func TestParseTLSWithEnvironmentVariables(t *testing.T) {
config := configure(fmt.Sprintf(`{
"server": {
"tls_cert_file": "%s",
"client_ca_file": "nosuchfile"
}
}`, Cert))
vars := map[string]string{
"SERVER_TLS_KEY_FILE": Key,
"SERVER_CLIENT_CA_FILE": Root,
}
setupEnvironmentVariables(t, vars)
defer cleanupEnvironmentVariables(t, vars)
tlsConfig, err := ParseServerTLS(config, true)
require.NoError(t, err)
expectedCert, err := tls.LoadX509KeyPair(Cert, Key)
require.NoError(t, err)
expectedRoot, err := utils.LoadCertFromFile(Root)
require.NoError(t, err)
require.Len(t, tlsConfig.Certificates, 1)
require.True(t, reflect.DeepEqual(expectedCert, tlsConfig.Certificates[0]))
subjects := tlsConfig.ClientCAs.Subjects()
require.Len(t, subjects, 1)
require.True(t, bytes.Equal(expectedRoot.RawSubject, subjects[0]))
require.Equal(t, tlsConfig.ClientAuth, tls.RequireAndVerifyClientCert)
}
func TestParseTLSWithTLS(t *testing.T) {
config := configure(fmt.Sprintf(`{
"server": {
"tls_cert_file": "%s",
"tls_key_file": "%s",
"client_ca_file": "%s"
}
}`, Cert, Key, Root))
tlsConfig, err := ParseServerTLS(config, false)
require.NoError(t, err)
expectedCert, err := tls.LoadX509KeyPair(Cert, Key)
require.NoError(t, err)
expectedRoot, err := utils.LoadCertFromFile(Root)
require.NoError(t, err)
require.Len(t, tlsConfig.Certificates, 1)
require.True(t, reflect.DeepEqual(expectedCert, tlsConfig.Certificates[0]))
subjects := tlsConfig.ClientCAs.Subjects()
require.Len(t, subjects, 1)
require.True(t, bytes.Equal(expectedRoot.RawSubject, subjects[0]))
require.Equal(t, tlsConfig.ClientAuth, tls.RequireAndVerifyClientCert)
}