github.com/Axway/agent-sdk@v1.1.101/pkg/config/tlsconfig_test.go (about) 1 package config 2 3 import ( 4 "crypto/tls" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 ) 9 10 func TestTLSConfig(t *testing.T) { 11 cfg := NewTLSConfig() 12 13 cfgValidator, ok := cfg.(IConfigValidator) 14 assert.True(t, ok) 15 assert.NotNil(t, cfgValidator) 16 17 err := cfgValidator.ValidateCfg() 18 assert.Nil(t, err) 19 20 assert.Equal(t, cfg.IsInsecureSkipVerify(), false) 21 assert.Equal(t, cfg.GetMinVersion(), TLSDefaultMinVersion) 22 assert.Equal(t, cfg.GetMaxVersion(), TLSVersion(0)) 23 assert.Equal(t, cfg.GetNextProtos(), []string{}) 24 assert.Equal(t, cfg.GetCipherSuites(), TLSDefaultCipherSuites) 25 } 26 27 func TestBuildTLSConfig(t *testing.T) { 28 cfg := NewTLSConfig() 29 cfgValidator, ok := cfg.(IConfigValidator) 30 assert.True(t, ok) 31 assert.NotNil(t, cfgValidator) 32 33 err := cfgValidator.ValidateCfg() 34 assert.Nil(t, err) 35 36 cfg2 := cfg.BuildTLSConfig() 37 38 assert.Equal(t, cfg.IsInsecureSkipVerify(), cfg2.InsecureSkipVerify) 39 assert.Equal(t, uint16(cfg.GetMinVersion()), cfg2.MinVersion) 40 assert.Equal(t, uint16(cfg.GetMaxVersion()), cfg2.MaxVersion) 41 assert.Equal(t, cfg.GetNextProtos(), cfg2.NextProtos) 42 43 cfg3, ok := cfg.(*TLSConfiguration) 44 assert.Equal(t, ok, true) 45 assert.Equal(t, cfg3.buildUintArrayFromSuites(), cfg2.CipherSuites) 46 } 47 48 func TestValidate(t *testing.T) { 49 cfg := NewTLSConfig() 50 cfgValidator, ok := cfg.(IConfigValidator) 51 assert.True(t, ok) 52 assert.NotNil(t, cfgValidator) 53 54 err := cfgValidator.ValidateCfg() 55 assert.Nil(t, err) 56 57 cfg2, ok := cfg.(*TLSConfiguration) 58 assert.Equal(t, ok, true) 59 60 min := cfg2.MinVersion 61 62 cfg2.MinVersion = TLSVersion(0) 63 cfgValidator2, _ := cfg.(IConfigValidator) 64 65 err = cfgValidator2.ValidateCfg() 66 assert.Nil(t, err) 67 68 cfg2.MinVersion = TLSVersion(455) 69 cfgValidator2, _ = cfg.(IConfigValidator) 70 71 err = cfgValidator2.ValidateCfg() 72 assert.NotNil(t, err) 73 assert.Equal(t, "ssl.minVersion not valid in config", err.Error()) 74 cfg2.MinVersion = min 75 76 max := cfg2.MaxVersion 77 cfg2.MaxVersion = TLSVersion(0) 78 cfgValidator2, _ = cfg.(IConfigValidator) 79 err = cfgValidator2.ValidateCfg() 80 assert.Nil(t, err) 81 82 cfg2.MaxVersion = TLSVersion(455) 83 cfgValidator2, _ = cfg.(IConfigValidator) 84 err = cfgValidator2.ValidateCfg() 85 assert.NotNil(t, err) 86 assert.Equal(t, "ssl.maxVersion not valid in config", err.Error()) 87 cfg2.MaxVersion = max 88 89 cfg2.CipherSuites = []TLSCipherSuite{TLSCipherSuite(888)} 90 cfgValidator2, _ = cfg.(IConfigValidator) 91 err = cfgValidator2.ValidateCfg() 92 assert.NotNil(t, err) 93 assert.Equal(t, "ssl.cipherSuites not valid in config", err.Error()) 94 } 95 96 func TestUnpackTLSVersion(t *testing.T) { 97 ver := TLSVersion(0) 98 err := ver.Unpack("TLS1.2") 99 assert.Nil(t, err) 100 101 err = ver.Unpack("TLS1.8") 102 assert.NotNil(t, err) 103 assert.Equal(t, "invalid tls version 'TLS1.8'", err.Error()) 104 } 105 106 func TestDefaultMinVersionString(t *testing.T) { 107 assert.Equal(t, TLSDefaultMinVersionString(), tlsVersionsInverse[TLSDefaultMinVersion]) 108 } 109 110 func TestTLSVersionAsValue(t *testing.T) { 111 assert.Equal(t, TLSVersionAsValue("0"), TLSVersion(0)) 112 assert.Equal(t, uint16(TLSVersionAsValue("TLS1.2")), uint16(tls.VersionTLS12)) 113 } 114 115 func TestTLSDefaultCipherSuitesStringSlice(t *testing.T) { 116 cfg := NewTLSConfig() 117 suites := TLSDefaultCipherSuitesStringSlice() 118 119 assert.Equal(t, cfg.GetCipherSuites(), NewCipherArray(suites)) 120 } 121 122 func TestUnpackTLSCipherSuiteString(t *testing.T) { 123 suite := TLSCipherSuite(tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) 124 err := suite.Unpack("ECDHE-ECDSA-AES-128-CBC-SHA") 125 assert.Nil(t, err) 126 127 err = suite.Unpack("WRONG-SHA") 128 assert.NotNil(t, err) 129 assert.Equal(t, "invalid tls cipher suite 'WRONG-SHA'", err.Error()) 130 } 131 132 // func (cs *TLSCipherSuite) String() string { 133 // if s, found := tlsCipherSuitesInverse[*cs]; found { 134 // return s 135 // } 136 // return "unknown" 137 // }