internal/tls test

internal/test/data/tls/dummyCa.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
+A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
+bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE
+ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS
+b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5
+7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS
+J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y
+HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP
+t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz
+FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY
+XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw
+hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js
+MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA
+A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
+Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx
+XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o
+omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc
+A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
+WL1WMRJOEcgh4LMRkWXbtKaIOM5V
+-----END CERTIFICATE-----

internal/test/data/tls/dummyServer.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/jCCAeYCCQCb1aA3TeyoljANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJK
+UDEOMAwGA1UECAwFVG9reW8xEjAQBgNVBAcMCWNoaXlvZGFrdTEOMAwGA1UECgwF
+eWFob28wHhcNMTgwOTE4MDMxMjQyWhcNMjgwOTE1MDMxMjQyWjBBMQswCQYDVQQG
+EwJKUDEOMAwGA1UECAwFVG9reW8xEjAQBgNVBAcMCWNoaXlvZGFrdTEOMAwGA1UE
+CgwFeWFob28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUBKwhDHGl
+yj5GFOhDlyH67BsW9l/A2rna21WVnq69ANN9WmaiFp32C+2BrqF8DYwtPyoaTgXd
++WQ8wmtjlYwp378P743vBgf6tazZYKbCa7PZsNMLCdI0KurXf6iwOkCY7zQQcOji
+STUVtfr009LFgc8KBduxBiyEe1tXoN1qrjUZgty/05EtW09QFE2XqVFQS4jN6CC4
+whmN3J7yWHyZv3K1lO0aeC31kIOqw0/DxD/Dj/RMJBpz0q3jeYJwvM3rE4DNajTW
+6BLiPWVkLW4H3paRE6jYfyCRazE8tLLWHzGGqPWUElV2rKWzdV6OnyWLFxWC2RK/
+71IuZS1UDqmHAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFaGiKYXqlKhqHDND/RJ
+oJnZfgEYca6urTKHgmYYu3SJRe6Gf3j/1NZZJ9EKr9vGIiFhpKOHcdnBkeXEweWK
+7+8yyCxG7Uw3Ixw7jQPQ/bAzb7CJ8Q2Ogsj1EqSHbPoOyu2a0fYCu3rLomDVNdbn
+9BX2ywyiUonV36H773DrAbe0a/+LhThW9SftUyeyK+0RIU4PML0C5rQWUxNsz6yR
+OIkfFdRA10nOqIfV2jVHbNT7bnMI9HLBpltbfoY7SBEFncRdEbkGvemjUIB7YAe4
+sjosi65MZ/BcCUcC0s8tczl1/e/UjoJ/uC91APKFSmKu2RltBNVTLxSpAxZv+2bV
+SGI=
+-----END CERTIFICATE-----

internal/test/data/tls/dummyServer.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA1ASsIQxxpco+RhToQ5ch+uwbFvZfwNq52ttVlZ6uvQDTfVpm
+ohad9gvtga6hfA2MLT8qGk4F3flkPMJrY5WMKd+/D++N7wYH+rWs2WCmwmuz2bDT
+CwnSNCrq13+osDpAmO80EHDo4kk1FbX69NPSxYHPCgXbsQYshHtbV6Ddaq41GYLc
+v9ORLVtPUBRNl6lRUEuIzegguMIZjdye8lh8mb9ytZTtGngt9ZCDqsNPw8Q/w4/0
+TCQac9Kt43mCcLzN6xOAzWo01ugS4j1lZC1uB96WkROo2H8gkWsxPLSy1h8xhqj1
+lBJVdqyls3Vejp8lixcVgtkSv+9SLmUtVA6phwIDAQABAoIBAQCvuhus3LKJdmI9
+FfEYrHg2kGE3nAbrQp7OvgJmm3o7Hycre7UbXWGZYHN/i+0+c8AedH8CBG8qdx1U
+mtQFWxssTc3/eE8MsNQGQXQ9S7WL6VbM9JlHSeGW6YdyC9YWEoIeAA0IH312qLS+
+BPI24CaPGzMuHILla7eUKuYfcC50zuLcqZVrk3Mf/jQrAlc8YKaModGBn6DFw766
+z9k+04KDjmAc4iOoR9hD+8ELx+q0H4tPztRDLzJ7HOdPaBEbHT+xbV7KQb9gHa0F
+FQMvGAdQV/FxwDimLt/eY65+xqf4nSO+TtYnEH6TtAE3AW2SCj8+eFBigLxl1I0C
+Vysm+wVhAoGBAO4Nnh7G9ZpFCQQ1aZuBDiCwIi/k4bSD53SI1t097d9DprCItq9Y
+tckza8oxsMnpY8t6/F9ab9tQzEz7NSOkRTo8sMc6yD6zpz0cz3WSbuw7E31u7HDx
+S300MMSW/ufINOjBmQGeIoMhCX2JZswiTy88vkV4UtA0oNEo4bp67FvxAoGBAOQA
+lc4qN2hE/o77qbWiPF8X7vQt6ulf4C4QO1Pyk3gYPFeqz0x9/EjGI9CVHUGuRbTb
+pYYDfQgozRYnjz3iCU9g8DIY93SImpsQUm0k7QRHkWFa9s0Fp2ymn9PkASiJxQgk
+9l6CqTNUbGJLC1AI9LNAkr1WIzzX9lOOhEHFpTT3AoGAQOCbOF4W731jEK+R4ZyR
+gh0epBjn3m+Yc+0bSd6n5pIkarZHu5AcswH9nXRfbxfZZ8pT35ThKU9i7pQEDnul
+llKWByYhDt2ddY1ViQBolJ8hF61UaQ+J+ExyAhH41Kh+qvSgQ42acExfrsP0rSuo
+kwImBP7e6vl83qQaqNz5b7ECgYEAlgVUjKz2fCM5o/cveZXgR2nGDuDPuvMc3PJN
+NzVblx/LRJvdfqU/BNtq4WncMEVtFE2aIg3VjTLbjwJEnCFIovRT14LZ/9GKeRFK
+SwqK8c/tdrOVxN09hp40eAWERZoxDOTVPuaWUnHwRtS+AtGBwRhx9SbiVLx9Fgmm
+OGjGBY0CgYEAr2Go4s2QBQXpvJPdYSUGi/osF1jfntIL0JydqBOy9xx9R6d/CvWX
+8ekhlYdXLZPmgUoZ8EIBlULRs+8XJRn1zXGBUu1hEdU8rO7WdkHV6tJBIw6mSppV
+btGQ8m0qKBLMJco77ZZCjp5lsG/Af308ojuK/DJcomH1slxyTkSYEjg=
+-----END RSA PRIVATE KEY-----

internal/test/data/tls/invalid.crt

@@ -0,0 +1 @@
+invalid

internal/test/data/tls/invalid.pem

@@ -0,0 +1 @@
+invalid

internal/test/doc.go

@@ -0,0 +1,18 @@
+//
+// Copyright (C) 2019-2020 Vdaas.org Vald team ( kpango, rinx, kmrmt )
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Package test provides functions for general testing use
+package test

internal/test/testdata.go

@@ -0,0 +1,42 @@
+//
+// Copyright (C) 2019-2020 Vdaas.org Vald team ( kpango, rinx, kmrmt )
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+package test
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+// GetTestdataPath returns the test data file path under `internal/test/data`
+func GetTestdataPath(filename string) string {
+	fp, _ := filepath.Abs(baseDir() + "/internal/test/data/" + filename)
+	return fp
+}
+
+func baseDir() string {
+	wd, err := os.Getwd()
+	if err != nil {
+		return ""
+	}
+
+	for cur := filepath.Dir(wd); cur != "/"; cur = filepath.Dir(cur) {
+		if strings.HasSuffix(cur, "vald") {
+			return cur
+		}
+	}
+	return ""
+}

internal/test/testdata_test.go

@@ -0,0 +1,129 @@
+//
+// Copyright (C) 2019-2020 Vdaas.org Vald team ( kpango, rinx, kmrmt )
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+package test
+
+import (
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/pkg/errors"
+	"go.uber.org/goleak"
+)
+
+func TestGetTestdataPath(t *testing.T) {
+	type args struct {
+		filename string
+	}
+	type want struct {
+		want string
+	}
+	type test struct {
+		name       string
+		args       args
+		want       want
+		checkFunc  func(want, string) error
+		beforeFunc func(args)
+		afterFunc  func(args)
+	}
+	defaultCheckFunc := func(w want, got string) error {
+		if !reflect.DeepEqual(got, w.want) {
+			return errors.Errorf("got = %v, want %v", got, w.want)
+		}
+		return nil
+	}
+	tests := []test{
+		{
+			name: "returns the result of combining the given path and test directory",
+			args: args{
+				filename: "tls/dummyCa.pem",
+			},
+			want: want{
+				want: func() string {
+					return baseDir() + "/internal/test/data/tls/dummyCa.pem"
+				}(),
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(tt *testing.T) {
+			defer goleak.VerifyNone(tt)
+			if test.beforeFunc != nil {
+				test.beforeFunc(test.args)
+			}
+			if test.afterFunc != nil {
+				defer test.afterFunc(test.args)
+			}
+			if test.checkFunc == nil {
+				test.checkFunc = defaultCheckFunc
+			}
+
+			got := GetTestdataPath(test.args.filename)
+			if err := test.checkFunc(test.want, got); err != nil {
+				tt.Errorf("error = %v", err)
+			}
+		})
+	}
+}
+
+func Test_baseDir(t *testing.T) {
+	type want struct {
+		want string
+	}
+	type test struct {
+		name       string
+		want       want
+		checkFunc  func(want, string) error
+		beforeFunc func()
+		afterFunc  func()
+	}
+	defaultCheckFunc := func(w want, got string) error {
+		if !reflect.DeepEqual(got, w.want) {
+			return errors.Errorf("got = %v, want %v", got, w.want)
+		}
+		return nil
+	}
+	tests := []test{
+		{
+			name: "check testdata.go exists",
+			checkFunc: func(w want, got string) error {
+				_, err := os.Stat(got + "/internal/test/testdata.go")
+				return err
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(tt *testing.T) {
+			defer goleak.VerifyNone(tt)
+			if test.beforeFunc != nil {
+				test.beforeFunc()
+			}
+			if test.afterFunc != nil {
+				defer test.afterFunc()
+			}
+			if test.checkFunc == nil {
+				test.checkFunc = defaultCheckFunc
+			}
+
+			got := baseDir()
+			if err := test.checkFunc(test.want, got); err != nil {
+				tt.Errorf("error = %v", err)
+			}
+		})
+	}
+}

internal/tls/option.go

@@ -21,9 +21,51 @@ import "crypto/tls"
 
 type Option func(*credentials) error
 
-var (
-	defaultOpts = []Option{}
-)
+func defaultOptions() []Option {
+	return []Option{
+		WithTLSConfig(&tls.Config{
+			MinVersion: tls.VersionTLS12,
+			NextProtos: []string{
+				"http/1.1",
+				"h2",
+			},
+			CurvePreferences: []tls.CurveID{
+				tls.CurveP521,
+				tls.CurveP384,
+				tls.CurveP256,
+				tls.X25519,
+			},
+			SessionTicketsDisabled: true,
+			// PreferServerCipherSuites: true,
+			// CipherSuites: []uint16{
+			// tls.TLS_RSA_WITH_RC4_128_SHA,
+			// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			// tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, // Maybe this is work on TLS 1.2
+			// tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
+			// tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
+			// tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
+			// tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
+			// },
+			ClientAuth: tls.NoClientCert,
+		}),
+	}
+}
 
 func WithCert(cert string) Option {
 	return func(c *credentials) error {
@@ -48,7 +90,9 @@ func WithCa(ca string) Option {
 
 func WithTLSConfig(cfg *tls.Config) Option {
 	return func(c *credentials) error {
-		c.cfg = cfg
+		if cfg != nil {
+			c.cfg = cfg
+		}
 		return nil
 	}
 }