mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-30 15:00:51 +02:00
config: change certificates config key parsing to attempt Base64 decoding first. (#1055)
This commit is contained in:
Dmitri Farkov
GitHub
parent
a5db94434d
commit
253addcad6
2 changed files with 41 additions and 2 deletions
|
|
@ -558,9 +558,12 @@ func (o *Options) Validate() error {
|
|||
}
|
||||
|
||||
for _, c := range o.CertificateFiles {
|
||||
cert, err := cryptutil.CertificateFromFile(c.CertFile, c.KeyFile)
|
||||
cert, err := cryptutil.CertificateFromBase64(c.CertFile, c.KeyFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("config: bad cert file %w", err)
|
||||
cert, err = cryptutil.CertificateFromFile(c.CertFile, c.KeyFile)
|
||||
}
|
||||
if err != nil {
|
||||
return fmt.Errorf("config: bad cert entry, base64 or file reference invalid. %w", err)
|
||||
}
|
||||
o.Certificates = append(o.Certificates, *cert)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -505,6 +505,42 @@ func TestHTTPRedirectAddressStripQuotes(t *testing.T) {
|
|||
assert.Equal(t, ":80", o.HTTPRedirectAddr)
|
||||
}
|
||||
|
||||
func TestCertificatesArrayParsing(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCertFileRef := "./testdata/example-cert.pem"
|
||||
testKeyFileRef := "./testdata/example-key.pem"
|
||||
testCertFile, _ := ioutil.ReadFile(testCertFileRef)
|
||||
testKeyFile, _ := ioutil.ReadFile(testKeyFileRef)
|
||||
testCertAsBase64 := base64.StdEncoding.EncodeToString(testCertFile)
|
||||
testKeyAsBase64 := base64.StdEncoding.EncodeToString(testKeyFile)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
certificateFiles []certificateFilePair
|
||||
wantErr bool
|
||||
}{
|
||||
{"Handles base64 string as params", []certificateFilePair{{KeyFile: testKeyAsBase64, CertFile: testCertAsBase64}}, false},
|
||||
{"Handles file reference as params", []certificateFilePair{{KeyFile: testKeyFileRef, CertFile: testCertFileRef}}, false},
|
||||
{"Returns an error otherwise", []certificateFilePair{{KeyFile: "abc", CertFile: "abc"}}, true},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
o := NewDefaultOptions()
|
||||
o.CertificateFiles = tt.certificateFiles
|
||||
err := o.Validate()
|
||||
|
||||
if err != nil && tt.wantErr == false {
|
||||
t.Fatal(err)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestCompareByteSliceSlice(t *testing.T) {
|
||||
type Bytes = [][]byte
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue