| 340 | } |
| 341 | |
| 342 | func TestClientCertificate(t *testing.T) { |
| 343 | s, opts := RunServerWithConfig("./configs/tlsverify.conf") |
| 344 | defer s.Shutdown() |
| 345 | |
| 346 | endpoint := fmt.Sprintf("%s:%d", opts.Host, opts.Port) |
| 347 | secureURL := fmt.Sprintf("nats://%s", endpoint) |
| 348 | |
| 349 | // Make sure this fails |
| 350 | nc, err := nats.Connect(secureURL, nats.Secure()) |
| 351 | if err == nil { |
| 352 | nc.Close() |
| 353 | t.Fatal("Should have failed (TLS) connection without client certificate") |
| 354 | } |
| 355 | |
| 356 | // Check parameters validity |
| 357 | nc, err = nats.Connect(secureURL, nats.ClientCert("", "")) |
| 358 | if err == nil { |
| 359 | nc.Close() |
| 360 | t.Fatal("Should have failed due to invalid parameters") |
| 361 | } |
| 362 | |
| 363 | // Should fail because wrong key |
| 364 | nc, err = nats.Connect(secureURL, |
| 365 | nats.ClientCert("./configs/certs/client-cert.pem", "./configs/certs/key.pem")) |
| 366 | if err == nil { |
| 367 | nc.Close() |
| 368 | t.Fatal("Should have failed due to invalid key") |
| 369 | } |
| 370 | |
| 371 | // Should fail because no CA |
| 372 | nc, err = nats.Connect(secureURL, |
| 373 | nats.ClientCert("./configs/certs/client-cert.pem", "./configs/certs/client-key.pem")) |
| 374 | if err == nil { |
| 375 | nc.Close() |
| 376 | t.Fatal("Should have failed due to missing ca") |
| 377 | } |
| 378 | |
| 379 | nc, err = nats.Connect(secureURL, |
| 380 | nats.RootCAs("./configs/certs/ca.pem"), |
| 381 | nats.ClientCert("./configs/certs/client-cert.pem", "./configs/certs/client-key.pem")) |
| 382 | if err != nil { |
| 383 | t.Fatalf("Failed to create (TLS) connection: %v", err) |
| 384 | } |
| 385 | defer nc.Close() |
| 386 | |
| 387 | omsg := []byte("Hello!") |
| 388 | checkRecv := make(chan bool) |
| 389 | |
| 390 | received := 0 |
| 391 | nc.Subscribe("foo", func(m *nats.Msg) { |
| 392 | received++ |
| 393 | if !bytes.Equal(m.Data, omsg) { |
| 394 | t.Fatal("Message received does not match") |
| 395 | } |
| 396 | checkRecv <- true |
| 397 | }) |
| 398 | err = nc.Publish("foo", omsg) |
| 399 | if err != nil { |