|
|
|
@ -13,6 +13,7 @@ import (
|
|
|
|
|
"github.com/smallstep/certificates/api"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func Test_newTLSOptionCtx(t *testing.T) {
|
|
|
|
|
client, err := NewClient("https://ca.smallstep.com", WithTransport(http.DefaultTransport))
|
|
|
|
|
if err != nil {
|
|
|
|
@ -40,6 +41,7 @@ func Test_newTLSOptionCtx(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestTLSOptionCtx_apply(t *testing.T) {
|
|
|
|
|
fail := func() TLSOption {
|
|
|
|
|
return func(ctx *TLSOptionCtx) error {
|
|
|
|
@ -76,6 +78,7 @@ func TestTLSOptionCtx_apply(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestRequireAndVerifyClientCert(t *testing.T) {
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
@ -100,6 +103,7 @@ func TestRequireAndVerifyClientCert(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestVerifyClientCertIfGiven(t *testing.T) {
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
@ -124,6 +128,7 @@ func TestVerifyClientCertIfGiven(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddRootCA(t *testing.T) {
|
|
|
|
|
cert := parseCertificate(rootPEM)
|
|
|
|
|
pool := x509.NewCertPool()
|
|
|
|
@ -156,6 +161,7 @@ func TestAddRootCA(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddClientCA(t *testing.T) {
|
|
|
|
|
cert := parseCertificate(rootPEM)
|
|
|
|
|
pool := x509.NewCertPool()
|
|
|
|
@ -188,6 +194,7 @@ func TestAddClientCA(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddRootsToRootCAs(t *testing.T) {
|
|
|
|
|
ca := startCATestServer()
|
|
|
|
|
defer ca.Close()
|
|
|
|
@ -242,6 +249,7 @@ func TestAddRootsToRootCAs(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddRootsToClientCAs(t *testing.T) {
|
|
|
|
|
ca := startCATestServer()
|
|
|
|
|
defer ca.Close()
|
|
|
|
@ -296,6 +304,7 @@ func TestAddRootsToClientCAs(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddFederationToRootCAs(t *testing.T) {
|
|
|
|
|
ca := startCATestServer()
|
|
|
|
|
defer ca.Close()
|
|
|
|
@ -360,6 +369,7 @@ func TestAddFederationToRootCAs(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddFederationToClientCAs(t *testing.T) {
|
|
|
|
|
ca := startCATestServer()
|
|
|
|
|
defer ca.Close()
|
|
|
|
@ -424,6 +434,7 @@ func TestAddFederationToClientCAs(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddRootsToCAs(t *testing.T) {
|
|
|
|
|
ca := startCATestServer()
|
|
|
|
|
defer ca.Close()
|
|
|
|
@ -478,6 +489,7 @@ func TestAddRootsToCAs(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nolint:gosec // test tls config
|
|
|
|
|
func TestAddFederationToCAs(t *testing.T) {
|
|
|
|
|
ca := startCATestServer()
|
|
|
|
|
defer ca.Close()
|
|
|
|
|