2018-07-06 02:30:03 -06:00
package tls
import (
"crypto/tls"
"fmt"
"strings"
"testing"
"time"
"github.com/patrickmn/go-cache"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
2020-09-16 15:46:04 +02:00
"github.com/traefik/traefik/v2/pkg/safe"
2018-07-06 02:30:03 -06:00
)
func TestGetBestCertificate ( t * testing . T ) {
2022-08-31 08:24:08 +02:00
// TODO Add tests for defaultCert
2018-07-06 02:30:03 -06:00
testCases := [ ] struct {
desc string
domainToCheck string
dynamicCert string
expectedCert string
2018-11-26 03:38:03 -06:00
uppercase bool
2018-07-06 02:30:03 -06:00
} {
{
desc : "Empty Store, returns no certs" ,
domainToCheck : "snitest.com" ,
dynamicCert : "" ,
expectedCert : "" ,
} ,
{
2018-11-27 17:42:04 +01:00
desc : "Best Match with no corresponding" ,
2018-07-06 02:30:03 -06:00
domainToCheck : "snitest.com" ,
2018-11-27 17:42:04 +01:00
dynamicCert : "snitest.org" ,
expectedCert : "" ,
2018-07-06 02:30:03 -06:00
} ,
{
desc : "Best Match" ,
domainToCheck : "snitest.com" ,
2018-11-27 17:42:04 +01:00
dynamicCert : "snitest.com" ,
2018-07-06 02:30:03 -06:00
expectedCert : "snitest.com" ,
} ,
{
2018-11-27 17:42:04 +01:00
desc : "Best Match with dynamic wildcard" ,
2018-07-06 02:30:03 -06:00
domainToCheck : "www.snitest.com" ,
dynamicCert : "*.snitest.com" ,
expectedCert : "*.snitest.com" ,
} ,
2018-11-26 03:38:03 -06:00
{
2024-09-13 05:40:04 -04:00
desc : "Best Match with dynamic wildcard only, case-insensitive" ,
2018-11-26 03:38:03 -06:00
domainToCheck : "bar.www.snitest.com" ,
dynamicCert : "*.www.snitest.com" ,
expectedCert : "*.www.snitest.com" ,
uppercase : true ,
} ,
2018-07-06 02:30:03 -06:00
}
for _ , test := range testCases {
t . Run ( test . desc , func ( t * testing . T ) {
t . Parallel ( )
dynamicMap := map [ string ] * tls . Certificate { }
if test . dynamicCert != "" {
2018-11-26 03:38:03 -06:00
cert , err := loadTestCert ( test . dynamicCert , test . uppercase )
2018-07-06 02:30:03 -06:00
require . NoError ( t , err )
2018-11-26 03:38:03 -06:00
dynamicMap [ strings . ToLower ( test . dynamicCert ) ] = cert
2018-07-06 02:30:03 -06:00
}
store := & CertificateStore {
DynamicCerts : safe . New ( dynamicMap ) ,
CertCache : cache . New ( 1 * time . Hour , 10 * time . Minute ) ,
}
var expected * tls . Certificate
if test . expectedCert != "" {
2018-11-26 03:38:03 -06:00
cert , err := loadTestCert ( test . expectedCert , test . uppercase )
2018-07-06 02:30:03 -06:00
require . NoError ( t , err )
expected = cert
}
clientHello := & tls . ClientHelloInfo {
ServerName : test . domainToCheck ,
}
actual := store . GetBestCertificate ( clientHello )
assert . Equal ( t , expected , actual )
} )
}
}
2018-11-26 03:38:03 -06:00
func loadTestCert ( certName string , uppercase bool ) ( * tls . Certificate , error ) {
replacement := "wildcard"
if uppercase {
replacement = "uppercase_wildcard"
}
2018-07-06 02:30:03 -06:00
staticCert , err := tls . LoadX509KeyPair (
2020-09-15 13:08:03 +02:00
fmt . Sprintf ( "../../integration/fixtures/https/%s.cert" , strings . ReplaceAll ( certName , "*" , replacement ) ) ,
fmt . Sprintf ( "../../integration/fixtures/https/%s.key" , strings . ReplaceAll ( certName , "*" , replacement ) ) ,
2018-07-06 02:30:03 -06:00
)
if err != nil {
return nil , err
}
return & staticCert , nil
}