diff options
author | tjpcc <tjp@ctrl-c.club> | 2023-10-09 08:56:53 -0600 |
---|---|---|
committer | tjpcc <tjp@ctrl-c.club> | 2023-10-09 08:56:53 -0600 |
commit | cedcf58ea7d729acb6ed1a9ab7aec1ae38aed102 (patch) | |
tree | c04144501fa461b840cea96951f23d926b596ff7 /contrib/tlsauth/approver_test.go | |
parent | 1a14f01df1c220f1b8a0dcee1eada007aca8d43f (diff) |
more useful tlsauth.Approver type
the predicate function should be able to see the whole context and request
Diffstat (limited to 'contrib/tlsauth/approver_test.go')
-rw-r--r-- | contrib/tlsauth/approver_test.go | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/contrib/tlsauth/approver_test.go b/contrib/tlsauth/approver_test.go index d2f4f07..32f7c40 100644 --- a/contrib/tlsauth/approver_test.go +++ b/contrib/tlsauth/approver_test.go @@ -1,6 +1,7 @@ package tlsauth_test import ( + "context" "crypto/tls" "crypto/x509" "errors" @@ -8,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" + "tildegit.org/tjp/sliderule" "tildegit.org/tjp/sliderule/contrib/tlsauth" ) @@ -15,18 +17,24 @@ func TestRequireSpecificIdentity(t *testing.T) { cert1, err := leafCert("testdata/client1.crt", "testdata/client1.key") assert.Nil(t, err) + req1 := &sliderule.Request{TLSState: &tls.ConnectionState{PeerCertificates: []*x509.Certificate{cert1}}} + cert2, err := leafCert("testdata/client2.crt", "testdata/client2.key") assert.Nil(t, err) + req2 := &sliderule.Request{TLSState: &tls.ConnectionState{PeerCertificates: []*x509.Certificate{cert2}}} + + ctx := context.Background() + assert.True(t, cert1.Equal(cert1)) assert.False(t, cert1.Equal(cert2)) assert.False(t, cert2.Equal(cert1)) assert.True(t, cert2.Equal(cert2)) - assert.True(t, tlsauth.RequireSpecificIdentity(cert1)(cert1)) - assert.False(t, tlsauth.RequireSpecificIdentity(cert1)(cert2)) - assert.False(t, tlsauth.RequireSpecificIdentity(cert2)(cert1)) - assert.True(t, tlsauth.RequireSpecificIdentity(cert2)(cert2)) + assert.True(t, tlsauth.RequireSpecificIdentity(cert1)(ctx, req1)) + assert.False(t, tlsauth.RequireSpecificIdentity(cert1)(ctx, req2)) + assert.False(t, tlsauth.RequireSpecificIdentity(cert2)(ctx, req1)) + assert.True(t, tlsauth.RequireSpecificIdentity(cert2)(ctx, req2)) } func leafCert(certfile, keyfile string) (*x509.Certificate, error) { |