github.com/erriapo/docker@v1.6.0-rc2/integration/https_test.go (about) 1 package docker 2 3 import ( 4 "crypto/tls" 5 "crypto/x509" 6 "io/ioutil" 7 "strings" 8 "testing" 9 "time" 10 11 "github.com/docker/docker/api/client" 12 ) 13 14 const ( 15 errBadCertificate = "remote error: bad certificate" 16 errCaUnknown = "x509: certificate signed by unknown authority" 17 ) 18 19 func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config { 20 certPool := x509.NewCertPool() 21 file, err := ioutil.ReadFile("fixtures/https/ca.pem") 22 if err != nil { 23 t.Fatal(err) 24 } 25 certPool.AppendCertsFromPEM(file) 26 27 cert, err := tls.LoadX509KeyPair("fixtures/https/"+certFile, "fixtures/https/"+keyFile) 28 if err != nil { 29 t.Fatalf("Couldn't load X509 key pair: %s", err) 30 } 31 tlsConfig := &tls.Config{ 32 RootCAs: certPool, 33 Certificates: []tls.Certificate{cert}, 34 } 35 return tlsConfig 36 } 37 38 // TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint 39 func TestHttpsInfo(t *testing.T) { 40 cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto, 41 testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t)) 42 43 setTimeout(t, "Reading command output time out", 10*time.Second, func() { 44 if err := cli.CmdInfo(); err != nil { 45 t.Fatal(err) 46 } 47 }) 48 } 49 50 // TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint 51 // by using a rogue client certificate and checks that it fails with the expected error. 52 func TestHttpsInfoRogueCert(t *testing.T) { 53 cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto, 54 testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t)) 55 56 setTimeout(t, "Reading command output time out", 10*time.Second, func() { 57 err := cli.CmdInfo() 58 if err == nil { 59 t.Fatal("Expected error but got nil") 60 } 61 if !strings.Contains(err.Error(), errBadCertificate) { 62 t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err) 63 } 64 }) 65 } 66 67 // TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint 68 // which provides a rogue server certificate and checks that it fails with the expected error 69 func TestHttpsInfoRogueServerCert(t *testing.T) { 70 cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto, 71 testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t)) 72 73 setTimeout(t, "Reading command output time out", 10*time.Second, func() { 74 err := cli.CmdInfo() 75 if err == nil { 76 t.Fatal("Expected error but got nil") 77 } 78 79 if !strings.Contains(err.Error(), errCaUnknown) { 80 t.Fatalf("Expected error: %s, got instead: %s", errCaUnknown, err) 81 } 82 83 }) 84 }