vitess.io/vitess@v0.16.2/go/vt/vtorc/ssl/ssl_test.go (about) 1 package ssl_test 2 3 import ( 4 "crypto/tls" 5 "os" 6 "reflect" 7 "strings" 8 "syscall" 9 "testing" 10 11 "vitess.io/vitess/go/vt/vtorc/ssl" 12 ) 13 14 func TestHasString(t *testing.T) { 15 elem := "foo" 16 a1 := []string{"bar", "foo", "baz"} 17 a2 := []string{"bar", "fuu", "baz"} 18 good := ssl.HasString(elem, a1) 19 if !good { 20 t.Errorf("Didn't find %s in array %s", elem, strings.Join(a1, ", ")) 21 } 22 bad := ssl.HasString(elem, a2) 23 if bad { 24 t.Errorf("Unexpectedly found %s in array %s", elem, strings.Join(a2, ", ")) 25 } 26 } 27 28 // TODO: Build a fake CA and make sure it loads up 29 func TestNewTLSConfig(t *testing.T) { 30 fakeCA := writeFakeFile(pemCertificate) 31 defer func() { 32 _ = syscall.Unlink(fakeCA) 33 }() 34 35 conf, err := ssl.NewTLSConfig(fakeCA, true) 36 if err != nil { 37 t.Errorf("Could not create new TLS config: %s", err) 38 } 39 if conf.ClientAuth != tls.VerifyClientCertIfGiven { 40 t.Errorf("Client certificate verification was not enabled") 41 } 42 if conf.ClientCAs == nil { 43 t.Errorf("ClientCA empty even though cert provided") 44 } 45 46 conf, err = ssl.NewTLSConfig("", false) 47 if err != nil { 48 t.Errorf("Could not create new TLS config: %s", err) 49 } 50 if conf.ClientAuth == tls.VerifyClientCertIfGiven { 51 t.Errorf("Client certificate verification was enabled unexpectedly") 52 } 53 if conf.ClientCAs != nil { 54 t.Errorf("Filling in ClientCA somehow without a cert") 55 } 56 } 57 58 func TestReadPEMData(t *testing.T) { 59 pemCertFile := writeFakeFile(pemCertificate) 60 defer func() { 61 _ = syscall.Unlink(pemCertFile) 62 }() 63 pemPKFile := writeFakeFile(pemPrivateKey) 64 defer func() { 65 _ = syscall.Unlink(pemPKFile) 66 }() 67 pemPKWPFile := writeFakeFile(pemPrivateKeyWithPass) 68 defer func() { 69 _ = syscall.Unlink(pemPKWPFile) 70 }() 71 _, err := ssl.ReadPEMData(pemCertFile, []byte{}) 72 if err != nil { 73 t.Errorf("Failed to decode certificate: %s", err) 74 } 75 pemNoPassBytes, err := ssl.ReadPEMData(pemPKFile, []byte{}) 76 if err != nil { 77 t.Errorf("Failed to decode private key: %s", err) 78 } 79 pemPassBytes, err := ssl.ReadPEMData(pemPKWPFile, []byte("testing")) 80 if err != nil { 81 t.Errorf("Failed to decode private key with password: %s", err) 82 } 83 if reflect.DeepEqual(pemPassBytes, pemNoPassBytes) { 84 t.Errorf("PEM encoding failed after password removal") 85 } 86 } 87 88 func TestAppendKeyPair(t *testing.T) { 89 c, err := ssl.NewTLSConfig("", false) 90 if err != nil { 91 t.Fatal(err) 92 } 93 pemCertFile := writeFakeFile(pemCertificate) 94 defer func() { 95 _ = syscall.Unlink(pemCertFile) 96 }() 97 pemPKFile := writeFakeFile(pemPrivateKey) 98 defer func() { 99 _ = syscall.Unlink(pemPKFile) 100 }() 101 102 if err := ssl.AppendKeyPair(c, pemCertFile, pemPKFile); err != nil { 103 t.Errorf("Failed to append certificate and key to tls config: %s", err) 104 } 105 } 106 107 func TestAppendKeyPairWithPassword(t *testing.T) { 108 c, err := ssl.NewTLSConfig("", false) 109 if err != nil { 110 t.Fatal(err) 111 } 112 pemCertFile := writeFakeFile(pemCertificate) 113 defer func() { 114 _ = syscall.Unlink(pemCertFile) 115 }() 116 pemPKFile := writeFakeFile(pemPrivateKeyWithPass) 117 defer func() { 118 _ = syscall.Unlink(pemPKFile) 119 }() 120 121 if err := ssl.AppendKeyPairWithPassword(c, pemCertFile, pemPKFile, []byte("testing")); err != nil { 122 t.Errorf("Failed to append certificate and key to tls config: %s", err) 123 } 124 } 125 126 func TestIsEncryptedPEM(t *testing.T) { 127 pemPKFile := writeFakeFile(pemPrivateKey) 128 defer func() { 129 _ = syscall.Unlink(pemPKFile) 130 }() 131 pemPKWPFile := writeFakeFile(pemPrivateKeyWithPass) 132 defer func() { 133 _ = syscall.Unlink(pemPKWPFile) 134 }() 135 if ssl.IsEncryptedPEM(pemPKFile) { 136 t.Errorf("Incorrectly identified unencrypted PEM as encrypted") 137 } 138 if !ssl.IsEncryptedPEM(pemPKWPFile) { 139 t.Errorf("Incorrectly identified encrypted PEM as unencrypted") 140 } 141 } 142 143 func writeFakeFile(content string) string { 144 f, err := os.CreateTemp("", "ssl_test") 145 if err != nil { 146 return "" 147 } 148 _ = os.WriteFile(f.Name(), []byte(content), 0644) 149 return f.Name() 150 } 151 152 const pemCertificate = `-----BEGIN CERTIFICATE----- 153 MIIDtTCCAp2gAwIBAgIJAOxKC7FsJelrMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 154 BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX 155 aWRnaXRzIFB0eSBMdGQwHhcNMTcwODEwMTQ0MjM3WhcNMTgwODEwMTQ0MjM3WjBF 156 MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 157 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 158 CgKCAQEA12vHV3gYy5zd1lujA7prEhCSkAszE6E37mViWhLQ63CuedZfyYaTAHQK 159 HYDZi4K1MNAySUfZRMcICSSsxlRIz6mzXrFsowaJgwx4cbMDIvXE03KstuXoTYJh 160 +xmXB+5yEVEtIyP2DvPqfCmwCZb3k94Y/VY1nAQDxIxciXrAxT9zT1oYd0YWr2yp 161 J2mgsfnY4c3zg7W5WgvOTmYz7Ey7GJjpUjGdayx+P1CilKzSWH1xZuVQFNLSHvcH 162 WXkEoCMVc0tW5mO5eEO1aNHo9MSjPF386l1rq+pz5OwjqCEZq2b1YxesyLnbF+8+ 163 iYGfYmFaDLFwG7zVDwialuI4TzIIOQIDAQABo4GnMIGkMB0GA1UdDgQWBBQ1ubGx 164 Yvn3wN5VXyoR0lOD7ARzVTB1BgNVHSMEbjBsgBQ1ubGxYvn3wN5VXyoR0lOD7ARz 165 VaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV 166 BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOxKC7FsJelrMAwGA1UdEwQF 167 MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBALmm4Zw/4jLKDJciUGUYOcr5Xe9TP/Cs 168 afH7IWvaFUDfV3W6yAm9jgNfIy9aDLpuu2CdEb+0qL2hdmGLV7IM3y62Ve0UTdGV 169 BGsm1zMmIguew2wGbAwGr5LmIcUseatVUKAAAfDrBNwotEAdM8kmGekUZfOM+J9D 170 FoNQ62C0buRHGugtu6zWAcZNOe6CI7HdhaAdxZlgn8y7dfJQMacoK0NcWeUVQwii 171 6D4mgaqUGM2O+WcquD1vEMuBPYVcKhi43019E0+6LI5QB6w80bARY8K7tkTdRD7U 172 y1/C7iIqyuBVL45OdSabb37TfGlHZIPIwLaGw3i4Mr0+F0jQT8rZtTQ= 173 -----END CERTIFICATE-----` 174 175 const pemPrivateKey = `-----BEGIN RSA PRIVATE KEY----- 176 MIIEpAIBAAKCAQEA12vHV3gYy5zd1lujA7prEhCSkAszE6E37mViWhLQ63CuedZf 177 yYaTAHQKHYDZi4K1MNAySUfZRMcICSSsxlRIz6mzXrFsowaJgwx4cbMDIvXE03Ks 178 tuXoTYJh+xmXB+5yEVEtIyP2DvPqfCmwCZb3k94Y/VY1nAQDxIxciXrAxT9zT1oY 179 d0YWr2ypJ2mgsfnY4c3zg7W5WgvOTmYz7Ey7GJjpUjGdayx+P1CilKzSWH1xZuVQ 180 FNLSHvcHWXkEoCMVc0tW5mO5eEO1aNHo9MSjPF386l1rq+pz5OwjqCEZq2b1Yxes 181 yLnbF+8+iYGfYmFaDLFwG7zVDwialuI4TzIIOQIDAQABAoIBAHLf4pleTbqmmBWr 182 IC7oxhgIBmAR2Nbq7eyO2/e0ePxURnZqPwI0ZUekmZBKGbgvp3e0TlyNl+r5R+u4 183 RvosD/fNQv2IF6qH3eSoTcIz98Q40xD+4eNWjp5mnOFOMB/mo6VgaHWIw7oNkElN 184 4bX7b2LG2QSfaE8eRPQW9XHKp+mGhYFbxgPYxUmlIXuYZF61hVwxysDA6DP3LOi8 185 yUL6E64x6NqN9xtg/VoN+f6N0MOvsr4yb5+uvni1LVRFI7tNqIN4Y6P6trgKfnRR 186 EpZeAUu8scqyxE4NeqnnjK/wBuXxaeh3e9mN1V2SzT629c1InmmQasZ5slcCJQB+ 187 38cswgECgYEA+esaLKwHXT4+sOqMYemi7TrhxtNC2f5OAGUiSRVmTnum2gl4wOB+ 188 h5oLZAuG5nBEIoqbMEbI35vfuHqIe390IJtPdQlz4TGDsPufYj/gnnBBFy/c8f+n 189 f/CdRDRYrpnpKGwvUntLRB2pFbe2hlqqq+4YUqiHauJMOCJnPbOo1lECgYEA3KnF 190 VOXyY0fKD45G7ttfAcpw8ZI2gY99sCRwtBQGsbO61bvw5sl/3j7AmYosz+n6f7hb 191 uHmitIuPv4z3r1yfVysh80tTGIM3wDkpr3fLYRxpVOZU4hgxMQV9yyaSA/Hfqn48 192 vIK/NC4bERqpofNNdrIqNaGWkd87ZycvpRfa0WkCgYBztbVVr4RtWG9gLAg5IRot 193 KhD0pEWUdpiYuDpqifznI3r6Al6lNot+rwTNGkUoFhyFvZTigjNozFuFpz3fqAAV 194 RLNCJdFAF1O4spd1vst5r9GDMcbjSJG9u6KkvHO+y0XXUFeMoccUT4NEqd1ZUUsp 195 9T/PrXWdOA9AAjW4rKDkMQKBgQC9R4NVR8mbD8Frhoeh69qbFqO7E8hdalBN/3QN 196 hAAZ/imNnSEPVliwsvNSwQufbPzLAcDrhKrkY7JyhOERM0oa44zDvSESLbxszpvL 197 P97c9hoEEW9OYaIQgr1cvUES0S8ieBZxPVX11HazPUO0/5a68ijyyCD4D5xM53gf 198 DU9NwQKBgQCmVthQi65xcc4mgCIwXtBZWXeaPv5x0dLEXIC5EoN6eXLK9iW//7cE 199 hhawtJtl+J6laB+TkEGQsyhc4v85WcywdisyR7LR7CUqFYJMKeE/VtTVKnYbfq54 200 rHoQS9YotByBwPtRx0V93gkc+KWBOGmSBBxKj7lrBkYkcWAiRfpJjg== 201 -----END RSA PRIVATE KEY-----` 202 203 const pemPrivateKeyWithPass = `-----BEGIN RSA PRIVATE KEY----- 204 Proc-Type: 4,ENCRYPTED 205 DEK-Info: DES-EDE3-CBC,3EABF60A784F9065 206 207 IDGYvdRJXvBt5vEDI9caEYJ2vvVmoqmxTKvheNX0aLSXUl/p8hIZ25kd/4mpmI3m 208 irQdEe2JuNh4/fPDe6Agg6mX6mYCVbiupfXdFKkqJzndW/O5nEQ4yuRgi0fO4wcH 209 OM/kTS8/7UaKfCuWFa71ywh1WeStFDBwsMQqLdFFeuQ/JC6g2tZW6xzCBE0BVIkq 210 6OWXmWumXMufhOdpb9sNoc3lbdOi037V886o0cIRQp4qPepElhhhplrhaJZBSxiP 211 TUldExbtYCN1APhrgUp1RpxIWHNLezjhUYLGooxb6SqinpLd9ia2uFotwNDeX7/T 212 dMPQPtgdFwvoCtWn9oVWp+regdZPacABLsvtTD4NS8h13BKzBmAqtYfHJk44u/Tv 213 6PcCb9xHI7+YpNJznrHiCtALWkfG56mDjp0SP+OKjsYMjo317D+x892i2XT79k2T 214 0IM0OUPizVkN5c7uDQBHqxmE9JVQT7QFMy1P57nWPsmG5o7e9Y/klaPQzi04FWEh 215 YAEZrU5/FQlFziu3/Jw6WwQnm3IqJP6iMlnR9Y5iZCZQnLhcJNIxxOJ/+cVH4dVD 216 jIHztasHgbfld045Ua7nk91VyFP5pWRPFacJ74D+xm/1IjF/+9Uj3NQX88Swig0Q 217 Fi7+eJ1XtCI0YdUqiUdp8QaS1GnFzibSIcXCbLLEn0Cgh/3CFXUyh92M4GIgvmcI 218 /hi4nUDa3nLYDHyOZubFLERb+Zr3EFzNXX4Ga3fcNH0deluxW4tda+QCk0ud6k9N 219 y2bCcAVnvbB+yX2s7CSVq+eaT/4JLIJY5AlrISRwYtG57SR/DN9HuU99dD30k581 220 PmarIt4VAakjXo/Zqd1AMh+ofbC/Qm7jBwbPGPZAM/FjpnVsvaXsdChI19Az72v3 221 wiLOKEw8M23vV4/E7QwW3Pp/RPyUZk6HAlBuLXbcyZHOOV4WPsKrI46BBXL8Qf4X 222 5kpRITFFUaFu3aaO7mloVAoneEKusKJgKOAwWifRI3jf6fH9B8qDA0jQpWRNpLs4 223 3A2qrOyHQ9SMoBr7ya8Vs2BMdfqAmOyiUdVzLr2EjnRxa7f3/7/sdzD1aaIJa2TM 224 kjpKgFMq5B/FRVmuAvKyEF52A/b6L9EpinyB53DzWnIw9W5zdjjRkuxmGmv1R94A 225 gJvbONh955cinHft0rm0hdKo77wDvXZdX5ZeITjOwJ0d/VBHYDGUonDVgnAVLcz+ 226 n1BS+oOS1xLG/EJOGqtNYihVuCkbIwwdAVhc7pKo3nIbLyrKFKFyh/Br11PPBris 227 nlWo8BWSoFv7gKOftkulHJFAVekisaXe4OIcYMATeLvDfAnBDJrNHZn0HcyHI51L 228 3EhCCPJrrmfNv+QMdPk6LTts5YIdhNRSV5PR2X8ZshChod7atyrw+Wm+LCcy3h1G 229 xIVNracpnna+Ic5M8EIJZgLOH7IjDFS1EcPjz5em0rVqGGsLDvxmRo2ZJTPSHlpM 230 8q6VJEIso5sfoauf+fX+y7xk1CpFG8NkXSplbiYmZXdB1zepV1a/ZiW2uU7hEAV7 231 oMEzoBEIw3wTuRasixjH7Z6i8PvF3eUKXCIt0UiwTmWdCCW37c5eqjguyp9aLDtc 232 -----END RSA PRIVATE KEY-----`