ipn/ipnlocal: fix the path for writing cert files (#7203)
Fixes #7202. Change-Id: I1f8e9c59d5e42e7df7a3fbbd82ae2b4293845916 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
This commit is contained in:
M. J. Fromberger
GitHub
@@ -5,7 +5,15 @@
|
||||
|
||||
package ipnlocal
|
||||
|
||||
import "testing"
|
||||
import (
|
||||
"crypto/x509"
|
||||
"embed"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"tailscale.com/ipn/store/mem"
|
||||
)
|
||||
|
||||
func TestValidLookingCertDomain(t *testing.T) {
|
||||
tests := []struct {
|
||||
@@ -26,3 +34,69 @@ func TestValidLookingCertDomain(t *testing.T) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//go:embed testdata/*
|
||||
var certTestFS embed.FS
|
||||
|
||||
func TestCertStoreRoundTrip(t *testing.T) {
|
||||
const testDomain = "example.com"
|
||||
|
||||
// Use a fixed verification timestamp so validity doesn't fall off when the
|
||||
// cert expires. If you update the test data below, this may also need to be
|
||||
// updated.
|
||||
testNow := time.Date(2023, time.February, 10, 0, 0, 0, 0, time.UTC)
|
||||
|
||||
// To re-generate a root certificate and domain certificate for testing,
|
||||
// use:
|
||||
//
|
||||
// go run filippo.io/mkcert@latest example.com
|
||||
//
|
||||
// The content is not important except to be structurally valid so we can be
|
||||
// sure the round-trip succeeds.
|
||||
testRoot, err := certTestFS.ReadFile("testdata/rootCA.pem")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
roots := x509.NewCertPool()
|
||||
if !roots.AppendCertsFromPEM(testRoot) {
|
||||
t.Fatal("Unable to add test CA to the cert pool")
|
||||
}
|
||||
|
||||
testCert, err := certTestFS.ReadFile("testdata/example.com.pem")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
testKey, err := certTestFS.ReadFile("testdata/example.com-key.pem")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
store certStore
|
||||
}{
|
||||
{"FileStore", certFileStore{dir: t.TempDir(), testRoots: roots}},
|
||||
{"StateStore", certStateStore{StateStore: new(mem.Store), testRoots: roots}},
|
||||
}
|
||||
for _, test := range tests {
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
if err := test.store.WriteCert(testDomain, testCert); err != nil {
|
||||
t.Fatalf("WriteCert: unexpected error: %v", err)
|
||||
}
|
||||
if err := test.store.WriteKey(testDomain, testKey); err != nil {
|
||||
t.Fatalf("WriteKey: unexpected error: %v", err)
|
||||
}
|
||||
|
||||
kp, err := test.store.Read(testDomain, testNow)
|
||||
if err != nil {
|
||||
t.Fatalf("Read: unexpected error: %v", err)
|
||||
}
|
||||
if diff := cmp.Diff(kp.CertPEM, testCert); diff != "" {
|
||||
t.Errorf("Certificate (-got, +want):\n%s", diff)
|
||||
}
|
||||
if diff := cmp.Diff(kp.KeyPEM, testKey); diff != "" {
|
||||
t.Errorf("Key (-got, +want):\n%s", diff)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user