313 lines
No EOL
8.5 KiB
Go
313 lines
No EOL
8.5 KiB
Go
package wgfunc
|
|
|
|
import (
|
|
"golang.zx2c4.com/wireguard/wgctrl"
|
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
|
"testing"
|
|
)
|
|
import "github.com/vishvananda/netlink"
|
|
import "github.com/stretchr/testify/assert"
|
|
|
|
|
|
|
|
func TestRemoveDeviceIfIPRangeInvalide(t *testing.T) {
|
|
serverConfig := WireGuardConfig{
|
|
Name: "wgUnit",
|
|
IPRanges: []string{"10.0.0.1/24", "abc/24"},
|
|
}
|
|
server, err := NewWireGuard(serverConfig)
|
|
assert.Nil(t, err, "shouldn't return error while creating server")
|
|
|
|
err = server.Up()
|
|
if err == nil || err.Error() != "invalid CIDR address: abc/24" {
|
|
t.Errorf("Should return invalide CIDR error")
|
|
}
|
|
|
|
foundDevice := checkForNetworkDevice("wgUnit", t)
|
|
|
|
assert.Falsef(t, foundDevice, "should not fount device with name wgUnit")
|
|
}
|
|
|
|
|
|
func TestRemoveDeviceIfPrivateKeyIsInvalide(t *testing.T) {
|
|
serverConfig := WireGuardConfig{
|
|
Name: "wgUnit",
|
|
IPRanges: []string{"10.0.0.1/24"},
|
|
}
|
|
server, err := NewWireGuard(serverConfig)
|
|
assert.Nil(t, err, "shouldn't return error while creating server")
|
|
|
|
err = server.Up()
|
|
if err == nil || err.Error() != "wgtypes: incorrect key size: 0" {
|
|
t.Errorf("Should return invalide key size error")
|
|
}
|
|
|
|
foundDevice := checkForNetworkDevice("wgUnit", t)
|
|
|
|
assert.Falsef(t, foundDevice, "should not fount device with name wgUnit")
|
|
}
|
|
|
|
func TestCantRunSetupWireguardTwice(t *testing.T) {
|
|
server := WireGuard{}
|
|
server.name = "wgUnit"
|
|
key, err := wgtypes.GeneratePrivateKey()
|
|
assert.Nil(t, err, "cant create private key")
|
|
server.wgConfig.PrivateKey = &key
|
|
|
|
err = server.Up()
|
|
if err == nil || err.Error() != "Wireguard already setedup" {
|
|
t.Errorf("Should fail setup wireguard if privatkey is already set")
|
|
}
|
|
|
|
foundDevice := checkForNetworkDevice("wgUnit", t)
|
|
|
|
assert.Falsef(t, foundDevice, "should not fount device with name wgUnit")
|
|
}
|
|
|
|
func TestNoWireguardDevicesExists(t *testing.T) {
|
|
client, err := wgctrl.New()
|
|
assert.Nil(t, err, "cant create wgctrl client")
|
|
|
|
devices, err := client.Devices()
|
|
assert.Nil(t, err, "cant get devices from wgctrl client")
|
|
|
|
assert.Equalf(t, 0, len(devices), "there are wireguard devices")
|
|
}
|
|
|
|
func TestCreateWireguarderver(t *testing.T) {
|
|
client, err := wgctrl.New()
|
|
assert.Nil(t, err, "cant create wgctrl client")
|
|
|
|
key, err := wgtypes.GeneratePrivateKey()
|
|
assert.Nil(t, err, "cant create private key")
|
|
|
|
serverConfig := WireGuardConfig{
|
|
Name: "wgUnit",
|
|
IPRanges: []string{"10.0.0.1/24"},
|
|
Port: 54123,
|
|
PrivateKey: key.String(),
|
|
}
|
|
server, err := NewWireGuard(serverConfig)
|
|
assert.Nil(t, err, "cant create server")
|
|
|
|
err = server.Up()
|
|
|
|
foundDevice := checkForNetworkDevice("wgUnit", t)
|
|
|
|
assert.True(t, foundDevice, "should fount device with name wgUnit")
|
|
|
|
devices, err := client.Devices()
|
|
assert.Nil(t, err, "cant get devices from wgctrl client")
|
|
|
|
assert.Equalf(t, 1, len(devices), "there are wireguard devices")
|
|
|
|
helpTearDown(server, t)
|
|
}
|
|
|
|
func TestCantAddPeerIfServerNotUp(t *testing.T) {
|
|
serverConfig := WireGuardConfig{
|
|
Name: "wgUnit",
|
|
}
|
|
server, err := NewWireGuard(serverConfig)
|
|
assert.Nil(t, err, "cant create server")
|
|
|
|
peer := PeerConfig{}
|
|
err = server.AddPeer(peer)
|
|
if err == nil || err.Error() != "server not up" {
|
|
t.Errorf("should not be able to add peer if server is offline")
|
|
}
|
|
|
|
}
|
|
|
|
func TestCantAddPeerIfPublicKeyIsInvalide(t *testing.T) {
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
|
|
config := PeerConfig{
|
|
PublicKey: "abc",
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/32"},
|
|
Endpoint: "",
|
|
}
|
|
err := server.AddPeer(config)
|
|
if err == nil || err.Error() != "wgtypes: failed to parse base64-encoded key: illegal base64 data at input byte 0" {
|
|
t.Errorf("should not be able to add peer with wrong pub key")
|
|
}
|
|
}
|
|
|
|
func TestCantAddPeerIfPublicKeyIsEmpty(t *testing.T) {
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
|
|
config := PeerConfig{
|
|
PublicKey: "",
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/32"},
|
|
Endpoint: "",
|
|
}
|
|
err := server.AddPeer(config)
|
|
if err == nil || err.Error() != "wgtypes: incorrect key size: 0" {
|
|
t.Errorf("should not be able to add peer with wrong pub key")
|
|
}
|
|
}
|
|
|
|
func TestAddPeerInvalideEndpointIP(t *testing.T) {
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
key, _ := wgtypes.GeneratePrivateKey()
|
|
|
|
config := PeerConfig{
|
|
PublicKey: key.PublicKey().String(),
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/32"},
|
|
Endpoint: "abc:123",
|
|
}
|
|
err := server.AddPeer(config)
|
|
|
|
assert.Equalf(t, "Invalide endpoint ip", err.Error(), "shouldnt be able to add peer with invalide endpoint ip")
|
|
}
|
|
|
|
func TestAddPeerInvalideEndpointPort(t *testing.T) {
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
key, _ := wgtypes.GeneratePrivateKey()
|
|
|
|
config := PeerConfig{
|
|
PublicKey: key.PublicKey().String(),
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/32"},
|
|
Endpoint: "127.0.0.1:abv",
|
|
}
|
|
err := server.AddPeer(config)
|
|
|
|
assert.Equalf(t, "Cant convert port to int: strconv.Atoi: parsing \"abv\": invalid syntax", err.Error(), "shouldnt be able to add peer with invalide endpoint port")
|
|
}
|
|
|
|
func TestAddPeerWithEndpoitnDomain(t *testing.T) {
|
|
t.Skipf("Not implemented now")
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
key, _ := wgtypes.GeneratePrivateKey()
|
|
|
|
config := PeerConfig{
|
|
PublicKey: key.PublicKey().String(),
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/32"},
|
|
Endpoint: "home.kekskurse.de:123",
|
|
}
|
|
err := server.AddPeer(config)
|
|
|
|
assert.Nil(t, err, "should be able to add peer with domain as endpoint")
|
|
}
|
|
|
|
func TestAddPeerWithInvalideAllowedIP(t *testing.T) {
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
key, _ := wgtypes.GeneratePrivateKey()
|
|
|
|
config := PeerConfig{
|
|
PublicKey: key.PublicKey().String(),
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.g.3/32"},
|
|
Endpoint: "home.kekskurse.de:123",
|
|
}
|
|
err := server.AddPeer(config)
|
|
|
|
assert.Equalf(t, "invalid CIDR address: 10.0.g.3/32", err.Error(), "should not allow peer with invalide allowed ip")
|
|
|
|
config = PeerConfig{
|
|
PublicKey: key.PublicKey().String(),
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/54"},
|
|
Endpoint: "home.kekskurse.de:123",
|
|
}
|
|
err = server.AddPeer(config)
|
|
assert.Equalf(t, "invalid CIDR address: 10.0.0.3/54", err.Error(), "should not allow peer with invalide allowed ip")
|
|
|
|
}
|
|
|
|
func TestAddPeer(t *testing.T) {
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
|
|
key, _ := wgtypes.GeneratePrivateKey()
|
|
|
|
config := PeerConfig{
|
|
PublicKey: key.PublicKey().String(),
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/32"},
|
|
Endpoint: "",
|
|
}
|
|
err := server.AddPeer(config)
|
|
assert.Nil(t, err, "should be able to add peer")
|
|
|
|
assert.Equalf(t, key.PublicKey().String(), server.wgConfig.Peers[0].PublicKey.String(), "public key should be in the wgConfig Object")
|
|
assert.Equal(t, "10.0.0.3/32", server.wgConfig.Peers[0].AllowedIPs[0].String(), "allowd ip should be set currect")
|
|
}
|
|
|
|
func TestRemovePeer(t *testing.T) {
|
|
server := helperCreateServer(t)
|
|
defer helpTearDown(server, t)
|
|
|
|
key, _ := wgtypes.GeneratePrivateKey()
|
|
|
|
config := PeerConfig{
|
|
PublicKey: key.PublicKey().String(),
|
|
PreSharedKey: "",
|
|
AllowedIPs: []string{"10.0.0.3/32"},
|
|
Endpoint: "",
|
|
}
|
|
err := server.AddPeer(config)
|
|
assert.Nil(t, err, "should be able to add peer")
|
|
|
|
err = server.RemovePeer(config.PublicKey)
|
|
assert.Nil(t, err, "should be able to remove peer")
|
|
|
|
assert.Equalf(t, 0, len(server.wgConfig.Peers), "peer list should be empty again")
|
|
|
|
}
|
|
|
|
func helperCreateServer(t *testing.T) WireGuard {
|
|
key, err := wgtypes.GeneratePrivateKey()
|
|
assert.Nil(t, err, "cant create private key")
|
|
|
|
serverConfig := WireGuardConfig{
|
|
Name: "wgUnit",
|
|
IPRanges: []string{"10.0.0.1/24"},
|
|
Port: 54123,
|
|
PrivateKey: key.String(),
|
|
}
|
|
server, err := NewWireGuard(serverConfig)
|
|
assert.Nil(t, err, "cant create server")
|
|
|
|
err = server.Up()
|
|
|
|
foundDevice := checkForNetworkDevice("wgUnit", t)
|
|
|
|
assert.True(t, foundDevice, "should fount device with name wgUnit")
|
|
|
|
return server
|
|
}
|
|
|
|
func helpTearDown(server WireGuard, t *testing.T) {
|
|
err := server.Down()
|
|
assert.Nil(t, err, "should not return error while shutting down server")
|
|
|
|
foundDevice := checkForNetworkDevice(server.name, t)
|
|
assert.Falsef(t, foundDevice, "device should not exist anymore")
|
|
}
|
|
|
|
func checkForNetworkDevice(name string, t *testing.T) bool {
|
|
res, err := netlink.LinkList()
|
|
|
|
assert.Nil(t, err, "shouldn't return an error return devices")
|
|
|
|
foundDevice := false
|
|
for _, device := range res {
|
|
if device.Attrs().Name == name {
|
|
foundDevice = true
|
|
}
|
|
}
|
|
|
|
return foundDevice
|
|
} |