mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
83 lines
2.4 KiB
Go
83 lines
2.4 KiB
Go
package config
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
// this cert is the cert used by httptest when creating a TLS server
|
|
var localCert = `
|
|
-----BEGIN CERTIFICATE-----
|
|
MIICEzCCAXygAwIBAgIQMIMChMLGrR+QvmQvpwAU6zANBgkqhkiG9w0BAQsFADAS
|
|
MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
|
|
MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
|
|
iQKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9SjY1bIw4
|
|
iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZBl2+XsDul
|
|
rKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQABo2gwZjAO
|
|
BgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUw
|
|
AwEB/zAuBgNVHREEJzAlggtleGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
|
|
AAAAATANBgkqhkiG9w0BAQsFAAOBgQCEcetwO59EWk7WiJsG4x8SY+UIAA+flUI9
|
|
tyC4lNhbcF2Idq9greZwbYCqTTTr2XiRNSMLCOjKyI7ukPoPjo16ocHj+P3vZGfs
|
|
h1fIw3cSS2OolhloGw/XM6RWPWtPAlGykKLciQrBru5NAPvCMsb/I1DAceTiotQM
|
|
fblo6RBxUQ==
|
|
-----END CERTIFICATE-----
|
|
`
|
|
|
|
func TestHTTPTransport(t *testing.T) {
|
|
s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
defer s.Close()
|
|
|
|
src := NewStaticSource(&Config{
|
|
Options: &Options{
|
|
CA: base64.StdEncoding.EncodeToString([]byte(localCert)),
|
|
},
|
|
})
|
|
transport := NewHTTPTransport(src)
|
|
client := &http.Client{
|
|
Transport: transport,
|
|
}
|
|
_, err := client.Get(s.URL)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func TestPolicyHTTPTransport(t *testing.T) {
|
|
s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
defer s.Close()
|
|
|
|
get := func(options *Options, policy *Policy) (*http.Response, error) {
|
|
transport := NewPolicyHTTPTransport(options, policy, false)
|
|
client := &http.Client{
|
|
Transport: transport,
|
|
}
|
|
return client.Get(s.URL)
|
|
}
|
|
|
|
t.Run("default", func(t *testing.T) {
|
|
_, err := get(&Options{}, &Policy{})
|
|
assert.Error(t, err)
|
|
})
|
|
t.Run("skip verify", func(t *testing.T) {
|
|
_, err := get(&Options{}, &Policy{TLSSkipVerify: true})
|
|
assert.NoError(t, err)
|
|
})
|
|
t.Run("ca", func(t *testing.T) {
|
|
_, err := get(&Options{
|
|
CA: base64.StdEncoding.EncodeToString([]byte(localCert)),
|
|
}, &Policy{})
|
|
assert.NoError(t, err)
|
|
})
|
|
t.Run("custom ca", func(t *testing.T) {
|
|
_, err := get(&Options{}, &Policy{
|
|
TLSCustomCA: base64.StdEncoding.EncodeToString([]byte(localCert)),
|
|
})
|
|
assert.NoError(t, err)
|
|
})
|
|
}
|