From 9ec5f747a55a5a7bfbd39d47f957ae98fbc4e353 Mon Sep 17 00:00:00 2001
From: Hubert Grochowski <hubert.grochowski@saucelabs.com>
Date: Wed, 18 Sep 2024 11:51:37 +0200
Subject: [PATCH] http_proxy_test: test error response for tls record header
 and cert error

---
 http_proxy_test.go | 55 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/http_proxy_test.go b/http_proxy_test.go
index c51f122b..2d9577cb 100644
--- a/http_proxy_test.go
+++ b/http_proxy_test.go
@@ -9,10 +9,12 @@ package forwarder
 import (
 	"context"
 	"errors"
+	"io"
 	"net"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"strings"
 	"testing"
 
 	"github.com/saucelabs/forwarder/log/stdlog"
@@ -143,3 +145,56 @@ func TestIsLocalhost(t *testing.T) {
 		}
 	}
 }
+
+func TestErrorResponse(t *testing.T) {
+	cfg := DefaultHTTPProxyConfig()
+	cfg.ProxyLocalhost = AllowProxyLocalhost
+
+	h, err := NewHTTPProxyHandler(cfg, nil, nil, nil, stdlog.Default())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Run("handleTLSRecordHeader", func(t *testing.T) {
+		s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		}))
+		defer s.Close()
+
+		// Send HTTPS request to an HTTP server.
+		req, err := http.NewRequest(http.MethodGet, "https://"+s.Listener.Addr().String(), http.NoBody)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		rw := httptest.NewRecorder()
+		h.ServeHTTP(rw, req)
+
+		res := rw.Result()
+		b, _ := io.ReadAll(res.Body)
+		if !strings.Contains(string(b), "scheme mismatch (looks like an HTTP request)") {
+			t.Fatalf("expected TLS record header error, body=%q", b)
+		}
+	})
+
+	t.Run("handleTLSCertificateError", func(t *testing.T) {
+		s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		}))
+		defer s.Close()
+
+		req, err := http.NewRequest(http.MethodGet, s.URL, http.NoBody)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		rw := httptest.NewRecorder()
+		h.ServeHTTP(rw, req)
+
+		res := rw.Result()
+		b, _ := io.ReadAll(res.Body)
+		if !strings.Contains(string(b), "unverified certificates:") {
+			t.Fatalf("expected unverified certificates chain, body=%q", b)
+		}
+	})
+}