(t *testing.T)
| 175 | } |
| 176 | |
| 177 | func TestOptionsTLSConfig(t *testing.T) { |
| 178 | cr := certregistry.NewCertRegistry() |
| 179 | proxyTLS := &tls.Config{} |
| 180 | |
| 181 | cert, err := tls.LoadX509KeyPair("fixtures/test.crt", "fixtures/test.key") |
| 182 | require.NoError(t, err) |
| 183 | |
| 184 | cert2, err := tls.LoadX509KeyPair("fixtures/test2.crt", "fixtures/test2.key") |
| 185 | require.NoError(t, err) |
| 186 | |
| 187 | // empty without registry |
| 188 | o := &Options{} |
| 189 | c, err := o.TlsConfig(nil) |
| 190 | require.NoError(t, err) |
| 191 | require.Nil(t, c) |
| 192 | |
| 193 | // empty with registry |
| 194 | o = &Options{} |
| 195 | c, err = o.TlsConfig(cr) |
| 196 | require.NoError(t, err) |
| 197 | require.NotNil(t, c.GetCertificate) |
| 198 | |
| 199 | // proxy tls config |
| 200 | o = &Options{ProxyTLS: proxyTLS} |
| 201 | c, err = o.TlsConfig(cr) |
| 202 | require.NoError(t, err) |
| 203 | require.Same(t, proxyTLS, c) |
| 204 | |
| 205 | // proxy tls config priority |
| 206 | o = &Options{ProxyTLS: proxyTLS, CertPathTLS: "fixtures/test.crt", KeyPathTLS: "fixtures/test.key"} |
| 207 | c, err = o.TlsConfig(cr) |
| 208 | require.NoError(t, err) |
| 209 | require.Same(t, proxyTLS, c) |
| 210 | |
| 211 | // cert key path |
| 212 | o = &Options{TLSMinVersion: tls.VersionTLS12, CertPathTLS: "fixtures/test.crt", KeyPathTLS: "fixtures/test.key"} |
| 213 | c, err = o.TlsConfig(cr) |
| 214 | require.NoError(t, err) |
| 215 | require.Equal(t, uint16(tls.VersionTLS12), c.MinVersion) |
| 216 | require.Equal(t, []tls.Certificate{cert}, c.Certificates) |
| 217 | |
| 218 | // multiple cert key paths |
| 219 | o = &Options{TLSMinVersion: tls.VersionTLS13, CertPathTLS: "fixtures/test.crt,fixtures/test2.crt", KeyPathTLS: "fixtures/test.key,fixtures/test2.key"} |
| 220 | c, err = o.TlsConfig(cr) |
| 221 | require.NoError(t, err) |
| 222 | require.Equal(t, uint16(tls.VersionTLS13), c.MinVersion) |
| 223 | require.Equal(t, []tls.Certificate{cert, cert2}, c.Certificates) |
| 224 | |
| 225 | // TLS Cipher Suites |
| 226 | o = &Options{CipherSuites: []uint16{1}} |
| 227 | c, err = o.TlsConfig(cr) |
| 228 | require.NoError(t, err) |
| 229 | assert.Equal(t, len(c.CipherSuites), 1) |
| 230 | |
| 231 | } |
| 232 | |
| 233 | func TestOptionsTLSConfigInvalidPaths(t *testing.T) { |
| 234 | cr := certregistry.NewCertRegistry() |
nothing calls this directly
no test coverage detected
searching dependent graphs…