github.com/coreos/goproxy@v0.0.0-20190513173959-f8dc2d7ba04e/signer_test.go

github.com/coreos/goproxy@v0.0.0-20190513173959-f8dc2d7ba04e/signer_test.go (about)

     1  package goproxy
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"io/ioutil"
     7  	"net/http"
     8  	"net/http/httptest"
     9  	"os"
    10  	"os/exec"
    11  	"strings"
    12  	"testing"
    13  	"time"
    14  )
    15  
    16  func orFatal(msg string, err error, t *testing.T) {
    17  	if err != nil {
    18  		t.Fatal(msg, err)
    19  	}
    20  }
    21  
    22  type ConstantHanlder string
    23  
    24  func (h ConstantHanlder) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    25  	w.Write([]byte(h))
    26  }
    27  
    28  func getBrowser(args []string) string {
    29  	for i, arg := range args {
    30  		if arg == "-browser" && i+1 < len(arg) {
    31  			return args[i+1]
    32  		}
    33  		if strings.HasPrefix(arg, "-browser=") {
    34  			return arg[len("-browser="):]
    35  		}
    36  	}
    37  	return ""
    38  }
    39  
    40  func TestSingerTls(t *testing.T) {
    41  	cert, err := signHost(GoproxyCa, []string{"example.com", "1.1.1.1", "localhost"})
    42  	orFatal("singHost", err, t)
    43  	cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
    44  	orFatal("ParseCertificate", err, t)
    45  	expected := "key verifies with Go"
    46  	server := httptest.NewUnstartedServer(ConstantHanlder(expected))
    47  	defer server.Close()
    48  	server.TLS = &tls.Config{Certificates: []tls.Certificate{cert, GoproxyCa}}
    49  	server.TLS.BuildNameToCertificate()
    50  	server.StartTLS()
    51  	certpool := x509.NewCertPool()
    52  	certpool.AddCert(GoproxyCa.Leaf)
    53  	tr := &http.Transport{
    54  		TLSClientConfig: &tls.Config{RootCAs: certpool},
    55  	}
    56  	asLocalhost := strings.Replace(server.URL, "127.0.0.1", "localhost", -1)
    57  	req, err := http.NewRequest("GET", asLocalhost, nil)
    58  	orFatal("NewRequest", err, t)
    59  	resp, err := tr.RoundTrip(req)
    60  	orFatal("RoundTrip", err, t)
    61  	txt, err := ioutil.ReadAll(resp.Body)
    62  	orFatal("ioutil.ReadAll", err, t)
    63  	if string(txt) != expected {
    64  		t.Errorf("Expected '%s' got '%s'", expected, string(txt))
    65  	}
    66  	browser := getBrowser(os.Args)
    67  	if browser != "" {
    68  		exec.Command(browser, asLocalhost).Run()
    69  		time.Sleep(10 * time.Second)
    70  	}
    71  }
    72  
    73  func TestSingerX509(t *testing.T) {
    74  	cert, err := signHost(GoproxyCa, []string{"example.com", "1.1.1.1", "localhost"})
    75  	orFatal("singHost", err, t)
    76  	cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
    77  	orFatal("ParseCertificate", err, t)
    78  	certpool := x509.NewCertPool()
    79  	certpool.AddCert(GoproxyCa.Leaf)
    80  	orFatal("VerifyHostname", cert.Leaf.VerifyHostname("example.com"), t)
    81  	orFatal("CheckSignatureFrom", cert.Leaf.CheckSignatureFrom(GoproxyCa.Leaf), t)
    82  	_, err = cert.Leaf.Verify(x509.VerifyOptions{
    83  		DNSName: "example.com",
    84  		Roots:   certpool,
    85  	})
    86  	orFatal("Verify", err, t)
    87  }