(t *testing.T)
| 99 | } |
| 100 | |
| 101 | func TestGetTLSConfig_ClientCerts(t *testing.T) { |
| 102 | paths := newTestX509Files(t, []byte(certPEM), []byte(keyPEM), nil) |
| 103 | |
| 104 | // test working certificate passed |
| 105 | c := &ClientConfig{ |
| 106 | CertPath: paths.cert, |
| 107 | KeyPath: paths.key, |
| 108 | } |
| 109 | tlsConfig, err := c.GetTLSConfig() |
| 110 | assert.NoError(t, err) |
| 111 | assert.Equal(t, false, tlsConfig.InsecureSkipVerify, "make sure we default to not skip verification") |
| 112 | require.NotNil(t, tlsConfig.GetClientCertificate, "ensure GetClientCertificate is set") |
| 113 | cert, err := tlsConfig.GetClientCertificate(nil) |
| 114 | require.Equal(t, []tls.Certificate{*cert}, tlsConfig.Certificates, |
| 115 | "Certificates should be set for backwards compatibility with callers using client config for servers") |
| 116 | require.NoError(t, err) |
| 117 | assert.NotNil(t, cert, "ensure GetClientCertificate returns a certificate") |
| 118 | |
| 119 | // expect error with key and cert swapped passed along |
| 120 | c = &ClientConfig{ |
| 121 | CertPath: paths.key, |
| 122 | KeyPath: paths.cert, |
| 123 | } |
| 124 | _, err = c.GetTLSConfig() |
| 125 | assert.Error(t, err) |
| 126 | assert.Contains(t, err.Error(), "failed to find certificate PEM data in certificate input, but did find a private key") |
| 127 | |
| 128 | // expect error with only key passed along |
| 129 | c = &ClientConfig{ |
| 130 | KeyPath: paths.key, |
| 131 | } |
| 132 | _, err = c.GetTLSConfig() |
| 133 | assert.EqualError(t, err, errCertMissing.Error()) |
| 134 | |
| 135 | // expect error with only cert passed along |
| 136 | c = &ClientConfig{ |
| 137 | CertPath: paths.cert, |
| 138 | } |
| 139 | _, err = c.GetTLSConfig() |
| 140 | assert.EqualError(t, err, errKeyMissing.Error()) |
| 141 | } |
| 142 | |
| 143 | func TestGetTLSConfig_CA(t *testing.T) { |
| 144 | paths := newTestX509Files(t, nil, nil, []byte(certPEM)) |
nothing calls this directly
no test coverage detected