(t *testing.T)
| 407 | } |
| 408 | |
| 409 | func TestClientCertificateReloadOnServerRestart(t *testing.T) { |
| 410 | copyFiles := func(t *testing.T, cpFiles map[string]string) { |
| 411 | for from, to := range cpFiles { |
| 412 | content, err := os.ReadFile(from) |
| 413 | if err != nil { |
| 414 | t.Fatalf("Error reading file: %s", err) |
| 415 | } |
| 416 | if err := os.WriteFile(to, content, 0640); err != nil { |
| 417 | t.Fatalf("Error writing file: %s", err) |
| 418 | } |
| 419 | } |
| 420 | } |
| 421 | |
| 422 | s, opts := RunServerWithConfig("./configs/tlsverify.conf") |
| 423 | defer s.Shutdown() |
| 424 | |
| 425 | endpoint := fmt.Sprintf("%s:%d", opts.Host, opts.Port) |
| 426 | secureURL := fmt.Sprintf("nats://%s", endpoint) |
| 427 | |
| 428 | tmpCertDir := t.TempDir() |
| 429 | certFile := filepath.Join(tmpCertDir, "client-cert.pem") |
| 430 | keyFile := filepath.Join(tmpCertDir, "client-key.pem") |
| 431 | caFile := filepath.Join(tmpCertDir, "ca.pem") |
| 432 | |
| 433 | // copy valid cert files to tmp dir |
| 434 | filesToCopy := map[string]string{ |
| 435 | "./configs/certs/client-cert.pem": certFile, |
| 436 | "./configs/certs/client-key.pem": keyFile, |
| 437 | "./configs/certs/ca.pem": caFile, |
| 438 | } |
| 439 | copyFiles(t, filesToCopy) |
| 440 | |
| 441 | dcChan, rcChan, errChan := make(chan bool, 1), make(chan bool, 1), make(chan error, 1) |
| 442 | nc, err := nats.Connect(secureURL, |
| 443 | nats.RootCAs(caFile), |
| 444 | nats.ClientCert(certFile, keyFile), |
| 445 | nats.ReconnectWait(100*time.Millisecond), |
| 446 | nats.ErrorHandler(func(_ *nats.Conn, _ *nats.Subscription, err error) { |
| 447 | errChan <- err |
| 448 | }), |
| 449 | nats.DisconnectErrHandler(func(_ *nats.Conn, _ error) { |
| 450 | dcChan <- true |
| 451 | }), |
| 452 | nats.ReconnectHandler(func(_ *nats.Conn) { |
| 453 | rcChan <- true |
| 454 | }), |
| 455 | ) |
| 456 | if err != nil { |
| 457 | t.Fatalf("Failed to create (TLS) connection: %v", err) |
| 458 | } |
| 459 | defer nc.Close() |
| 460 | |
| 461 | // overwrite client certificate files with invalid ones, those |
| 462 | // should be loaded on server restart |
| 463 | filesToCopy = map[string]string{ |
| 464 | "./configs/certs/client-cert-invalid.pem": certFile, |
| 465 | "./configs/certs/client-key-invalid.pem": keyFile, |
| 466 | } |
nothing calls this directly
no test coverage detected