MCPcopy
hub / github.com/pingcap/tidb / TestStatusAPIWithTLSCNCheck

Function TestStatusAPIWithTLSCNCheck

pkg/server/tests/tls/tls_test.go:562–626  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

560}
561
562func TestStatusAPIWithTLSCNCheck(t *testing.T) {
563 ts := servertestkit.CreateTidbTestSuite(t)
564
565 dir := t.TempDir()
566
567 caPath := filepath.Join(dir, "ca-cert-cn.pem")
568 serverKeyPath := filepath.Join(dir, "server-key-cn.pem")
569 serverCertPath := filepath.Join(dir, "server-cert-cn.pem")
570 client1KeyPath := filepath.Join(dir, "client-key-cn-check-a.pem")
571 client1CertPath := filepath.Join(dir, "client-cert-cn-check-a.pem")
572 client2KeyPath := filepath.Join(dir, "client-key-cn-check-b.pem")
573 client2CertPath := filepath.Join(dir, "client-cert-cn-check-b.pem")
574
575 caCert, caKey, err := generateCert(0, "TiDB CA CN CHECK", nil, nil, filepath.Join(dir, "ca-key-cn.pem"), caPath)
576 require.NoError(t, err)
577 _, _, err = generateCert(1, "tidb-server-cn-check", caCert, caKey, serverKeyPath, serverCertPath)
578 require.NoError(t, err)
579 _, _, err = generateCert(2, "tidb-client-cn-check-a", caCert, caKey, client1KeyPath, client1CertPath, func(c *x509.Certificate) {
580 c.Subject.CommonName = "tidb-client-1"
581 })
582 require.NoError(t, err)
583 _, _, err = generateCert(3, "tidb-client-cn-check-b", caCert, caKey, client2KeyPath, client2CertPath, func(c *x509.Certificate) {
584 c.Subject.CommonName = "tidb-client-2"
585 })
586 require.NoError(t, err)
587
588 cli := testserverclient.NewTestServerClient()
589 cli.StatusScheme = "https"
590 cfg := util2.NewTestConfig()
591 cfg.Port = cli.Port
592 cfg.Status.StatusPort = cli.StatusPort
593 cfg.Security.ClusterSSLCA = caPath
594 cfg.Security.ClusterSSLCert = serverCertPath
595 cfg.Security.ClusterSSLKey = serverKeyPath
596 cfg.Security.ClusterVerifyCN = []string{"tidb-client-2"}
597 tidbserver.RunInGoTestChan = make(chan struct{})
598 server, err := tidbserver.NewServer(cfg, ts.Tidbdrv)
599 require.NoError(t, err)
600
601 go func() {
602 err := server.Run(nil)
603 require.NoError(t, err)
604 }()
605 <-tidbserver.RunInGoTestChan
606 cli.Port = testutil.GetPortFromTCPAddr(server.ListenAddr())
607 cli.StatusPort = testutil.GetPortFromTCPAddr(server.StatusListenerAddr())
608 defer server.Close()
609 time.Sleep(time.Millisecond * 100)
610
611 hc := newTLSHttpClient(t, caPath,
612 client1CertPath,
613 client1KeyPath,
614 )
615 //nolint:bodyclose
616 _, err = hc.Get(cli.StatusURL("/status"))
617 require.Error(t, err)
618
619 hc = newTLSHttpClient(t, caPath,

Callers

nothing calls this directly

Calls 14

RunMethod · 0.95
ListenAddrMethod · 0.95
StatusListenerAddrMethod · 0.95
CloseMethod · 0.95
StatusURLMethod · 0.95
CreateTidbTestSuiteFunction · 0.92
NewTestServerClientFunction · 0.92
GetPortFromTCPAddrFunction · 0.92
generateCertFunction · 0.85
newTLSHttpClientFunction · 0.85
JoinMethod · 0.65
GetMethod · 0.65

Tested by

no test coverage detected