open-vault/sdk/helper/tlsutil/tlsutil_test.go

package tlsutil

import (
	"crypto/tls"
	"reflect"
	"testing"
)

func TestParseCiphers(t *testing.T) {
	testOk := "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
	v, err := ParseCiphers(testOk)
	if err != nil {
		t.Fatal(err)
	}
	if len(v) != 17 {
		t.Fatal("missed ciphers after parse")
	}

	testBad := "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,cipherX"
	if _, err := ParseCiphers(testBad); err == nil {
		t.Fatal("should fail on unsupported cipherX")
	}

	testOrder := "TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256"
	v, _ = ParseCiphers(testOrder)
	expected := []uint16{tls.TLS_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_128_GCM_SHA256}
	if !reflect.DeepEqual(expected, v) {
		t.Fatal("cipher order is not preserved")
	}
}

func TestGetCipherName(t *testing.T) {
	testOkCipherStr := "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
	testOkCipher := tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
	cipherStr, err := GetCipherName(testOkCipher)
	if err != nil {
		t.Fatal(err)
	}
	if cipherStr != testOkCipherStr {
		t.Fatalf("cipher string should be %s but is %s", testOkCipherStr, cipherStr)
	}

	var testBadCipher uint16 = 0xC022
	cipherStr, err = GetCipherName(testBadCipher)
	if err == nil {
		t.Fatal("should fail on unsupported cipher 0xC022")
	}
}
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 18:48:35 +00:00			`package tlsutil`

Fix cipher preferred order 2017-01-24 07:21:39 +00:00			`import (`
			`"crypto/tls"`
			`"reflect"`
			`"testing"`
			`)`
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 18:48:35 +00:00
			`func TestParseCiphers(t *testing.T) {`
Add option to set cluster TLS cipher suites. (#3228) * Add option to set cluster TLS cipher suites. Fixes #3227 2017-08-30 20:28:23 +00:00			testOk := "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
Fix cipher preferred order 2017-01-24 07:21:39 +00:00			`v, err := ParseCiphers(testOk)`
			`if err != nil {`
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 18:48:35 +00:00			`t.Fatal(err)`
			`}`
Add option to set cluster TLS cipher suites. (#3228) * Add option to set cluster TLS cipher suites. Fixes #3227 2017-08-30 20:28:23 +00:00			`if len(v) != 17 {`
Fix cipher preferred order 2017-01-24 07:21:39 +00:00			`t.Fatal("missed ciphers after parse")`
			`}`

Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 18:48:35 +00:00			`testBad := "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,cipherX"`
			`if _, err := ParseCiphers(testBad); err == nil {`
Fix cipher preferred order 2017-01-24 07:21:39 +00:00			`t.Fatal("should fail on unsupported cipherX")`
			`}`

			`testOrder := "TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256"`
			`v, _ = ParseCiphers(testOrder)`
			`expected := []uint16{tls.TLS_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_128_GCM_SHA256}`
			`if !reflect.DeepEqual(expected, v) {`
			`t.Fatal("cipher order is not preserved")`
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 18:48:35 +00:00			`}`
			`}`
Print warning when 'tls_cipher_suites' includes blacklisted cipher suites (#6300) * Implemented a warning when tls_cipher_suites includes only cipher suites which are not supprted by the HTTP/2 spec * Added test for cipher suites * Added hard fail on startup when all defined cipher suites are blacklisted. Added warning when some ciphers are blacklisted. * Replaced hard failure with warning. Removed bad cipher util function and replaced it by external library. * Added missing dependency. Fixed renaming of package name. 2019-03-01 15:48:06 +00:00
			`func TestGetCipherName(t *testing.T) {`
			`testOkCipherStr := "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"`
			`testOkCipher := tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`
			`cipherStr, err := GetCipherName(testOkCipher)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if cipherStr != testOkCipherStr {`
			`t.Fatalf("cipher string should be %s but is %s", testOkCipherStr, cipherStr)`
			`}`

			`var testBadCipher uint16 = 0xC022`
			`cipherStr, err = GetCipherName(testBadCipher)`
			`if err == nil {`
			`t.Fatal("should fail on unsupported cipher 0xC022")`
			`}`
			`}`