From e3ce2b188bf0ef0caec819d559ce6edecca6722f Mon Sep 17 00:00:00 2001
From: George Jenkins <gvjenkins@gmail.com>
Date: Mon, 2 Dec 2024 16:22:15 -0500
Subject: [PATCH] more

Signed-off-by: George Jenkins <gvjenkins@gmail.com>
---
 pkg/repo/repotest/server.go |  9 +++--
 testdata/testdata.go        | 70 +++++++++++++++++++++++++++++++++++++
 testdata/testdata_test.go   | 29 +++++++++++++++
 3 files changed, 105 insertions(+), 3 deletions(-)
 create mode 100644 testdata/testdata.go
 create mode 100644 testdata/testdata_test.go

diff --git a/pkg/repo/repotest/server.go b/pkg/repo/repotest/server.go
index 9fde6d277..d2a15d92c 100644
--- a/pkg/repo/repotest/server.go
+++ b/pkg/repo/repotest/server.go
@@ -61,7 +61,7 @@ func WithBasicAuth() ServerOption {
 }
 
 func WithChartSourceGlob(glob string) ServerOption {
-	return func(t *testing.T, server *Server) {
+	return func(_ *testing.T, server *Server) {
 		server.chartSourceGlob = glob
 	}
 }
@@ -71,7 +71,9 @@ func WithChartSourceGlob(glob string) ServerOption {
 // If the passed in string is not "", it will be treated as a shell glob, and files
 // will be copied from that path to the server's docroot.
 //
-// The server is started automatically. And the caller is responsible for stopping the server.
+// The server is started automatically. The caller is responsible for stopping
+// the server.
+//
 // The temp dir will be removed by testing package automatically when test finished.
 func NewTempServer(t *testing.T, options ...ServerOption) *Server {
 
@@ -97,7 +99,8 @@ func NewTempServer(t *testing.T, options ...ServerOption) *Server {
 //
 // docroot should be a temp dir managed by the caller.
 //
-// The server is started automatically. And the caller is responsible for stopping the server.
+// The server is started automatically. The caller is responsible for stopping
+// the server.
 //
 // Use CopyCharts to move charts into the repository and then index them
 // for service.
diff --git a/testdata/testdata.go b/testdata/testdata.go
new file mode 100644
index 000000000..2ab16a72d
--- /dev/null
+++ b/testdata/testdata.go
@@ -0,0 +1,70 @@
+/*
+Copyright The Helm Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package testdata
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"embed"
+
+	"github.com/pkg/errors"
+)
+
+//go:embed rootca.crt rootca.key crt.pem key.pem
+var tlsFiles embed.FS
+
+func ReadTLSConfig(insecureSkipTLSverify bool) (*tls.Config, error) {
+	config := tls.Config{
+		InsecureSkipVerify: insecureSkipTLSverify,
+	}
+
+	certFile := "crt.pem"
+	keyFile := "key.pem"
+	caFile := "rootca.crt"
+
+	certPEMBlock, err := tlsFiles.ReadFile(certFile)
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to read cert file: file=%q", certFile)
+	}
+
+	keyPEMBlock, err := tlsFiles.ReadFile(keyFile)
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to read key file: file=%q", keyFile)
+	}
+
+	cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
+	if err != nil {
+		return nil, err
+	}
+
+	config.Certificates = []tls.Certificate{cert}
+
+	tlsFiles.ReadFile("rootca.crt")
+
+	b, err := tlsFiles.ReadFile(caFile)
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to read CA file: caFile=%q", caFile)
+	}
+
+	cp := x509.NewCertPool()
+	if !cp.AppendCertsFromPEM(b) {
+		return nil, errors.Wrapf(err, "failed to append certificates from file: caFile=%q", caFile)
+	}
+
+	config.RootCAs = cp
+
+	return &config, nil
+}
diff --git a/testdata/testdata_test.go b/testdata/testdata_test.go
new file mode 100644
index 000000000..b7a3271f6
--- /dev/null
+++ b/testdata/testdata_test.go
@@ -0,0 +1,29 @@
+package testdata
+
+import (
+	"crypto/x509"
+	"net"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestReadTLSConfig(t *testing.T) {
+
+	insecureSkipVerify := false
+
+	tlsConfig, err := ReadTLSConfig(insecureSkipVerify)
+
+	require.Nil(t, err)
+	assert.Equal(t, insecureSkipVerify, tlsConfig.InsecureSkipVerify)
+
+	require.Len(t, tlsConfig.Certificates, 1)
+	require.Len(t, tlsConfig.Certificates[0].Certificate, 1)
+
+	leaf, err := x509.ParseCertificate(tlsConfig.Certificates[0].Certificate[0])
+	assert.Nil(t, err)
+
+	assert.Equal(t, []string{"helm.sh"}, leaf.DNSNames)
+	assert.Equal(t, []net.IP{{127, 0, 0, 1}}, leaf.IPAddresses)
+}