2018-07-06 11:30:03 +03:00
package tls
import (
"crypto/tls"
"fmt"
"strings"
"testing"
"time"
2019-03-15 11:42:03 +03:00
"github.com/containous/traefik/pkg/safe"
2018-07-06 11:30:03 +03:00
"github.com/patrickmn/go-cache"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestGetBestCertificate ( t * testing . T ) {
2018-11-27 19:42:04 +03:00
// FIXME Add tests for defaultCert
2018-07-06 11:30:03 +03:00
testCases := [ ] struct {
desc string
domainToCheck string
dynamicCert string
expectedCert string
2018-11-26 12:38:03 +03:00
uppercase bool
2018-07-06 11:30:03 +03:00
} {
{
desc : "Empty Store, returns no certs" ,
domainToCheck : "snitest.com" ,
dynamicCert : "" ,
expectedCert : "" ,
} ,
{
2018-11-27 19:42:04 +03:00
desc : "Best Match with no corresponding" ,
2018-07-06 11:30:03 +03:00
domainToCheck : "snitest.com" ,
2018-11-27 19:42:04 +03:00
dynamicCert : "snitest.org" ,
expectedCert : "" ,
2018-07-06 11:30:03 +03:00
} ,
{
desc : "Best Match" ,
domainToCheck : "snitest.com" ,
2018-11-27 19:42:04 +03:00
dynamicCert : "snitest.com" ,
2018-07-06 11:30:03 +03:00
expectedCert : "snitest.com" ,
} ,
{
2018-11-27 19:42:04 +03:00
desc : "Best Match with dynamic wildcard" ,
2018-07-06 11:30:03 +03:00
domainToCheck : "www.snitest.com" ,
dynamicCert : "*.snitest.com" ,
expectedCert : "*.snitest.com" ,
} ,
2018-11-26 12:38:03 +03:00
{
desc : "Best Match with dynamic wildcard only, case insensitive" ,
domainToCheck : "bar.www.snitest.com" ,
dynamicCert : "*.www.snitest.com" ,
expectedCert : "*.www.snitest.com" ,
uppercase : true ,
} ,
2018-07-06 11:30:03 +03:00
}
for _ , test := range testCases {
test := test
t . Run ( test . desc , func ( t * testing . T ) {
t . Parallel ( )
dynamicMap := map [ string ] * tls . Certificate { }
if test . dynamicCert != "" {
2018-11-26 12:38:03 +03:00
cert , err := loadTestCert ( test . dynamicCert , test . uppercase )
2018-07-06 11:30:03 +03:00
require . NoError ( t , err )
2018-11-26 12:38:03 +03:00
dynamicMap [ strings . ToLower ( test . dynamicCert ) ] = cert
2018-07-06 11:30:03 +03:00
}
store := & CertificateStore {
DynamicCerts : safe . New ( dynamicMap ) ,
CertCache : cache . New ( 1 * time . Hour , 10 * time . Minute ) ,
}
var expected * tls . Certificate
if test . expectedCert != "" {
2018-11-26 12:38:03 +03:00
cert , err := loadTestCert ( test . expectedCert , test . uppercase )
2018-07-06 11:30:03 +03:00
require . NoError ( t , err )
expected = cert
}
clientHello := & tls . ClientHelloInfo {
ServerName : test . domainToCheck ,
}
actual := store . GetBestCertificate ( clientHello )
assert . Equal ( t , expected , actual )
} )
}
}
2018-11-26 12:38:03 +03:00
func loadTestCert ( certName string , uppercase bool ) ( * tls . Certificate , error ) {
replacement := "wildcard"
if uppercase {
replacement = "uppercase_wildcard"
}
2018-07-06 11:30:03 +03:00
staticCert , err := tls . LoadX509KeyPair (
2019-03-15 11:42:03 +03:00
fmt . Sprintf ( "../../integration/fixtures/https/%s.cert" , strings . Replace ( certName , "*" , replacement , - 1 ) ) ,
fmt . Sprintf ( "../../integration/fixtures/https/%s.key" , strings . Replace ( certName , "*" , replacement , - 1 ) ) ,
2018-07-06 11:30:03 +03:00
)
if err != nil {
return nil , err
}
return & staticCert , nil
}
