7
7
"context"
8
8
"crypto/ed25519"
9
9
"crypto/rand"
10
+ "crypto/rsa"
10
11
"crypto/tls"
11
12
"errors"
12
13
"fmt"
@@ -362,6 +363,127 @@ func testPionE2ESimpleED25519(t *testing.T, server, client func(*comm)) {
362
363
}
363
364
}
364
365
366
+ func testPionE2ESimpleED25519ClientCert (t * testing.T , server , client func (* comm )) {
367
+ lim := test .TimeOut (time .Second * 30 )
368
+ defer lim .Stop ()
369
+
370
+ report := test .CheckRoutines (t )
371
+ defer report ()
372
+
373
+ ctx , cancel := context .WithTimeout (context .Background (), 5 * time .Second )
374
+ defer cancel ()
375
+
376
+ _ , skey , err := ed25519 .GenerateKey (rand .Reader )
377
+ if err != nil {
378
+ t .Fatal (err )
379
+ }
380
+ scert , err := selfsign .SelfSign (skey )
381
+ if err != nil {
382
+ t .Fatal (err )
383
+ }
384
+
385
+ _ , ckey , err := ed25519 .GenerateKey (rand .Reader )
386
+ if err != nil {
387
+ t .Fatal (err )
388
+ }
389
+ ccert , err := selfsign .SelfSign (ckey )
390
+ if err != nil {
391
+ t .Fatal (err )
392
+ }
393
+
394
+ scfg := & dtls.Config {
395
+ Certificates : []tls.Certificate {scert },
396
+ CipherSuites : []dtls.CipherSuiteID {dtls .TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 },
397
+ ClientAuth : dtls .RequireAnyClientCert ,
398
+ }
399
+ ccfg := & dtls.Config {
400
+ Certificates : []tls.Certificate {ccert },
401
+ CipherSuites : []dtls.CipherSuiteID {dtls .TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 },
402
+ InsecureSkipVerify : true ,
403
+ }
404
+ serverPort := randomPort (t )
405
+ comm := newComm (ctx , ccfg , scfg , serverPort , server , client )
406
+ comm .assert (t )
407
+ }
408
+
409
+ func testPionE2ESimpleECDSAClientCert (t * testing.T , server , client func (* comm )) {
410
+ lim := test .TimeOut (time .Second * 30 )
411
+ defer lim .Stop ()
412
+
413
+ report := test .CheckRoutines (t )
414
+ defer report ()
415
+
416
+ ctx , cancel := context .WithTimeout (context .Background (), 5 * time .Second )
417
+ defer cancel ()
418
+
419
+ scert , err := selfsign .GenerateSelfSigned ()
420
+ if err != nil {
421
+ t .Fatal (err )
422
+ }
423
+
424
+ ccert , err := selfsign .GenerateSelfSigned ()
425
+ if err != nil {
426
+ t .Fatal (err )
427
+ }
428
+
429
+ scfg := & dtls.Config {
430
+ Certificates : []tls.Certificate {scert },
431
+ CipherSuites : []dtls.CipherSuiteID {dtls .TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 },
432
+ ClientAuth : dtls .RequireAnyClientCert ,
433
+ }
434
+ ccfg := & dtls.Config {
435
+ Certificates : []tls.Certificate {ccert },
436
+ CipherSuites : []dtls.CipherSuiteID {dtls .TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 },
437
+ InsecureSkipVerify : true ,
438
+ }
439
+ serverPort := randomPort (t )
440
+ comm := newComm (ctx , ccfg , scfg , serverPort , server , client )
441
+ comm .assert (t )
442
+ }
443
+
444
+ func testPionE2ESimpleRSAClientCert (t * testing.T , server , client func (* comm )) {
445
+ lim := test .TimeOut (time .Second * 30 )
446
+ defer lim .Stop ()
447
+
448
+ report := test .CheckRoutines (t )
449
+ defer report ()
450
+
451
+ ctx , cancel := context .WithTimeout (context .Background (), 5 * time .Second )
452
+ defer cancel ()
453
+
454
+ spriv , err := rsa .GenerateKey (rand .Reader , 2048 )
455
+ if err != nil {
456
+ t .Fatal (err )
457
+ }
458
+ scert , err := selfsign .SelfSign (spriv )
459
+ if err != nil {
460
+ t .Fatal (err )
461
+ }
462
+
463
+ cpriv , err := rsa .GenerateKey (rand .Reader , 2048 )
464
+ if err != nil {
465
+ t .Fatal (err )
466
+ }
467
+ ccert , err := selfsign .SelfSign (cpriv )
468
+ if err != nil {
469
+ t .Fatal (err )
470
+ }
471
+
472
+ scfg := & dtls.Config {
473
+ Certificates : []tls.Certificate {scert },
474
+ CipherSuites : []dtls.CipherSuiteID {dtls .TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 },
475
+ ClientAuth : dtls .RequireAnyClientCert ,
476
+ }
477
+ ccfg := & dtls.Config {
478
+ Certificates : []tls.Certificate {ccert },
479
+ CipherSuites : []dtls.CipherSuiteID {dtls .TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 },
480
+ InsecureSkipVerify : true ,
481
+ }
482
+ serverPort := randomPort (t )
483
+ comm := newComm (ctx , ccfg , scfg , serverPort , server , client )
484
+ comm .assert (t )
485
+ }
486
+
365
487
func TestPionE2ESimple (t * testing.T ) {
366
488
testPionE2ESimple (t , serverPion , clientPion )
367
489
}
@@ -377,3 +499,15 @@ func TestPionE2EMTUs(t *testing.T) {
377
499
func TestPionE2ESimpleED25519 (t * testing.T ) {
378
500
testPionE2ESimpleED25519 (t , serverPion , clientPion )
379
501
}
502
+
503
+ func TestPionE2ESimpleED25519ClientCert (t * testing.T ) {
504
+ testPionE2ESimpleED25519ClientCert (t , serverPion , clientPion )
505
+ }
506
+
507
+ func TestPionE2ESimpleECDSAClientCert (t * testing.T ) {
508
+ testPionE2ESimpleECDSAClientCert (t , serverPion , clientPion )
509
+ }
510
+
511
+ func TestPionE2ESimpleRSAClientCert (t * testing.T ) {
512
+ testPionE2ESimpleRSAClientCert (t , serverPion , clientPion )
513
+ }
0 commit comments