TestClientCredsSuccess verifies successful client handshake cases.
(t *testing.T)
| 350 | |
| 351 | // TestClientCredsSuccess verifies successful client handshake cases. |
| 352 | func (s) TestClientCredsSuccess(t *testing.T) { |
| 353 | tests := []struct { |
| 354 | desc string |
| 355 | handshakeFunc testHandshakeFunc |
| 356 | handshakeInfoCtx func(ctx context.Context) context.Context |
| 357 | enableSNIFlag bool |
| 358 | }{ |
| 359 | { |
| 360 | desc: "fallback", |
| 361 | handshakeFunc: testServerTLSHandshake, |
| 362 | handshakeInfoCtx: func(ctx context.Context) context.Context { |
| 363 | // Since we don't add a HandshakeInfo to the context, the |
| 364 | // ClientHandshake() method will delegate to the fallback. |
| 365 | return ctx |
| 366 | }, |
| 367 | }, |
| 368 | { |
| 369 | desc: "TLS", |
| 370 | handshakeFunc: testServerTLSHandshake, |
| 371 | handshakeInfoCtx: func(ctx context.Context) context.Context { |
| 372 | return newTestContextWithHandshakeInfo(ctx, makeRootProvider(t, "x509/server_ca_cert.pem"), nil, defaultTestCertSAN, "", false) |
| 373 | }, |
| 374 | }, |
| 375 | { |
| 376 | desc: "mTLS", |
| 377 | handshakeFunc: testServerMutualTLSHandshake, |
| 378 | handshakeInfoCtx: func(ctx context.Context) context.Context { |
| 379 | return newTestContextWithHandshakeInfo(ctx, makeRootProvider(t, "x509/server_ca_cert.pem"), makeIdentityProvider(t, "x509/server1_cert.pem", "x509/server1_key.pem"), defaultTestCertSAN, "", false) |
| 380 | }, |
| 381 | }, |
| 382 | { |
| 383 | desc: "mTLS with no acceptedSANs specified", |
| 384 | handshakeFunc: testServerMutualTLSHandshake, |
| 385 | handshakeInfoCtx: func(ctx context.Context) context.Context { |
| 386 | return newTestContextWithHandshakeInfo(ctx, makeRootProvider(t, "x509/server_ca_cert.pem"), makeIdentityProvider(t, "x509/server1_cert.pem", "x509/server1_key.pem"), "", "", false) |
| 387 | }, |
| 388 | }, |
| 389 | { |
| 390 | desc: "TLS with SNI", |
| 391 | handshakeFunc: testServerTLSHandshake, |
| 392 | handshakeInfoCtx: func(ctx context.Context) context.Context { |
| 393 | return newTestContextWithHandshakeInfo(ctx, makeRootProvider(t, "x509/server_ca_cert.pem"), nil, "bad-match", defaultTestCertSAN, true) |
| 394 | }, |
| 395 | enableSNIFlag: true, |
| 396 | }, |
| 397 | { |
| 398 | desc: "TLS with SNI, env variable disabled, AutoSniSanValidation enabled", |
| 399 | handshakeFunc: testServerTLSHandshake, |
| 400 | handshakeInfoCtx: func(ctx context.Context) context.Context { |
| 401 | return newTestContextWithHandshakeInfo(ctx, makeRootProvider(t, "x509/server_ca_cert.pem"), nil, defaultTestCertSAN, "bad-sni", true) |
| 402 | }, |
| 403 | }, |
| 404 | { |
| 405 | desc: "TLS with SNI, env variable enabled but AutoSniSanValidation disabled", |
| 406 | handshakeFunc: testServerTLSHandshake, |
| 407 | handshakeInfoCtx: func(ctx context.Context) context.Context { |
| 408 | return newTestContextWithHandshakeInfo(ctx, makeRootProvider(t, "x509/server_ca_cert.pem"), nil, defaultTestCertSAN, "bad-sni", false) |
| 409 | }, |
nothing calls this directly
no test coverage detected