storj/pkg/peertls/tlsopts/options_test.go
Cameron Ayer 6fae361c31 replace planet.Start in tests with planet.Run
planet.Start starts a testplanet system, whereas planet.Run starts a testplanet
and runs a test against it with each DB backend (cockroach compat).

Change-Id: I39c9da26d9619ee69a2b718d24ab00271f9e9bc2
2019-12-10 16:55:54 +00:00

170 lines
4.6 KiB
Go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package tlsopts_test
import (
"io/ioutil"
"reflect"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"storj.io/storj/pkg/identity"
"storj.io/storj/pkg/peertls"
"storj.io/storj/pkg/peertls/extensions"
"storj.io/storj/pkg/peertls/tlsopts"
"storj.io/storj/pkg/revocation"
"storj.io/storj/pkg/rpc"
"storj.io/storj/pkg/storj"
"storj.io/storj/private/testcontext"
"storj.io/storj/private/testidentity"
"storj.io/storj/private/testplanet"
)
func TestNewOptions(t *testing.T) {
// TODO: this is not a great test...
ctx := testcontext.New(t)
defer ctx.Cleanup()
fi, err := testidentity.PregeneratedIdentity(0, storj.LatestIDVersion())
require.NoError(t, err)
whitelistPath := ctx.File("whitelist.pem")
chainData, err := peertls.ChainBytes(fi.CA)
assert.NoError(t, err)
err = ioutil.WriteFile(whitelistPath, chainData, 0644)
assert.NoError(t, err)
cases := []struct {
testID string
config tlsopts.Config
clientVerificationFuncsLen int
serverVerificationFuncsLen int
}{
{
"default",
tlsopts.Config{},
1, 1,
}, {
"revocation processing",
tlsopts.Config{
RevocationDBURL: "bolt://" + ctx.File("revocation1.db"),
Extensions: extensions.Config{
Revocation: true,
},
},
1, 1,
}, {
"ca whitelist verification",
tlsopts.Config{
PeerCAWhitelistPath: whitelistPath,
UsePeerCAWhitelist: true,
},
2, 1,
}, {
"ca whitelist verification and whitelist signed leaf verification",
tlsopts.Config{
// NB: file doesn't actually exist
PeerCAWhitelistPath: whitelistPath,
UsePeerCAWhitelist: true,
Extensions: extensions.Config{
WhitelistSignedLeaf: true,
},
},
2, 1,
}, {
"revocation processing and whitelist verification",
tlsopts.Config{
// NB: file doesn't actually exist
PeerCAWhitelistPath: whitelistPath,
UsePeerCAWhitelist: true,
RevocationDBURL: "bolt://" + ctx.File("revocation2.db"),
Extensions: extensions.Config{
Revocation: true,
},
},
2, 1,
}, {
"revocation processing, whitelist, and signed leaf verification",
tlsopts.Config{
// NB: file doesn't actually exist
PeerCAWhitelistPath: whitelistPath,
UsePeerCAWhitelist: true,
RevocationDBURL: "bolt://" + ctx.File("revocation3.db"),
Extensions: extensions.Config{
Revocation: true,
WhitelistSignedLeaf: true,
},
},
2, 1,
},
}
for _, c := range cases {
t.Log(c.testID)
revocationDB, err := revocation.NewDBFromCfg(c.config)
require.NoError(t, err)
tlsOptions, err := tlsopts.NewOptions(fi, c.config, revocationDB)
assert.NoError(t, err)
assert.True(t, reflect.DeepEqual(fi, tlsOptions.Ident))
assert.Equal(t, c.config, tlsOptions.Config)
assert.Len(t, tlsOptions.VerificationFuncs.Client(), c.clientVerificationFuncsLen)
assert.Len(t, tlsOptions.VerificationFuncs.Server(), c.serverVerificationFuncsLen)
require.NoError(t, revocationDB.Close())
}
}
func TestOptions_ServerOption_Peer_CA_Whitelist(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 0, StorageNodeCount: 2, UplinkCount: 0,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
target := planet.StorageNodes[1].Local()
testidentity.CompleteIdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, ident *identity.FullIdentity) {
tlsOptions, err := tlsopts.NewOptions(ident, tlsopts.Config{
PeerIDVersions: "*",
}, nil)
require.NoError(t, err)
dialer := rpc.NewDefaultDialer(tlsOptions)
conn, err := dialer.DialNode(ctx, &target.Node)
assert.NotNil(t, conn)
assert.NoError(t, err)
assert.NoError(t, conn.Close())
})
})
}
func TestOptions_DialOption_error_on_empty_ID(t *testing.T) {
testidentity.CompleteIdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, ident *identity.FullIdentity) {
tlsOptions, err := tlsopts.NewOptions(ident, tlsopts.Config{
PeerIDVersions: "*",
}, nil)
require.NoError(t, err)
dialOption, err := tlsOptions.DialOption(storj.NodeID{})
assert.Nil(t, dialOption)
assert.Error(t, err)
})
}
func TestOptions_DialUnverifiedIDOption(t *testing.T) {
testidentity.CompleteIdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, ident *identity.FullIdentity) {
tlsOptions, err := tlsopts.NewOptions(ident, tlsopts.Config{
PeerIDVersions: "*",
}, nil)
require.NoError(t, err)
dialOption := tlsOptions.DialUnverifiedIDOption()
assert.NotNil(t, dialOption)
})
}