forked from TrueCloudLab/certificates
Add test case for failed came-tls/1 protocol negotiation.
This commit is contained in:
Ivan Bertona
parent
9052da66a3
commit
b8208ec401
1 changed files with 40 additions and 3 deletions
|
|
@ -23,8 +23,6 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/acme"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/smallstep/assert"
|
||||
"github.com/smallstep/certificates/db"
|
||||
|
|
@ -1352,6 +1350,45 @@ func TestTLSALPN01Validate(t *testing.T) {
|
|||
res: ch,
|
||||
}
|
||||
},
|
||||
"ok/no-protocol": func(t *testing.T) test {
|
||||
ch, err := newTLSALPNCh()
|
||||
assert.FatalError(t, err)
|
||||
oldb, err := json.Marshal(ch)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
expErr := RejectedIdentifierErr(errors.New("cannot negotiate ALPN acme-tls/1 protocol for tls-alpn-01 challenge"))
|
||||
baseClone := ch.clone()
|
||||
baseClone.Error = expErr.ToACME()
|
||||
newCh := &tlsALPN01Challenge{baseClone}
|
||||
newb, err := json.Marshal(newCh)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
srv := httptest.NewTLSServer(nil)
|
||||
|
||||
return test{
|
||||
srv: srv,
|
||||
ch: ch,
|
||||
vo: validateOptions{
|
||||
tlsDial: func(network, addr string, config *tls.Config) (*tls.Conn, error) {
|
||||
return tls.DialWithDialer(&net.Dialer{Timeout: time.Second}, "tcp", srv.Listener.Addr().String(), config)
|
||||
},
|
||||
},
|
||||
jwk: jwk,
|
||||
db: &db.MockNoSQLDB{
|
||||
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
||||
assert.Equals(t, bucket, challengeTable)
|
||||
assert.Equals(t, key, []byte(ch.getID()))
|
||||
assert.Equals(t, old, oldb)
|
||||
assert.Equals(t, string(newval), string(newb))
|
||||
return nil, true, nil
|
||||
},
|
||||
},
|
||||
res: ch,
|
||||
}
|
||||
},
|
||||
"ok/mismatched-token": func(t *testing.T) test {
|
||||
ch, err := newTLSALPNCh()
|
||||
assert.FatalError(t, err)
|
||||
|
|
@ -1563,7 +1600,7 @@ func newTestTLSALPNServer(validationCert *tls.Certificate) (*httptest.Server, tl
|
|||
|
||||
srv.TLS = &tls.Config{
|
||||
GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
if len(hello.SupportedProtos) == 1 && hello.SupportedProtos[0] == acme.ALPNProto {
|
||||
if len(hello.SupportedProtos) == 1 && hello.SupportedProtos[0] == "acme-tls/1" {
|
||||
return validationCert, nil
|
||||
}
|
||||
return nil, nil
|
||||
|
|
|
|||
Loading…
Reference in a new issue