github.com/unigraph-dev/dgraph@v1.1.1-0.20200923154953-8b52b426f765/tlstest/certrequireandverify/certrequireandverify_test.go (about) 1 package certrequireandverify 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/dgraph-io/dgo/protos/api" 8 "github.com/dgraph-io/dgraph/testutil" 9 "github.com/spf13/viper" 10 "github.com/stretchr/testify/require" 11 ) 12 13 func TestAccessWithoutClientCert(t *testing.T) { 14 conf := viper.New() 15 conf.Set("tls_cacert", "../tls/ca.crt") 16 conf.Set("tls_server_name", "node") 17 18 dg, err := testutil.DgraphClientWithCerts(testutil.SockAddr, conf) 19 require.NoError(t, err, "Unable to get dgraph client: %v", err) 20 err = dg.Alter(context.Background(), &api.Operation{DropAll: true}) 21 require.Error(t, err, "The authentication handshake should have failed") 22 } 23 24 func TestAccessWithClientCert(t *testing.T) { 25 conf := viper.New() 26 conf.Set("tls_cacert", "../tls/ca.crt") 27 conf.Set("tls_server_name", "node") 28 conf.Set("tls_cert", "../tls/client.acl.crt") 29 conf.Set("tls_key", "../tls/client.acl.key") 30 31 dg, err := testutil.DgraphClientWithCerts(testutil.SockAddr, conf) 32 require.NoError(t, err, "Unable to get dgraph client: %v", err) 33 err = dg.Alter(context.Background(), &api.Operation{DropAll: true}) 34 require.NoError(t, err, "Unable to perform dropall: %v", err) 35 } 36 37 func TestCurlAccessWithoutClientCert(t *testing.T) { 38 curlArgs := []string{ 39 "--cacert", "../tls/ca.crt", "https://localhost:8180/alter", 40 "-d", "name: string @index(exact) .", 41 } 42 testutil.VerifyCurlCmd(t, curlArgs, &testutil.CurlFailureConfig{ 43 ShouldFail: true, 44 CurlErrMsg: "alert bad certificate", 45 }) 46 } 47 48 func TestCurlAccessWithClientCert(t *testing.T) { 49 curlArgs := []string{ 50 "--cacert", "../tls/ca.crt", 51 "--cert", "../tls/client.acl.crt", 52 "--key", "../tls/client.acl.key", 53 "https://localhost:8180/alter", 54 "-d", "name: string @index(exact) .", 55 } 56 testutil.VerifyCurlCmd(t, curlArgs, &testutil.CurlFailureConfig{ 57 ShouldFail: false, 58 }) 59 }