2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2020-03-02 16:55:44 +00:00
|
|
|
|
|
|
|
package main
|
|
|
|
|
2020-03-02 16:59:50 +00:00
|
|
|
import (
|
|
|
|
"context"
|
2022-10-14 17:42:09 +01:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"strings"
|
2020-03-02 16:59:50 +00:00
|
|
|
"testing"
|
2021-09-02 18:16:31 +01:00
|
|
|
|
2023-10-11 22:14:37 +01:00
|
|
|
"tailscale.com/tstest/deptest"
|
2020-03-02 16:59:50 +00:00
|
|
|
)
|
2020-03-02 16:55:44 +00:00
|
|
|
|
|
|
|
func TestProdAutocertHostPolicy(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
in string
|
|
|
|
wantOK bool
|
|
|
|
}{
|
|
|
|
{"derp.tailscale.com", true},
|
|
|
|
{"derp.tailscale.com.", true},
|
|
|
|
{"derp1.tailscale.com", true},
|
2020-06-01 23:19:41 +01:00
|
|
|
{"derp1b.tailscale.com", true},
|
2020-03-02 16:55:44 +00:00
|
|
|
{"derp2.tailscale.com", true},
|
|
|
|
{"derp02.tailscale.com", true},
|
|
|
|
{"derp-nyc.tailscale.com", true},
|
2020-06-01 23:19:41 +01:00
|
|
|
{"derpfoo.tailscale.com", true},
|
2020-03-02 16:55:44 +00:00
|
|
|
{"derp02.bar.tailscale.com", false},
|
|
|
|
{"example.net", false},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
2020-03-02 16:59:50 +00:00
|
|
|
got := prodAutocertHostPolicy(context.Background(), tt.in) == nil
|
2020-03-02 16:55:44 +00:00
|
|
|
if got != tt.wantOK {
|
|
|
|
t.Errorf("f(%q) = %v; want %v", tt.in, got, tt.wantOK)
|
|
|
|
}
|
|
|
|
}
|
2021-09-02 18:16:31 +01:00
|
|
|
}
|
|
|
|
|
2022-10-14 17:42:09 +01:00
|
|
|
func TestNoContent(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
input string
|
|
|
|
want string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "no challenge",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "valid challenge",
|
|
|
|
input: "input",
|
|
|
|
want: "response input",
|
|
|
|
},
|
2022-11-08 21:41:20 +00:00
|
|
|
{
|
|
|
|
name: "valid challenge hostname",
|
|
|
|
input: "ts_derp99b.tailscale.com",
|
|
|
|
want: "response ts_derp99b.tailscale.com",
|
|
|
|
},
|
2022-10-14 17:42:09 +01:00
|
|
|
{
|
|
|
|
name: "invalid challenge",
|
|
|
|
input: "foo\x00bar",
|
|
|
|
want: "",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "whitespace invalid challenge",
|
|
|
|
input: "foo bar",
|
|
|
|
want: "",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "long challenge",
|
|
|
|
input: strings.Repeat("x", 65),
|
|
|
|
want: "",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range testCases {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
req, _ := http.NewRequest("GET", "https://localhost/generate_204", nil)
|
|
|
|
if tt.input != "" {
|
|
|
|
req.Header.Set(noContentChallengeHeader, tt.input)
|
|
|
|
}
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
serveNoContent(w, req)
|
|
|
|
resp := w.Result()
|
|
|
|
|
|
|
|
if tt.want == "" {
|
|
|
|
if h, found := resp.Header[noContentResponseHeader]; found {
|
|
|
|
t.Errorf("got %+v; expected no response header", h)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if got := resp.Header.Get(noContentResponseHeader); got != tt.want {
|
|
|
|
t.Errorf("got %q; want %q", got, tt.want)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2023-10-11 22:14:37 +01:00
|
|
|
|
|
|
|
func TestDeps(t *testing.T) {
|
|
|
|
deptest.DepChecker{
|
|
|
|
BadDeps: map[string]string{
|
2024-05-24 07:13:32 +01:00
|
|
|
"testing": "do not use testing package in production code",
|
2023-10-11 22:14:37 +01:00
|
|
|
"gvisor.dev/gvisor/pkg/buffer": "https://github.com/tailscale/tailscale/issues/9756",
|
|
|
|
"gvisor.dev/gvisor/pkg/cpuid": "https://github.com/tailscale/tailscale/issues/9756",
|
|
|
|
"gvisor.dev/gvisor/pkg/tcpip": "https://github.com/tailscale/tailscale/issues/9756",
|
|
|
|
"gvisor.dev/gvisor/pkg/tcpip/header": "https://github.com/tailscale/tailscale/issues/9756",
|
|
|
|
},
|
|
|
|
}.Check(t)
|
|
|
|
}
|