MCPcopy
hub / github.com/grpc/grpc-go / TestFileWatcherCRLProvider

Method TestFileWatcherCRLProvider

security/advancedtls/crl_provider_test.go:144–205  ·  view source on GitHub ↗

TestFileWatcherCRLProvider tests how FileWatcherCRLProvider handles the major four cases for CRL checks. It scans the CRLs under crl directory to populate the in-memory storage. Then we construct unrevoked, revoked leaf, and revoked intermediate chains, as well as a chain without CRL for issuer, and

(t *testing.T)

Source from the content-addressed store, hash-verified

142// that it’s correctly processed. Additionally, we also check if number of
143// invocations of custom callback is correct.
144func (s) TestFileWatcherCRLProvider(t *testing.T) {
145 const nonCRLFilesUnderCRLDirectory = 18
146 nonCRLFilesSet := make(map[string]struct{})
147 customCallback := func(err error) {
148 if strings.Contains(err.Error(), "BUILD") {
149 return
150 }
151 nonCRLFilesSet[err.Error()] = struct{}{}
152 }
153 p, err := NewFileWatcherCRLProvider(FileWatcherOptions{
154 CRLDirectory: testdata.Path("crl"),
155 RefreshDuration: 1 * time.Hour,
156 CRLReloadingFailedCallback: customCallback,
157 })
158 if err != nil {
159 t.Fatal("Unexpected error while creating FileWatcherCRLProvider:", err)
160 }
161
162 // Each test data entry contains a description of a certificate chain,
163 // certificate chain itself, and if CRL is not expected to be found.
164 tests := []struct {
165 desc string
166 certs []*x509.Certificate
167 expectNoCRL bool
168 }{
169 {
170 desc: "Unrevoked chain",
171 certs: makeChain(t, testdata.Path("crl/unrevoked.pem")),
172 },
173 {
174 desc: "Revoked Intermediate chain",
175 certs: makeChain(t, testdata.Path("crl/revokedInt.pem")),
176 },
177 {
178 desc: "Revoked leaf chain",
179 certs: makeChain(t, testdata.Path("crl/revokedLeaf.pem")),
180 },
181 {
182 desc: "Chain with no CRL for issuer",
183 certs: makeChain(t, testdata.Path("client_cert_1.pem")),
184 expectNoCRL: true,
185 },
186 }
187
188 for _, tt := range tests {
189 t.Run(tt.desc, func(t *testing.T) {
190 for _, c := range tt.certs {
191 crl, err := p.CRL(c)
192 if err != nil {
193 t.Fatalf("Expected error fetch from provider: %v", err)
194 }
195 if crl == nil && !tt.expectNoCRL {
196 t.Fatalf("CRL is unexpectedly nil")
197 }
198 }
199 })
200 }
201 p.Close()

Callers

nothing calls this directly

Calls 9

CRLMethod · 0.95
CloseMethod · 0.95
PathFunction · 0.92
makeChainFunction · 0.85
ErrorMethod · 0.65
FatalMethod · 0.65
FatalfMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected