blob: c67ed9605633ec38e84b2213f1cdd90ccdb7d1e6 [file] [log] [blame]
// Copyright 2020 Google LLC.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package idtoken
import (
"net/http"
"sync"
"testing"
"time"
)
type fakeClock struct {
mu sync.Mutex
t time.Time
}
func (c *fakeClock) Now() time.Time {
c.mu.Lock()
defer c.mu.Unlock()
return c.t
}
func (c *fakeClock) Sleep(d time.Duration) {
c.mu.Lock()
defer c.mu.Unlock()
c.t = c.t.Add(d)
}
func TestCacheHit(t *testing.T) {
clock := &fakeClock{t: time.Now()}
dummyResp := &certResponse{
Keys: []jwk{
{
Kid: "123",
},
},
}
cache := newCachingClient(nil)
cache.clock = clock.Now
// Cache should be empty
cert, ok := cache.get(googleSACertsURL)
if ok || cert != nil {
t.Fatal("cache for SA certs should be empty")
}
// Add an item, but make it expire now
cache.set(googleSACertsURL, dummyResp, make(http.Header))
clock.Sleep(time.Nanosecond) // it expires when current time is > expiration, not >=
cert, ok = cache.get(googleSACertsURL)
if ok || cert != nil {
t.Fatal("cache for SA certs should be expired")
}
// Add an item that expires in 1 seconds
h := make(http.Header)
h.Set("age", "0")
h.Set("cache-control", "public, max-age=1, must-revalidate, no-transform")
cache.set(googleSACertsURL, dummyResp, h)
cert, ok = cache.get(googleSACertsURL)
if !ok || cert == nil || cert.Keys[0].Kid != "123" {
t.Fatal("cache for SA certs have a resp")
}
// Wait
clock.Sleep(2 * time.Second)
cert, ok = cache.get(googleSACertsURL)
if ok || cert != nil {
t.Fatal("cache for SA certs should be expired")
}
}