2021-01-04 10:28:55 +00:00
package utils
import (
2022-04-04 23:57:47 +00:00
"crypto/elliptic"
2021-01-04 10:28:55 +00:00
"crypto/tls"
2021-03-22 09:04:09 +00:00
"runtime"
2021-01-04 10:28:55 +00:00
"testing"
2022-04-04 23:57:47 +00:00
"time"
2021-01-04 10:28:55 +00:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
2021-08-11 01:04:35 +00:00
"github.com/authelia/authelia/v4/internal/configuration/schema"
2021-01-04 10:28:55 +00:00
)
func TestShouldSetupDefaultTLSMinVersionOnErr ( t * testing . T ) {
schemaTLSConfig := & schema . TLSConfig {
MinimumVersion : "NotAVersion" ,
ServerName : "golang.org" ,
SkipVerify : true ,
}
tlsConfig := NewTLSConfig ( schemaTLSConfig , tls . VersionTLS12 , nil )
assert . Equal ( t , uint16 ( tls . VersionTLS12 ) , tlsConfig . MinVersion )
assert . Equal ( t , "golang.org" , tlsConfig . ServerName )
assert . True ( t , tlsConfig . InsecureSkipVerify )
}
func TestShouldReturnCorrectTLSVersions ( t * testing . T ) {
tls13 := uint16 ( tls . VersionTLS13 )
tls12 := uint16 ( tls . VersionTLS12 )
tls11 := uint16 ( tls . VersionTLS11 )
tls10 := uint16 ( tls . VersionTLS10 )
version , err := TLSStringToTLSConfigVersion ( TLS13 )
assert . Equal ( t , tls13 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS13 )
assert . Equal ( t , tls13 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( TLS12 )
assert . Equal ( t , tls12 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS12 )
assert . Equal ( t , tls12 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( TLS11 )
assert . Equal ( t , tls11 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS11 )
assert . Equal ( t , tls11 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( TLS10 )
assert . Equal ( t , tls10 , version )
assert . NoError ( t , err )
version , err = TLSStringToTLSConfigVersion ( "TLS" + TLS10 )
assert . Equal ( t , tls10 , version )
assert . NoError ( t , err )
}
func TestShouldReturnZeroAndErrorOnInvalidTLSVersions ( t * testing . T ) {
version , err := TLSStringToTLSConfigVersion ( "TLS1.4" )
assert . Error ( t , err )
assert . Equal ( t , uint16 ( 0 ) , version )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , err , "supplied tls version isn't supported" )
2021-01-04 10:28:55 +00:00
version , err = TLSStringToTLSConfigVersion ( "SSL3.0" )
assert . Error ( t , err )
assert . Equal ( t , uint16 ( 0 ) , version )
2022-02-28 03:15:01 +00:00
assert . EqualError ( t , err , "supplied tls version isn't supported" )
2021-01-04 10:28:55 +00:00
}
func TestShouldReturnErrWhenX509DirectoryNotExist ( t * testing . T ) {
2021-08-03 09:55:21 +00:00
pool , warnings , errors := NewX509CertPool ( "/tmp/asdfzyxabc123/not/a/real/dir" )
2021-01-04 10:28:55 +00:00
assert . NotNil ( t , pool )
2021-03-22 09:04:09 +00:00
if runtime . GOOS == windows {
2021-08-03 09:55:21 +00:00
require . Len ( t , warnings , 1 )
assert . EqualError ( t , warnings [ 0 ] , "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows" )
2021-03-22 09:04:09 +00:00
} else {
2021-08-03 09:55:21 +00:00
assert . Len ( t , warnings , 0 )
2021-03-22 09:04:09 +00:00
}
2021-08-03 09:55:21 +00:00
require . Len ( t , errors , 1 )
2021-03-22 09:04:09 +00:00
if runtime . GOOS == windows {
2021-08-03 09:55:21 +00:00
assert . EqualError ( t , errors [ 0 ] , "could not read certificates from directory open /tmp/asdfzyxabc123/not/a/real/dir: The system cannot find the path specified." )
2021-03-22 09:04:09 +00:00
} else {
2021-08-03 09:55:21 +00:00
assert . EqualError ( t , errors [ 0 ] , "could not read certificates from directory open /tmp/asdfzyxabc123/not/a/real/dir: no such file or directory" )
2021-03-22 09:04:09 +00:00
}
2021-01-04 10:28:55 +00:00
}
func TestShouldNotReturnErrWhenX509DirectoryExist ( t * testing . T ) {
2021-08-03 09:55:21 +00:00
pool , warnings , errors := NewX509CertPool ( "/tmp" )
2021-01-04 10:28:55 +00:00
assert . NotNil ( t , pool )
2021-03-22 09:04:09 +00:00
if runtime . GOOS == windows {
2021-08-03 09:55:21 +00:00
require . Len ( t , warnings , 1 )
assert . EqualError ( t , warnings [ 0 ] , "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows" )
2021-03-22 09:04:09 +00:00
} else {
2021-08-03 09:55:21 +00:00
assert . Len ( t , warnings , 0 )
2021-03-22 09:04:09 +00:00
}
2021-08-03 09:55:21 +00:00
assert . Len ( t , errors , 0 )
2021-01-04 10:28:55 +00:00
}
func TestShouldReadCertsFromDirectoryButNotKeys ( t * testing . T ) {
2021-08-03 09:55:21 +00:00
pool , warnings , errors := NewX509CertPool ( "../suites/common/ssl/" )
2021-01-04 10:28:55 +00:00
assert . NotNil ( t , pool )
2021-08-03 09:55:21 +00:00
require . Len ( t , errors , 1 )
2021-03-22 09:04:09 +00:00
if runtime . GOOS == "windows" {
2021-08-03 09:55:21 +00:00
require . Len ( t , warnings , 1 )
assert . EqualError ( t , warnings [ 0 ] , "could not load system certificate pool which may result in untrusted certificate issues: crypto/x509: system root pool is not available on Windows" )
2021-03-22 09:04:09 +00:00
} else {
2021-08-03 09:55:21 +00:00
assert . Len ( t , warnings , 0 )
2021-03-22 09:04:09 +00:00
}
2021-08-03 09:55:21 +00:00
assert . EqualError ( t , errors [ 0 ] , "could not import certificate key.pem" )
2021-01-04 10:28:55 +00:00
}
2022-04-04 23:57:47 +00:00
func TestShouldGenerateCertificateAndPersistIt ( t * testing . T ) {
testCases := [ ] struct {
Name string
PrivateKeyBuilder PrivateKeyBuilder
} {
{
Name : "P224" ,
PrivateKeyBuilder : ECDSAKeyBuilder { } . WithCurve ( elliptic . P224 ( ) ) ,
} ,
{
Name : "P256" ,
PrivateKeyBuilder : ECDSAKeyBuilder { } . WithCurve ( elliptic . P256 ( ) ) ,
} ,
{
Name : "P384" ,
PrivateKeyBuilder : ECDSAKeyBuilder { } . WithCurve ( elliptic . P384 ( ) ) ,
} ,
{
Name : "P521" ,
PrivateKeyBuilder : ECDSAKeyBuilder { } . WithCurve ( elliptic . P521 ( ) ) ,
} ,
{
Name : "Ed25519" ,
PrivateKeyBuilder : Ed25519KeyBuilder { } ,
} ,
{
Name : "RSA" ,
PrivateKeyBuilder : RSAKeyBuilder { keySizeInBits : 2048 } ,
} ,
}
for _ , tc := range testCases {
t . Run ( tc . Name , func ( t * testing . T ) {
certBytes , keyBytes , err := GenerateCertificate ( tc . PrivateKeyBuilder , [ ] string { "authelia.com" , "example.org" } , time . Now ( ) , 3 * time . Hour , false )
require . NoError ( t , err )
assert . True ( t , len ( certBytes ) > 0 )
assert . True ( t , len ( keyBytes ) > 0 )
} )
}
}
