MCPcopy
hub / github.com/fabiolb/fabio / testSource

Function testSource

cert/source_test.go:559–616  ·  view source on GitHub ↗

testSource runs an integration test by making an HTTPS request to https://localhost/ expecting that the source provides a valid certificate for "localhost". rootCAs is expected to contain a valid root certificate or the server certificate itself so that the HTTPS client can validate the certificate

(t *testing.T, source Source, rootCAs *x509.CertPool, sleep time.Duration)

Source from the content-addressed store, hash-verified

557// the HTTPS client can validate the certificate presented by the
558// server.
559func testSource(t *testing.T, source Source, rootCAs *x509.CertPool, sleep time.Duration) {
560 const NoStrictMatch = false
561 srvConfig, err := TLSConfig(source, NoStrictMatch, 0, 0, nil)
562 if err != nil {
563 t.Fatalf("TLSConfig: got %q want nil", err)
564 }
565
566 // give the source some time to initialize if necessary
567 time.Sleep(sleep)
568
569 // create an http client that will accept the root CAs
570 // otherwise the HTTPS client will not verify the
571 // certificate presented by the server.
572 http11 := http11Client(rootCAs)
573 http20, err := http20Client(rootCAs)
574 if err != nil {
575 t.Fatal("http20Client: ", err)
576 }
577
578 // disable log output for the next call to prevent
579 // confusing log messages since they are expected
580 // http: TLS handshake error from 127.0.0.1:55044: remote error: bad certificate
581 log.SetOutput(io.Discard)
582 defer log.SetOutput(os.Stderr)
583
584 // fail calls https://localhost.org/ for which certificate validation
585 // should fail since the hostname differs from the one in the certificate.
586 fail := func(client *http.Client) {
587 _, _, err := roundtrip("localhost.org", srvConfig, client)
588 got, want := err, "x509: certificate is valid for localhost, not localhost.org"
589 if got == nil || !strings.Contains(got.Error(), want) {
590 t.Fatalf("got %q want %q", got, want)
591 }
592 }
593
594 // succeed executes a roundtrip to https://localhost/ which
595 // should return 200 OK and wantBody.
596 succeed := func(client *http.Client, wantBody string) {
597 code, body, err := roundtrip("localhost", srvConfig, client)
598 if err != nil {
599 t.Fatalf("got %v want nil", err)
600 }
601 if got, want := code, 200; got != want {
602 t.Fatalf("got %v want %v", got, want)
603 }
604 if got, want := body, wantBody; got != want {
605 t.Fatalf("got %v want %v", got, want)
606 }
607 }
608
609 // make a call for which certificate validation succeeds.
610 succeed(http11, "OK HTTP/1.1")
611 succeed(http20, "OK HTTP/2.0")
612
613 // now make the call that should fail.
614 fail(http11)
615 fail(http20)
616}

Callers 7

TestStaticSourceFunction · 0.85
TestFileSourceFunction · 0.85
TestPathSourceFunction · 0.85
TestHTTPSourceFunction · 0.85
TestConsulSourceFunction · 0.85
TestVaultSourceFunction · 0.85
TestVaultPKISourceFunction · 0.85

Calls 6

TLSConfigFunction · 0.85
http11ClientFunction · 0.85
http20ClientFunction · 0.85
roundtripFunction · 0.85
FatalMethod · 0.80
ErrorMethod · 0.80

Tested by

no test coverage detected