| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- package dtls
- import (
- "crypto/tls"
- "reflect"
- "testing"
- "github.com/pion/dtls/v2/pkg/crypto/selfsign"
- )
- func TestGetCertificate(t *testing.T) {
- certificateWildcard, err := selfsign.GenerateSelfSignedWithDNS("*.test.test")
- if err != nil {
- t.Fatal(err)
- }
- certificateTest, err := selfsign.GenerateSelfSignedWithDNS("test.test", "www.test.test", "pop.test.test")
- if err != nil {
- t.Fatal(err)
- }
- certificateRandom, err := selfsign.GenerateSelfSigned()
- if err != nil {
- t.Fatal(err)
- }
- cfg := &handshakeConfig{
- localCertificates: []tls.Certificate{
- certificateRandom,
- certificateTest,
- certificateWildcard,
- },
- }
- testCases := []struct {
- desc string
- serverName string
- expectedCertificate tls.Certificate
- }{
- {
- desc: "Simple match in CN",
- serverName: "test.test",
- expectedCertificate: certificateTest,
- },
- {
- desc: "Simple match in SANs",
- serverName: "www.test.test",
- expectedCertificate: certificateTest,
- },
- {
- desc: "Wildcard match",
- serverName: "foo.test.test",
- expectedCertificate: certificateWildcard,
- },
- {
- desc: "No match return first",
- serverName: "foo.bar",
- expectedCertificate: certificateRandom,
- },
- }
- for _, test := range testCases {
- test := test
- t.Run(test.desc, func(t *testing.T) {
- t.Parallel()
- cert, err := cfg.getCertificate(test.serverName)
- if err != nil {
- t.Fatal(err)
- }
- if !reflect.DeepEqual(cert.Leaf, test.expectedCertificate.Leaf) {
- t.Fatalf("Certificate does not match: expected(%v) actual(%v)", test.expectedCertificate.Leaf, cert.Leaf)
- }
- })
- }
- }
|
