5 files changed, 186 insertions, 0 deletions
diff --git a/modules/http/test_tls/broken.crt b/modules/http/test_tls/broken.crt
new file mode 100644
index 0000000..d93d1f8
--- /dev/null
+++ b/modules/http/test_tls/broken.crt
@@ -0,0 +1,3 @@
+Æ¿¯ˆž³psâ$Ðëí¯Ö¡«ÆÈ¼[ŒîØ1´Ç	=fl:°Êl=z†=M}iÉ»¤Ñ†÷*7ƒ)ÄÑ5
+ÈóîÒj¨šIÜWÈÀ®·´
+MwÚf[´HïŽíÙÑÅ-Á¯ËìýEÈ¼ë€fû¦Ö
+		2fTKÊqýFÑ¬UÖ	ƒ“(jÀ¤œaà,Õœ¥*²X:lFÌÍ¿£Mî©>ó3Œš
+¬‘áD<^O™qk¥ˆQŽÉý‘ÎºM…gÄ]pUNÉö¥MÝ>ŒŸÂÿº¹á(EI”®µ'ÌGÅ€÷mÕÅ÷Ã:ž3
+º_”!‚ÁÎ’?3Œú$H[„E†¡M¡4èòR¨†ÒA+0w¥ö0ÏÓÁ“%é¸eo¤ašåëØó(öw;¥oÇ¥î¯$—!ZèÀˆr%Äùàü&ßýh;1¾@ˆñý-9((Ób7±á\„UâoÃJÊ`»:Þª€†¼™~ŸdÃŽa•œƒìÜÐƒÇŒEÂœ—PB*l«Î}!q7ü;+QRL‘¢¶vÉÃ»ËQ‡[KãYûXðRà2(¬íùªå7ÀÜ+$ëÃE,óõÛý³IRÄÙï·
+§^4µD ¼_r…,išÁèÁ\ðhÎ¾
+\ No newline at end of file
diff --git a/modules/http/test_tls/broken.key b/modules/http/test_tls/broken.key
new file mode 100644
index 0000000..ebcbfcf
--- /dev/null
+++ b/modules/http/test_tls/broken.key
diff --git a/modules/http/test_tls/test.crt b/modules/http/test_tls/test.crt
new file mode 100644
index 0000000..01c36f8
--- /dev/null
+++ b/modules/http/test_tls/test.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXDCCAQKgAwIBAgIRAONzB6ou1Lh79QSlofsBtBMwCgYIKoZIzj0EAwIwGTEX
+MBUGA1UEAwwOcm9oYW4tcmVzb2x2ZXIwHhcNMTgwNzIzMTA1MjE4WhcNMTgxMDIx
+MTA1MjE4WjAZMRcwFQYDVQQDDA5yb2hhbi1yZXNvbHZlcjBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABJPYWceFJkbjORCrO8aIhMk3Bw2PpTzuPC27O/rjojBjmadO
+vZyFxIKgfYiHp4uMr1z81K+cqq1s/q0+kW+tNaejKzApMBkGA1UdEQQSMBCCDnJv
+aGFuLXJlc29sdmVyMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAL+Z
+IElUAmI0nQdaSRLZw5LCZeC/OIFx9JfaoDzMNkW5AiABXCWYzR+/uyYV7KDucwtW
+LGh/LrjC/FZGK3Drefbu0A==
+-----END CERTIFICATE-----
diff --git a/modules/http/test_tls/test.key b/modules/http/test_tls/test.key
new file mode 100644
index 0000000..1256b5a
--- /dev/null
+++ b/modules/http/test_tls/test.key
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEk9hZx4UmRuM5EKs7xoiEyTcHDY+l
+PO48Lbs7+uOiMGOZp069nIXEgqB9iIeni4yvXPzUr5yqrWz+rT6Rb601pw==
+-----END PUBLIC KEY-----
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtgNJHFS7+jlibs3b
+4NMYVLgZvVgOh5ouMn/ujQrAbouhRANCAAST2FnHhSZG4zkQqzvGiITJNwcNj6U8
+7jwtuzv646IwY5mnTr2chcSCoH2Ih6eLjK9c/NSvnKqtbP6tPpFvrTWn
+-----END PRIVATE KEY-----
diff --git a/modules/http/test_tls/tls.test.lua b/modules/http/test_tls/tls.test.lua
new file mode 100644
index 0000000..9eac382
--- /dev/null
+++ b/modules/http/test_tls/tls.test.lua
@@ -0,0 +1,164 @@
+-- check prerequisites
+local has_http = pcall(require, 'http') and pcall(require, 'http.request')
+if not has_http then
+	pass('skipping http module test because its not installed')
+	done()
+else
+	local request = require('http.request')
+	local openssl_ctx = require('openssl.ssl.context')
+
+	local function setup_module(desc, config)
+		if http then
+			modules.unload('http')
+		end
+		modules.load('http')
+		same(http.config(config), nil, desc .. ' can be configured')
+
+		local server = http.servers[1]
+		ok(server ~= nil, desc .. ' creates server instance')
+		local _, host, port = server:localname()
+		ok(host and port, desc .. ' binds to an interface')
+		return host, port
+	end
+
+	local function http_get(uri)
+		-- disable certificate verification in this test
+		local req = request.new_from_uri(uri)
+		local idxstart = string.find(uri, 'https://')
+		if idxstart == 1 then
+			req.ctx = openssl_ctx.new()
+			assert(req.ctx, 'OpenSSL cert verification must be disabled')
+			req.ctx:setVerify(openssl_ctx.VERIFY_NONE)
+		end
+
+		local headers = assert(req:go())
+		return tonumber(headers:get(':status'))
+	end
+
+	-- test whether http interface responds and binds
+	local function check_protocol(uri, description, ok_expected)
+		if ok_expected then
+			local code = http_get(uri)
+			same(code, 200, description)
+		else
+			boom(http_get, {uri}, description)
+		end
+	end
+
+	local function test_defaults()
+		local host, port = setup_module('HTTP module default config', {})
+
+		local uri = string.format('http://%s:%d', host, port)
+		check_protocol(uri, 'HTTP is enabled by default', true)
+		uri = string.format('https://%s:%d', host, port)
+		check_protocol(uri, 'HTTPS is enabled by default', true)
+
+		modules.unload('http')
+		uri = string.format('http://%s:%d', host, port)
+		check_protocol(uri, 'HTTP stops working after module unload', false)
+		uri = string.format('https://%s:%d', host, port)
+		check_protocol(uri, 'HTTPS stops working after module unload', false)
+
+	end
+
+	local function test_http_only()
+		local desc = 'HTTP-only config'
+		local host, port = setup_module(desc,
+			{
+				port = 0, -- Select random port
+				tls = false,
+			})
+
+		local uri = string.format('http://%s:%d', host, port)
+		check_protocol(uri, 'HTTP works in ' .. desc, true)
+		uri = string.format('https://%s:%d', host, port)
+		check_protocol(uri, 'HTTPS does not work in ' .. desc, false)
+	end
+
+	local function test_https_only()
+		local desc = 'HTTPS-only config'
+		local host, port = setup_module(desc,
+			{
+				port = 0, -- Select random port
+				tls = true,
+			})
+
+		local uri = string.format('http://%s:%d', host, port)
+		check_protocol(uri, 'HTTP does not work in ' .. desc, false)
+		uri = string.format('https://%s:%d', host, port)
+		check_protocol(uri, 'HTTPS works in ' .. desc, true)
+	end
+
+	local function test_custom_cert()
+		desc = 'config with custom certificate'
+		local host, port = setup_module(desc, {{
+				host = host,
+				port = port,
+				cert = 'test.crt',
+				key = 'test.key'
+			}})
+
+		uri = string.format('https://%s:%d', host, port)
+		check_protocol(uri, 'HTTPS works for ' .. desc, true)
+	end
+
+	local function test_nonexistent_cert()
+		desc = 'config with non-existing certificate file'
+		boom(http.config, {{
+				port = 0,
+				cert = '/tmp/surely_nonexistent_cert_1532432095',
+				key = 'test.key'
+			}}, desc)
+	end
+
+	local function test_nonexistent_key()
+		desc = 'config with non-existing key file'
+		boom(http.config, {{
+				port = 0,
+				cert = 'test.crt',
+				key = '/tmp/surely_nonexistent_cert_1532432095'
+			}}, desc)
+	end
+
+	local function test_missing_key_param()
+		desc = 'config with missing key= param'
+		boom(http.config, {{
+				port = 0,
+				cert = 'test.crt'
+			}}, desc)
+	end
+
+	local function test_broken_cert()
+		desc = 'config with broken file in cert= param'
+		boom(http.config, {{
+				port = 0,
+				cert = 'broken.crt',
+				key = 'test.key'
+			}}, desc)
+	end
+
+	local function test_broken_key()
+		desc = 'config with broken file in key= param'
+		boom(http.config, {{
+				port = 0,
+				cert = 'test.crt',
+				key = 'broken.key'
+			}}, desc)
+	end
+
+
+	-- plan tests
+	local tests = {
+		test_defaults,
+		test_http_only,
+		test_https_only,
+		test_custom_cert,
+		test_nonexistent_cert,
+		test_nonexistent_key,
+		test_missing_key_param,
+		test_broken_cert,
+		test_broken_key
+	}
+
+	return tests
+end