storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/certs/certs_test.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/certs/certs_test.go (about)

     1  /*
     2   * MinIO Cloud Storage, (C) 2018 MinIO, Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  package certs_test
    18  
    19  import (
    20  	"context"
    21  	"crypto/tls"
    22  	"io"
    23  	"os"
    24  	"reflect"
    25  	"testing"
    26  	"time"
    27  
    28  	"storj.io/minio/pkg/certs"
    29  )
    30  
    31  func updateCerts(crt, key string) {
    32  	// ignore error handling
    33  	crtSource, _ := os.Open(crt)
    34  	defer crtSource.Close()
    35  	crtDest, _ := os.Create("public.crt")
    36  	defer crtDest.Close()
    37  	io.Copy(crtDest, crtSource)
    38  
    39  	keySource, _ := os.Open(key)
    40  	defer keySource.Close()
    41  	keyDest, _ := os.Create("private.key")
    42  	defer keyDest.Close()
    43  	io.Copy(keyDest, keySource)
    44  }
    45  
    46  func TestNewManager(t *testing.T) {
    47  	ctx, cancelFn := context.WithCancel(context.Background())
    48  	defer cancelFn()
    49  	c, err := certs.NewManager(ctx, "public.crt", "private.key", tls.LoadX509KeyPair)
    50  	if err != nil {
    51  		t.Fatal(err)
    52  	}
    53  	hello := &tls.ClientHelloInfo{}
    54  	gcert, err := c.GetCertificate(hello)
    55  	if err != nil {
    56  		t.Fatal(err)
    57  	}
    58  	expectedCert, err := tls.LoadX509KeyPair("public.crt", "private.key")
    59  	if err != nil {
    60  		t.Fatal(err)
    61  	}
    62  	if !reflect.DeepEqual(gcert.Certificate, expectedCert.Certificate) {
    63  		t.Error("certificate doesn't match expected certificate")
    64  	}
    65  	_, err = certs.NewManager(ctx, "public.crt", "new-private.key", tls.LoadX509KeyPair)
    66  	if err == nil {
    67  		t.Fatal("Expected to fail but got success")
    68  	}
    69  }
    70  
    71  func TestValidPairAfterWrite(t *testing.T) {
    72  	ctx, cancelFn := context.WithCancel(context.Background())
    73  	defer cancelFn()
    74  	expectedCert, err := tls.LoadX509KeyPair("new-public.crt", "new-private.key")
    75  	if err != nil {
    76  		t.Fatal(err)
    77  	}
    78  
    79  	c, err := certs.NewManager(ctx, "public.crt", "private.key", tls.LoadX509KeyPair)
    80  	if err != nil {
    81  		t.Fatal(err)
    82  	}
    83  
    84  	updateCerts("new-public.crt", "new-private.key")
    85  	defer updateCerts("original-public.crt", "original-private.key")
    86  
    87  	// Wait for the write event..
    88  	time.Sleep(200 * time.Millisecond)
    89  
    90  	hello := &tls.ClientHelloInfo{}
    91  	gcert, err := c.GetCertificate(hello)
    92  	if err != nil {
    93  		t.Fatal(err)
    94  	}
    95  
    96  	if !reflect.DeepEqual(gcert.Certificate, expectedCert.Certificate) {
    97  		t.Error("certificate doesn't match expected certificate")
    98  	}
    99  
   100  	rInfo := &tls.CertificateRequestInfo{}
   101  	gcert, err = c.GetClientCertificate(rInfo)
   102  	if err != nil {
   103  		t.Fatal(err)
   104  	}
   105  
   106  	if !reflect.DeepEqual(gcert.Certificate, expectedCert.Certificate) {
   107  		t.Error("client certificate doesn't match expected certificate")
   108  	}
   109  }