| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package tlsutil |
| |
| import ( |
| "crypto/tls" |
| "io/ioutil" |
| "testing" |
| ) |
| |
| func TestParseDefaultSSLCipherSuites(t *testing.T) { |
| c := ParseDefaultSSLCipherSuites("") |
| if c != nil { |
| t.FailNow() |
| } |
| c = ParseDefaultSSLCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA256") |
| if len(c) != 1 { |
| t.FailNow() |
| } |
| c = ParseDefaultSSLCipherSuites("a") |
| if len(c) != 0 { |
| t.FailNow() |
| } |
| c = ParseDefaultSSLCipherSuites("a,,b") |
| if len(c) != 0 { |
| t.FailNow() |
| } |
| } |
| |
| func TestGetServerTLSConfig(t *testing.T) { |
| sslRoot := "../../etc/ssl/" |
| pw, _ := ioutil.ReadFile(sslRoot + "cert_pwd") |
| opts := append(DefaultServerTLSOptions(), |
| WithVerifyPeer(true), |
| WithVersion(ParseSSLProtocol("TLSv1.0"), tls.VersionTLS12), |
| WithCipherSuits(ParseDefaultSSLCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")), |
| WithKeyPass(string(pw)), |
| WithCA(sslRoot+"trust.cer"), |
| WithCert(sslRoot+"server.cer"), |
| WithKey(sslRoot+"server_key.pem"), |
| ) |
| serverTLSConfig, err := GetServerTLSConfig(opts...) |
| if err != nil { |
| t.Fatalf("GetServerTLSConfig failed") |
| } |
| if len(serverTLSConfig.Certificates) == 0 { |
| t.Fatalf("GetServerTLSConfig failed") |
| } |
| if serverTLSConfig.ClientCAs == nil { |
| t.Fatalf("GetServerTLSConfig failed") |
| } |
| if len(serverTLSConfig.CipherSuites) != 2 { |
| t.Fatalf("GetServerTLSConfig failed") |
| } |
| if serverTLSConfig.MinVersion != tls.VersionTLS10 { |
| t.Fatalf("GetServerTLSConfig failed") |
| } |
| if serverTLSConfig.MaxVersion != tls.VersionTLS12 { |
| t.Fatalf("GetServerTLSConfig failed") |
| } |
| if serverTLSConfig.ClientAuth != tls.RequireAndVerifyClientCert { |
| t.Fatalf("GetServerTLSConfig failed") |
| } |
| } |
| |
| func TestGetClientTLSConfig(t *testing.T) { |
| sslRoot := "../../etc/ssl/" |
| pw, _ := ioutil.ReadFile(sslRoot + "cert_pwd") |
| opts := append(DefaultServerTLSOptions(), |
| WithVerifyPeer(true), |
| WithVerifyHostName(false), |
| WithVersion(ParseSSLProtocol("TLSv1.0"), tls.VersionTLS12), |
| WithCipherSuits(ParseDefaultSSLCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")), |
| WithKeyPass(string(pw)), |
| WithCA(sslRoot+"trust.cer"), |
| WithCert(sslRoot+"server.cer"), |
| WithKey(sslRoot+"server_key.pem"), |
| ) |
| clientTLSConfig, err := GetClientTLSConfig(opts...) |
| if err != nil { |
| t.Fatalf("GetClientTLSConfig failed") |
| } |
| if len(clientTLSConfig.Certificates) == 0 { |
| t.Fatalf("GetClientTLSConfig failed") |
| } |
| if clientTLSConfig.RootCAs == nil { |
| t.Fatalf("GetClientTLSConfig failed") |
| } |
| if len(clientTLSConfig.CipherSuites) != 2 { |
| t.Fatalf("GetClientTLSConfig failed") |
| } |
| if clientTLSConfig.MinVersion != tls.VersionTLS10 { |
| t.Fatalf("GetClientTLSConfig failed") |
| } |
| if clientTLSConfig.MaxVersion != tls.VersionTLS12 { |
| t.Fatalf("GetClientTLSConfig failed") |
| } |
| if clientTLSConfig.InsecureSkipVerify != true { |
| t.Fatalf("GetClientTLSConfig failed") |
| } |
| } |