func TestIntervals(t *testing.T) { tests := []string{ `git [email protected]:user/repo { interval 10 }`, `git [email protected]:user/repo { interval 5 }`, `git [email protected]:user/repo { interval 2 }`, `git [email protected]:user/repo { interval 1 }`, `git [email protected]:user/repo { interval 6 }`, } for i, test := range tests { SetLogger(gittest.NewLogger(gittest.Open("file"))) c1 := setup.NewTestController(test) git, err := parse(c1) check(t, err) repo := git.Repo(0) c2 := setup.NewTestController(test) _, err = Setup(c2) check(t, err) // start startup services err = c2.Startup[0]() check(t, err) // wait for first background pull gittest.Sleep(time.Millisecond * 100) // switch logger to test file logFile := gittest.Open("file") SetLogger(gittest.NewLogger(logFile)) // sleep for the interval gittest.Sleep(repo.Interval) // get log output out, err := ioutil.ReadAll(logFile) check(t, err) // if greater than minimum interval if repo.Interval >= time.Second*5 { expected := `https://github.com/user/repo.git pulled. No new changes.` // ensure pull is done by tracing the output if expected != strings.TrimSpace(string(out)) { t.Errorf("Test %v: Expected %v found %v", i, expected, string(out)) } } else { // ensure pull is ignored by confirming no output if string(out) != "" { t.Errorf("Test %v: Expected no output but found %v", i, string(out)) } } // stop background thread monitor Services.Stop(repo.URL, 1) } }
func TestSetupParseWithClientAuth(t *testing.T) { params := `tls ` + certFile + ` ` + keyFile + ` { clients client_ca.crt client2_ca.crt }` c := setup.NewTestController(params) _, err := Setup(c) if err != nil { t.Errorf("Expected no errors, got: %v", err) } if count := len(c.TLS.ClientCerts); count != 2 { t.Fatalf("Expected two client certs, had %d", count) } if actual := c.TLS.ClientCerts[0]; actual != "client_ca.crt" { t.Errorf("Expected first client cert file to be '%s', but was '%s'", "client_ca.crt", actual) } if actual := c.TLS.ClientCerts[1]; actual != "client2_ca.crt" { t.Errorf("Expected second client cert file to be '%s', but was '%s'", "client2_ca.crt", actual) } // Test missing client cert file params = `tls ` + certFile + ` ` + keyFile + ` { clients }` c = setup.NewTestController(params) _, err = Setup(c) if err == nil { t.Errorf("Expected an error, but no error returned") } }
func TestSetupParseWithWrongOptionalParams(t *testing.T) { // Test protocols wrong params params := `tls ` + certFile + ` ` + keyFile + ` { protocols ssl tls }` c := setup.NewTestController(params) _, err := Setup(c) if err == nil { t.Errorf("Expected errors, but no error returned") } // Test ciphers wrong params params = `tls ` + certFile + ` ` + keyFile + ` { ciphers not-valid-cipher }` c = setup.NewTestController(params) _, err = Setup(c) if err == nil { t.Errorf("Expected errors, but no error returned") } // Test key_type wrong params params = `tls { key_type ab123 }` c = setup.NewTestController(params) _, err = Setup(c) if err == nil { t.Errorf("Expected errors, but no error returned") } }
func TestSetupParseIncompleteParams(t *testing.T) { // Using tls without args is an error because it's unnecessary. c := setup.NewTestController(`tls`) _, err := Setup(c) if err == nil { t.Error("Expected an error, but didn't get one") } }
func TestGitSetup(t *testing.T) { c := setup.NewTestController(`git [email protected]:mholt/caddy.git`) mid, err := Setup(c) check(t, err) if mid != nil { t.Fatal("Git middleware is a background service and expected to be nil.") } }
func TestSetupParseBasic(t *testing.T) { c := setup.NewTestController(`tls ` + certFile + ` ` + keyFile + ``) _, err := Setup(c) if err != nil { t.Errorf("Expected no errors, got: %v", err) } // Basic checks if !c.TLS.Manual { t.Error("Expected TLS Manual=true, but was false") } if !c.TLS.Enabled { t.Error("Expected TLS Enabled=true, but was false") } // Security defaults if c.TLS.ProtocolMinVersion != tls.VersionTLS10 { t.Errorf("Expected 'tls1.0 (0x0301)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion) } if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 { t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion) } // Cipher checks expectedCiphers := []uint16{ tls.TLS_FALLBACK_SCSV, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, } // Ensure count is correct (plus one for TLS_FALLBACK_SCSV) if len(c.TLS.Ciphers) != len(expectedCiphers) { t.Errorf("Expected %v Ciphers (including TLS_FALLBACK_SCSV), got %v", len(expectedCiphers), len(c.TLS.Ciphers)) } // Ensure ordering is correct for i, actual := range c.TLS.Ciphers { if actual != expectedCiphers[i] { t.Errorf("Expected cipher in position %d to be %0x, got %0x", i, expectedCiphers[i], actual) } } if !c.TLS.PreferServerCipherSuites { t.Error("Expected PreferServerCipherSuites = true, but was false") } }
func TestSetupDefaultWithOptionalParams(t *testing.T) { params := `tls { ciphers RSA-3DES-EDE-CBC-SHA }` c := setup.NewTestController(params) _, err := Setup(c) if err != nil { t.Errorf("Expected no errors, got: %v", err) } if len(c.TLS.Ciphers)-1 != 1 { t.Errorf("Expected 1 ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers)-1) } }
func TestSetupParseWithKeyType(t *testing.T) { params := `tls { key_type p384 }` c := setup.NewTestController(params) _, err := Setup(c) if err != nil { t.Errorf("Expected no errors, got: %v", err) } if KeyType != acme.EC384 { t.Errorf("Expected 'P384' as KeyType, got %#v", KeyType) } }
func TestSetupParseWithOptionalParams(t *testing.T) { params := `tls ` + certFile + ` ` + keyFile + ` { protocols ssl3.0 tls1.2 ciphers RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 }` c := setup.NewTestController(params) _, err := Setup(c) if err != nil { t.Errorf("Expected no errors, got: %v", err) } if c.TLS.ProtocolMinVersion != tls.VersionSSL30 { t.Errorf("Expected 'ssl3.0 (0x0300)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion) } if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 { t.Errorf("Expected 'tls1.2 (0x0302)' as ProtocolMaxVersion, got %#v", c.TLS.ProtocolMaxVersion) } if len(c.TLS.Ciphers)-1 != 3 { t.Errorf("Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers)-1) } }
func TestGitParse(t *testing.T) { tests := []struct { input string shouldErr bool expected *Repo }{ {`git [email protected]:user/repo`, false, &Repo{ URL: "https://github.com/user/repo.git", }}, {`git github.com/user/repo`, false, &Repo{ URL: "https://github.com/user/repo.git", }}, {`git [email protected]/user/repo`, true, nil}, {`git http://github.com/user/repo`, false, &Repo{ URL: "https://github.com/user/repo.git", }}, {`git https://github.com/user/repo`, false, &Repo{ URL: "https://github.com/user/repo.git", }}, {`git http://github.com/user/repo { key ~/.key }`, false, &Repo{ KeyPath: "~/.key", URL: "[email protected]:user/repo.git", }}, {`git [email protected]:user/repo { key ~/.key }`, false, &Repo{ KeyPath: "~/.key", URL: "[email protected]:user/repo.git", }}, {`git `, true, nil}, {`git { }`, true, nil}, {`git { repo [email protected]:user/repo.git`, true, nil}, {`git { repo [email protected]:user/repo key ~/.key }`, false, &Repo{ KeyPath: "~/.key", URL: "[email protected]:user/repo.git", }}, {`git { repo [email protected]:user/repo key ~/.key interval 600 }`, false, &Repo{ KeyPath: "~/.key", URL: "[email protected]:user/repo.git", Interval: time.Second * 600, }}, {`git { repo [email protected]:user/repo branch dev }`, false, &Repo{ Branch: "dev", URL: "https://github.com/user/repo.git", }}, {`git { key ~/.key }`, true, nil}, {`git { repo [email protected]:user/repo key ~/.key then echo hello world }`, false, &Repo{ KeyPath: "~/.key", URL: "[email protected]:user/repo.git", Then: []Then{NewThen("echo", "hello world")}, }}, {`git https://[email protected]/user/repo.git`, false, &Repo{ URL: "https://[email protected]/user/repo.git", }}, {`git https://[email protected]/user/repo.git { key ~/.key }`, false, &Repo{ KeyPath: "~/.key", URL: "[email protected]:user/repo.git", }}, {`git [email protected]:user/repo.git { key ~/.key }`, false, &Repo{ KeyPath: "~/.key", URL: "[email protected]:user/repo.git", }}, } for i, test := range tests { c := setup.NewTestController(test.input) git, err := parse(c) if !test.shouldErr && err != nil { t.Errorf("Test %v should not error but found %v", i, err) continue } if test.shouldErr && err == nil { t.Errorf("Test %v should error but found nil", i) continue } repo := git.Repo(0) if !reposEqual(test.expected, repo) { t.Errorf("Test %v expects %v but found %v", i, test.expected, repo) } } }
func TestSetupParseWithClientAuth(t *testing.T) { // Test missing client cert file params := `tls ` + certFile + ` ` + keyFile + ` { clients }` c := setup.NewTestController(params) _, err := Setup(c) if err == nil { t.Errorf("Expected an error, but no error returned") } noCAs, twoCAs := []string{}, []string{"client_ca.crt", "client2_ca.crt"} for caseNumber, caseData := range []struct { params string clientAuthType tls.ClientAuthType expectedErr bool expectedCAs []string }{ {"", tls.NoClientCert, false, noCAs}, {`tls ` + certFile + ` ` + keyFile + ` { clients client_ca.crt client2_ca.crt }`, tls.RequireAndVerifyClientCert, false, twoCAs}, // now come modifier {`tls ` + certFile + ` ` + keyFile + ` { clients request }`, tls.RequestClientCert, false, noCAs}, {`tls ` + certFile + ` ` + keyFile + ` { clients require }`, tls.RequireAnyClientCert, false, noCAs}, {`tls ` + certFile + ` ` + keyFile + ` { clients verify_if_given client_ca.crt client2_ca.crt }`, tls.VerifyClientCertIfGiven, false, twoCAs}, {`tls ` + certFile + ` ` + keyFile + ` { clients verify_if_given }`, tls.VerifyClientCertIfGiven, true, noCAs}, } { c := setup.NewTestController(caseData.params) _, err := Setup(c) if caseData.expectedErr { if err == nil { t.Errorf("In case %d: Expected an error, got: %v", caseNumber, err) } continue } if err != nil { t.Errorf("In case %d: Expected no errors, got: %v", caseNumber, err) } if caseData.clientAuthType != c.TLS.ClientAuth { t.Errorf("In case %d: Expected TLS client auth type %v, got: %v", caseNumber, caseData.clientAuthType, c.TLS.ClientAuth) } if count := len(c.TLS.ClientCerts); count < len(caseData.expectedCAs) { t.Fatalf("In case %d: Expected %d client certs, had %d", caseNumber, len(caseData.expectedCAs), count) } for idx, expected := range caseData.expectedCAs { if actual := c.TLS.ClientCerts[idx]; actual != expected { t.Errorf("In case %d: Expected %dth client cert file to be '%s', but was '%s'", caseNumber, idx, expected, actual) } } } }