diff options
author | Tor Brede Vekterli <vekterli@oath.com> | 2018-09-07 11:08:20 +0000 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@oath.com> | 2018-09-07 11:12:02 +0000 |
commit | 3bc0bbe2bc406a51b40ac19f42298415eb76938b (patch) | |
tree | b9c8064c4b59ef2ede989d2e39ec56c6471b2ed1 /vespalib/src/tests/net | |
parent | e8daf30cbd919f98376c85f00cb987330faca2f6 (diff) |
Add TLS config file support with proposed JSON structure
Diffstat (limited to 'vespalib/src/tests/net')
6 files changed, 85 insertions, 0 deletions
diff --git a/vespalib/src/tests/net/tls/transport_options/CMakeLists.txt b/vespalib/src/tests/net/tls/transport_options/CMakeLists.txt new file mode 100644 index 00000000000..ee1e2477708 --- /dev/null +++ b/vespalib/src/tests/net/tls/transport_options/CMakeLists.txt @@ -0,0 +1,10 @@ +# Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +vespa_add_executable(vespalib_net_tls_transport_options_test_app TEST + SOURCES + transport_options_reading_test.cpp + DEPENDS + vespalib +) +vespa_add_test(NAME vespalib_net_tls_transport_options_test_app + COMMAND vespalib_net_tls_transport_options_test_app) + diff --git a/vespalib/src/tests/net/tls/transport_options/dummy_ca_certs.txt b/vespalib/src/tests/net/tls/transport_options/dummy_ca_certs.txt new file mode 100644 index 00000000000..b617f6f17e4 --- /dev/null +++ b/vespalib/src/tests/net/tls/transport_options/dummy_ca_certs.txt @@ -0,0 +1 @@ +My CA certificates diff --git a/vespalib/src/tests/net/tls/transport_options/dummy_certs.txt b/vespalib/src/tests/net/tls/transport_options/dummy_certs.txt new file mode 100644 index 00000000000..088b91ff770 --- /dev/null +++ b/vespalib/src/tests/net/tls/transport_options/dummy_certs.txt @@ -0,0 +1 @@ +My certificate chain diff --git a/vespalib/src/tests/net/tls/transport_options/dummy_privkey.txt b/vespalib/src/tests/net/tls/transport_options/dummy_privkey.txt new file mode 100644 index 00000000000..f29585fe31f --- /dev/null +++ b/vespalib/src/tests/net/tls/transport_options/dummy_privkey.txt @@ -0,0 +1 @@ +My private key diff --git a/vespalib/src/tests/net/tls/transport_options/ok_config.json b/vespalib/src/tests/net/tls/transport_options/ok_config.json new file mode 100644 index 00000000000..dd2591661dc --- /dev/null +++ b/vespalib/src/tests/net/tls/transport_options/ok_config.json @@ -0,0 +1,7 @@ +{ + "files":{ + "private-key": "dummy_privkey.txt", + "ca-certificates": "dummy_ca_certs.txt", + "certificates": "dummy_certs.txt" + } +} diff --git a/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp b/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp new file mode 100644 index 00000000000..859d2cc90f2 --- /dev/null +++ b/vespalib/src/tests/net/tls/transport_options/transport_options_reading_test.cpp @@ -0,0 +1,65 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +#include <vespa/vespalib/io/fileutil.h> +#include <vespa/vespalib/net/tls/transport_security_options.h> +#include <vespa/vespalib/net/tls/transport_security_options_reading.h> +#include <vespa/vespalib/testkit/test_kit.h> +#include <vespa/vespalib/util/exceptions.h> + +using namespace vespalib; +using namespace vespalib::net::tls; + +TEST("can load TLS credentials via config file") { + auto opts = read_options_from_json_file("ok_config.json"); + ASSERT_TRUE(opts.get() != nullptr); + // Obviously we'd need to change this to actual PEM data if config reading started + // actually verifying the _content_ of files, not just reading them. + EXPECT_EQUAL("My private key\n", opts->private_key_pem()); + EXPECT_EQUAL("My CA certificates\n", opts->ca_certs_pem()); + EXPECT_EQUAL("My certificate chain\n", opts->cert_chain_pem()); +} + +TEST("missing JSON file throws exception") { + EXPECT_EXCEPTION(read_options_from_json_file("missing_config.json"), IllegalArgumentException, + "TLS config file 'missing_config.json' does not exist"); +} + +TEST("bad JSON content throws exception") { + const char* bad_json = "hello world :D"; + EXPECT_EXCEPTION(read_options_from_json_string(bad_json), IllegalArgumentException, + "Provided TLS config file is not valid JSON"); +} + +TEST("missing 'files' field throws exception") { + const char* incomplete_json = R"({})"; + EXPECT_EXCEPTION(read_options_from_json_string(incomplete_json), IllegalArgumentException, + "TLS config root field 'files' is missing or empty"); +} + +TEST("missing 'private-key' field throws exception") { + const char* incomplete_json = R"({"files":{"certificates":"dummy_certs.txt","ca-certificates":"dummy_ca_certs.txt"}})"; + EXPECT_EXCEPTION(read_options_from_json_string(incomplete_json), IllegalArgumentException, + "TLS config field 'private-key' has not been set"); +} + +TEST("missing 'certificates' field throws exception") { + const char* incomplete_json = R"({"files":{"private-key":"dummy_privkey.txt","ca-certificates":"dummy_ca_certs.txt"}})"; + EXPECT_EXCEPTION(read_options_from_json_string(incomplete_json), IllegalArgumentException, + "TLS config field 'certificates' has not been set"); +} + +TEST("missing 'ca-certificates' field throws exception") { + const char* incomplete_json = R"({"files":{"private-key":"dummy_privkey.txt","certificates":"dummy_certs.txt"}})"; + EXPECT_EXCEPTION(read_options_from_json_string(incomplete_json), IllegalArgumentException, + "TLS config field 'ca-certificates' has not been set"); +} + +TEST("missing file referenced by field throws exception") { + const char* incomplete_json = R"({"files":{"private-key":"missing_privkey.txt", + "certificates":"dummy_certs.txt", + "ca-certificates":"dummy_ca_certs.txt"}})"; + EXPECT_EXCEPTION(read_options_from_json_string(incomplete_json), IllegalArgumentException, + "File 'missing_privkey.txt' referenced by TLS config does not exist"); +} + +TEST_MAIN() { TEST_RUN_ALL(); } + |