TestServerCredsHandshakeSuccess verifies success handshake cases.
(t *testing.T)
| 328 | |
| 329 | // TestServerCredsHandshakeSuccess verifies success handshake cases. |
| 330 | func (s) TestServerCredsHandshakeSuccess(t *testing.T) { |
| 331 | tests := []struct { |
| 332 | desc string |
| 333 | fallbackCreds credentials.TransportCredentials |
| 334 | rootProvider certprovider.Provider |
| 335 | identityProvider certprovider.Provider |
| 336 | requireClientCert bool |
| 337 | }{ |
| 338 | { |
| 339 | desc: "fallback", |
| 340 | fallbackCreds: makeFallbackServerCreds(t), |
| 341 | }, |
| 342 | { |
| 343 | desc: "TLS", |
| 344 | fallbackCreds: &errorCreds{}, |
| 345 | identityProvider: makeIdentityProvider(t, "x509/server2_cert.pem", "x509/server2_key.pem"), |
| 346 | }, |
| 347 | { |
| 348 | desc: "mTLS", |
| 349 | fallbackCreds: &errorCreds{}, |
| 350 | identityProvider: makeIdentityProvider(t, "x509/server2_cert.pem", "x509/server2_key.pem"), |
| 351 | rootProvider: makeRootProvider(t, "x509/client_ca_cert.pem"), |
| 352 | requireClientCert: true, |
| 353 | }, |
| 354 | } |
| 355 | |
| 356 | for _, test := range tests { |
| 357 | t.Run(test.desc, func(t *testing.T) { |
| 358 | // Create an xDS server credentials. |
| 359 | opts := ServerOptions{FallbackCreds: test.fallbackCreds} |
| 360 | creds, err := NewServerCredentials(opts) |
| 361 | if err != nil { |
| 362 | t.Fatalf("NewServerCredentials(%v) failed: %v", opts, err) |
| 363 | } |
| 364 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 365 | defer cancel() |
| 366 | |
| 367 | // Create a test server which uses the xDS server credentials |
| 368 | // created above to perform TLS handshake on incoming connections. |
| 369 | ts := newTestServerWithHandshakeFunc(ctx, func(rawConn net.Conn) handshakeResult { |
| 370 | // Create a HandshakeInfo with information from the test table. |
| 371 | hi := xdsinternal.NewHandshakeInfo(test.rootProvider, test.identityProvider, nil, test.requireClientCert, "", false, false) |
| 372 | |
| 373 | // Create a wrapped conn which can return the HandshakeInfo and |
| 374 | // configured deadline to the xDS credentials' ServerHandshake() |
| 375 | // method. |
| 376 | conn := newWrappedConn(rawConn, hi, time.Now().Add(defaultTestTimeout)) |
| 377 | |
| 378 | // Invoke the ServerHandshake() method on the xDS credentials |
| 379 | // and make some sanity checks before pushing the result for |
| 380 | // inspection by the main test body. |
| 381 | _, ai, err := creds.ServerHandshake(conn) |
| 382 | if err != nil { |
| 383 | return handshakeResult{err: fmt.Errorf("ServerHandshake() failed: %v", err)} |
| 384 | } |
| 385 | if ai.AuthType() != "tls" { |
| 386 | return handshakeResult{err: fmt.Errorf("ServerHandshake returned authType %q, want %q", ai.AuthType(), "tls")} |
| 387 | } |
nothing calls this directly
no test coverage detected