diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-16 19:23:18 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-16 19:23:18 +0000 |
| commit | 43a123c1ae6613b3efeed291fa552ecd909d3acf (patch) | |
| tree | fd92518b7024bc74031f78a1cf9e454b65e73665 /src/crypto/x509/root_test.go | |
| parent | Initial commit. (diff) | |
| download | golang-1.20-43a123c1ae6613b3efeed291fa552ecd909d3acf.tar.xz golang-1.20-43a123c1ae6613b3efeed291fa552ecd909d3acf.zip | |
Adding upstream version 1.20.14.upstream/1.20.14upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/crypto/x509/root_test.go')
| -rw-r--r-- | src/crypto/x509/root_test.go | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/src/crypto/x509/root_test.go b/src/crypto/x509/root_test.go new file mode 100644 index 0000000..94ee6a6 --- /dev/null +++ b/src/crypto/x509/root_test.go @@ -0,0 +1,108 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package x509 + +import ( + "testing" +) + +func TestFallbackPanic(t *testing.T) { + defer func() { + if recover() == nil { + t.Fatal("Multiple calls to SetFallbackRoots should panic") + } + }() + SetFallbackRoots(nil) + SetFallbackRoots(nil) +} + +func TestFallback(t *testing.T) { + // call systemRootsPool so that the sync.Once is triggered, and we can + // manipulate systemRoots without worrying about our working being overwritten + systemRootsPool() + if systemRoots != nil { + originalSystemRoots := *systemRoots + defer func() { systemRoots = &originalSystemRoots }() + } + + tests := []struct { + name string + systemRoots *CertPool + systemPool bool + poolContent []*Certificate + forceFallback bool + returnsFallback bool + }{ + { + name: "nil systemRoots", + returnsFallback: true, + }, + { + name: "empty systemRoots", + systemRoots: NewCertPool(), + returnsFallback: true, + }, + { + name: "empty systemRoots system pool", + systemRoots: NewCertPool(), + systemPool: true, + }, + { + name: "filled systemRoots system pool", + systemRoots: NewCertPool(), + poolContent: []*Certificate{{}}, + systemPool: true, + }, + { + name: "filled systemRoots", + systemRoots: NewCertPool(), + poolContent: []*Certificate{{}}, + }, + { + name: "filled systemRoots, force fallback", + systemRoots: NewCertPool(), + poolContent: []*Certificate{{}}, + forceFallback: true, + returnsFallback: true, + }, + { + name: "filled systemRoot system pool, force fallback", + systemRoots: NewCertPool(), + poolContent: []*Certificate{{}}, + systemPool: true, + forceFallback: true, + returnsFallback: true, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + fallbacksSet = false + systemRoots = tc.systemRoots + if systemRoots != nil { + systemRoots.systemPool = tc.systemPool + } + for _, c := range tc.poolContent { + systemRoots.AddCert(c) + } + if tc.forceFallback { + t.Setenv("GODEBUG", "x509usefallbackroots=1") + } else { + t.Setenv("GODEBUG", "x509usefallbackroots=0") + } + + fallbackPool := NewCertPool() + SetFallbackRoots(fallbackPool) + + systemPoolIsFallback := systemRoots == fallbackPool + + if tc.returnsFallback && !systemPoolIsFallback { + t.Error("systemRoots was not set to fallback pool") + } else if !tc.returnsFallback && systemPoolIsFallback { + t.Error("systemRoots was set to fallback pool when it shouldn't have been") + } + }) + } +} |