auth/idtoken/cache_test.go - gocloud - Git at Google

 // Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package idtoken

 import (
 	"net/http"
 	"sync"
 	"testing"
 	"time"
 )

 type fakeClock struct {
 	mu sync.Mutex
 	t  time.Time
 }

 func (c *fakeClock) Now() time.Time {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	return c.t
 }

 func (c *fakeClock) Sleep(d time.Duration) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	c.t = c.t.Add(d)
 }

 func TestCacheHit(t *testing.T) {
 	clock := &fakeClock{t: time.Now()}
 	fakeResp := &certResponse{
 		Keys: []jwk{
 			{
 				Kid: "123",
 			},
 		},
 	}
 	cache := newCachingClient(nil)
 	cache.clock = clock.Now

 	// Cache should be empty
 	cert, ok := cache.get(googleSACertsURL)
 	if ok || cert != nil {
 		t.Fatal("cache for SA certs should be empty")
 	}

 	// Add an item, but make it expire now
 	cache.set(googleSACertsURL, fakeResp, make(http.Header))
 	clock.Sleep(time.Nanosecond) // it expires when current time is > expiration, not >=
 	cert, ok = cache.get(googleSACertsURL)
 	if ok || cert != nil {
 		t.Fatal("cache for SA certs should be expired")
 	}

 	// Add an item that expires in 1 seconds
 	h := make(http.Header)
 	h.Set("age", "0")
 	h.Set("cache-control", "public, max-age=1, must-revalidate, no-transform")
 	cache.set(googleSACertsURL, fakeResp, h)
 	cert, ok = cache.get(googleSACertsURL)
 	if !ok || cert == nil || cert.Keys[0].Kid != "123" {
 		t.Fatal("cache for SA certs have a resp")
 	}
 	// Wait
 	clock.Sleep(2 * time.Second)
 	cert, ok = cache.get(googleSACertsURL)
 	if ok || cert != nil {
 		t.Fatal("cache for SA certs should be expired")
 	}
 }
	// Copyright 2023 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package idtoken

	import (
	"net/http"
	"sync"
	"testing"
	"time"
	)

	type fakeClock struct {
	mu sync.Mutex
	t time.Time
	}

	func (c *fakeClock) Now() time.Time {
	c.mu.Lock()
	defer c.mu.Unlock()
	return c.t
	}

	func (c *fakeClock) Sleep(d time.Duration) {
	c.mu.Lock()
	defer c.mu.Unlock()
	c.t = c.t.Add(d)
	}

	func TestCacheHit(t *testing.T) {
	clock := &fakeClock{t: time.Now()}
	fakeResp := &certResponse{
	Keys: []jwk{
	{
	Kid: "123",
	},
	},
	}
	cache := newCachingClient(nil)
	cache.clock = clock.Now

	// Cache should be empty
	cert, ok := cache.get(googleSACertsURL)
	if ok \|\| cert != nil {
	t.Fatal("cache for SA certs should be empty")
	}

	// Add an item, but make it expire now
	cache.set(googleSACertsURL, fakeResp, make(http.Header))
	clock.Sleep(time.Nanosecond) // it expires when current time is > expiration, not >=
	cert, ok = cache.get(googleSACertsURL)
	if ok \|\| cert != nil {
	t.Fatal("cache for SA certs should be expired")
	}

	// Add an item that expires in 1 seconds
	h := make(http.Header)
	h.Set("age", "0")
	h.Set("cache-control", "public, max-age=1, must-revalidate, no-transform")
	cache.set(googleSACertsURL, fakeResp, h)
	cert, ok = cache.get(googleSACertsURL)
	if !ok \|\| cert == nil \|\| cert.Keys[0].Kid != "123" {
	t.Fatal("cache for SA certs have a resp")
	}
	// Wait
	clock.Sleep(2 * time.Second)
	cert, ok = cache.get(googleSACertsURL)
	if ok \|\| cert != nil {
	t.Fatal("cache for SA certs should be expired")
	}
	}