github.com/anjalikarhana/fabric@v2.1.1+incompatible/core/middleware/require_cert_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package middleware_test 8 9 import ( 10 "crypto/x509" 11 "net/http" 12 "net/http/httptest" 13 14 "github.com/hyperledger/fabric/core/middleware" 15 "github.com/hyperledger/fabric/core/middleware/fakes" 16 . "github.com/onsi/ginkgo" 17 . "github.com/onsi/gomega" 18 ) 19 20 var _ = Describe("RequireCert", func() { 21 var ( 22 requireCert middleware.Middleware 23 handler *fakes.HTTPHandler 24 chain http.Handler 25 26 req *http.Request 27 resp *httptest.ResponseRecorder 28 ) 29 30 BeforeEach(func() { 31 handler = &fakes.HTTPHandler{} 32 requireCert = middleware.RequireCert() 33 chain = requireCert(handler) 34 35 req = httptest.NewRequest("GET", "https:///", nil) 36 req.TLS.VerifiedChains = [][]*x509.Certificate{{ 37 &x509.Certificate{}, 38 }} 39 resp = httptest.NewRecorder() 40 }) 41 42 It("delegates to the next handler when the first verified chain is not empty", func() { 43 chain.ServeHTTP(resp, req) 44 Expect(resp.Code).To(Equal(http.StatusOK)) 45 Expect(handler.ServeHTTPCallCount()).To(Equal(1)) 46 }) 47 48 Context("when the TLS connection state is nil", func() { 49 BeforeEach(func() { 50 req.TLS = nil 51 }) 52 53 It("responds with http.StatusUnauthorized", func() { 54 chain.ServeHTTP(resp, req) 55 Expect(resp.Code).To(Equal(http.StatusUnauthorized)) 56 }) 57 58 It("does not call the next handler", func() { 59 chain.ServeHTTP(resp, req) 60 Expect(handler.ServeHTTPCallCount()).To(Equal(0)) 61 }) 62 }) 63 64 Context("when verified chains is nil", func() { 65 BeforeEach(func() { 66 req.TLS.VerifiedChains = nil 67 }) 68 69 It("responds with http.StatusUnauthorized", func() { 70 chain.ServeHTTP(resp, req) 71 Expect(resp.Code).To(Equal(http.StatusUnauthorized)) 72 }) 73 74 It("does not call the next handler", func() { 75 chain.ServeHTTP(resp, req) 76 Expect(handler.ServeHTTPCallCount()).To(Equal(0)) 77 }) 78 }) 79 80 Context("when verified chains is empty", func() { 81 BeforeEach(func() { 82 req.TLS.VerifiedChains = [][]*x509.Certificate{} 83 }) 84 85 It("responds with http.StatusUnauthorized", func() { 86 chain.ServeHTTP(resp, req) 87 Expect(resp.Code).To(Equal(http.StatusUnauthorized)) 88 }) 89 90 It("does not call the next handler", func() { 91 chain.ServeHTTP(resp, req) 92 Expect(handler.ServeHTTPCallCount()).To(Equal(0)) 93 }) 94 }) 95 96 Context("when the first verified chain is empty", func() { 97 BeforeEach(func() { 98 req.TLS.VerifiedChains = [][]*x509.Certificate{{}} 99 }) 100 101 It("responds with http.StatusUnauthorized", func() { 102 chain.ServeHTTP(resp, req) 103 Expect(resp.Code).To(Equal(http.StatusUnauthorized)) 104 }) 105 106 It("does not call the next handler", func() { 107 chain.ServeHTTP(resp, req) 108 Expect(handler.ServeHTTPCallCount()).To(Equal(0)) 109 }) 110 }) 111 })