Mercurial > hg > nginx-tests
annotate quic_retry.t @ 1934:4d13c9e74d04
Tests: added ability to setup QUIC TLS named group.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 22 Aug 2023 14:29:16 +0400 |
parents | 161dc73812b3 |
children | 24482e311749 |
rev | line source |
---|---|
1915
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for QUIC address validation. |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::HTTP3; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has_daemon('openssl')->plan(7) |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->write_file_expand('nginx.conf', <<'EOF'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 %%TEST_GLOBALS%% |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 daemon off; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 events { |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 } |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 http { |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 %%TEST_GLOBALS_HTTP%% |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ssl_certificate_key localhost.key; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 ssl_certificate localhost.crt; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 quic_retry on; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server { |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 listen 127.0.0.1:%%PORT_8980_UDP%% quic; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server_name localhost; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 location / { } |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 } |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 } |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 EOF |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 $t->write_file('openssl.conf', <<EOF); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 [ req ] |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 default_bits = 2048 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 encrypt_key = no |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 distinguished_name = req_distinguished_name |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 [ req_distinguished_name ] |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 EOF |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 my $d = $t->testdir(); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 foreach my $name ('localhost') { |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 system('openssl req -x509 -new ' |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 . "-config $d/openssl.conf -subj /CN=$name/ " |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 . "-out $d/$name.crt -keyout $d/$name.key " |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 . ">>$d/openssl.out 2>&1") == 0 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 or die "Can't create certificate for $name: $!\n"; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 $t->run(); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ############################################################################### |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 my ($s, $sid, $frames, $frame); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 $s = Test::Nginx::HTTP3->new(8980); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 $sid = $s->new_stream(); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 $frames = $s->read(all => [{ sid => $sid, fin => 1 }, { type => 'NEW_TOKEN' }]); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 is($frame->{headers}->{':status'}, 403, 'retry success'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 is(unpack("H*", $s->retry_tag()), unpack("H*", $s->retry_verify_tag()), |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 'retry integrity tag'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 ($frame) = grep { $_->{type} eq "NEW_TOKEN" } @$frames; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 ok(my $new_token = $frame->{token}, 'new token received'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ok(my $retry_token = $s->retry_token(), 'retry token received'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 # connection with new token |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 $s = Test::Nginx::HTTP3->new(8980, token => $new_token); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $sid = $s->new_stream(); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 $frames = $s->read(all => [{ sid => $sid, fin => 1 }]); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 is($frame->{headers}->{':status'}, 403, 'new token success'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 # connection with retry token, port won't match |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 $s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 $frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 is($frame->{error}, 11, 'retry token invalid'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 # connection with retry token, corrupted |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
1919
161dc73812b3
Tests: keep QUIC TODOs for a while.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1915
diff
changeset
|
111 TODO: { |
161dc73812b3
Tests: keep QUIC TODOs for a while.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1915
diff
changeset
|
112 local $TODO = 'not yet' unless $t->has_version('1.25.2'); |
161dc73812b3
Tests: keep QUIC TODOs for a while.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1915
diff
changeset
|
113 |
1915
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 substr($retry_token, 32) ^= "\xff"; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 $s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 $frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 ($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 is($frame->{error}, 11, 'retry token decrypt error'); |
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
1919
161dc73812b3
Tests: keep QUIC TODOs for a while.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1915
diff
changeset
|
121 } |
161dc73812b3
Tests: keep QUIC TODOs for a while.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1915
diff
changeset
|
122 |
1915
15131dd931a0
Tests: QUIC address validation tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 ############################################################################### |