github.com/pingcap/br@v5.3.0-alpha.0.20220125034240-ec59c7b6ce30+incompatible/pkg/lightning/common/security_test.go

github.com/pingcap/br@v5.3.0-alpha.0.20220125034240-ec59c7b6ce30+incompatible/pkg/lightning/common/security_test.go (about)

     1  // Copyright 2020 PingCAP, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // See the License for the specific language governing permissions and
    12  // limitations under the License.
    13  
    14  package common_test
    15  
    16  import (
    17  	"context"
    18  	"io"
    19  	"net/http"
    20  	"net/http/httptest"
    21  	"net/url"
    22  	"os"
    23  	"path/filepath"
    24  
    25  	. "github.com/pingcap/check"
    26  
    27  	"github.com/pingcap/br/pkg/lightning/common"
    28  )
    29  
    30  type securitySuite struct{}
    31  
    32  var _ = Suite(&securitySuite{})
    33  
    34  func respondPathHandler(w http.ResponseWriter, req *http.Request) {
    35  	_, _ = io.WriteString(w, `{"path":"`)
    36  	_, _ = io.WriteString(w, req.URL.Path)
    37  	_, _ = io.WriteString(w, `"}`)
    38  }
    39  
    40  func (s *securitySuite) TestGetJSONInsecure(c *C) {
    41  	mockServer := httptest.NewServer(http.HandlerFunc(respondPathHandler))
    42  	defer mockServer.Close()
    43  
    44  	ctx := context.Background()
    45  	u, err := url.Parse(mockServer.URL)
    46  	c.Assert(err, IsNil)
    47  
    48  	tls, err := common.NewTLS("", "", "", u.Host)
    49  	c.Assert(err, IsNil)
    50  
    51  	var result struct{ Path string }
    52  	err = tls.GetJSON(ctx, "/aaa", &result)
    53  	c.Assert(err, IsNil)
    54  	c.Assert(result.Path, Equals, "/aaa")
    55  	err = tls.GetJSON(ctx, "/bbbb", &result)
    56  	c.Assert(err, IsNil)
    57  	c.Assert(result.Path, Equals, "/bbbb")
    58  }
    59  
    60  func (s *securitySuite) TestGetJSONSecure(c *C) {
    61  	mockServer := httptest.NewTLSServer(http.HandlerFunc(respondPathHandler))
    62  	defer mockServer.Close()
    63  
    64  	ctx := context.Background()
    65  	tls := common.NewTLSFromMockServer(mockServer)
    66  
    67  	var result struct{ Path string }
    68  	err := tls.GetJSON(ctx, "/ccc", &result)
    69  	c.Assert(err, IsNil)
    70  	c.Assert(result.Path, Equals, "/ccc")
    71  	err = tls.GetJSON(ctx, "/dddd", &result)
    72  	c.Assert(err, IsNil)
    73  	c.Assert(result.Path, Equals, "/dddd")
    74  }
    75  
    76  func (s *securitySuite) TestInvalidTLS(c *C) {
    77  	tempDir := c.MkDir()
    78  
    79  	caPath := filepath.Join(tempDir, "ca.pem")
    80  	_, err := common.NewTLS(caPath, "", "", "localhost")
    81  	c.Assert(err, ErrorMatches, "could not read ca certificate:.*")
    82  
    83  	err = os.WriteFile(caPath, []byte("invalid ca content"), 0o644)
    84  	c.Assert(err, IsNil)
    85  	_, err = common.NewTLS(caPath, "", "", "localhost")
    86  	c.Assert(err, ErrorMatches, "failed to append ca certs")
    87  
    88  	certPath := filepath.Join(tempDir, "test.pem")
    89  	keyPath := filepath.Join(tempDir, "test.key")
    90  	_, err = common.NewTLS(caPath, certPath, keyPath, "localhost")
    91  	c.Assert(err, ErrorMatches, "could not load client key pair: open.*")
    92  
    93  	err = os.WriteFile(certPath, []byte("invalid cert content"), 0o644)
    94  	c.Assert(err, IsNil)
    95  	err = os.WriteFile(keyPath, []byte("invalid key content"), 0o600)
    96  	c.Assert(err, IsNil)
    97  	_, err = common.NewTLS(caPath, certPath, keyPath, "localhost")
    98  	c.Assert(err, ErrorMatches, "could not load client key pair: tls.*")
    99  }