github.com/secure-build/gitlab-runner@v12.5.0+incompatible/helpers/certificate/x509_test.go

github.com/secure-build/gitlab-runner@v12.5.0+incompatible/helpers/certificate/x509_test.go (about)

     1  package certificate
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"net"
     7  	"net/http"
     8  	"testing"
     9  
    10  	"github.com/stretchr/testify/assert"
    11  	"github.com/stretchr/testify/require"
    12  )
    13  
    14  func TestCertificate(t *testing.T) {
    15  	listener, err := net.Listen("tcp", "127.0.0.1:0")
    16  	require.NoError(t, err)
    17  
    18  	gen := X509Generator{}
    19  	cert, pem, err := gen.Generate("127.0.0.1")
    20  	require.NoError(t, err)
    21  
    22  	tlsConfig := tls.Config{
    23  		Certificates: []tls.Certificate{cert},
    24  	}
    25  	tlsListener := tls.NewListener(listener, &tlsConfig)
    26  
    27  	srv := http.Server{
    28  		Addr: tlsListener.Addr().String(),
    29  	}
    30  	go func() {
    31  		err := srv.Serve(tlsListener)
    32  		require.EqualError(t, err, "http: Server closed")
    33  	}()
    34  	defer srv.Close()
    35  
    36  	caCertPool := x509.NewCertPool()
    37  	caCertPool.AppendCertsFromPEM(pem)
    38  
    39  	tlsClient := &http.Client{
    40  		Transport: &http.Transport{
    41  			TLSClientConfig: &tls.Config{
    42  				RootCAs: caCertPool,
    43  			},
    44  		},
    45  	}
    46  
    47  	req, err := http.NewRequest(http.MethodPost, "https://"+srv.Addr, nil)
    48  	require.NoError(t, err)
    49  
    50  	_, err = tlsClient.Do(req)
    51  	assert.NoError(t, err)
    52  
    53  	// Client with no Root CA
    54  	client := &http.Client{}
    55  	req, err = http.NewRequest(http.MethodPost, "https://"+srv.Addr, nil)
    56  	require.NoError(t, err)
    57  
    58  	_, err = client.Do(req)
    59  	assert.Error(t, err)
    60  	assert.Contains(t, err.Error(), "certificate signed by unknown authority")
    61  }