xfy/lolly
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lolly/internal/ssl/ssl_test.go
xfy f2352ab9cc docs(config,stream,logging,handler,proxy,cache,server,ssl,middleware): 为核心模块添加详细 GoDoc 文档注释 
- config: 为 Config 和所有子配置结构添加完整文档,包含使用示例和注意事项
- stream: 为负载均衡器和服务器添加详细的参数、返回值和功能说明
- logging: 为日志格式化和输出函数添加文档,说明支持的变量替换
- handler: 为路由器、静态文件和 sendfile 处理器添加文档
- proxy: 为健康检查器和代理功能添加完整文档
- cache/server/ssl/middleware: 补充相关模块的文档注释
- config.example.yaml: 添加可信代理配置、加密套件示例,更新压缩级别说明

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-07 15:36:09 +08:00

887 lines
21 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Package ssl 提供 SSL/TLS 功能的测试。
//
// 该文件测试 SSL 模块的各项功能,包括:
// - TLS 管理器创建和配置
// - TLS 版本和加密套件解析
// - 证书验证
// - 多证书管理
// - TLS 配置获取
//
// 作者xfy
package ssl
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"os"
"path/filepath"
"testing"
"time"
"rua.plus/lolly/internal/config"
)
func TestNewTLSManager(t *testing.T) {
tests := []struct {
name string
cfg *config.SSLConfig
wantErr bool
errMsg string
}{
{
name: "nil config",
cfg: nil,
wantErr: true,
errMsg: "ssl config is nil",
},
{
name: "empty cert path",
cfg: &config.SSLConfig{
Key: "key.pem",
},
wantErr: true,
errMsg: "certificate and key paths are required",
},
{
name: "empty key path",
cfg: &config.SSLConfig{
Cert: "cert.pem",
},
wantErr: true,
errMsg: "certificate and key paths are required",
},
{
name: "non-existent cert file",
cfg: &config.SSLConfig{
Cert: "/nonexistent/cert.pem",
Key: "/nonexistent/key.pem",
},
wantErr: true,
errMsg: "failed to load certificate",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, err := NewTLSManager(tt.cfg)
if (err != nil) != tt.wantErr {
t.Errorf("NewTLSManager() error = %v, wantErr %v", err, tt.wantErr)
}
if err != nil && tt.errMsg != "" {
if !containsString(err.Error(), tt.errMsg) {
t.Errorf("NewTLSManager() error = %v, want errMsg containing %v", err, tt.errMsg)
}
}
})
}
}
func TestNewTLSManagerWithCert(t *testing.T) {
// Create temporary test certificate
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
// Generate a self-signed certificate for testing
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
}
manager, err := NewTLSManager(cfg)
if err != nil {
t.Fatalf("NewTLSManager() failed: %v", err)
}
if manager == nil {
t.Fatal("Expected non-nil manager")
}
tlsCfg := manager.GetTLSConfig()
if tlsCfg == nil {
t.Fatal("Expected non-nil TLS config")
}
// Check TLS version defaults
if tlsCfg.MinVersion != tls.VersionTLS12 {
t.Errorf("Expected MinVersion TLS 1.2, got %v", tlsCfg.MinVersion)
}
// Check cipher suites are set
if len(tlsCfg.CipherSuites) == 0 {
t.Error("Expected cipher suites to be set")
}
}
func TestParseTLSVersions(t *testing.T) {
tests := []struct {
name string
protocols []string
wantMin uint16
wantMax uint16
wantErr bool
}{
{
name: "TLS 1.2 only",
protocols: []string{"TLSv1.2"},
wantMin: tls.VersionTLS12,
wantMax: tls.VersionTLS13,
},
{
name: "TLS 1.3 only",
protocols: []string{"TLSv1.3"},
wantMin: tls.VersionTLS13,
wantMax: tls.VersionTLS13,
},
{
name: "TLS 1.2 and 1.3",
protocols: []string{"TLSv1.2", "TLSv1.3"},
wantMin: tls.VersionTLS12,
wantMax: tls.VersionTLS13,
},
{
name: "insecure TLS 1.0",
protocols: []string{"TLSv1.0"},
wantErr: true,
},
{
name: "insecure TLS 1.1",
protocols: []string{"TLSv1.1"},
wantErr: true,
},
{
name: "unknown protocol",
protocols: []string{"TLSv0.9"},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
minVer, maxVer, err := parseTLSVersions(tt.protocols)
if (err != nil) != tt.wantErr {
t.Errorf("parseTLSVersions() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !tt.wantErr {
if minVer != tt.wantMin {
t.Errorf("parseTLSVersions() minVer = %v, want %v", minVer, tt.wantMin)
}
if maxVer != tt.wantMax {
t.Errorf("parseTLSVersions() maxVer = %v, want %v", maxVer, tt.wantMax)
}
}
})
}
}
func TestParseCipherSuites(t *testing.T) {
tests := []struct {
name string
ciphers []string
wantLen int
wantErr bool
}{
{
name: "valid cipher",
ciphers: []string{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
wantLen: 1,
},
{
name: "multiple valid ciphers",
ciphers: []string{
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
},
wantLen: 2,
},
{
name: "unknown cipher",
ciphers: []string{"TLS_UNKNOWN_CIPHER"},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := parseCipherSuites(tt.ciphers)
if (err != nil) != tt.wantErr {
t.Errorf("parseCipherSuites() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !tt.wantErr && len(result) != tt.wantLen {
t.Errorf("parseCipherSuites() returned %d ciphers, want %d", len(result), tt.wantLen)
}
})
}
}
func TestDefaultCipherSuites(t *testing.T) {
suites := defaultCipherSuites()
if len(suites) == 0 {
t.Error("Expected non-empty default cipher suites")
}
// Check that all default ciphers are secure
for _, suite := range suites {
if isInsecureCipher(suite) {
t.Errorf("Default cipher suite %v is insecure", suite)
}
}
}
func TestIsInsecureCipher(t *testing.T) {
// Test known insecure ciphers
insecureCiphers := []uint16{
tls.TLS_RSA_WITH_RC4_128_SHA,
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
}
for _, c := range insecureCiphers {
if !isInsecureCipher(c) {
t.Errorf("Expected cipher %v to be insecure", c)
}
}
// Test secure ciphers
secureCiphers := []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
}
for _, c := range secureCiphers {
if isInsecureCipher(c) {
t.Errorf("Expected cipher %v to be secure", c)
}
}
}
func TestTLSManagerGetTLSConfigForHost(t *testing.T) {
manager := &TLSManager{
configs: make(map[string]*tls.Config),
}
// Add config for a host
manager.configs["example.com"] = &tls.Config{
ServerName: "example.com",
}
manager.defaultCfg = &tls.Config{
ServerName: "default",
}
tests := []struct {
name string
host string
wantName string
}{
{
name: "matching host",
host: "example.com",
wantName: "example.com",
},
{
name: "host with port",
host: "example.com:443",
wantName: "example.com",
},
{
name: "unknown host uses default",
host: "unknown.com",
wantName: "default",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
cfg := manager.GetTLSConfigForHost(tt.host)
if cfg == nil {
t.Fatal("Expected non-nil config")
}
if cfg.ServerName != tt.wantName {
t.Errorf("Expected ServerName %s, got %s", tt.wantName, cfg.ServerName)
}
})
}
}
func TestValidateCertificate(t *testing.T) {
t.Run("non-existent file", func(t *testing.T) {
err := ValidateCertificate("/nonexistent/cert.pem")
if err == nil {
t.Error("Expected error for non-existent file")
}
})
t.Run("valid file", func(t *testing.T) {
tmpFile := filepath.Join(t.TempDir(), "cert.pem")
if err := os.WriteFile(tmpFile, []byte("test"), 0644); err != nil {
t.Fatalf("Failed to create temp file: %v", err)
}
err := ValidateCertificate(tmpFile)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
})
}
func TestValidateKey(t *testing.T) {
t.Run("non-existent file", func(t *testing.T) {
err := ValidateKey("/nonexistent/key.pem")
if err == nil {
t.Error("Expected error for non-existent file")
}
})
t.Run("valid file", func(t *testing.T) {
tmpFile := filepath.Join(t.TempDir(), "key.pem")
if err := os.WriteFile(tmpFile, []byte("test"), 0600); err != nil {
t.Fatalf("Failed to create temp file: %v", err)
}
err := ValidateKey(tmpFile)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
})
}
// generateTestCert generates a self-signed certificate for testing
func generateTestCert(t *testing.T) ([]byte, []byte) {
t.Helper()
// Generate ECDSA private key
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
t.Fatalf("Failed to generate private key: %v", err)
}
// Create certificate template
template := x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{
Organization: []string{"Test"},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
DNSNames: []string{"localhost"},
}
// Create certificate
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
t.Fatalf("Failed to create certificate: %v", err)
}
// Encode certificate to PEM
certPEM := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: certDER,
})
// Encode private key to PEM
keyDER, err := x509.MarshalECPrivateKey(priv)
if err != nil {
t.Fatalf("Failed to marshal private key: %v", err)
}
keyPEM := pem.EncodeToMemory(&pem.Block{
Type: "EC PRIVATE KEY",
Bytes: keyDER,
})
return certPEM, keyPEM
}
func containsString(s, substr string) bool {
for i := 0; i <= len(s)-len(substr); i++ {
if s[i:i+len(substr)] == substr {
return true
}
}
return false
}
// TestGetTLSConfig 测试 TLS 配置获取
func TestGetTLSConfig(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
// 生成自签名证书
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
}
manager, err := NewTLSManager(cfg)
if err != nil {
t.Fatalf("NewTLSManager() failed: %v", err)
}
defer manager.Close()
// 验证返回非 nil 配置
tlsCfg := manager.GetTLSConfig()
if tlsCfg == nil {
t.Fatal("Expected non-nil TLS config")
}
// 验证 TLS 版本设置
if tlsCfg.MinVersion != tls.VersionTLS12 {
t.Errorf("Expected MinVersion TLS 1.2, got %v", tlsCfg.MinVersion)
}
}
// TestGetTLSConfig_WithProtocols 测试带协议配置的 TLS 配置获取
func TestGetTLSConfig_WithProtocols(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
Protocols: []string{"TLSv1.3"},
}
manager, err := NewTLSManager(cfg)
if err != nil {
t.Fatalf("NewTLSManager() failed: %v", err)
}
defer manager.Close()
tlsCfg := manager.GetTLSConfig()
if tlsCfg == nil {
t.Fatal("Expected non-nil TLS config")
}
// 验证 TLS 1.3 设置
if tlsCfg.MinVersion != tls.VersionTLS13 {
t.Errorf("Expected MinVersion TLS 1.3, got %v", tlsCfg.MinVersion)
}
if tlsCfg.MaxVersion != tls.VersionTLS13 {
t.Errorf("Expected MaxVersion TLS 1.3, got %v", tlsCfg.MaxVersion)
}
}
// TestClose 测试 TLS 管理器关闭
func TestClose(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
}
manager, err := NewTLSManager(cfg)
if err != nil {
t.Fatalf("NewTLSManager() failed: %v", err)
}
// 第一次关闭
manager.Close()
// 验证多次调用 Close 是安全的
manager.Close()
manager.Close()
}
// TestNewTLSManager_Errors 测试错误场景
func TestNewTLSManager_Errors(t *testing.T) {
tests := []struct {
name string
cfg *config.SSLConfig
wantErr bool
errMsg string
}{
{
name: "nil config",
cfg: nil,
wantErr: true,
errMsg: "ssl config is nil",
},
{
name: "缺少证书路径",
cfg: &config.SSLConfig{
Key: "key.pem",
},
wantErr: true,
errMsg: "certificate and key paths are required",
},
{
name: "缺少密钥路径",
cfg: &config.SSLConfig{
Cert: "cert.pem",
},
wantErr: true,
errMsg: "certificate and key paths are required",
},
{
name: "无效证书文件",
cfg: &config.SSLConfig{
Cert: "/nonexistent/cert.pem",
Key: "/nonexistent/key.pem",
},
wantErr: true,
errMsg: "failed to load certificate",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, err := NewTLSManager(tt.cfg)
if (err != nil) != tt.wantErr {
t.Errorf("NewTLSManager() error = %v, wantErr %v", err, tt.wantErr)
}
if err != nil && tt.errMsg != "" {
if !containsString(err.Error(), tt.errMsg) {
t.Errorf("NewTLSManager() error = %v, want errMsg containing %v", err, tt.errMsg)
}
}
})
}
}
// TestNewTLSManager_InvalidCipher 测试无效加密套件
func TestNewTLSManager_InvalidCipher(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
Ciphers: []string{"TLS_UNKNOWN_CIPHER"},
}
_, err := NewTLSManager(cfg)
if err == nil {
t.Error("Expected error for invalid cipher suite")
}
}
// TestNewTLSManager_InsecureCipher 测试不安全加密套件
func TestNewTLSManager_InsecureCipher(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
Ciphers: []string{"TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
}
_, err := NewTLSManager(cfg)
if err == nil {
t.Error("Expected error for insecure cipher suite")
}
}
// TestNewMultiTLSManager 测试多证书 TLS 管理器
func TestNewMultiTLSManager(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
configs := map[string]*config.SSLConfig{
"example.com": {
Cert: certPath,
Key: keyPath,
},
}
manager, err := NewMultiTLSManager(configs, nil)
if err != nil {
t.Fatalf("NewMultiTLSManager() failed: %v", err)
}
defer manager.Close()
// 验证配置已加载
cfg := manager.GetTLSConfigForHost("example.com")
if cfg == nil {
t.Fatal("Expected non-nil config for example.com")
}
}
// TestNewMultiTLSManager_EmptyConfigs 测试空配置
func TestNewMultiTLSManager_EmptyConfigs(t *testing.T) {
_, err := NewMultiTLSManager(map[string]*config.SSLConfig{}, nil)
if err == nil {
t.Error("Expected error for empty configs")
}
}
// TestNewMultiTLSManager_NilConfig 测试 nil 配置项
func TestNewMultiTLSManager_NilConfig(t *testing.T) {
configs := map[string]*config.SSLConfig{
"example.com": nil,
}
_, err := NewMultiTLSManager(configs, nil)
if err == nil {
t.Error("Expected error for nil config")
}
}
// TestGetCertificate 测试证书获取回调
func TestGetCertificate(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
configs := map[string]*config.SSLConfig{
"example.com": {
Cert: certPath,
Key: keyPath,
},
}
manager, err := NewMultiTLSManager(configs, nil)
if err != nil {
t.Fatalf("NewMultiTLSManager() failed: %v", err)
}
defer manager.Close()
getCert := manager.GetCertificate()
if getCert == nil {
t.Fatal("Expected non-nil GetCertificate function")
}
// 测试获取存在的证书
testHello := &tls.ClientHelloInfo{
ServerName: "example.com",
}
certResult, err := getCert(testHello)
if err != nil {
t.Errorf("GetCertificate() error = %v", err)
}
if certResult == nil {
t.Error("Expected non-nil certificate")
}
}
// TestAddCertificate 测试添加证书
func TestAddCertificate(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
// 创建带默认配置的管理器
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
}
manager, err := NewTLSManager(cfg)
if err != nil {
t.Fatalf("NewTLSManager() failed: %v", err)
}
defer manager.Close()
// 测试添加新证书
err = manager.AddCertificate("newhost.com", cfg)
if err != nil {
t.Errorf("AddCertificate() error = %v", err)
}
// 验证新证书已添加
hostCfg := manager.GetTLSConfigForHost("newhost.com")
if hostCfg == nil {
t.Error("Expected config for newhost.com")
}
}
// TestAddCertificate_Error 测试添加证书错误
func TestAddCertificate_Error(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
}
manager, err := NewTLSManager(cfg)
if err != nil {
t.Fatalf("NewTLSManager() failed: %v", err)
}
defer manager.Close()
// 测试 nil 配置
err = manager.AddCertificate("test.com", nil)
if err == nil {
t.Error("Expected error for nil config")
}
}
// TestRemoveCertificate 测试移除证书
func TestRemoveCertificate(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
configs := map[string]*config.SSLConfig{
"example.com": {
Cert: certPath,
Key: keyPath,
},
}
// 创建一个默认配置
defaultCfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
}
manager, err := NewMultiTLSManager(configs, defaultCfg)
if err != nil {
t.Fatalf("NewMultiTLSManager() failed: %v", err)
}
defer manager.Close()
// 移除证书
manager.RemoveCertificate("example.com")
// 验证证书已移除(应返回默认配置)
cfg := manager.GetTLSConfigForHost("example.com")
if cfg == nil {
t.Error("Expected default config after removal")
}
}
// TestGetOCSPStatus_NoManager 测试无 OCSP 管理器时的状态
func TestGetOCSPStatus_NoManager(t *testing.T) {
tmpDir := t.TempDir()
certPath := filepath.Join(tmpDir, "cert.pem")
keyPath := filepath.Join(tmpDir, "key.pem")
cert, key := generateTestCert(t)
if err := os.WriteFile(certPath, cert, 0644); err != nil {
t.Fatalf("Failed to write cert: %v", err)
}
if err := os.WriteFile(keyPath, key, 0600); err != nil {
t.Fatalf("Failed to write key: %v", err)
}
cfg := &config.SSLConfig{
Cert: certPath,
Key: keyPath,
OCSPStapling: false, // 禁用 OCSP
}
manager, err := NewTLSManager(cfg)
if err != nil {
t.Fatalf("NewTLSManager() failed: %v", err)
}
defer manager.Close()
status := manager.GetOCSPStatus()
if status == nil {
t.Error("Expected non-nil status map")
}
if len(status) != 0 {
t.Errorf("Expected empty status, got %d entries", len(status))
}
}
Reference in New Issue View Git Blame Copy Permalink