istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/util/certutil_test.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package util 16 17 import ( 18 "os" 19 "testing" 20 "time" 21 ) 22 23 const ( 24 // This cert has: 25 // NotBefore = 2017-08-23 19:00:40 +0000 UTC 26 // NotAfter = 2017-08-24 19:00:40 +0000 UTC 27 testCertFile = "testdata/cert-util.pem" 28 ) 29 30 func TestGetWaitTime(t *testing.T) { 31 testCert, err := os.ReadFile(testCertFile) 32 if err != nil { 33 t.Errorf("cannot read testing cert file") 34 return 35 } 36 testCases := map[string]struct { 37 cert []byte 38 now time.Time 39 expectedWaitTime int 40 expectedErr string 41 }{ 42 "Success": { 43 // Now = 2017-08-23 21:00:40 +0000 UTC 44 // Cert TTL is 24h, and grace period is 50% of TTL, that is 12h. 45 // The cert expires at 2017-08-24 19:00:40 +0000 UTC, so the grace period starts at 2017-08-24 07:00:40 +0000 UTC 46 // The wait time is the duration from fake now to the grace period start time, which is 10h39s (36039s). 47 cert: testCert, 48 now: time.Date(2017, time.August, 23, 21, 0, 0, 40, time.UTC), 49 expectedWaitTime: 36039, 50 }, 51 "Cert expired": { 52 // Now = 2017-08-25 21:00:40 +0000 UTC. 53 // Now is later than cert's NotAfter 2017-08-24 19:00:40 +0000 UTC. 54 cert: testCert, 55 now: time.Date(2017, time.August, 25, 21, 0, 0, 40, time.UTC), 56 expectedErr: "certificate already expired at 2017-08-24 19:00:40 +0000" + 57 " UTC, but now is 2017-08-25 21:00:00.00000004 +0000 UTC", 58 }, 59 "Renew now": { 60 // Now = 2017-08-24 16:00:40 +0000 UTC 61 // Now is later than the start of grace period 2017-08-24 07:00:40 +0000 UTC, but earlier than 62 // cert expiration 2017-08-24 19:00:40 +0000 UTC. 63 cert: testCert, 64 now: time.Date(2017, time.August, 24, 16, 0, 0, 40, time.UTC), 65 expectedErr: "got a certificate that should be renewed now", 66 }, 67 "Invalid cert pem": { 68 cert: []byte(`INVALIDCERT`), 69 now: time.Date(2017, time.August, 23, 21, 0, 0, 40, time.UTC), 70 expectedErr: "invalid PEM encoded certificate", 71 }, 72 } 73 74 cu := NewCertUtil(50) // Grace period percentage is set to 50 75 for id, c := range testCases { 76 waitTime, err := cu.GetWaitTime(c.cert, c.now) 77 if c.expectedErr != "" { 78 if err == nil { 79 t.Errorf("%s: no error is returned.", id) 80 } 81 if err.Error() != c.expectedErr { 82 t.Errorf("%s: incorrect error message: %s VS %s", id, err.Error(), c.expectedErr) 83 } 84 } else { 85 if err != nil { 86 t.Errorf("%s: unexpected error: %v", id, err) 87 } 88 if int(waitTime.Seconds()) != c.expectedWaitTime { 89 t.Errorf("%s: incorrect waittime. Expected %ds, but got %ds.", id, c.expectedWaitTime, int(waitTime.Seconds())) 90 } 91 } 92 } 93 }