(t *testing.T)
| 151 | } |
| 152 | |
| 153 | func (s) TestCaReloading(t *testing.T) { |
| 154 | serverCa, err := os.ReadFile(testdata.Path("x509/server_ca_cert.pem")) |
| 155 | if err != nil { |
| 156 | t.Fatalf("Failed to read test CA cert: %s", err) |
| 157 | } |
| 158 | |
| 159 | // Write CA certs to a temporary file so that we can modify it later. |
| 160 | caPath := t.TempDir() + "/ca.pem" |
| 161 | if err = os.WriteFile(caPath, serverCa, 0644); err != nil { |
| 162 | t.Fatalf("Failed to write test CA cert: %v", err) |
| 163 | } |
| 164 | cfg := fmt.Sprintf(`{ |
| 165 | "ca_certificate_file": "%s", |
| 166 | "refresh_interval": ".01s" |
| 167 | }`, caPath) |
| 168 | tlsBundle, stop, err := tlscreds.NewBundle([]byte(cfg)) |
| 169 | if err != nil { |
| 170 | t.Fatalf("Failed to create TLS bundle: %v", err) |
| 171 | } |
| 172 | defer stop() |
| 173 | |
| 174 | serverCredentials := grpc.Creds(testutils.CreateServerTLSCredentials(t, tls.NoClientCert)) |
| 175 | server := stubserver.StartTestService(t, nil, serverCredentials) |
| 176 | |
| 177 | conn, err := grpc.NewClient( |
| 178 | server.Address, |
| 179 | grpc.WithCredentialsBundle(tlsBundle), |
| 180 | grpc.WithAuthority("x.test.example.com"), |
| 181 | ) |
| 182 | if err != nil { |
| 183 | t.Fatalf("Error dialing: %v", err) |
| 184 | } |
| 185 | defer conn.Close() |
| 186 | |
| 187 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 188 | defer cancel() |
| 189 | |
| 190 | client := testgrpc.NewTestServiceClient(conn) |
| 191 | if _, err = client.EmptyCall(ctx, &testpb.Empty{}); err != nil { |
| 192 | t.Errorf("Error calling EmptyCall: %v", err) |
| 193 | } |
| 194 | // close the server and create a new one to force client to do a new |
| 195 | // handshake. |
| 196 | server.Stop() |
| 197 | |
| 198 | invalidCa, err := os.ReadFile(testdata.Path("ca.pem")) |
| 199 | if err != nil { |
| 200 | t.Fatalf("Failed to read test CA cert: %v", err) |
| 201 | } |
| 202 | // unload root cert |
| 203 | err = os.WriteFile(caPath, invalidCa, 0644) |
| 204 | if err != nil { |
| 205 | t.Fatalf("Failed to write test CA cert: %v", err) |
| 206 | } |
| 207 | for ; ctx.Err() == nil; <-time.After(10 * time.Millisecond) { |
| 208 | ss := stubserver.StubServer{ |
| 209 | Address: server.Address, |
| 210 | EmptyCallF: func(context.Context, *testpb.Empty) (*testpb.Empty, error) { return &testpb.Empty{}, nil }, |
nothing calls this directly
no test coverage detected