(t *testing.T, withProxy bool)
| 279 | func TestHTTPSWithProxy(t *testing.T) { testHTTPS(t, true) } |
| 280 | |
| 281 | func testHTTPS(t *testing.T, withProxy bool) { |
| 282 | bakedroots.ResetForTest(t, tlstest.TestRootCA()) |
| 283 | |
| 284 | bus := eventbustest.NewBus(t) |
| 285 | |
| 286 | controlLn, err := tls.Listen("tcp", "127.0.0.1:0", tlstest.ControlPlane.ServerTLSConfig()) |
| 287 | if err != nil { |
| 288 | t.Fatal(err) |
| 289 | } |
| 290 | defer controlLn.Close() |
| 291 | |
| 292 | proxyLn, err := tls.Listen("tcp", "127.0.0.1:0", tlstest.ProxyServer.ServerTLSConfig()) |
| 293 | if err != nil { |
| 294 | t.Fatal(err) |
| 295 | } |
| 296 | defer proxyLn.Close() |
| 297 | |
| 298 | const requiredAuthKey = "hunter2" |
| 299 | const someUsername = "testuser" |
| 300 | const somePassword = "testpass" |
| 301 | |
| 302 | testControl := &testcontrol.Server{ |
| 303 | Logf: tstest.WhileTestRunningLogger(t), |
| 304 | RequireAuthKey: requiredAuthKey, |
| 305 | } |
| 306 | controlSrv := &http.Server{ |
| 307 | Handler: testControl, |
| 308 | ErrorLog: logger.StdLogger(t.Logf), |
| 309 | } |
| 310 | go controlSrv.Serve(controlLn) |
| 311 | |
| 312 | const fakeControlIP = "1.2.3.4" |
| 313 | const fakeProxyIP = "5.6.7.8" |
| 314 | |
| 315 | dialer := &tsdial.Dialer{} |
| 316 | dialer.SetNetMon(netmon.NewStatic()) |
| 317 | dialer.SetBus(bus) |
| 318 | dialer.SetSystemDialerForTest(func(ctx context.Context, network, addr string) (net.Conn, error) { |
| 319 | host, _, err := net.SplitHostPort(addr) |
| 320 | if err != nil { |
| 321 | return nil, fmt.Errorf("SplitHostPort(%q): %v", addr, err) |
| 322 | } |
| 323 | var d net.Dialer |
| 324 | if host == fakeControlIP { |
| 325 | return d.DialContext(ctx, network, controlLn.Addr().String()) |
| 326 | } |
| 327 | if host == fakeProxyIP { |
| 328 | return d.DialContext(ctx, network, proxyLn.Addr().String()) |
| 329 | } |
| 330 | return nil, fmt.Errorf("unexpected dial to %q", addr) |
| 331 | }) |
| 332 | |
| 333 | opts := Options{ |
| 334 | Persist: persist.Persist{}, |
| 335 | GetMachinePrivateKey: func() (key.MachinePrivate, error) { |
| 336 | return key.NewMachine(), nil |
| 337 | }, |
| 338 | AuthKey: requiredAuthKey, |
no test coverage detected
searching dependent graphs…