2019-01-02 10:23:25 +00:00
|
|
|
// Copyright (C) 2018 Storj Labs, Inc.
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package server_test
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io/ioutil"
|
|
|
|
"reflect"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
|
|
|
"storj.io/storj/internal/testcontext"
|
|
|
|
"storj.io/storj/pkg/identity"
|
|
|
|
"storj.io/storj/pkg/peertls"
|
|
|
|
"storj.io/storj/pkg/server"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestNewOptions(t *testing.T) {
|
|
|
|
ctx := testcontext.New(t)
|
|
|
|
defer ctx.Cleanup()
|
|
|
|
|
|
|
|
fi := pregeneratedIdentity(t)
|
|
|
|
|
|
|
|
whitelistPath := ctx.File("whitelist.pem")
|
|
|
|
|
|
|
|
chainData, err := peertls.ChainBytes(fi.CA)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
err = ioutil.WriteFile(whitelistPath, chainData, 0644)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
testID string
|
|
|
|
config server.Config
|
|
|
|
pcvFuncsLen int
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
"default",
|
|
|
|
server.Config{},
|
|
|
|
0,
|
|
|
|
}, {
|
|
|
|
"revocation processing",
|
|
|
|
server.Config{
|
|
|
|
RevocationDBURL: "bolt://" + ctx.File("revocation1.db"),
|
|
|
|
Extensions: peertls.TLSExtConfig{
|
|
|
|
Revocation: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
2,
|
|
|
|
}, {
|
|
|
|
"ca whitelist verification",
|
|
|
|
server.Config{
|
|
|
|
PeerCAWhitelistPath: whitelistPath,
|
2019-01-17 17:36:45 +00:00
|
|
|
UsePeerCAWhitelist: true,
|
2019-01-02 10:23:25 +00:00
|
|
|
},
|
|
|
|
1,
|
|
|
|
}, {
|
|
|
|
"ca whitelist verification and whitelist signed leaf verification",
|
|
|
|
server.Config{
|
|
|
|
// NB: file doesn't actually exist
|
|
|
|
PeerCAWhitelistPath: whitelistPath,
|
2019-01-17 17:36:45 +00:00
|
|
|
UsePeerCAWhitelist: true,
|
2019-01-02 10:23:25 +00:00
|
|
|
Extensions: peertls.TLSExtConfig{
|
|
|
|
WhitelistSignedLeaf: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
2,
|
|
|
|
}, {
|
|
|
|
"revocation processing and whitelist verification",
|
|
|
|
server.Config{
|
|
|
|
// NB: file doesn't actually exist
|
|
|
|
PeerCAWhitelistPath: whitelistPath,
|
2019-01-17 17:36:45 +00:00
|
|
|
UsePeerCAWhitelist: true,
|
2019-01-02 10:23:25 +00:00
|
|
|
RevocationDBURL: "bolt://" + ctx.File("revocation2.db"),
|
|
|
|
Extensions: peertls.TLSExtConfig{
|
|
|
|
Revocation: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
3,
|
|
|
|
}, {
|
|
|
|
"revocation processing, whitelist, and signed leaf verification",
|
|
|
|
server.Config{
|
|
|
|
// NB: file doesn't actually exist
|
|
|
|
PeerCAWhitelistPath: whitelistPath,
|
2019-01-17 17:36:45 +00:00
|
|
|
UsePeerCAWhitelist: true,
|
2019-01-02 10:23:25 +00:00
|
|
|
RevocationDBURL: "bolt://" + ctx.File("revocation3.db"),
|
|
|
|
Extensions: peertls.TLSExtConfig{
|
|
|
|
Revocation: true,
|
|
|
|
WhitelistSignedLeaf: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
3,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, c := range cases {
|
|
|
|
t.Log(c.testID)
|
|
|
|
opts, err := server.NewOptions(fi, c.config)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.True(t, reflect.DeepEqual(fi, opts.Ident))
|
|
|
|
assert.Equal(t, c.config, opts.Config)
|
|
|
|
assert.Len(t, opts.PCVFuncs, c.pcvFuncsLen)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func pregeneratedIdentity(t *testing.T) *identity.FullIdentity {
|
|
|
|
const chain = `-----BEGIN CERTIFICATE-----
|
|
|
|
MIIBQDCB56ADAgECAhB+u3d03qyW/ROgwy/ZsPccMAoGCCqGSM49BAMCMAAwIhgP
|
|
|
|
MDAwMTAxMDEwMDAwMDBaGA8wMDAxMDEwMTAwMDAwMFowADBZMBMGByqGSM49AgEG
|
|
|
|
CCqGSM49AwEHA0IABIZrEPV/ExEkF0qUF0fJ3qSeGt5oFUX231v02NSUywcQ/Ve0
|
|
|
|
v3nHbmcJdjWBis2AkfL25mYDVC25jLl4tylMKumjPzA9MA4GA1UdDwEB/wQEAwIF
|
|
|
|
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAK
|
|
|
|
BggqhkjOPQQDAgNIADBFAiEA2ZvsR0ncw4mHRIg2Isavd+XVEoMo/etXQRAkDy9n
|
|
|
|
wyoCIDykUsqjshc9kCrXOvPSN8GuO2bNoLu5C7K1GlE/HI2X
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
MIIBODCB4KADAgECAhAOcvhKe5TWT44LqFfgA1f8MAoGCCqGSM49BAMCMAAwIhgP
|
|
|
|
MDAwMTAxMDEwMDAwMDBaGA8wMDAxMDEwMTAwMDAwMFowADBZMBMGByqGSM49AgEG
|
|
|
|
CCqGSM49AwEHA0IABIZrEPV/ExEkF0qUF0fJ3qSeGt5oFUX231v02NSUywcQ/Ve0
|
|
|
|
v3nHbmcJdjWBis2AkfL25mYDVC25jLl4tylMKumjODA2MA4GA1UdDwEB/wQEAwIC
|
|
|
|
BDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49
|
|
|
|
BAMCA0cAMEQCIGAZfPT1qvlnkTacojTtP20ZWf6XbnSztJHIKlUw6AE+AiB5Vcjj
|
|
|
|
awRaC5l1KBPGqiKB0coVXDwhW+K70l326MPUcg==
|
|
|
|
-----END CERTIFICATE-----`
|
|
|
|
|
|
|
|
const key = `-----BEGIN EC PRIVATE KEY-----
|
|
|
|
MHcCAQEEIKGjEetrxKrzl+AL1E5LXke+1ElyAdjAmr88/1Kx09+doAoGCCqGSM49
|
|
|
|
AwEHoUQDQgAEoLy/0hs5deTXZunRumsMkiHpF0g8wAc58aXANmr7Mxx9tzoIYFnx
|
|
|
|
0YN4VDKdCtUJa29yA6TIz1MiIDUAcB5YCA==
|
|
|
|
-----END EC PRIVATE KEY-----`
|
|
|
|
|
|
|
|
fi, err := identity.FullIdentityFromPEM([]byte(chain), []byte(key))
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
return fi
|
|
|
|
}
|