etcd/pkg/transport/listener_test.go

// Copyright 2015 The etcd Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package transport

import (
	"crypto/tls"
	"errors"
	"io/ioutil"
	"net/http"
	"os"
	"testing"
	"time"
)

func createTempFile(b []byte) (string, error) {
	f, err := ioutil.TempFile("", "etcd-test-tls-")
	if err != nil {
		return "", err
	}
	defer f.Close()

	if _, err = f.Write(b); err != nil {
		return "", err
	}

	return f.Name(), nil
}

func fakeCertificateParserFunc(cert tls.Certificate, err error) func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {
	return func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {
		return cert, err
	}
}

// TestNewListenerTLSInfo tests that NewListener with valid TLSInfo returns
// a TLS listener that accepts TLS connections.
func TestNewListenerTLSInfo(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("unable to create tmpfile: %v", err)
	}
	defer os.Remove(tmp)
	tlsInfo := TLSInfo{CertFile: tmp, KeyFile: tmp}
	tlsInfo.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)
	testNewListenerTLSInfoAccept(t, tlsInfo)
}

func testNewListenerTLSInfoAccept(t *testing.T, tlsInfo TLSInfo) {
	tlscfg, err := tlsInfo.ServerConfig()
	if err != nil {
		t.Fatalf("unexpected serverConfig error: %v", err)
	}
	ln, err := NewListener("127.0.0.1:0", "https", tlscfg)
	if err != nil {
		t.Fatalf("unexpected NewListener error: %v", err)
	}
	defer ln.Close()

	go http.Get("https://" + ln.Addr().String())
	conn, err := ln.Accept()
	if err != nil {
		t.Fatalf("unexpected Accept error: %v", err)
	}
	defer conn.Close()
	if _, ok := conn.(*tls.Conn); !ok {
		t.Errorf("failed to accept *tls.Conn")
	}
}

func TestNewListenerTLSEmptyInfo(t *testing.T) {
	_, err := NewListener("127.0.0.1:0", "https", nil)
	if err == nil {
		t.Errorf("err = nil, want not presented error")
	}
}

func TestNewTransportTLSInfo(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	tests := []TLSInfo{
		{},
		{
			CertFile: tmp,
			KeyFile:  tmp,
		},
		{
			CertFile: tmp,
			KeyFile:  tmp,
			CAFile:   tmp,
		},
		{
			CAFile: tmp,
		},
	}

	for i, tt := range tests {
		tt.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)
		trans, err := NewTransport(tt, time.Second)
		if err != nil {
			t.Fatalf("Received unexpected error from NewTransport: %v", err)
		}

		if trans.TLSClientConfig == nil {
			t.Fatalf("#%d: want non-nil TLSClientConfig", i)
		}
	}
}

func TestTLSInfoNonexist(t *testing.T) {
	tlsInfo := TLSInfo{CertFile: "@badname", KeyFile: "@badname"}
	_, err := tlsInfo.ServerConfig()
	werr := &os.PathError{
		Op:   "open",
		Path: "@badname",
		Err:  errors.New("no such file or directory"),
	}
	if err.Error() != werr.Error() {
		t.Errorf("err = %v, want %v", err, werr)
	}
}

func TestTLSInfoEmpty(t *testing.T) {
	tests := []struct {
		info TLSInfo
		want bool
	}{
		{TLSInfo{}, true},
		{TLSInfo{CAFile: "baz"}, true},
		{TLSInfo{CertFile: "foo"}, false},
		{TLSInfo{KeyFile: "bar"}, false},
		{TLSInfo{CertFile: "foo", KeyFile: "bar"}, false},
		{TLSInfo{CertFile: "foo", CAFile: "baz"}, false},
		{TLSInfo{KeyFile: "bar", CAFile: "baz"}, false},
		{TLSInfo{CertFile: "foo", KeyFile: "bar", CAFile: "baz"}, false},
	}

	for i, tt := range tests {
		got := tt.info.Empty()
		if tt.want != got {
			t.Errorf("#%d: result of Empty() incorrect: want=%t got=%t", i, tt.want, got)
		}
	}
}

func TestTLSInfoMissingFields(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	tests := []TLSInfo{
		{CertFile: tmp},
		{KeyFile: tmp},
		{CertFile: tmp, CAFile: tmp},
		{KeyFile: tmp, CAFile: tmp},
	}

	for i, info := range tests {
		if _, err = info.ServerConfig(); err == nil {
			t.Errorf("#%d: expected non-nil error from ServerConfig()", i)
		}

		if _, err = info.ClientConfig(); err == nil {
			t.Errorf("#%d: expected non-nil error from ClientConfig()", i)
		}
	}
}

func TestTLSInfoParseFuncError(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	info := TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp}
	info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, errors.New("fake"))

	if _, err = info.ServerConfig(); err == nil {
		t.Errorf("expected non-nil error from ServerConfig()")
	}

	if _, err = info.ClientConfig(); err == nil {
		t.Errorf("expected non-nil error from ClientConfig()")
	}
}

func TestTLSInfoConfigFuncs(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	tests := []struct {
		info       TLSInfo
		clientAuth tls.ClientAuthType
		wantCAs    bool
	}{
		{
			info:       TLSInfo{CertFile: tmp, KeyFile: tmp},
			clientAuth: tls.NoClientCert,
			wantCAs:    false,
		},

		{
			info:       TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp},
			clientAuth: tls.RequireAndVerifyClientCert,
			wantCAs:    true,
		},
	}

	for i, tt := range tests {
		tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)

		sCfg, err := tt.info.ServerConfig()
		if err != nil {
			t.Errorf("#%d: expected nil error from ServerConfig(), got non-nil: %v", i, err)
		}

		if tt.wantCAs != (sCfg.ClientCAs != nil) {
			t.Errorf("#%d: wantCAs=%t but ClientCAs=%v", i, tt.wantCAs, sCfg.ClientCAs)
		}

		cCfg, err := tt.info.ClientConfig()
		if err != nil {
			t.Errorf("#%d: expected nil error from ClientConfig(), got non-nil: %v", i, err)
		}

		if tt.wantCAs != (cCfg.RootCAs != nil) {
			t.Errorf("#%d: wantCAs=%t but RootCAs=%v", i, tt.wantCAs, sCfg.RootCAs)
		}
	}
}

func TestNewListenerUnixSocket(t *testing.T) {
	l, err := NewListener("testsocket", "unix", nil)
	if err != nil {
		t.Errorf("error listening on unix socket (%v)", err)
	}
	l.Close()
}

// TestNewListenerTLSInfoSelfCert tests that a new certificate accepts connections.
func TestNewListenerTLSInfoSelfCert(t *testing.T) {
	tmpdir, err := ioutil.TempDir(os.TempDir(), "tlsdir")
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	tlsinfo, err := SelfCert(tmpdir, []string{"127.0.0.1"})
	if err != nil {
		t.Fatal(err)
	}
	if tlsinfo.Empty() {
		t.Fatalf("tlsinfo should have certs (%+v)", tlsinfo)
	}
	testNewListenerTLSInfoAccept(t, tlsinfo)
}
pkg: update LICENSE header 2016-05-13 06:48:53 +03:00			`// Copyright 2015 The etcd Authors`
*: switch to line comments for copyright Build tags are not compatible with block comments. Also adds copyright header to a few places it was missing. 2015-01-25 06:19:16 +03:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`
*: add license header to all source files 2014-10-18 02:41:22 +04:00
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`package transport`

			`import (`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`"crypto/tls"`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`"errors"`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`"io/ioutil"`
pkg/transport: add NewListener test 2015-01-10 02:43:25 +03:00			`"net/http"`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`"os"`
			`"testing"`
pkg/transport: pass dial timeout to NewTransport So we could set dial timeout for new transport, which makes it customizable according to max RTT. 2015-10-11 08:46:21 +03:00			`"time"`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`)`

			`func createTempFile(b []byte) (string, error) {`
			`f, err := ioutil.TempFile("", "etcd-test-tls-")`
			`if err != nil {`
			`return "", err`
			`}`
			`defer f.Close()`

			`if _, err = f.Write(b); err != nil {`
			`return "", err`
			`}`

			`return f.Name(), nil`
			`}`

transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`func fakeCertificateParserFunc(cert tls.Certificate, err error) func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {`
			`return func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {`
			`return cert, err`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`}`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00
pkg/transport: add NewListener test 2015-01-10 02:43:25 +03:00			`// TestNewListenerTLSInfo tests that NewListener with valid TLSInfo returns`
*: fix minor typos 2016-01-08 11:21:19 +03:00			`// a TLS listener that accepts TLS connections.`
pkg/transport: add NewListener test 2015-01-10 02:43:25 +03:00			`func TestNewListenerTLSInfo(t *testing.T) {`
			`tmp, err := createTempFile([]byte("XXX"))`
			`if err != nil {`
			`t.Fatalf("unable to create tmpfile: %v", err)`
			`}`
			`defer os.Remove(tmp)`
			`tlsInfo := TLSInfo{CertFile: tmp, KeyFile: tmp}`
			`tlsInfo.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)`
pkg/transport: generate certs 2016-02-09 22:49:29 +03:00			`testNewListenerTLSInfoAccept(t, tlsInfo)`
			`}`

			`func testNewListenerTLSInfoAccept(t *testing.T, tlsInfo TLSInfo) {`
*: http and https on the same port 2016-03-22 07:01:21 +03:00			`tlscfg, err := tlsInfo.ServerConfig()`
			`if err != nil {`
			`t.Fatalf("unexpected serverConfig error: %v", err)`
			`}`
			`ln, err := NewListener("127.0.0.1:0", "https", tlscfg)`
pkg/transport: add NewListener test 2015-01-10 02:43:25 +03:00			`if err != nil {`
			`t.Fatalf("unexpected NewListener error: %v", err)`
			`}`
			`defer ln.Close()`

			`go http.Get("https://" + ln.Addr().String())`
			`conn, err := ln.Accept()`
			`if err != nil {`
			`t.Fatalf("unexpected Accept error: %v", err)`
			`}`
			`defer conn.Close()`
			`if _, ok := conn.(*tls.Conn); !ok {`
			`t.Errorf("failed to accept *tls.Conn")`
			`}`
			`}`

pkg/transport: fix downgrade https to http bug in transport If the TLS config is empty, etcd downgrades https to http without a warning. This commit avoid the downgrade and stoping etcd from bootstrap if it cannot listen on TLS. 2015-03-06 21:42:23 +03:00			`func TestNewListenerTLSEmptyInfo(t *testing.T) {`
*: http and https on the same port 2016-03-22 07:01:21 +03:00			`_, err := NewListener("127.0.0.1:0", "https", nil)`
pkg/transport: fix downgrade https to http bug in transport If the TLS config is empty, etcd downgrades https to http without a warning. This commit avoid the downgrade and stoping etcd from bootstrap if it cannot listen on TLS. 2015-03-06 21:42:23 +03:00			`if err == nil {`
			`t.Errorf("err = nil, want not presented error")`
			`}`
			`}`

transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`func TestNewTransportTLSInfo(t *testing.T) {`
			`tmp, err := createTempFile([]byte("XXX"))`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00
pkg/transport: generate TLS client config w/ only CAFile 2014-11-06 23:10:04 +03:00			`tests := []TLSInfo{`
*: test gofmt with -s and fix reported issues 2015-08-22 04:52:16 +03:00			`{},`
			`{`
pkg/transport: generate TLS client config w/ only CAFile 2014-11-06 23:10:04 +03:00			`CertFile: tmp,`
			`KeyFile: tmp,`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`},`
*: test gofmt with -s and fix reported issues 2015-08-22 04:52:16 +03:00			`{`
pkg/transport: generate TLS client config w/ only CAFile 2014-11-06 23:10:04 +03:00			`CertFile: tmp,`
			`KeyFile: tmp,`
			`CAFile: tmp,`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`},`
*: test gofmt with -s and fix reported issues 2015-08-22 04:52:16 +03:00			`{`
pkg/transport: generate TLS client config w/ only CAFile 2014-11-06 23:10:04 +03:00			`CAFile: tmp,`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`},`
			`}`

			`for i, tt := range tests {`
pkg/transport: generate TLS client config w/ only CAFile 2014-11-06 23:10:04 +03:00			`tt.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)`
pkg/transport: pass dial timeout to NewTransport So we could set dial timeout for new transport, which makes it customizable according to max RTT. 2015-10-11 08:46:21 +03:00			`trans, err := NewTransport(tt, time.Second)`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`if err != nil {`
			`t.Fatalf("Received unexpected error from NewTransport: %v", err)`
			`}`

pkg/transport: generate TLS client config w/ only CAFile 2014-11-06 23:10:04 +03:00			`if trans.TLSClientConfig == nil {`
			`t.Fatalf("#%d: want non-nil TLSClientConfig", i)`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`}`
			`}`
			`}`
transport: test TLSInfo.Empty() 2014-09-23 23:19:32 +04:00
*: http and https on the same port 2016-03-22 07:01:21 +03:00			`func TestTLSInfoNonexist(t *testing.T) {`
			`tlsInfo := TLSInfo{CertFile: "@badname", KeyFile: "@badname"}`
			`_, err := tlsInfo.ServerConfig()`
			`werr := &os.PathError{`
			`Op: "open",`
			`Path: "@badname",`
			`Err: errors.New("no such file or directory"),`
			`}`
			`if err.Error() != werr.Error() {`
			`t.Errorf("err = %v, want %v", err, werr)`
			`}`
			`}`

transport: test TLSInfo.Empty() 2014-09-23 23:19:32 +04:00			`func TestTLSInfoEmpty(t *testing.T) {`
			`tests := []struct {`
			`info TLSInfo`
			`want bool`
			`}{`
			`{TLSInfo{}, true},`
			`{TLSInfo{CAFile: "baz"}, true},`
			`{TLSInfo{CertFile: "foo"}, false},`
			`{TLSInfo{KeyFile: "bar"}, false},`
			`{TLSInfo{CertFile: "foo", KeyFile: "bar"}, false},`
			`{TLSInfo{CertFile: "foo", CAFile: "baz"}, false},`
			`{TLSInfo{KeyFile: "bar", CAFile: "baz"}, false},`
			`{TLSInfo{CertFile: "foo", KeyFile: "bar", CAFile: "baz"}, false},`
			`}`

			`for i, tt := range tests {`
			`got := tt.info.Empty()`
			`if tt.want != got {`
			`t.Errorf("#%d: result of Empty() incorrect: want=%t got=%t", i, tt.want, got)`
			`}`
			`}`
			`}`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
			`func TestTLSInfoMissingFields(t *testing.T) {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`tmp, err := createTempFile([]byte("XXX"))`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
			`tests := []TLSInfo{`
*: test gofmt with -s and fix reported issues 2015-08-22 04:52:16 +03:00			`{CertFile: tmp},`
			`{KeyFile: tmp},`
			`{CertFile: tmp, CAFile: tmp},`
			`{KeyFile: tmp, CAFile: tmp},`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`

			`for i, info := range tests {`
*: fix govet shadow check failure 2015-08-27 23:24:47 +03:00			`if _, err = info.ServerConfig(); err == nil {`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`t.Errorf("#%d: expected non-nil error from ServerConfig()", i)`
			`}`

			`if _, err = info.ClientConfig(); err == nil {`
			`t.Errorf("#%d: expected non-nil error from ClientConfig()", i)`
			`}`
			`}`
			`}`

transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`func TestTLSInfoParseFuncError(t *testing.T) {`
			`tmp, err := createTempFile([]byte("XXX"))`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`info := TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp}`
			`info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, errors.New("fake"))`

*: fix govet shadow check failure 2015-08-27 23:24:47 +03:00			`if _, err = info.ServerConfig(); err == nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Errorf("expected non-nil error from ServerConfig()")`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`

transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`if _, err = info.ClientConfig(); err == nil {`
			`t.Errorf("expected non-nil error from ClientConfig()")`
			`}`
			`}`

			`func TestTLSInfoConfigFuncs(t *testing.T) {`
			`tmp, err := createTempFile([]byte("XXX"))`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
			`tests := []struct {`
			`info TLSInfo`
			`clientAuth tls.ClientAuthType`
			`wantCAs bool`
			`}{`
			`{`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`info: TLSInfo{CertFile: tmp, KeyFile: tmp},`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`clientAuth: tls.NoClientCert,`
			`wantCAs: false,`
			`},`

			`{`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`info: TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp},`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`clientAuth: tls.RequireAndVerifyClientCert,`
			`wantCAs: true,`
			`},`
			`}`

			`for i, tt := range tests {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)`

transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`sCfg, err := tt.info.ServerConfig()`
			`if err != nil {`
			`t.Errorf("#%d: expected nil error from ServerConfig(), got non-nil: %v", i, err)`
			`}`

			`if tt.wantCAs != (sCfg.ClientCAs != nil) {`
*: fix various formatting issues 2014-10-21 04:55:18 +04:00			`t.Errorf("#%d: wantCAs=%t but ClientCAs=%v", i, tt.wantCAs, sCfg.ClientCAs)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`

			`cCfg, err := tt.info.ClientConfig()`
			`if err != nil {`
			`t.Errorf("#%d: expected nil error from ClientConfig(), got non-nil: %v", i, err)`
			`}`

			`if tt.wantCAs != (cCfg.RootCAs != nil) {`
*: fix various formatting issues 2014-10-21 04:55:18 +04:00			`t.Errorf("#%d: wantCAs=%t but RootCAs=%v", i, tt.wantCAs, sCfg.RootCAs)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`
			`}`
			`}`
pkg/transport: support listeners on unix sockets Given unix://<socketname>, NewListener will listen on unix socket <socketname>. This is useful when binding to tcp ports is undesirable (e.g., testing). 2016-01-06 23:09:05 +03:00
			`func TestNewListenerUnixSocket(t *testing.T) {`
*: http and https on the same port 2016-03-22 07:01:21 +03:00			`l, err := NewListener("testsocket", "unix", nil)`
pkg/transport: support listeners on unix sockets Given unix://<socketname>, NewListener will listen on unix socket <socketname>. This is useful when binding to tcp ports is undesirable (e.g., testing). 2016-01-06 23:09:05 +03:00			`if err != nil {`
			`t.Errorf("error listening on unix socket (%v)", err)`
			`}`
			`l.Close()`
			`}`
pkg/transport: generate certs 2016-02-09 22:49:29 +03:00
			`// TestNewListenerTLSInfoSelfCert tests that a new certificate accepts connections.`
			`func TestNewListenerTLSInfoSelfCert(t *testing.T) {`
			`tmpdir, err := ioutil.TempDir(os.TempDir(), "tlsdir")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`defer os.RemoveAll(tmpdir)`
			`tlsinfo, err := SelfCert(tmpdir, []string{"127.0.0.1"})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if tlsinfo.Empty() {`
			`t.Fatalf("tlsinfo should have certs (%+v)", tlsinfo)`
			`}`
			`testNewListenerTLSInfoAccept(t, tlsinfo)`
			`}`