kekskurse
/
keksvpn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
keksvpn/pkg/wgfunc/wireguard_test.go

313 lines
8.5 KiB
Go
Raw Blame History

package wgfunc
import (
"golang.zx2c4.com/wireguard/wgctrl"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"testing"
)
import "github.com/vishvananda/netlink"
import "github.com/stretchr/testify/assert"
func TestRemoveDeviceIfIPRangeInvalide(t *testing.T) {
serverConfig := WireGuardConfig{
Name: "wgUnit",
IPRanges: []string{"10.0.0.1/24", "abc/24"},
}
server, err := NewWireGuard(serverConfig)
assert.Nil(t, err, "shouldn't return error while creating server")
err = server.Up()
if err == nil || err.Error() != "invalid CIDR address: abc/24" {
t.Errorf("Should return invalide CIDR error")
}
foundDevice := checkForNetworkDevice("wgUnit", t)
assert.Falsef(t, foundDevice, "should not fount device with name wgUnit")
}
func TestRemoveDeviceIfPrivateKeyIsInvalide(t *testing.T) {
serverConfig := WireGuardConfig{
Name: "wgUnit",
IPRanges: []string{"10.0.0.1/24"},
}
server, err := NewWireGuard(serverConfig)
assert.Nil(t, err, "shouldn't return error while creating server")
err = server.Up()
if err == nil || err.Error() != "wgtypes: incorrect key size: 0" {
t.Errorf("Should return invalide key size error")
}
foundDevice := checkForNetworkDevice("wgUnit", t)
assert.Falsef(t, foundDevice, "should not fount device with name wgUnit")
}
func TestCantRunSetupWireguardTwice(t *testing.T) {
server := WireGuard{}
server.name = "wgUnit"
key, err := wgtypes.GeneratePrivateKey()
assert.Nil(t, err, "cant create private key")
server.wgConfig.PrivateKey = &key
err = server.Up()
if err == nil || err.Error() != "Wireguard already setedup" {
t.Errorf("Should fail setup wireguard if privatkey is already set")
}
foundDevice := checkForNetworkDevice("wgUnit", t)
assert.Falsef(t, foundDevice, "should not fount device with name wgUnit")
}
func TestNoWireguardDevicesExists(t *testing.T) {
client, err := wgctrl.New()
assert.Nil(t, err, "cant create wgctrl client")
devices, err := client.Devices()
assert.Nil(t, err, "cant get devices from wgctrl client")
assert.Equalf(t, 0, len(devices), "there are wireguard devices")
}
func TestCreateWireguarderver(t *testing.T) {
client, err := wgctrl.New()
assert.Nil(t, err, "cant create wgctrl client")
key, err := wgtypes.GeneratePrivateKey()
assert.Nil(t, err, "cant create private key")
serverConfig := WireGuardConfig{
Name: "wgUnit",
IPRanges: []string{"10.0.0.1/24"},
Port: 54123,
PrivateKey: key.String(),
}
server, err := NewWireGuard(serverConfig)
assert.Nil(t, err, "cant create server")
err = server.Up()
foundDevice := checkForNetworkDevice("wgUnit", t)
assert.True(t, foundDevice, "should fount device with name wgUnit")
devices, err := client.Devices()
assert.Nil(t, err, "cant get devices from wgctrl client")
assert.Equalf(t, 1, len(devices), "there are wireguard devices")
helpTearDown(server, t)
}
func TestCantAddPeerIfServerNotUp(t *testing.T) {
serverConfig := WireGuardConfig{
Name: "wgUnit",
}
server, err := NewWireGuard(serverConfig)
assert.Nil(t, err, "cant create server")
peer := PeerConfig{}
err = server.AddPeer(peer)
if err == nil || err.Error() != "server not up" {
t.Errorf("should not be able to add peer if server is offline")
}
}
func TestCantAddPeerIfPublicKeyIsInvalide(t *testing.T) {
server := helperCreateServer(t)
defer helpTearDown(server, t)
config := PeerConfig{
PublicKey: "abc",
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/32"},
Endpoint: "",
}
err := server.AddPeer(config)
if err == nil || err.Error() != "wgtypes: failed to parse base64-encoded key: illegal base64 data at input byte 0" {
t.Errorf("should not be able to add peer with wrong pub key")
}
}
func TestCantAddPeerIfPublicKeyIsEmpty(t *testing.T) {
server := helperCreateServer(t)
defer helpTearDown(server, t)
config := PeerConfig{
PublicKey: "",
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/32"},
Endpoint: "",
}
err := server.AddPeer(config)
if err == nil || err.Error() != "wgtypes: incorrect key size: 0" {
t.Errorf("should not be able to add peer with wrong pub key")
}
}
func TestAddPeerInvalideEndpointIP(t *testing.T) {
server := helperCreateServer(t)
defer helpTearDown(server, t)
key, _ := wgtypes.GeneratePrivateKey()
config := PeerConfig{
PublicKey: key.PublicKey().String(),
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/32"},
Endpoint: "abc:123",
}
err := server.AddPeer(config)
assert.Equalf(t, "Invalide endpoint ip", err.Error(), "shouldnt be able to add peer with invalide endpoint ip")
}
func TestAddPeerInvalideEndpointPort(t *testing.T) {
server := helperCreateServer(t)
defer helpTearDown(server, t)
key, _ := wgtypes.GeneratePrivateKey()
config := PeerConfig{
PublicKey: key.PublicKey().String(),
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/32"},
Endpoint: "127.0.0.1:abv",
}
err := server.AddPeer(config)
assert.Equalf(t, "Cant convert port to int: strconv.Atoi: parsing \"abv\": invalid syntax", err.Error(), "shouldnt be able to add peer with invalide endpoint port")
}
func TestAddPeerWithEndpoitnDomain(t *testing.T) {
t.Skipf("Not implemented now")
server := helperCreateServer(t)
defer helpTearDown(server, t)
key, _ := wgtypes.GeneratePrivateKey()
config := PeerConfig{
PublicKey: key.PublicKey().String(),
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/32"},
Endpoint: "home.kekskurse.de:123",
}
err := server.AddPeer(config)
assert.Nil(t, err, "should be able to add peer with domain as endpoint")
}
func TestAddPeerWithInvalideAllowedIP(t *testing.T) {
server := helperCreateServer(t)
defer helpTearDown(server, t)
key, _ := wgtypes.GeneratePrivateKey()
config := PeerConfig{
PublicKey: key.PublicKey().String(),
PreSharedKey: "",
AllowedIPs: []string{"10.0.g.3/32"},
Endpoint: "home.kekskurse.de:123",
}
err := server.AddPeer(config)
assert.Equalf(t, "invalid CIDR address: 10.0.g.3/32", err.Error(), "should not allow peer with invalide allowed ip")
config = PeerConfig{
PublicKey: key.PublicKey().String(),
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/54"},
Endpoint: "home.kekskurse.de:123",
}
err = server.AddPeer(config)
assert.Equalf(t, "invalid CIDR address: 10.0.0.3/54", err.Error(), "should not allow peer with invalide allowed ip")
}
func TestAddPeer(t *testing.T) {
server := helperCreateServer(t)
defer helpTearDown(server, t)
key, _ := wgtypes.GeneratePrivateKey()
config := PeerConfig{
PublicKey: key.PublicKey().String(),
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/32"},
Endpoint: "",
}
err := server.AddPeer(config)
assert.Nil(t, err, "should be able to add peer")
assert.Equalf(t, key.PublicKey().String(), server.wgConfig.Peers[0].PublicKey.String(), "public key should be in the wgConfig Object")
assert.Equal(t, "10.0.0.3/32", server.wgConfig.Peers[0].AllowedIPs[0].String(), "allowd ip should be set currect")
}
func TestRemovePeer(t *testing.T) {
server := helperCreateServer(t)
defer helpTearDown(server, t)
key, _ := wgtypes.GeneratePrivateKey()
config := PeerConfig{
PublicKey: key.PublicKey().String(),
PreSharedKey: "",
AllowedIPs: []string{"10.0.0.3/32"},
Endpoint: "",
}
err := server.AddPeer(config)
assert.Nil(t, err, "should be able to add peer")
err = server.RemovePeer(config.PublicKey)
assert.Nil(t, err, "should be able to remove peer")
assert.Equalf(t, 0, len(server.wgConfig.Peers), "peer list should be empty again")
}
func helperCreateServer(t *testing.T) WireGuard {
key, err := wgtypes.GeneratePrivateKey()
assert.Nil(t, err, "cant create private key")
serverConfig := WireGuardConfig{
Name: "wgUnit",
IPRanges: []string{"10.0.0.1/24"},
Port: 54123,
PrivateKey: key.String(),
}
server, err := NewWireGuard(serverConfig)
assert.Nil(t, err, "cant create server")
err = server.Up()
foundDevice := checkForNetworkDevice("wgUnit", t)
assert.True(t, foundDevice, "should fount device with name wgUnit")
return server
}
func helpTearDown(server WireGuard, t *testing.T) {
err := server.Down()
assert.Nil(t, err, "should not return error while shutting down server")
foundDevice := checkForNetworkDevice(server.name, t)
assert.Falsef(t, foundDevice, "device should not exist anymore")
}
func checkForNetworkDevice(name string, t *testing.T) bool {
res, err := netlink.LinkList()
assert.Nil(t, err, "shouldn't return an error return devices")
foundDevice := false
for _, device := range res {
if device.Attrs().Name == name {
foundDevice = true
}
}
return foundDevice
}
Reference in New Issue View Git Blame Copy Permalink