(t *testing.T)
| 186 | } |
| 187 | |
| 188 | func TestMutuallyAuthenticatedFailure(t *testing.T) { |
| 189 | caPrivKey, caCert, caCertBytes, err := createCA() |
| 190 | if err != nil { |
| 191 | assert.Fail(t, "failed to create CA", err) |
| 192 | return |
| 193 | } |
| 194 | serverPrivKey, serverCert, err := createSignedCert( |
| 195 | []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
| 196 | caPrivKey, |
| 197 | caCert, |
| 198 | ) |
| 199 | if err != nil { |
| 200 | assert.Fail(t, "failed to create server cert", err) |
| 201 | return |
| 202 | } |
| 203 | |
| 204 | clientCaPriv, clientCaCert, _, err := createCA() |
| 205 | if err != nil { |
| 206 | assert.Fail(t, "failed to create client CA", err) |
| 207 | return |
| 208 | } |
| 209 | clientPrivKey, clientCert, err := createSignedCert( |
| 210 | []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, |
| 211 | clientCaPriv, |
| 212 | clientCaCert, |
| 213 | ) |
| 214 | if err != nil { |
| 215 | assert.Fail(t, "failed to create server cert", err) |
| 216 | return |
| 217 | } |
| 218 | |
| 219 | clientConfig, serverConfig := createClientServerConfig(t) |
| 220 | clientConfig.URL = "https://127.0.0.1:8080" |
| 221 | clientConfig.CACert = string(caCertBytes) |
| 222 | clientConfig.ClientCert = string(clientCert) |
| 223 | clientConfig.ClientKey = string(clientPrivKey) |
| 224 | serverConfig.Key = string(serverPrivKey) |
| 225 | serverConfig.Cert = string(serverCert) |
| 226 | //Pass wrong client CA cert to test failure |
| 227 | serverConfig.ClientCACert = string(caCertBytes) |
| 228 | |
| 229 | message := "Hi" |
| 230 | |
| 231 | if _, _, err = runRequest(clientConfig, serverConfig, t, message); err == nil { |
| 232 | assert.Fail(t, "Client request with invalid CA verification did not fail.") |
| 233 | return |
| 234 | } |
| 235 | } |
| 236 | |
| 237 | func createCA() (*rsa.PrivateKey, *x509.Certificate, []byte, error) { |
| 238 | ca := &x509.Certificate{ |
nothing calls this directly
no test coverage detected