CI: test certinfo handlers (#12)

* refactor: add Reader interface for file and password read

* ci: add sample keys and certs for testing

* ci: add tests for certinfo and common handlers

* refactor: methods of structs implementing Reader interface declare only the receiver's type

Author: xenOs76

.gitignore

@@ -1,7 +1,8 @@
 .direnv
 dist
 tests
-testdata
+internal/requests/testdata
+internal/certinfo/testdata/*Cert*
 manpages
 
 # ---> Go

.golangci.yml

@@ -54,6 +54,13 @@ linters:
           exclude: [""]
           arguments: [15]
 
+        # https://github.com/mgechev/revive/blob/HEAD/RULES_DESCRIPTIONS.md#cyclomatic
+        - name: cyclomatic
+          severity: warning
+          disabled: false
+          exclude: [""]
+          arguments: [15]
+
   exclusions:
     generated: lax
     presets:

cmd/certinfo.go

@@ -71,19 +71,19 @@ Examples:
 
 		certinfoCfg.SetTLSInsecure(tlsInsecure).SetTLSServerName(tlsServerName)
 
-		if err := certinfoCfg.SetCaPoolFromFile(caBundleValue); err != nil {
+		if err := certinfoCfg.SetCaPoolFromFile(caBundleValue, fileReader); err != nil {
 			fmt.Printf("Error importing CA Certificate bundle from file: %s", err)
 		}
 
-		if err := certinfoCfg.SetCertsFromFile(certBundleValue); err != nil {
+		if err := certinfoCfg.SetCertsFromFile(certBundleValue, fileReader); err != nil {
 			fmt.Printf("Error importing Certificate bundle from file: %s", err)
 		}
 
 		if err := certinfoCfg.SetTLSEndpoint(tlsEndpoint); err != nil {
 			fmt.Printf("Error setting TLS endpoint: %s", err)
 		}
 
-		if err := certinfoCfg.SetPrivateKeyFromFile(keyFileValue); err != nil {
+		if err := certinfoCfg.SetPrivateKeyFromFile(keyFileValue, fileReader); err != nil {
 			fmt.Printf("Error importing key from file: %s", err)
 		}
 

cmd/requests.go

@@ -90,7 +90,7 @@ Examples:
 			fmt.Print(err)
 		}
 
-		if err := requestsCfg.SetCaPoolFromFile(caBundlePath); err != nil {
+		if err := requestsCfg.SetCaPoolFromFile(caBundlePath, fileReader); err != nil {
 			fmt.Print(err)
 		}
 

cmd/root.go

@@ -35,6 +35,7 @@ import (
 	_ "github.com/breml/rootcerts"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
+	"github.com/xenos76/https-wrench/internal/certinfo"
 )
 
 var (
@@ -43,6 +44,7 @@ var (
 	caBundlePath   string
 	certBundlePath string
 	keyFilePath    string
+	fileReader     certinfo.InputReader
 )
 
 var rootCmd = &cobra.Command{

devenv.nix

@@ -40,6 +40,7 @@ in {
       ".gitignore"
       ".envrc"
       "internal/certinfo/common_handlers.go"
+      "internal/certinfo/testdata"
       "completions"
     ];
     hooks = {

internal/certinfo/certinfo.go

@@ -5,13 +5,17 @@ import (
 	"crypto/x509"
 	"fmt"
 	"net"
+	"os"
 	"time"
+
+	"golang.org/x/term"
 )
 
 const (
 	TLSTimeout         = 3 * time.Second
 	CertExpWarnDays    = 40
 	privateKeyPwEnvVar = "CERTINFO_PKEY_PW"
+	emptyString        = ""
 )
 
 type CertinfoConfig struct {
@@ -32,15 +36,34 @@ type CertinfoConfig struct {
 	TLSInsecure             bool
 }
 
+type (
+	Reader interface {
+		ReadFile(name string) ([]byte, error)
+		ReadPassword(fd int) ([]byte, error)
+	}
+
+	InputReader struct{}
+)
+
 var (
-	// TODO: remove
-	// certsBundle   []*x509.Certificate
-	// privKey       any
-	// tlsEndpoint   string
 	TlsServerName string
 	TlsInsecure   bool
+	inputReader   InputReader
 )
 
+func (InputReader) ReadFile(name string) ([]byte, error) {
+	file, err := os.ReadFile(name)
+	if err != nil {
+		return nil, err
+	}
+
+	return file, nil
+}
+
+func (InputReader) ReadPassword(fd int) ([]byte, error) {
+	return term.ReadPassword(fd)
+}
+
 func NewCertinfoConfig() (*CertinfoConfig, error) {
 	defaultCertPool, err := x509.SystemCertPool()
 	if err != nil {
@@ -54,9 +77,12 @@ func NewCertinfoConfig() (*CertinfoConfig, error) {
 	return &c, nil
 }
 
-func (c *CertinfoConfig) SetCaPoolFromFile(filePath string) error {
-	if filePath != "" {
-		caCertsPool, err := GetRootCertsFromFile(filePath)
+func (c *CertinfoConfig) SetCaPoolFromFile(filePath string, fileReader Reader) error {
+	if filePath != emptyString {
+		caCertsPool, err := GetRootCertsFromFile(
+			filePath,
+			fileReader,
+		)
 		if err != nil {
 			return err
 		}
@@ -68,9 +94,9 @@ func (c *CertinfoConfig) SetCaPoolFromFile(filePath string) error {
 	return nil
 }
 
-func (c *CertinfoConfig) SetCertsFromFile(filePath string) error {
-	if filePath != "" {
-		certs, err := GetCertsFromBundle(filePath)
+func (c *CertinfoConfig) SetCertsFromFile(filePath string, fileReader Reader) error {
+	if filePath != emptyString {
+		certs, err := GetCertsFromBundle(filePath, fileReader)
 		if err != nil {
 			return err
 		}
@@ -82,9 +108,13 @@ func (c *CertinfoConfig) SetCertsFromFile(filePath string) error {
 	return nil
 }
 
-func (c *CertinfoConfig) SetPrivateKeyFromFile(filePath string) error {
-	if filePath != "" {
-		keyFromFile, err := GetKeyFromFile(filePath)
+func (c *CertinfoConfig) SetPrivateKeyFromFile(filePath string, fileReader Reader) error {
+	if filePath != emptyString {
+		keyFromFile, err := GetKeyFromFile(
+			filePath,
+			privateKeyPwEnvVar,
+			fileReader,
+		)
 		if err != nil {
 			return err
 		}

internal/certinfo/certinfo_handlers.go

@@ -110,7 +110,10 @@ func (c *CertinfoConfig) PrintData() {
 			),
 		)
 
-		rootCerts, err := GetCertsFromBundle(c.CACertsFilePath)
+		rootCerts, err := GetCertsFromBundle(
+			c.CACertsFilePath,
+			inputReader,
+		)
 		if err != nil {
 			fmt.Printf("unable for read Root certificates from %s: %s", c.CACertsFilePath, err)
 

internal/certinfo/certinfo_test.go

@@ -0,0 +1,69 @@
+package certinfo
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/alecthomas/assert/v2"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewCertinfoConfig(t *testing.T) {
+	t.Run("NewCertinfoConfig", func(t *testing.T) {
+		t.Parallel()
+
+		cc, err := NewCertinfoConfig()
+		require.NoError(t, err)
+
+		require.NotNil(t, cc.CACertsPool)
+	})
+}
+
+type mockReader struct {
+	readError error
+}
+
+func (mr mockReader) ReadFile(name string) ([]byte, error) {
+	mr.readError = fmt.Errorf("unable to read file %s", name)
+	return nil, mr.readError
+}
+
+func TestCertinfo_SetCaPoolFromFile(t *testing.T) {
+	t.Run("FileReadErrors", func(t *testing.T) {
+		t.Parallel()
+
+		cc, err := NewCertinfoConfig()
+		require.NoError(t, err)
+
+		errEmpty := cc.SetCaPoolFromFile(emptyString, inputReader)
+		require.NoError(t, errEmpty, "error emptyString")
+
+		errNoRead := cc.SetCaPoolFromFile(unreadableFile, mockErrReader)
+		require.Error(t, errNoRead, "error unreadableFile")
+		assert.Equal(t,
+			"failed to read CA bundle file: unable to read file testdata/unreadable-file.txt",
+			errNoRead.Error(),
+			"check unreadableFile",
+		)
+
+		errNoExist := cc.SetCaPoolFromFile("testdata/not-exist", inputReader)
+		require.Error(t, errNoExist, "error file not-exist")
+		assert.Equal(t,
+			"failed to read CA bundle file: open testdata/not-exist: no such file or directory",
+			errNoExist.Error(),
+			"read not-exist file",
+		)
+
+		errWrongCert := cc.SetCaPoolFromFile(RSACaCertKeyFile, inputReader)
+		require.Error(t, errWrongCert, "error wrong cert")
+		assert.Equal(t,
+			"unable to create CertPool from file",
+			errWrongCert.Error(),
+			"check wrong cert",
+		)
+
+		// TODO: complete, compare struct data with input
+		errRSACACert := cc.SetCaPoolFromFile(RSACaCertFile, inputReader)
+		require.NoError(t, errRSACACert, "error generated RSACaCertFile")
+	})
+}