etcd/pkg/transport/listener_test.go

/*
   Copyright 2014 CoreOS, Inc.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/

package transport

import (
	"crypto/tls"
	"errors"
	"io/ioutil"
	"os"
	"testing"
)

func createTempFile(b []byte) (string, error) {
	f, err := ioutil.TempFile("", "etcd-test-tls-")
	if err != nil {
		return "", err
	}
	defer f.Close()

	if _, err = f.Write(b); err != nil {
		return "", err
	}

	return f.Name(), nil
}

func fakeCertificateParserFunc(cert tls.Certificate, err error) func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {
	return func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {
		return cert, err
	}
}

func TestNewTransportTLSInfo(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	tests := []struct {
		info                TLSInfo
		wantTLSClientConfig bool
	}{
		{
			info:                TLSInfo{},
			wantTLSClientConfig: false,
		},
		{
			info: TLSInfo{
				CertFile: tmp,
				KeyFile:  tmp,
			},
			wantTLSClientConfig: true,
		},
		{
			info: TLSInfo{
				CertFile: tmp,
				KeyFile:  tmp,
				CAFile:   tmp,
			},
			wantTLSClientConfig: true,
		},
	}

	for i, tt := range tests {
		tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)
		trans, err := NewTransport(tt.info)
		if err != nil {
			t.Fatalf("Received unexpected error from NewTransport: %v", err)
		}

		gotTLSClientConfig := trans.TLSClientConfig != nil
		if tt.wantTLSClientConfig != gotTLSClientConfig {
			t.Fatalf("%#d: wantTLSClientConfig=%t but gotTLSClientConfig=%t", i, tt.wantTLSClientConfig, gotTLSClientConfig)
		}
	}
}

func TestTLSInfoEmpty(t *testing.T) {
	tests := []struct {
		info TLSInfo
		want bool
	}{
		{TLSInfo{}, true},
		{TLSInfo{CAFile: "baz"}, true},
		{TLSInfo{CertFile: "foo"}, false},
		{TLSInfo{KeyFile: "bar"}, false},
		{TLSInfo{CertFile: "foo", KeyFile: "bar"}, false},
		{TLSInfo{CertFile: "foo", CAFile: "baz"}, false},
		{TLSInfo{KeyFile: "bar", CAFile: "baz"}, false},
		{TLSInfo{CertFile: "foo", KeyFile: "bar", CAFile: "baz"}, false},
	}

	for i, tt := range tests {
		got := tt.info.Empty()
		if tt.want != got {
			t.Errorf("#%d: result of Empty() incorrect: want=%t got=%t", i, tt.want, got)
		}
	}
}

func TestTLSInfoMissingFields(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	tests := []TLSInfo{
		TLSInfo{},
		TLSInfo{CAFile: tmp},
		TLSInfo{CertFile: tmp},
		TLSInfo{KeyFile: tmp},
		TLSInfo{CertFile: tmp, CAFile: tmp},
		TLSInfo{KeyFile: tmp, CAFile: tmp},
	}

	for i, info := range tests {
		if _, err := info.ServerConfig(); err == nil {
			t.Errorf("#%d: expected non-nil error from ServerConfig()", i)
		}

		if _, err = info.ClientConfig(); err == nil {
			t.Errorf("#%d: expected non-nil error from ClientConfig()", i)
		}
	}
}

func TestTLSInfoParseFuncError(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	info := TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp}
	info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, errors.New("fake"))

	if _, err := info.ServerConfig(); err == nil {
		t.Errorf("expected non-nil error from ServerConfig()")
	}

	if _, err = info.ClientConfig(); err == nil {
		t.Errorf("expected non-nil error from ClientConfig()")
	}
}

func TestTLSInfoConfigFuncs(t *testing.T) {
	tmp, err := createTempFile([]byte("XXX"))
	if err != nil {
		t.Fatalf("Unable to prepare tmpfile: %v", err)
	}
	defer os.Remove(tmp)

	tests := []struct {
		info       TLSInfo
		clientAuth tls.ClientAuthType
		wantCAs    bool
	}{
		{
			info:       TLSInfo{CertFile: tmp, KeyFile: tmp},
			clientAuth: tls.NoClientCert,
			wantCAs:    false,
		},

		{
			info:       TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp},
			clientAuth: tls.RequireAndVerifyClientCert,
			wantCAs:    true,
		},
	}

	for i, tt := range tests {
		tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)

		sCfg, err := tt.info.ServerConfig()
		if err != nil {
			t.Errorf("#%d: expected nil error from ServerConfig(), got non-nil: %v", i, err)
		}

		if tt.wantCAs != (sCfg.ClientCAs != nil) {
			t.Errorf("%#d: wantCAs=%t but ClientCAs=%v", i, tt.wantCAs, sCfg.ClientCAs)
		}

		cCfg, err := tt.info.ClientConfig()
		if err != nil {
			t.Errorf("#%d: expected nil error from ClientConfig(), got non-nil: %v", i, err)
		}

		if tt.wantCAs != (cCfg.RootCAs != nil) {
			t.Errorf("%#d: wantCAs=%t but RootCAs=%v", i, tt.wantCAs, sCfg.RootCAs)
		}
	}
}
*: add license header to all source files 2014-10-18 02:41:22 +04:00			`/*`
			`Copyright 2014 CoreOS, Inc.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`package transport`

			`import (`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`"crypto/tls"`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`"errors"`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`"io/ioutil"`
			`"os"`
			`"testing"`
			`)`

			`func createTempFile(b []byte) (string, error) {`
			`f, err := ioutil.TempFile("", "etcd-test-tls-")`
			`if err != nil {`
			`return "", err`
			`}`
			`defer f.Close()`

			`if _, err = f.Write(b); err != nil {`
			`return "", err`
			`}`

			`return f.Name(), nil`
			`}`

transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`func fakeCertificateParserFunc(cert tls.Certificate, err error) func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {`
			`return func(certPEMBlock, keyPEMBlock []byte) (tls.Certificate, error) {`
			`return cert, err`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`}`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`func TestNewTransportTLSInfo(t *testing.T) {`
			`tmp, err := createTempFile([]byte("XXX"))`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00
			`tests := []struct {`
			`info TLSInfo`
			`wantTLSClientConfig bool`
			`}{`
			`{`
			`info: TLSInfo{},`
			`wantTLSClientConfig: false,`
			`},`
			`{`
			`info: TLSInfo{`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`CertFile: tmp,`
			`KeyFile: tmp,`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`},`
			`wantTLSClientConfig: true,`
			`},`
			`{`
			`info: TLSInfo{`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`CertFile: tmp,`
			`KeyFile: tmp,`
			`CAFile: tmp,`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`},`
			`wantTLSClientConfig: true,`
			`},`
			`}`

			`for i, tt := range tests {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)`
transport: spot-check NewTransport 2014-09-23 23:14:47 +04:00			`trans, err := NewTransport(tt.info)`
			`if err != nil {`
			`t.Fatalf("Received unexpected error from NewTransport: %v", err)`
			`}`

			`gotTLSClientConfig := trans.TLSClientConfig != nil`
			`if tt.wantTLSClientConfig != gotTLSClientConfig {`
			`t.Fatalf("%#d: wantTLSClientConfig=%t but gotTLSClientConfig=%t", i, tt.wantTLSClientConfig, gotTLSClientConfig)`
			`}`
			`}`
			`}`
transport: test TLSInfo.Empty() 2014-09-23 23:19:32 +04:00
			`func TestTLSInfoEmpty(t *testing.T) {`
			`tests := []struct {`
			`info TLSInfo`
			`want bool`
			`}{`
			`{TLSInfo{}, true},`
			`{TLSInfo{CAFile: "baz"}, true},`
			`{TLSInfo{CertFile: "foo"}, false},`
			`{TLSInfo{KeyFile: "bar"}, false},`
			`{TLSInfo{CertFile: "foo", KeyFile: "bar"}, false},`
			`{TLSInfo{CertFile: "foo", CAFile: "baz"}, false},`
			`{TLSInfo{KeyFile: "bar", CAFile: "baz"}, false},`
			`{TLSInfo{CertFile: "foo", KeyFile: "bar", CAFile: "baz"}, false},`
			`}`

			`for i, tt := range tests {`
			`got := tt.info.Empty()`
			`if tt.want != got {`
			`t.Errorf("#%d: result of Empty() incorrect: want=%t got=%t", i, tt.want, got)`
			`}`
			`}`
			`}`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
			`func TestTLSInfoMissingFields(t *testing.T) {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`tmp, err := createTempFile([]byte("XXX"))`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
			`tests := []TLSInfo{`
			`TLSInfo{},`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`TLSInfo{CAFile: tmp},`
			`TLSInfo{CertFile: tmp},`
			`TLSInfo{KeyFile: tmp},`
			`TLSInfo{CertFile: tmp, CAFile: tmp},`
			`TLSInfo{KeyFile: tmp, CAFile: tmp},`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`

			`for i, info := range tests {`
			`if _, err := info.ServerConfig(); err == nil {`
			`t.Errorf("#%d: expected non-nil error from ServerConfig()", i)`
			`}`

			`if _, err = info.ClientConfig(); err == nil {`
			`t.Errorf("#%d: expected non-nil error from ClientConfig()", i)`
			`}`
			`}`
			`}`

transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`func TestTLSInfoParseFuncError(t *testing.T) {`
			`tmp, err := createTempFile([]byte("XXX"))`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`info := TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp}`
			`info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, errors.New("fake"))`

			`if _, err := info.ServerConfig(); err == nil {`
			`t.Errorf("expected non-nil error from ServerConfig()")`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`

transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`if _, err = info.ClientConfig(); err == nil {`
			`t.Errorf("expected non-nil error from ClientConfig()")`
			`}`
			`}`

			`func TestTLSInfoConfigFuncs(t *testing.T) {`
			`tmp, err := createTempFile([]byte("XXX"))`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`if err != nil {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`t.Fatalf("Unable to prepare tmpfile: %v", err)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`}`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`defer os.Remove(tmp)`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00
			`tests := []struct {`
			`info TLSInfo`
			`clientAuth tls.ClientAuthType`
			`wantCAs bool`
			`}{`
			`{`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`info: TLSInfo{CertFile: tmp, KeyFile: tmp},`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`clientAuth: tls.NoClientCert,`
			`wantCAs: false,`
			`},`

			`{`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`info: TLSInfo{CertFile: tmp, KeyFile: tmp, CAFile: tmp},`
transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`clientAuth: tls.RequireAndVerifyClientCert,`
			`wantCAs: true,`
			`},`
			`}`

			`for i, tt := range tests {`
transport: fake out certificate parser The work being done in the tests is completely wasted, as we do not need to test the udnerlying x509 library. Faking out the parser function allows the tests to run much faster without having to carry massive fixtures, either. 2014-09-24 00:38:57 +04:00			`tt.info.parseFunc = fakeCertificateParserFunc(tls.Certificate{}, nil)`

transport: exercise TLSInfo.ClientConfig & ServerConfig 2014-09-23 23:52:59 +04:00			`sCfg, err := tt.info.ServerConfig()`
			`if err != nil {`
			`t.Errorf("#%d: expected nil error from ServerConfig(), got non-nil: %v", i, err)`
			`}`

			`if tt.wantCAs != (sCfg.ClientCAs != nil) {`
			`t.Errorf("%#d: wantCAs=%t but ClientCAs=%v", i, tt.wantCAs, sCfg.ClientCAs)`
			`}`

			`cCfg, err := tt.info.ClientConfig()`
			`if err != nil {`
			`t.Errorf("#%d: expected nil error from ClientConfig(), got non-nil: %v", i, err)`
			`}`

			`if tt.wantCAs != (cCfg.RootCAs != nil) {`
			`t.Errorf("%#d: wantCAs=%t but RootCAs=%v", i, tt.wantCAs, sCfg.RootCAs)`
			`}`
			`}`
			`}`