👷 Improve tls test

2021-03-11 14:33:04 +08:00 · 2021-03-11 14:33:04 +08:00 · ff2052c48a
parent cdd642444d
commit ff2052c48a
2 changed files with 152 additions and 8 deletions
--- a/client_test.go
+++ b/client_test.go
@ -16,7 +16,7 @@ import (
 	"time"

 	"github.com/gofiber/fiber/v2/internal/encoding/json"
-
+	"github.com/gofiber/fiber/v2/internal/tlstest"
 	"github.com/gofiber/fiber/v2/utils"
 	"github.com/valyala/fasthttp/fasthttputil"
 )
@ -873,21 +873,49 @@ func Test_Client_Agent_Reuse(t *testing.T) {
 	utils.AssertEqual(t, 0, len(errs))
 }

-func Test_Client_Agent_TLS(t *testing.T) {
+func Test_Client_Agent_InsecureSkipVerify(t *testing.T) {
 	t.Parallel()

-	// Create tls certificate
 	cer, err := tls.LoadX509KeyPair("./.github/testdata/ssl.pem", "./.github/testdata/ssl.key")
 	utils.AssertEqual(t, nil, err)

-	config := &tls.Config{
+	serverTLSConf := &tls.Config{
 		Certificates: []tls.Certificate{cer},
 	}

 	ln, err := net.Listen(NetworkTCP4, "127.0.0.1:0")
 	utils.AssertEqual(t, nil, err)

-	ln = tls.NewListener(ln, config)
+	ln = tls.NewListener(ln, serverTLSConf)
+
+	app := New(Config{DisableStartupMessage: true})
+
+	app.Get("/", func(c *Ctx) error {
+		return c.SendString("ignore tls")
+	})
+
+	go func() { utils.AssertEqual(t, nil, app.Listener(ln)) }()
+
+	code, body, errs := Get("https://" + ln.Addr().String()).
+		InsecureSkipVerify().
+		InsecureSkipVerify().
+		String()
+
+	utils.AssertEqual(t, 0, len(errs))
+	utils.AssertEqual(t, StatusOK, code)
+	utils.AssertEqual(t, "ignore tls", body)
+}
+
+func Test_Client_Agent_TLS(t *testing.T) {
+	t.Parallel()
+
+	serverTLSConf, clientTLSConf, err := tlstest.GetTLSConfigs()
+	utils.AssertEqual(t, nil, err)
+
+	ln, err := net.Listen(NetworkTCP4, "127.0.0.1:0")
+	utils.AssertEqual(t, nil, err)
+
+	ln = tls.NewListener(ln, serverTLSConf)

 	app := New(Config{DisableStartupMessage: true})

@ -898,9 +926,7 @@ func Test_Client_Agent_TLS(t *testing.T) {
 	go func() { utils.AssertEqual(t, nil, app.Listener(ln)) }()

 	code, body, errs := Get("https://" + ln.Addr().String()).
-		InsecureSkipVerify().
-		TLSConfig(config).
-		InsecureSkipVerify().
+		TLSConfig(clientTLSConf).
 		String()

 	utils.AssertEqual(t, 0, len(errs))
--- a/internal/tlstest/tls.go
+++ b/internal/tlstest/tls.go
@ -0,0 +1,118 @@
+package tlstest
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"net"
+	"time"
+)
+
+func GetTLSConfigs() (serverTLSConf *tls.Config, clientTLSConf *tls.Config, err error) {
+	// set up our CA certificate
+	ca := &x509.Certificate{
+		SerialNumber: big.NewInt(2021),
+		Subject: pkix.Name{
+			Organization:  []string{"Fiber"},
+			Country:       []string{"NL"},
+			Province:      []string{""},
+			Locality:      []string{"Amsterdam"},
+			StreetAddress: []string{"Huidenstraat"},
+			PostalCode:    []string{"1011 AA"},
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
+		IsCA:                  true,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+	}
+
+	// create our private and public key
+	caPrivateKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// create the CA
+	caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivateKey.PublicKey, caPrivateKey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// pem encode
+	var caPEM bytes.Buffer
+	_ = pem.Encode(&caPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: caBytes,
+	})
+
+	var caPrivKeyPEM bytes.Buffer
+	_ = pem.Encode(&caPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(caPrivateKey),
+	})
+
+	// set up our server certificate
+	cert := &x509.Certificate{
+		SerialNumber: big.NewInt(2021),
+		Subject: pkix.Name{
+			Organization:  []string{"Fiber"},
+			Country:       []string{"NL"},
+			Province:      []string{""},
+			Locality:      []string{"Amsterdam"},
+			StreetAddress: []string{"Huidenstraat"},
+			PostalCode:    []string{"1011 AA"},
+		},
+		IPAddresses:  []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().AddDate(10, 0, 0),
+		SubjectKeyId: []byte{1, 2, 3, 4, 6},
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+	}
+
+	certPrivateKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	certBytes, err := x509.CreateCertificate(rand.Reader, cert, ca, &certPrivateKey.PublicKey, caPrivateKey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var certPEM bytes.Buffer
+	_ = pem.Encode(&certPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	})
+
+	var certPrivateKeyPEM bytes.Buffer
+	_ = pem.Encode(&certPrivateKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(certPrivateKey),
+	})
+
+	serverCert, err := tls.X509KeyPair(certPEM.Bytes(), certPrivateKeyPEM.Bytes())
+	if err != nil {
+		return nil, nil, err
+	}
+
+	serverTLSConf = &tls.Config{
+		Certificates: []tls.Certificate{serverCert},
+	}
+
+	certPool := x509.NewCertPool()
+	certPool.AppendCertsFromPEM(caPEM.Bytes())
+	clientTLSConf = &tls.Config{
+		RootCAs: certPool,
+	}
+
+	return serverTLSConf, clientTLSConf, nil
+}