MCPcopy Index your code
hub / github.com/coder/coder / TestEmbeddedRoots

Function TestEmbeddedRoots

coderd/azureidentity/roots_darwin_internal_test.go:19–45  ·  view source on GitHub ↗

TestEmbeddedRoots ensures the package's embedded root certificates parse successfully. The roots are used by Validate to avoid falling back to the platform's system verifier (notably Apple's Security framework on macOS), which previously caused TestValidate/regular to fail on macOS with `x509: "meta

(t *testing.T)

Source from the content-addressed store, hash-verified

17// `x509: "metadata.azure.com" certificate is not standards compliant`.
18// See https://github.com/coder/coder/issues/12978.
19func TestEmbeddedRoots(t *testing.T) {
20 t.Parallel()
21 require.NotEmpty(t, embeddedRoots, "embedded roots must not be empty")
22 seen := map[string]bool{}
23 for _, pemCert := range embeddedRoots {
24 block, rest := pem.Decode([]byte(pemCert))
25 require.NotNil(t, block, "PEM block should decode")
26 require.Zero(t, len(rest), "no trailing data after PEM block")
27 cert, err := x509.ParseCertificate(block.Bytes)
28 require.NoError(t, err)
29 // Each root must be self-signed (issuer == subject).
30 require.Equal(t, cert.Issuer.String(), cert.Subject.String(),
31 "root certificate must be self-signed: %s", cert.Subject.CommonName)
32 require.False(t, seen[cert.Subject.CommonName],
33 "duplicate embedded root: %s", cert.Subject.CommonName)
34 seen[cert.Subject.CommonName] = true
35 }
36 // Verify the three roots Azure instance-identity chains ultimately
37 // terminate at are all present.
38 for _, name := range []string{
39 "DigiCert Global Root G2",
40 "DigiCert Global Root G3",
41 "Baltimore CyberTrust Root",
42 } {
43 require.True(t, seen[name], "missing embedded root %q", name)
44 }
45}

Callers

nothing calls this directly

Calls 3

NotEmptyMethod · 0.80
EqualMethod · 0.45
StringMethod · 0.45

Tested by

no test coverage detected