traefik/integration/tls_client_headers_test.go

package integration

import (
	"crypto/tls"
	"net/http"
	"os"
	"time"

	"github.com/go-check/check"
	"github.com/traefik/traefik/v2/integration/try"
	checker "github.com/vdemeester/shakers"
)

const (
	rootCertPath = "./fixtures/tlsclientheaders/root.pem"
	certPemPath  = "./fixtures/tlsclientheaders/server.pem"
	certKeyPath  = "./fixtures/tlsclientheaders/server.key"
)

type TLSClientHeadersSuite struct{ BaseSuite }

func (s *TLSClientHeadersSuite) SetUpSuite(c *check.C) {
	s.createComposeProject(c, "tlsclientheaders")
	s.composeUp(c)
}

func (s *TLSClientHeadersSuite) TestTLSClientHeaders(c *check.C) {
	rootCertContent, err := os.ReadFile(rootCertPath)
	c.Assert(err, check.IsNil)
	serverCertContent, err := os.ReadFile(certPemPath)
	c.Assert(err, check.IsNil)
	ServerKeyContent, err := os.ReadFile(certKeyPath)
	c.Assert(err, check.IsNil)

	file := s.adaptFile(c, "fixtures/tlsclientheaders/simple.toml", struct {
		RootCertContent   string
		ServerCertContent string
		ServerKeyContent  string
	}{
		RootCertContent:   string(rootCertContent),
		ServerCertContent: string(serverCertContent),
		ServerKeyContent:  string(ServerKeyContent),
	})
	defer os.Remove(file)

	cmd, display := s.traefikCmd(withConfigFile(file))
	defer display(c)
	err = cmd.Start()
	c.Assert(err, checker.IsNil)
	defer s.killCmd(cmd)

	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("PathPrefix(`/foo`)"))
	c.Assert(err, checker.IsNil)

	request, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:8443/foo", nil)
	c.Assert(err, checker.IsNil)

	certificate, err := tls.LoadX509KeyPair(certPemPath, certKeyPath)
	c.Assert(err, checker.IsNil)

	tr := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,
			Certificates:       []tls.Certificate{certificate},
		},
	}

	err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA+bBExVSP26MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgxNzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x/lhKLlv4amSDHDx8Cmz/6blOUM8XOfMRW1xx++AgChWN9dx/kf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL/aaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V+XyVkIPmzfPrRV+4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeFNFisfBJTrscqVCTW+B80gMhpLdxXD+KO0/Wgc5xpB/wLSirNtRQyxAa3+EEcIwJv/wdh8EyjlDLSpFm/8ghntrKhkOfIOPDFE41M5HNfx/Fuh5btKEenOL/XdapqtNUt2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2NaDkVnxTkfEDM1k+3QydO1lqB5JJmcrs59BEveTqaJ3eeh/0I4OOab6OkTTZ0JNjJp1573oxO+fce/bfGud8xHY5gSN9huU7U6RsgvO7Dhmal/sDNl8XC8oU90hVDVXZdA7ewh4jjaoIv"))
	c.Assert(err, checker.IsNil)
}
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`package integration`

			`import (`
			`"crypto/tls"`
			`"net/http"`
			`"os"`
			`"time"`

			`"github.com/go-check/check"`
chore: move to Traefik organization. Co-authored-by: Romain <rtribotte@users.noreply.github.com> 2020-09-16 16:46:04 +03:00			`"github.com/traefik/traefik/v2/integration/try"`
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`checker "github.com/vdemeester/shakers"`
			`)`

			`const (`
			`rootCertPath = "./fixtures/tlsclientheaders/root.pem"`
			`certPemPath = "./fixtures/tlsclientheaders/server.pem"`
			`certKeyPath = "./fixtures/tlsclientheaders/server.key"`
			`)`

			`type TLSClientHeadersSuite struct{ BaseSuite }`

			`func (s TLSClientHeadersSuite) SetUpSuite(c check.C) {`
			`s.createComposeProject(c, "tlsclientheaders")`
test: upgrade docker-compose Co-authored-by: Rémi Buisson <remi.buisson@traefik.io> 2021-11-25 13:10:06 +03:00			`s.composeUp(c)`
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`}`

			`func (s TLSClientHeadersSuite) TestTLSClientHeaders(c check.C) {`
Update to go1.16 2021-03-04 22:08:03 +03:00			`rootCertContent, err := os.ReadFile(rootCertPath)`
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`c.Assert(err, check.IsNil)`
Update to go1.16 2021-03-04 22:08:03 +03:00			`serverCertContent, err := os.ReadFile(certPemPath)`
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`c.Assert(err, check.IsNil)`
Update to go1.16 2021-03-04 22:08:03 +03:00			`ServerKeyContent, err := os.ReadFile(certKeyPath)`
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`c.Assert(err, check.IsNil)`

			`file := s.adaptFile(c, "fixtures/tlsclientheaders/simple.toml", struct {`
			`RootCertContent string`
			`ServerCertContent string`
			`ServerKeyContent string`
			`}{`
			`RootCertContent: string(rootCertContent),`
			`ServerCertContent: string(serverCertContent),`
			`ServerKeyContent: string(ServerKeyContent),`
			`})`
			`defer os.Remove(file)`

			`cmd, display := s.traefikCmd(withConfigFile(file))`
			`defer display(c)`
			`err = cmd.Start()`
			`c.Assert(err, checker.IsNil)`
fix: flaky integration tests 2020-10-09 10:32:03 +03:00			`defer s.killCmd(cmd)`
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00
Fix HTTP challenge router unexpected delayed creation 2021-01-28 18:16:05 +03:00			err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("PathPrefix(`/foo`)"))
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`c.Assert(err, checker.IsNil)`

Fix HTTP challenge router unexpected delayed creation 2021-01-28 18:16:05 +03:00			`request, err := http.NewRequest(http.MethodGet, "https://127.0.0.1:8443/foo", nil)`
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`c.Assert(err, checker.IsNil)`

			`certificate, err := tls.LoadX509KeyPair(certPemPath, certKeyPath)`
			`c.Assert(err, checker.IsNil)`

			`tr := &http.Transport{`
			`TLSClientConfig: &tls.Config{`
			`InsecureSkipVerify: true,`
			`Certificates: []tls.Certificate{certificate},`
			`},`
			`}`

Remove raw cert escape in PassTLSClientCert middleware 2022-10-13 16:08:08 +03:00			err = try.RequestWithTransport(request, 2*time.Second, tr, try.BodyContains("Forwarded-Tls-Client-Cert: MIIDNTCCAh0CFD0QQcHXUJuKwMBYDA+bBExVSP26MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazENMAsGA1UEAwwEcm9vdDAeFw0yMTAxMDgxNzQ0MjRaFw0zMTAxMDYxNzQ0MjRaMFgxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxFTATBgNVBAoMDFRyYWVmaWsgTGFiczEQMA4GA1UECwwHdHJhZWZpazEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYK2z8gLPOfFLgXNWP2460aeJ9vrH47x/lhKLlv4amSDHDx8Cmz/6blOUM8XOfMRW1xx++AgChWN9dx/kf7G2xlA5grZxRvUQ6xj7AvFG9TQUA3muNh2hvm9c3IjaZBNKH27bRKuDIBvZBvXdX4NL/aaFy7w7v7IKxk8j4WkfB23sgyH43g4b7NqKHJugZiedFu5GALmtLbShVOFbjWcre7Wvatdw8dIBmiFJqZQT3UjIuGAgqczIShtLxo4V+XyVkIPmzfPrRV+4zoMFIFOIaj3syyxb4krPBtxhe7nz2cWvvq0wePB2y4YbAAoVY8NYpd5JsMFwZtG6Uk59ygv4QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDaPg69wNeFNFisfBJTrscqVCTW+B80gMhpLdxXD+KO0/Wgc5xpB/wLSirNtRQyxAa3+EEcIwJv/wdh8EyjlDLSpFm/8ghntrKhkOfIOPDFE41M5HNfx/Fuh5btKEenOL/XdapqtNUt2ZE4RrsfbL79sPYepa9kDUVi2mCbeH5ollZ0MDU68HpB2YwHbCEuQNk5W3pjYK2NaDkVnxTkfEDM1k+3QydO1lqB5JJmcrs59BEveTqaJ3eeh/0I4OOab6OkTTZ0JNjJp1573oxO+fce/bfGud8xHY5gSN9huU7U6RsgvO7Dhmal/sDNl8XC8oU90hVDVXZdA7ewh4jjaoIv"))
Pass the TLS Cert infos in headers 2018-08-29 12:36:03 +03:00			`c.Assert(err, checker.IsNil)`
			`}`