func (s *KeyringSuite) TestCustomHTTPClient(c *gc.C) {
client := &http.Client{
Transport: errorTransport{},
}
kr := httpbakery.NewPublicKeyRing(client, nil)
pk, err := kr.PublicKeyForLocation("https://0.1.2.3/")
c.Assert(err, gc.ErrorMatches, `cannot get public key from "https://0.1.2.3/publickey": Get https://0.1.2.3/publickey: custom round trip error`)
c.Assert(pk, gc.IsNil)
}
func (s *KeyringSuite) TestCachePrepopulated(c *gc.C) {
cache := bakery.NewPublicKeyRing()
key, err := bakery.GenerateKey()
c.Assert(err, gc.IsNil)
cache.AddPublicKeyForLocation("https://0.1.2.3/", true, &key.Public)
kr := httpbakery.NewPublicKeyRing(nil, cache)
pk, err := kr.PublicKeyForLocation("https://0.1.2.3/")
c.Assert(err, gc.IsNil)
c.Assert(*pk, gc.Equals, key.Public)
}
func (s *KeyringSuite) TestCacheMiss(c *gc.C) {
d := bakerytest.NewDischarger(nil, nil)
defer d.Close()
kr := httpbakery.NewPublicKeyRing(nil, nil)
expectPublicKey := d.Service.PublicKey()
pk, err := kr.PublicKeyForLocation(d.Location())
c.Assert(err, gc.IsNil)
c.Assert(*pk, gc.Equals, *expectPublicKey)
// Close down the service and make sure that
// the key is cached.
d.Close()
pk, err = kr.PublicKeyForLocation(d.Location())
c.Assert(err, gc.IsNil)
c.Assert(*pk, gc.Equals, *expectPublicKey)
}
func (s *KeyringSuite) TestInsecureURL(c *gc.C) {
// Set up a discharger with an non-HTTPS access point.
d := bakerytest.NewDischarger(nil, nil)
defer d.Close()
httpsDischargeURL, err := url.Parse(d.Location())
c.Assert(err, gc.IsNil)
srv := httptest.NewServer(httputil.NewSingleHostReverseProxy(httpsDischargeURL))
defer srv.Close()
// Check that we are refused because it's an insecure URL.
kr := httpbakery.NewPublicKeyRing(nil, nil)
pk, err := kr.PublicKeyForLocation(srv.URL)
c.Assert(err, gc.ErrorMatches, `untrusted discharge URL "http://.*"`)
c.Assert(pk, gc.IsNil)
// Check that it does work when we've enabled AllowInsecure.
kr.AllowInsecure()
pk, err = kr.PublicKeyForLocation(srv.URL)
c.Assert(err, gc.IsNil)
c.Assert(*pk, gc.Equals, *d.Service.PublicKey())
}