go.etcd.io/etcd@v3.3.27+incompatible/integration/v3_tls_test.go

go.etcd.io/etcd@v3.3.27+incompatible/integration/v3_tls_test.go (about)

     1  // Copyright 2018 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package integration
    16  
    17  import (
    18  	"context"
    19  	"crypto/tls"
    20  	"testing"
    21  	"time"
    22  
    23  	"github.com/coreos/etcd/clientv3"
    24  	"github.com/coreos/etcd/pkg/testutil"
    25  	"google.golang.org/grpc"
    26  )
    27  
    28  func TestTLSClientCipherSuitesValid(t *testing.T)    { testTLSCipherSuites(t, true) }
    29  func TestTLSClientCipherSuitesMismatch(t *testing.T) { testTLSCipherSuites(t, false) }
    30  
    31  // testTLSCipherSuites ensures mismatching client-side cipher suite
    32  // fail TLS handshake with the server.
    33  func testTLSCipherSuites(t *testing.T, valid bool) {
    34  	defer testutil.AfterTest(t)
    35  
    36  	cipherSuites := []uint16{
    37  		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    38  		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    39  		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    40  		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    41  		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
    42  		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
    43  	}
    44  	srvTLS, cliTLS := testTLSInfo, testTLSInfo
    45  	if valid {
    46  		srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites, cipherSuites
    47  	} else {
    48  		srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites[:2], cipherSuites[2:]
    49  	}
    50  
    51  	clus := NewClusterV3(t, &ClusterConfig{Size: 1, ClientTLS: &srvTLS})
    52  	defer clus.Terminate(t)
    53  
    54  	cc, err := cliTLS.ClientConfig()
    55  	if err != nil {
    56  		t.Fatal(err)
    57  	}
    58  	cli, cerr := clientv3.New(clientv3.Config{
    59  		Endpoints:   []string{clus.Members[0].GRPCAddr()},
    60  		DialTimeout: time.Second,
    61  		DialOptions: []grpc.DialOption{grpc.WithBlock()},
    62  		TLS:         cc,
    63  	})
    64  	if cli != nil {
    65  		cli.Close()
    66  	}
    67  	if !valid && cerr != context.DeadlineExceeded {
    68  		t.Fatalf("expected %v with TLS handshake failure, got %v", context.DeadlineExceeded, cerr)
    69  	}
    70  	if valid && cerr != nil {
    71  		t.Fatalf("expected TLS handshake success, got %v", cerr)
    72  	}
    73  }