3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 00:10:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

core/config: remove support for base64 encoded certificates (#4725)

Browse source 
core/config: remove support for base64 encoded certificates (#4718)

* core/config: update file watcher source to handle base64 encoded certificates

* fix data race

* core/config: only allow files in certificates

* remove test

* re-add test

Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
This commit is contained in:
backport-actions-token[bot] 2023-11-08 15:31:26 -05:00 committed by GitHub
parent ffca3b36a9
commit da9b14db44
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

12
config/options_test.go
View file

@ -628,17 +628,12 @@ func TestCertificatesArrayParsing(t *testing.T) {
testCertFileRef := "./testdata/example-cert.pem"
testKeyFileRef := "./testdata/example-key.pem"
testCertFile, _ := os.ReadFile(testCertFileRef)
testKeyFile, _ := os.ReadFile(testKeyFileRef)
testCertAsBase64 := base64.StdEncoding.EncodeToString(testCertFile)
testKeyAsBase64 := base64.StdEncoding.EncodeToString(testKeyFile)
tests := []struct {
name string
certificateFiles []certificateFilePair
wantErr bool
}{
{"Handles base64 string as params", []certificateFilePair{{KeyFile: testKeyAsBase64, CertFile: testCertAsBase64}}, false},
{"Handles file reference as params", []certificateFilePair{{KeyFile: testKeyFileRef, CertFile: testCertFileRef}}, false},
{"Returns an error otherwise", []certificateFilePair{{KeyFile: "abc", CertFile: "abc"}}, true},
}
@ -936,8 +931,11 @@ func TestOptions_ApplySettings(t *testing.T) {
options := NewDefaultOptions()
cert1, err := cryptutil.GenerateCertificate(nil, "example.com")
require.NoError(t, err)
cert1path := filepath.Join(t.TempDir(), "example.com.pem")
err = os.WriteFile(cert1path, cert1.Certificate[0], 0o600)
require.NoError(t, err)
options.CertificateFiles = append(options.CertificateFiles, certificateFilePair{
CertFile: base64.StdEncoding.EncodeToString(encodeCert(cert1)),
CertFile: cert1path,
})
cert2, err := cryptutil.GenerateCertificate(nil, "example.com")
require.NoError(t, err)
@ -955,7 +953,7 @@ func TestOptions_ApplySettings(t *testing.T) {
},
}
options.ApplySettings(ctx, certsIndex, settings)
assert.Len(t, options.CertificateFiles, 2, "should prevent adding duplicate certificates")
assert.Len(t, options.CertificateData, 1, "should prevent adding duplicate certificates")
})
}