-
Notifications
You must be signed in to change notification settings - Fork 5
/
nanoauth_test.go
262 lines (224 loc) · 7.63 KB
/
nanoauth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
package nanoauth_test
import (
"crypto/tls"
"fmt"
"io"
"io/ioutil"
"net/http"
"os"
"testing"
"time"
"github.com/nanobox-io/golang-nanoauth"
)
func ExampleListenAndServe() {
http.HandleFunc("/", func(rw http.ResponseWriter, req *http.Request) {
io.WriteString(rw, "World, Hello!\n")
})
nanoauth.ListenAndServe("127.0.0.1:80", "secret", nil)
}
func ExampleListenAndServeTLS() {
http.HandleFunc("/", func(rw http.ResponseWriter, req *http.Request) {
io.WriteString(rw, "World, Hello!\n")
})
cert, _ := nanoauth.Generate("nanoauth.nanopack.io")
nanoauth.DefaultAuth.Header = "X-AUTH-TOKEN"
nanoauth.DefaultAuth.Certificate = cert
nanoauth.ListenAndServeTLS("127.0.0.1:443", "secret", nil)
}
// TestMain initializes the environment and runs the tests
func TestMain(m *testing.M) {
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
// create default route
http.HandleFunc("/", func(rw http.ResponseWriter, req *http.Request) {
io.WriteString(rw, "World, Hello!\n")
})
rtn := m.Run()
os.Exit(rtn)
}
// TestListenServe tests ListenAndServe functionality
func TestListenServe(t *testing.T) {
address1 := "127.0.0.1:8081"
go nanoauth.ListenAndServe(address1, "$ECRET", nil)
time.Sleep(time.Second)
// test good request
req, err := newReq(address1, "/?X-NANOBOX-TOKEN=$ECRET")
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
req.Host = "nanobox-router.test"
resp, err := getIt(req)
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
if resp != "World, Hello!\n" {
t.Errorf("%q doesn't match expected out", resp)
}
// test bad request
req, err = newReq(address1, "/")
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
req.Header.Add("X-NANOBOX-TOKEN", "PUBLIC")
req.Host = "nanobox-router.test"
resp, err = getIt(req)
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
if resp == "World, Hello!\n" {
t.Errorf("%q doesn't match expected out", resp)
}
}
// TestListenServeTLS tests ListenAndServeTLS functionality
func TestListenServeTLS(t *testing.T) {
address2 := "127.0.0.1:8082"
go nanoauth.ListenAndServeTLS(address2, "$ECRET", nil)
time.Sleep(time.Second)
// test good request
req, err := newReqS(address2, "/")
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
req.Header.Add("X-NANOBOX-TOKEN", "$ECRET")
req.Host = "nanobox-router.test"
resp, err := getIt(req)
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
if resp != "World, Hello!\n" {
t.Errorf("%q doesn't match expected out", resp)
}
// test bad request
req, err = newReqS(address2, "/")
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
req.Header.Add("X-NANOBOX-TOKEN", "PUBLIC")
req.Host = "nanobox-router.test"
resp, err = getIt(req)
if err != nil {
t.Errorf("Failed to create request - %v", err)
t.FailNow()
}
if resp == "World, Hello!\n" {
t.Errorf("%q doesn't match expected out", resp)
}
}
// TestLoad tests loading cert/key from file functionality
func TestLoad(t *testing.T) {
err := writeKeyPair()
if err != nil {
t.Errorf("Failed to write key/cert - %v", err)
t.FailNow()
}
_, err = nanoauth.Load("/tmp/pub.crt", "/tmp/priv.key", "")
if err != nil {
t.Errorf("Failed to load key/cert - %v", err)
}
// test failed loading
_, err = nanoauth.Load("/tmp/no-way-hose", "/tmp/priv.key", "")
if err == nil {
t.Errorf("Failed to fail loading key/cert - %v", err)
}
_, err = nanoauth.Load("/tmp/pub.crt", "/tmp/no-way-a", "")
if err == nil {
t.Errorf("Failed to fail loading key/cert - %v", err)
}
}
// write key pair to files
func writeKeyPair() error {
// self-signed keypair generated locally
pub := `-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAO8vbJ40g9igMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTYwNjA5MjMwNzAzWhcNMTcwNjA5MjMwNzAzWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0Uz1OJQ1vUmNfR6oDTcYsAcEIvWJLJ0+VCo67DMgpt2E/vLqKa6Ljb08
HZphAwMVVg3NF3dWNmgAxJS6KPF8I4gpeDQ1WdnjP9Q1r6WJlkE+SG6kWKuiMJUh
2jFRntb5/mzxLhds9g8JdQXRJeb5oolok0BJ/JGlc338tokL9czF4dTBL1kHdqZB
D4wP4evEotln30y4Wfp2wlvvR5jSuuvg/n/mxhtmt8PEEL2D5QKx6zwJdR0osccc
XJFRwAuAg19Xw5C9JZ4r+ilRghKzow8Db6d3Wyard+h9UZawns18X+ZWfj9q+3/T
bS9V39JD3LV/iOp2LXAr50TmN4QNTQIDAQABo1AwTjAdBgNVHQ4EFgQUC3h9qDf/
4msiNT+Nx31gNj/Sl+UwHwYDVR0jBBgwFoAUC3h9qDf/4msiNT+Nx31gNj/Sl+Uw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAXrJ5GW36UVDkWK2Uv7qb
SODdMj2WUxxbb724AKSizTYV75MepPfp6HCipbilfmPDWXnFd14ecgSI4+dfyP5L
rXhNk+kkmklyqR+c8YuG+ALoS77vsfBr24fLUPNpLjCwph5CNTce1UH0yw/ReT2L
xYWe45KtIjHIBU1jv4CKG8Cpi+Mj3wveREOEFQ6OxdxvtrgjhbEI1NDiqlnW5dFi
VHfPOt0KnoJx0rX0oP0Mp+6Qwt2orvMeqGjguAhGKyN6w5SrdJQ5PuRP+906W67w
Bz6qeOT9g4i9Na6x3/UmVArW8bUwnGn4Ll+551IrVxOynuLeaCTLbAFYt9/6NcRp
Yg==
-----END CERTIFICATE-----
`
priv := `-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA0Uz1OJQ1vUmNfR6oDTcYsAcEIvWJLJ0+VCo67DMgpt2E/vLq
Ka6Ljb08HZphAwMVVg3NF3dWNmgAxJS6KPF8I4gpeDQ1WdnjP9Q1r6WJlkE+SG6k
WKuiMJUh2jFRntb5/mzxLhds9g8JdQXRJeb5oolok0BJ/JGlc338tokL9czF4dTB
L1kHdqZBD4wP4evEotln30y4Wfp2wlvvR5jSuuvg/n/mxhtmt8PEEL2D5QKx6zwJ
dR0oscccXJFRwAuAg19Xw5C9JZ4r+ilRghKzow8Db6d3Wyard+h9UZawns18X+ZW
fj9q+3/TbS9V39JD3LV/iOp2LXAr50TmN4QNTQIDAQABAoIBAFd/usyqeUTm6PWz
yUGtFO8SH9KVn4E9Q39gID36qd3Yoe8LkoVWaRUaVXVywrfFpDfTkTgMNciM9jU4
kBLp0aHxHJUaDmu/wVc/2inSJJDiOa2CQ8amCioRTpOvJpYm/WA2HyXLuUuswaFg
iy0zQI2IsGVO7R9frDF6LBoLdSqObWAp0tQyUGMueVSozNBdED1kzAbl9GCb/LnB
Z7VVOwoX/cFagbK8fO60QEIwCQcx9lHyshdAVs4gJO0vG3Uo/qsFE+X/zPQQLnBk
2NwSEasL1RNxTzkkBuuZY7cpPlKl1wvbrRFukqTF/l5xYlhqkgKdBY+NbJYJW7RC
T8aIwykCgYEA6+GcZlFnOi0rAumc/Ykoe9B5egh71Rok7ZrF8zBV32E5VyEmO7Gc
qsaATBYOH/+h9TzH0yOhPaJ7kqxaijh9IrkRwABvkl0to4B6jvqDk41H/oRnUcbN
fWyxdnCnEwSGSJsTYid7jWY7Y4+M5nNjH2YZ96Wv5nJWbTtGaSzD6cMCgYEA4yb3
gAR8dSlZfQVhCG51zOtecIFDyQHAODPrHHzzOeuxdMD/ty2NoZT5QGrOri+dMhO/
1xGRnSWxSAuiBV0rLLxFavVO7IR7Mu/xnK3ELnuSp9yrtK8icZCyY7G9uY9mhnuG
YhSKO4zG+iYugmSrl63psvAwTPvyWp9hQGSmq68CgYAhc3dIk1a+S1WELjkTQ3Y4
SNJRWg6lo/WEtKRJ3pru+My27H6NjJyZI1licOZD527CZoI4ER92rCo2HLciTuyA
FhrMTcOE0C3+t+OpjyFFtY12LLSyRi0yEk4Aa+1lpwicF1HiY5MD9HGLpvnmXIq8
EzCvjBGr7p8PEo7jr3OBHQKBgCIb6tRVWB77u41TbnOmqpe/zCmWr4gSdDu8SBS6
CofrBXWjuYJXG8pkpVzv7OMpETDA2HDCGZyAWXOZE5Y8nEwWZVIfTd+kMR+/+gbt
7OSR976vGzWBiumEsdTYjsW7a8jL6az2qp8wj3xmmVtJJJ8dJVeSS55zwruq7R6P
PpvPAoGALyrSqIvzsxO/6m9vafjYrQ3u0TeJSsAVqJKSs47paeJIJeT1p6rotoJn
HRdLurBXAy38LKU7wK5aS8aE2NOhpxzRHl1jjW0I3lgf8H7oGM4U48FPme/VSOZA
fpowwqaBTnIoKBbR0i5L1NXagsaZBqJX8blzWZg7aq8D8wz7L/w=
-----END RSA PRIVATE KEY-----
`
pubBytes := []byte(pub)
err := ioutil.WriteFile("/tmp/pub.crt", pubBytes, 0644)
if err != nil {
return err
}
privBytes := []byte(priv)
err = ioutil.WriteFile("/tmp/priv.key", privBytes, 0600)
if err != nil {
return err
}
return nil
}
func newReq(address, path string) (*http.Request, error) {
req, err := http.NewRequest("GET", "http://"+address+path, nil)
if err != nil {
return nil, fmt.Errorf("Failed to create Request - %v", err)
}
return req, nil
}
func newReqS(address, path string) (*http.Request, error) {
req, err := http.NewRequest("GET", "https://"+address+path, nil)
if err != nil {
return nil, fmt.Errorf("Failed to create Request - %v", err)
}
return req, nil
}
func getIt(req *http.Request) (string, error) {
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
return "", fmt.Errorf("Failed test GET - %v", err)
}
b, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", fmt.Errorf("Failed to read Body - %v", err)
}
return string(b), nil
}