Add TLS invalid cases checks
This commit is contained in:
parent
4f89bc06a0
commit
a5e48cf9d0
0
src/test/expired_certificate.rs
Normal file
0
src/test/expired_certificate.rs
Normal file
@ -13,6 +13,9 @@ enum PortsAllocation {
|
|||||||
ValidWithTokenAuthAndServerTLS,
|
ValidWithTokenAuthAndServerTLS,
|
||||||
WithTokenAuthAndInvalidServerTLSBadCA,
|
WithTokenAuthAndInvalidServerTLSBadCA,
|
||||||
WithTokenAuthAndInvalidServerTLSExpiredAndBadCN,
|
WithTokenAuthAndInvalidServerTLSExpiredAndBadCN,
|
||||||
|
TlsAuthExpiredClientCertificate,
|
||||||
|
TlsAuthRevokedClientCertificate,
|
||||||
|
TlsAuthInvalidClientCertificate,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_port_number(alloc: PortsAllocation, index: u16) -> u16 {
|
fn get_port_number(alloc: PortsAllocation, index: u16) -> u16 {
|
||||||
@ -33,6 +36,10 @@ mod server_invalid_tls_config_invalid_key;
|
|||||||
mod server_invalid_tls_config_invalid_paths;
|
mod server_invalid_tls_config_invalid_paths;
|
||||||
mod server_invalid_tls_config_missing_key;
|
mod server_invalid_tls_config_missing_key;
|
||||||
mod server_invalid_token_file;
|
mod server_invalid_token_file;
|
||||||
|
mod server_missing_auth;
|
||||||
|
mod tls_auth_expired_certificate;
|
||||||
|
mod tls_auth_invalid_certificate;
|
||||||
|
mod tls_auth_revoked_certificate;
|
||||||
mod valid_token_with_custom_increment;
|
mod valid_token_with_custom_increment;
|
||||||
mod valid_with_multiple_token_auth;
|
mod valid_with_multiple_token_auth;
|
||||||
mod valid_with_tls_auth;
|
mod valid_with_tls_auth;
|
||||||
|
71
src/test/server_missing_auth.rs
Normal file
71
src/test/server_missing_auth.rs
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
use crate::tcp_relay_server::server_config::ServerConfig;
|
||||||
|
use crate::test::pki::Pki;
|
||||||
|
use crate::test::{get_port_number, PortsAllocation};
|
||||||
|
|
||||||
|
fn port(index: u16) -> u16 {
|
||||||
|
get_port_number(PortsAllocation::TestsWithoutPortOpened, index)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn with_tls_server() {
|
||||||
|
let _ = env_logger::builder().is_test(true).try_init();
|
||||||
|
|
||||||
|
let pki = Pki::load();
|
||||||
|
|
||||||
|
crate::tcp_relay_server::run_app(ServerConfig {
|
||||||
|
tokens: vec![],
|
||||||
|
tokens_file: None,
|
||||||
|
ports: vec![port(1)],
|
||||||
|
upstream_server: "127.0.0.1".to_string(),
|
||||||
|
listen_address: format!("127.0.0.1:{}", port(0)),
|
||||||
|
increment_ports: 1,
|
||||||
|
tls_cert: Some(pki.root_ca_crl.file_path()),
|
||||||
|
tls_key: Some(pki.localhost_key.file_path()),
|
||||||
|
tls_client_auth_root_cert: None,
|
||||||
|
tls_revocation_list: None,
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap_err();
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn without_tls_server() {
|
||||||
|
let _ = env_logger::builder().is_test(true).try_init();
|
||||||
|
|
||||||
|
crate::tcp_relay_server::run_app(ServerConfig {
|
||||||
|
tokens: vec![],
|
||||||
|
tokens_file: None,
|
||||||
|
ports: vec![port(1)],
|
||||||
|
upstream_server: "127.0.0.1".to_string(),
|
||||||
|
listen_address: format!("127.0.0.1:{}", port(0)),
|
||||||
|
increment_ports: 1,
|
||||||
|
tls_cert: None,
|
||||||
|
tls_key: None,
|
||||||
|
tls_client_auth_root_cert: None,
|
||||||
|
tls_revocation_list: None,
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap_err();
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn tls_auth_without_tls_config() {
|
||||||
|
let _ = env_logger::builder().is_test(true).try_init();
|
||||||
|
|
||||||
|
let pki = Pki::load();
|
||||||
|
|
||||||
|
crate::tcp_relay_server::run_app(ServerConfig {
|
||||||
|
tokens: vec![],
|
||||||
|
tokens_file: None,
|
||||||
|
ports: vec![port(1)],
|
||||||
|
upstream_server: "127.0.0.1".to_string(),
|
||||||
|
listen_address: format!("127.0.0.1:{}", port(0)),
|
||||||
|
increment_ports: 1,
|
||||||
|
tls_cert: None,
|
||||||
|
tls_key: None,
|
||||||
|
tls_client_auth_root_cert: Some(pki.root_ca_crt.file_path()),
|
||||||
|
tls_revocation_list: None,
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap_err();
|
||||||
|
}
|
58
src/test/tls_auth_expired_certificate.rs
Normal file
58
src/test/tls_auth_expired_certificate.rs
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
use tokio::task;
|
||||||
|
|
||||||
|
use crate::tcp_relay_client::client_config::ClientConfig;
|
||||||
|
use crate::tcp_relay_server::server_config::ServerConfig;
|
||||||
|
use crate::test::dummy_tcp_sockets::{wait_for_port, DummyTCPServer};
|
||||||
|
use crate::test::pki::Pki;
|
||||||
|
use crate::test::{get_port_number, PortsAllocation, LOCALHOST_IP};
|
||||||
|
|
||||||
|
fn port(index: u16) -> u16 {
|
||||||
|
get_port_number(PortsAllocation::TlsAuthExpiredClientCertificate, index)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn test() {
|
||||||
|
let _ = env_logger::builder().is_test(true).try_init();
|
||||||
|
|
||||||
|
// Start internal service
|
||||||
|
let local_server = DummyTCPServer::start(port(1)).await;
|
||||||
|
tokio::spawn(async move {
|
||||||
|
local_server.loop_conn_square_operations().await;
|
||||||
|
});
|
||||||
|
|
||||||
|
let pki = Pki::load();
|
||||||
|
|
||||||
|
let local_set = task::LocalSet::new();
|
||||||
|
local_set
|
||||||
|
.run_until(async move {
|
||||||
|
wait_for_port(port(1)).await;
|
||||||
|
|
||||||
|
// Start server relay
|
||||||
|
task::spawn_local(crate::tcp_relay_server::run_app(ServerConfig {
|
||||||
|
tokens: vec![],
|
||||||
|
tokens_file: None,
|
||||||
|
ports: vec![port(1)],
|
||||||
|
upstream_server: "127.0.0.1".to_string(),
|
||||||
|
listen_address: format!("127.0.0.1:{}", port(0)),
|
||||||
|
increment_ports: 1,
|
||||||
|
tls_cert: Some(pki.localhost_crt.file_path()),
|
||||||
|
tls_key: Some(pki.localhost_key.file_path()),
|
||||||
|
tls_client_auth_root_cert: Some(pki.root_ca_crt.file_path()),
|
||||||
|
tls_revocation_list: Some(pki.root_ca_crl.file_path()),
|
||||||
|
}));
|
||||||
|
wait_for_port(port(0)).await;
|
||||||
|
|
||||||
|
// Start client relay
|
||||||
|
crate::tcp_relay_client::run_app(ClientConfig {
|
||||||
|
relay_url: format!("https://localhost:{}", port(0)),
|
||||||
|
listen_address: LOCALHOST_IP.to_string(),
|
||||||
|
root_certificate: Some(pki.root_ca_crt.file_path()),
|
||||||
|
tls_cert: Some(pki.expired_client_crt.file_path()),
|
||||||
|
tls_key: Some(pki.valid_client_key.file_path()),
|
||||||
|
..Default::default()
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap_err();
|
||||||
|
})
|
||||||
|
.await;
|
||||||
|
}
|
58
src/test/tls_auth_invalid_certificate.rs
Normal file
58
src/test/tls_auth_invalid_certificate.rs
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
use tokio::task;
|
||||||
|
|
||||||
|
use crate::tcp_relay_client::client_config::ClientConfig;
|
||||||
|
use crate::tcp_relay_server::server_config::ServerConfig;
|
||||||
|
use crate::test::dummy_tcp_sockets::{wait_for_port, DummyTCPServer};
|
||||||
|
use crate::test::pki::Pki;
|
||||||
|
use crate::test::{get_port_number, PortsAllocation, LOCALHOST_IP};
|
||||||
|
|
||||||
|
fn port(index: u16) -> u16 {
|
||||||
|
get_port_number(PortsAllocation::TlsAuthInvalidClientCertificate, index)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn test() {
|
||||||
|
let _ = env_logger::builder().is_test(true).try_init();
|
||||||
|
|
||||||
|
// Start internal service
|
||||||
|
let local_server = DummyTCPServer::start(port(1)).await;
|
||||||
|
tokio::spawn(async move {
|
||||||
|
local_server.loop_conn_square_operations().await;
|
||||||
|
});
|
||||||
|
|
||||||
|
let pki = Pki::load();
|
||||||
|
|
||||||
|
let local_set = task::LocalSet::new();
|
||||||
|
local_set
|
||||||
|
.run_until(async move {
|
||||||
|
wait_for_port(port(1)).await;
|
||||||
|
|
||||||
|
// Start server relay
|
||||||
|
task::spawn_local(crate::tcp_relay_server::run_app(ServerConfig {
|
||||||
|
tokens: vec![],
|
||||||
|
tokens_file: None,
|
||||||
|
ports: vec![port(1)],
|
||||||
|
upstream_server: "127.0.0.1".to_string(),
|
||||||
|
listen_address: format!("127.0.0.1:{}", port(0)),
|
||||||
|
increment_ports: 1,
|
||||||
|
tls_cert: Some(pki.localhost_crt.file_path()),
|
||||||
|
tls_key: Some(pki.localhost_key.file_path()),
|
||||||
|
tls_client_auth_root_cert: Some(pki.other_ca_crt.file_path()),
|
||||||
|
tls_revocation_list: Some(pki.other_ca_crl.file_path()),
|
||||||
|
}));
|
||||||
|
wait_for_port(port(0)).await;
|
||||||
|
|
||||||
|
// Start client relay
|
||||||
|
crate::tcp_relay_client::run_app(ClientConfig {
|
||||||
|
relay_url: format!("https://localhost:{}", port(0)),
|
||||||
|
listen_address: LOCALHOST_IP.to_string(),
|
||||||
|
root_certificate: Some(pki.root_ca_crt.file_path()),
|
||||||
|
tls_cert: Some(pki.revoked_client_crt.file_path()),
|
||||||
|
tls_key: Some(pki.revoked_client_key.file_path()),
|
||||||
|
..Default::default()
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap_err();
|
||||||
|
})
|
||||||
|
.await;
|
||||||
|
}
|
58
src/test/tls_auth_revoked_certificate.rs
Normal file
58
src/test/tls_auth_revoked_certificate.rs
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
use tokio::task;
|
||||||
|
|
||||||
|
use crate::tcp_relay_client::client_config::ClientConfig;
|
||||||
|
use crate::tcp_relay_server::server_config::ServerConfig;
|
||||||
|
use crate::test::dummy_tcp_sockets::{wait_for_port, DummyTCPServer};
|
||||||
|
use crate::test::pki::Pki;
|
||||||
|
use crate::test::{get_port_number, PortsAllocation, LOCALHOST_IP};
|
||||||
|
|
||||||
|
fn port(index: u16) -> u16 {
|
||||||
|
get_port_number(PortsAllocation::TlsAuthRevokedClientCertificate, index)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn test() {
|
||||||
|
let _ = env_logger::builder().is_test(true).try_init();
|
||||||
|
|
||||||
|
// Start internal service
|
||||||
|
let local_server = DummyTCPServer::start(port(1)).await;
|
||||||
|
tokio::spawn(async move {
|
||||||
|
local_server.loop_conn_square_operations().await;
|
||||||
|
});
|
||||||
|
|
||||||
|
let pki = Pki::load();
|
||||||
|
|
||||||
|
let local_set = task::LocalSet::new();
|
||||||
|
local_set
|
||||||
|
.run_until(async move {
|
||||||
|
wait_for_port(port(1)).await;
|
||||||
|
|
||||||
|
// Start server relay
|
||||||
|
task::spawn_local(crate::tcp_relay_server::run_app(ServerConfig {
|
||||||
|
tokens: vec![],
|
||||||
|
tokens_file: None,
|
||||||
|
ports: vec![port(1)],
|
||||||
|
upstream_server: "127.0.0.1".to_string(),
|
||||||
|
listen_address: format!("127.0.0.1:{}", port(0)),
|
||||||
|
increment_ports: 1,
|
||||||
|
tls_cert: Some(pki.localhost_crt.file_path()),
|
||||||
|
tls_key: Some(pki.localhost_key.file_path()),
|
||||||
|
tls_client_auth_root_cert: Some(pki.root_ca_crt.file_path()),
|
||||||
|
tls_revocation_list: Some(pki.root_ca_crl.file_path()),
|
||||||
|
}));
|
||||||
|
wait_for_port(port(0)).await;
|
||||||
|
|
||||||
|
// Start client relay
|
||||||
|
crate::tcp_relay_client::run_app(ClientConfig {
|
||||||
|
relay_url: format!("https://localhost:{}", port(0)),
|
||||||
|
listen_address: LOCALHOST_IP.to_string(),
|
||||||
|
root_certificate: Some(pki.root_ca_crt.file_path()),
|
||||||
|
tls_cert: Some(pki.revoked_client_crt.file_path()),
|
||||||
|
tls_key: Some(pki.revoked_client_key.file_path()),
|
||||||
|
..Default::default()
|
||||||
|
})
|
||||||
|
.await
|
||||||
|
.unwrap_err();
|
||||||
|
})
|
||||||
|
.await;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user