testSource runs an integration test by making an HTTPS request to https://localhost/ expecting that the source provides a valid certificate for "localhost". rootCAs is expected to contain a valid root certificate or the server certificate itself so that the HTTPS client can validate the certificate
(t *testing.T, source Source, rootCAs *x509.CertPool, sleep time.Duration)
| 557 | // the HTTPS client can validate the certificate presented by the |
| 558 | // server. |
| 559 | func testSource(t *testing.T, source Source, rootCAs *x509.CertPool, sleep time.Duration) { |
| 560 | const NoStrictMatch = false |
| 561 | srvConfig, err := TLSConfig(source, NoStrictMatch, 0, 0, nil) |
| 562 | if err != nil { |
| 563 | t.Fatalf("TLSConfig: got %q want nil", err) |
| 564 | } |
| 565 | |
| 566 | // give the source some time to initialize if necessary |
| 567 | time.Sleep(sleep) |
| 568 | |
| 569 | // create an http client that will accept the root CAs |
| 570 | // otherwise the HTTPS client will not verify the |
| 571 | // certificate presented by the server. |
| 572 | http11 := http11Client(rootCAs) |
| 573 | http20, err := http20Client(rootCAs) |
| 574 | if err != nil { |
| 575 | t.Fatal("http20Client: ", err) |
| 576 | } |
| 577 | |
| 578 | // disable log output for the next call to prevent |
| 579 | // confusing log messages since they are expected |
| 580 | // http: TLS handshake error from 127.0.0.1:55044: remote error: bad certificate |
| 581 | log.SetOutput(io.Discard) |
| 582 | defer log.SetOutput(os.Stderr) |
| 583 | |
| 584 | // fail calls https://localhost.org/ for which certificate validation |
| 585 | // should fail since the hostname differs from the one in the certificate. |
| 586 | fail := func(client *http.Client) { |
| 587 | _, _, err := roundtrip("localhost.org", srvConfig, client) |
| 588 | got, want := err, "x509: certificate is valid for localhost, not localhost.org" |
| 589 | if got == nil || !strings.Contains(got.Error(), want) { |
| 590 | t.Fatalf("got %q want %q", got, want) |
| 591 | } |
| 592 | } |
| 593 | |
| 594 | // succeed executes a roundtrip to https://localhost/ which |
| 595 | // should return 200 OK and wantBody. |
| 596 | succeed := func(client *http.Client, wantBody string) { |
| 597 | code, body, err := roundtrip("localhost", srvConfig, client) |
| 598 | if err != nil { |
| 599 | t.Fatalf("got %v want nil", err) |
| 600 | } |
| 601 | if got, want := code, 200; got != want { |
| 602 | t.Fatalf("got %v want %v", got, want) |
| 603 | } |
| 604 | if got, want := body, wantBody; got != want { |
| 605 | t.Fatalf("got %v want %v", got, want) |
| 606 | } |
| 607 | } |
| 608 | |
| 609 | // make a call for which certificate validation succeeds. |
| 610 | succeed(http11, "OK HTTP/1.1") |
| 611 | succeed(http20, "OK HTTP/2.0") |
| 612 | |
| 613 | // now make the call that should fail. |
| 614 | fail(http11) |
| 615 | fail(http20) |
| 616 | } |
no test coverage detected