From f662140fda3974e9e47cfd6e303a10468501a4da Mon Sep 17 00:00:00 2001
From: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Date: Sat, 22 Apr 2023 14:58:31 +0800
Subject: [PATCH] Add test for the new function in tls package

Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
---
 pkg/util/tls_config_test.go | 47 +++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 15 deletions(-)

diff --git a/pkg/util/tls_config_test.go b/pkg/util/tls_config_test.go
index 18b8513ef1a..378b3c60282 100644
--- a/pkg/util/tls_config_test.go
+++ b/pkg/util/tls_config_test.go
@@ -187,6 +187,7 @@ func TestNewTLSConfig_WithPassword(t *testing.T) {
 		password string
 		issuer   string
 		CACert   string
+		isError  bool
 	}{
 		{
 			name:     "rsaCert_WithCACert",
@@ -195,6 +196,7 @@ func TestNewTLSConfig_WithPassword(t *testing.T) {
 			password: "keypass",
 			issuer:   "O=Internet Widgits Pty Ltd,ST=Some-State,C=AU",
 			CACert:   randomCACert,
+			isError:  false,
 		},
 		{
 			name:     "Cert_WithCACert",
@@ -203,6 +205,7 @@ func TestNewTLSConfig_WithPassword(t *testing.T) {
 			password: "keypass",
 			issuer:   "O=Internet Widgits Pty Ltd,ST=Some-State,C=AU",
 			CACert:   randomCACert,
+			isError:  false,
 		},
 		{
 			name:     "rsaCert_WithoutCACert",
@@ -211,6 +214,7 @@ func TestNewTLSConfig_WithPassword(t *testing.T) {
 			password: "keypass",
 			issuer:   "O=Internet Widgits Pty Ltd,ST=Some-State,C=AU",
 			CACert:   "",
+			isError:  false,
 		},
 		{
 			name:     "Cert_WithoutCACert",
@@ -219,28 +223,41 @@ func TestNewTLSConfig_WithPassword(t *testing.T) {
 			password: "keypass",
 			issuer:   "O=Internet Widgits Pty Ltd,ST=Some-State,C=AU",
 			CACert:   "",
+			isError:  false,
+		},
+		{
+			name:     "Cert_WithInvalidCACert",
+			cert:     rsaCertPEM,
+			key:      encryptedKeyPEM,
+			password: "keypass",
+			issuer:   "O=Internet Widgits Pty Ltd,ST=Some-State,C=AU",
+			CACert:   "invalidCACert",
+			isError:  true,
 		},
 	}
 	for _, test := range testCases {
 		t.Run(test.name, func(t *testing.T) {
 			config, err := NewTLSConfigWithPassword(test.cert, test.key, test.password, test.CACert, false)
-			if err != nil {
-				t.Errorf("Should have no error: %s", err)
-			}
-			cert, err := x509.ParseCertificate(config.Certificates[0].Certificate[0])
-			if err != nil {
-				t.Errorf("Bad certificate")
-			}
+			if err != nil && !test.isError {
+				t.Errorf("Expected sucess but got error: %s", err)
+			} else if test.isError && err == nil {
+				t.Errorf("Expect error but got success")
+			} else if err == nil {
+				cert, err := x509.ParseCertificate(config.Certificates[0].Certificate[0])
+				if err != nil {
+					t.Errorf("Bad certificate")
+				}
 
-			if test.CACert != "" {
-				caCertPool := getRootCAs()
-				caCertPool.AppendCertsFromPEM([]byte(randomCACert))
-				if !config.RootCAs.Equal(caCertPool) {
-					t.Errorf("TLS config return different CA cert")
+				if test.CACert != "" {
+					caCertPool := getRootCAs()
+					caCertPool.AppendCertsFromPEM([]byte(randomCACert))
+					if !config.RootCAs.Equal(caCertPool) {
+						t.Errorf("TLS config return different CA cert")
+					}
+				}
+				if cert.Issuer.String() != test.issuer {
+					t.Errorf("Expected Issuer %s but got %s\n", test.issuer, cert.Issuer.String())
 				}
-			}
-			if cert.Issuer.String() != test.issuer {
-				t.Errorf("Expected Issuer %s but got %s\n", test.issuer, cert.Issuer.String())
 			}
 		})
 	}