diff options
| author | unclejack <unclejack@users.noreply.github.com> | 2014-04-09 01:56:01 +0300 |
|---|---|---|
| committer | unclejack <unclejack@users.noreply.github.com> | 2014-04-09 01:56:01 +0300 |
| commit | e128a606e39fa63c6b4fd6e53a1d88cf00aad868 (patch) | |
| tree | 199ee7eb6678ffecd2ddad95fce794c795ad5183 /integration/https_test.go | |
| parent | 143c9707a9fafc39e1d9747f528db97b2564f01e (diff) | |
| parent | dc9c28f51d669d6b09e81c2381f800f1a33bb659 (diff) | |
| download | docker-release-0.10.tar.gz | |
Merge pull request #5079 from unclejack/bump_v0.10.0release-0.100.10.1-hotfixes
Bump version to v0.10.0
Diffstat (limited to 'integration/https_test.go')
| -rw-r--r-- | integration/https_test.go | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/integration/https_test.go b/integration/https_test.go new file mode 100644 index 0000000000..0b4abea881 --- /dev/null +++ b/integration/https_test.go @@ -0,0 +1,82 @@ +package docker + +import ( + "crypto/tls" + "crypto/x509" + "github.com/dotcloud/docker/api/client" + "io/ioutil" + "testing" + "time" +) + +const ( + errBadCertificate = "remote error: bad certificate" + errCaUnknown = "x509: certificate signed by unknown authority" +) + +func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config { + certPool := x509.NewCertPool() + file, err := ioutil.ReadFile("fixtures/https/ca.pem") + if err != nil { + t.Fatal(err) + } + certPool.AppendCertsFromPEM(file) + + cert, err := tls.LoadX509KeyPair("fixtures/https/"+certFile, "fixtures/https/"+keyFile) + if err != nil { + t.Fatalf("Couldn't load X509 key pair: %s", err) + } + tlsConfig := &tls.Config{ + RootCAs: certPool, + Certificates: []tls.Certificate{cert}, + } + return tlsConfig +} + +// TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint +func TestHttpsInfo(t *testing.T) { + cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, + testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t)) + + setTimeout(t, "Reading command output time out", 10*time.Second, func() { + if err := cli.CmdInfo(); err != nil { + t.Fatal(err) + } + }) +} + +// TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint +// by using a rogue client certificate and checks that it fails with the expected error. +func TestHttpsInfoRogueCert(t *testing.T) { + cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, + testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t)) + + setTimeout(t, "Reading command output time out", 10*time.Second, func() { + err := cli.CmdInfo() + if err == nil { + t.Fatal("Expected error but got nil") + } + if err.Error() != errBadCertificate { + t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err) + } + }) +} + +// TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint +// which provides a rogue server certificate and checks that it fails with the expected error +func TestHttpsInfoRogueServerCert(t *testing.T) { + cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, + testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t)) + + setTimeout(t, "Reading command output time out", 10*time.Second, func() { + err := cli.CmdInfo() + if err == nil { + t.Fatal("Expected error but got nil") + } + + if err.Error() != errCaUnknown { + t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err) + } + + }) +} |