78 lines
1.4 KiB
Go
78 lines
1.4 KiB
Go
|
package nebula
|
||
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"errors"
|
||
|
"net"
|
||
|
"testing"
|
||
|
)
|
||
|
|
||
|
var (
|
||
|
ip net.IP
|
||
|
ipNet *net.IPNet
|
||
|
caCredsA, caCredsB CACredentials
|
||
|
)
|
||
|
|
||
|
func init() {
|
||
|
var err error
|
||
|
|
||
|
ip, ipNet, err = net.ParseCIDR("192.168.0.1/24")
|
||
|
if err != nil {
|
||
|
panic(err)
|
||
|
}
|
||
|
|
||
|
caCredsA, err = NewCACredentials("a.example.com", ipNet)
|
||
|
if err != nil {
|
||
|
panic(err)
|
||
|
}
|
||
|
|
||
|
caCredsB, err = NewCACredentials("b.example.com", ipNet)
|
||
|
if err != nil {
|
||
|
panic(err)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestValidateHostCredentials(t *testing.T) {
|
||
|
|
||
|
hostCreds, err := NewHostCredentials(caCredsA, "foo", ip)
|
||
|
if err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
|
||
|
err = ValidateHostCertPEM(hostCreds.CACertPEM, hostCreds.HostCertPEM)
|
||
|
if err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
|
||
|
err = ValidateHostCertPEM(caCredsB.CACertPEM, hostCreds.HostCertPEM)
|
||
|
if !errors.Is(err, ErrInvalidSignature) {
|
||
|
t.Fatalf("expected ErrInvalidSignature, got %v", err)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestSignAndWrap(t *testing.T) {
|
||
|
|
||
|
b := []byte("foo bar baz")
|
||
|
buf := new(bytes.Buffer)
|
||
|
|
||
|
if err := SignAndWrap(buf, caCredsA.CAKeyPEM, b); err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
|
||
|
gotB, gotSig, err := Unwrap(buf)
|
||
|
if err != nil {
|
||
|
t.Fatal(err)
|
||
|
|
||
|
} else if !bytes.Equal(b, gotB) {
|
||
|
t.Fatalf("got %q but expected %q", gotB, b)
|
||
|
}
|
||
|
|
||
|
if err := ValidateSignature(caCredsA.CACertPEM, b, gotSig); err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
|
||
|
if err := ValidateSignature(caCredsB.CACertPEM, b, gotSig); !errors.Is(err, ErrInvalidSignature) {
|
||
|
t.Fatalf("expected ErrInvalidSignature but got %v", err)
|
||
|
}
|
||
|
}
|