-
Notifications
You must be signed in to change notification settings - Fork 345
/
testserver.go
81 lines (71 loc) · 2.07 KB
/
testserver.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
/*
Copyright 2018 Heptio Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authtest
import (
"crypto/tls"
"net/http"
"net/http/httptest"
"testing"
"github.com/heptio/sonobuoy/pkg/backplane/ca"
)
// Server is an extension of httptest.Server that uses our own CA
type Server struct {
*httptest.Server
auth *ca.Authority
t *testing.T
}
// NewServer is a passthrough wrapper for httptest.NewServer. It does not
// use the CA at all. This provided only for debugging purposes.
func NewServer(handle http.Handler, t *testing.T) *Server {
return &Server{
Server: httptest.NewServer(handle),
t: t,
}
}
// NewTLSServer Wraps httptest.NewTLSServer, injecting our CA and TLS config
func NewTLSServer(handle http.Handler, t *testing.T) *Server {
auth, err := ca.NewAuthority()
if err != nil {
t.Fatalf("Couldn't create certificate authority")
}
cfg, err := auth.MakeServerConfig("127.0.0.1")
if err != nil {
t.Fatalf("Couldn't get server config %v", err)
}
srv := httptest.NewUnstartedServer(handle)
srv.TLS = cfg
srv.StartTLS()
return &Server{
Server: srv,
auth: auth,
t: t,
}
}
// Client wraps httptest.Server.Client(), injecting our CA and client cert
func (s *Server) Client() *http.Client {
if s.auth == nil {
return s.Server.Client()
}
clientCert, err := s.auth.ClientKeyPair("client1.local")
if err != nil {
s.t.Fatalf("couldn't get client cert %v", err)
}
client := s.Server.Client()
client.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
Certificates: []tls.Certificate{*clientCert},
RootCAs: s.auth.CACertPool(),
},
}
return client
}