dex/pkg/httpclient/httpclient_test.go

package httpclient_test

import (
	"crypto/tls"
	"encoding/base64"
	"fmt"
	"io"
	"net/http"
	"net/http/httptest"
	"os"
	"testing"

	"github.com/stretchr/testify/assert"

	"github.com/dexidp/dex/pkg/httpclient"
)

func TestRootCAs(t *testing.T) {
	ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprint(w, "Hello, client")
	}))
	assert.Nil(t, err)
	defer ts.Close()

	runTest := func(name string, certs []string) {
		t.Run(name, func(t *testing.T) {
			rootCAs := certs
			testClient, err := httpclient.NewHTTPClient(rootCAs, false)
			assert.Nil(t, err)

			res, err := testClient.Get(ts.URL)
			assert.Nil(t, err)

			greeting, err := io.ReadAll(res.Body)
			res.Body.Close()
			assert.Nil(t, err)

			assert.Equal(t, "Hello, client", string(greeting))
		})
	}

	runTest("From file", []string{"testdata/rootCA.pem"})

	content, err := os.ReadFile("testdata/rootCA.pem")
	assert.NoError(t, err)
	runTest("From string", []string{string(content)})

	contentStr := base64.StdEncoding.EncodeToString(content)
	runTest("From bytes", []string{contentStr})
}

func TestInsecureSkipVerify(t *testing.T) {
	ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprint(w, "Hello, client")
	}))
	assert.Nil(t, err)
	defer ts.Close()

	insecureSkipVerify := true

	testClient, err := httpclient.NewHTTPClient(nil, insecureSkipVerify)
	assert.Nil(t, err)

	res, err := testClient.Get(ts.URL)
	assert.Nil(t, err)

	greeting, err := io.ReadAll(res.Body)
	res.Body.Close()
	assert.Nil(t, err)

	assert.Equal(t, "Hello, client", string(greeting))
}

func NewLocalHTTPSTestServer(handler http.Handler) (*httptest.Server, error) {
	ts := httptest.NewUnstartedServer(handler)
	cert, err := tls.LoadX509KeyPair("testdata/server.crt", "testdata/server.key")
	if err != nil {
		return nil, err
	}
	ts.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
	ts.StartTLS()
	return ts, nil
}
TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <ruiya@vmware.com> 3 years ago			`package httpclient_test`

			`import (`
			`"crypto/tls"`
Support base64 encoded and PEM encoded certs (#3751) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> 1 year ago			`"encoding/base64"`
TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <ruiya@vmware.com> 3 years ago			`"fmt"`
			`"io"`
			`"net/http"`
			`"net/http/httptest"`
Support base64 encoded and PEM encoded certs (#3751) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> 1 year ago			`"os"`
TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <ruiya@vmware.com> 3 years ago			`"testing"`

			`"github.com/stretchr/testify/assert"`

			`"github.com/dexidp/dex/pkg/httpclient"`
			`)`

			`func TestRootCAs(t *testing.T) {`
			`ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`fmt.Fprint(w, "Hello, client")`
			`}))`
			`assert.Nil(t, err)`
			`defer ts.Close()`

Support base64 encoded and PEM encoded certs (#3751) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> 1 year ago			`runTest := func(name string, certs []string) {`
			`t.Run(name, func(t *testing.T) {`
			`rootCAs := certs`
			`testClient, err := httpclient.NewHTTPClient(rootCAs, false)`
			`assert.Nil(t, err)`
TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <ruiya@vmware.com> 3 years ago
Support base64 encoded and PEM encoded certs (#3751) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> 1 year ago			`res, err := testClient.Get(ts.URL)`
			`assert.Nil(t, err)`
TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <ruiya@vmware.com> 3 years ago
Support base64 encoded and PEM encoded certs (#3751) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> 1 year ago			`greeting, err := io.ReadAll(res.Body)`
			`res.Body.Close()`
			`assert.Nil(t, err)`
TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <ruiya@vmware.com> 3 years ago
Support base64 encoded and PEM encoded certs (#3751) Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com> 1 year ago			`assert.Equal(t, "Hello, client", string(greeting))`
			`})`
			`}`

			`runTest("From file", []string{"testdata/rootCA.pem"})`

			`content, err := os.ReadFile("testdata/rootCA.pem")`
			`assert.NoError(t, err)`
			`runTest("From string", []string{string(content)})`

			`contentStr := base64.StdEncoding.EncodeToString(content)`
			`runTest("From bytes", []string{contentStr})`
TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <ruiya@vmware.com> 3 years ago			`}`

			`func TestInsecureSkipVerify(t *testing.T) {`
			`ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`fmt.Fprint(w, "Hello, client")`
			`}))`
			`assert.Nil(t, err)`
			`defer ts.Close()`

			`insecureSkipVerify := true`

			`testClient, err := httpclient.NewHTTPClient(nil, insecureSkipVerify)`
			`assert.Nil(t, err)`

			`res, err := testClient.Get(ts.URL)`
			`assert.Nil(t, err)`

			`greeting, err := io.ReadAll(res.Body)`
			`res.Body.Close()`
			`assert.Nil(t, err)`

			`assert.Equal(t, "Hello, client", string(greeting))`
			`}`

			`func NewLocalHTTPSTestServer(handler http.Handler) (*httptest.Server, error) {`
			`ts := httptest.NewUnstartedServer(handler)`
			`cert, err := tls.LoadX509KeyPair("testdata/server.crt", "testdata/server.key")`
			`if err != nil {`
			`return nil, err`
			`}`
			`ts.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}`
			`ts.StartTLS()`
			`return ts, nil`
			`}`