Skip to content

Commit

Permalink
improving TestHandshake
Browse files Browse the repository at this point in the history
  • Loading branch information
@JordiSubira
JordiSubira committed Aug 14, 2020
1 parent 83b8f1c commit 2f9c38c
Showing 1 changed file with 38 additions and 29 deletions.
67 changes: 38 additions & 29 deletions go/pkg/trust/tls_handshake_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,15 @@ package trust_test

import (
"crypto/tls"
"net"
"testing"
"time"

"github.com/golang/mock/gomock"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/scionproto/scion/go/lib/scrypto/cppki"
"github.com/scionproto/scion/go/lib/xtest"
"github.com/scionproto/scion/go/pkg/trust"
"github.com/scionproto/scion/go/pkg/trust/mock_trust"
Expand Down Expand Up @@ -62,54 +64,61 @@ func TestTLSCryptoManagerVerifyPeerCertificate(t *testing.T) {
})
}
}

func TestHandshake(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()

trc := xtest.LoadTRC(t, "testdata/common/trcs/ISD1-B1-S1.trc")
crt111File := "testdata/common/ISD1/ASff00_0_111/crypto/as/ISD1-ASff00_0_111.pem"
key111File := "testdata/common/ISD1/ASff00_0_111/crypto/as/cp-as.key"
tlsCert, err := tls.LoadX509KeyPair(crt111File, key111File)
require.NoError(t, err)

ctrl := gomock.NewController(t)
defer ctrl.Finish()
chain, err := cppki.ReadPEMCerts(crt111File)
require.NoError(t, err)

db := mock_trust.NewMockDB(ctrl)
db.EXPECT().SignedTRC(gomock.Any(), gomock.Any()).MaxTimes(2).Return(trc, nil)
loader := mock_trust.NewMockX509KeyPairLoader(ctrl)
loader.EXPECT().LoadX509KeyPair().MaxTimes(2).Return(&tlsCert, nil)

serverMgr := trust.NewTLSCryptoManager(loader, db)
srvConfig := &tls.Config{
mgr := trust.NewTLSCryptoManager(loader, db)
clientConn, serverConn := net.Pipe()
defer clientConn.Close()
defer serverConn.Close()

client := tls.Client(clientConn, &tls.Config{
InsecureSkipVerify: true,
GetClientCertificate: mgr.GetClientCertificate,
VerifyPeerCertificate: mgr.VerifyPeerCertificate,
})
server := tls.Server(serverConn, &tls.Config{
InsecureSkipVerify: true,
GetCertificate: serverMgr.GetCertificate,
VerifyPeerCertificate: serverMgr.VerifyPeerCertificate,
GetCertificate: mgr.GetCertificate,
VerifyPeerCertificate: mgr.VerifyPeerCertificate,
ClientAuth: tls.RequireAnyClientCert,
}
listener, err := tls.Listen("tcp", "127.0.0.1:8884", srvConfig)
require.NoError(t, err)
})

clientMgr := trust.NewTLSCryptoManager(loader, db)
clientConfig := &tls.Config{
InsecureSkipVerify: true,
GetClientCertificate: clientMgr.GetClientCertificate,
VerifyPeerCertificate: clientMgr.VerifyPeerCertificate,
}
connCheck := func(w, r net.Conn) {
msg := []byte("hello")

go func() {
clientConn, err := tls.Dial("tcp", "127.0.0.1:8884", clientConfig)
assert.NoError(t, err)
defer clientConn.Close()
}()
go func() {
_, err := w.Write(msg)
require.NoError(t, err)
}()

conn, err := listener.Accept()
require.NoError(t, err)
defer conn.Close()
buf := make([]byte, 100)
n, err := r.Read(buf)
require.NoError(t, err)
require.Equal(t, msg, buf[:n])
}

tlsCon, _ := conn.(*tls.Conn)
err = tlsCon.Handshake()
assert.NoError(t, err)
assert.NotEmpty(t, tlsCon.ConnectionState().PeerCertificates)
assert.True(t, tlsCon.ConnectionState().HandshakeComplete)
connCheck(server, client)

assert.Equal(t, chain, client.ConnectionState().PeerCertificates)
assert.Equal(t, chain, server.ConnectionState().PeerCertificates)
assert.True(t, client.ConnectionState().HandshakeComplete)
assert.True(t, server.ConnectionState().HandshakeComplete)
}

func loadRawChain(t *testing.T, file string) [][]byte {
Expand Down

0 comments on commit 2f9c38c

Please sign in to comment.