github.com/RobustRoundRobin/quorum@v20.10.0+incompatible/plugin/security/gateway_test.go (about) 1 package security 2 3 import ( 4 "context" 5 "crypto/tls" 6 "math" 7 "testing" 8 9 "github.com/golang/mock/gomock" 10 "github.com/jpmorganchase/quorum-security-plugin-sdk-go/mock_proto" 11 "github.com/jpmorganchase/quorum-security-plugin-sdk-go/proto" 12 testifyassert "github.com/stretchr/testify/assert" 13 ) 14 15 const ( 16 rsaCertPem = `-----BEGIN CERTIFICATE----- 17 MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 18 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 19 aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF 20 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 21 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ 22 hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa 23 rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv 24 zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF 25 MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW 26 r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V 27 -----END CERTIFICATE----- 28 ` 29 rsaKeyPem = `-----BEGIN RSA PRIVATE KEY----- 30 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo 31 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 32 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N 33 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW 34 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T 35 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi 36 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== 37 -----END RSA PRIVATE KEY----- 38 ` 39 ) 40 41 var ( 42 abitraryTLSConfigurationData = &proto.TLSConfiguration_Data{ 43 CertPem: []byte(rsaCertPem), 44 KeyPem: []byte(rsaKeyPem), 45 } 46 ) 47 48 func TestTransform_whenTypical(t *testing.T) { 49 assert := testifyassert.New(t) 50 51 cfg, err := transform(abitraryTLSConfigurationData) 52 53 assert.NoError(err) 54 assert.True(cfg.PreferServerCipherSuites) 55 assert.EqualValues(defaultCipherSuites, cfg.CipherSuites) 56 assert.Equal(uint16(tls.VersionTLS12), cfg.MinVersion) 57 assert.EqualValues([]tls.CurveID{ 58 tls.CurveP521, 59 tls.CurveP384, 60 tls.CurveP256, 61 tls.X25519, 62 }, cfg.CurvePreferences) 63 } 64 65 func TestTransform_whenUsingCustomCipherSuites(t *testing.T) { 66 defer func() { 67 abitraryTLSConfigurationData.CipherSuites = nil 68 }() 69 assert := testifyassert.New(t) 70 71 abitraryTLSConfigurationData.CipherSuites = []uint32{uint32(tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)} 72 73 cfg, err := transform(abitraryTLSConfigurationData) 74 75 assert.NoError(err) 76 assert.Contains(cfg.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) 77 } 78 79 func TestTransform_whenCipherSuiteOverflow(t *testing.T) { 80 defer func() { 81 abitraryTLSConfigurationData.CipherSuites = nil 82 }() 83 assert := testifyassert.New(t) 84 85 abitraryTLSConfigurationData.CipherSuites = []uint32{math.MaxInt32} 86 87 _, err := transform(abitraryTLSConfigurationData) 88 89 assert.Error(err) 90 } 91 92 func TestTLSConfigurationSourcePluginGateway_Get(t *testing.T) { 93 assert := testifyassert.New(t) 94 ctrl := gomock.NewController(t) 95 defer ctrl.Finish() 96 mockClient := mock_proto.NewMockTLSConfigurationSourceClient(ctrl) 97 mockClient. 98 EXPECT(). 99 Get(gomock.Any(), gomock.Any()). 100 Return(&proto.TLSConfiguration_Response{ 101 Data: abitraryTLSConfigurationData, 102 }, nil) 103 104 testObject := &TLSConfigurationSourcePluginGateway{client: mockClient} 105 106 tlsConfig, err := testObject.Get(context.Background()) 107 108 assert.NoError(err) 109 assert.NotNil(tlsConfig) 110 } 111 112 func TestTLSConfigurationSourcePluginGateway_Get_whenNoConfigurationData(t *testing.T) { 113 assert := testifyassert.New(t) 114 ctrl := gomock.NewController(t) 115 defer ctrl.Finish() 116 mockClient := mock_proto.NewMockTLSConfigurationSourceClient(ctrl) 117 mockClient. 118 EXPECT(). 119 Get(gomock.Any(), gomock.Any()). 120 Return(&proto.TLSConfiguration_Response{}, nil) 121 122 testObject := &TLSConfigurationSourcePluginGateway{client: mockClient} 123 124 tlsConfig, err := testObject.Get(context.Background()) 125 126 assert.NoError(err) 127 assert.Nil(tlsConfig) 128 } 129 130 func TestAuthenticationManagerPluginGateway_IsEnabled_always(t *testing.T) { 131 testObject := &AuthenticationManagerPluginGateway{} 132 133 ret, err := testObject.IsEnabled(context.Background()) 134 135 testifyassert.NoError(t, err) 136 testifyassert.True(t, ret) 137 } 138 139 func TestAuthenticationManagerPluginGateway_Authenticate(t *testing.T) { 140 assert := testifyassert.New(t) 141 ctrl := gomock.NewController(t) 142 defer ctrl.Finish() 143 arbitraryPreauthenticatedToken := &proto.AuthenticationToken{ 144 RawToken: []byte("arbitrary token"), 145 } 146 mockClient := mock_proto.NewMockAuthenticationManagerClient(ctrl) 147 mockClient. 148 EXPECT(). 149 Authenticate(gomock.Any(), gomock.Eq(arbitraryPreauthenticatedToken)). 150 Return(&proto.PreAuthenticatedAuthenticationToken{}, nil) 151 152 testObject := &AuthenticationManagerPluginGateway{client: mockClient} 153 154 _, err := testObject.Authenticate(context.Background(), string(arbitraryPreauthenticatedToken.RawToken)) 155 156 assert.NoError(err) 157 }