package ca import ( "crypto/tls" "crypto/x509" "fmt" "reflect" "testing" ) func Test_setTLSOptions(t *testing.T) { fail := func() TLSOption { return func(c *Client, config *tls.Config) error { return fmt.Errorf("an error") } } type args struct { c *tls.Config options []TLSOption } tests := []struct { name string args args wantErr bool }{ {"ok", args{&tls.Config{}, []TLSOption{RequireAndVerifyClientCert()}}, false}, {"ok", args{&tls.Config{}, []TLSOption{VerifyClientCertIfGiven()}}, false}, {"fail", args{&tls.Config{}, []TLSOption{VerifyClientCertIfGiven(), fail()}}, true}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { if err := setTLSOptions(nil, tt.args.c, tt.args.options); (err != nil) != tt.wantErr { t.Errorf("setTLSOptions() error = %v, wantErr %v", err, tt.wantErr) } }) } } func TestRequireAndVerifyClientCert(t *testing.T) { tests := []struct { name string want *tls.Config }{ {"ok", &tls.Config{ClientAuth: tls.RequireAndVerifyClientCert}}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got := &tls.Config{} if err := RequireAndVerifyClientCert()(nil, got); err != nil { t.Errorf("RequireAndVerifyClientCert() error = %v", err) return } if !reflect.DeepEqual(got, tt.want) { t.Errorf("RequireAndVerifyClientCert() = %v, want %v", got, tt.want) } }) } } func TestVerifyClientCertIfGiven(t *testing.T) { tests := []struct { name string want *tls.Config }{ {"ok", &tls.Config{ClientAuth: tls.VerifyClientCertIfGiven}}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got := &tls.Config{} if err := VerifyClientCertIfGiven()(nil, got); err != nil { t.Errorf("VerifyClientCertIfGiven() error = %v", err) return } if !reflect.DeepEqual(got, tt.want) { t.Errorf("VerifyClientCertIfGiven() = %v, want %v", got, tt.want) } }) } } func TestAddRootCA(t *testing.T) { cert := parseCertificate(rootPEM) pool := x509.NewCertPool() pool.AddCert(cert) type args struct { cert *x509.Certificate } tests := []struct { name string args args want *tls.Config }{ {"ok", args{cert}, &tls.Config{RootCAs: pool}}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got := &tls.Config{} if err := AddRootCA(tt.args.cert)(nil, got); err != nil { t.Errorf("AddRootCA() error = %v", err) return } if !reflect.DeepEqual(got, tt.want) { t.Errorf("AddRootCA() = %v, want %v", got, tt.want) } }) } } func TestAddClientCA(t *testing.T) { cert := parseCertificate(rootPEM) pool := x509.NewCertPool() pool.AddCert(cert) type args struct { cert *x509.Certificate } tests := []struct { name string args args want *tls.Config }{ {"ok", args{cert}, &tls.Config{ClientCAs: pool}}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got := &tls.Config{} if err := AddClientCA(tt.args.cert)(nil, got); err != nil { t.Errorf("AddClientCA() error = %v", err) return } if !reflect.DeepEqual(got, tt.want) { t.Errorf("AddClientCA() = %v, want %v", got, tt.want) } }) } }