| 174 | } |
| 175 | |
| 176 | func createSecureMockServerAndClient(handler http.Handler) (*httptest.Server, *http.Client, error) { |
| 177 | client := http.DefaultClient |
| 178 | server := httptest.NewTLSServer(handler) |
| 179 | |
| 180 | cert, err := x509.ParseCertificate(server.TLS.Certificates[0].Certificate[0]) |
| 181 | if err != nil { |
| 182 | server.Close() |
| 183 | return nil, nil, err |
| 184 | } |
| 185 | |
| 186 | certpool := x509.NewCertPool() |
| 187 | certpool.AddCert(cert) |
| 188 | |
| 189 | client.Transport = &http.Transport{ |
| 190 | DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { |
| 191 | return net.Dial("tcp", server.URL[strings.LastIndex(server.URL, "/")+1:]) |
| 192 | }, |
| 193 | TLSClientConfig: &tls.Config{ |
| 194 | RootCAs: certpool, |
| 195 | }, |
| 196 | } |
| 197 | |
| 198 | return server, client, nil |
| 199 | } |
| 200 | |
| 201 | func FuzzNewAccessValidator(f *testing.F) { |
| 202 | f.Fuzz(func(t *testing.T, domain string, issuer string, applicationAUD string) { |