| /* |
| * |
| * Copyright 2020 gRPC authors. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| * |
| */ |
| |
| package credentials |
| |
| import ( |
| "crypto/tls" |
| "crypto/x509" |
| "net/url" |
| "testing" |
| |
| "google.golang.org/grpc/internal/grpctest" |
| ) |
| |
| type s struct { |
| grpctest.Tester |
| } |
| |
| func Test(t *testing.T) { |
| grpctest.RunSubTests(t, s{}) |
| } |
| |
| func (s) TestSPIFFEIDFromState(t *testing.T) { |
| tests := []struct { |
| name string |
| urls []*url.URL |
| // If we expect a SPIFFE ID to be returned. |
| expectID bool |
| }{ |
| { |
| name: "empty URIs", |
| urls: []*url.URL{}, |
| expectID: false, |
| }, |
| { |
| name: "good SPIFFE ID", |
| urls: []*url.URL{ |
| { |
| Scheme: "spiffe", |
| Host: "foo.bar.com", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| }, |
| expectID: true, |
| }, |
| { |
| name: "invalid host", |
| urls: []*url.URL{ |
| { |
| Scheme: "spiffe", |
| Host: "", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| }, |
| expectID: false, |
| }, |
| { |
| name: "invalid path", |
| urls: []*url.URL{ |
| { |
| Scheme: "spiffe", |
| Host: "foo.bar.com", |
| Path: "", |
| RawPath: "", |
| }, |
| }, |
| expectID: false, |
| }, |
| { |
| name: "large path", |
| urls: []*url.URL{ |
| { |
| Scheme: "spiffe", |
| Host: "foo.bar.com", |
| Path: string(make([]byte, 2050)), |
| RawPath: string(make([]byte, 2050)), |
| }, |
| }, |
| expectID: false, |
| }, |
| { |
| name: "large host", |
| urls: []*url.URL{ |
| { |
| Scheme: "spiffe", |
| Host: string(make([]byte, 256)), |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| }, |
| expectID: false, |
| }, |
| { |
| name: "multiple URI SANs", |
| urls: []*url.URL{ |
| { |
| Scheme: "spiffe", |
| Host: "foo.bar.com", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| { |
| Scheme: "spiffe", |
| Host: "bar.baz.com", |
| Path: "workload/wl2", |
| RawPath: "workload/wl2", |
| }, |
| { |
| Scheme: "https", |
| Host: "foo.bar.com", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| }, |
| expectID: false, |
| }, |
| { |
| name: "multiple URI SANs without SPIFFE ID", |
| urls: []*url.URL{ |
| { |
| Scheme: "https", |
| Host: "foo.bar.com", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| { |
| Scheme: "ssh", |
| Host: "foo.bar.com", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| }, |
| expectID: false, |
| }, |
| { |
| name: "multiple URI SANs with one SPIFFE ID", |
| urls: []*url.URL{ |
| { |
| Scheme: "spiffe", |
| Host: "foo.bar.com", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| { |
| Scheme: "https", |
| Host: "foo.bar.com", |
| Path: "workload/wl1", |
| RawPath: "workload/wl1", |
| }, |
| }, |
| expectID: false, |
| }, |
| } |
| for _, tt := range tests { |
| t.Run(tt.name, func(t *testing.T) { |
| state := tls.ConnectionState{PeerCertificates: []*x509.Certificate{{URIs: tt.urls}}} |
| id := SPIFFEIDFromState(state) |
| if got, want := id != nil, tt.expectID; got != want { |
| t.Errorf("want expectID = %v, but SPIFFE ID is %v", want, id) |
| } |
| }) |
| } |
| } |