(t *testing.T)
| 185 | } |
| 186 | |
| 187 | func (s) TestSPIFFEIDFromCert(t *testing.T) { |
| 188 | tests := []struct { |
| 189 | name string |
| 190 | dataPath string |
| 191 | // If we expect a SPIFFE ID to be returned. |
| 192 | wantID bool |
| 193 | }{ |
| 194 | { |
| 195 | name: "good certificate with SPIFFE ID", |
| 196 | dataPath: "x509/spiffe_cert.pem", |
| 197 | wantID: true, |
| 198 | }, |
| 199 | { |
| 200 | name: "bad certificate with SPIFFE ID and another URI", |
| 201 | dataPath: "x509/multiple_uri_cert.pem", |
| 202 | wantID: false, |
| 203 | }, |
| 204 | { |
| 205 | name: "certificate without SPIFFE ID", |
| 206 | dataPath: "x509/client1_cert.pem", |
| 207 | wantID: false, |
| 208 | }, |
| 209 | } |
| 210 | for _, tt := range tests { |
| 211 | t.Run(tt.name, func(t *testing.T) { |
| 212 | data, err := os.ReadFile(testdata.Path(tt.dataPath)) |
| 213 | if err != nil { |
| 214 | t.Fatalf("os.ReadFile(%s) failed: %v", testdata.Path(tt.dataPath), err) |
| 215 | } |
| 216 | block, _ := pem.Decode(data) |
| 217 | if block == nil { |
| 218 | t.Fatalf("Failed to parse the certificate: byte block is nil") |
| 219 | } |
| 220 | cert, err := x509.ParseCertificate(block.Bytes) |
| 221 | if err != nil { |
| 222 | t.Fatalf("x509.ParseCertificate(%b) failed: %v", block.Bytes, err) |
| 223 | } |
| 224 | uri := SPIFFEIDFromCert(cert) |
| 225 | if (uri != nil) != tt.wantID { |
| 226 | t.Fatalf("wantID got and want mismatch, got %t, want %t", uri != nil, tt.wantID) |
| 227 | } |
| 228 | if uri != nil && uri.String() != wantURI { |
| 229 | t.Fatalf("SPIFFE ID not expected, got %s, want %s", uri.String(), wantURI) |
| 230 | } |
| 231 | }) |
| 232 | } |
| 233 | } |
nothing calls this directly
no test coverage detected