Exemple #1
0
func TestIntervals(t *testing.T) {
	tests := []string{
		`git [email protected]:user/repo { interval 10 }`,
		`git [email protected]:user/repo { interval 5 }`,
		`git [email protected]:user/repo { interval 2 }`,
		`git [email protected]:user/repo { interval 1 }`,
		`git [email protected]:user/repo { interval 6 }`,
	}

	for i, test := range tests {
		SetLogger(gittest.NewLogger(gittest.Open("file")))
		c1 := setup.NewTestController(test)
		git, err := parse(c1)
		check(t, err)
		repo := git.Repo(0)

		c2 := setup.NewTestController(test)
		_, err = Setup(c2)
		check(t, err)

		// start startup services
		err = c2.Startup[0]()
		check(t, err)

		// wait for first background pull
		gittest.Sleep(time.Millisecond * 100)

		// switch logger to test file
		logFile := gittest.Open("file")
		SetLogger(gittest.NewLogger(logFile))

		// sleep for the interval
		gittest.Sleep(repo.Interval)

		// get log output
		out, err := ioutil.ReadAll(logFile)
		check(t, err)

		// if greater than minimum interval
		if repo.Interval >= time.Second*5 {
			expected := `https://github.com/user/repo.git pulled.
No new changes.`

			// ensure pull is done by tracing the output
			if expected != strings.TrimSpace(string(out)) {
				t.Errorf("Test %v: Expected %v found %v", i, expected, string(out))
			}
		} else {
			// ensure pull is ignored by confirming no output
			if string(out) != "" {
				t.Errorf("Test %v: Expected no output but found %v", i, string(out))
			}
		}

		// stop background thread monitor
		Services.Stop(repo.URL, 1)

	}

}
Exemple #2
0
func TestSetupParseWithClientAuth(t *testing.T) {
	params := `tls ` + certFile + ` ` + keyFile + ` {
			clients client_ca.crt client2_ca.crt
		}`
	c := setup.NewTestController(params)
	_, err := Setup(c)
	if err != nil {
		t.Errorf("Expected no errors, got: %v", err)
	}

	if count := len(c.TLS.ClientCerts); count != 2 {
		t.Fatalf("Expected two client certs, had %d", count)
	}
	if actual := c.TLS.ClientCerts[0]; actual != "client_ca.crt" {
		t.Errorf("Expected first client cert file to be '%s', but was '%s'", "client_ca.crt", actual)
	}
	if actual := c.TLS.ClientCerts[1]; actual != "client2_ca.crt" {
		t.Errorf("Expected second client cert file to be '%s', but was '%s'", "client2_ca.crt", actual)
	}

	// Test missing client cert file
	params = `tls ` + certFile + ` ` + keyFile + ` {
			clients
		}`
	c = setup.NewTestController(params)
	_, err = Setup(c)
	if err == nil {
		t.Errorf("Expected an error, but no error returned")
	}
}
Exemple #3
0
func TestSetupParseWithWrongOptionalParams(t *testing.T) {
	// Test protocols wrong params
	params := `tls ` + certFile + ` ` + keyFile + ` {
			protocols ssl tls
		}`
	c := setup.NewTestController(params)
	_, err := Setup(c)
	if err == nil {
		t.Errorf("Expected errors, but no error returned")
	}

	// Test ciphers wrong params
	params = `tls ` + certFile + ` ` + keyFile + ` {
			ciphers not-valid-cipher
		}`
	c = setup.NewTestController(params)
	_, err = Setup(c)
	if err == nil {
		t.Errorf("Expected errors, but no error returned")
	}

	// Test key_type wrong params
	params = `tls {
			key_type ab123
		}`
	c = setup.NewTestController(params)
	_, err = Setup(c)
	if err == nil {
		t.Errorf("Expected errors, but no error returned")
	}
}
Exemple #4
0
func TestSetupParseIncompleteParams(t *testing.T) {
	// Using tls without args is an error because it's unnecessary.
	c := setup.NewTestController(`tls`)
	_, err := Setup(c)
	if err == nil {
		t.Error("Expected an error, but didn't get one")
	}
}
Exemple #5
0
func TestGitSetup(t *testing.T) {
	c := setup.NewTestController(`git [email protected]:mholt/caddy.git`)

	mid, err := Setup(c)
	check(t, err)
	if mid != nil {
		t.Fatal("Git middleware is a background service and expected to be nil.")
	}
}
Exemple #6
0
func TestSetupParseBasic(t *testing.T) {
	c := setup.NewTestController(`tls ` + certFile + ` ` + keyFile + ``)

	_, err := Setup(c)
	if err != nil {
		t.Errorf("Expected no errors, got: %v", err)
	}

	// Basic checks
	if !c.TLS.Manual {
		t.Error("Expected TLS Manual=true, but was false")
	}
	if !c.TLS.Enabled {
		t.Error("Expected TLS Enabled=true, but was false")
	}

	// Security defaults
	if c.TLS.ProtocolMinVersion != tls.VersionTLS10 {
		t.Errorf("Expected 'tls1.0 (0x0301)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion)
	}
	if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 {
		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion)
	}

	// Cipher checks
	expectedCiphers := []uint16{
		tls.TLS_FALLBACK_SCSV,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
		tls.TLS_RSA_WITH_AES_128_CBC_SHA,
	}

	// Ensure count is correct (plus one for TLS_FALLBACK_SCSV)
	if len(c.TLS.Ciphers) != len(expectedCiphers) {
		t.Errorf("Expected %v Ciphers (including TLS_FALLBACK_SCSV), got %v",
			len(expectedCiphers), len(c.TLS.Ciphers))
	}

	// Ensure ordering is correct
	for i, actual := range c.TLS.Ciphers {
		if actual != expectedCiphers[i] {
			t.Errorf("Expected cipher in position %d to be %0x, got %0x", i, expectedCiphers[i], actual)
		}
	}

	if !c.TLS.PreferServerCipherSuites {
		t.Error("Expected PreferServerCipherSuites = true, but was false")
	}
}
Exemple #7
0
func TestSetupDefaultWithOptionalParams(t *testing.T) {
	params := `tls {
            ciphers RSA-3DES-EDE-CBC-SHA
        }`
	c := setup.NewTestController(params)

	_, err := Setup(c)
	if err != nil {
		t.Errorf("Expected no errors, got: %v", err)
	}
	if len(c.TLS.Ciphers)-1 != 1 {
		t.Errorf("Expected 1 ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers)-1)
	}
}
Exemple #8
0
func TestSetupParseWithKeyType(t *testing.T) {
	params := `tls {
            key_type p384
        }`
	c := setup.NewTestController(params)

	_, err := Setup(c)
	if err != nil {
		t.Errorf("Expected no errors, got: %v", err)
	}

	if KeyType != acme.EC384 {
		t.Errorf("Expected 'P384' as KeyType, got %#v", KeyType)
	}
}
Exemple #9
0
func TestSetupParseWithOptionalParams(t *testing.T) {
	params := `tls ` + certFile + ` ` + keyFile + ` {
            protocols ssl3.0 tls1.2
            ciphers RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
        }`
	c := setup.NewTestController(params)

	_, err := Setup(c)
	if err != nil {
		t.Errorf("Expected no errors, got: %v", err)
	}

	if c.TLS.ProtocolMinVersion != tls.VersionSSL30 {
		t.Errorf("Expected 'ssl3.0 (0x0300)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion)
	}

	if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 {
		t.Errorf("Expected 'tls1.2 (0x0302)' as ProtocolMaxVersion, got %#v", c.TLS.ProtocolMaxVersion)
	}

	if len(c.TLS.Ciphers)-1 != 3 {
		t.Errorf("Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers)-1)
	}
}
Exemple #10
0
func TestGitParse(t *testing.T) {
	tests := []struct {
		input     string
		shouldErr bool
		expected  *Repo
	}{
		{`git [email protected]:user/repo`, false, &Repo{
			URL: "https://github.com/user/repo.git",
		}},
		{`git github.com/user/repo`, false, &Repo{
			URL: "https://github.com/user/repo.git",
		}},
		{`git [email protected]/user/repo`, true, nil},
		{`git http://github.com/user/repo`, false, &Repo{
			URL: "https://github.com/user/repo.git",
		}},
		{`git https://github.com/user/repo`, false, &Repo{
			URL: "https://github.com/user/repo.git",
		}},
		{`git http://github.com/user/repo {
			key ~/.key
		}`, false, &Repo{
			KeyPath: "~/.key",
			URL:     "[email protected]:user/repo.git",
		}},
		{`git [email protected]:user/repo {
			key ~/.key
		}`, false, &Repo{
			KeyPath: "~/.key",
			URL:     "[email protected]:user/repo.git",
		}},
		{`git `, true, nil},
		{`git {
		}`, true, nil},
		{`git {
		repo [email protected]:user/repo.git`, true, nil},
		{`git {
		repo [email protected]:user/repo
		key ~/.key
		}`, false, &Repo{
			KeyPath: "~/.key",
			URL:     "[email protected]:user/repo.git",
		}},
		{`git {
		repo [email protected]:user/repo
		key ~/.key
		interval 600
		}`, false, &Repo{
			KeyPath:  "~/.key",
			URL:      "[email protected]:user/repo.git",
			Interval: time.Second * 600,
		}},
		{`git {
		repo [email protected]:user/repo
		branch dev
		}`, false, &Repo{
			Branch: "dev",
			URL:    "https://github.com/user/repo.git",
		}},
		{`git {
		key ~/.key
		}`, true, nil},
		{`git {
		repo [email protected]:user/repo
		key ~/.key
		then echo hello world
		}`, false, &Repo{
			KeyPath: "~/.key",
			URL:     "[email protected]:user/repo.git",
			Then:    []Then{NewThen("echo", "hello world")},
		}},
		{`git https://[email protected]/user/repo.git`, false, &Repo{
			URL: "https://[email protected]/user/repo.git",
		}},
		{`git https://[email protected]/user/repo.git {
			key ~/.key
		}`, false, &Repo{
			KeyPath: "~/.key",
			URL:     "[email protected]:user/repo.git",
		}},
		{`git [email protected]:user/repo.git {
			key ~/.key
		}`, false, &Repo{
			KeyPath: "~/.key",
			URL:     "[email protected]:user/repo.git",
		}},
	}

	for i, test := range tests {
		c := setup.NewTestController(test.input)
		git, err := parse(c)
		if !test.shouldErr && err != nil {
			t.Errorf("Test %v should not error but found %v", i, err)
			continue
		}
		if test.shouldErr && err == nil {
			t.Errorf("Test %v should error but found nil", i)
			continue
		}
		repo := git.Repo(0)
		if !reposEqual(test.expected, repo) {
			t.Errorf("Test %v expects %v but found %v", i, test.expected, repo)
		}
	}
}
Exemple #11
0
func TestSetupParseWithClientAuth(t *testing.T) {
	// Test missing client cert file
	params := `tls ` + certFile + ` ` + keyFile + ` {
			clients
		}`
	c := setup.NewTestController(params)
	_, err := Setup(c)
	if err == nil {
		t.Errorf("Expected an error, but no error returned")
	}

	noCAs, twoCAs := []string{}, []string{"client_ca.crt", "client2_ca.crt"}
	for caseNumber, caseData := range []struct {
		params         string
		clientAuthType tls.ClientAuthType
		expectedErr    bool
		expectedCAs    []string
	}{
		{"", tls.NoClientCert, false, noCAs},
		{`tls ` + certFile + ` ` + keyFile + ` {
			clients client_ca.crt client2_ca.crt
		}`, tls.RequireAndVerifyClientCert, false, twoCAs},
		// now come modifier
		{`tls ` + certFile + ` ` + keyFile + ` {
			clients request
		}`, tls.RequestClientCert, false, noCAs},
		{`tls ` + certFile + ` ` + keyFile + ` {
			clients require
		}`, tls.RequireAnyClientCert, false, noCAs},
		{`tls ` + certFile + ` ` + keyFile + ` {
			clients verify_if_given client_ca.crt client2_ca.crt
		}`, tls.VerifyClientCertIfGiven, false, twoCAs},
		{`tls ` + certFile + ` ` + keyFile + ` {
			clients verify_if_given
		}`, tls.VerifyClientCertIfGiven, true, noCAs},
	} {
		c := setup.NewTestController(caseData.params)
		_, err := Setup(c)
		if caseData.expectedErr {
			if err == nil {
				t.Errorf("In case %d: Expected an error, got: %v", caseNumber, err)
			}
			continue
		}
		if err != nil {
			t.Errorf("In case %d: Expected no errors, got: %v", caseNumber, err)
		}

		if caseData.clientAuthType != c.TLS.ClientAuth {
			t.Errorf("In case %d: Expected TLS client auth type %v, got: %v",
				caseNumber, caseData.clientAuthType, c.TLS.ClientAuth)
		}

		if count := len(c.TLS.ClientCerts); count < len(caseData.expectedCAs) {
			t.Fatalf("In case %d: Expected %d client certs, had %d", caseNumber, len(caseData.expectedCAs), count)
		}

		for idx, expected := range caseData.expectedCAs {
			if actual := c.TLS.ClientCerts[idx]; actual != expected {
				t.Errorf("In case %d: Expected %dth client cert file to be '%s', but was '%s'",
					caseNumber, idx, expected, actual)
			}
		}
	}
}