test: Add invalid PEM data test for newOIDCHTTPClient

Tests the error path when a CA bundle file contains non-PEM data
(81.8% to 86.4% coverage).
This commit is contained in:
rcourtman 2025-12-02 01:00:06 +00:00
parent 1a595b3b2e
commit 7d3de1bbcc

View file

@ -7,6 +7,7 @@ import (
"net/http"
"net/http/httptest"
"os"
"strings"
"testing"
"time"
)
@ -70,4 +71,27 @@ func TestNewOIDCHTTPClient_InvalidBundle(t *testing.T) {
}
}
func TestNewOIDCHTTPClient_InvalidPEMData(t *testing.T) {
// Create a temp file with invalid PEM data
tempFile, err := os.CreateTemp("", "invalid-ca-*.pem")
if err != nil {
t.Fatalf("failed to create temp file: %v", err)
}
defer os.Remove(tempFile.Name())
// Write invalid data that's not a valid PEM certificate
if _, err := tempFile.WriteString("not a valid PEM certificate"); err != nil {
t.Fatalf("failed to write invalid data: %v", err)
}
tempFile.Close()
client, _, err := newOIDCHTTPClient(tempFile.Name())
if err == nil {
t.Fatalf("expected error for invalid PEM data, got client: %+v", client)
}
if !strings.Contains(err.Error(), "does not contain any certificates") {
t.Errorf("expected 'does not contain any certificates' error, got: %v", err)
}
}
const testHTTPTimeout = 2 * time.Second