(t *testing.T)
| 398 | } |
| 399 | |
| 400 | func (s) TestClientServerHandshake(t *testing.T) { |
| 401 | cs := &testutils.CertStore{} |
| 402 | if err := cs.LoadCerts(); err != nil { |
| 403 | t.Fatalf("cs.LoadCerts() failed, err: %v", err) |
| 404 | } |
| 405 | getRootCertificatesForClient := func(*ConnectionInfo) (*RootCertificates, error) { |
| 406 | return &RootCertificates{TrustCerts: cs.ClientTrust1}, nil |
| 407 | } |
| 408 | |
| 409 | clientVerifyFuncGood := func(params *HandshakeVerificationInfo) (*PostHandshakeVerificationResults, error) { |
| 410 | if params.ServerName == "" { |
| 411 | return nil, errors.New("client side server name should have a value") |
| 412 | } |
| 413 | // "foo.bar.com" is the common name on server certificate server_cert_1.pem. |
| 414 | if len(params.VerifiedChains) > 0 && (params.Leaf == nil || params.Leaf.Subject.CommonName != "foo.bar.com") { |
| 415 | return nil, errors.New("client side params parsing error") |
| 416 | } |
| 417 | |
| 418 | return &PostHandshakeVerificationResults{}, nil |
| 419 | } |
| 420 | verifyFuncBad := func(*HandshakeVerificationInfo) (*PostHandshakeVerificationResults, error) { |
| 421 | return nil, fmt.Errorf("custom verification function failed") |
| 422 | } |
| 423 | getRootCertificatesForServer := func(*ConnectionInfo) (*RootCertificates, error) { |
| 424 | return &RootCertificates{TrustCerts: cs.ServerTrust1}, nil |
| 425 | } |
| 426 | serverVerifyFunc := func(params *HandshakeVerificationInfo) (*PostHandshakeVerificationResults, error) { |
| 427 | if params.ServerName != "" { |
| 428 | return nil, errors.New("server side server name should not have a value") |
| 429 | } |
| 430 | // "foo.bar.hoo.com" is the common name on client certificate client_cert_1.pem. |
| 431 | if len(params.VerifiedChains) > 0 && (params.Leaf == nil || params.Leaf.Subject.CommonName != "foo.bar.hoo.com") { |
| 432 | return nil, errors.New("server side params parsing error") |
| 433 | } |
| 434 | |
| 435 | return &PostHandshakeVerificationResults{}, nil |
| 436 | } |
| 437 | getRootCertificatesForServerBad := func(*ConnectionInfo) (*RootCertificates, error) { |
| 438 | return nil, fmt.Errorf("bad root certificate reloading") |
| 439 | } |
| 440 | |
| 441 | getRootCertificatesForClientCRL := func(*ConnectionInfo) (*RootCertificates, error) { |
| 442 | return &RootCertificates{TrustCerts: cs.ClientTrust3}, nil |
| 443 | } |
| 444 | |
| 445 | getRootCertificatesForServerCRL := func(*ConnectionInfo) (*RootCertificates, error) { |
| 446 | return &RootCertificates{TrustCerts: cs.ServerTrust3}, nil |
| 447 | } |
| 448 | |
| 449 | makeStaticCRLRevocationOptions := func(crlPath string, denyUndetermined bool) *RevocationOptions { |
| 450 | rawCRL, err := os.ReadFile(crlPath) |
| 451 | if err != nil { |
| 452 | t.Fatalf("readFile(%v) failed err = %v", crlPath, err) |
| 453 | } |
| 454 | cRLProvider := NewStaticCRLProvider([][]byte{rawCRL}) |
| 455 | return &RevocationOptions{ |
| 456 | DenyUndetermined: denyUndetermined, |
| 457 | CRLProvider: cRLProvider, |
nothing calls this directly
no test coverage detected