blob: d6bb1d9e3d9d2e6d72ee7c399b2d5ee6281e4e21 [file] [log] [blame]
#!/usr/bin/perl
# (C) Sergey Kandaurov
# (C) Nginx, Inc.
# Tests for http njs module, fetch method, backend certificate verification.
###############################################################################
use warnings;
use strict;
use Test::More;
BEGIN { use FindBin; chdir($FindBin::Bin); }
use lib 'lib';
use Test::Nginx;
###############################################################################
select STDERR; $| = 1;
select STDOUT; $| = 1;
my $t = Test::Nginx->new()->has(qw/http http_ssl/)
->write_file_expand('nginx.conf', <<'EOF');
%%TEST_GLOBALS%%
daemon off;
events {
}
http {
%%TEST_GLOBALS_HTTP%%
js_import test.js;
server {
listen 127.0.0.1:8080;
server_name localhost;
resolver 127.0.0.1:%%PORT_8981_UDP%%;
resolver_timeout 1s;
location /njs {
js_content test.njs;
}
location /https {
js_content test.https;
}
location /https.verify_off {
js_content test.https;
js_fetch_verify off;
}
}
server {
listen 127.0.0.1:8081 ssl;
server_name localhost;
ssl_certificate localhost.crt;
ssl_certificate_key localhost.key;
}
}
EOF
my $p1 = port(8081);
$t->write_file('test.js', <<EOF);
function test_njs(r) {
r.return(200, njs.version);
}
function https(r) {
ngx.fetch(`https://example.com:$p1/loc`)
.then(reply => reply.text())
.then(body => r.return(200, body))
.catch(e => r.return(501, e.message));
}
export default {njs: test_njs, https};
EOF
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
encrypt_key = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
EOF
my $d = $t->testdir();
foreach my $name ('localhost') {
system('openssl req -x509 -new '
. "-config $d/openssl.conf -subj /CN=$name/ "
. "-out $d/$name.crt -keyout $d/$name.key "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create certificate for $name: $!\n";
}
$t->try_run('no js_fetch_verify')->plan(2);
$t->run_daemon(\&dns_daemon, port(8981), $t);
$t->waitforfile($t->testdir . '/' . port(8981));
###############################################################################
like(http_get('/https'), qr/connect failed/, 'fetch verify error');
like(http_get('/https.verify_off'), qr/200 OK/, 'fetch verify off');
###############################################################################
sub reply_handler {
my ($recv_data, $port, %extra) = @_;
my (@name, @rdata);
use constant NOERROR => 0;
use constant A => 1;
use constant IN => 1;
# default values
my ($hdr, $rcode, $ttl) = (0x8180, NOERROR, 3600);
# decode name
my ($len, $offset) = (undef, 12);
while (1) {
$len = unpack("\@$offset C", $recv_data);
last if $len == 0;
$offset++;
push @name, unpack("\@$offset A$len", $recv_data);
$offset += $len;
}
$offset -= 1;
my ($id, $type, $class) = unpack("n x$offset n2", $recv_data);
my $name = join('.', @name);
if ($type == A) {
push @rdata, rd_addr($ttl, '127.0.0.1');
}
$len = @name;
pack("n6 (C/a*)$len x n2", $id, $hdr | $rcode, 1, scalar @rdata,
0, 0, @name, $type, $class) . join('', @rdata);
}
sub rd_addr {
my ($ttl, $addr) = @_;
my $code = 'split(/\./, $addr)';
return pack 'n3N', 0xc00c, A, IN, $ttl if $addr eq '';
pack 'n3N nC4', 0xc00c, A, IN, $ttl, eval "scalar $code", eval($code);
}
sub dns_daemon {
my ($port, $t) = @_;
my ($data, $recv_data);
my $socket = IO::Socket::INET->new(
LocalAddr => '127.0.0.1',
LocalPort => $port,
Proto => 'udp',
)
or die "Can't create listening socket: $!\n";
local $SIG{PIPE} = 'IGNORE';
# signal we are ready
open my $fh, '>', $t->testdir() . '/' . $port;
close $fh;
while (1) {
$socket->recv($recv_data, 65536);
$data = reply_handler($recv_data, $port);
$socket->send($data);
}
}
###############################################################################