Mercurial > hg > nginx-tests
comparison js_fetch_verify.t @ 1755:ae8e68cb2231
Tests: added js fetch verify tests.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 28 Apr 2022 16:38:01 +0400 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
1754:f1a097719877 | 1755:ae8e68cb2231 |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Tests for http njs module, fetch method, backend certificate verification. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
25 my $t = Test::Nginx->new()->has(qw/http http_ssl/) | |
26 ->write_file_expand('nginx.conf', <<'EOF'); | |
27 | |
28 %%TEST_GLOBALS%% | |
29 | |
30 daemon off; | |
31 | |
32 events { | |
33 } | |
34 | |
35 http { | |
36 %%TEST_GLOBALS_HTTP%% | |
37 | |
38 js_import test.js; | |
39 | |
40 server { | |
41 listen 127.0.0.1:8080; | |
42 server_name localhost; | |
43 | |
44 resolver 127.0.0.1:%%PORT_8981_UDP%%; | |
45 resolver_timeout 1s; | |
46 | |
47 location /njs { | |
48 js_content test.njs; | |
49 } | |
50 | |
51 location /https { | |
52 js_content test.https; | |
53 } | |
54 | |
55 location /https.verify_off { | |
56 js_content test.https; | |
57 js_fetch_verify off; | |
58 } | |
59 } | |
60 | |
61 server { | |
62 listen 127.0.0.1:8081 ssl; | |
63 server_name localhost; | |
64 | |
65 ssl_certificate localhost.crt; | |
66 ssl_certificate_key localhost.key; | |
67 } | |
68 } | |
69 | |
70 EOF | |
71 | |
72 my $p1 = port(8081); | |
73 | |
74 $t->write_file('test.js', <<EOF); | |
75 function test_njs(r) { | |
76 r.return(200, njs.version); | |
77 } | |
78 | |
79 function https(r) { | |
80 ngx.fetch(`https://example.com:$p1/loc`) | |
81 .then(reply => reply.text()) | |
82 .then(body => r.return(200, body)) | |
83 .catch(e => r.return(501, e.message)); | |
84 } | |
85 | |
86 export default {njs: test_njs, https}; | |
87 EOF | |
88 | |
89 $t->write_file('openssl.conf', <<EOF); | |
90 [ req ] | |
91 default_bits = 2048 | |
92 encrypt_key = no | |
93 distinguished_name = req_distinguished_name | |
94 [ req_distinguished_name ] | |
95 EOF | |
96 | |
97 my $d = $t->testdir(); | |
98 | |
99 foreach my $name ('localhost') { | |
100 system('openssl req -x509 -new ' | |
101 . "-config $d/openssl.conf -subj /CN=$name/ " | |
102 . "-out $d/$name.crt -keyout $d/$name.key " | |
103 . ">>$d/openssl.out 2>&1") == 0 | |
104 or die "Can't create certificate for $name: $!\n"; | |
105 } | |
106 | |
107 $t->try_run('no js_fetch_verify')->plan(2); | |
108 | |
109 $t->run_daemon(\&dns_daemon, port(8981), $t); | |
110 $t->waitforfile($t->testdir . '/' . port(8981)); | |
111 | |
112 ############################################################################### | |
113 | |
114 like(http_get('/https'), qr/connect failed/, 'fetch verify error'); | |
115 like(http_get('/https.verify_off'), qr/200 OK/, 'fetch verify off'); | |
116 | |
117 ############################################################################### | |
118 | |
119 sub reply_handler { | |
120 my ($recv_data, $port, %extra) = @_; | |
121 | |
122 my (@name, @rdata); | |
123 | |
124 use constant NOERROR => 0; | |
125 use constant A => 1; | |
126 use constant IN => 1; | |
127 | |
128 # default values | |
129 | |
130 my ($hdr, $rcode, $ttl) = (0x8180, NOERROR, 3600); | |
131 | |
132 # decode name | |
133 | |
134 my ($len, $offset) = (undef, 12); | |
135 while (1) { | |
136 $len = unpack("\@$offset C", $recv_data); | |
137 last if $len == 0; | |
138 $offset++; | |
139 push @name, unpack("\@$offset A$len", $recv_data); | |
140 $offset += $len; | |
141 } | |
142 | |
143 $offset -= 1; | |
144 my ($id, $type, $class) = unpack("n x$offset n2", $recv_data); | |
145 | |
146 my $name = join('.', @name); | |
147 | |
148 if ($type == A) { | |
149 push @rdata, rd_addr($ttl, '127.0.0.1'); | |
150 } | |
151 | |
152 $len = @name; | |
153 pack("n6 (C/a*)$len x n2", $id, $hdr | $rcode, 1, scalar @rdata, | |
154 0, 0, @name, $type, $class) . join('', @rdata); | |
155 } | |
156 | |
157 sub rd_addr { | |
158 my ($ttl, $addr) = @_; | |
159 | |
160 my $code = 'split(/\./, $addr)'; | |
161 | |
162 return pack 'n3N', 0xc00c, A, IN, $ttl if $addr eq ''; | |
163 | |
164 pack 'n3N nC4', 0xc00c, A, IN, $ttl, eval "scalar $code", eval($code); | |
165 } | |
166 | |
167 sub dns_daemon { | |
168 my ($port, $t) = @_; | |
169 | |
170 my ($data, $recv_data); | |
171 my $socket = IO::Socket::INET->new( | |
172 LocalAddr => '127.0.0.1', | |
173 LocalPort => $port, | |
174 Proto => 'udp', | |
175 ) | |
176 or die "Can't create listening socket: $!\n"; | |
177 | |
178 local $SIG{PIPE} = 'IGNORE'; | |
179 | |
180 # signal we are ready | |
181 | |
182 open my $fh, '>', $t->testdir() . '/' . $port; | |
183 close $fh; | |
184 | |
185 while (1) { | |
186 $socket->recv($recv_data, 65536); | |
187 $data = reply_handler($recv_data, $port); | |
188 $socket->send($data); | |
189 } | |
190 } | |
191 | |
192 ############################################################################### |