	{
		401	Name: `with correct basic auth`,
		402	YAMLConfigPath: "testdata/tls_config_users_noTLS.good.yml",
		403	Username: "dave",
		404	Password: "dave123",
		405	ExpectedError: nil,
		406	},
		407	{
		408	Name: `without basic auth and TLS`,
		409	YAMLConfigPath: "testdata/tls_config_users.good.yml",
		410	UseTLSClient: true,
		411	ExpectedError: ErrorMap["Unauthorized"],
		412	},
		413	{
		414	Name: `with correct basic auth and TLS`,
		415	YAMLConfigPath: "testdata/tls_config_users.good.yml",
		416	UseTLSClient: true,
		417	Username: "dave",
		418	Password: "dave123",
		419	ExpectedError: nil,
		420	},
		421	{
		422	Name: `with another correct basic auth and TLS`,
		423	YAMLConfigPath: "testdata/tls_config_users.good.yml",
		424	UseTLSClient: true,
		425	Username: "carol",
		426	Password: "carol123",
		427	ExpectedError: nil,
		428	},
		429	{
		430	Name: `with bad password and TLS`,
		431	YAMLConfigPath: "testdata/tls_config_users.good.yml",
		432	UseTLSClient: true,
		433	Username: "dave",
		434	Password: "bad",
		435	ExpectedError: ErrorMap["Forbidden"],
		436	},
		437	{
		438	Name: `with bad username and TLS`,
		439	YAMLConfigPath: "testdata/tls_config_users.good.yml",
		440	UseTLSClient: true,
		441	Username: "nonexistent",
		442	Password: "nonexistent",
		443	ExpectedError: ErrorMap["Forbidden"],
		444	},
		445	}
		446	for _, testInputs := range testTables {
		447	t.Run(testInputs.Name, testInputs.Test)
		448	}
		449	}