mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-06 10:21:05 +02:00
config: change certificates config key parsing to attempt Base64 decoding first. (#1055)
This commit is contained in:
Dmitri Farkov
GitHub
parent
a5db94434d
commit
253addcad6
2 changed files with 41 additions and 2 deletions
|
|
@ -558,9 +558,12 @@ func (o *Options) Validate() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, c := range o.CertificateFiles {
|
for _, c := range o.CertificateFiles {
|
||||||
cert, err := cryptutil.CertificateFromFile(c.CertFile, c.KeyFile)
|
cert, err := cryptutil.CertificateFromBase64(c.CertFile, c.KeyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("config: bad cert file %w", err)
|
cert, err = cryptutil.CertificateFromFile(c.CertFile, c.KeyFile)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("config: bad cert entry, base64 or file reference invalid. %w", err)
|
||||||
}
|
}
|
||||||
o.Certificates = append(o.Certificates, *cert)
|
o.Certificates = append(o.Certificates, *cert)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -505,6 +505,42 @@ func TestHTTPRedirectAddressStripQuotes(t *testing.T) {
|
||||||
assert.Equal(t, ":80", o.HTTPRedirectAddr)
|
assert.Equal(t, ":80", o.HTTPRedirectAddr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestCertificatesArrayParsing(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
testCertFileRef := "./testdata/example-cert.pem"
|
||||||
|
testKeyFileRef := "./testdata/example-key.pem"
|
||||||
|
testCertFile, _ := ioutil.ReadFile(testCertFileRef)
|
||||||
|
testKeyFile, _ := ioutil.ReadFile(testKeyFileRef)
|
||||||
|
testCertAsBase64 := base64.StdEncoding.EncodeToString(testCertFile)
|
||||||
|
testKeyAsBase64 := base64.StdEncoding.EncodeToString(testKeyFile)
|
||||||
|
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
certificateFiles []certificateFilePair
|
||||||
|
wantErr bool
|
||||||
|
}{
|
||||||
|
{"Handles base64 string as params", []certificateFilePair{{KeyFile: testKeyAsBase64, CertFile: testCertAsBase64}}, false},
|
||||||
|
{"Handles file reference as params", []certificateFilePair{{KeyFile: testKeyFileRef, CertFile: testCertFileRef}}, false},
|
||||||
|
{"Returns an error otherwise", []certificateFilePair{{KeyFile: "abc", CertFile: "abc"}}, true},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tt := range tests {
|
||||||
|
tt := tt
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
o := NewDefaultOptions()
|
||||||
|
o.CertificateFiles = tt.certificateFiles
|
||||||
|
err := o.Validate()
|
||||||
|
|
||||||
|
if err != nil && tt.wantErr == false {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestCompareByteSliceSlice(t *testing.T) {
|
func TestCompareByteSliceSlice(t *testing.T) {
|
||||||
type Bytes = [][]byte
|
type Bytes = [][]byte
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue