github.com/true-sqn/fabric@v2.1.1+incompatible/core/middleware/require_cert_test.go

github.com/true-sqn/fabric@v2.1.1+incompatible/core/middleware/require_cert_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package middleware_test
     8  
     9  import (
    10  	"crypto/x509"
    11  	"net/http"
    12  	"net/http/httptest"
    13  
    14  	"github.com/hyperledger/fabric/core/middleware"
    15  	"github.com/hyperledger/fabric/core/middleware/fakes"
    16  	. "github.com/onsi/ginkgo"
    17  	. "github.com/onsi/gomega"
    18  )
    19  
    20  var _ = Describe("RequireCert", func() {
    21  	var (
    22  		requireCert middleware.Middleware
    23  		handler     *fakes.HTTPHandler
    24  		chain       http.Handler
    25  
    26  		req  *http.Request
    27  		resp *httptest.ResponseRecorder
    28  	)
    29  
    30  	BeforeEach(func() {
    31  		handler = &fakes.HTTPHandler{}
    32  		requireCert = middleware.RequireCert()
    33  		chain = requireCert(handler)
    34  
    35  		req = httptest.NewRequest("GET", "https:///", nil)
    36  		req.TLS.VerifiedChains = [][]*x509.Certificate{{
    37  			&x509.Certificate{},
    38  		}}
    39  		resp = httptest.NewRecorder()
    40  	})
    41  
    42  	It("delegates to the next handler when the first verified chain is not empty", func() {
    43  		chain.ServeHTTP(resp, req)
    44  		Expect(resp.Code).To(Equal(http.StatusOK))
    45  		Expect(handler.ServeHTTPCallCount()).To(Equal(1))
    46  	})
    47  
    48  	Context("when the TLS connection state is nil", func() {
    49  		BeforeEach(func() {
    50  			req.TLS = nil
    51  		})
    52  
    53  		It("responds with http.StatusUnauthorized", func() {
    54  			chain.ServeHTTP(resp, req)
    55  			Expect(resp.Code).To(Equal(http.StatusUnauthorized))
    56  		})
    57  
    58  		It("does not call the next handler", func() {
    59  			chain.ServeHTTP(resp, req)
    60  			Expect(handler.ServeHTTPCallCount()).To(Equal(0))
    61  		})
    62  	})
    63  
    64  	Context("when verified chains is nil", func() {
    65  		BeforeEach(func() {
    66  			req.TLS.VerifiedChains = nil
    67  		})
    68  
    69  		It("responds with http.StatusUnauthorized", func() {
    70  			chain.ServeHTTP(resp, req)
    71  			Expect(resp.Code).To(Equal(http.StatusUnauthorized))
    72  		})
    73  
    74  		It("does not call the next handler", func() {
    75  			chain.ServeHTTP(resp, req)
    76  			Expect(handler.ServeHTTPCallCount()).To(Equal(0))
    77  		})
    78  	})
    79  
    80  	Context("when verified chains is empty", func() {
    81  		BeforeEach(func() {
    82  			req.TLS.VerifiedChains = [][]*x509.Certificate{}
    83  		})
    84  
    85  		It("responds with http.StatusUnauthorized", func() {
    86  			chain.ServeHTTP(resp, req)
    87  			Expect(resp.Code).To(Equal(http.StatusUnauthorized))
    88  		})
    89  
    90  		It("does not call the next handler", func() {
    91  			chain.ServeHTTP(resp, req)
    92  			Expect(handler.ServeHTTPCallCount()).To(Equal(0))
    93  		})
    94  	})
    95  
    96  	Context("when the first verified chain is empty", func() {
    97  		BeforeEach(func() {
    98  			req.TLS.VerifiedChains = [][]*x509.Certificate{{}}
    99  		})
   100  
   101  		It("responds with http.StatusUnauthorized", func() {
   102  			chain.ServeHTTP(resp, req)
   103  			Expect(resp.Code).To(Equal(http.StatusUnauthorized))
   104  		})
   105  
   106  		It("does not call the next handler", func() {
   107  			chain.ServeHTTP(resp, req)
   108  			Expect(handler.ServeHTTPCallCount()).To(Equal(0))
   109  		})
   110  	})
   111  })