MCPcopy
hub / github.com/grpc/grpc-go / TestGetCertificatesSNI

Method TestGetCertificatesSNI

security/advancedtls/advancedtls_test.go:1025–1091  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

1023}
1024
1025func (s) TestGetCertificatesSNI(t *testing.T) {
1026 cs := &testutils.CertStore{}
1027 if err := cs.LoadCerts(); err != nil {
1028 t.Fatalf("cs.LoadCerts() failed, err: %v", err)
1029 }
1030 tests := []struct {
1031 desc string
1032 serverName string
1033 // Use Common Name on the certificate to differentiate if we choose the right cert. The common name on all of the three certs are different.
1034 wantCommonName string
1035 }{
1036 {
1037 desc: "Select ServerCert1",
1038 // "foo.bar.com" is the common name on server certificate server_cert_1.pem.
1039 serverName: "foo.bar.com",
1040 wantCommonName: "foo.bar.com",
1041 },
1042 {
1043 desc: "Select serverCert3",
1044 // "foo.bar.server3.com" is the common name on server certificate server_cert_3.pem.
1045 // "google.com" is one of the DNS names on server certificate server_cert_3.pem.
1046 serverName: "google.com",
1047 wantCommonName: "foo.bar.server3.com",
1048 },
1049 }
1050 for _, test := range tests {
1051 test := test
1052 t.Run(test.desc, func(t *testing.T) {
1053 serverOptions := &Options{
1054 IdentityOptions: IdentityCertificateOptions{
1055 GetIdentityCertificatesForServer: func(*tls.ClientHelloInfo) ([]*tls.Certificate, error) {
1056 return []*tls.Certificate{&cs.ServerCert1, &cs.ServerCert2, &cs.ServerPeer3}, nil
1057 },
1058 },
1059 }
1060 serverConfig, err := serverOptions.serverConfig()
1061 if err != nil {
1062 t.Fatalf("serverOptions.serverConfig() failed: %v", err)
1063 }
1064 pointFormatUncompressed := uint8(0)
1065 clientHello := &tls.ClientHelloInfo{
1066 CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
1067 ServerName: test.serverName,
1068 SupportedCurves: []tls.CurveID{tls.CurveP256},
1069 SupportedPoints: []uint8{pointFormatUncompressed},
1070 SupportedVersions: []uint16{tls.VersionTLS12},
1071 }
1072 gotCertificate, err := serverConfig.GetCertificate(clientHello)
1073 if err != nil {
1074 t.Fatalf("serverConfig.GetCertificate(clientHello) failed: %v", err)
1075 }
1076 if gotCertificate == nil || len(gotCertificate.Certificate) == 0 {
1077 t.Fatalf("Got nil or empty Certificate after calling serverConfig.GetCertificate.")
1078 }
1079 parsedCert, err := x509.ParseCertificate(gotCertificate.Certificate[0])
1080 if err != nil {
1081 t.Fatalf("x509.ParseCertificate(%v) failed: %v", gotCertificate.Certificate[0], err)
1082 }

Callers

nothing calls this directly

Calls 4

LoadCertsMethod · 0.95
serverConfigMethod · 0.95
FatalfMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected