From 8704bc3b5b11ffa9fc0dc2ff6d6da155245dd22b Mon Sep 17 00:00:00 2001
From: Joachim Bauch <bauch@struktur.de>
Date: Fri, 8 Jul 2022 10:06:15 +0200
Subject: [PATCH] Make sure replaced files have different modification times.

Depending on filesystem time resolution, the modified certificates could
have the same timestamp in tests, causing the reload to fail.
---
 grpc_common_test.go | 30 ++++++++++++++++++++++++++++++
 grpc_server_test.go |  4 ++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/grpc_common_test.go b/grpc_common_test.go
index 038859b..a525b49 100644
--- a/grpc_common_test.go
+++ b/grpc_common_test.go
@@ -27,6 +27,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"io/fs"
 	"math/big"
 	"net"
 	"os"
@@ -86,3 +87,32 @@ func WritePublicKey(key *rsa.PublicKey, filename string) error {
 
 	return os.WriteFile(filename, data, 0755)
 }
+
+func replaceFile(t *testing.T, filename string, data []byte, perm fs.FileMode) {
+	t.Helper()
+	oldStat, err := os.Stat(filename)
+	if err != nil {
+		t.Fatalf("can't stat old file %s: %s", filename, err)
+		return
+	}
+
+	for {
+		if err := os.WriteFile(filename, data, perm); err != nil {
+			t.Fatalf("can't write file %s: %s", filename, err)
+			return
+		}
+
+		newStat, err := os.Stat(filename)
+		if err != nil {
+			t.Fatalf("can't stat new file %s: %s", filename, err)
+			return
+		}
+
+		// We need different modification times.
+		if !newStat.ModTime().Equal(oldStat.ModTime()) {
+			break
+		}
+
+		time.Sleep(time.Millisecond)
+	}
+}
diff --git a/grpc_server_test.go b/grpc_server_test.go
index 4ce17a4..4c4abed 100644
--- a/grpc_server_test.go
+++ b/grpc_server_test.go
@@ -126,7 +126,7 @@ func Test_GrpcServer_ReloadCerts(t *testing.T) {
 
 	org2 := "Updated certificate"
 	cert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, key)
-	os.WriteFile(certFile, cert2, 0755) // nolint
+	replaceFile(t, certFile, cert2, 0755)
 
 	cp2 := x509.NewCertPool()
 	if !cp2.AppendCertsFromPEM(cert2) {
@@ -215,7 +215,7 @@ func Test_GrpcServer_ReloadCA(t *testing.T) {
 
 	org2 := "Updated client"
 	clientCert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, clientKey)
-	os.WriteFile(caFile, clientCert2, 0755) // nolint
+	replaceFile(t, caFile, clientCert2, 0755)
 
 	pair2, err := tls.X509KeyPair(clientCert2, pem.EncodeToMemory(&pem.Block{
 		Type:  "RSA PRIVATE KEY",