gitlab.com/jfprevost/gitlab-runner-notlscheck@v11.11.4+incompatible/helpers/certificate/x509_test.go

gitlab.com/jfprevost/gitlab-runner-notlscheck@v11.11.4+incompatible/helpers/certificate/x509_test.go (about)

     1  package certificate
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"net"
     7  	"net/http"
     8  	"testing"
     9  
    10  	"github.com/stretchr/testify/assert"
    11  	"github.com/stretchr/testify/require"
    12  )
    13  
    14  func TestCertificate(t *testing.T) {
    15  	listener, err := net.Listen("tcp", "127.0.0.1:0")
    16  	require.NoError(t, err)
    17  
    18  	gen := X509Generator{}
    19  	cert, pem, err := gen.Generate("127.0.0.1")
    20  
    21  	tlsConfig := tls.Config{
    22  		Certificates: []tls.Certificate{cert},
    23  	}
    24  	tlsListener := tls.NewListener(listener, &tlsConfig)
    25  
    26  	srv := http.Server{
    27  		Addr: tlsListener.Addr().String(),
    28  	}
    29  	go func() {
    30  		err := srv.Serve(tlsListener)
    31  		require.EqualError(t, err, "http: Server closed")
    32  	}()
    33  	defer srv.Close()
    34  
    35  	caCertPool := x509.NewCertPool()
    36  	caCertPool.AppendCertsFromPEM(pem)
    37  
    38  	tlsClient := &http.Client{
    39  		Transport: &http.Transport{
    40  			TLSClientConfig: &tls.Config{
    41  				RootCAs: caCertPool,
    42  			},
    43  		},
    44  	}
    45  
    46  	req, err := http.NewRequest(http.MethodPost, "https://"+srv.Addr, nil)
    47  	require.NoError(t, err)
    48  
    49  	_, err = tlsClient.Do(req)
    50  	assert.NoError(t, err)
    51  
    52  	// Client with no Root CA
    53  	client := &http.Client{}
    54  	req, err = http.NewRequest(http.MethodPost, "https://"+srv.Addr, nil)
    55  	require.NoError(t, err)
    56  
    57  	_, err = client.Do(req)
    58  	assert.Error(t, err)
    59  	assert.Contains(t, err.Error(), "certificate signed by unknown authority")
    60  }