mirror of
https://github.com/yusing/godoxy.git
synced 2026-03-25 19:02:22 +01:00
35a3e3fef6
- These changes makes the API incombatible with previous versions - Added new types for error handling, success responses, and health checks. - Updated health check logic to utilize the new types for better clarity and structure. - Refactored existing handlers to improve response consistency and error handling. - Updated Makefile to include a new target for generating API types from Swagger. - Updated "new agent" API to respond an encrypted cert pair
113 lines
2.5 KiB
Go
113 lines
2.5 KiB
Go
package agent
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestNewAgent(t *testing.T) {
|
|
ca, srv, client, err := NewAgent()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, ca)
|
|
require.NotNil(t, srv)
|
|
require.NotNil(t, client)
|
|
}
|
|
|
|
func TestPEMPair(t *testing.T) {
|
|
ca, srv, client, err := NewAgent()
|
|
require.NoError(t, err)
|
|
|
|
for i, p := range []*PEMPair{ca, srv, client} {
|
|
t.Run(fmt.Sprintf("load-%d", i), func(t *testing.T) {
|
|
var pp PEMPair
|
|
err := pp.Load(p.String())
|
|
require.NoError(t, err)
|
|
require.Equal(t, p.Cert, pp.Cert)
|
|
require.Equal(t, p.Key, pp.Key)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestPEMPairToTLSCert(t *testing.T) {
|
|
ca, srv, client, err := NewAgent()
|
|
require.NoError(t, err)
|
|
|
|
for i, p := range []*PEMPair{ca, srv, client} {
|
|
t.Run(fmt.Sprintf("toTLSCert-%d", i), func(t *testing.T) {
|
|
cert, err := p.ToTLSCert()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cert)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestServerClient(t *testing.T) {
|
|
ca, srv, client, err := NewAgent()
|
|
require.NoError(t, err)
|
|
|
|
srvTLS, err := srv.ToTLSCert()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, srvTLS)
|
|
|
|
clientTLS, err := client.ToTLSCert()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, clientTLS)
|
|
|
|
caPool := x509.NewCertPool()
|
|
require.True(t, caPool.AppendCertsFromPEM(ca.Cert))
|
|
|
|
srvTLSConfig := &tls.Config{
|
|
Certificates: []tls.Certificate{*srvTLS},
|
|
ClientCAs: caPool,
|
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
|
}
|
|
|
|
clientTLSConfig := &tls.Config{
|
|
Certificates: []tls.Certificate{*clientTLS},
|
|
RootCAs: caPool,
|
|
ServerName: CertsDNSName,
|
|
}
|
|
|
|
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
server.TLS = srvTLSConfig
|
|
server.StartTLS()
|
|
defer server.Close()
|
|
|
|
httpClient := &http.Client{
|
|
Transport: &http.Transport{TLSClientConfig: clientTLSConfig},
|
|
}
|
|
|
|
resp, err := httpClient.Get(server.URL)
|
|
require.NoError(t, err)
|
|
require.Equal(t, resp.StatusCode, http.StatusOK)
|
|
}
|
|
|
|
func TestPEMPairEncryptDecrypt(t *testing.T) {
|
|
encKey := make([]byte, 32)
|
|
_, err := rand.Read(encKey)
|
|
require.NoError(t, err)
|
|
|
|
ca, _, _, err := NewAgent()
|
|
require.NoError(t, err)
|
|
|
|
encCA, err := ca.Encrypt(encKey)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, encCA)
|
|
|
|
decCA, err := encCA.Decrypt(encKey)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, decCA)
|
|
|
|
require.Equal(t, string(ca.Cert), string(decCA.Cert))
|
|
require.Equal(t, string(ca.Key), string(decCA.Key))
|
|
}
|