MCPcopy
hub / github.com/grpc/grpc-go / TestBuildVerifyFuncFailures

Method TestBuildVerifyFuncFailures

internal/credentials/xds/handshake_info_test.go:484–519  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

482}
483
484func (s) TestBuildVerifyFuncFailures(t *testing.T) {
485 tests := []struct {
486 desc string
487 peerCertChain [][]byte
488 wantErr string
489 }{
490 {
491 desc: "invalid x509",
492 peerCertChain: [][]byte{[]byte("NOT_A_CERT")},
493 wantErr: "x509: malformed certificate",
494 },
495 {
496 desc: "invalid SPIFFE ID in peer cert",
497 // server1.pem doesn't have a valid SPIFFE ID, so attempted to get a
498 // root from the SPIFFE Bundle Map will fail
499 peerCertChain: loadCert(t, testdata.Path("server1.pem"), testdata.Path("server1.key")),
500 wantErr: "spiffe: could not get spiffe ID from peer leaf cert but verification with spiffe trust map was configure",
501 },
502 }
503 testProvider := testCertProviderWithKeyMaterial{}
504 hi := NewHandshakeInfo(&testProvider, &testProvider, nil, true, "", false, false)
505 ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
506 defer cancel()
507 cfg, err := hi.ClientSideTLSConfig(ctx, "")
508 if err != nil {
509 t.Fatalf("hi.ClientSideTLSConfig() failed with err %v", err)
510 }
511 for _, tc := range tests {
512 t.Run(tc.desc, func(t *testing.T) {
513 err = cfg.VerifyPeerCertificate(tc.peerCertChain, nil)
514 if !strings.Contains(err.Error(), tc.wantErr) {
515 t.Errorf("VerifyPeerCertificate got err %v, want: %v", err, tc.wantErr)
516 }
517 })
518 }
519}
520
521func loadCert(t *testing.T, certPath, keyPath string) [][]byte {
522 cert, err := tls.LoadX509KeyPair(certPath, keyPath)

Callers

nothing calls this directly

Calls 7

ClientSideTLSConfigMethod · 0.95
PathFunction · 0.92
loadCertFunction · 0.85
NewHandshakeInfoFunction · 0.85
FatalfMethod · 0.65
ErrorMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected