dex/pkg/httpclient/httpclient_test.go at 4d5aaa525f6721cfe250d38fedff1209663edafe · platform9/dex · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package httpclient_test

import (
	"crypto/tls"
	"encoding/base64"
	"fmt"
	"io"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/assert"

	"github.com/dexidp/dex/pkg/httpclient"
)

func TestRootCAs(t *testing.T) {
	ts, caCertPEM, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprint(w, "Hello, client")
	}))
	assert.Nil(t, err)
	defer ts.Close()

	runTest := func(name string, certs []string) {
		t.Run(name, func(t *testing.T) {
			rootCAs := certs
			testClient, err := httpclient.NewHTTPClient(rootCAs, false)
			assert.Nil(t, err)

			res, err := testClient.Get(ts.URL)
			assert.Nil(t, err)

			if res != nil {
				greeting, err := io.ReadAll(res.Body)
				res.Body.Close()
				assert.Nil(t, err)

				assert.Equal(t, "Hello, client", string(greeting))
			}
		})
	}

	runTest("From runtime generated cert", []string{string(caCertPEM)})

	contentStr := base64.StdEncoding.EncodeToString(caCertPEM)
	runTest("From bytes", []string{contentStr})
}

func TestInsecureSkipVerify(t *testing.T) {
	ts, _, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprint(w, "Hello, client")
	}))
	assert.Nil(t, err)
	defer ts.Close()

	insecureSkipVerify := true

	testClient, err := httpclient.NewHTTPClient(nil, insecureSkipVerify)
	assert.Nil(t, err)

	res, err := testClient.Get(ts.URL)
	assert.Nil(t, err)

	if res != nil {
		greeting, err := io.ReadAll(res.Body)
		res.Body.Close()
		assert.Nil(t, err)

		assert.Equal(t, "Hello, client", string(greeting))
	}
}

func NewLocalHTTPSTestServer(handler http.Handler) (*httptest.Server, []byte, error) {
	ts := httptest.NewUnstartedServer(handler)

	// Generate CA and server cert/key once so client and server share trust
	caCertPEM, serverCertPEM, serverKeyPEM, err := httpclient.GenerateTestCertificates()
	if err != nil {
		return nil, nil, err
	}

	cert, err := tls.X509KeyPair(serverCertPEM, serverKeyPEM)
	if err != nil {
		return nil, nil, err
	}

	ts.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
	ts.StartTLS()
	return ts, caCertPEM, nil
}