mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
3c81e75d79
This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
127 lines
3.9 KiB
Go
127 lines
3.9 KiB
Go
package utils
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"runtime"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
|
)
|
|
|
|
func TestShouldSetupDefaultTLSMinVersionOnErr(t *testing.T) {
|
|
schemaTLSConfig := &schema.TLSConfig{
|
|
MinimumVersion: "NotAVersion",
|
|
ServerName: "golang.org",
|
|
SkipVerify: true,
|
|
}
|
|
|
|
tlsConfig := NewTLSConfig(schemaTLSConfig, tls.VersionTLS12, nil)
|
|
|
|
assert.Equal(t, uint16(tls.VersionTLS12), tlsConfig.MinVersion)
|
|
assert.Equal(t, "golang.org", tlsConfig.ServerName)
|
|
assert.True(t, tlsConfig.InsecureSkipVerify)
|
|
}
|
|
|
|
func TestShouldReturnCorrectTLSVersions(t *testing.T) {
|
|
tls13 := uint16(tls.VersionTLS13)
|
|
tls12 := uint16(tls.VersionTLS12)
|
|
tls11 := uint16(tls.VersionTLS11)
|
|
tls10 := uint16(tls.VersionTLS10)
|
|
|
|
version, err := TLSStringToTLSConfigVersion(TLS13)
|
|
assert.Equal(t, tls13, version)
|
|
assert.NoError(t, err)
|
|
|
|
version, err = TLSStringToTLSConfigVersion("TLS" + TLS13)
|
|
assert.Equal(t, tls13, version)
|
|
assert.NoError(t, err)
|
|
|
|
version, err = TLSStringToTLSConfigVersion(TLS12)
|
|
assert.Equal(t, tls12, version)
|
|
assert.NoError(t, err)
|
|
|
|
version, err = TLSStringToTLSConfigVersion("TLS" + TLS12)
|
|
assert.Equal(t, tls12, version)
|
|
assert.NoError(t, err)
|
|
|
|
version, err = TLSStringToTLSConfigVersion(TLS11)
|
|
assert.Equal(t, tls11, version)
|
|
assert.NoError(t, err)
|
|
|
|
version, err = TLSStringToTLSConfigVersion("TLS" + TLS11)
|
|
assert.Equal(t, tls11, version)
|
|
assert.NoError(t, err)
|
|
|
|
version, err = TLSStringToTLSConfigVersion(TLS10)
|
|
assert.Equal(t, tls10, version)
|
|
assert.NoError(t, err)
|
|
|
|
version, err = TLSStringToTLSConfigVersion("TLS" + TLS10)
|
|
assert.Equal(t, tls10, version)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func TestShouldReturnZeroAndErrorOnInvalidTLSVersions(t *testing.T) {
|
|
version, err := TLSStringToTLSConfigVersion("TLS1.4")
|
|
assert.Error(t, err)
|
|
assert.Equal(t, uint16(0), version)
|
|
assert.EqualError(t, err, "supplied tls version isn't supported")
|
|
|
|
version, err = TLSStringToTLSConfigVersion("SSL3.0")
|
|
assert.Error(t, err)
|
|
assert.Equal(t, uint16(0), version)
|
|
assert.EqualError(t, err, "supplied tls version isn't supported")
|
|
}
|
|
|
|
func TestShouldReturnErrWhenX509DirectoryNotExist(t *testing.T) {
|
|
pool, warnings, errors := NewX509CertPool("/tmp/asdfzyxabc123/not/a/real/dir")
|
|
assert.NotNil(t, pool)
|
|
|
|
if runtime.GOOS == windows {
|
|
require.Len(t, warnings, 1)
|
|
assert.EqualError(t, warnings[0], "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows")
|
|
} else {
|
|
assert.Len(t, warnings, 0)
|
|
}
|
|
|
|
require.Len(t, errors, 1)
|
|
|
|
if runtime.GOOS == windows {
|
|
assert.EqualError(t, errors[0], "could not read certificates from directory open /tmp/asdfzyxabc123/not/a/real/dir: The system cannot find the path specified.")
|
|
} else {
|
|
assert.EqualError(t, errors[0], "could not read certificates from directory open /tmp/asdfzyxabc123/not/a/real/dir: no such file or directory")
|
|
}
|
|
}
|
|
|
|
func TestShouldNotReturnErrWhenX509DirectoryExist(t *testing.T) {
|
|
pool, warnings, errors := NewX509CertPool("/tmp")
|
|
assert.NotNil(t, pool)
|
|
|
|
if runtime.GOOS == windows {
|
|
require.Len(t, warnings, 1)
|
|
assert.EqualError(t, warnings[0], "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows")
|
|
} else {
|
|
assert.Len(t, warnings, 0)
|
|
}
|
|
|
|
assert.Len(t, errors, 0)
|
|
}
|
|
|
|
func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
|
pool, warnings, errors := NewX509CertPool("../suites/common/ssl/")
|
|
assert.NotNil(t, pool)
|
|
require.Len(t, errors, 1)
|
|
|
|
if runtime.GOOS == "windows" {
|
|
require.Len(t, warnings, 1)
|
|
assert.EqualError(t, warnings[0], "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows")
|
|
} else {
|
|
assert.Len(t, warnings, 0)
|
|
}
|
|
|
|
assert.EqualError(t, errors[0], "could not import certificate key.pem")
|
|
}
|