-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathserver_test.go
120 lines (104 loc) · 3.8 KB
/
server_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package backend
import (
"bytes"
"crypto/tls"
"crypto/x509"
"os"
"testing"
"github.com/gorilla/mux"
)
const (
// these constants may need to change when testdata content changes
caRootCertSubjectCN = "linuxctl ECC Root Certification Authority (Test)"
caIntCertSubjectCN = "linuxctl ECC Intermediate Certification Authority (Test)"
serverCertSubjectCN = "power-toggle"
serverCertFileLocation = "../testdata/tls/server_power-toggle-chain.pem"
serverKeyFileLocation = "../testdata/tls/server_power-toggle-key.pem"
)
// helper function to create TLS config while handling error
func createTestTLSConfig(t *testing.T) *tls.Config {
testTLSConfig, err := configureTLS()
if err != nil {
t.Fatalf("we got an unexpected error while calling createTLSConfig: %s", err)
}
return &testTLSConfig
}
// TestTLSConfig should test the behaviour of configureTLS
func TestTLSConfig(t *testing.T) {
// configure TLS options
os.Setenv("POWER_TOGGLE_SERVER_TLS_ENABLED", "true")
os.Setenv("POWER_TOGGLE_SERVER_TLS_CERT_CHAIN", serverCertFileLocation)
os.Setenv("POWER_TOGGLE_SERVER_TLS_PRIVATE_KEY", serverKeyFileLocation)
testTLSConfig := createTestTLSConfig(t)
if testTLSConfig.MinVersion != tlsMinVersion {
t.Error("MinVersion is not set to expected value")
}
if testTLSConfig.InsecureSkipVerify {
t.Error("InsecureSkipVerify is not set to false")
}
if !testTLSConfig.PreferServerCipherSuites {
t.Errorf("PreferServerCipherSuites is not set to true")
}
if len(testTLSConfig.CipherSuites) == 0 {
t.Error("CipherSuites is not set")
}
if len(testTLSConfig.CurvePreferences) == 0 {
t.Error("CurvePreferences is not set")
}
for i := range testTLSConfig.CipherSuites {
if testTLSConfig.CipherSuites[i] != tlsCiphers[i] {
t.Error("discrepancy found in CipherSuites")
}
}
for i := range testTLSConfig.CurvePreferences {
if testTLSConfig.CurvePreferences[i] != tlsCurvePreferences[i] {
t.Error("discrepancy found in CurvePreferences")
}
}
// test that the expected certs are loaded
if len(testTLSConfig.Certificates) == 0 {
t.Fatal("certificate file was not loaded")
} else if len(testTLSConfig.Certificates) > 1 {
t.Fatalf("more than 1 certficate file was loaded: %v", len(testTLSConfig.Certificates))
}
// our test chain cert file should have 3 certs (server > intermediate ca > root ca)
if len(testTLSConfig.Certificates[0].Certificate) != 3 {
t.Fatalf("expected to have 3 x509 certificates loaded, but found: %v", len(testTLSConfig.Certificates[0].Certificate))
}
// confirm the correct 3 certificates are loaded (we use subjects here, instead of SKI)
for _, cert := range testTLSConfig.Certificates[0].Certificate {
cert, err := x509.ParseCertificate(cert)
if err != nil {
t.Fatalf("failed to parse certficate: %v", err)
}
switch {
case bytes.Contains(cert.RawSubject, []byte(caRootCertSubjectCN)):
t.Log("found root ca cert cn")
case bytes.Contains(cert.RawSubject, []byte(caIntCertSubjectCN)):
t.Log("found intermediate ca cert cn")
case bytes.Contains(cert.RawSubject, []byte(serverCertSubjectCN)):
t.Log("found server cert cn")
default:
t.Fatal("expected CN not found in certificate subject")
}
}
// confirm that we can disable TLS
os.Unsetenv("POWER_TOGGLE_SERVER_TLS_ENABLED")
testTLSConfig = createTestTLSConfig(t)
if len(testTLSConfig.Certificates) != 0 {
t.Fatal("failed to disable TLS")
}
}
func TestHTTPConfig(t *testing.T) {
httpServerConfig := configureHTTPServer(&mux.Router{})
if httpServerConfig.WriteTimeout != httpWriteTimeout {
t.Error("WriteTimeout is not set to correct value")
}
if httpServerConfig.ReadTimeout != httpReadTimeout {
t.Error("ReadTimeout is not set to correct value")
}
if httpServerConfig.IdleTimeout != httpIdleTimeout {
t.Error("IdleTimeout is not set to correct value")
}
}
// TODO: test startHTTPServer() somehow