Peter Kurfer
7c2a41ad25
- apply changes in proxy plugin and TLS interceptor - add HTTPS proxy support - move ca-generation command to main app - minor refactoring to improve API stability - move mocks to extra packages to avoid cycling imports - fix bug in multi-port configuration - change HTTP proxy to redirect to HTTP mock instead of maintaining custom rules
137 lines
2.7 KiB
Go
137 lines
2.7 KiB
Go
package cert
|
|
|
|
import (
|
|
"github.com/spf13/viper"
|
|
"os"
|
|
"reflect"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func readViper(cfg string) *viper.Viper {
|
|
vpr := viper.New()
|
|
vpr.SetConfigType("yaml")
|
|
if err := vpr.ReadConfig(strings.NewReader(cfg)); err != nil {
|
|
panic(err)
|
|
}
|
|
return vpr
|
|
}
|
|
|
|
func Test_loadFromConfig(t *testing.T) {
|
|
type args struct {
|
|
config *viper.Viper
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want Options
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "Parse valid TLS configuration",
|
|
wantErr: false,
|
|
args: args{
|
|
config: readViper(`
|
|
tls:
|
|
ecdsaCurve: P256
|
|
validity:
|
|
ca:
|
|
notBeforeRelative: 17520h
|
|
notAfterRelative: 17520h
|
|
server:
|
|
NotBeforeRelative: 168h
|
|
NotAfterRelative: 168h
|
|
rootCaCert:
|
|
publicKey: ./ca.pem
|
|
privateKey: ./ca.key
|
|
certCachePath: /tmp/inetmock/
|
|
`),
|
|
},
|
|
want: Options{
|
|
RootCACert: File{
|
|
PublicKeyPath: "./ca.pem",
|
|
PrivateKeyPath: "./ca.key",
|
|
},
|
|
CertCachePath: "/tmp/inetmock/",
|
|
Curve: CurveTypeP256,
|
|
Validity: ValidityByPurpose{
|
|
CA: ValidityDuration{
|
|
NotBeforeRelative: 17520 * time.Hour,
|
|
NotAfterRelative: 17520 * time.Hour,
|
|
},
|
|
Server: ValidityDuration{
|
|
NotBeforeRelative: 168 * time.Hour,
|
|
NotAfterRelative: 168 * time.Hour,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "Get an error if CA public key path is missing",
|
|
args: args{
|
|
readViper(`
|
|
tls:
|
|
rootCaCert:
|
|
privateKey: ./ca.key
|
|
`),
|
|
},
|
|
want: Options{},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "Get an error if CA private key path is missing",
|
|
args: args{
|
|
readViper(`
|
|
tls:
|
|
rootCaCert:
|
|
publicKey: ./ca.pem
|
|
`),
|
|
},
|
|
want: Options{},
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "Get default options if all required fields are set",
|
|
args: args{
|
|
readViper(`
|
|
tls:
|
|
rootCaCert:
|
|
publicKey: ./ca.pem
|
|
privateKey: ./ca.key
|
|
`),
|
|
},
|
|
want: Options{
|
|
RootCACert: File{
|
|
PublicKeyPath: "./ca.pem",
|
|
PrivateKeyPath: "./ca.key",
|
|
},
|
|
CertCachePath: os.TempDir(),
|
|
Curve: CurveTypeED25519,
|
|
Validity: ValidityByPurpose{
|
|
CA: ValidityDuration{
|
|
NotBeforeRelative: 17520 * time.Hour,
|
|
NotAfterRelative: 17520 * time.Hour,
|
|
},
|
|
Server: ValidityDuration{
|
|
NotBeforeRelative: 168 * time.Hour,
|
|
NotAfterRelative: 168 * time.Hour,
|
|
},
|
|
},
|
|
},
|
|
wantErr: false,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := loadFromConfig(tt.args.config)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("loadFromConfig() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
if !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("loadFromConfig() got = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|