From 7d3de1bbcc39b65df6c4326784c3e1caa5a68960 Mon Sep 17 00:00:00 2001 From: rcourtman Date: Tue, 2 Dec 2025 01:00:06 +0000 Subject: [PATCH] test: Add invalid PEM data test for newOIDCHTTPClient Tests the error path when a CA bundle file contains non-PEM data (81.8% to 86.4% coverage). --- internal/api/oidc_service_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/internal/api/oidc_service_test.go b/internal/api/oidc_service_test.go index a5502c4..3e646f7 100644 --- a/internal/api/oidc_service_test.go +++ b/internal/api/oidc_service_test.go @@ -7,6 +7,7 @@ import ( "net/http" "net/http/httptest" "os" + "strings" "testing" "time" ) @@ -70,4 +71,27 @@ func TestNewOIDCHTTPClient_InvalidBundle(t *testing.T) { } } +func TestNewOIDCHTTPClient_InvalidPEMData(t *testing.T) { + // Create a temp file with invalid PEM data + tempFile, err := os.CreateTemp("", "invalid-ca-*.pem") + if err != nil { + t.Fatalf("failed to create temp file: %v", err) + } + defer os.Remove(tempFile.Name()) + + // Write invalid data that's not a valid PEM certificate + if _, err := tempFile.WriteString("not a valid PEM certificate"); err != nil { + t.Fatalf("failed to write invalid data: %v", err) + } + tempFile.Close() + + client, _, err := newOIDCHTTPClient(tempFile.Name()) + if err == nil { + t.Fatalf("expected error for invalid PEM data, got client: %+v", client) + } + if !strings.Contains(err.Error(), "does not contain any certificates") { + t.Errorf("expected 'does not contain any certificates' error, got: %v", err) + } +} + const testHTTPTimeout = 2 * time.Second