Skip to content

Commit

Permalink
Add repack support for ServerConfig.ClientAuth (#197)
Browse files Browse the repository at this point in the history
Extend the ClientAuthType unpack method to allow integer values and
repack support. Add unit tests to verify behaviour.
  • Loading branch information
michel-laterman authored Apr 12, 2024
1 parent e6d574b commit 8fcae27
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 8 deletions.
81 changes: 81 additions & 0 deletions transport/tlscommon/server_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ package tlscommon
import (
"testing"

"github.com/elastic/go-ucfg"
"github.com/stretchr/testify/require"
"gopkg.in/yaml.v2"
)
Expand Down Expand Up @@ -92,3 +93,83 @@ func Test_ServerConfig_Serialization_ClientAuth(t *testing.T) {
})
}
}

func Test_ServerConfig_Repack(t *testing.T) {
tests := []struct {
name string
yaml string
auth *TLSClientAuth
}{{
name: "with client auth",
yaml: `
enabled: true
verification_mode: certificate
supported_protocols: [TLSv1.1, TLSv1.2]
cipher_suites:
- RSA-AES-256-CBC-SHA
certificate_authorities:
- /path/to/ca.crt
certificate: /path/to/cert.cry
key: /path/to/key/crt
curve_types:
- P-521
client_authentication: optional
ca_sha256:
- example`,
auth: &optional,
}, {
name: "nil client auth",
yaml: `
enabled: true
verification_mode: certificate
supported_protocols: [TLSv1.1, TLSv1.2]
cipher_suites:
- RSA-AES-256-CBC-SHA
certificate_authorities:
- /path/to/ca.crt
certificate: /path/to/cert.cry
key: /path/to/key/crt
curve_types:
- P-521
ca_sha256:
- example`,
auth: &required,
}, {
name: "nil client auth, no cas",
yaml: `
enabled: true
verification_mode: certificate
supported_protocols: [TLSv1.1, TLSv1.2]
cipher_suites:
- RSA-AES-256-CBC-SHA
certificate: /path/to/cert.cry
key: /path/to/key/crt
curve_types:
- P-521
ca_sha256:
- example`,
auth: nil,
}}

for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
cfg := mustLoadServerConfig(t, tc.yaml)
if tc.auth != nil {
require.Equal(t, *tc.auth, *cfg.ClientAuth)
} else {
require.Nil(t, cfg.ClientAuth)
}

tmp, err := ucfg.NewFrom(cfg)
require.NoError(t, err)

err = tmp.Unpack(&cfg)
require.NoError(t, err)
if tc.auth != nil {
require.Equal(t, *tc.auth, *cfg.ClientAuth)
} else {
require.Nil(t, cfg.ClientAuth)
}
})
}
}
28 changes: 20 additions & 8 deletions transport/tlscommon/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,6 @@ func (m *TLSVerificationMode) Unpack(in interface{}) error {
*m = VerifyFull
return nil
}

switch o := in.(type) {
case string:
if o == "" {
Expand Down Expand Up @@ -207,17 +206,30 @@ func (m TLSClientAuth) MarshalText() ([]byte, error) {
return nil, fmt.Errorf("could not marshal '%+v' to text", m)
}

func (m *TLSClientAuth) Unpack(s string) error {
if s == "" {
func (m *TLSClientAuth) Unpack(in interface{}) error {
if in == nil {
*m = TLSClientAuthNone
return nil
}
mode, found := tlsClientAuthTypes[s]
if !found {
return fmt.Errorf("unknown client authentication mode '%v'", s)
}
switch o := in.(type) {
case string:
if o == "" {
*m = TLSClientAuthNone
return nil
}
mode, found := tlsClientAuthTypes[o]
if !found {
return fmt.Errorf("unknown client authentication mode '%v'", o)
}

*m = mode
*m = mode
case uint64:
*m = TLSClientAuth(o)
case int64: // underlying type is int so we need both uint64 and int64 as options for TLSClientAuth
*m = TLSClientAuth(o)
default:
return fmt.Errorf("client auth mode is an unknown type: %T", o)
}
return nil
}

Expand Down

0 comments on commit 8fcae27

Please sign in to comment.