Skip to content

Commit

Permalink
config: extend validity of testdata certs (#186)
Browse files Browse the repository at this point in the history
Signed-off-by: Simon Pasquier <[email protected]>
  • Loading branch information
simonpasquier authored Apr 5, 2019
1 parent 5df5c82 commit a82f4c1
Show file tree
Hide file tree
Showing 8 changed files with 385 additions and 383 deletions.
82 changes: 41 additions & 41 deletions config/http_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,9 @@ const (
TLSCAChainPath = "testdata/tls-ca-chain.pem"
ServerCertificatePath = "testdata/server.crt"
ServerKeyPath = "testdata/server.key"
BarneyCertificatePath = "testdata/barney.crt"
BarneyKeyNoPassPath = "testdata/barney-no-pass.key"
InvalidCA = "testdata/barney-no-pass.key"
ClientCertificatePath = "testdata/client.crt"
ClientKeyNoPassPath = "testdata/client-no-pass.key"
InvalidCA = "testdata/client-no-pass.key"
WrongClientCertPath = "testdata/self-signed-client.crt"
WrongClientKeyPath = "testdata/self-signed-client.key"
EmptyFile = "testdata/empty"
Expand Down Expand Up @@ -113,8 +113,8 @@ func TestNewClientFromConfig(t *testing.T) {
clientConfig: HTTPClientConfig{
TLSConfig: TLSConfig{
CAFile: "",
CertFile: BarneyCertificatePath,
KeyFile: BarneyKeyNoPassPath,
CertFile: ClientCertificatePath,
KeyFile: ClientKeyNoPassPath,
ServerName: "",
InsecureSkipVerify: true},
},
Expand All @@ -125,8 +125,8 @@ func TestNewClientFromConfig(t *testing.T) {
clientConfig: HTTPClientConfig{
TLSConfig: TLSConfig{
CAFile: TLSCAChainPath,
CertFile: BarneyCertificatePath,
KeyFile: BarneyKeyNoPassPath,
CertFile: ClientCertificatePath,
KeyFile: ClientKeyNoPassPath,
ServerName: "",
InsecureSkipVerify: false},
},
Expand All @@ -138,8 +138,8 @@ func TestNewClientFromConfig(t *testing.T) {
BearerToken: BearerToken,
TLSConfig: TLSConfig{
CAFile: TLSCAChainPath,
CertFile: BarneyCertificatePath,
KeyFile: BarneyKeyNoPassPath,
CertFile: ClientCertificatePath,
KeyFile: ClientKeyNoPassPath,
ServerName: "",
InsecureSkipVerify: false},
},
Expand All @@ -157,8 +157,8 @@ func TestNewClientFromConfig(t *testing.T) {
BearerTokenFile: BearerTokenFile,
TLSConfig: TLSConfig{
CAFile: TLSCAChainPath,
CertFile: BarneyCertificatePath,
KeyFile: BarneyKeyNoPassPath,
CertFile: ClientCertificatePath,
KeyFile: ClientKeyNoPassPath,
ServerName: "",
InsecureSkipVerify: false},
},
Expand All @@ -179,8 +179,8 @@ func TestNewClientFromConfig(t *testing.T) {
},
TLSConfig: TLSConfig{
CAFile: TLSCAChainPath,
CertFile: BarneyCertificatePath,
KeyFile: BarneyKeyNoPassPath,
CertFile: ClientCertificatePath,
KeyFile: ClientKeyNoPassPath,
ServerName: "",
InsecureSkipVerify: false},
},
Expand Down Expand Up @@ -274,8 +274,8 @@ func TestMissingBearerAuthFile(t *testing.T) {
BearerTokenFile: MissingBearerTokenFile,
TLSConfig: TLSConfig{
CAFile: TLSCAChainPath,
CertFile: BarneyCertificatePath,
KeyFile: BarneyKeyNoPassPath,
CertFile: ClientCertificatePath,
KeyFile: ClientKeyNoPassPath,
ServerName: "",
InsecureSkipVerify: false},
}
Expand Down Expand Up @@ -361,8 +361,8 @@ func TestBearerAuthFileRoundTripper(t *testing.T) {
func TestTLSConfig(t *testing.T) {
configTLSConfig := TLSConfig{
CAFile: TLSCAChainPath,
CertFile: BarneyCertificatePath,
KeyFile: BarneyKeyNoPassPath,
CertFile: ClientCertificatePath,
KeyFile: ClientKeyNoPassPath,
ServerName: "localhost",
InsecureSkipVerify: false}

Expand All @@ -384,17 +384,17 @@ func TestTLSConfig(t *testing.T) {
t.Fatalf("Can't create a new TLS Config from a configuration (%s).", err)
}

barneyCertificate, err := tls.LoadX509KeyPair(BarneyCertificatePath, BarneyKeyNoPassPath)
clientCertificate, err := tls.LoadX509KeyPair(ClientCertificatePath, ClientKeyNoPassPath)
if err != nil {
t.Fatalf("Can't load the client key pair ('%s' and '%s'). Reason: %s",
BarneyCertificatePath, BarneyKeyNoPassPath, err)
ClientCertificatePath, ClientKeyNoPassPath, err)
}
cert, err := tlsConfig.GetClientCertificate(nil)
if err != nil {
t.Fatalf("unexpected error returned by tlsConfig.GetClientCertificate(): %s", err)
}
if !reflect.DeepEqual(cert, &barneyCertificate) {
t.Fatalf("Unexpected client certificate result: \n\n%+v\n expected\n\n%+v", cert, barneyCertificate)
if !reflect.DeepEqual(cert, &clientCertificate) {
t.Fatalf("Unexpected client certificate result: \n\n%+v\n expected\n\n%+v", cert, clientCertificate)
}

// non-nil functions are never equal.
Expand Down Expand Up @@ -440,18 +440,18 @@ func TestTLSConfigInvalidCA(t *testing.T) {
configTLSConfig: TLSConfig{
CAFile: "",
CertFile: MissingCert,
KeyFile: BarneyKeyNoPassPath,
KeyFile: ClientKeyNoPassPath,
ServerName: "",
InsecureSkipVerify: false},
errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", MissingCert, BarneyKeyNoPassPath),
errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", MissingCert, ClientKeyNoPassPath),
}, {
configTLSConfig: TLSConfig{
CAFile: "",
CertFile: BarneyCertificatePath,
CertFile: ClientCertificatePath,
KeyFile: MissingKey,
ServerName: "",
InsecureSkipVerify: false},
errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", BarneyCertificatePath, MissingKey),
errorMessage: fmt.Sprintf("unable to use specified client cert (%s) & key (%s):", ClientCertificatePath, MissingKey),
},
}

Expand Down Expand Up @@ -548,8 +548,8 @@ func TestBasicAuthPasswordFile(t *testing.T) {
func getCertificateBlobs(t *testing.T) map[string][]byte {
files := []string{
TLSCAChainPath,
BarneyCertificatePath,
BarneyKeyNoPassPath,
ClientCertificatePath,
ClientKeyNoPassPath,
ServerCertificatePath,
ServerKeyPath,
WrongClientCertPath,
Expand Down Expand Up @@ -608,14 +608,14 @@ func TestTLSRoundTripper(t *testing.T) {
{
// Valid certs.
ca: TLSCAChainPath,
cert: BarneyCertificatePath,
key: BarneyKeyNoPassPath,
cert: ClientCertificatePath,
key: ClientKeyNoPassPath,
},
{
// CA not matching.
ca: BarneyCertificatePath,
cert: BarneyCertificatePath,
key: BarneyKeyNoPassPath,
ca: ClientCertificatePath,
cert: ClientCertificatePath,
key: ClientKeyNoPassPath,

errMsg: "certificate signed by unknown authority",
},
Expand All @@ -630,32 +630,32 @@ func TestTLSRoundTripper(t *testing.T) {
{
// CA file empty
ca: EmptyFile,
cert: BarneyCertificatePath,
key: BarneyKeyNoPassPath,
cert: ClientCertificatePath,
key: ClientKeyNoPassPath,

errMsg: "unable to use specified CA cert",
},
{
// cert file empty
ca: TLSCAChainPath,
cert: EmptyFile,
key: BarneyKeyNoPassPath,
key: ClientKeyNoPassPath,

errMsg: "failed to find any PEM data in certificate input",
},
{
// key file empty
ca: TLSCAChainPath,
cert: BarneyCertificatePath,
cert: ClientCertificatePath,
key: EmptyFile,

errMsg: "failed to find any PEM data in key input",
},
{
// Valid certs again.
ca: TLSCAChainPath,
cert: BarneyCertificatePath,
key: BarneyKeyNoPassPath,
cert: ClientCertificatePath,
key: ClientKeyNoPassPath,
},
}

Expand Down Expand Up @@ -745,8 +745,8 @@ func TestTLSRoundTripperRaces(t *testing.T) {

var c *http.Client
writeCertificate(bs, TLSCAChainPath, ca)
writeCertificate(bs, BarneyCertificatePath, cert)
writeCertificate(bs, BarneyKeyNoPassPath, key)
writeCertificate(bs, ClientCertificatePath, cert)
writeCertificate(bs, ClientKeyNoPassPath, key)
c, err = NewClientFromConfig(cfg, "test")
if err != nil {
t.Fatalf("Error creating HTTP Client: %v", err)
Expand Down Expand Up @@ -785,7 +785,7 @@ func TestTLSRoundTripperRaces(t *testing.T) {
tick := time.NewTicker(10 * time.Millisecond)
<-tick.C
if i%2 == 0 {
writeCertificate(bs, BarneyCertificatePath, ca)
writeCertificate(bs, ClientCertificatePath, ca)
} else {
writeCertificate(bs, TLSCAChainPath, ca)
}
Expand Down
27 changes: 0 additions & 27 deletions config/testdata/barney-no-pass.key

This file was deleted.

96 changes: 0 additions & 96 deletions config/testdata/barney.crt

This file was deleted.

28 changes: 28 additions & 0 deletions config/testdata/client-no-pass.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC307b8Il9zajKw
mkOih8sfYI+O9gSTvvyQN7Bh+Bu6lLN+XhtRxt+ZqOHfqo30EuPmdScMrqregqup
VPGKgfkXVP3hF5rYdWqZx4XOKdyxbaarZupkAv2gtVNEBSmVSj8urt5WZOJVnF7Q
GmhCAHpx34L5CCPYDXJBd5ExLwGIByKxQNugor7dJx8ehmVkGKto01GWjgY+sPYp
lV9KxvD49ygXYQ6VAqgt/V2EG/PMmT0/jUtmM2tYDFztPkSISJg0vB/f9zHlYIdD
GjkBjngekAij77T93xEuouox25UtXmg6ApqvDVEiBxZmN5Dt70HBsQ+IftENEUoY
8jhrImwBAgMBAAECggEBAJNlgjK3SPvdKlnqx9KZuagmH9YMs+zX1eG5lYdojqtT
snzf7l3q7b1i6gIS2pHbV7uhMjd8EmwqMIStJKPfxaAMuSj0aWeo9lnp3wNJE7l8
54hGFCkvMLjcy7Adx5L6HqFK++IgME9e+7M3iWNqyMNn6bfO7Ba/6V5PBi9+tmaf
nZWqgY2Kf8A2iNnm9RvmiwQ42nsjVsKcXzGdBmFTp69ar/QWtk1dWDajUVw/NctM
cs+IypPjZiAE3CgyyiLKzG9CWCjkfMEd14uxFE73q2SAG6RWYSnv1M3WOupAF0rP
ll/NMXaMjLlq2q3B9v2ZAaojbbWlHLDdEpE/jwXkkwECgYEA5iWN7SGH8ZE6wDfO
EYuTQKpqYt1WbCQxv77leuGcm1KlFYfV8LsB/9xiocVtGm7N126zuwfgzfkIZWQD
KrpoFUkz1jUg+kHCqf4FO8hzR0By3hbdTImJQILtC/K3fHJtexFKiW82mb40lgYc
+Mk6Nb5CmL6VCX5u8MNBvD8WaLECgYEAzHofIneLLLqF2f2uVzF743CdgP1h0fPI
BS3akp56/8qzQWNW+natJRxiTh2R8gdvB+P/UtEZR8E+FbSzZ4dIRrxIi44ew0Cr
sROaP4LkaZFflKS/fD8S1M7yZQhussRoRWH0BDvM0hsu6UTGlESHX73b7js4AHpB
2q4frJMTDFECgYBr2f2Aus3yLpTRr1Uqc7Y1/6aLXh4531xQ9yyjQUcaosgqJtXj
Uj/Fn4m5NcPDN1nPM1mWtEJtQ97jZNL3GxPbpcpc/9jMbjTDZP8e3Pjo0xMBcMWU
MH/Zc4GSr9O8xgL4QUokzbFQqwoJpCO/ks1skhSzb9x37oAe4+HSTd46gQKBgQCk
+9hJSCl8kpdTl5Nm+R9cGU6MeGXIMKnwO9pDOSpHX7cZCF1yw/Tan7dWDhfnMEZP
GJC3ss1yDyLYArBK1WXk5SCnsalyo6ikvQtVOXixEUIMvo1eY8n++WetS4t+JGl5
qhponBOcZ6CHSR3tHgoYnyloZFHAWOTv3FTkOttAsQKBgQCzWSO2TA4v/vIKIrSV
Lf2cI51imcy/JCsYUU+o66VQ6QdIJlfamuAKaKYAwfJtHtZOzAgrh09JV3qEEtN5
duBdXiuygAz8eHbqSoSe5FYgImI0BREDq8Zm3ArgUhv6S9aBeg/mS1W/5ZfmV2cT
0MdlE8vUtcbDkmKpi7CaklzMNw==
-----END PRIVATE KEY-----
Loading

0 comments on commit a82f4c1

Please sign in to comment.