pkg/peertls: move tests requiring redis or bolt

Change-Id: Ib9de8d5ac1123d109b0209de4174fb4da7c67078
ihaid · Dec 18, 2019 · 9ed9d35 · 9ed9d35
1 parent 1eaf9e9
commit 9ed9d35
Show file tree

Hide file tree

Showing 4 changed files with 220 additions and 204 deletions.
diff --git a/pkg/peertls/tlsopts/options_test.go b/pkg/peertls/tlsopts/options_test.go
@@ -4,121 +4,17 @@
 package tlsopts_test
 
 import (
-	"io/ioutil"
-	"reflect"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"storj.io/storj/pkg/identity"
-	"storj.io/storj/pkg/peertls"
-	"storj.io/storj/pkg/peertls/extensions"
 	"storj.io/storj/pkg/peertls/tlsopts"
-	"storj.io/storj/pkg/revocation"
 	"storj.io/storj/pkg/storj"
-	"storj.io/storj/private/testcontext"
 	"storj.io/storj/private/testidentity"
 )
 
-func TestNewOptions(t *testing.T) {
-	// TODO: this is not a great test...
-	ctx := testcontext.New(t)
-	defer ctx.Cleanup()
-
-	fi, err := testidentity.PregeneratedIdentity(0, storj.LatestIDVersion())
-	require.NoError(t, err)
-
-	whitelistPath := ctx.File("whitelist.pem")
-
-	chainData, err := peertls.ChainBytes(fi.CA)
-	assert.NoError(t, err)
-
-	err = ioutil.WriteFile(whitelistPath, chainData, 0644)
-	assert.NoError(t, err)
-
-	cases := []struct {
-		testID                     string
-		config                     tlsopts.Config
-		clientVerificationFuncsLen int
-		serverVerificationFuncsLen int
-	}{
-		{
-			"default",
-			tlsopts.Config{},
-			1, 1,
-		}, {
-			"revocation processing",
-			tlsopts.Config{
-				RevocationDBURL: "bolt://" + ctx.File("revocation1.db"),
-				Extensions: extensions.Config{
-					Revocation: true,
-				},
-			},
-			1, 1,
-		}, {
-			"ca whitelist verification",
-			tlsopts.Config{
-				PeerCAWhitelistPath: whitelistPath,
-				UsePeerCAWhitelist:  true,
-			},
-			2, 1,
-		}, {
-			"ca whitelist verification and whitelist signed leaf verification",
-			tlsopts.Config{
-				// NB: file doesn't actually exist
-				PeerCAWhitelistPath: whitelistPath,
-				UsePeerCAWhitelist:  true,
-				Extensions: extensions.Config{
-					WhitelistSignedLeaf: true,
-				},
-			},
-			2, 1,
-		}, {
-			"revocation processing and whitelist verification",
-			tlsopts.Config{
-				// NB: file doesn't actually exist
-				PeerCAWhitelistPath: whitelistPath,
-				UsePeerCAWhitelist:  true,
-				RevocationDBURL:     "bolt://" + ctx.File("revocation2.db"),
-				Extensions: extensions.Config{
-					Revocation: true,
-				},
-			},
-			2, 1,
-		}, {
-			"revocation processing, whitelist, and signed leaf verification",
-			tlsopts.Config{
-				// NB: file doesn't actually exist
-				PeerCAWhitelistPath: whitelistPath,
-				UsePeerCAWhitelist:  true,
-				RevocationDBURL:     "bolt://" + ctx.File("revocation3.db"),
-				Extensions: extensions.Config{
-					Revocation:          true,
-					WhitelistSignedLeaf: true,
-				},
-			},
-			2, 1,
-		},
-	}
-
-	for _, c := range cases {
-		t.Log(c.testID)
-
-		revocationDB, err := revocation.NewDBFromCfg(c.config)
-		require.NoError(t, err)
-
-		tlsOptions, err := tlsopts.NewOptions(fi, c.config, revocationDB)
-		assert.NoError(t, err)
-		assert.True(t, reflect.DeepEqual(fi, tlsOptions.Ident))
-		assert.Equal(t, c.config, tlsOptions.Config)
-		assert.Len(t, tlsOptions.VerificationFuncs.Client(), c.clientVerificationFuncsLen)
-		assert.Len(t, tlsOptions.VerificationFuncs.Server(), c.serverVerificationFuncsLen)
-
-		require.NoError(t, revocationDB.Close())
-	}
-}
-
 func TestOptions_DialOption_error_on_empty_ID(t *testing.T) {
 	testidentity.CompleteIdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, ident *identity.FullIdentity) {
 		tlsOptions, err := tlsopts.NewOptions(ident, tlsopts.Config{

diff --git a/pkg/peertls/tlsopts/tls_test.go b/pkg/peertls/tlsopts/tls_test.go
@@ -4,23 +4,15 @@
 package tlsopts_test
 
 import (
-	"crypto/x509"
 	"testing"
-	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"storj.io/storj/pkg/identity"
-	"storj.io/storj/pkg/peertls"
-	"storj.io/storj/pkg/peertls/extensions"
 	"storj.io/storj/pkg/peertls/tlsopts"
 	"storj.io/storj/pkg/storj"
-	"storj.io/storj/private/testcontext"
 	"storj.io/storj/private/testidentity"
-	"storj.io/storj/private/testpeertls"
-	"storj.io/storj/private/testrevocation"
-	"storj.io/storj/storage"
 )
 
 func TestVerifyIdentity_success(t *testing.T) {
@@ -67,91 +59,3 @@ func TestVerifyIdentity_error(t *testing.T) {
 		})
 	}
 }
-
-func TestExtensionMap_HandleExtensions(t *testing.T) {
-	ctx := testcontext.New(t)
-	defer ctx.Cleanup()
-
-	testidentity.IdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, _ *identity.FullIdentity) {
-		keys, originalChain, err := testpeertls.NewCertChain(2, version.Number)
-		assert.NoError(t, err)
-
-		rev := new(extensions.Revocation)
-
-		oldRevokedLeafChain, revocationExt, err := testpeertls.RevokeLeaf(keys[peertls.CAIndex], originalChain)
-		require.NoError(t, err)
-		err = rev.Unmarshal(revocationExt.Value)
-		require.NoError(t, err)
-		err = rev.Verify(oldRevokedLeafChain[peertls.CAIndex])
-		require.NoError(t, err)
-
-		// NB: node ID is the same, timestamp must change
-		// (see: identity.RevocationDB#Put)
-		time.Sleep(1 * time.Second)
-		newRevokedLeafChain, revocationExt, err := testpeertls.RevokeLeaf(keys[peertls.CAIndex], oldRevokedLeafChain)
-		require.NoError(t, err)
-		err = rev.Unmarshal(revocationExt.Value)
-		require.NoError(t, err)
-		err = rev.Verify(newRevokedLeafChain[peertls.CAIndex])
-		require.NoError(t, err)
-
-		testrevocation.RunDBs(t, func(t *testing.T, revDB extensions.RevocationDB, db storage.KeyValueStore) {
-			opts := &extensions.Options{
-				RevocationDB:   revDB,
-				PeerIDVersions: "*",
-			}
-
-			testcases := []struct {
-				name  string
-				chain []*x509.Certificate
-			}{
-				{"no extensions", originalChain},
-				{"leaf revocation", oldRevokedLeafChain},
-				{"double leaf revocation", newRevokedLeafChain},
-				// TODO: more and more diverse extensions in cases
-			}
-
-			{
-				handlerFuncMap := extensions.DefaultHandlers.WithOptions(opts)
-				for _, testcase := range testcases {
-					t.Log(testcase.name)
-					extensionsMap := tlsopts.NewExtensionsMap(testcase.chain...)
-					err := extensionsMap.HandleExtensions(handlerFuncMap, identity.ToChains(testcase.chain))
-					assert.NoError(t, err)
-				}
-			}
-		})
-	})
-}
-
-func TestExtensionMap_HandleExtensions_error(t *testing.T) {
-	ctx := testcontext.New(t)
-	defer ctx.Cleanup()
-
-	testrevocation.RunDBs(t, func(t *testing.T, revDB extensions.RevocationDB, db storage.KeyValueStore) {
-		keys, chain, oldRevocation, err := testpeertls.NewRevokedLeafChain()
-		assert.NoError(t, err)
-
-		// NB: node ID is the same, timestamp must change
-		// (see: identity.RevocationDB#Put)
-		time.Sleep(time.Second)
-		_, newRevocation, err := testpeertls.RevokeLeaf(keys[peertls.CAIndex], chain)
-		require.NoError(t, err)
-
-		assert.NotEqual(t, oldRevocation, newRevocation)
-
-		err = revDB.Put(ctx, chain, newRevocation)
-		assert.NoError(t, err)
-
-		opts := &extensions.Options{RevocationDB: revDB}
-		handlerFuncMap := extensions.HandlerFactories{
-			extensions.RevocationUpdateHandler,
-		}.WithOptions(opts)
-		extensionsMap := tlsopts.NewExtensionsMap(chain[peertls.LeafIndex])
-
-		assert.Equal(t, oldRevocation, extensionsMap[extensions.RevocationExtID.String()])
-
-		err = extensionsMap.HandleExtensions(handlerFuncMap, identity.ToChains(chain))
-		assert.Errorf(t, err, extensions.ErrRevocationTimestamp.Error())
-	})
-}
diff --git a/pkg/peertls/extensions/revocations_test.go → pkg/revocation/extensions_test.go b/pkg/peertls/extensions/revocations_test.go → pkg/revocation/extensions_test.go
@@ -1,10 +1,9 @@
 // Copyright (C) 2019 Storj Labs, Inc.
 // See LICENSE for copying information.
 
-package extensions_test
+package revocation_test
 
 import (
-	"context"
 	"crypto/x509/pkix"
 	"testing"
 	"time"
@@ -17,14 +16,16 @@ import (
 	"storj.io/storj/pkg/peertls/extensions"
 	"storj.io/storj/pkg/peertls/tlsopts"
 	"storj.io/storj/pkg/storj"
+	"storj.io/storj/private/testcontext"
 	"storj.io/storj/private/testpeertls"
 	"storj.io/storj/private/testrevocation"
 	"storj.io/storj/storage"
 )
 
-var ctx = context.Background() // test context
-
 func TestRevocationCheckHandler(t *testing.T) {
+	ctx := testcontext.New(t)
+	defer ctx.Cleanup()
+
 	testrevocation.RunDBs(t, func(t *testing.T, revDB extensions.RevocationDB, _ storage.KeyValueStore) {
 		keys, chain, err := testpeertls.NewCertChain(2, storj.LatestIDVersion().Number)
 		assert.NoError(t, err)
@@ -119,6 +120,9 @@ func TestRevocationCheckHandler(t *testing.T) {
 }
 
 func TestRevocationUpdateHandler(t *testing.T) {
+	ctx := testcontext.New(t)
+	defer ctx.Cleanup()
+
 	testrevocation.RunDBs(t, func(t *testing.T, revDB extensions.RevocationDB, _ storage.KeyValueStore) {
 		keys, chain, err := testpeertls.NewCertChain(2, storj.LatestIDVersion().Number)
 		assert.NoError(t, err)