package cryptparse import ( `crypto/tls` `embed` `errors` `fmt` `io/fs` `net/url` `os` `strings` "testing" ) var ( // Generated from ../_extra/gen_test_pki //go:embed "_testdata" testPems embed.FS testTmpPemFiles map[string]*os.File testKt string = "ed25519" ) func testInit(t *testing.T) (err error) { var n string var nkt string var b []byte var names []fs.DirEntry var ok bool if testTmpPemFiles == nil { testTmpPemFiles = make(map[string]*os.File) } if names, err = testPems.ReadDir("_testdata"); err != nil { return } // only ".keep" is present. if len(names) == 1 { t.Fatalf( "There aren't any test PEMs."+ "You must `go run *.go` in _extras/gen_test_pki and copy the %s PEMs into _testdata.", testKt, ) } // populate tmpFiles from the embed.FS `pems` and write out to temp files. for _, p := range []string{ "ca", "inter", "leaf_server", "leaf_user", } { for _, pt := range []string{ "cert", "csr", "key", } { n = fmt.Sprintf("%s_%s", p, pt) nkt = fmt.Sprintf("%s_%s_%s", p, testKt, pt) if _, ok = testTmpPemFiles[n]; !ok { if b, err = testPems.ReadFile(fmt.Sprintf("_testdata/%s.pem", nkt)); err != nil { t.Fatalf("Read '%s' failed: %v", nkt, err) } if testTmpPemFiles[n], err = os.CreateTemp("", fmt.Sprintf(".*.%s.pem", n)); err != nil { t.Fatalf("Create temp file for %s failed: %v", n, err) } if _, err = testTmpPemFiles[n].Write(b); err != nil { t.Fatalf("Write to %s failed: %v", n, err) } if err = testTmpPemFiles[n].Close(); err != nil { t.Fatalf("Closing %s failed: %v", n, err) } } } if strings.HasPrefix(p, "leaf_") { n = fmt.Sprintf("%s_chained", p) nkt = fmt.Sprintf("%s_%s_cert_chained.pem", p, testKt) if _, ok = testTmpPemFiles[n]; !ok { if b, err = testPems.ReadFile(fmt.Sprintf("_testdata/%s.pem", nkt)); err != nil { t.Fatalf("Read '%s' failed: %v", nkt, err) } if testTmpPemFiles[n], err = os.CreateTemp("", fmt.Sprintf(".*.%s.pem", n)); err != nil { t.Fatalf("Create temp file for %s failed: %v", n, err) } if _, err = testTmpPemFiles[n].Write(b); err != nil { t.Fatalf("Write to %s failed: %v", n, err) } if err = testTmpPemFiles[n].Close(); err != nil { t.Fatalf("Closing %s failed: %v", n, err) } } } } t.Cleanup(func() { var cErr error for k, f := range testTmpPemFiles { if cErr = f.Close(); cErr != nil && !errors.Is(cErr, os.ErrClosed) { t.Logf("Error when closing %s '%s': %v", k, f.Name(), cErr) cErr = nil } else if cErr != nil { cErr = nil } if cErr = os.Remove(f.Name()); cErr != nil { t.Logf("Error when removing %s '%s': %v", k, f.Name(), cErr) cErr = nil } } }) return } func TestCiphers(t *testing.T) { var err error var cs *tls.CipherSuite // Good ciphers for _, cn := range []string{ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "tls ecdhe ecdsa with chacha20 poly1305 sha256", } { if cs, err = ParseTlsCipherSuiteStrict(cn); err != nil { t.Fatalf("ERROR parsing good cipher '%s': %v", cn, err) } if cs.Name != cn { t.Logf("Cipher name change: '%s' => '%s'", cn, cs.Name) } t.Logf("Cipher for '%s':\n%#v", cn, cs) } // Bad ciphers for _, cn := range []string{ "TLS_BAD_CIPHER", } { if cs, err = ParseTlsCipherSuiteStrict(cn); err == nil { t.Fatalf("ERROR parsing bad cipher '%s'; err is nil", cn) } } _ = cs } func TestTlsUri(t *testing.T) { var err error var uStr string var u *url.URL var tlsU *TlsUri if err = testInit(t); err != nil { t.Fatal(err) } uStr = fmt.Sprintf( "https://:9091/?"+ "pki_ca=%s&"+ // testTmpFiles["ca_cert"] "pki_cert=%s&"+ // testTmpFiles["leaf_server_chained"] "pki_key=%s&"+ // testTmpFiles["leaf_server_key"] "min_tls=1.2&max_tls=1.2&"+ "sni=server.example.com", testTmpPemFiles["ca_cert"], testTmpPemFiles["leaf_server_chained"], testTmpPemFiles["leaf_server_key"], ) if u, err = url.Parse(uStr); err != nil { t.Fatalf("Failed to parse URL string '%s': %v", uStr, err) } tlsU = &TlsUri{ URL: u, } }