From a9fa5537c72c021ced78fe6eaf6e467f265e3dca Mon Sep 17 00:00:00 2001 From: Matt Reiferson Date: Sun, 24 Aug 2014 23:26:36 -0400 Subject: [PATCH] refactor tests and add additional TLS tests --- consumer_test.go | 96 +++++++++++++++++++++++++++++++++++------------- test.sh | 67 +++------------------------------ test/ca.pem | 24 ++++++++++++ test/server.key | 28 ++++++++++++++ test/server.pem | 24 ++++++++++++ 5 files changed, 153 insertions(+), 86 deletions(-) create mode 100644 test/ca.pem create mode 100644 test/server.key create mode 100644 test/server.pem diff --git a/consumer_test.go b/consumer_test.go index 660cf654..2e66520c 100644 --- a/consumer_test.go +++ b/consumer_test.go @@ -8,7 +8,9 @@ import ( "io/ioutil" "log" "net/http" + "os" "strconv" + "strings" "testing" "time" @@ -62,55 +64,99 @@ func SendMessage(t *testing.T, port int, topic string, method string, body []byt } func TestConsumer(t *testing.T) { - consumerTest(t, false, false, false) + consumerTest(t, nil) } func TestConsumerTLS(t *testing.T) { - consumerTest(t, false, false, true) + consumerTest(t, func(c *Config) { + c.TlsV1 = true + c.TlsConfig = &tls.Config{ + InsecureSkipVerify: true, + } + }) } func TestConsumerDeflate(t *testing.T) { - consumerTest(t, true, false, false) + consumerTest(t, func(c *Config) { + c.Deflate = true + }) } func TestConsumerSnappy(t *testing.T) { - consumerTest(t, false, true, false) + consumerTest(t, func(c *Config) { + c.Snappy = true + }) } func TestConsumerTLSDeflate(t *testing.T) { - consumerTest(t, true, false, true) + consumerTest(t, func(c *Config) { + c.TlsV1 = true + c.TlsConfig = &tls.Config{ + InsecureSkipVerify: true, + } + c.Deflate = true + }) } func TestConsumerTLSSnappy(t *testing.T) { - consumerTest(t, false, true, true) + consumerTest(t, func(c *Config) { + c.TlsV1 = true + c.TlsConfig = &tls.Config{ + InsecureSkipVerify: true, + } + c.Snappy = true + }) } -func consumerTest(t *testing.T, deflate bool, snappy bool, tlsv1 bool) { - - topicName := "rdr_test" - if deflate { - topicName = topicName + "_deflate" - } else if snappy { - topicName = topicName + "_snappy" +func TestConsumerTLSClientCert(t *testing.T) { + envDl := os.Getenv("NSQ_DOWNLOAD") + if strings.HasPrefix(envDl, "nsq-0.2.24") || strings.HasPrefix(envDl, "nsq-0.2.27") { + t.Log("skipping due to older nsqd") + return } - if tlsv1 { - topicName = topicName + "_tls" + cert, _ := tls.LoadX509KeyPair("./test/client.pem", "./test/client.key") + consumerTest(t, func(c *Config) { + c.TlsV1 = true + c.TlsConfig = &tls.Config{ + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: true, + } + }) +} + +func TestConsumerTLSClientCertViaSet(t *testing.T) { + envDl := os.Getenv("NSQ_DOWNLOAD") + if strings.HasPrefix(envDl, "nsq-0.2.24") || strings.HasPrefix(envDl, "nsq-0.2.27") { + t.Log("skipping due to older nsqd") + return } - topicName = topicName + strconv.Itoa(int(time.Now().Unix())) + consumerTest(t, func(c *Config) { + c.Set("tls_v1", true) + c.Set("tls_cert", "./test/client.pem") + c.Set("tls_key", "./test/client.key") + c.Set("tls_insecure_skip_verify", true) + }) +} +func consumerTest(t *testing.T, cb func(c *Config)) { config := NewConfig() // so that the test can simulate reaching max requeues and a call to LogFailedMessage config.DefaultRequeueDelay = 0 // so that the test wont timeout from backing off config.MaxBackoffDuration = time.Millisecond * 50 - config.Deflate = deflate - config.Snappy = snappy - config.TlsV1 = tlsv1 - if tlsv1 { - config.TlsConfig = &tls.Config{ - InsecureSkipVerify: true, - } + if cb != nil { + cb(config) + } + topicName := "rdr_test" + if config.Deflate { + topicName = topicName + "_deflate" + } else if config.Snappy { + topicName = topicName + "_snappy" } + if config.TlsV1 { + topicName = topicName + "_tls" + } + topicName = topicName + strconv.Itoa(int(time.Now().Unix())) q, _ := NewConsumer(topicName, "ch", config) q.SetLogger(nullLogger, LogLevelInfo) @@ -128,12 +174,12 @@ func consumerTest(t *testing.T, deflate bool, snappy bool, tlsv1 bool) { addr := "127.0.0.1:4150" err := q.ConnectToNSQD(addr) if err != nil { - t.Fatalf(err.Error()) + t.Fatal(err) } err = q.ConnectToNSQD(addr) if err == nil { - t.Fatalf("should not be able to connect to the same NSQ twice") + t.Fatal("should not be able to connect to the same NSQ twice") } <-q.StopChan diff --git a/test.sh b/test.sh index e8029a76..da161380 100755 --- a/test.sh +++ b/test.sh @@ -18,71 +18,16 @@ echo " logging to $LOOKUP_LOGFILE" nsqlookupd >$LOOKUP_LOGFILE 2>&1 & LOOKUPD_PID=$! -cat >/tmp/cert.pem </tmp/key.pem <$NSQD_LOGFILE 2>&1 & +nsqd --data-path=/tmp --lookupd-tcp-address=127.0.0.1:4160 --tls-cert=./test/server.pem --tls-key=./test/server.key $EXTRA_ARGS >$NSQD_LOGFILE 2>&1 & NSQD_PID=$! sleep 0.3 diff --git a/test/ca.pem b/test/ca.pem new file mode 100644 index 00000000..f5c4723e --- /dev/null +++ b/test/ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID9zCCAt+gAwIBAgIJAPYpAVNDj2lgMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD +VQQGEwJERTEMMAoGA1UECAwDTlJXMQ4wDAYDVQQHDAVFYXJ0aDEXMBUGA1UECgwO +UmFuZG9tIENvbXBhbnkxCzAJBgNVBAsMAklUMRcwFQYDVQQDDA53d3cucmFuZG9t +LmNvbTElMCMGCSqGSIb3DQEJARYWS3J5cHRvS2luZ3NAcmFuZG9tLmNvbTAeFw0x +NDA0MDIyMTE0NTJaFw0xNTA0MDIyMTE0NTJaMIGRMQswCQYDVQQGEwJERTEMMAoG +A1UECAwDTlJXMQ4wDAYDVQQHDAVFYXJ0aDEXMBUGA1UECgwOUmFuZG9tIENvbXBh +bnkxCzAJBgNVBAsMAklUMRcwFQYDVQQDDA53d3cucmFuZG9tLmNvbTElMCMGCSqG +SIb3DQEJARYWS3J5cHRvS2luZ3NAcmFuZG9tLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAL/sJU6ODQCsdWAmq3Qyp6vCqVFkSIHwR3oH8vPuwwob +IOrx/pXz2LIRekQ4egT8LCH3QDxhEvFhDNXYM4h/mkQ+GpgzynoIqYrw+yF93pik +T9Tpel2IuntThlZrO/4APRbVw4Ihf3zp47AY71J+8usJjmfWsId4dhqa1lTYecXK +Zwxii8RTH/7LsuwIDOW1QJLGGKNzvVYA42Gh8Cw3uHlmqZ2tA/sp5qg1Z3QU5g7y +EzzRybotHaRb5XMUWHAlGbIl/TW4KlFqFZ0kCXJXL1uO3uq2nIS3bG7ryjbobRVn +dZ6sV34eenIeZWu6zlDxQP/EqxAezz5Ndyt9uYWb/JECAwEAAaNQME4wHQYDVR0O +BBYEFI9l/QHE30clqx+1oCR6IhUYEdqLMB8GA1UdIwQYMBaAFI9l/QHE30clqx+1 +oCR6IhUYEdqLMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAES6GKxL +oeCLZa83TjJXLagcc9mmdQZgfF3/o61+ye7D9BLqBwN5lx4+kIE1LAUI/Id0mCdW +9uXmPhpCJ926krahNc4Ol+wQTmZ3j7Mn3DCkFufjr64cGPU/UzH4yjMg9wEf84qz +5oH+dBifwJM8yoRCxbnMqGBu3xY8WCjPlw8E8lizXFk8wUbLZ/EC5Rjm+KmdT5ud +KTEgM+K6RMNo9vLn5ZasrYyhVcHdEKIzo6qLm1ZVIgpi/1WX0m8hACMfEcqee6ot +76LEyM3kwfqRkWGZWHEF9D4emp3quU+0AmjM57LHrYjidpDJkVTUHDoMBFHl9Uiq +0O9+azN48F/bVgU= +-----END CERTIFICATE----- diff --git a/test/server.key b/test/server.key new file mode 100644 index 00000000..0e3b4e5b --- /dev/null +++ b/test/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDFHWaPfRA5nU/F +E8AVoFj2TAgMRISLduWlbAgDnMtFLSGVwgjxU13Txsv0LgwJgo4A5xpd2WNV0dIQ +brerxvPVJruKO8KxKFS2U58BCFIG0xGrlQSg5wDGyqxEQY80XlrBtxs81v79GYHy +fBhizg7onlmbNZzxPy7idU0a7TpgzakeDrfJHQ7rI3llvR0U0TdOLno82CtPvosY +6TYZAIFYgH05yN7DWKuDUI8Fa2RFVkbHPUlJVKROw/0n1yWy7XcwTmQQyaodFYgg +KMCdyR0ElPxLv8dKYFjLvef2DTmuYwbalt5hiQqOpY1wm616Xf4ywz2uEU+ooLW4 +/Q6DcRUBAgMBAAECggEBAKDUgVc4YuGvkmOp3sOGhq/Hj5V63m7wvyV/BPb1mwFB +drK7lBJbxCXEgaslWxrzVCw2ZFQIyL1AKtbPj7tv5ImZRdHfOtbTonL1vbnY8Ryy +YSuPtiwW75JD0dULbO38wq5mWaoFfh5DDr0sNbWAjbeNZG14jCpnNDkAHr6Gq2hJ +VzwEwy+W7LXn8s8lYJHi3MsxCJqAFN1u2FOkjBtrcVW06VgV87IX59SOFns80x4E +Nn0ZKH7RU2DuJ7Fm4HtaNH+yaDYxUeo2A/2/UoavyYYCgC5gThsNjlp9/R4gtm0h +VO+8cN5a3s7zL+aITIusY7H/rwWc6XpRmxQn+jwqF8ECgYEA5PpAz4fhXA9abFZx +0XqCgcwTFY5gTX/JDd1qv0b/PueAR7dY5d37bRbTXpzrHiNFVrq3x432V3+KY0b5 +55PEB1YxwBUga5DvTSa5fLfUibvLpdZjganzdTOsG53wMvNwUT8iUzUQDLkyRfIi +mV0r4Sa34RrBZdWJ2Aou9by2SlkCgYEA3GCHTP7nAcuHXRTsXH3eK/HsfwxdwjhA +G5SG7L7KSoMpzCbe90DuYEr6J/O1nnP0QiSQ2uEeTOARzMfio4E16exWlDDtvPBQ +HqSuQKg4M7fMTN1tj95xmk1yGZMyPxgEfCScBeCbYQzOyZ0j93iFjqMnb2mlriq5 +MoSPat3BeukCgYEAjSGaFNABnUZxS1k0qhLCodHw6VZqERp0B7Gze9X8uP7jWFCv +4G6j66cn/KbnXBoNQNmxMLRVY7TezTYQDiZLquH7pBLheqtIc9ssdKyxuXsgmES9 +7EueHV0N9a+xPxZA4jLxqyuHivATBn2pybFdvFaq+3oMPgISBjCwpRH9oXECgYAN ++n16j8ydW4iZieM4Nq+p/+1tXZ5w3FqMpU4tpCh2s30qOuj3rAGyz+6wLBBAHcDH +lUQu7gqa+7eFUsR4dJCz5s7TFYtu6ZtbZjy7UzBFb4og8gaqEoUIMZNkNecBA4f9 +S+EtqkKQ1Fwlg7ctUlK+anDs6zmcI4+dubTTJX/JSQKBgQCsu/gCgoOi2GFgebIh +URvEMrhaiHxcw5u30nMNjWUGpDQK3lVTK51+7wj4xmVfiomvUW6M/HaR2+5xF1U1 +QV08cKeWCGfGUFetTxjdhsVhMIk84ygF2l9K6jiHqvtd5rIoQ9Lf8XXbYaQVicRg +qmB2iOzmbQQM/GOSofAeUfE7/A== +-----END PRIVATE KEY----- diff --git a/test/server.pem b/test/server.pem new file mode 100644 index 00000000..6e88f034 --- /dev/null +++ b/test/server.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIJAMsErP97ZQmgMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD +VQQGEwJERTEMMAoGA1UECAwDTlJXMQ4wDAYDVQQHDAVFYXJ0aDEXMBUGA1UECgwO +UmFuZG9tIENvbXBhbnkxCzAJBgNVBAsMAklUMRcwFQYDVQQDDA53d3cucmFuZG9t +LmNvbTEhMB8GCSqGSIb3DQEJARYSZm9vYmFyQGV4YW1wbGUuY29tMB4XDTE0MDQw +MjIxMTQ1MloXDTI0MDMzMDIxMTQ1MlowgY0xCzAJBgNVBAYTAkRFMQwwCgYDVQQI +DANOUlcxDjAMBgNVBAcMBUVhcnRoMRcwFQYDVQQKDA5SYW5kb20gQ29tcGFueTEL +MAkGA1UECwwCSVQxFzAVBgNVBAMMDnd3dy5yYW5kb20uY29tMSEwHwYJKoZIhvcN +AQkBFhJmb29iYXJAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDFHWaPfRA5nU/FE8AVoFj2TAgMRISLduWlbAgDnMtFLSGVwgjxU13T +xsv0LgwJgo4A5xpd2WNV0dIQbrerxvPVJruKO8KxKFS2U58BCFIG0xGrlQSg5wDG +yqxEQY80XlrBtxs81v79GYHyfBhizg7onlmbNZzxPy7idU0a7TpgzakeDrfJHQ7r +I3llvR0U0TdOLno82CtPvosY6TYZAIFYgH05yN7DWKuDUI8Fa2RFVkbHPUlJVKRO +w/0n1yWy7XcwTmQQyaodFYggKMCdyR0ElPxLv8dKYFjLvef2DTmuYwbalt5hiQqO +pY1wm616Xf4ywz2uEU+ooLW4/Q6DcRUBAgMBAAGjUDBOMB0GA1UdDgQWBBTxyT32 +Exu5TuortZY8zkVotLDNDTAfBgNVHSMEGDAWgBTxyT32Exu5TuortZY8zkVotLDN +DTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAu+0B+caaV4HzIHyfX +Zc6BUPcRoTEZIWX/7JLeeOVUztOjl9ExjYTzjo0QEt+PVcOzfQL/hxE2SPG6fRF7 +YRZU1h9t5Ti9rTg9myAbGGMo6MdWZULFcxIWjxhv6qnFPk/fF47PvGwjygFNnzv8 +FYmrAI99kK0CYolvXZ5ue250dpE/TCIAyk09a3WeBbHU/hMR/mBUNsitphelDbNK +oohrY9D7QR5Mf/NZgx3a0eDH6zoMYDRPARY3M02EuHHiRKmlyfnPv4ns4/0wCarj +pKpds+G80+k2fyiMgQ5bPTw8sfNgq1z0IvIuWB36XSNenTgnnjArbWii+x95jjNw +XcQg +-----END CERTIFICATE-----