code.cloudfoundry.org/cli@v7.1.0+incompatible/util/tls_test.go

code.cloudfoundry.org/cli@v7.1.0+incompatible/util/tls_test.go (about)

     1  package util_test
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"encoding/pem"
     7  
     8  	. "code.cloudfoundry.org/cli/util"
     9  	. "github.com/onsi/ginkgo"
    10  	. "github.com/onsi/gomega"
    11  )
    12  
    13  var _ = Describe("TLS", func() {
    14  	Describe("NewTLSConfig", func() {
    15  		var (
    16  			tlsConfig *tls.Config
    17  		)
    18  
    19  		BeforeEach(func() {
    20  			tlsConfig = NewTLSConfig(nil, false)
    21  		})
    22  
    23  		It("sets minimum version of TLS to 1.2", func() {
    24  			Expect(tlsConfig.MinVersion).To(BeEquivalentTo(tls.VersionTLS12))
    25  		})
    26  
    27  		It("sets maximum version of TLS to 1.2", func() {
    28  			Expect(tlsConfig.MaxVersion).To(BeEquivalentTo(tls.VersionTLS12))
    29  		})
    30  
    31  		It("does not have any trusted CAs", func() {
    32  			Expect(tlsConfig.RootCAs).To(BeNil())
    33  		})
    34  
    35  		It("verifies certificates", func() {
    36  			Expect(tlsConfig.InsecureSkipVerify).To(BeFalse())
    37  		})
    38  
    39  		When("trusted certificates are provided", func() {
    40  			var (
    41  				certPEM = []byte(`-----BEGIN CERTIFICATE-----
    42  MIICNTCCAZ6gAwIBAgIQeXuK80BdTIYBjxChLKAvRzANBgkqhkiG9w0BAQsFADAj
    43  MSEwHwYDVQQKExhDbG91ZCBGb3VuZHJ5IEZvdW5kYXRpb24wIBcNNzAwMTAxMDAw
    44  MDAwWhgPMjA4NDAxMjkxNjAwMDBaMCMxITAfBgNVBAoTGENsb3VkIEZvdW5kcnkg
    45  Rm91bmRhdGlvbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwDVHeEOGoTty
    46  jdKHS4EKLnCataMnUsa+uRuLi5WgPUI/R6ufb63Yex8u76It3YMjiDRqgI8g/fyO
    47  vScso8mLmjFMdbNcMRAKsqARksKSwAasupmRVUlF3F8+8bgT1c5P82wD8nSb7zzy
    48  KC2VDZtc1kwsJDCQVm47Tkp+nP5Z73UCAwEAAaNoMGYwDgYDVR0PAQH/BAQDAgKk
    49  MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLgYDVR0RBCcw
    50  JYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcN
    51  AQELBQADgYEAeHp7bEIML8KL7UpwIhFxrwXYVYbIxGsn/0ret0DKwmyqcNVoFpg+
    52  FNGTopDe0V2O8/0ZdxQuiYGoARRe266AuNOhAYBeyIZpnf9Ypt78V+21YACHQ4YL
    53  RVNEplh5ZEYbbWclddUBf46JPRU/eEu4JMqOJOykTdwbByFa3909Bzs=
    54  -----END CERTIFICATE-----`)
    55  				cert *x509.Certificate
    56  			)
    57  
    58  			BeforeEach(func() {
    59  				var err error
    60  
    61  				block, _ := pem.Decode(certPEM)
    62  				Expect(block).ToNot(BeNil())
    63  				cert, err = x509.ParseCertificate(block.Bytes)
    64  				Expect(err).ToNot(HaveOccurred())
    65  				tlsConfig = NewTLSConfig([]*x509.Certificate{cert}, false)
    66  			})
    67  
    68  			It("adds them to the trusted CAs", func() {
    69  				Expect(tlsConfig.RootCAs.Subjects()).To(ContainElement(ContainSubstring("Cloud Foundry")))
    70  			})
    71  		})
    72  
    73  		When("skipSSLValidation is true", func() {
    74  			BeforeEach(func() {
    75  				tlsConfig = NewTLSConfig(nil, true)
    76  			})
    77  			It("does not verify certificates", func() {
    78  				Expect(tlsConfig.InsecureSkipVerify).To(BeTrue())
    79  			})
    80  		})
    81  
    82  	})
    83  
    84  })