...

Source file src/github.com/google/s2a-go/internal/authinfo/authinfo_test.go

Documentation: github.com/google/s2a-go/internal/authinfo

     1  /*
     2   *
     3   * Copyright 2021 Google LLC
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     https://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  package authinfo
    20  
    21  import (
    22  	"bytes"
    23  	"testing"
    24  
    25  	"google.golang.org/grpc/credentials"
    26  
    27  	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
    28  	grpcpb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
    29  )
    30  
    31  func TestS2AAuthInfo(t *testing.T) {
    32  	for _, tc := range []struct {
    33  		desc                    string
    34  		sessionResult           *grpcpb.SessionResult
    35  		outAppProtocol          string
    36  		outTLSVersion           commonpb.TLSVersion
    37  		outCiphersuite          commonpb.Ciphersuite
    38  		outPeerIdentity         *commonpb.Identity
    39  		outLocalIdentity        *commonpb.Identity
    40  		outPeerCertFingerprint  []byte
    41  		outLocalCertFingerprint []byte
    42  		outIsHandshakeResumed   bool
    43  		outErr                  bool
    44  	}{
    45  		{
    46  			desc: "basic 1",
    47  			sessionResult: &grpcpb.SessionResult{
    48  				ApplicationProtocol: "app protocol",
    49  				State: &grpcpb.SessionState{
    50  					TlsVersion:         commonpb.TLSVersion_TLS1_3,
    51  					TlsCiphersuite:     commonpb.Ciphersuite_AES_128_GCM_SHA256,
    52  					IsHandshakeResumed: true,
    53  				},
    54  				PeerIdentity: &commonpb.Identity{
    55  					IdentityOneof: &commonpb.Identity_SpiffeId{
    56  						SpiffeId: "peer spiffe identity",
    57  					},
    58  				},
    59  				LocalIdentity: &commonpb.Identity{
    60  					IdentityOneof: &commonpb.Identity_Hostname{
    61  						Hostname: "local hostname",
    62  					},
    63  				},
    64  				PeerCertFingerprint:  []byte("peer cert fingerprint"),
    65  				LocalCertFingerprint: []byte("local cert fingerprint"),
    66  			},
    67  			outAppProtocol: "app protocol",
    68  			outTLSVersion:  commonpb.TLSVersion_TLS1_3,
    69  			outCiphersuite: commonpb.Ciphersuite_AES_128_GCM_SHA256,
    70  			outPeerIdentity: &commonpb.Identity{
    71  				IdentityOneof: &commonpb.Identity_SpiffeId{
    72  					SpiffeId: "peer spiffe identity",
    73  				},
    74  			},
    75  			outLocalIdentity: &commonpb.Identity{
    76  				IdentityOneof: &commonpb.Identity_Hostname{
    77  					Hostname: "local hostname",
    78  				},
    79  			},
    80  			outPeerCertFingerprint:  []byte("peer cert fingerprint"),
    81  			outLocalCertFingerprint: []byte("local cert fingerprint"),
    82  			outIsHandshakeResumed:   true,
    83  		},
    84  		{
    85  			desc: "basic 2",
    86  			sessionResult: &grpcpb.SessionResult{
    87  				ApplicationProtocol: "app protocol",
    88  				State: &grpcpb.SessionState{
    89  					TlsVersion:     commonpb.TLSVersion_TLS1_2,
    90  					TlsCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
    91  				},
    92  				PeerIdentity: &commonpb.Identity{
    93  					IdentityOneof: &commonpb.Identity_Hostname{
    94  						Hostname: "local hostname",
    95  					},
    96  				},
    97  				LocalIdentity: &commonpb.Identity{
    98  					IdentityOneof: &commonpb.Identity_SpiffeId{
    99  						SpiffeId: "peer spiffe identity",
   100  					},
   101  				},
   102  				PeerCertFingerprint:  []byte("peer cert fingerprint"),
   103  				LocalCertFingerprint: []byte("local cert fingerprint"),
   104  			},
   105  			outAppProtocol: "app protocol",
   106  			outTLSVersion:  commonpb.TLSVersion_TLS1_2,
   107  			outCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
   108  			outPeerIdentity: &commonpb.Identity{
   109  				IdentityOneof: &commonpb.Identity_Hostname{
   110  					Hostname: "local hostname",
   111  				},
   112  			},
   113  			outLocalIdentity: &commonpb.Identity{
   114  				IdentityOneof: &commonpb.Identity_SpiffeId{
   115  					SpiffeId: "peer spiffe identity",
   116  				},
   117  			},
   118  			outPeerCertFingerprint:  []byte("peer cert fingerprint"),
   119  			outLocalCertFingerprint: []byte("local cert fingerprint"),
   120  		},
   121  		{
   122  			desc: "nil identities and fingerprints",
   123  			sessionResult: &grpcpb.SessionResult{
   124  				ApplicationProtocol: "app protocol",
   125  				State: &grpcpb.SessionState{
   126  					TlsVersion:     commonpb.TLSVersion_TLS1_3,
   127  					TlsCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
   128  				},
   129  			},
   130  			outAppProtocol: "app protocol",
   131  			outTLSVersion:  commonpb.TLSVersion_TLS1_3,
   132  			outCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
   133  		},
   134  		{
   135  			desc:   "nil session result",
   136  			outErr: true,
   137  		},
   138  	} {
   139  		t.Run(tc.desc, func(t *testing.T) {
   140  			authInfo, err := newS2AAuthInfo(tc.sessionResult)
   141  			if got, want := err == nil, !tc.outErr; got != want {
   142  				t.Errorf("NewS2AAuthInfo(%v) = (err=nil) = %v, want %v", tc.sessionResult, got, want)
   143  			}
   144  			if err == nil {
   145  				if got, want := authInfo.AuthType(), s2aAuthType; got != want {
   146  					t.Errorf("authInfo.AuthType() = %v, want %v", got, want)
   147  				}
   148  				if got, want := authInfo.ApplicationProtocol(), tc.outAppProtocol; got != want {
   149  					t.Errorf("authInfo.ApplicationProtocol() = %v, want %v", got, want)
   150  				}
   151  				if got, want := authInfo.TLSVersion(), tc.outTLSVersion; got != want {
   152  					t.Errorf("authInfo.TLSVersion() = %v, want %v", got, want)
   153  				}
   154  				if got, want := authInfo.Ciphersuite(), tc.outCiphersuite; got != want {
   155  					t.Errorf("authInfo.Ciphersuite() = %v, want %v", got, want)
   156  				}
   157  				if got, want := authInfo.PeerIdentity().String(), tc.outPeerIdentity.String(); got != want {
   158  					t.Errorf("authInfo.PeerIdentity() = %v, want %v", got, want)
   159  				}
   160  				if got, want := authInfo.LocalIdentity().String(), tc.outLocalIdentity.String(); got != want {
   161  					t.Errorf("authInfo.LocalIdentity() = %v, want %v", got, want)
   162  				}
   163  				if got, want := authInfo.PeerCertFingerprint(), tc.outPeerCertFingerprint; !bytes.Equal(got, want) {
   164  					t.Errorf("authinfo.PeerCertFingerprint() = %v, want %v", got, want)
   165  				}
   166  				if got, want := authInfo.LocalCertFingerprint(), tc.outLocalCertFingerprint; !bytes.Equal(got, want) {
   167  					t.Errorf("authinfo.LocalCertFingerprint() = %v, want %v", got, want)
   168  				}
   169  				if got, want := authInfo.IsHandshakeResumed(), tc.outIsHandshakeResumed; got != want {
   170  					t.Errorf("authinfo.IsHandshakeResumed() = %v, want %v", got, want)
   171  				}
   172  				if got, want := authInfo.SecurityLevel(), credentials.PrivacyAndIntegrity; got != want {
   173  					t.Errorf("authInfo.SecurityLevel() = %v, want %v", got, want)
   174  				}
   175  			}
   176  		})
   177  	}
   178  }
   179  

View as plain text