-
Notifications
You must be signed in to change notification settings - Fork 4
/
matchers.go
113 lines (93 loc) · 3.62 KB
/
matchers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package certs
import (
"crypto/x509"
"fmt"
"github.com/onsi/gomega/types"
"strings"
)
func BeValidSelfSignedCert() types.GomegaMatcher {
return &validSelfSignedCertMatcher{}
}
type validSelfSignedCertMatcher struct {
validationError error
}
func (matcher *validSelfSignedCertMatcher) Match(actual interface{}) (bool, error) {
cert, ok := actual.(*x509.Certificate)
if !ok {
return false, fmt.Errorf("BeValidSelfSignedCert matcher expects an x509.Certificate")
}
roots := x509.NewCertPool()
roots.AddCert(cert)
_, matcher.validationError = cert.Verify(x509.VerifyOptions{Roots: roots})
return matcher.validationError == nil, nil
}
func (matcher *validSelfSignedCertMatcher) FailureMessage(actual interface{}) string {
return fmt.Sprintf("Expected certificate validation to succeed, but got:\n\t%s", matcher.validationError.Error())
}
func (matcher *validSelfSignedCertMatcher) NegatedFailureMessage(actual interface{}) string {
return "Expected certificate validation to fail, but it succeeded"
}
func BeValidCertSignedBy(expectedCA interface{}) types.GomegaMatcher {
return &validCertSignedByMatcher{
expectedCA: expectedCA,
}
}
type validCertSignedByMatcher struct {
expectedCA interface{}
validationError error
}
func (matcher *validCertSignedByMatcher) Match(actual interface{}) (bool, error) {
cert, ok := actual.(*x509.Certificate)
if !ok {
return false, fmt.Errorf("BeValidCertSignedBy matcher expects an x509.Certificate")
}
expectedCABytes, ok := matcher.expectedCA.([]byte)
if !ok {
return false, fmt.Errorf("BeValidCertSignedBy matcher expects []byte of PEM-encoded CA")
}
roots := x509.NewCertPool()
roots.AppendCertsFromPEM(expectedCABytes)
_, matcher.validationError = cert.Verify(x509.VerifyOptions{Roots: roots})
return matcher.validationError == nil, nil
}
func (matcher *validCertSignedByMatcher) FailureMessage(actual interface{}) string {
return fmt.Sprintf("Expected certificate validation to succeed, but got:\n\t%s", matcher.validationError.Error())
}
func (matcher *validCertSignedByMatcher) NegatedFailureMessage(actual interface{}) string {
return "Expected certificate not to be valid and signed, but it was"
}
func FailCertValidationWithMessage(expectedMessage interface{}) types.GomegaMatcher {
return &failCertValidationWithMessageMatcher{
expectedMessage: expectedMessage,
}
}
type failCertValidationWithMessageMatcher struct {
expectedMessage interface{}
validationError error
wrongType bool
}
func (matcher *failCertValidationWithMessageMatcher) Match(actual interface{}) (bool, error) {
cert, ok := actual.(*x509.Certificate)
if !ok {
return false, fmt.Errorf("BeValidSelfSignedCert matcher expects an x509.Certificate")
}
_, matcher.validationError = cert.Verify(x509.VerifyOptions{})
message, ok := matcher.expectedMessage.(string)
if !ok {
matcher.wrongType = true
return false, nil
}
return matcher.validationError != nil && strings.Contains(matcher.validationError.Error(), message), nil
}
func (matcher *failCertValidationWithMessageMatcher) FailureMessage(actual interface{}) string {
if matcher.wrongType {
return "Must pass a string for the expected error message"
}
if matcher.validationError == nil {
return "Expected certificate validation to fail, but it succeeded"
}
return fmt.Sprintf("Expected certificate validation to fail with message:\n\t%s\nbut got:\n\t%s", matcher.expectedMessage, matcher.validationError.Error())
}
func (matcher *failCertValidationWithMessageMatcher) NegatedFailureMessage(actual interface{}) string {
return fmt.Sprintf("Expected certificate validation not to fail with message:\n\t%s\nbut it did", matcher.expectedMessage)
}