| 317 | } |
| 318 | |
| 319 | func TestClientAuthenticationProvision(t *testing.T) { |
| 320 | tests := []struct { |
| 321 | name string |
| 322 | ca ClientAuthentication |
| 323 | wantErr bool |
| 324 | }{ |
| 325 | { |
| 326 | name: "specifying both 'CARaw' and 'TrustedCACerts' produces an error", |
| 327 | ca: ClientAuthentication{ |
| 328 | CARaw: json.RawMessage(`{"provider":"inline","trusted_ca_certs":["foo"]}`), |
| 329 | TrustedCACerts: []string{"foo"}, |
| 330 | }, |
| 331 | wantErr: true, |
| 332 | }, |
| 333 | { |
| 334 | name: "specifying both 'CARaw' and 'TrustedCACertPEMFiles' produces an error", |
| 335 | ca: ClientAuthentication{ |
| 336 | CARaw: json.RawMessage(`{"provider":"inline","trusted_ca_certs":["foo"]}`), |
| 337 | TrustedCACertPEMFiles: []string{"foo"}, |
| 338 | }, |
| 339 | wantErr: true, |
| 340 | }, |
| 341 | { |
| 342 | name: "setting 'TrustedCACerts' provisions the cert pool", |
| 343 | ca: ClientAuthentication{ |
| 344 | TrustedCACerts: []string{test_der_1}, |
| 345 | }, |
| 346 | }, |
| 347 | } |
| 348 | |
| 349 | for _, tt := range tests { |
| 350 | t.Run(tt.name, func(t *testing.T) { |
| 351 | err := tt.ca.provision(caddy.Context{}) |
| 352 | if (err != nil) != tt.wantErr { |
| 353 | t.Errorf("ClientAuthentication.provision() error = %v, wantErr %v", err, tt.wantErr) |
| 354 | return |
| 355 | } |
| 356 | if !tt.wantErr { |
| 357 | if tt.ca.ca.CertPool() == nil { |
| 358 | t.Error("CertPool is nil, expected non-nil value") |
| 359 | } |
| 360 | } |
| 361 | }) |
| 362 | } |
| 363 | } |