2021-01-04 17:28:55 +07:00
package utils
import (
"crypto/tls"
2021-03-22 16:04:09 +07:00
"runtime"
2021-01-04 17:28:55 +07:00
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
2021-08-11 08:04:35 +07:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
2021-01-04 17:28:55 +07:00
)
func TestShouldSetupDefaultTLSMinVersionOnErr ( t * testing . T ) {
schemaTLSConfig := & schema . TLSConfig {
MinimumVersion : "NotAVersion" ,
ServerName : "golang.org" ,
SkipVerify : true ,
}
tlsConfig := NewTLSConfig ( schemaTLSConfig , tls . VersionTLS12 , nil )
assert . Equal ( t , uint16 ( tls . VersionTLS12 ) , tlsConfig . MinVersion )
assert . Equal ( t , "golang.org" , tlsConfig . ServerName )
assert . True ( t , tlsConfig . InsecureSkipVerify )
}
func TestShouldReturnCorrectTLSVersions ( t * testing . T ) {
tls13 := uint16 ( tls . VersionTLS13 )
tls12 := uint16 ( tls . VersionTLS12 )
tls11 := uint16 ( tls . VersionTLS11 )
tls10 := uint16 ( tls . VersionTLS10 )
version , err := TLSStringToTLSConfigVersion ( TLS13 )
assert . Equal ( t , tls13 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS13 )
assert . Equal ( t , tls13 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( TLS12 )
assert . Equal ( t , tls12 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS12 )
assert . Equal ( t , tls12 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( TLS11 )
assert . Equal ( t , tls11 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS11 )
assert . Equal ( t , tls11 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( TLS10 )
assert . Equal ( t , tls10 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS10 )
assert . Equal ( t , tls10 , version )
assert . NoError ( t , err )
}
func TestShouldReturnZeroAndErrorOnInvalidTLSVersions ( t * testing . T ) {
version , err := TLSStringToTLSConfigVersion ( "TLS1.4" )
assert . Error ( t , err )
assert . Equal ( t , uint16 ( 0 ) , version )
assert . EqualError ( t , err , "supplied TLS version isn't supported" )
version , err = TLSStringToTLSConfigVersion ( "SSL3.0" )
assert . Error ( t , err )
assert . Equal ( t , uint16 ( 0 ) , version )
assert . EqualError ( t , err , "supplied TLS version isn't supported" )
}
func TestShouldReturnErrWhenX509DirectoryNotExist ( t * testing . T ) {
2021-08-03 16:55:21 +07:00
pool , warnings , errors := NewX509CertPool ( "/tmp/asdfzyxabc123/not/a/real/dir" )
2021-01-04 17:28:55 +07:00
assert . NotNil ( t , pool )
2021-03-22 16:04:09 +07:00
if runtime . GOOS == windows {
2021-08-03 16:55:21 +07:00
require . Len ( t , warnings , 1 )
assert . EqualError ( t , warnings [ 0 ] , "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows" )
2021-03-22 16:04:09 +07:00
} else {
2021-08-03 16:55:21 +07:00
assert . Len ( t , warnings , 0 )
2021-03-22 16:04:09 +07:00
}
2021-08-03 16:55:21 +07:00
require . Len ( t , errors , 1 )
2021-03-22 16:04:09 +07:00
if runtime . GOOS == windows {
2021-08-03 16:55:21 +07:00
assert . EqualError ( t , errors [ 0 ] , "could not read certificates from directory open /tmp/asdfzyxabc123/not/a/real/dir: The system cannot find the path specified." )
2021-03-22 16:04:09 +07:00
} else {
2021-08-03 16:55:21 +07:00
assert . EqualError ( t , errors [ 0 ] , "could not read certificates from directory open /tmp/asdfzyxabc123/not/a/real/dir: no such file or directory" )
2021-03-22 16:04:09 +07:00
}
2021-01-04 17:28:55 +07:00
}
func TestShouldNotReturnErrWhenX509DirectoryExist ( t * testing . T ) {
2021-08-03 16:55:21 +07:00
pool , warnings , errors := NewX509CertPool ( "/tmp" )
2021-01-04 17:28:55 +07:00
assert . NotNil ( t , pool )
2021-03-22 16:04:09 +07:00
if runtime . GOOS == windows {
2021-08-03 16:55:21 +07:00
require . Len ( t , warnings , 1 )
assert . EqualError ( t , warnings [ 0 ] , "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows" )
2021-03-22 16:04:09 +07:00
} else {
2021-08-03 16:55:21 +07:00
assert . Len ( t , warnings , 0 )
2021-03-22 16:04:09 +07:00
}
2021-08-03 16:55:21 +07:00
assert . Len ( t , errors , 0 )
2021-01-04 17:28:55 +07:00
}
func TestShouldReadCertsFromDirectoryButNotKeys ( t * testing . T ) {
2021-08-03 16:55:21 +07:00
pool , warnings , errors := NewX509CertPool ( "../suites/common/ssl/" )
2021-01-04 17:28:55 +07:00
assert . NotNil ( t , pool )
2021-08-03 16:55:21 +07:00
require . Len ( t , errors , 1 )
2021-03-22 16:04:09 +07:00
if runtime . GOOS == "windows" {
2021-08-03 16:55:21 +07:00
require . Len ( t , warnings , 1 )
assert . EqualError ( t , warnings [ 0 ] , "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows" )
2021-03-22 16:04:09 +07:00
} else {
2021-08-03 16:55:21 +07:00
assert . Len ( t , warnings , 0 )
2021-03-22 16:04:09 +07:00
}
2021-08-03 16:55:21 +07:00
assert . EqualError ( t , errors [ 0 ] , "could not import certificate key.pem" )
2021-01-04 17:28:55 +07:00
}