From cedcf58ea7d729acb6ed1a9ab7aec1ae38aed102 Mon Sep 17 00:00:00 2001 From: tjpcc Date: Mon, 9 Oct 2023 08:56:53 -0600 Subject: more useful tlsauth.Approver type the predicate function should be able to see the whole context and request --- contrib/tlsauth/approver_test.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'contrib/tlsauth/approver_test.go') diff --git a/contrib/tlsauth/approver_test.go b/contrib/tlsauth/approver_test.go index d2f4f07..32f7c40 100644 --- a/contrib/tlsauth/approver_test.go +++ b/contrib/tlsauth/approver_test.go @@ -1,6 +1,7 @@ package tlsauth_test import ( + "context" "crypto/tls" "crypto/x509" "errors" @@ -8,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" + "tildegit.org/tjp/sliderule" "tildegit.org/tjp/sliderule/contrib/tlsauth" ) @@ -15,18 +17,24 @@ func TestRequireSpecificIdentity(t *testing.T) { cert1, err := leafCert("testdata/client1.crt", "testdata/client1.key") assert.Nil(t, err) + req1 := &sliderule.Request{TLSState: &tls.ConnectionState{PeerCertificates: []*x509.Certificate{cert1}}} + cert2, err := leafCert("testdata/client2.crt", "testdata/client2.key") assert.Nil(t, err) + req2 := &sliderule.Request{TLSState: &tls.ConnectionState{PeerCertificates: []*x509.Certificate{cert2}}} + + ctx := context.Background() + assert.True(t, cert1.Equal(cert1)) assert.False(t, cert1.Equal(cert2)) assert.False(t, cert2.Equal(cert1)) assert.True(t, cert2.Equal(cert2)) - assert.True(t, tlsauth.RequireSpecificIdentity(cert1)(cert1)) - assert.False(t, tlsauth.RequireSpecificIdentity(cert1)(cert2)) - assert.False(t, tlsauth.RequireSpecificIdentity(cert2)(cert1)) - assert.True(t, tlsauth.RequireSpecificIdentity(cert2)(cert2)) + assert.True(t, tlsauth.RequireSpecificIdentity(cert1)(ctx, req1)) + assert.False(t, tlsauth.RequireSpecificIdentity(cert1)(ctx, req2)) + assert.False(t, tlsauth.RequireSpecificIdentity(cert2)(ctx, req1)) + assert.True(t, tlsauth.RequireSpecificIdentity(cert2)(ctx, req2)) } func leafCert(certfile, keyfile string) (*x509.Certificate, error) { -- cgit v1.2.3