diff options
Diffstat (limited to 'https/tls_config_test.go')
-rw-r--r-- | https/tls_config_test.go | 117 |
1 files changed, 102 insertions, 15 deletions
diff --git a/https/tls_config_test.go b/https/tls_config_test.go index 4b1b4e0..07f412a 100644 --- a/https/tls_config_test.go +++ b/https/tls_config_test.go | |||
@@ -28,7 +28,8 @@ import ( | |||
28 | ) | 28 | ) |
29 | 29 | ||
30 | var ( | 30 | var ( |
31 | port = getPort() | 31 | port = getPort() |
32 | testlogger = &testLogger{} | ||
32 | 33 | ||
33 | ErrorMap = map[string]*regexp.Regexp{ | 34 | ErrorMap = map[string]*regexp.Regexp{ |
34 | "HTTP Response to HTTPS": regexp.MustCompile(`server gave HTTP response to HTTPS client`), | 35 | "HTTP Response to HTTPS": regexp.MustCompile(`server gave HTTP response to HTTPS client`), |
@@ -38,12 +39,21 @@ var ( | |||
38 | "Invalid ClientAuth": regexp.MustCompile(`invalid ClientAuth`), | 39 | "Invalid ClientAuth": regexp.MustCompile(`invalid ClientAuth`), |
39 | "TLS handshake": regexp.MustCompile(`tls`), | 40 | "TLS handshake": regexp.MustCompile(`tls`), |
40 | "HTTP Request to HTTPS server": regexp.MustCompile(`HTTP`), | 41 | "HTTP Request to HTTPS server": regexp.MustCompile(`HTTP`), |
41 | "Invalid CertPath": regexp.MustCompile(`missing TLSCertPath`), | 42 | "Invalid CertPath": regexp.MustCompile(`missing cert_file`), |
42 | "Invalid KeyPath": regexp.MustCompile(`missing TLSKeyPath`), | 43 | "Invalid KeyPath": regexp.MustCompile(`missing key_file`), |
43 | "ClientCA set without policy": regexp.MustCompile(`Client CA's have been configured without a Client Auth Policy`), | 44 | "ClientCA set without policy": regexp.MustCompile(`Client CA's have been configured without a Client Auth Policy`), |
45 | "Bad password": regexp.MustCompile(`hashedSecret too short to be a bcrypted password`), | ||
46 | "Unauthorized": regexp.MustCompile(`Unauthorized`), | ||
47 | "Forbidden": regexp.MustCompile(`Forbidden`), | ||
44 | } | 48 | } |
45 | ) | 49 | ) |
46 | 50 | ||
51 | type testLogger struct{} | ||
52 | |||
53 | func (t *testLogger) Log(keyvals ...interface{}) error { | ||
54 | return nil | ||
55 | } | ||
56 | |||
47 | func getPort() string { | 57 | func getPort() string { |
48 | listener, err := net.Listen("tcp", ":0") | 58 | listener, err := net.Listen("tcp", ":0") |
49 | if err != nil { | 59 | if err != nil { |
@@ -61,6 +71,8 @@ type TestInputs struct { | |||
61 | YAMLConfigPath string | 71 | YAMLConfigPath string |
62 | ExpectedError *regexp.Regexp | 72 | ExpectedError *regexp.Regexp |
63 | UseTLSClient bool | 73 | UseTLSClient bool |
74 | Username string | ||
75 | Password string | ||
64 | } | 76 | } |
65 | 77 | ||
66 | func TestYAMLFiles(t *testing.T) { | 78 | func TestYAMLFiles(t *testing.T) { |
@@ -73,7 +85,7 @@ func TestYAMLFiles(t *testing.T) { | |||
73 | { | 85 | { |
74 | Name: `empty config yml`, | 86 | Name: `empty config yml`, |
75 | YAMLConfigPath: "testdata/tls_config_empty.yml", | 87 | YAMLConfigPath: "testdata/tls_config_empty.yml", |
76 | ExpectedError: ErrorMap["Invalid CertPath"], | 88 | ExpectedError: nil, |
77 | }, | 89 | }, |
78 | { | 90 | { |
79 | Name: `invalid config yml (invalid structure)`, | 91 | Name: `invalid config yml (invalid structure)`, |
@@ -81,6 +93,11 @@ func TestYAMLFiles(t *testing.T) { | |||
81 | ExpectedError: ErrorMap["YAML error"], | 93 | ExpectedError: ErrorMap["YAML error"], |
82 | }, | 94 | }, |
83 | { | 95 | { |
96 | Name: `invalid config yml (invalid key)`, | ||
97 | YAMLConfigPath: "testdata/tls_config_junk_key.yml", | ||
98 | ExpectedError: ErrorMap["YAML error"], | ||
99 | }, | ||
100 | { | ||
84 | Name: `invalid config yml (cert path empty)`, | 101 | Name: `invalid config yml (cert path empty)`, |
85 | YAMLConfigPath: "testdata/tls_config_noAuth_certPath_empty.bad.yml", | 102 | YAMLConfigPath: "testdata/tls_config_noAuth_certPath_empty.bad.yml", |
86 | ExpectedError: ErrorMap["Invalid CertPath"], | 103 | ExpectedError: ErrorMap["Invalid CertPath"], |
@@ -120,6 +137,11 @@ func TestYAMLFiles(t *testing.T) { | |||
120 | YAMLConfigPath: "testdata/tls_config_auth_clientCAs_invalid.bad.yml", | 137 | YAMLConfigPath: "testdata/tls_config_auth_clientCAs_invalid.bad.yml", |
121 | ExpectedError: ErrorMap["No such file"], | 138 | ExpectedError: ErrorMap["No such file"], |
122 | }, | 139 | }, |
140 | { | ||
141 | Name: `invalid config yml (invalid user list)`, | ||
142 | YAMLConfigPath: "testdata/tls_config_auth_user_list_invalid.bad.yml", | ||
143 | ExpectedError: ErrorMap["Bad password"], | ||
144 | }, | ||
123 | } | 145 | } |
124 | for _, testInputs := range testTables { | 146 | for _, testInputs := range testTables { |
125 | t.Run(testInputs.Name, testInputs.Test) | 147 | t.Run(testInputs.Name, testInputs.Test) |
@@ -189,7 +211,7 @@ func TestConfigReloading(t *testing.T) { | |||
189 | recordConnectionError(errors.New("Panic starting server")) | 211 | recordConnectionError(errors.New("Panic starting server")) |
190 | } | 212 | } |
191 | }() | 213 | }() |
192 | err := Listen(server, badYAMLPath) | 214 | err := Listen(server, badYAMLPath, testlogger) |
193 | recordConnectionError(err) | 215 | recordConnectionError(err) |
194 | }() | 216 | }() |
195 | 217 | ||
@@ -266,21 +288,28 @@ func (test *TestInputs) Test(t *testing.T) { | |||
266 | recordConnectionError(errors.New("Panic starting server")) | 288 | recordConnectionError(errors.New("Panic starting server")) |
267 | } | 289 | } |
268 | }() | 290 | }() |
269 | err := Listen(server, test.YAMLConfigPath) | 291 | err := Listen(server, test.YAMLConfigPath, testlogger) |
270 | recordConnectionError(err) | 292 | recordConnectionError(err) |
271 | }() | 293 | }() |
272 | 294 | ||
273 | var ClientConnection func() (*http.Response, error) | 295 | ClientConnection := func() (*http.Response, error) { |
274 | if test.UseTLSClient { | 296 | var client *http.Client |
275 | ClientConnection = func() (*http.Response, error) { | 297 | var proto string |
276 | client := getTLSClient() | 298 | if test.UseTLSClient { |
277 | return client.Get("https://localhost" + port) | 299 | client = getTLSClient() |
300 | proto = "https" | ||
301 | } else { | ||
302 | client = http.DefaultClient | ||
303 | proto = "http" | ||
278 | } | 304 | } |
279 | } else { | 305 | req, err := http.NewRequest("GET", proto+"://localhost"+port, nil) |
280 | ClientConnection = func() (*http.Response, error) { | 306 | if err != nil { |
281 | client := http.DefaultClient | 307 | t.Error(err) |
282 | return client.Get("http://localhost" + port) | ||
283 | } | 308 | } |
309 | if test.Username != "" { | ||
310 | req.SetBasicAuth(test.Username, test.Password) | ||
311 | } | ||
312 | return client.Do(req) | ||
284 | } | 313 | } |
285 | go func() { | 314 | go func() { |
286 | time.Sleep(250 * time.Millisecond) | 315 | time.Sleep(250 * time.Millisecond) |
@@ -360,3 +389,61 @@ func swapFileContents(file1, file2 string) error { | |||
360 | } | 389 | } |
361 | return nil | 390 | return nil |
362 | } | 391 | } |
392 | |||
393 | func TestUsers(t *testing.T) { | ||
394 | testTables := []*TestInputs{ | ||
395 | { | ||
396 | Name: `without basic auth`, | ||
397 | YAMLConfigPath: "testdata/tls_config_users_noTLS.good.yml", | ||
398 | ExpectedError: ErrorMap["Unauthorized"], | ||
399 | }, | ||
400 | { | ||
401 | Name: `with correct basic auth`, | ||
402 | YAMLConfigPath: "testdata/tls_config_users_noTLS.good.yml", | ||
403 | Username: "dave", | ||
404 | Password: "dave123", | ||
405 | ExpectedError: nil, | ||
406 | }, | ||
407 | { | ||
408 | Name: `without basic auth and TLS`, | ||
409 | YAMLConfigPath: "testdata/tls_config_users.good.yml", | ||
410 | UseTLSClient: true, | ||
411 | ExpectedError: ErrorMap["Unauthorized"], | ||
412 | }, | ||
413 | { | ||
414 | Name: `with correct basic auth and TLS`, | ||
415 | YAMLConfigPath: "testdata/tls_config_users.good.yml", | ||
416 | UseTLSClient: true, | ||
417 | Username: "dave", | ||
418 | Password: "dave123", | ||
419 | ExpectedError: nil, | ||
420 | }, | ||
421 | { | ||
422 | Name: `with another correct basic auth and TLS`, | ||
423 | YAMLConfigPath: "testdata/tls_config_users.good.yml", | ||
424 | UseTLSClient: true, | ||
425 | Username: "carol", | ||
426 | Password: "carol123", | ||
427 | ExpectedError: nil, | ||
428 | }, | ||
429 | { | ||
430 | Name: `with bad password and TLS`, | ||
431 | YAMLConfigPath: "testdata/tls_config_users.good.yml", | ||
432 | UseTLSClient: true, | ||
433 | Username: "dave", | ||
434 | Password: "bad", | ||
435 | ExpectedError: ErrorMap["Forbidden"], | ||
436 | }, | ||
437 | { | ||
438 | Name: `with bad username and TLS`, | ||
439 | YAMLConfigPath: "testdata/tls_config_users.good.yml", | ||
440 | UseTLSClient: true, | ||
441 | Username: "nonexistent", | ||
442 | Password: "nonexistent", | ||
443 | ExpectedError: ErrorMap["Forbidden"], | ||
444 | }, | ||
445 | } | ||
446 | for _, testInputs := range testTables { | ||
447 | t.Run(testInputs.Name, testInputs.Test) | ||
448 | } | ||
449 | } | ||