more useful tlsauth.Approver type

the predicate function should be able to see the whole context and request

1 files changed, 12 insertions, 4 deletions

diff --git a/contrib/tlsauth/approver_test.go b/contrib/tlsauth/approver_test.go
index d2f4f07..32f7c40 100644
--- a/contrib/tlsauth/approver_test.go
+++ b/contrib/tlsauth/approver_test.go
@@ -1,6 +1,7 @@
 package tlsauth_test
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
@@ -8,6 +9,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
+	"tildegit.org/tjp/sliderule"
 	"tildegit.org/tjp/sliderule/contrib/tlsauth"
 )
 
@@ -15,18 +17,24 @@ func TestRequireSpecificIdentity(t *testing.T) {
 	cert1, err := leafCert("testdata/client1.crt", "testdata/client1.key")
 	assert.Nil(t, err)
 
+	req1 := &sliderule.Request{TLSState: &tls.ConnectionState{PeerCertificates: []*x509.Certificate{cert1}}}
+
 	cert2, err := leafCert("testdata/client2.crt", "testdata/client2.key")
 	assert.Nil(t, err)
 
+	req2 := &sliderule.Request{TLSState: &tls.ConnectionState{PeerCertificates: []*x509.Certificate{cert2}}}
+
+	ctx := context.Background()
+
 	assert.True(t, cert1.Equal(cert1))
 	assert.False(t, cert1.Equal(cert2))
 	assert.False(t, cert2.Equal(cert1))
 	assert.True(t, cert2.Equal(cert2))
 
-	assert.True(t, tlsauth.RequireSpecificIdentity(cert1)(cert1))
-	assert.False(t, tlsauth.RequireSpecificIdentity(cert1)(cert2))
-	assert.False(t, tlsauth.RequireSpecificIdentity(cert2)(cert1))
-	assert.True(t, tlsauth.RequireSpecificIdentity(cert2)(cert2))
+	assert.True(t, tlsauth.RequireSpecificIdentity(cert1)(ctx, req1))
+	assert.False(t, tlsauth.RequireSpecificIdentity(cert1)(ctx, req2))
+	assert.False(t, tlsauth.RequireSpecificIdentity(cert2)(ctx, req1))
+	assert.True(t, tlsauth.RequireSpecificIdentity(cert2)(ctx, req2))
 }
 
 func leafCert(certfile, keyfile string) (*x509.Certificate, error) {