-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathrootcerts_test.go
93 lines (82 loc) · 2.61 KB
/
rootcerts_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package rootcerts
import (
"crypto/tls"
"net/http"
"testing"
)
// Some tests to make sure the generated .go code is sane.
func TestCertsByTrust(t *testing.T) {
certs := CertsByTrust(EmailTrustedDelegator | ServerTrustedDelegator)
if len(certs) < 5 {
t.Fatal("Unexpectedly few matching certificates")
}
for _, c := range certs {
if c.Trust&EmailTrustedDelegator == 0 {
t.Errorf("Cert %q had incorrect trust level %#v", c.Label, c.Trust)
}
if c.Trust&ServerTrustedDelegator == 0 {
t.Errorf("Cert %q had incorrect trust level %#v", c.Label, c.Trust)
}
}
}
func TestServerCertPoolOK(t *testing.T) {
cp := ServerCertPool()
sslCerts := CertsByTrust(ServerTrustedDelegator)
if len(sslCerts) < 100 {
t.Fatal("Unexpected few server certificates", len(sslCerts))
}
if len(sslCerts) != len(cp.Subjects()) {
t.Fatalf("Incorrect cert count. expected=%d actual=%d", len(sslCerts), len(cp.Subjects()))
}
}
func testTransport(t *testing.T, testName string) {
dt := http.DefaultTransport.(*http.Transport)
if dt.TLSClientConfig == nil {
t.Fatal("TLS client config not created")
}
if dt.TLSClientConfig.RootCAs == nil {
t.Fatal("Root CAs not set")
}
if len(dt.TLSClientConfig.RootCAs.Subjects()) != len(ServerCertPool().Subjects()) {
t.Error("Incorrect cert count in ca pool")
}
}
func TestUpdateDefaultTransportNilConfig(t *testing.T) {
dt := http.DefaultTransport.(*http.Transport)
dt.TLSClientConfig = nil
err := UpdateDefaultTransport()
if err != nil {
t.Fatal("Unexpected error", err)
}
testTransport(t, "nilconfig")
}
func TestUpdateDefaultTransportNewConfig(t *testing.T) {
dt := http.DefaultTransport.(*http.Transport)
dt.TLSClientConfig = &tls.Config{ServerName: "set-by-test"} // so we know it wasn't replaced
err := UpdateDefaultTransport()
if err != nil {
t.Fatal("Unexpected error", err)
}
testTransport(t, "newconfig")
if dt.TLSClientConfig.ServerName != "set-by-test" {
t.Fatal("tls config was replaced")
}
}
type fakeTransport struct{}
func (ft *fakeTransport) RoundTrip(r *http.Request) (*http.Response, error) { return nil, nil }
func TestUpdateDefaultTransportNotTransport(t *testing.T) {
dt := http.DefaultTransport.(*http.Transport)
defer func() { http.DefaultTransport = dt }()
http.DefaultTransport = &fakeTransport{}
if err := UpdateDefaultTransport(); err == nil {
t.Fatal("Didn't get expected error")
}
}
func TestUpdateDefaultTransportNilTransport(t *testing.T) {
dt := http.DefaultTransport.(*http.Transport)
defer func() { http.DefaultTransport = dt }()
http.DefaultTransport = nil
if err := UpdateDefaultTransport(); err == nil {
t.Fatal("Didn't get expected error")
}
}