summaryrefslogtreecommitdiffstats
path: root/debian/perl-framework/t/ssl/varlookup.t
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/perl-framework/t/ssl/varlookup.t266
1 files changed, 266 insertions, 0 deletions
diff --git a/debian/perl-framework/t/ssl/varlookup.t b/debian/perl-framework/t/ssl/varlookup.t
new file mode 100644
index 0000000..e00a143
--- /dev/null
+++ b/debian/perl-framework/t/ssl/varlookup.t
@@ -0,0 +1,266 @@
+use strict;
+use warnings FATAL => 'all';
+
+use Apache::Test;
+use Apache::TestRequest;
+use Apache::TestUtil;
+use Apache::TestSSLCA qw(dn dn_oneline);
+
+unless (have_lwp) {
+ # bail out early, since the parser below relies on $LWP::VERSION
+ plan tests => 0, need_lwp;
+}
+
+use Time::localtime;
+
+my $config = Apache::Test::config();
+my $vars = Apache::Test::vars();
+my $server = $config->server;
+my $time = localtime();
+
+(my $mmn = $config->{httpd_info}->{MODULE_MAGIC_NUMBER}) =~ s/:\d+$//;
+
+#Apache::TestRequest::scheme('https');
+local $vars->{scheme} = 'https';
+my $port = $config->port;
+my $rfc2253 = have_min_apache_version('2.3.11');
+
+my $url = '/test_ssl_var_lookup';
+my(%lookup, @vars);
+
+my %client_dn = dn('client_ok');
+
+my $client_dn = dn_oneline(\%client_dn, $rfc2253);
+
+my %client_i_dn = dn('ca');
+
+my $client_i_dn = dn_oneline(\%client_i_dn, $rfc2253);
+
+my %server_dn = dn('server');
+
+my $dgst = Apache::TestSSLCA::dgst();
+
+my $email_field = Apache::TestSSLCA::email_field();
+
+my $san_email = "$client_dn{$email_field}";
+
+my $san_dns = "$server_dn{CN}";
+
+my $san_msupn = $san_email;
+
+my $san_dnssrv = "_https.$server_dn{CN}";
+
+if (not have_min_apache_version('2.4.13')) {
+ $san_email = $san_dns = "NULL";
+}
+
+if (not have_min_apache_version('2.4.17') or
+ Apache::Test::normalize_vstring(Apache::TestSSLCA::version()) <
+ Apache::Test::normalize_vstring("0.9.8")) {
+ $san_msupn = $san_dnssrv = "NULL";
+}
+
+# YYY will be turned into a pattern match: httpd-test/([-\w]+)
+# so we can test with different server keys/certs
+$server_dn{OU} = 'httpd-test/YYY';
+$server_dn{CN} = $vars->{servername};
+
+my $server_dn = dn_oneline(\%server_dn, $rfc2253);
+
+$server_dn =~ s{(httpd-test.*?)YYY}{$1([-\\w]+)};
+$server_dn{OU} =~ s{(httpd-test.*?)YYY}{$1([-\\w]+)};
+
+my %server_i_dn = %client_i_dn;
+my $server_i_dn = $client_i_dn;
+
+my $cert_datefmt = '^\w{3} {1,2}\d{1,2} \d{2}:\d{2}:\d{2} \d{4} GMT$';
+
+while (<DATA>) {
+ chomp;
+ s/^\s+//; s/\s+$//;
+ s/\#.*//;
+ next unless $_;
+ my($key, $val) = split /\s+/, $_, 2;
+ next unless $key and $val;
+
+ if ($val =~ /^\"/) {
+ $val = eval qq($val);
+ }
+ elsif ($val =~ /^\'([^\']+)\'$/) {
+ $val = $1;
+ }
+ else {
+ $val = eval $val;
+ }
+
+ die $@ if $@;
+
+ $lookup{$key} = $val;
+ push @vars, $key;
+}
+
+if (not have_min_apache_version('2.4.32')) {
+ @vars = grep(!/_RAW/, @vars);
+}
+
+if (not have_min_apache_version('2.5.1')) {
+ @vars = grep(!/_B64CERT/, @vars);
+}
+
+plan tests => scalar (@vars), need need_lwp, need_module('test_ssl');
+
+for my $key (@vars) {
+ sok { verify($key); };
+}
+
+sub verify {
+ my $key = shift;
+ my @headers;
+ if ($key eq 'HTTP_REFERER') {
+ push @headers, Referer => $0;
+ }
+ my $str = GET_BODY("$url?$key", cert => 'client_ok',
+ @headers);
+ t_cmp($str, $lookup{$key}, "$key");
+}
+
+__END__
+#http://www.modssl.org/docs/2.8/ssl_reference.html#ToC23
+HTTP_USER_AGENT "libwww-perl/$LWP::VERSION",
+HTTP:User-Agent "libwww-perl/$LWP::VERSION",
+HTTP_REFERER "$0"
+HTTP_COOKIE
+HTTP_FORWARDED
+HTTP_HOST Apache::TestRequest::hostport()
+HTTP_PROXY_CONNECTION
+HTTP_ACCEPT
+
+#standard CGI variables
+PATH_INFO
+AUTH_TYPE
+QUERY_STRING 'QUERY_STRING'
+SERVER_SOFTWARE qr(^$server->{version})
+SERVER_ADMIN $vars->{serveradmin}
+SERVER_PORT "$port"
+SERVER_NAME $vars->{servername}
+SERVER_PROTOCOL qr(^HTTP/1\.\d$)
+REMOTE_IDENT
+REMOTE_ADDR $vars->{remote_addr}
+REMOTE_HOST
+REMOTE_USER
+DOCUMENT_ROOT $vars->{documentroot}
+REQUEST_METHOD 'GET'
+REQUEST_URI $url
+
+#mod_ssl specific variables
+TIME_YEAR $time->year()+1900
+TIME_MON sprintf "%02d", $time->mon()+1
+TIME_DAY sprintf "%02d", $time->mday()
+TIME_WDAY $time->wday()
+TIME
+TIME_HOUR
+TIME_MIN
+TIME_SEC
+
+IS_SUBREQ 'false'
+API_VERSION "$mmn"
+THE_REQUEST qr(^GET $url\?THE_REQUEST HTTP/1\.\d$)
+REQUEST_SCHEME $vars->{scheme}
+REQUEST_FILENAME
+HTTPS 'on'
+ENV:THE_ARGS 'ENV:THE_ARGS'
+
+#XXX: should use Net::SSLeay to parse the certs
+#rather than just pattern match and hardcode
+
+SSL_CLIENT_M_VERSION qr(^\d+$)
+SSL_SERVER_M_VERSION qr(^\d+$)
+SSL_CLIENT_M_SERIAL qr(^[0-9A-F]+$)
+SSL_SERVER_M_SERIAL qr(^[0-9A-F]+$)
+SSL_PROTOCOL qr((TLS|SSL)v([1-3]|1\.[0-3])$)
+SSL_CLIENT_V_START qr($cert_datefmt);
+SSL_SERVER_V_START qr($cert_datefmt);
+SSL_SESSION_ID
+SSL_CLIENT_V_END qr($cert_datefmt);
+SSL_SERVER_V_END qr($cert_datefmt);
+SSL_CIPHER qr(^[A-Z0-9_-]+$)
+SSL_CIPHER_EXPORT 'false'
+SSL_CIPHER_ALGKEYSIZE qr(^\d+$)
+SSL_CIPHER_USEKEYSIZE qr(^\d+$)
+SSL_SECURE_RENEG qr(^(false|true)$)
+
+SSL_CLIENT_S_DN "$client_dn"
+SSL_SERVER_S_DN qr(^$server_dn$)
+SSL_CLIENT_S_DN_C "$client_dn{C}"
+SSL_SERVER_S_DN_C "$server_dn{C}"
+SSL_CLIENT_S_DN_ST "$client_dn{ST}"
+SSL_SERVER_S_DN_ST "$server_dn{ST}"
+SSL_CLIENT_S_DN_L "$client_dn{L}"
+SSL_SERVER_S_DN_L "$server_dn{L}"
+SSL_CLIENT_S_DN_O "$client_dn{O}"
+SSL_SERVER_S_DN_O "$server_dn{O}"
+SSL_CLIENT_S_DN_OU "$client_dn{OU}"
+SSL_SERVER_S_DN_OU qr(^$server_dn{OU})
+SSL_CLIENT_S_DN_CN "$client_dn{CN}"
+SSL_SERVER_S_DN_CN "$server_dn{CN}"
+SSL_CLIENT_S_DN_T
+SSL_SERVER_S_DN_T
+SSL_CLIENT_S_DN_I
+SSL_SERVER_S_DN_I
+SSL_CLIENT_S_DN_G
+SSL_SERVER_S_DN_G
+SSL_CLIENT_S_DN_S
+SSL_SERVER_S_DN_S
+SSL_CLIENT_S_DN_D
+SSL_SERVER_S_DN_D
+SSL_CLIENT_S_DN_UID
+SSL_SERVER_S_DN_UID
+SSL_CLIENT_S_DN_Email "$client_dn{$email_field}"
+SSL_SERVER_S_DN_Email "$server_dn{$email_field}"
+SSL_CLIENT_SAN_Email_0 "$san_email"
+SSL_SERVER_SAN_DNS_0 "$san_dns"
+SSL_CLIENT_SAN_OTHER_msUPN_0 "$san_msupn"
+SSL_SERVER_SAN_OTHER_dnsSRV_0 "$san_dnssrv"
+
+SSL_CLIENT_I_DN "$client_i_dn"
+SSL_SERVER_I_DN "$server_i_dn"
+SSL_CLIENT_I_DN_C "$client_i_dn{C}"
+SSL_SERVER_I_DN_C "$server_i_dn{C}"
+SSL_CLIENT_I_DN_ST "$client_i_dn{ST}"
+SSL_SERVER_I_DN_ST "$server_i_dn{ST}"
+SSL_CLIENT_I_DN_L "$client_i_dn{L}"
+SSL_SERVER_I_DN_L "$server_i_dn{L}"
+SSL_CLIENT_I_DN_O "$client_i_dn{O}"
+SSL_SERVER_I_DN_O "$server_i_dn{O}"
+SSL_CLIENT_I_DN_OU "$client_i_dn{OU}"
+SSL_SERVER_I_DN_OU "$server_i_dn{OU}"
+SSL_CLIENT_I_DN_CN "$client_i_dn{CN}"
+SSL_SERVER_I_DN_CN "$server_i_dn{CN}"
+SSL_SERVER_I_DN_CN_RAW "$server_i_dn{CN}"
+SSL_SERVER_I_DN_CN_0_RAW "$server_i_dn{CN}"
+SSL_CLIENT_I_DN_T
+SSL_SERVER_I_DN_T
+SSL_CLIENT_I_DN_I
+SSL_SERVER_I_DN_I
+SSL_CLIENT_I_DN_G
+SSL_SERVER_I_DN_G
+SSL_CLIENT_I_DN_S
+SSL_SERVER_I_DN_S
+SSL_CLIENT_I_DN_D
+SSL_SERVER_I_DN_D
+SSL_CLIENT_I_DN_UID
+SSL_SERVER_I_DN_UID
+SSL_CLIENT_I_DN_Email "$client_i_dn{$email_field}"
+SSL_SERVER_I_DN_Email "$server_i_dn{$email_field}"
+SSL_CLIENT_A_SIG "${dgst}WithRSAEncryption"
+SSL_SERVER_A_SIG "${dgst}WithRSAEncryption"
+SSL_CLIENT_A_KEY 'rsaEncryption'
+SSL_SERVER_A_KEY qr(^[rd]saEncryption$)
+SSL_CLIENT_CERT qr(^-----BEGIN CERTIFICATE-----)
+SSL_SERVER_CERT qr(^-----BEGIN CERTIFICATE-----)
+SSL_CLIENT_B64CERT qr(^[a-zA-Z0-9+/]{64,}={0,2}$)
+SSL_SERVER_B64CERT qr(^[a-zA-Z0-9+/]{64,}={0,2}$)
+SSL_CLIENT_VERIFY 'SUCCESS'
+SSL_VERSION_LIBRARY
+SSL_VERSION_INTERFACE
+