77e69b9cf3
Signed-off-by: Olivier Gambier <olivier@docker.com>
81 lines
2.2 KiB
Go
81 lines
2.2 KiB
Go
package libtrust
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func compareKeySlices(t *testing.T, sliceA, sliceB []PublicKey) {
|
|
if len(sliceA) != len(sliceB) {
|
|
t.Fatalf("slice size %d, expected %d", len(sliceA), len(sliceB))
|
|
}
|
|
|
|
for i, itemA := range sliceA {
|
|
itemB := sliceB[i]
|
|
if itemA != itemB {
|
|
t.Fatalf("slice index %d not equal: %#v != %#v", i, itemA, itemB)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestFilter(t *testing.T) {
|
|
keys := make([]PublicKey, 0, 8)
|
|
|
|
// Create 8 keys and add host entries.
|
|
for i := 0; i < cap(keys); i++ {
|
|
key, err := GenerateECP256PrivateKey()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// we use both []interface{} and []string here because jwt uses
|
|
// []interface{} format, while PEM uses []string
|
|
switch {
|
|
case i == 0:
|
|
// Don't add entries for this key, key 0.
|
|
break
|
|
case i%2 == 0:
|
|
// Should catch keys 2, 4, and 6.
|
|
key.AddExtendedField("hosts", []interface{}{"*.even.example.com"})
|
|
case i == 7:
|
|
// Should catch only the last key, and make it match any hostname.
|
|
key.AddExtendedField("hosts", []string{"*"})
|
|
default:
|
|
// should catch keys 1, 3, 5.
|
|
key.AddExtendedField("hosts", []string{"*.example.com"})
|
|
}
|
|
|
|
keys = append(keys, key)
|
|
}
|
|
|
|
// Should match 2 keys, the empty one, and the one that matches all hosts.
|
|
matchedKeys, err := FilterByHosts(keys, "foo.bar.com", true)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
expectedMatch := []PublicKey{keys[0], keys[7]}
|
|
compareKeySlices(t, expectedMatch, matchedKeys)
|
|
|
|
// Should match 1 key, the one that matches any host.
|
|
matchedKeys, err = FilterByHosts(keys, "foo.bar.com", false)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
expectedMatch = []PublicKey{keys[7]}
|
|
compareKeySlices(t, expectedMatch, matchedKeys)
|
|
|
|
// Should match keys that end in "example.com", and the key that matches anything.
|
|
matchedKeys, err = FilterByHosts(keys, "foo.example.com", false)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
expectedMatch = []PublicKey{keys[1], keys[3], keys[5], keys[7]}
|
|
compareKeySlices(t, expectedMatch, matchedKeys)
|
|
|
|
// Should match all of the keys except the empty key.
|
|
matchedKeys, err = FilterByHosts(keys, "foo.even.example.com", false)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
expectedMatch = keys[1:]
|
|
compareKeySlices(t, expectedMatch, matchedKeys)
|
|
}
|