Merge pull request #205 from bzwei/webhook-mtls

feat: enable webhook mTLS support
ansible · May 17, 2024 · 4486592 · 4486592
2 parents 9fc76cd + 5172641
commit 4486592
Show file tree

Hide file tree

Showing 7 changed files with 193 additions and 17 deletions.
diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -0,0 +1,5 @@
+[allowlist]
+description = "Global Allowlist"
+
+# Ignore based on any subset of the file path
+paths = ['''tests\/unit\/event_source\/certs''']
diff --git a/extensions/eda/plugins/event_source/webhook.py b/extensions/eda/plugins/event_source/webhook.py
@@ -18,6 +18,10 @@
     certfile: The optional path to a certificate file to enable TLS support
     keyfile:  The optional path to a key file to be used together with certfile
     password: The optional password to be used when loading the certificate chain
+    cafile:   The optional path to a file containing CA certificates used to validate
+              clients' certificates
+    capath:   The optional path to a directory containing CA certificates
+              Provide either cafile or capath to enable mTLS support
     hmac_secret: The optional HMAC secret used to verify the payload from the client
     hmac_algo: The optional HMAC algorithm used to calculate the payload hash.
                See your python's hashlib.algorithms_available set for available options.
@@ -30,18 +34,23 @@
 
 """
 
+from __future__ import annotations
+
 import asyncio
 import base64
 import hashlib
 import hmac
 import json
 import logging
 import ssl
-from collections.abc import Callable
+import typing
 from typing import Any
 
 from aiohttp import web
 
+if typing.TYPE_CHECKING:
+    from collections.abc import Callable
+
 logger = logging.getLogger(__name__)
 routes = web.RouteTableDef()
 
@@ -127,6 +136,30 @@ async def hmac_verify(request: web.Request, handler: Callable) -> web.StreamResp
     return await handler(request)
 
 
+def _get_ssl_context(args: dict[str, Any]) -> ssl.SSLContext | None:
+    context = None
+    if "certfile" in args:
+        certfile = args.get("certfile")
+        keyfile = args.get("keyfile", None)
+        password = args.get("password", None)
+        context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+        try:
+            context.load_cert_chain(certfile, keyfile, password)
+        except Exception:
+            logger.exception("Failed to load certificates. Check they are valid")
+            raise
+        cafile = args.get("cafile", None)
+        capath = args.get("capath", None)
+        if cafile or capath:
+            try:
+                context.load_verify_locations(cafile, capath)
+            except Exception:
+                logger.exception("Failed to load CA certificates. Check they are valid")
+                raise
+            context.verify_mode = ssl.CERT_REQUIRED
+    return context
+
+
 async def main(queue: asyncio.Queue, args: dict[str, Any]) -> None:
     """Receive events via webhook."""
     if "port" not in args:
@@ -161,25 +194,13 @@ async def main(queue: asyncio.Queue, args: dict[str, Any]) -> None:
 
     app.add_routes(routes)
 
-    context = None
-    if "certfile" in args:
-        certfile = args.get("certfile")
-        keyfile = args.get("keyfile", None)
-        password = args.get("password", None)
-        context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-        try:
-            context.load_cert_chain(certfile, keyfile, password)
-        except Exception:
-            logger.exception("Failed to load certificates. Check they are valid")
-            raise
-
     runner = web.AppRunner(app)
     await runner.setup()
     site = web.TCPSite(
         runner,
         args.get("host") or "0.0.0.0",  # noqa: S104
         args.get("port"),
-        ssl_context=context,
+        ssl_context=_get_ssl_context(args),
     )
     await site.start()
 
@@ -197,7 +218,7 @@ async def main(queue: asyncio.Queue, args: dict[str, Any]) -> None:
     class MockQueue:
         """A fake queue."""
 
-        async def put(self: "MockQueue", event: dict) -> None:
+        async def put(self: MockQueue, event: dict) -> None:
             """Print the event."""
             print(event)  # noqa: T201
 

diff --git a/tests/unit/event_source/certs/client.crt b/tests/unit/event_source/certs/client.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFYjCCA0oCCQC8NYj101P4FjANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCTkoxEjAQBgNVBAcMCU1vbnR2aWxsZTEQMA4GA1UECgwHUmVk
+IEhhdDESMBAGA1UEAwwJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5iaWxAcmVk
+aGF0LmNvbTAeFw0yNDA1MTMyMDI2MjFaFw0yNTA1MTMyMDI2MjFaMHMxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJOSjESMBAGA1UEBwwJTW9udHZpbGxlMRAwDgYDVQQK
+DAdSZWQgSGF0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHTAbBgkqhkiG9w0BCQEWDmJp
+bEByZWRoYXQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAttFA
+CUzFTm3pw3yocTm4WI91PsJAi9CY7ZiUq78levmK2mk/SnxcFrWRDjj2B33V5Xjn
+amTswfo63pgLqzJoPiTD1EmJWGIGwIZssorqFo+4hrJ6NmtWAS/g5JxilgpuOQwM
+zcJTS1xpfi5IhSTgUFUHmtp4Wzk+gQU/AWH0nBLVnaLJVO0nPAZSaqSlfax5qbZo
+dtfOqjgOXGusBr6bUq8nZzvgI0npQz0QogL8Dqy9AWRjudFwB05h1KH+HUtVGXUM
+1LVXJoeoDibttppenbMOxnf18fB39KmFoGgS+kMl+zjKY9qY4t4Bv0UjWkZNEdTl
+eeHeZRRYBfxUmJE9rI2DKDkBU1zdYTZjKhTDj3kbbRdI8dWCwbVj0xnHsodGLZfF
+TpJE5ywTVU98eXSObfW3zWluGMeoLw6lb1Zwn7voQNzbkyZF8kjXTlZH3O/8rLFy
+tTEx+CqHiWx3sTqzIa3YKe9E6Wsu8Pm7PmhORcikyrYrvkb5KjDhg7v8ddbyoTsC
+l4z65IHfWKx/1NozuDFpaiT6a6NXaIPg/hQR7bIfVywPkosuJGEaxbTpgOWGVCOn
+7PeRA4F82Zm7Eay8BY3yZGvDWtWG/YuxjboebzhaPg4L5R4025yTlHmNYQACiFFu
+H2RYmc05LeCnCCUm6DbsfwKLsDAe3wY5yZOb7dMCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAgEAl/UOaBCkC827ohQwYycPhCtutC5eGMbzQj+YCtz+9gfb7CFdZ7LJiZkg
+Py68Z6eJq3EKCTu7l6VzzQjOY1aFuNT/s9/0yIrptoyQ/Qh5qibGIS7Rt1gPYNPM
+7axIPoxpJXmNrKTAGeN9U6rRWsQyrpFOssSDx6dyDLoUOOg9jnP8fxBjhM//unQK
+LNEfBlEG3Wl3O9CWa2x737U4BpGK1pGVWsPozu4dchuFoMMn21IMhMpipijZYz1b
+x3u1WoiY7cehK43X43oKxJ4Yk2cjTFWu1nmW2yTFF+xUdpUaSixncmaDvhzOMZog
+WhNOFupiJrrIZft2nekK7vqlBWr267kr213TQgYb4Jw/DXp9jBSLnjM2QV/iBAQi
+cPNZjpz9frWJ36cHdrjeGAV5hPgEZPUaFm9TCZxLbTM4kZsLFedeVKvm6Vx2Fvaj
+pD/vsPPhurXUTpOzWEcZQ23Ofp1rXEeYU9b5IIJOjdiN8P5164hdI0DQtVEawC01
+wwSjA41sPx99iKvSHViYggrp7JNIidpBYuGvA/iKiBePLwtXkoos505m3Xs3q5W8
+XLX36Xb/6cIsOTFYq74gOnWD+9GHYmeDo4BlD68yME3XBS3wjOMgDrAtUqNNSqtC
+acXt7QQPHYngi4UaHArEzb0uMwx9y0vzEKwR7R14a0SzXT8CFK8=
+-----END CERTIFICATE-----
diff --git a/tests/unit/event_source/certs/client.key b/tests/unit/event_source/certs/client.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC20UAJTMVObenD
+fKhxObhYj3U+wkCL0JjtmJSrvyV6+YraaT9KfFwWtZEOOPYHfdXleOdqZOzB+jre
+mAurMmg+JMPUSYlYYgbAhmyyiuoWj7iGsno2a1YBL+DknGKWCm45DAzNwlNLXGl+
+LkiFJOBQVQea2nhbOT6BBT8BYfScEtWdoslU7Sc8BlJqpKV9rHmptmh2186qOA5c
+a6wGvptSrydnO+AjSelDPRCiAvwOrL0BZGO50XAHTmHUof4dS1UZdQzUtVcmh6gO
+Ju22ml6dsw7Gd/Xx8Hf0qYWgaBL6QyX7OMpj2pji3gG/RSNaRk0R1OV54d5lFFgF
+/FSYkT2sjYMoOQFTXN1hNmMqFMOPeRttF0jx1YLBtWPTGceyh0Ytl8VOkkTnLBNV
+T3x5dI5t9bfNaW4Yx6gvDqVvVnCfu+hA3NuTJkXySNdOVkfc7/yssXK1MTH4KoeJ
+bHexOrMhrdgp70Tpay7w+bs+aE5FyKTKtiu+RvkqMOGDu/x11vKhOwKXjPrkgd9Y
+rH/U2jO4MWlqJPpro1dog+D+FBHtsh9XLA+Siy4kYRrFtOmA5YZUI6fs95EDgXzZ
+mbsRrLwFjfJka8Na1Yb9i7GNuh5vOFo+DgvlHjTbnJOUeY1hAAKIUW4fZFiZzTkt
+4KcIJSboNux/AouwMB7fBjnJk5vt0wIDAQABAoICAQCDQAl0Y8yHuTuJ4JZh66mg
+0yW+r+F9P357nf6mqy2yczOwCL2qsUu/9gy1JEnmKP6Gp92ksd6UiRz4sDo4Z5EV
+hHmfkEftzzq/wAKL0FWtavN0qPA636a4ZXJVTr0ssUJe7HrIwkngofEO6RWhmU79
+/X3fPBgKjjeEk4qfaH8gChmY+cUHlteDLZq/+4LgjhIuuMmZAOjbpjERQzAXC4Mh
+wqRMZl1NmIPChTXKys/BjVyIglVik62VYT21VbPFvk7TXwieMa7m95+8wVAKuBtT
+prjl3jwRva2xVn+cIPv29nxvN19+fvMidXbVpkJyTmSId8tkTLfI4+kqKvVlL2kR
+oQaFQIuUkEBEA3mCRobTa8VvERUjlfIsa2Nj/IbhyNhAfvOH/IJ4kxH9Ysq+dvRS
+nXJhapfvvSHsPzkYpYieGBZ8f23gFHEqL43XvcjGs32IW3VPyHcpqIGf/FmIX4Bc
+j8uxQYzu/aAtHsU8tE4gH3nSWVnjgR+ixO/2IdIejySQJZ1lAsmJc/vgENcoMVMI
+QNDk1TYI4IePU9tg7RZwCJrxWNdTsTruE63HmmXwIk4mWorf90PbwUUieDb1VJ6C
+enYo+cpKK0ZeBMhMv4ds7EWeRL9klqqA1b+88ryD8Y7Qr/hLhi2eriFA+z0BZB55
+ZAbz4cHVX678xLdZ/66YqQKCAQEA4WJeaGG619wyDJFZbK/KRjxj4kre9WcCNrUs
+weOv+I7+lQjrn6S3PWm87L4o6OW+OP6dcPeCPraPK5a3GIgp7tz83bp1EU7Wrk0o
+x2xpskKfxmIWxYJHLpOCaEPrtgadzSyj3+HIpRLUa2PtpVtStlu2g6bd41p9CJQg
+hTwtxyVMc3tUp+uGjW5y1JwtJaxg3s2tb8bSvQBJrr85c6EFU5O7krn4+6ovUiQi
+Uwa5gdngdc8Cz1r669OiobrcrZQTHx8+uMAD+xk1hsJyTbRyzSPOYo7qAakm+Y0o
+ISf6kx+7u/cCH+1W+gXvz7Q1z4jpV1Ao4RqLH+PemfCi0IbA1QKCAQEAz6ajdi4g
+CBlFCYZlBNl7cEXLNIBtwR+uCCzHXrxs+6n+Ny4830Dta3JRkW5dVVPEZccbIGiP
+P8rwCqNh2mimX55qyQdGoDO+SGXszPDJaEMx2ePI0qUTUcgukmntJ7IaRNBdHxVM
+YpbdfD+FEqdctAye2jeh/ibRvSwfGbH/PqL/1cULeQRacrTPmNVbMUxbyl4HP2VT
+n4OAr1ivLnwZVlRnly0VfvX5pbLzqtnTX9SwcHkBTUqyrtNmQ78rPlNojhtE/uEr
+rTTg9aYWWRpxZl9rayVaclvytI11Dbj8KgCQpH+kmgwSu/T8rLuJ4fdOJnGnLg+c
+Q+71BT1jxU4IBwKCAQEAs2P7ZrOa5uMhhvVNqv+ETUEV83DKY6M4lNjBphWW44zV
+P0RZXrjZDG2T7Q8yOqVaMb0fDWJDba0a6YPNeh4u2itUrRsSwNLydst9ULWOr07u
+IxXBsDUQeRb5rgmZnElJ4pvMV487h4AkSNHBvmKgw/rdm43+gE5uxJw6AjIy8ZZT
+cntQl1MUxo+JoIYqPRkmBVDJ4fTrmXmYLBmSHeGk/q/QlWmmrpD3lzahh1oL3znO
+uZYqU2bD316UzIuRyCrayWOyJZTX1k1rWDZ+ijC9S2BbjgDYarf7CJf8v981R1Lz
+txlUvJrJJroA9V4nkmcT6uYnk3vwDlLtw7NPtA/9fQKCAQEAzs7hKBeiMU6xkl32
+iFDt/pCUZJKwPNKHan7mhXTWegMBPAXh/FvW2dc+Y8BuVkgaZ19YpftdCCTe00mL
+cJIfeUX2hoankXBXSBWzNR1vClc59A9H+HsN9bqQn6O93XYlcXmv9QAqVlp49oDw
+0PY8ftm+8AjOXqhc5bJmuxmq48BFWqtn1LxANNPdmhKMQ1oQZUkmoL4S/eBjrr99
+oadZOMDRdyAgs5TZcWz7/6H4Qg47N5lccZU+xp2m0Tw5HlbF4BpKqiqqbFQo5J7o
+zQ9n95R7EHhgT1tCKw5jkSo2gsKTTDIQRphVpDrH2GTjW1kJzYIOBfLoKER6ZSCS
+GHSxywKCAQAYPsMKRjRPA5ShdDW+SIUyY5WYtH9WCgR9xrlhUhEaHVOJ/FVO1hqF
+diJsUND7ABMO9TUA9er4VCWpdz6V12oGh8Mr7KY226ernUhQhAQbqf2iaLhynqkL
+daqjXpxQjGsqBIJnVsYcC2CJBXP6R4CkHSkfsjMNMiunM/FpwJ0UA9I/N3KouXEX
+7e2r7PBmjjFkrRr5G3cP/RUxNNwmJXxedVroD0wYpXeIvwNhqHJU+5+tY0pqlptV
+4GnfQCnpMB8KKRtVNnvsXMSHbdovlAU970+3NmMgMkzxOhgHb2Ky5ZQEOKBey/v6
+HP3+ilmhvNAtuoqDekUGU7m4Wa16I+Js
+-----END PRIVATE KEY-----
diff --git a/tests/unit/event_source/certs/server.crt b/tests/unit/event_source/certs/server.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5zCCAs+gAwIBAgIUOkpdTMV0IdzzJlJ9YVvuphJeVygwDQYJKoZIhvcNAQEL
+BQAwgYExCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMREwDwYD
+VQQHDAhXZXN0Zm9yZDEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UEAwwIanNoaW1r
+dXMxIjAgBgkqhkiG9w0BCQEWE2pzaGlta3VzQHJlZGhhdC5jb20wIBcNMjQwNDA0
+MjA0NTU0WhgPMjEyNDAzMTEyMDQ1NTRaMIGBMQswCQYDVQQGEwJVUzEWMBQGA1UE
+CAwNTWFzc2FjaHVzZXR0czERMA8GA1UEBwwIV2VzdGZvcmQxEDAOBgNVBAoMB1Jl
+ZCBIYXQxETAPBgNVBAMMCGpzaGlta3VzMSIwIAYJKoZIhvcNAQkBFhNqc2hpbWt1
+c0ByZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRk8
+vHppax+F3naDk+GNf61ubNs1xVSECWj+uHC5fdyp1BuoquiRCtIPZHqBU93rej1O
+D1OpheWkWZiJySPTm/OaK0TWrw3Yiot2cqEaWai75A1a2Yd6tBf5PPhWlSWml6Mv
+D/UNSLANkkYgrbeZTg5keywwp6vBgQjPL7yISDJr1PXw4JQkbsHGzOhXg0LO5fpO
+81+yXI/dzEF1inMGV/tRNUvZ9GYyJDWmLr1wdv1yXpTRq0YmVrOjBU8BVf+5b6bA
+4K/YzjmoCnUmq4dtB4nkgGBDWUEbn47rLarijgRcc0jnrdOu9iiGOZsD/DTC0iC7
+lrlzj/Ghn46slGKVvwIDAQABo1MwUTAdBgNVHQ4EFgQUymbdaUjydYI2ffRtYaeJ
+y7UkPRYwHwYDVR0jBBgwFoAUymbdaUjydYI2ffRtYaeJy7UkPRYwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAKRlzl3+Ga27UVdinzVtQ8Cs292RM
+0Yj9ZvfggAygt0yTzgqk8FxdP1DkQPzR+rH5Ghn3c3rbp3p+stHllT6GcZTYaDdz
+7OW9Ecm5p+oLNX5A7IKy8lipNZt4j10zshP8Kz/EUMx+MG+XKA2OYqwSVrfYEPDi
+P4a2NOI1OpIdW7xqm3hDhXUr/8f8hW6bfRvJV4J8pQWzmQRRsrRECO34/SrNYR/r
+rA3rZGsCQ6APf2sxV5SOhye0frrLkxECBV/SeWyNP++lPuqbUKPkT2Wl5T3SgWuK
+HAO8ucNEria7G7JO88eDBPoOGsypx9vPBkLjVKFEEgUIEASAtV9O9TA27A==
+-----END CERTIFICATE-----
diff --git a/tests/unit/event_source/certs/server.key b/tests/unit/event_source/certs/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCpGTy8emlrH4Xe
+doOT4Y1/rW5s2zXFVIQJaP64cLl93KnUG6iq6JEK0g9keoFT3et6PU4PU6mF5aRZ
+mInJI9Ob85orRNavDdiKi3ZyoRpZqLvkDVrZh3q0F/k8+FaVJaaXoy8P9Q1IsA2S
+RiCtt5lODmR7LDCnq8GBCM8vvIhIMmvU9fDglCRuwcbM6FeDQs7l+k7zX7Jcj93M
+QXWKcwZX+1E1S9n0ZjIkNaYuvXB2/XJelNGrRiZWs6MFTwFV/7lvpsDgr9jOOagK
+dSarh20HieSAYENZQRufjustquKOBFxzSOet0672KIY5mwP8NMLSILuWuXOP8aGf
+jqyUYpW/AgMBAAECggEAJ5op/8g5bSWmT/n4iccuwOKotGTIXI0VGTEWSrLXtlLa
+ETtjDpfF9D9K7JDGPhKAphG6eNtyndGw4mzXhBxYYDM2fYCzOK8o8hWEaYcyaSIb
+0uaPytcwVQIyVGWivW5ibCwDBx0wfcABharX12dix4WWYcRxJquSd3pNL5RbZHDM
+TE8o5dfYrajvoGCpovWor6faoi29UgfayzS/r4FLLTZ/BAHZdr/ZNfwAshlzdyne
+d5IrVfzk7POguaUBShcy1ISEqzfwqgpjc0rWsIxk9wdsDw0XDljJ6MhP6oDP61xN
+WAnaf+ZlIMfYHO3lxXu44G9xYiVoT0FO7JwbOx3G9QKBgQDsvtL1d022qGf96X3j
+rzs9oAhG5A1f3yqhCGME1J8daVicwtEz9eL+NMLgNEnnNiGCqHFgvqHXencWDgec
+ym5L5d0+w7ac/sUvTPGC2Yob5zsO/rvuLX1VXEJSkJS6sPOnmaUnJQLr6pz3ay2d
+ebdLcUgFKCt3i4f4xNkgkRaMwwKBgQC22fehJuV21NwT1tfgNRSkOU1Npy/4tbOM
+hhjRsgAQnr90t1DzdXirr6WiKHu7nTkDIIQMXxlDg0CZyaQQMFMw4YFeKEWZ4ZFR
+ggXwEicfe2Ln6YzyXVzgYZn+EVHcK6/lsHsFXXWzmwlP5Xgr/AxCRxBGHwxwLS7W
+ajDqvQkzVQKBgBmGcYRZup1JBv1PYW1dBUwdpwbNq8t8akI2f0aUDhvDsfQk5R1v
+E2xJEAHQYW92XKKTurWtmBF9eL1+AcAb60xvmi0cOOIwbd4ts5RiFAvyIGH7gROq
+/+pmKhhw0jhWv86AOFhCG1CIWSgr/B0QdHzD1/oGXLlk5+IghzCFtCK1AoGAErDH
+Ei7yp6nscQ619FIYsQy2bSiYy7hvCP8wDEdAoHJJqbmPScOJOSt0J9Yxh6TzjfFF
+7inOYEtLUCz/WzRFXKrAWYqOSsN24jkDOF3yp9Ip8wC5ipCmjL0NS54jmvjQOw9G
+E+9Qt7IySntvRDe4XRH8hN5pnBHSRtKF+4ilJx0CgYB1ZBxKwHYK77LE17J+cMRY
+AFTx47/rX7b173E6W1IkRl/cLHVXv4PHQQ0qgsqkzK/MB9GaK+HIqVuADP6og+Bv
+2/mYwJc8ICh2R+UMUWpRHVbFUV2kESPrWExft6y4Pfu/wCquDlqolyppSDOSEHSu
+m8+3Zu7ZAnPBvXO9Vf309A==
+-----END PRIVATE KEY-----
diff --git a/tests/unit/event_source/test_webhook.py b/tests/unit/event_source/test_webhook.py
@@ -1,4 +1,5 @@
 import asyncio
+import ssl
 from http import HTTPStatus
 
 import aiohttp
@@ -15,7 +16,13 @@ async def post_code(server_task, info):
     url = f'http://{info["host"]}/{info["endpoint"]}'
     payload = info["payload"]
 
-    async with aiohttp.ClientSession() as session:
+    connector = None
+    if "client_certfile" in info:
+        url = f'https://{info["host"]}/{info["endpoint"]}'
+        context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+        context.load_cert_chain(info["client_certfile"], info["client_keyfile"])
+        connector = aiohttp.TCPConnector(ssl=context)
+    async with aiohttp.ClientSession(connector=connector) as session:
         headers = {"Authorization": "Bearer secret"}
         async with session.post(url, json=payload, headers=headers) as resp:
             print(resp.status)
@@ -64,13 +71,22 @@ async def test_cancel():
 async def test_post_endpoint():
     queue = asyncio.Queue()
 
-    args = {"host": "localhost", "port": 8000, "token": "secret"}
+    args = {
+        "host": "localhost",
+        "port": 8000,
+        "token": "secret",
+        "certfile": "./tests/unit/event_source/certs/server.crt",
+        "keyfile": "./tests/unit/event_source/certs/server.key",
+        "cafile": "./tests/unit/event_source/certs/client.crt",
+    }
     plugin_task = asyncio.create_task(start_server(queue, args))
 
     task_info = {
         "payload": {"src_path": "https://example.com/payload"},
         "endpoint": "test",
         "host": f'{args["host"]}:{args["port"]}',
+        "client_certfile": "./tests/unit/event_source/certs/client.crt",
+        "client_keyfile": "./tests/unit/event_source/certs/client.key",
     }
 
     post_task = asyncio.create_task(post_code(plugin_task, task_info))