ING-1329: Add testing for client cert auth#315
Conversation
Westwooo
force-pushed
the
ING-1329-client-cert-testing
branch
from
1377d19 to
ba40c86
Compare
Westwooo
changed the title
Westwooo
force-pushed
the
ING-1329-client-cert-testing
branch
3 times, most recently
from
6e7a223 to
63f8a0c
Compare
Westwooo
force-pushed
the
ING-1329-client-cert-testing
branch
from
63f8a0c to
3e2b864
Compare
| var selfSignedCert *tls.Certificate | ||
| if config.selfSign { | ||
| generatedCert, err := selfsignedcert.GenerateCertificate() | ||
| generatedCert, generatedKey, err := selfsignedcert.GenerateCaCertificate() |
There was a problem hiding this comment.
What is the purpose of splitting this into two steps?
There was a problem hiding this comment.
Here nothing. I made GenerateCaCert return the cert and key so that we could use it to generate signed certs in other places. But that means that in places we don't use the cert and key separately we need to turn them into a tls cert.
There was a problem hiding this comment.
I guess the piece that I was confused by was that everywhere in this PR the certificate and key are immediately passed on to ConstructTlsCert and they key is not used independently. Additionally, the fact that our "self-signed" option does not expose the key in any way was intentional as it is not meant to represent a 'valid' setup of CNG that you could actually pass certificate validation for, but rather simply a way to quickly start CNG with certificate validation disabled.
chvck
left a comment
chvck
left a comment
There was a problem hiding this comment.
+1, will wait for Brett to +2
Westwooo
force-pushed
the
ING-1329-client-cert-testing
branch
2 times, most recently
from
5f24b5c to
0ab78fe
Compare
Westwooo
force-pushed
the
ING-1329-client-cert-testing
branch
from
0ab78fe to
3bd4a3b
Compare
3 participants
This PR adds support for testing client cert auth. It only tests client cert auth for kv ops at the moment, since this is the only place that has client cert auth working. I'll fix client cert auth for HTTP services and Data API in ING-1339 and I'll add tests for those services then.