Log in
Log in
Log in
Book a Demo
Get Started
670.9K 485.3K 8.3K
Back to Repositories

Validating mTLS Certificate Authentication in Insomnia

This test suite validates mutual TLS (mTLS) authentication functionality in the Insomnia API client, focusing on client certificate management and secure request handling. The tests verify proper certificate implementation, error handling, and request authentication flows.

Test Coverage Overview

The test suite provides comprehensive coverage of mTLS authentication scenarios.

Key areas tested include:
  • Client certificate import and configuration
  • CA certificate handling
  • Certificate validation flows
  • Error handling for invalid/missing certificates
  • Certificate enable/disable functionality

Implementation Analysis

The testing approach utilizes Playwright’s automation capabilities to simulate user interactions with Insomnia’s certificate management interface. The implementation follows a step-by-step workflow pattern, validating each stage of the mTLS setup and authentication process using fixture-based test data and real certificate files.

Technical Details

Testing tools and configuration:
  • Playwright test framework for UI automation
  • Custom fixture loading utilities
  • Test certificates (rootCA.pem, client.crt, client.key)
  • YAML-based collection fixtures
  • Response status and body assertions

Best Practices Demonstrated

The test exhibits strong quality practices through comprehensive assertion coverage and robust error handling validation. Notable practices include:
  • Systematic certificate management workflow testing
  • Explicit state verification at each step
  • Clear separation of setup and verification phases
  • Thorough error condition coverage

kong/insomnia

packages/insomnia-smoke-test/tests/smoke/mtls.test.ts

            

import path from 'node:path';

import { expect } from '@playwright/test';

import { getFixturePath, loadFixture } from '../../playwright/paths';
import { test } from '../../playwright/test';

test('can use client certificate for mTLS', async ({ app, page }) => {
  const statusTag = page.locator('[data-testid="response-status-tag"]:visible');
  const responseBody = page.locator('[data-testid="response-pane"] >> [data-testid="CodeEditor"]:visible', {
    has: page.locator('.CodeMirror-activeline'),
  });

  const clientCertsCollectionText = await loadFixture('client-certs.yaml');
  await app.evaluate(async ({ clipboard }, text) => clipboard.writeText(text), clientCertsCollectionText);

  await page.getByLabel('Import').click();
  await page.locator('[data-test-id="import-from-clipboard"]').click();
  await page.getByRole('button', { name: 'Scan' }).click();
  await page.getByRole('dialog').getByRole('button', { name: 'Import' }).click();
  await page.getByLabel('client-certs').click();

  await page.getByLabel('Request Collection').getByTestId('pet 2 with url var').press('Enter');

  await page.getByRole('button', { name: 'Send', exact: true }).click();
  await page.getByText('Error: SSL peer certificate or SSH remote key was not OK').click();

  const fixturePath = getFixturePath('certificates');

  await page.getByRole('button', { name: 'Add Certificates' }).click();

  let fileChooser = page.waitForEvent('filechooser');
  await page.getByRole('button', { name: 'Add CA Certificate' }).click();
  await (await fileChooser).setFiles(path.join(fixturePath, 'rootCA.pem'));

  await page.getByRole('button', { name: 'Done' }).click();
  await page.getByRole('button', { name: 'Send', exact: true }).click();

  await expect(statusTag).toContainText('401 Unauthorized');
  await expect(responseBody).toContainText('Client certificate required');

  await page.getByRole('button', { name: 'Add Certificates' }).click();
  await page.getByRole('button', { name: 'Add client certificate' }).click();
  await page.locator('[name="host"]').fill('localhost');

  fileChooser = page.waitForEvent('filechooser');
  await page.locator('[data-test-id="add-client-certificate-file-chooser"]').click();
  await (await fileChooser).setFiles(path.join(fixturePath, 'client.crt'));

  fileChooser = page.waitForEvent('filechooser');
  await page.locator('[data-test-id="add-client-certificate-key-file-chooser"]').click();
  await (await fileChooser).setFiles(path.join(fixturePath, 'client.key'));

  await page.getByRole('button', { name: 'Add certificate' }).click();
  await page.getByRole('button', { name: 'Done' }).click();

  await page.getByRole('button', { name: 'Send', exact: true }).click();

  await expect(statusTag).toContainText('200 OK');
  await expect(responseBody).toContainText('"id": "2"');

  // ensure disabling the cert actually disables it
  await page.getByRole('button', { name: 'Add Certificates' }).click();
  await page.locator('[data-test-id="client-certificate-toggle"]').click();
  await page.getByRole('button', { name: 'Done' }).click();
  await page.getByLabel('Request Collection').getByTestId('pet 2').press('Enter');

  await page.getByRole('button', { name: 'Send', exact: true }).click();
  await expect(statusTag).toContainText('401 Unauthorized');
  await expect(responseBody).toContainText('Client certificate required');

});