TestServerCredsHandshakeTimeout verifies the case where the client does not send required handshake data before the deadline set on the net.Conn passed to ServerHandshake().
(t *testing.T)
| 224 | // send required handshake data before the deadline set on the net.Conn passed |
| 225 | // to ServerHandshake(). |
| 226 | func (s) TestServerCredsHandshakeTimeout(t *testing.T) { |
| 227 | opts := ServerOptions{FallbackCreds: &errorCreds{}} |
| 228 | creds, err := NewServerCredentials(opts) |
| 229 | if err != nil { |
| 230 | t.Fatalf("NewServerCredentials(%v) failed: %v", opts, err) |
| 231 | } |
| 232 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 233 | defer cancel() |
| 234 | |
| 235 | // Create a test server which uses the xDS server credentials created above |
| 236 | // to perform TLS handshake on incoming connections. |
| 237 | ts := newTestServerWithHandshakeFunc(ctx, func(rawConn net.Conn) handshakeResult { |
| 238 | hi := xdsinternal.NewHandshakeInfo(makeRootProvider(t, "x509/client_ca_cert.pem"), makeIdentityProvider(t, "x509/server2_cert.pem", "x509/server2_key.pem"), nil, true, "", false, false) |
| 239 | |
| 240 | // Create a wrapped conn which can return the HandshakeInfo created |
| 241 | // above with a very small deadline. |
| 242 | d := time.Now().Add(defaultTestShortTimeout) |
| 243 | rawConn.SetDeadline(d) |
| 244 | conn := newWrappedConn(rawConn, hi, d) |
| 245 | |
| 246 | // ServerHandshake() on the xDS credentials is expected to fail. |
| 247 | if _, _, err := creds.ServerHandshake(conn); err == nil { |
| 248 | return handshakeResult{err: errors.New("ServerHandshake() succeeded when expected to timeout")} |
| 249 | } |
| 250 | return handshakeResult{} |
| 251 | }) |
| 252 | defer ts.stop() |
| 253 | |
| 254 | // Dial the test server, but don't trigger the TLS handshake. This will |
| 255 | // cause ServerHandshake() to fail. |
| 256 | rawConn, err := net.Dial("tcp", ts.address) |
| 257 | if err != nil { |
| 258 | t.Fatalf("net.Dial(%s) failed: %v", ts.address, err) |
| 259 | } |
| 260 | defer rawConn.Close() |
| 261 | |
| 262 | // Read handshake result from the testServer and expect a failure result. |
| 263 | val, err := ts.hsResult.Receive(ctx) |
| 264 | if err != nil { |
| 265 | t.Fatalf("testServer failed to return handshake result: %v", err) |
| 266 | } |
| 267 | hsr := val.(handshakeResult) |
| 268 | if hsr.err != nil { |
| 269 | t.Fatalf("testServer handshake failure: %v", hsr.err) |
| 270 | } |
| 271 | } |
| 272 | |
| 273 | // TestServerCredsHandshakeFailure verifies the case where the server-side |
| 274 | // credentials uses a root certificate which does not match the certificate |
nothing calls this directly
no test coverage detected