Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-23 14:34:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

Move aTLS fakes into atls package

Browse source
This commit is contained in:
katexochen 2022-06-15 15:58:23 +02:00 committed by Paul Meyer
parent 85ba2657e1
commit b926cf9006
16 changed files with 161 additions and 177 deletions
Download patch file Download diff file Expand all files Collapse all files

148
internal/atls/atls_test.go
View file

@ -1,16 +1,15 @@
package atls
import (
"bytes"
"context"
"encoding/asn1"
"encoding/json"
"errors"
"io"
"net/http"
"net/http/httptest"
"testing"
"github.com/edgelesssys/constellation/internal/oid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/goleak"
@ -21,8 +20,8 @@ func TestMain(m *testing.M) {
}
func TestTLSConfig(t *testing.T) {
oid1 := fakeOID{1, 3, 9900, 1}
oid2 := fakeOID{1, 3, 9900, 2}
oid1 := fakeOID{asn1.ObjectIdentifier{1, 3, 9900, 1}}
oid2 := fakeOID{asn1.ObjectIdentifier{1, 3, 9900, 2}}
testCases := map[string]struct {
clientIssuer Issuer
@ -32,95 +31,95 @@ func TestTLSConfig(t *testing.T) {
wantErr bool
}{
"client->server basic": {
serverIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{NewFakeValidator(oid1)},
},
"client->server multiple validators": {
serverIssuer: fakeIssuer{fakeOID: oid2},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}, fakeValidator{fakeOID: oid2}},
serverIssuer: NewFakeIssuer(oid2),
clientValidators: []Validator{NewFakeValidator(oid1), NewFakeValidator(oid2)},
},
"client->server validate error": {
serverIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1, err: errors.New("failed")}},
serverIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{FakeValidator{oid1, errors.New("failed")}},
wantErr: true,
},
"client->server unknown oid": {
serverIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid2}},
serverIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{NewFakeValidator(oid2)},
wantErr: true,
},
"client->server client cert is not verified": {
serverIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{NewFakeValidator(oid1)},
},
"server->client basic": {
serverValidators: []Validator{fakeValidator{fakeOID: oid1}},
clientIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{NewFakeValidator(oid1)},
clientIssuer: NewFakeIssuer(oid1),
},
"server->client multiple validators": {
serverValidators: []Validator{fakeValidator{fakeOID: oid1}, fakeValidator{fakeOID: oid2}},
clientIssuer: fakeIssuer{fakeOID: oid2},
serverValidators: []Validator{NewFakeValidator(oid1), NewFakeValidator(oid2)},
clientIssuer: NewFakeIssuer(oid2),
},
"server->client validate error": {
serverValidators: []Validator{fakeValidator{fakeOID: oid1, err: errors.New("failed")}},
clientIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{FakeValidator{oid1, errors.New("failed")}},
clientIssuer: NewFakeIssuer(oid1),
wantErr: true,
},
"server->client unknown oid": {
serverValidators: []Validator{fakeValidator{fakeOID: oid2}},
clientIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{NewFakeValidator(oid2)},
clientIssuer: NewFakeIssuer(oid1),
wantErr: true,
},
"mutual basic": {
serverIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{fakeValidator{fakeOID: oid1}},
clientIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverIssuer: NewFakeIssuer(oid1),
serverValidators: []Validator{NewFakeValidator(oid1)},
clientIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{NewFakeValidator(oid1)},
},
"mutual multiple validators": {
serverIssuer: fakeIssuer{fakeOID: oid2},
serverValidators: []Validator{fakeValidator{fakeOID: oid1}, fakeValidator{fakeOID: oid2}},
clientIssuer: fakeIssuer{fakeOID: oid2},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}, fakeValidator{fakeOID: oid2}},
serverIssuer: NewFakeIssuer(oid2),
serverValidators: []Validator{NewFakeValidator(oid1), NewFakeValidator(oid2)},
clientIssuer: NewFakeIssuer(oid2),
clientValidators: []Validator{NewFakeValidator(oid1), NewFakeValidator(oid2)},
},
"mutual fails if client sends no attestation": {
serverIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{fakeValidator{fakeOID: oid1}},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverIssuer: NewFakeIssuer(oid1),
serverValidators: []Validator{NewFakeValidator(oid1)},
clientValidators: []Validator{NewFakeValidator(oid1)},
wantErr: true,
},
"mutual fails if server sends no attestation": {
serverValidators: []Validator{fakeValidator{fakeOID: oid1}},
clientIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverValidators: []Validator{NewFakeValidator(oid1)},
clientIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{NewFakeValidator(oid1)},
wantErr: true,
},
"mutual validate error client side": {
serverIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{fakeValidator{fakeOID: oid1}},
clientIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1, err: errors.New("failed")}},
serverIssuer: NewFakeIssuer(oid1),
serverValidators: []Validator{NewFakeValidator(oid1)},
clientIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{FakeValidator{oid1, errors.New("failed")}},
wantErr: true,
},
"mutual validate error server side": {
serverIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{fakeValidator{fakeOID: oid1, err: errors.New("failed")}},
clientIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverIssuer: NewFakeIssuer(oid1),
serverValidators: []Validator{FakeValidator{oid1, errors.New("failed")}},
clientIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{NewFakeValidator(oid1)},
wantErr: true,
},
"mutual unknown oid from client": {
serverIssuer: fakeIssuer{fakeOID: oid1},
serverValidators: []Validator{fakeValidator{fakeOID: oid1}},
clientIssuer: fakeIssuer{fakeOID: oid2},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverIssuer: NewFakeIssuer(oid1),
serverValidators: []Validator{NewFakeValidator(oid1)},
clientIssuer: NewFakeIssuer(oid2),
clientValidators: []Validator{NewFakeValidator(oid1)},
wantErr: true,
},
"mutual unknown oid from server": {
serverIssuer: fakeIssuer{fakeOID: oid2},
serverValidators: []Validator{fakeValidator{fakeOID: oid1}},
clientIssuer: fakeIssuer{fakeOID: oid1},
clientValidators: []Validator{fakeValidator{fakeOID: oid1}},
serverIssuer: NewFakeIssuer(oid2),
serverValidators: []Validator{NewFakeValidator(oid1)},
clientIssuer: NewFakeIssuer(oid1),
clientValidators: []Validator{NewFakeValidator(oid1)},
wantErr: true,
},
}
@ -186,10 +185,9 @@ func TestClientConnectionConcurrency(t *testing.T) {
const serverCount = 15
var urls []string
oid1 := fakeOID{1, 3, 9900, 1}
for i := 0; i < serverCount; i++ {
serverCfg, err := CreateAttestationServerTLSConfig(fakeIssuer{fakeOID: oid1}, []Validator{fakeValidator{fakeOID: oid1}})
serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
require.NoError(err)
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -207,7 +205,7 @@ func TestClientConnectionConcurrency(t *testing.T) {
// Create client.
//
clientConfig, err := CreateAttestationClientTLSConfig(fakeIssuer{fakeOID: oid1}, []Validator{fakeValidator{fakeOID: oid1}})
clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
require.NoError(err)
client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}
@ -261,9 +259,8 @@ func TestServerConnectionConcurrency(t *testing.T) {
const serverCount = 10
var urls []string
oid1 := fakeOID{1, 3, 9900, 1}
serverCfg, err := CreateAttestationServerTLSConfig(fakeIssuer{fakeOID: oid1}, []Validator{fakeValidator{fakeOID: oid1}})
serverCfg, err := CreateAttestationServerTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
require.NoError(err)
for i := 0; i < serverCount; i++ {
@ -282,7 +279,7 @@ func TestServerConnectionConcurrency(t *testing.T) {
// Create client.
//
clientConfig, err := CreateAttestationClientTLSConfig(fakeIssuer{fakeOID: oid1}, []Validator{fakeValidator{fakeOID: oid1}})
clientConfig, err := CreateAttestationClientTLSConfig(NewFakeIssuer(oid.Dummy{}), NewFakeValidators(oid.Dummy{}))
require.NoError(err)
client := http.Client{Transport: &http.Transport{TLSClientConfig: clientConfig}}
@ -321,38 +318,3 @@ func TestServerConnectionConcurrency(t *testing.T) {
assert.NoError(<-errChan)
}
}
type fakeIssuer struct {
fakeOID
}
func (fakeIssuer) Issue(userData []byte, nonce []byte) ([]byte, error) {
return json.Marshal(fakeDoc{UserData: userData, Nonce: nonce})
}
type fakeValidator struct {
fakeOID
err error
}
func (v fakeValidator) Validate(attDoc []byte, nonce []byte) ([]byte, error) {
var doc fakeDoc
if err := json.Unmarshal(attDoc, &doc); err != nil {
return nil, err
}
if !bytes.Equal(doc.Nonce, nonce) {
return nil, errors.New("invalid nonce")
}
return doc.UserData, v.err
}
type fakeOID asn1.ObjectIdentifier
func (o fakeOID) OID() asn1.ObjectIdentifier {
return asn1.ObjectIdentifier(o)
}
type fakeDoc struct {
UserData []byte
Nonce []byte
}