wilderjds
/
peroxide
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
288 Commits
2 Branches
0 Tags
12 MiB
 
 
Tag: Branch: Tree: e01a523ae3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e01a523ae3'
${ noResults }
peroxide/pkg/config/tls_test.go

63 lines
2.3 KiB
Raw Blame History

// Copyright (c) 2020 Proton Technologies AG
//
// This file is part of ProtonMail Bridge.
//
// ProtonMail Bridge is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// ProtonMail Bridge is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with ProtonMail Bridge. If not, see <https://www.gnu.org/licenses/>.
package config
import (
"os"
"path/filepath"
"runtime"
"testing"
"time"
"github.com/stretchr/testify/require"
)
type testTLSConfig struct{ certPath, keyPath string }
func (c *testTLSConfig) GetTLSCertPath() string { return c.certPath }
func (c *testTLSConfig) GetTLSKeyPath() string { return c.keyPath }
func TestTLSKeyRenewal(t *testing.T) {
// Remove keys.
configPath := "/tmp"
certPath := filepath.Join(configPath, "cert.pem")
keyPath := filepath.Join(configPath, "key.pem")
_ = os.Remove(certPath)
_ = os.Remove(keyPath)
// Put old key there.
tlsTemplate.NotBefore = time.Now().Add(-365 * 24 * time.Hour)
tlsTemplate.NotAfter = time.Now()
cert, err := GenerateTLSConfig(certPath, keyPath)
require.Equal(t, err, ErrTLSCertExpireSoon)
require.Equal(t, len(cert.Certificates), 1)
time.Sleep(time.Second)
now, notValidAfter := time.Now(), cert.Certificates[0].Leaf.NotAfter
require.True(t, now.After(notValidAfter), "old certificate expected to not be valid at %v but have valid until %v", now, notValidAfter)
// Renew key.
tlsTemplate.NotBefore = time.Now()
tlsTemplate.NotAfter = time.Now().Add(2 * 365 * 24 * time.Hour)
cert, err = GetTLSConfig(&testTLSConfig{certPath, keyPath})
if runtime.GOOS != "darwin" { // Darwin is not supported.
require.NoError(t, err)
}
require.Equal(t, len(cert.Certificates), 1)
now, notValidAfter = time.Now(), cert.Certificates[0].Leaf.NotAfter
require.False(t, now.After(notValidAfter), "new certificate expected to be valid at %v but have valid until %v", now, notValidAfter)
}