3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 19:06:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/pkg/cryptutil/tls_test.go
Caleb Doxsey ca48052551
tls: fallback to self-signed certificate (#2760) 
* tls: fallback to self-signed certificate

* remove unknown domain because certs are no longer valid

* update multi-deployment to use service-specific certificates
2021-11-15 14:11:53 -07:00

64 lines
1.4 KiB
Go
Raw Blame History

package cryptutil
import (
"crypto/tls"
"testing"
"github.com/stretchr/testify/assert"
)
func TestGetCertificateForDomain(t *testing.T) {
gen := func(t *testing.T, domain string) *tls.Certificate {
cert, err := GenerateSelfSignedCertificate(domain)
if !assert.NoError(t, err, "error generating certificate for: %s", domain) {
t.FailNow()
}
return cert
}
t.Run("exact match", func(t *testing.T) {
certs := []tls.Certificate{
*gen(t, "a.example.com"),
*gen(t, "b.example.com"),
}
found, err := GetCertificateForDomain(certs, "b.example.com")
if !assert.NoError(t, err) {
return
}
assert.Equal(t, &certs[1], found)
})
t.Run("wildcard match", func(t *testing.T) {
certs := []tls.Certificate{
*gen(t, "a.example.com"),
*gen(t, "*.example.com"),
}
found, err := GetCertificateForDomain(certs, "b.example.com")
if !assert.NoError(t, err) {
return
}
assert.Equal(t, &certs[1], found)
})
t.Run("no name match", func(t *testing.T) {
certs := []tls.Certificate{
*gen(t, "a.example.com"),
}
found, err := GetCertificateForDomain(certs, "b.example.com")
if !assert.NoError(t, err) {
return
}
assert.NotNil(t, found)
assert.NotEqual(t, &certs[0], found)
})
t.Run("generate", func(t *testing.T) {
certs := []tls.Certificate{}
found, err := GetCertificateForDomain(certs, "b.example.com")
if !assert.NoError(t, err) {
return
}
assert.NotNil(t, found)
})
}
Reference in a new issue View git blame Copy permalink