// Copyright (C) 2018 Storj Labs, Inc. // See LICENSE for copying information. package server_test import ( "io/ioutil" "reflect" "testing" "github.com/stretchr/testify/assert" "storj.io/storj/internal/testcontext" "storj.io/storj/pkg/identity" "storj.io/storj/pkg/peertls" "storj.io/storj/pkg/server" ) func TestNewOptions(t *testing.T) { ctx := testcontext.New(t) defer ctx.Cleanup() fi := pregeneratedIdentity(t) whitelistPath := ctx.File("whitelist.pem") chainData, err := peertls.ChainBytes(fi.CA) assert.NoError(t, err) err = ioutil.WriteFile(whitelistPath, chainData, 0644) assert.NoError(t, err) cases := []struct { testID string config server.Config pcvFuncsLen int }{ { "default", server.Config{}, 0, }, { "revocation processing", server.Config{ RevocationDBURL: "bolt://" + ctx.File("revocation1.db"), Extensions: peertls.TLSExtConfig{ Revocation: true, }, }, 2, }, { "ca whitelist verification", server.Config{ PeerCAWhitelistPath: whitelistPath, }, 1, }, { "ca whitelist verification and whitelist signed leaf verification", server.Config{ // NB: file doesn't actually exist PeerCAWhitelistPath: whitelistPath, Extensions: peertls.TLSExtConfig{ WhitelistSignedLeaf: true, }, }, 2, }, { "revocation processing and whitelist verification", server.Config{ // NB: file doesn't actually exist PeerCAWhitelistPath: whitelistPath, RevocationDBURL: "bolt://" + ctx.File("revocation2.db"), Extensions: peertls.TLSExtConfig{ Revocation: true, }, }, 3, }, { "revocation processing, whitelist, and signed leaf verification", server.Config{ // NB: file doesn't actually exist PeerCAWhitelistPath: whitelistPath, RevocationDBURL: "bolt://" + ctx.File("revocation3.db"), Extensions: peertls.TLSExtConfig{ Revocation: true, WhitelistSignedLeaf: true, }, }, 3, }, } for _, c := range cases { t.Log(c.testID) opts, err := server.NewOptions(fi, c.config) assert.NoError(t, err) assert.True(t, reflect.DeepEqual(fi, opts.Ident)) assert.Equal(t, c.config, opts.Config) assert.Len(t, opts.PCVFuncs, c.pcvFuncsLen) } } func pregeneratedIdentity(t *testing.T) *identity.FullIdentity { const chain = `-----BEGIN CERTIFICATE----- MIIBQDCB56ADAgECAhB+u3d03qyW/ROgwy/ZsPccMAoGCCqGSM49BAMCMAAwIhgP MDAwMTAxMDEwMDAwMDBaGA8wMDAxMDEwMTAwMDAwMFowADBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIZrEPV/ExEkF0qUF0fJ3qSeGt5oFUX231v02NSUywcQ/Ve0 v3nHbmcJdjWBis2AkfL25mYDVC25jLl4tylMKumjPzA9MA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAK BggqhkjOPQQDAgNIADBFAiEA2ZvsR0ncw4mHRIg2Isavd+XVEoMo/etXQRAkDy9n wyoCIDykUsqjshc9kCrXOvPSN8GuO2bNoLu5C7K1GlE/HI2X -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBODCB4KADAgECAhAOcvhKe5TWT44LqFfgA1f8MAoGCCqGSM49BAMCMAAwIhgP MDAwMTAxMDEwMDAwMDBaGA8wMDAxMDEwMTAwMDAwMFowADBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIZrEPV/ExEkF0qUF0fJ3qSeGt5oFUX231v02NSUywcQ/Ve0 v3nHbmcJdjWBis2AkfL25mYDVC25jLl4tylMKumjODA2MA4GA1UdDwEB/wQEAwIC BDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 BAMCA0cAMEQCIGAZfPT1qvlnkTacojTtP20ZWf6XbnSztJHIKlUw6AE+AiB5Vcjj awRaC5l1KBPGqiKB0coVXDwhW+K70l326MPUcg== -----END CERTIFICATE-----` const key = `-----BEGIN EC PRIVATE KEY----- MHcCAQEEIKGjEetrxKrzl+AL1E5LXke+1ElyAdjAmr88/1Kx09+doAoGCCqGSM49 AwEHoUQDQgAEoLy/0hs5deTXZunRumsMkiHpF0g8wAc58aXANmr7Mxx9tzoIYFnx 0YN4VDKdCtUJa29yA6TIz1MiIDUAcB5YCA== -----END EC PRIVATE KEY-----` fi, err := identity.FullIdentityFromPEM([]byte(chain), []byte(key)) assert.NoError(t, err) return fi }