infra/op-signer/service/auth_test.go

64 lines
1.9 KiB
Go
Raw Normal View History

package service
import (
"crypto/tls"
"crypto/x509"
"net/http"
"net/http/httptest"
"testing"
optls "github.com/ethereum-optimism/optimism/op-service/tls"
"github.com/stretchr/testify/assert"
)
func TestAuthMiddleware_NoCertificate(t *testing.T) {
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.NotNil(t, nil, "handler should not have been invoked")
})
handler = NewAuthMiddleware()(handler)
handler = optls.NewPeerTLSMiddleware(handler)
assert.HTTPStatusCode(t, handler.ServeHTTP, "GET", "/", nil, 401)
}
func TestAuthMiddleware_CertificateMissingDNS(t *testing.T) {
req, _ := http.NewRequest("GET", "/", nil)
req.TLS = &tls.ConnectionState{PeerCertificates: []*x509.Certificate{}}
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.NotNil(t, nil, "handler should not have been invoked")
})
handler = NewAuthMiddleware()(handler)
handler = optls.NewPeerTLSMiddleware(handler)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
result := rr.Result()
defer result.Body.Close()
assert.Equal(t, 401, result.StatusCode)
}
func TestAuthMiddleware_HappyPath(t *testing.T) {
req, _ := http.NewRequest("GET", "/", nil)
req.TLS = &tls.ConnectionState{
PeerCertificates: []*x509.Certificate{{DNSNames: []string{"client.oplabs.co"}}},
}
handlerInvoked := false
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
clientInfo := ClientInfoFromContext(r.Context())
assert.Equal(t, "client.oplabs.co", clientInfo.ClientName)
handlerInvoked = true
})
handler = NewAuthMiddleware()(handler)
handler = optls.NewPeerTLSMiddleware(handler)
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
result := rr.Result()
defer result.Body.Close()
assert.Equal(t, 200, result.StatusCode)
assert.True(t, handlerInvoked)
}