mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
60062834c8
add endpoint to serve the kolide certificate back to the user The API will attempt to establish a TLS connection and fetch the certificate from the TLS ConnectionState. The PEM encoded certificate will be served to the client in a JSON response as a base64 encoded string. Closes #1012
57 lines
1.3 KiB
Go
57 lines
1.3 KiB
Go
package service
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/http/httputil"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestCertificateChain(t *testing.T) {
|
|
server, teardown := setupCertificateChain(t)
|
|
defer teardown()
|
|
|
|
certFile := "testdata/server.pem"
|
|
cert, err := tls.LoadX509KeyPair(certFile, "testdata/server.key")
|
|
require.Nil(t, err)
|
|
server.TLS = &tls.Config{
|
|
Certificates: []tls.Certificate{cert},
|
|
}
|
|
server.StartTLS()
|
|
|
|
u, err := url.Parse(server.URL)
|
|
require.Nil(t, err)
|
|
|
|
conn, err := connectTLS(u)
|
|
require.Nil(t, err)
|
|
|
|
have, want := len(conn.ConnectionState().PeerCertificates), len(cert.Certificate)
|
|
require.Equal(t, have, want)
|
|
|
|
original, _ := ioutil.ReadFile(certFile)
|
|
returned, err := chain(conn.ConnectionState(), "")
|
|
require.Nil(t, err)
|
|
require.Equal(t, returned, original)
|
|
}
|
|
|
|
func echoHandler() http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
dump, err := httputil.DumpRequest(r, true)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.Write(dump)
|
|
})
|
|
}
|
|
|
|
func setupCertificateChain(t *testing.T) (server *httptest.Server, teardown func()) {
|
|
server = httptest.NewUnstartedServer(echoHandler())
|
|
return server, server.Close
|
|
}
|