64 lines
1.9 KiB
Go
64 lines
1.9 KiB
Go
|
package service
|
||
|
|
||
|
import (
|
||
|
"crypto/tls"
|
||
|
"crypto/x509"
|
||
|
"net/http"
|
||
|
"net/http/httptest"
|
||
|
"testing"
|
||
|
|
||
|
optls "github.com/ethereum-optimism/optimism/op-service/tls"
|
||
|
"github.com/stretchr/testify/assert"
|
||
|
)
|
||
|
|
||
|
func TestAuthMiddleware_NoCertificate(t *testing.T) {
|
||
|
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
assert.NotNil(t, nil, "handler should not have been invoked")
|
||
|
})
|
||
|
handler = NewAuthMiddleware()(handler)
|
||
|
handler = optls.NewPeerTLSMiddleware(handler)
|
||
|
assert.HTTPStatusCode(t, handler.ServeHTTP, "GET", "/", nil, 401)
|
||
|
}
|
||
|
|
||
|
func TestAuthMiddleware_CertificateMissingDNS(t *testing.T) {
|
||
|
req, _ := http.NewRequest("GET", "/", nil)
|
||
|
req.TLS = &tls.ConnectionState{PeerCertificates: []*x509.Certificate{}}
|
||
|
|
||
|
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
assert.NotNil(t, nil, "handler should not have been invoked")
|
||
|
})
|
||
|
|
||
|
handler = NewAuthMiddleware()(handler)
|
||
|
handler = optls.NewPeerTLSMiddleware(handler)
|
||
|
|
||
|
rr := httptest.NewRecorder()
|
||
|
handler.ServeHTTP(rr, req)
|
||
|
result := rr.Result()
|
||
|
defer result.Body.Close()
|
||
|
assert.Equal(t, 401, result.StatusCode)
|
||
|
}
|
||
|
|
||
|
func TestAuthMiddleware_HappyPath(t *testing.T) {
|
||
|
req, _ := http.NewRequest("GET", "/", nil)
|
||
|
req.TLS = &tls.ConnectionState{
|
||
|
PeerCertificates: []*x509.Certificate{{DNSNames: []string{"client.oplabs.co"}}},
|
||
|
}
|
||
|
|
||
|
handlerInvoked := false
|
||
|
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
clientInfo := ClientInfoFromContext(r.Context())
|
||
|
assert.Equal(t, "client.oplabs.co", clientInfo.ClientName)
|
||
|
handlerInvoked = true
|
||
|
})
|
||
|
|
||
|
handler = NewAuthMiddleware()(handler)
|
||
|
handler = optls.NewPeerTLSMiddleware(handler)
|
||
|
|
||
|
rr := httptest.NewRecorder()
|
||
|
handler.ServeHTTP(rr, req)
|
||
|
result := rr.Result()
|
||
|
defer result.Body.Close()
|
||
|
assert.Equal(t, 200, result.StatusCode)
|
||
|
assert.True(t, handlerInvoked)
|
||
|
}
|