server_test.go 1.34 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
package server

import (
	"crypto/tls"
	"testing"
	"time"
)

func TestStandaloneTLSTicketKeyRotation(t *testing.T) {
	tlsGovChan := make(chan struct{})
	defer close(tlsGovChan)
	callSync := make(chan bool, 1)
	defer close(callSync)

	oldHook := setSessionTicketKeysTestHook
	defer func() {
		setSessionTicketKeysTestHook = oldHook
	}()
	var keysInUse [][32]byte
	setSessionTicketKeysTestHook = func(keys [][32]byte) [][32]byte {
		keysInUse = keys
		callSync <- true
		return keys
	}

	c := new(tls.Config)
	timer := time.NewTicker(time.Millisecond * 1)

	go standaloneTLSTicketKeyRotation(c, timer, tlsGovChan)

	rounds := 0
	var lastTicketKey [32]byte
	for {
		select {
		case <-callSync:
			if lastTicketKey == keysInUse[0] {
				close(tlsGovChan)
				t.Errorf("The same TLS ticket key has been used again (not rotated): %x.", lastTicketKey)
				return
			}
			lastTicketKey = keysInUse[0]
			rounds++
			if rounds <= tlsNumTickets && len(keysInUse) != rounds {
				close(tlsGovChan)
				t.Errorf("Expected TLS ticket keys in use: %d; Got instead: %d.", rounds, len(keysInUse))
				return
			}
			if c.SessionTicketsDisabled == true {
				t.Error("Session tickets have been disabled unexpectedly.")
				return
			}
			if rounds >= tlsNumTickets+1 {
				return
			}
		case <-time.After(time.Second * 1):
			t.Errorf("Timeout after %d rounds.", rounds)
			return
		}
	}
}