github.com/pion/dtls/v2@v2.2.12/config_test.go

github.com/pion/dtls/v2@v2.2.12/config_test.go (about)

     1  // SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
     2  // SPDX-License-Identifier: MIT
     3  
     4  package dtls
     5  
     6  import (
     7  	"crypto/dsa" //nolint:staticcheck
     8  	"crypto/rand"
     9  	"crypto/rsa"
    10  	"crypto/tls"
    11  	"errors"
    12  	"testing"
    13  
    14  	"github.com/pion/dtls/v2/pkg/crypto/selfsign"
    15  )
    16  
    17  func TestValidateConfig(t *testing.T) {
    18  	cert, err := selfsign.GenerateSelfSigned()
    19  	if err != nil {
    20  		t.Fatalf("TestValidateConfig: Config validation error(%v), self signed certificate not generated", err)
    21  		return
    22  	}
    23  	dsaPrivateKey := &dsa.PrivateKey{}
    24  	err = dsa.GenerateParameters(&dsaPrivateKey.Parameters, rand.Reader, dsa.L1024N160)
    25  	if err != nil {
    26  		t.Fatalf("TestValidateConfig: Config validation error(%v), DSA parameters not generated", err)
    27  		return
    28  	}
    29  	err = dsa.GenerateKey(dsaPrivateKey, rand.Reader)
    30  	if err != nil {
    31  		t.Fatalf("TestValidateConfig: Config validation error(%v), DSA private key not generated", err)
    32  		return
    33  	}
    34  	rsaPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
    35  	if err != nil {
    36  		t.Fatalf("TestValidateConfig: Config validation error(%v), RSA private key not generated", err)
    37  		return
    38  	}
    39  	cases := map[string]struct {
    40  		config     *Config
    41  		wantAnyErr bool
    42  		expErr     error
    43  	}{
    44  		"Empty config": {
    45  			expErr: errNoConfigProvided,
    46  		},
    47  		"PSK and Certificate, valid cipher suites": {
    48  			config: &Config{
    49  				CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
    50  				PSK: func(hint []byte) ([]byte, error) {
    51  					return nil, nil
    52  				},
    53  				Certificates: []tls.Certificate{cert},
    54  			},
    55  		},
    56  		"PSK and Certificate, no PSK cipher suite": {
    57  			config: &Config{
    58  				CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
    59  				PSK: func(hint []byte) ([]byte, error) {
    60  					return nil, nil
    61  				},
    62  				Certificates: []tls.Certificate{cert},
    63  			},
    64  			expErr: errNoAvailablePSKCipherSuite,
    65  		},
    66  		"PSK and Certificate, no non-PSK cipher suite": {
    67  			config: &Config{
    68  				CipherSuites: []CipherSuiteID{TLS_PSK_WITH_AES_128_CCM_8},
    69  				PSK: func(hint []byte) ([]byte, error) {
    70  					return nil, nil
    71  				},
    72  				Certificates: []tls.Certificate{cert},
    73  			},
    74  			expErr: errNoAvailableCertificateCipherSuite,
    75  		},
    76  		"PSK identity hint with not PSK": {
    77  			config: &Config{
    78  				CipherSuites:    []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
    79  				PSK:             nil,
    80  				PSKIdentityHint: []byte{},
    81  			},
    82  			expErr: errIdentityNoPSK,
    83  		},
    84  		"Invalid private key": {
    85  			config: &Config{
    86  				CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
    87  				Certificates: []tls.Certificate{{Certificate: cert.Certificate, PrivateKey: dsaPrivateKey}},
    88  			},
    89  			expErr: errInvalidPrivateKey,
    90  		},
    91  		"PrivateKey without Certificate": {
    92  			config: &Config{
    93  				CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
    94  				Certificates: []tls.Certificate{{PrivateKey: cert.PrivateKey}},
    95  			},
    96  			expErr: errInvalidCertificate,
    97  		},
    98  		"Invalid cipher suites": {
    99  			config:     &Config{CipherSuites: []CipherSuiteID{0x0000}},
   100  			wantAnyErr: true,
   101  		},
   102  		"Valid config": {
   103  			config: &Config{
   104  				CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
   105  				Certificates: []tls.Certificate{cert, {Certificate: cert.Certificate, PrivateKey: rsaPrivateKey}},
   106  			},
   107  		},
   108  		"Valid config with get certificate": {
   109  			config: &Config{
   110  				CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
   111  				GetCertificate: func(chi *ClientHelloInfo) (*tls.Certificate, error) {
   112  					return &tls.Certificate{Certificate: cert.Certificate, PrivateKey: rsaPrivateKey}, nil
   113  				},
   114  			},
   115  		},
   116  		"Valid config with get client certificate": {
   117  			config: &Config{
   118  				CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
   119  				GetClientCertificate: func(cri *CertificateRequestInfo) (*tls.Certificate, error) {
   120  					return &tls.Certificate{Certificate: cert.Certificate, PrivateKey: rsaPrivateKey}, nil
   121  				},
   122  			},
   123  		},
   124  	}
   125  
   126  	for name, testCase := range cases {
   127  		testCase := testCase
   128  		t.Run(name, func(t *testing.T) {
   129  			err := validateConfig(testCase.config)
   130  			if testCase.expErr != nil || testCase.wantAnyErr {
   131  				if testCase.expErr != nil && !errors.Is(err, testCase.expErr) {
   132  					t.Fatalf("TestValidateConfig: Config validation error exp(%v) failed(%v)", testCase.expErr, err)
   133  				}
   134  				if err == nil {
   135  					t.Fatalf("TestValidateConfig: Config validation expected an error")
   136  				}
   137  			}
   138  		})
   139  	}
   140  }