diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
commit | 3d0386f27ca66379acf50199e1d1298386eeeeb8 (patch) | |
tree | f87bd4a126b3a843858eb447e8fd5893c3ee3882 /modules/http/test_tls | |
parent | Initial commit. (diff) | |
download | knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.tar.xz knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.zip |
Adding upstream version 3.2.1.upstream/3.2.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/http/test_tls')
-rw-r--r-- | modules/http/test_tls/broken.crt | 3 | ||||
-rw-r--r-- | modules/http/test_tls/broken.key | bin | 0 -> 512 bytes | |||
-rw-r--r-- | modules/http/test_tls/test.crt | 10 | ||||
-rw-r--r-- | modules/http/test_tls/test.key | 9 | ||||
-rw-r--r-- | modules/http/test_tls/tls.test.lua | 164 |
5 files changed, 186 insertions, 0 deletions
diff --git a/modules/http/test_tls/broken.crt b/modules/http/test_tls/broken.crt new file mode 100644 index 0000000..d93d1f8 --- /dev/null +++ b/modules/http/test_tls/broken.crt @@ -0,0 +1,3 @@ +ƿps$֡ȼ[1 =fl:l=z=M}iɻѭ*7)5 +jIW
Mwf[H-Eȼf
2fTKqFU (ja,՜*X:lFͿM>3 +D<^OqkQκMg]pUNMݝ>(EI'Gŀm:3
_!Β?3$H[EM4RA+0w0%eoa(w;oǥ$!Zr%&h;1@-9((b7\UoJ`:ު~dÎaЃEPB*l}!q7;+QRLvQ[KYXR2(7+$E,IR
^4D_r,i\hξ
\ No newline at end of file diff --git a/modules/http/test_tls/broken.key b/modules/http/test_tls/broken.key Binary files differnew file mode 100644 index 0000000..ebcbfcf --- /dev/null +++ b/modules/http/test_tls/broken.key diff --git a/modules/http/test_tls/test.crt b/modules/http/test_tls/test.crt new file mode 100644 index 0000000..01c36f8 --- /dev/null +++ b/modules/http/test_tls/test.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBXDCCAQKgAwIBAgIRAONzB6ou1Lh79QSlofsBtBMwCgYIKoZIzj0EAwIwGTEX +MBUGA1UEAwwOcm9oYW4tcmVzb2x2ZXIwHhcNMTgwNzIzMTA1MjE4WhcNMTgxMDIx +MTA1MjE4WjAZMRcwFQYDVQQDDA5yb2hhbi1yZXNvbHZlcjBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABJPYWceFJkbjORCrO8aIhMk3Bw2PpTzuPC27O/rjojBjmadO +vZyFxIKgfYiHp4uMr1z81K+cqq1s/q0+kW+tNaejKzApMBkGA1UdEQQSMBCCDnJv +aGFuLXJlc29sdmVyMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAL+Z +IElUAmI0nQdaSRLZw5LCZeC/OIFx9JfaoDzMNkW5AiABXCWYzR+/uyYV7KDucwtW +LGh/LrjC/FZGK3Drefbu0A== +-----END CERTIFICATE----- diff --git a/modules/http/test_tls/test.key b/modules/http/test_tls/test.key new file mode 100644 index 0000000..1256b5a --- /dev/null +++ b/modules/http/test_tls/test.key @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEk9hZx4UmRuM5EKs7xoiEyTcHDY+l +PO48Lbs7+uOiMGOZp069nIXEgqB9iIeni4yvXPzUr5yqrWz+rT6Rb601pw== +-----END PUBLIC KEY----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtgNJHFS7+jlibs3b +4NMYVLgZvVgOh5ouMn/ujQrAbouhRANCAAST2FnHhSZG4zkQqzvGiITJNwcNj6U8 +7jwtuzv646IwY5mnTr2chcSCoH2Ih6eLjK9c/NSvnKqtbP6tPpFvrTWn +-----END PRIVATE KEY----- diff --git a/modules/http/test_tls/tls.test.lua b/modules/http/test_tls/tls.test.lua new file mode 100644 index 0000000..9eac382 --- /dev/null +++ b/modules/http/test_tls/tls.test.lua @@ -0,0 +1,164 @@ +-- check prerequisites +local has_http = pcall(require, 'http') and pcall(require, 'http.request') +if not has_http then + pass('skipping http module test because its not installed') + done() +else + local request = require('http.request') + local openssl_ctx = require('openssl.ssl.context') + + local function setup_module(desc, config) + if http then + modules.unload('http') + end + modules.load('http') + same(http.config(config), nil, desc .. ' can be configured') + + local server = http.servers[1] + ok(server ~= nil, desc .. ' creates server instance') + local _, host, port = server:localname() + ok(host and port, desc .. ' binds to an interface') + return host, port + end + + local function http_get(uri) + -- disable certificate verification in this test + local req = request.new_from_uri(uri) + local idxstart = string.find(uri, 'https://') + if idxstart == 1 then + req.ctx = openssl_ctx.new() + assert(req.ctx, 'OpenSSL cert verification must be disabled') + req.ctx:setVerify(openssl_ctx.VERIFY_NONE) + end + + local headers = assert(req:go()) + return tonumber(headers:get(':status')) + end + + -- test whether http interface responds and binds + local function check_protocol(uri, description, ok_expected) + if ok_expected then + local code = http_get(uri) + same(code, 200, description) + else + boom(http_get, {uri}, description) + end + end + + local function test_defaults() + local host, port = setup_module('HTTP module default config', {}) + + local uri = string.format('http://%s:%d', host, port) + check_protocol(uri, 'HTTP is enabled by default', true) + uri = string.format('https://%s:%d', host, port) + check_protocol(uri, 'HTTPS is enabled by default', true) + + modules.unload('http') + uri = string.format('http://%s:%d', host, port) + check_protocol(uri, 'HTTP stops working after module unload', false) + uri = string.format('https://%s:%d', host, port) + check_protocol(uri, 'HTTPS stops working after module unload', false) + + end + + local function test_http_only() + local desc = 'HTTP-only config' + local host, port = setup_module(desc, + { + port = 0, -- Select random port + tls = false, + }) + + local uri = string.format('http://%s:%d', host, port) + check_protocol(uri, 'HTTP works in ' .. desc, true) + uri = string.format('https://%s:%d', host, port) + check_protocol(uri, 'HTTPS does not work in ' .. desc, false) + end + + local function test_https_only() + local desc = 'HTTPS-only config' + local host, port = setup_module(desc, + { + port = 0, -- Select random port + tls = true, + }) + + local uri = string.format('http://%s:%d', host, port) + check_protocol(uri, 'HTTP does not work in ' .. desc, false) + uri = string.format('https://%s:%d', host, port) + check_protocol(uri, 'HTTPS works in ' .. desc, true) + end + + local function test_custom_cert() + desc = 'config with custom certificate' + local host, port = setup_module(desc, {{ + host = host, + port = port, + cert = 'test.crt', + key = 'test.key' + }}) + + uri = string.format('https://%s:%d', host, port) + check_protocol(uri, 'HTTPS works for ' .. desc, true) + end + + local function test_nonexistent_cert() + desc = 'config with non-existing certificate file' + boom(http.config, {{ + port = 0, + cert = '/tmp/surely_nonexistent_cert_1532432095', + key = 'test.key' + }}, desc) + end + + local function test_nonexistent_key() + desc = 'config with non-existing key file' + boom(http.config, {{ + port = 0, + cert = 'test.crt', + key = '/tmp/surely_nonexistent_cert_1532432095' + }}, desc) + end + + local function test_missing_key_param() + desc = 'config with missing key= param' + boom(http.config, {{ + port = 0, + cert = 'test.crt' + }}, desc) + end + + local function test_broken_cert() + desc = 'config with broken file in cert= param' + boom(http.config, {{ + port = 0, + cert = 'broken.crt', + key = 'test.key' + }}, desc) + end + + local function test_broken_key() + desc = 'config with broken file in key= param' + boom(http.config, {{ + port = 0, + cert = 'test.crt', + key = 'broken.key' + }}, desc) + end + + + -- plan tests + local tests = { + test_defaults, + test_http_only, + test_https_only, + test_custom_cert, + test_nonexistent_cert, + test_nonexistent_key, + test_missing_key_param, + test_broken_cert, + test_broken_key + } + + return tests +end |