Mercurial > hg > nginx-tests
comparison js_fetch_verify.t @ 1755:ae8e68cb2231
Tests: added js fetch verify tests.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 28 Apr 2022 16:38:01 +0400 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1754:f1a097719877 | 1755:ae8e68cb2231 |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 | |
| 3 # (C) Sergey Kandaurov | |
| 4 # (C) Nginx, Inc. | |
| 5 | |
| 6 # Tests for http njs module, fetch method, backend certificate verification. | |
| 7 | |
| 8 ############################################################################### | |
| 9 | |
| 10 use warnings; | |
| 11 use strict; | |
| 12 | |
| 13 use Test::More; | |
| 14 | |
| 15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
| 16 | |
| 17 use lib 'lib'; | |
| 18 use Test::Nginx; | |
| 19 | |
| 20 ############################################################################### | |
| 21 | |
| 22 select STDERR; $| = 1; | |
| 23 select STDOUT; $| = 1; | |
| 24 | |
| 25 my $t = Test::Nginx->new()->has(qw/http http_ssl/) | |
| 26 ->write_file_expand('nginx.conf', <<'EOF'); | |
| 27 | |
| 28 %%TEST_GLOBALS%% | |
| 29 | |
| 30 daemon off; | |
| 31 | |
| 32 events { | |
| 33 } | |
| 34 | |
| 35 http { | |
| 36 %%TEST_GLOBALS_HTTP%% | |
| 37 | |
| 38 js_import test.js; | |
| 39 | |
| 40 server { | |
| 41 listen 127.0.0.1:8080; | |
| 42 server_name localhost; | |
| 43 | |
| 44 resolver 127.0.0.1:%%PORT_8981_UDP%%; | |
| 45 resolver_timeout 1s; | |
| 46 | |
| 47 location /njs { | |
| 48 js_content test.njs; | |
| 49 } | |
| 50 | |
| 51 location /https { | |
| 52 js_content test.https; | |
| 53 } | |
| 54 | |
| 55 location /https.verify_off { | |
| 56 js_content test.https; | |
| 57 js_fetch_verify off; | |
| 58 } | |
| 59 } | |
| 60 | |
| 61 server { | |
| 62 listen 127.0.0.1:8081 ssl; | |
| 63 server_name localhost; | |
| 64 | |
| 65 ssl_certificate localhost.crt; | |
| 66 ssl_certificate_key localhost.key; | |
| 67 } | |
| 68 } | |
| 69 | |
| 70 EOF | |
| 71 | |
| 72 my $p1 = port(8081); | |
| 73 | |
| 74 $t->write_file('test.js', <<EOF); | |
| 75 function test_njs(r) { | |
| 76 r.return(200, njs.version); | |
| 77 } | |
| 78 | |
| 79 function https(r) { | |
| 80 ngx.fetch(`https://example.com:$p1/loc`) | |
| 81 .then(reply => reply.text()) | |
| 82 .then(body => r.return(200, body)) | |
| 83 .catch(e => r.return(501, e.message)); | |
| 84 } | |
| 85 | |
| 86 export default {njs: test_njs, https}; | |
| 87 EOF | |
| 88 | |
| 89 $t->write_file('openssl.conf', <<EOF); | |
| 90 [ req ] | |
| 91 default_bits = 2048 | |
| 92 encrypt_key = no | |
| 93 distinguished_name = req_distinguished_name | |
| 94 [ req_distinguished_name ] | |
| 95 EOF | |
| 96 | |
| 97 my $d = $t->testdir(); | |
| 98 | |
| 99 foreach my $name ('localhost') { | |
| 100 system('openssl req -x509 -new ' | |
| 101 . "-config $d/openssl.conf -subj /CN=$name/ " | |
| 102 . "-out $d/$name.crt -keyout $d/$name.key " | |
| 103 . ">>$d/openssl.out 2>&1") == 0 | |
| 104 or die "Can't create certificate for $name: $!\n"; | |
| 105 } | |
| 106 | |
| 107 $t->try_run('no js_fetch_verify')->plan(2); | |
| 108 | |
| 109 $t->run_daemon(\&dns_daemon, port(8981), $t); | |
| 110 $t->waitforfile($t->testdir . '/' . port(8981)); | |
| 111 | |
| 112 ############################################################################### | |
| 113 | |
| 114 like(http_get('/https'), qr/connect failed/, 'fetch verify error'); | |
| 115 like(http_get('/https.verify_off'), qr/200 OK/, 'fetch verify off'); | |
| 116 | |
| 117 ############################################################################### | |
| 118 | |
| 119 sub reply_handler { | |
| 120 my ($recv_data, $port, %extra) = @_; | |
| 121 | |
| 122 my (@name, @rdata); | |
| 123 | |
| 124 use constant NOERROR => 0; | |
| 125 use constant A => 1; | |
| 126 use constant IN => 1; | |
| 127 | |
| 128 # default values | |
| 129 | |
| 130 my ($hdr, $rcode, $ttl) = (0x8180, NOERROR, 3600); | |
| 131 | |
| 132 # decode name | |
| 133 | |
| 134 my ($len, $offset) = (undef, 12); | |
| 135 while (1) { | |
| 136 $len = unpack("\@$offset C", $recv_data); | |
| 137 last if $len == 0; | |
| 138 $offset++; | |
| 139 push @name, unpack("\@$offset A$len", $recv_data); | |
| 140 $offset += $len; | |
| 141 } | |
| 142 | |
| 143 $offset -= 1; | |
| 144 my ($id, $type, $class) = unpack("n x$offset n2", $recv_data); | |
| 145 | |
| 146 my $name = join('.', @name); | |
| 147 | |
| 148 if ($type == A) { | |
| 149 push @rdata, rd_addr($ttl, '127.0.0.1'); | |
| 150 } | |
| 151 | |
| 152 $len = @name; | |
| 153 pack("n6 (C/a*)$len x n2", $id, $hdr | $rcode, 1, scalar @rdata, | |
| 154 0, 0, @name, $type, $class) . join('', @rdata); | |
| 155 } | |
| 156 | |
| 157 sub rd_addr { | |
| 158 my ($ttl, $addr) = @_; | |
| 159 | |
| 160 my $code = 'split(/\./, $addr)'; | |
| 161 | |
| 162 return pack 'n3N', 0xc00c, A, IN, $ttl if $addr eq ''; | |
| 163 | |
| 164 pack 'n3N nC4', 0xc00c, A, IN, $ttl, eval "scalar $code", eval($code); | |
| 165 } | |
| 166 | |
| 167 sub dns_daemon { | |
| 168 my ($port, $t) = @_; | |
| 169 | |
| 170 my ($data, $recv_data); | |
| 171 my $socket = IO::Socket::INET->new( | |
| 172 LocalAddr => '127.0.0.1', | |
| 173 LocalPort => $port, | |
| 174 Proto => 'udp', | |
| 175 ) | |
| 176 or die "Can't create listening socket: $!\n"; | |
| 177 | |
| 178 local $SIG{PIPE} = 'IGNORE'; | |
| 179 | |
| 180 # signal we are ready | |
| 181 | |
| 182 open my $fh, '>', $t->testdir() . '/' . $port; | |
| 183 close $fh; | |
| 184 | |
| 185 while (1) { | |
| 186 $socket->recv($recv_data, 65536); | |
| 187 $data = reply_handler($recv_data, $port); | |
| 188 $socket->send($data); | |
| 189 } | |
| 190 } | |
| 191 | |
| 192 ############################################################################### |