From 6e2cb00008cbf09e556b00f87603797fcaa47e09 Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Mon, 16 Apr 2018 05:37:14 -0700 Subject: Depenancy upgrades and movign to dep. (#8630) --- vendor/github.com/lib/pq/ssl_test.go | 279 ----------------------------------- 1 file changed, 279 deletions(-) delete mode 100644 vendor/github.com/lib/pq/ssl_test.go (limited to 'vendor/github.com/lib/pq/ssl_test.go') diff --git a/vendor/github.com/lib/pq/ssl_test.go b/vendor/github.com/lib/pq/ssl_test.go deleted file mode 100644 index 3eafbfd20..000000000 --- a/vendor/github.com/lib/pq/ssl_test.go +++ /dev/null @@ -1,279 +0,0 @@ -package pq - -// This file contains SSL tests - -import ( - _ "crypto/sha256" - "crypto/x509" - "database/sql" - "os" - "path/filepath" - "testing" -) - -func maybeSkipSSLTests(t *testing.T) { - // Require some special variables for testing certificates - if os.Getenv("PQSSLCERTTEST_PATH") == "" { - t.Skip("PQSSLCERTTEST_PATH not set, skipping SSL tests") - } - - value := os.Getenv("PQGOSSLTESTS") - if value == "" || value == "0" { - t.Skip("PQGOSSLTESTS not enabled, skipping SSL tests") - } else if value != "1" { - t.Fatalf("unexpected value %q for PQGOSSLTESTS", value) - } -} - -func openSSLConn(t *testing.T, conninfo string) (*sql.DB, error) { - db, err := openTestConnConninfo(conninfo) - if err != nil { - // should never fail - t.Fatal(err) - } - // Do something with the connection to see whether it's working or not. - tx, err := db.Begin() - if err == nil { - return db, tx.Rollback() - } - _ = db.Close() - return nil, err -} - -func checkSSLSetup(t *testing.T, conninfo string) { - _, err := openSSLConn(t, conninfo) - if pge, ok := err.(*Error); ok { - if pge.Code.Name() != "invalid_authorization_specification" { - t.Fatalf("unexpected error code '%s'", pge.Code.Name()) - } - } else { - t.Fatalf("expected %T, got %v", (*Error)(nil), err) - } -} - -// Connect over SSL and run a simple query to test the basics -func TestSSLConnection(t *testing.T) { - maybeSkipSSLTests(t) - // Environment sanity check: should fail without SSL - checkSSLSetup(t, "sslmode=disable user=pqgossltest") - - db, err := openSSLConn(t, "sslmode=require user=pqgossltest") - if err != nil { - t.Fatal(err) - } - rows, err := db.Query("SELECT 1") - if err != nil { - t.Fatal(err) - } - rows.Close() -} - -// Test sslmode=verify-full -func TestSSLVerifyFull(t *testing.T) { - maybeSkipSSLTests(t) - // Environment sanity check: should fail without SSL - checkSSLSetup(t, "sslmode=disable user=pqgossltest") - - // Not OK according to the system CA - _, err := openSSLConn(t, "host=postgres sslmode=verify-full user=pqgossltest") - if err == nil { - t.Fatal("expected error") - } - _, ok := err.(x509.UnknownAuthorityError) - if !ok { - t.Fatalf("expected x509.UnknownAuthorityError, got %#+v", err) - } - - rootCertPath := filepath.Join(os.Getenv("PQSSLCERTTEST_PATH"), "root.crt") - rootCert := "sslrootcert=" + rootCertPath + " " - // No match on Common Name - _, err = openSSLConn(t, rootCert+"host=127.0.0.1 sslmode=verify-full user=pqgossltest") - if err == nil { - t.Fatal("expected error") - } - _, ok = err.(x509.HostnameError) - if !ok { - t.Fatalf("expected x509.HostnameError, got %#+v", err) - } - // OK - _, err = openSSLConn(t, rootCert+"host=postgres sslmode=verify-full user=pqgossltest") - if err != nil { - t.Fatal(err) - } -} - -// Test sslmode=require sslrootcert=rootCertPath -func TestSSLRequireWithRootCert(t *testing.T) { - maybeSkipSSLTests(t) - // Environment sanity check: should fail without SSL - checkSSLSetup(t, "sslmode=disable user=pqgossltest") - - bogusRootCertPath := filepath.Join(os.Getenv("PQSSLCERTTEST_PATH"), "bogus_root.crt") - bogusRootCert := "sslrootcert=" + bogusRootCertPath + " " - - // Not OK according to the bogus CA - _, err := openSSLConn(t, bogusRootCert+"host=postgres sslmode=require user=pqgossltest") - if err == nil { - t.Fatal("expected error") - } - _, ok := err.(x509.UnknownAuthorityError) - if !ok { - t.Fatalf("expected x509.UnknownAuthorityError, got %s, %#+v", err, err) - } - - nonExistentCertPath := filepath.Join(os.Getenv("PQSSLCERTTEST_PATH"), "non_existent.crt") - nonExistentCert := "sslrootcert=" + nonExistentCertPath + " " - - // No match on Common Name, but that's OK because we're not validating anything. - _, err = openSSLConn(t, nonExistentCert+"host=127.0.0.1 sslmode=require user=pqgossltest") - if err != nil { - t.Fatal(err) - } - - rootCertPath := filepath.Join(os.Getenv("PQSSLCERTTEST_PATH"), "root.crt") - rootCert := "sslrootcert=" + rootCertPath + " " - - // No match on Common Name, but that's OK because we're not validating the CN. - _, err = openSSLConn(t, rootCert+"host=127.0.0.1 sslmode=require user=pqgossltest") - if err != nil { - t.Fatal(err) - } - // Everything OK - _, err = openSSLConn(t, rootCert+"host=postgres sslmode=require user=pqgossltest") - if err != nil { - t.Fatal(err) - } -} - -// Test sslmode=verify-ca -func TestSSLVerifyCA(t *testing.T) { - maybeSkipSSLTests(t) - // Environment sanity check: should fail without SSL - checkSSLSetup(t, "sslmode=disable user=pqgossltest") - - // Not OK according to the system CA - { - _, err := openSSLConn(t, "host=postgres sslmode=verify-ca user=pqgossltest") - if _, ok := err.(x509.UnknownAuthorityError); !ok { - t.Fatalf("expected %T, got %#+v", x509.UnknownAuthorityError{}, err) - } - } - - // Still not OK according to the system CA; empty sslrootcert is treated as unspecified. - { - _, err := openSSLConn(t, "host=postgres sslmode=verify-ca user=pqgossltest sslrootcert=''") - if _, ok := err.(x509.UnknownAuthorityError); !ok { - t.Fatalf("expected %T, got %#+v", x509.UnknownAuthorityError{}, err) - } - } - - rootCertPath := filepath.Join(os.Getenv("PQSSLCERTTEST_PATH"), "root.crt") - rootCert := "sslrootcert=" + rootCertPath + " " - // No match on Common Name, but that's OK - if _, err := openSSLConn(t, rootCert+"host=127.0.0.1 sslmode=verify-ca user=pqgossltest"); err != nil { - t.Fatal(err) - } - // Everything OK - if _, err := openSSLConn(t, rootCert+"host=postgres sslmode=verify-ca user=pqgossltest"); err != nil { - t.Fatal(err) - } -} - -// Authenticate over SSL using client certificates -func TestSSLClientCertificates(t *testing.T) { - maybeSkipSSLTests(t) - // Environment sanity check: should fail without SSL - checkSSLSetup(t, "sslmode=disable user=pqgossltest") - - const baseinfo = "sslmode=require user=pqgosslcert" - - // Certificate not specified, should fail - { - _, err := openSSLConn(t, baseinfo) - if pge, ok := err.(*Error); ok { - if pge.Code.Name() != "invalid_authorization_specification" { - t.Fatalf("unexpected error code '%s'", pge.Code.Name()) - } - } else { - t.Fatalf("expected %T, got %v", (*Error)(nil), err) - } - } - - // Empty certificate specified, should fail - { - _, err := openSSLConn(t, baseinfo+" sslcert=''") - if pge, ok := err.(*Error); ok { - if pge.Code.Name() != "invalid_authorization_specification" { - t.Fatalf("unexpected error code '%s'", pge.Code.Name()) - } - } else { - t.Fatalf("expected %T, got %v", (*Error)(nil), err) - } - } - - // Non-existent certificate specified, should fail - { - _, err := openSSLConn(t, baseinfo+" sslcert=/tmp/filedoesnotexist") - if pge, ok := err.(*Error); ok { - if pge.Code.Name() != "invalid_authorization_specification" { - t.Fatalf("unexpected error code '%s'", pge.Code.Name()) - } - } else { - t.Fatalf("expected %T, got %v", (*Error)(nil), err) - } - } - - certpath, ok := os.LookupEnv("PQSSLCERTTEST_PATH") - if !ok { - t.Fatalf("PQSSLCERTTEST_PATH not present in environment") - } - - sslcert := filepath.Join(certpath, "postgresql.crt") - - // Cert present, key not specified, should fail - { - _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert) - if _, ok := err.(*os.PathError); !ok { - t.Fatalf("expected %T, got %#+v", (*os.PathError)(nil), err) - } - } - - // Cert present, empty key specified, should fail - { - _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey=''") - if _, ok := err.(*os.PathError); !ok { - t.Fatalf("expected %T, got %#+v", (*os.PathError)(nil), err) - } - } - - // Cert present, non-existent key, should fail - { - _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey=/tmp/filedoesnotexist") - if _, ok := err.(*os.PathError); !ok { - t.Fatalf("expected %T, got %#+v", (*os.PathError)(nil), err) - } - } - - // Key has wrong permissions (passing the cert as the key), should fail - if _, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey="+sslcert); err != ErrSSLKeyHasWorldPermissions { - t.Fatalf("expected %s, got %#+v", ErrSSLKeyHasWorldPermissions, err) - } - - sslkey := filepath.Join(certpath, "postgresql.key") - - // Should work - if db, err := openSSLConn(t, baseinfo+" sslcert="+sslcert+" sslkey="+sslkey); err != nil { - t.Fatal(err) - } else { - rows, err := db.Query("SELECT 1") - if err != nil { - t.Fatal(err) - } - if err := rows.Close(); err != nil { - t.Fatal(err) - } - if err := db.Close(); err != nil { - t.Fatal(err) - } - } -} -- cgit v1.2.3-1-g7c22