(t *testing.T)
| 1023 | } |
| 1024 | |
| 1025 | func (s) TestGetCertificatesSNI(t *testing.T) { |
| 1026 | cs := &testutils.CertStore{} |
| 1027 | if err := cs.LoadCerts(); err != nil { |
| 1028 | t.Fatalf("cs.LoadCerts() failed, err: %v", err) |
| 1029 | } |
| 1030 | tests := []struct { |
| 1031 | desc string |
| 1032 | serverName string |
| 1033 | // Use Common Name on the certificate to differentiate if we choose the right cert. The common name on all of the three certs are different. |
| 1034 | wantCommonName string |
| 1035 | }{ |
| 1036 | { |
| 1037 | desc: "Select ServerCert1", |
| 1038 | // "foo.bar.com" is the common name on server certificate server_cert_1.pem. |
| 1039 | serverName: "foo.bar.com", |
| 1040 | wantCommonName: "foo.bar.com", |
| 1041 | }, |
| 1042 | { |
| 1043 | desc: "Select serverCert3", |
| 1044 | // "foo.bar.server3.com" is the common name on server certificate server_cert_3.pem. |
| 1045 | // "google.com" is one of the DNS names on server certificate server_cert_3.pem. |
| 1046 | serverName: "google.com", |
| 1047 | wantCommonName: "foo.bar.server3.com", |
| 1048 | }, |
| 1049 | } |
| 1050 | for _, test := range tests { |
| 1051 | test := test |
| 1052 | t.Run(test.desc, func(t *testing.T) { |
| 1053 | serverOptions := &Options{ |
| 1054 | IdentityOptions: IdentityCertificateOptions{ |
| 1055 | GetIdentityCertificatesForServer: func(*tls.ClientHelloInfo) ([]*tls.Certificate, error) { |
| 1056 | return []*tls.Certificate{&cs.ServerCert1, &cs.ServerCert2, &cs.ServerPeer3}, nil |
| 1057 | }, |
| 1058 | }, |
| 1059 | } |
| 1060 | serverConfig, err := serverOptions.serverConfig() |
| 1061 | if err != nil { |
| 1062 | t.Fatalf("serverOptions.serverConfig() failed: %v", err) |
| 1063 | } |
| 1064 | pointFormatUncompressed := uint8(0) |
| 1065 | clientHello := &tls.ClientHelloInfo{ |
| 1066 | CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, |
| 1067 | ServerName: test.serverName, |
| 1068 | SupportedCurves: []tls.CurveID{tls.CurveP256}, |
| 1069 | SupportedPoints: []uint8{pointFormatUncompressed}, |
| 1070 | SupportedVersions: []uint16{tls.VersionTLS12}, |
| 1071 | } |
| 1072 | gotCertificate, err := serverConfig.GetCertificate(clientHello) |
| 1073 | if err != nil { |
| 1074 | t.Fatalf("serverConfig.GetCertificate(clientHello) failed: %v", err) |
| 1075 | } |
| 1076 | if gotCertificate == nil || len(gotCertificate.Certificate) == 0 { |
| 1077 | t.Fatalf("Got nil or empty Certificate after calling serverConfig.GetCertificate.") |
| 1078 | } |
| 1079 | parsedCert, err := x509.ParseCertificate(gotCertificate.Certificate[0]) |
| 1080 | if err != nil { |
| 1081 | t.Fatalf("x509.ParseCertificate(%v) failed: %v", gotCertificate.Certificate[0], err) |
| 1082 | } |
nothing calls this directly
no test coverage detected