mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2025-12-23 14:25:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
main
pinniped/internal/controller/tlsconfigutil/ca_bundle_test.go
Joshua Casey 0ee8ee80e1 Use sha256.Size
2024-08-27 13:26:39 -05:00

174 lines
5.6 KiB
Go
Raw Permalink Blame History

// Copyright 2024 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package tlsconfigutil
import (
"crypto/sha256"
"crypto/x509"
"testing"
"time"
"github.com/stretchr/testify/require"
"go.pinniped.dev/internal/certauthority"
)
func TestNewCABundleHash(t *testing.T) {
sha256OfNil := CABundleHash{hash: [sha256.Size]byte{0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}}
// On the command line, `echo "test" | shasum -a 256` yields "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
// which is 32 bytes of data encoded as 64 characters.
// https://stackoverflow.com/a/70565837
// This is the actual binary data:
sha256OfTest := CABundleHash{hash: [sha256.Size]byte{159, 134, 208, 129, 136, 76, 125, 101, 154, 47, 234, 160, 197, 90, 208, 21, 163, 191, 79, 27, 43, 11, 130, 44, 209, 93, 108, 21, 176, 240, 10, 8}}
t.Run("will hash the data given", func(t *testing.T) {
caBundleHash := NewCABundleHash([]byte("test"))
require.True(t, sha256OfTest.Equal(caBundleHash))
require.Equal(t, sha256OfTest, caBundleHash)
})
t.Run("will return the hash of nil input", func(t *testing.T) {
caBundleHash := NewCABundleHash(nil)
require.True(t, sha256OfNil.Equal(caBundleHash))
require.Equal(t, sha256OfNil, caBundleHash)
})
t.Run("will return the hash of empty input", func(t *testing.T) {
caBundleHash := NewCABundleHash([]byte{})
require.True(t, sha256OfNil.Equal(caBundleHash))
require.Equal(t, sha256OfNil, caBundleHash)
})
}
func TestNewCABundle(t *testing.T) {
testCA, err := certauthority.New("Test CA", 1*time.Hour)
require.NoError(t, err)
t.Run("generates the certPool and hash for certificate input", func(t *testing.T) {
caBundle, ok := NewCABundle(testCA.Bundle())
require.True(t, ok)
require.Equal(t, testCA.Bundle(), caBundle.PEMBytes())
require.Equal(t, NewCABundleHash(testCA.Bundle()), caBundle.Hash())
require.Equal(t, string(testCA.Bundle()), caBundle.PEMString())
require.True(t, testCA.Pool().Equal(caBundle.CertPool()), "should be the cert pool of the testCA")
})
t.Run("returns false for non-certificate input", func(t *testing.T) {
caBundle, ok := NewCABundle([]byte("here are some bytes"))
require.False(t, ok)
require.Equal(t, []byte("here are some bytes"), caBundle.PEMBytes())
require.Equal(t, NewCABundleHash([]byte("here are some bytes")), caBundle.Hash())
require.Equal(t, "here are some bytes", caBundle.PEMString())
require.True(t, x509.NewCertPool().Equal(caBundle.CertPool()), "should be an empty cert pool")
})
}
func TestPEMBytes(t *testing.T) {
t.Run("returns the CA bundle", func(t *testing.T) {
caBundle, _ := NewCABundle([]byte("here are some bytes"))
require.Equal(t, []byte("here are some bytes"), caBundle.PEMBytes())
})
t.Run("handles nil bundle by returning nil", func(t *testing.T) {
caBundle, _ := NewCABundle(nil)
require.Nil(t, caBundle.PEMBytes())
})
t.Run("handles empty bundle by returning empty byte array", func(t *testing.T) {
caBundle, _ := NewCABundle([]byte{})
require.Equal(t, []byte{}, caBundle.PEMBytes())
})
t.Run("handles nil receiver by returning nil", func(t *testing.T) {
var nilCABundle *CABundle
require.Nil(t, nilCABundle.PEMBytes())
})
}
func TestPEMString(t *testing.T) {
t.Run("returns the CA bundle PEM string", func(t *testing.T) {
caBundle, _ := NewCABundle([]byte("here is a string"))
require.Equal(t, "here is a string", caBundle.PEMString())
})
t.Run("handles nil bundle by returning empty string", func(t *testing.T) {
caBundle, _ := NewCABundle(nil)
require.Equal(t, "", caBundle.PEMString())
})
t.Run("handles empty bundle by returning empty string", func(t *testing.T) {
caBundle, _ := NewCABundle([]byte{})
require.Equal(t, "", caBundle.PEMString())
})
t.Run("handles nil receiver by returning empty string", func(t *testing.T) {
var nilCABundle *CABundle
require.Empty(t, nilCABundle.PEMString())
})
}
func TestCertPool(t *testing.T) {
t.Run("returns the certPool when the caBundle is valid", func(t *testing.T) {
testCA, err := certauthority.New("Test CA", 1*time.Hour)
require.NoError(t, err)
caBundle, _ := NewCABundle(testCA.Bundle())
require.True(t, testCA.Pool().Equal(caBundle.CertPool()))
})
t.Run("returns a nil certPool when the caBundle is nil", func(t *testing.T) {
caBundle, _ := NewCABundle(nil)
require.Nil(t, caBundle.CertPool())
})
t.Run("returns a nil certPool when the caBundle is empty", func(t *testing.T) {
caBundle, _ := NewCABundle([]byte{})
require.Nil(t, caBundle.CertPool())
})
t.Run("handles nil receiver by returning nil", func(t *testing.T) {
var nilCABundle *CABundle
require.Nil(t, nilCABundle.CertPool())
})
}
func TestHash(t *testing.T) {
t.Run("returns the Hash of the given CA bundle", func(t *testing.T) {
caBundle, _ := NewCABundle([]byte("this is a CA bundle"))
require.True(t, NewCABundleHash([]byte("this is a CA bundle")).Equal(caBundle.Hash()))
})
t.Run("returns the Hash of nil when the CA bundle is nil", func(t *testing.T) {
caBundle, _ := NewCABundle(nil)
require.True(t, NewCABundleHash(nil).Equal(caBundle.Hash()))
})
t.Run("returns the Hash of nil when the CA bundle is empty", func(t *testing.T) {
caBundle, _ := NewCABundle([]byte{})
require.True(t, NewCABundleHash(nil).Equal(caBundle.Hash()))
})
t.Run("returns the Hash of nil when the receiver is nil", func(t *testing.T) {
var nilCABundle *CABundle
require.True(t, NewCABundleHash(nil).Equal(nilCABundle.Hash()))
})
}
Reference in New Issue View Git Blame Copy Permalink