github.com/dougm/docker@v1.5.0/integration/https_test.go

github.com/dougm/docker@v1.5.0/integration/https_test.go (about)

     1  package docker
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"io/ioutil"
     7  	"strings"
     8  	"testing"
     9  	"time"
    10  
    11  	"github.com/docker/docker/api/client"
    12  )
    13  
    14  const (
    15  	errBadCertificate = "remote error: bad certificate"
    16  	errCaUnknown      = "x509: certificate signed by unknown authority"
    17  )
    18  
    19  func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config {
    20  	certPool := x509.NewCertPool()
    21  	file, err := ioutil.ReadFile("fixtures/https/ca.pem")
    22  	if err != nil {
    23  		t.Fatal(err)
    24  	}
    25  	certPool.AppendCertsFromPEM(file)
    26  
    27  	cert, err := tls.LoadX509KeyPair("fixtures/https/"+certFile, "fixtures/https/"+keyFile)
    28  	if err != nil {
    29  		t.Fatalf("Couldn't load X509 key pair: %s", err)
    30  	}
    31  	tlsConfig := &tls.Config{
    32  		RootCAs:      certPool,
    33  		Certificates: []tls.Certificate{cert},
    34  	}
    35  	return tlsConfig
    36  }
    37  
    38  // TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint
    39  func TestHttpsInfo(t *testing.T) {
    40  	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
    41  		testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
    42  
    43  	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
    44  		if err := cli.CmdInfo(); err != nil {
    45  			t.Fatal(err)
    46  		}
    47  	})
    48  }
    49  
    50  // TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
    51  // by using a rogue client certificate and checks that it fails with the expected error.
    52  func TestHttpsInfoRogueCert(t *testing.T) {
    53  	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
    54  		testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t))
    55  
    56  	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
    57  		err := cli.CmdInfo()
    58  		if err == nil {
    59  			t.Fatal("Expected error but got nil")
    60  		}
    61  		if !strings.Contains(err.Error(), errBadCertificate) {
    62  			t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err)
    63  		}
    64  	})
    65  }
    66  
    67  // TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
    68  // which provides a rogue server certificate and checks that it fails with the expected error
    69  func TestHttpsInfoRogueServerCert(t *testing.T) {
    70  	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
    71  		testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
    72  
    73  	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
    74  		err := cli.CmdInfo()
    75  		if err == nil {
    76  			t.Fatal("Expected error but got nil")
    77  		}
    78  
    79  		if !strings.Contains(err.Error(), errCaUnknown) {
    80  			t.Fatalf("Expected error: %s, got instead: %s", errCaUnknown, err)
    81  		}
    82  
    83  	})
    84  }