(t *testing.T)
| 565 | } |
| 566 | |
| 567 | func TestFingerprint(t *testing.T) { |
| 568 | body := []byte(`{"body": true"}"`) |
| 569 | |
| 570 | // Generate a self-signed certificate at test time to avoid expiry issues. |
| 571 | key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
| 572 | if err != nil { |
| 573 | t.Fatal(err) |
| 574 | } |
| 575 | template := &x509.Certificate{ |
| 576 | SerialNumber: big.NewInt(1), |
| 577 | Subject: pkix.Name{CommonName: "instance"}, |
| 578 | NotBefore: time.Now().Add(-1 * time.Hour), |
| 579 | NotAfter: time.Now().Add(1 * time.Hour), |
| 580 | IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback}, |
| 581 | KeyUsage: x509.KeyUsageDigitalSignature, |
| 582 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
| 583 | } |
| 584 | certDER, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key) |
| 585 | if err != nil { |
| 586 | t.Fatal(err) |
| 587 | } |
| 588 | cert := tls.Certificate{ |
| 589 | Certificate: [][]byte{certDER}, |
| 590 | PrivateKey: key, |
| 591 | } |
| 592 | |
| 593 | // Compute the SHA-256 fingerprint of the leaf certificate. |
| 594 | fingerprint := sha256.Sum256(certDER) |
| 595 | fingerprintHex := strings.ToUpper(hex.EncodeToString(fingerprint[:])) |
| 596 | |
| 597 | server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { |
| 598 | w.Header().Set("X-Elastic-Product", "Elasticsearch") |
| 599 | _, _ = w.Write(body) |
| 600 | })) |
| 601 | server.TLS = new(tls.Config) |
| 602 | server.TLS.Certificates = []tls.Certificate{cert} |
| 603 | server.StartTLS() |
| 604 | |
| 605 | defer server.Close() |
| 606 | |
| 607 | baseOpts := []Option{ |
| 608 | WithAddresses(server.URL), |
| 609 | WithTransportOptions(elastictransport.WithDisableRetry()), |
| 610 | } |
| 611 | |
| 612 | // Without certificate and authority, client should fail on TLS |
| 613 | client, _ := New(baseOpts...) |
| 614 | _, err = client.Info() |
| 615 | |
| 616 | if ok := errors.As(err, &x509.UnknownAuthorityError{}); !ok { |
| 617 | t.Fatalf("expected UnknownAuthorityError, got: %s", err) |
| 618 | } |
| 619 | |
| 620 | // We add the fingerprint of the generated certificate |
| 621 | client, _ = New(append(baseOpts, WithCertificateFingerprint(fingerprintHex))...) |
| 622 | res, err := client.Info() |
| 623 | if err != nil { |
| 624 | t.Fatal(err) |
nothing calls this directly
no test coverage detected