fix(pia): load custom PIA certificate for API

internal/provider/privateinternetaccess/httpclient_test.go

@@ -2,6 +2,8 @@ package privateinternetaccess
 
 import (
 	"crypto/tls"
+	"crypto/x509/pkix"
+	"encoding/asn1"
 	"net/http"
 	"testing"
 
@@ -21,11 +23,29 @@ func Test_newHTTPClient(t *testing.T) {
 		ServerName: serverName,
 	}
 
-	piaClient := newHTTPClient(serverName)
+	piaClient, err := newHTTPClient(serverName)
+	require.NoError(t, err)
 
 	// Verify pia transport TLS config is set
 	piaTransport, ok := piaClient.Transport.(*http.Transport)
 	require.True(t, ok)
+
+	subjects := piaTransport.TLSClientConfig.RootCAs.Subjects()
+	assert.NotEmpty(t, subjects)
+	piaCertFound := false
+	for _, subject := range subjects {
+		var rdnSequence pkix.RDNSequence
+		_, err := asn1.Unmarshal(subject, &rdnSequence)
+		require.NoError(t, err)
+		var name pkix.Name
+		name.FillFromRDNSequence(&rdnSequence)
+		if name.CommonName == "Private Internet Access" {
+			piaCertFound = true
+			break
+		}
+	}
+	assert.True(t, piaCertFound)
+
 	piaTransport.TLSClientConfig.RootCAs = nil
 	assert.Equal(t, expectedPIATransportTLSConfig, piaTransport.TLSClientConfig)
 }