smartid/tls_test.go at master · proDeveloperGuru/smartid · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package smartid

import (
	"crypto/x509"
	"testing"

	"github.com/stretchr/testify/assert"

	"github.com/proDeveloperGuru/smartid/internal/certificates"
	"github.com/proDeveloperGuru/smartid/internal/errors"
)

func Test_NewCertificateManager(t *testing.T) {
	tests := []struct {
		name string
		dir  string
		err  error
	}{
		{
			name: "Success",
			dir:  "internal/certificates/testdata/valid",
			err:  nil,
		},
		{
			name: "Error: Failed to read certificate file",
			dir:  "internal/certificates/testdata/missing",
			err:  errors.ErrFailedToReadCertificateFile,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			_, err := NewCertificateManager(tt.dir)

			if tt.err != nil {
				assert.Equal(t, tt.err, err)
			} else {
				assert.Nil(t, err)
			}
		})
	}
}

func Test_Manager_VerifyPeerCertificate(t *testing.T) {
	certPEM, err := certificates.LoadFromFile("internal/certificates/testdata/valid/cert.pem")
	assert.NoError(t, err)

	tests := []struct {
		name     string
		certs    []*x509.Certificate
		rawCerts [][]byte
		err      error
	}{
		{
			name:     "Success",
			certs:    []*x509.Certificate{certPEM},
			rawCerts: [][]byte{certPEM.Raw},
			err:      nil,
		},
		{
			name:     "Error: No matching certificate",
			certs:    []*x509.Certificate{certPEM},
			rawCerts: [][]byte{},
			err:      errors.ErrFailedToVerifyCertificate,
		},
		{
			name:     "Error: Invalid certificate",
			certs:    []*x509.Certificate{certPEM},
			rawCerts: [][]byte{[]byte("invalid")},
			err:      errors.ErrFailedToVerifyCertificate,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			p := &Manager{
				certificates: tt.certs,
			}

			err := p.VerifyPeerCertificate(tt.rawCerts, nil)
			if tt.err != nil {
				assert.Equal(t, tt.err, err)
			} else {
				assert.NoError(t, err)
			}
		})
	}
}

func Test_TLSConfig(t *testing.T) {
	p := &Manager{}
	config := p.TLSConfig()

	assert.NotNil(t, config)
	assert.NotNil(t, config.VerifyPeerCertificate)
	assert.Equal(t, uint16(0x0303), config.MinVersion) // TLS 1.2
}