github.com/lfch/etcd-io/tests/v3@v3.0.0-20221004140520-eac99acd3e9d/integration/v3_tls_test.go (about) 1 // Copyright 2018 The etcd Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package integration 16 17 import ( 18 "context" 19 "crypto/tls" 20 "testing" 21 "time" 22 23 "github.com/lfch/etcd-io/client/v3" 24 "github.com/lfch/etcd-io/tests/v3/framework/integration" 25 "google.golang.org/grpc" 26 ) 27 28 func TestTLSClientCipherSuitesValid(t *testing.T) { testTLSCipherSuites(t, true) } 29 func TestTLSClientCipherSuitesMismatch(t *testing.T) { testTLSCipherSuites(t, false) } 30 31 // testTLSCipherSuites ensures mismatching client-side cipher suite 32 // fail TLS handshake with the server. 33 func testTLSCipherSuites(t *testing.T, valid bool) { 34 integration.BeforeTest(t) 35 36 cipherSuites := []uint16{ 37 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 38 tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 39 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 40 tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 41 tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 42 tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 43 } 44 srvTLS, cliTLS := integration.TestTLSInfo, integration.TestTLSInfo 45 if valid { 46 srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites, cipherSuites 47 } else { 48 srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites[:2], cipherSuites[2:] 49 } 50 51 clus := integration.NewCluster(t, &integration.ClusterConfig{Size: 1, ClientTLS: &srvTLS}) 52 defer clus.Terminate(t) 53 54 cc, err := cliTLS.ClientConfig() 55 if err != nil { 56 t.Fatal(err) 57 } 58 cli, cerr := integration.NewClient(t, clientv3.Config{ 59 Endpoints: []string{clus.Members[0].GRPCURL()}, 60 DialTimeout: time.Second, 61 DialOptions: []grpc.DialOption{grpc.WithBlock()}, 62 TLS: cc, 63 }) 64 if cli != nil { 65 cli.Close() 66 } 67 if !valid && cerr != context.DeadlineExceeded { 68 t.Fatalf("expected %v with TLS handshake failure, got %v", context.DeadlineExceeded, cerr) 69 } 70 if valid && cerr != nil { 71 t.Fatalf("expected TLS handshake success, got %v", cerr) 72 } 73 }