diff options
Diffstat (limited to 'test/open-uri')
| -rw-r--r-- | test/open-uri/test_open-uri.rb | 156 | ||||
| -rw-r--r-- | test/open-uri/test_ssl.rb | 129 |
2 files changed, 219 insertions, 66 deletions
diff --git a/test/open-uri/test_open-uri.rb b/test/open-uri/test_open-uri.rb index d30d89831e..816d7fa3e2 100644 --- a/test/open-uri/test_open-uri.rb +++ b/test/open-uri/test_open-uri.rb @@ -27,7 +27,7 @@ class TestOpenURI < Test::Unit::TestCase _, port, _, host = srv.listeners[0].addr begin th = srv.start - yield srv, dr, "http://#{host}:#{port}", log + yield srv, dr, "http://#{host}:#{port}", th, log ensure srv.shutdown th.join @@ -81,10 +81,20 @@ class TestOpenURI < Test::Unit::TestCase end def test_404 - with_http(false) {|srv, dr, url, log| - exc = assert_raise(OpenURI::HTTPError) { open("#{url}/not-exist") {} } - assert_equal("404", exc.io.status[0]) - assert_match(%r{ERROR `/not-exist' not found}, log.string) + with_http(false) {|srv, dr, url, server_thread, server_log| + client_thread = Thread.new { + begin + exc = assert_raise(OpenURI::HTTPError) { open("#{url}/not-exist") {} } + assert_equal("404", exc.io.status[0]) + ensure + srv.shutdown + end + } + server_thread2 = Thread.new { + server_thread.join + assert_match(%r{ERROR `/not-exist' not found}, server_log.string) + } + assert_join_threads([client_thread, server_thread2]) } end @@ -234,13 +244,15 @@ class TestOpenURI < Test::Unit::TestCase def test_proxy with_http {|srv, dr, url| - log = '' + proxy_log = StringIO.new('') + proxy_logger = WEBrick::Log.new(proxy_log, WEBrick::BasicLog::WARN) + proxy_auth_log = '' proxy = WEBrick::HTTPProxyServer.new({ :ServerType => Thread, - :Logger => WEBrick::Log.new(NullLog), + :Logger => proxy_logger, :AccessLog => [[NullLog, ""]], :ProxyAuthProc => lambda {|req, res| - log << req.request_line + proxy_auth_log << req.request_line }, :BindAddress => '127.0.0.1', :Port => 0}) @@ -253,21 +265,21 @@ class TestOpenURI < Test::Unit::TestCase assert_equal("200", f.status[0]) assert_equal("proxy", f.read) } - assert_match(/#{Regexp.quote url}/, log); log.clear + assert_match(/#{Regexp.quote url}/, proxy_auth_log); proxy_auth_log.clear open("#{url}/proxy", :proxy=>URI(proxy_url)) {|f| assert_equal("200", f.status[0]) assert_equal("proxy", f.read) } - assert_match(/#{Regexp.quote url}/, log); log.clear + assert_match(/#{Regexp.quote url}/, proxy_auth_log); proxy_auth_log.clear open("#{url}/proxy", :proxy=>nil) {|f| assert_equal("200", f.status[0]) assert_equal("proxy", f.read) } - assert_equal("", log); log.clear + assert_equal("", proxy_auth_log); proxy_auth_log.clear assert_raise(ArgumentError) { open("#{url}/proxy", :proxy=>:invalid) {} } - assert_equal("", log); log.clear + assert_equal("", proxy_auth_log); proxy_auth_log.clear with_env("http_proxy"=>proxy_url) { # should not use proxy for 127.0.0.0/8. open("#{url}/proxy") {|f| @@ -275,23 +287,26 @@ class TestOpenURI < Test::Unit::TestCase assert_equal("proxy", f.read) } } - assert_equal("", log); log.clear + assert_equal("", proxy_auth_log); proxy_auth_log.clear ensure proxy.shutdown proxy_thread.join end + assert_equal("", proxy_log.string) } end - def test_proxy_http_basic_authentication + def test_proxy_http_basic_authentication_failure with_http {|srv, dr, url| - log = '' + proxy_log = StringIO.new('') + proxy_logger = WEBrick::Log.new(proxy_log, WEBrick::BasicLog::WARN) + proxy_auth_log = '' proxy = WEBrick::HTTPProxyServer.new({ :ServerType => Thread, - :Logger => WEBrick::Log.new(NullLog), + :Logger => proxy_logger, :AccessLog => [[NullLog, ""]], :ProxyAuthProc => lambda {|req, res| - log << req.request_line + proxy_auth_log << req.request_line if req["Proxy-Authorization"] != "Basic #{['user:pass'].pack('m').chomp}" raise WEBrick::HTTPStatus::ProxyAuthenticationRequired end @@ -305,22 +320,53 @@ class TestOpenURI < Test::Unit::TestCase srv.mount_proc("/proxy", lambda { |req, res| res.body = "proxy" } ) exc = assert_raise(OpenURI::HTTPError) { open("#{url}/proxy", :proxy=>proxy_url) {} } assert_equal("407", exc.io.status[0]) - assert_match(/#{Regexp.quote url}/, log); log.clear + assert_match(/#{Regexp.quote url}/, proxy_auth_log); proxy_auth_log.clear + ensure + proxy.shutdown + th.join + end + assert_match(/ERROR WEBrick::HTTPStatus::ProxyAuthenticationRequired/, proxy_log.string) + } + end + + def test_proxy_http_basic_authentication_success + with_http {|srv, dr, url| + proxy_log = StringIO.new('') + proxy_logger = WEBrick::Log.new(proxy_log, WEBrick::BasicLog::WARN) + proxy_auth_log = '' + proxy = WEBrick::HTTPProxyServer.new({ + :ServerType => Thread, + :Logger => proxy_logger, + :AccessLog => [[NullLog, ""]], + :ProxyAuthProc => lambda {|req, res| + proxy_auth_log << req.request_line + if req["Proxy-Authorization"] != "Basic #{['user:pass'].pack('m').chomp}" + raise WEBrick::HTTPStatus::ProxyAuthenticationRequired + end + }, + :BindAddress => '127.0.0.1', + :Port => 0}) + _, proxy_port, _, proxy_host = proxy.listeners[0].addr + proxy_url = "http://#{proxy_host}:#{proxy_port}/" + begin + th = proxy.start + srv.mount_proc("/proxy", lambda { |req, res| res.body = "proxy" } ) open("#{url}/proxy", :proxy_http_basic_authentication=>[proxy_url, "user", "pass"]) {|f| assert_equal("200", f.status[0]) assert_equal("proxy", f.read) } - assert_match(/#{Regexp.quote url}/, log); log.clear + assert_match(/#{Regexp.quote url}/, proxy_auth_log); proxy_auth_log.clear assert_raise(ArgumentError) { open("#{url}/proxy", :proxy_http_basic_authentication=>[true, "user", "pass"]) {} } - assert_equal("", log); log.clear + assert_equal("", proxy_auth_log); proxy_auth_log.clear ensure proxy.shutdown th.join end + assert_equal("", proxy_log.string) } end @@ -405,25 +451,63 @@ class TestOpenURI < Test::Unit::TestCase } end - def test_redirect_auth - with_http(false) {|srv, dr, url, log| - srv.mount_proc("/r1/") {|req, res| res.status = 301; res["location"] = "#{url}/r2" } - srv.mount_proc("/r2/") {|req, res| - if req["Authorization"] != "Basic #{['user:pass'].pack('m').chomp}" - raise WEBrick::HTTPStatus::Unauthorized - end - res.body = "r2" - } - exc = assert_raise(OpenURI::HTTPError) { open("#{url}/r2/") {} } - assert_equal("401", exc.io.status[0]) - assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, log.string) - log.rewind; log.truncate(0) + def setup_redirect_auth(srv, url) + srv.mount_proc("/r1/") {|req, res| + res.status = 301 + res["location"] = "#{url}/r2" + } + srv.mount_proc("/r2/") {|req, res| + if req["Authorization"] != "Basic #{['user:pass'].pack('m').chomp}" + raise WEBrick::HTTPStatus::Unauthorized + end + res.body = "r2" + } + end + + def test_redirect_auth_success + with_http {|srv, dr, url| + setup_redirect_auth(srv, url) open("#{url}/r2/", :http_basic_authentication=>['user', 'pass']) {|f| assert_equal("r2", f.read) } - exc = assert_raise(OpenURI::HTTPError) { open("#{url}/r1/", :http_basic_authentication=>['user', 'pass']) {} } - assert_equal("401", exc.io.status[0]) - assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, log.string) + } + end + + def test_redirect_auth_failure_r2 + with_http(false) {|srv, dr, url, server_thread, server_log| + setup_redirect_auth(srv, url) + client_thread = Thread.new { + begin + exc = assert_raise(OpenURI::HTTPError) { open("#{url}/r2/") {} } + assert_equal("401", exc.io.status[0]) + ensure + srv.shutdown + end + } + server_thread2 = Thread.new { + server_thread.join + assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, server_log.string) + } + assert_join_threads([client_thread, server_thread2]) + } + end + + def test_redirect_auth_failure_r1 + with_http(false) {|srv, dr, url, server_thread, server_log| + setup_redirect_auth(srv, url) + client_thread = Thread.new { + begin + exc = assert_raise(OpenURI::HTTPError) { open("#{url}/r1/", :http_basic_authentication=>['user', 'pass']) {} } + assert_equal("401", exc.io.status[0]) + ensure + srv.shutdown + end + } + server_thread2 = Thread.new { + server_thread.join + assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, server_log.string) + } + assert_join_threads([client_thread, server_thread2]) } end diff --git a/test/open-uri/test_ssl.rb b/test/open-uri/test_ssl.rb index f653cd77ec..baffd1cda6 100644 --- a/test/open-uri/test_ssl.rb +++ b/test/open-uri/test_ssl.rb @@ -18,12 +18,14 @@ class TestOpenURISSL def NullLog.<<(arg) end - def with_https + def with_https(log_is_empty=true) + log = StringIO.new('') + logger = WEBrick::Log.new(log, WEBrick::BasicLog::WARN) Dir.mktmpdir {|dr| srv = WEBrick::HTTPServer.new({ :DocumentRoot => dr, :ServerType => Thread, - :Logger => WEBrick::Log.new(NullLog), + :Logger => logger, :AccessLog => [[NullLog, ""]], :SSLEnable => true, :SSLCertificate => OpenSSL::X509::Certificate.new(SERVER_CERT), @@ -34,11 +36,14 @@ class TestOpenURISSL _, port, _, host = srv.listeners[0].addr begin th = srv.start - yield srv, dr, "https://#{host}:#{port}" + yield srv, dr, "https://#{host}:#{port}", th, log ensure srv.shutdown th.join end + if log_is_empty + assert_equal("", log.string) + end } end @@ -52,58 +57,122 @@ class TestOpenURISSL @proxies.each_with_index {|k, i| ENV[k] = @old_proxies[i] } end - def test_validation + def setup_validation(srv, dr) + cacert_filename = "#{dr}/cacert.pem" + open(cacert_filename, "w") {|f| f << CA_CERT } + srv.mount_proc("/data", lambda { |req, res| res.body = "ddd" } ) + cacert_filename + end + + def test_validation_success with_https {|srv, dr, url| - cacert_filename = "#{dr}/cacert.pem" - open(cacert_filename, "w") {|f| f << CA_CERT } - srv.mount_proc("/data", lambda { |req, res| res.body = "ddd" } ) + cacert_filename = setup_validation(srv, dr) open("#{url}/data", :ssl_ca_cert => cacert_filename) {|f| assert_equal("200", f.status[0]) assert_equal("ddd", f.read) } + } + end + + def test_validation_noverify + with_https {|srv, dr, url| + setup_validation(srv, dr) open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE) {|f| assert_equal("200", f.status[0]) assert_equal("ddd", f.read) } - assert_raise(OpenSSL::SSL::SSLError) { open("#{url}/data") {} } } end - def test_proxy - with_https {|srv, dr, url| + def test_validation_failure + with_https(false) {|srv, dr, url, server_thread, server_log| + client_thread = Thread.new { + begin + setup_validation(srv, dr) + assert_raise(OpenSSL::SSL::SSLError) { open("#{url}/data") {} } + ensure + srv.shutdown + end + } + server_thread2 = Thread.new { + server_thread.join + assert_match(/ERROR OpenSSL::SSL::SSLError:/, server_log.string) + } + assert_join_threads([client_thread, server_thread2]) + } + end + + def with_https_proxy + proxy_log = StringIO.new('') + proxy_logger = WEBrick::Log.new(proxy_log, WEBrick::BasicLog::WARN) + with_https {|srv, dr, url, server_thread, server_log| + srv.mount_proc("/proxy", lambda { |req, res| res.body = "proxy" } ) cacert_filename = "#{dr}/cacert.pem" open(cacert_filename, "w") {|f| f << CA_CERT } cacert_directory = "#{dr}/certs" Dir.mkdir cacert_directory hashed_name = "%08x.0" % OpenSSL::X509::Certificate.new(CA_CERT).subject.hash open("#{cacert_directory}/#{hashed_name}", "w") {|f| f << CA_CERT } - prxy = WEBrick::HTTPProxyServer.new({ + proxy = WEBrick::HTTPProxyServer.new({ :ServerType => Thread, - :Logger => WEBrick::Log.new(NullLog), - :AccessLog => [[sio=StringIO.new, WEBrick::AccessLog::COMMON_LOG_FORMAT]], + :Logger => proxy_logger, + :AccessLog => [[proxy_access_log=StringIO.new, WEBrick::AccessLog::COMMON_LOG_FORMAT]], :BindAddress => '127.0.0.1', :Port => 0}) - _, p_port, _, p_host = prxy.listeners[0].addr + _, proxy_port, _, proxy_host = proxy.listeners[0].addr begin - th = prxy.start - srv.mount_proc("/proxy", lambda { |req, res| res.body = "proxy" } ) - open("#{url}/proxy", :proxy=>"http://#{p_host}:#{p_port}/", :ssl_ca_cert => cacert_filename) {|f| - assert_equal("200", f.status[0]) - assert_equal("proxy", f.read) - } - assert_match(%r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ], sio.string) - sio.truncate(0); sio.rewind - open("#{url}/proxy", :proxy=>"http://#{p_host}:#{p_port}/", :ssl_ca_cert => cacert_directory) {|f| - assert_equal("200", f.status[0]) - assert_equal("proxy", f.read) - } - assert_match(%r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ], sio.string) - sio.truncate(0); sio.rewind + proxy_thread = proxy.start + yield srv, dr, url, server_thread, server_log, cacert_filename, cacert_directory, proxy, proxy_host, proxy_port, proxy_thread, proxy_access_log, proxy_log ensure - prxy.shutdown - th.join + proxy.shutdown + proxy_thread.join end } + assert_equal('', proxy_log.string) + end + + def test_proxy_cacert_file + with_https_proxy {|srv, dr, url, server_thread, server_log, cacert_filename, cacert_directory, proxy, proxy_host, proxy_port, proxy_thread, proxy_access_log, proxy_log| + client_thread = Thread.new { + begin + open("#{url}/proxy", :proxy=>"http://#{proxy_host}:#{proxy_port}/", :ssl_ca_cert => cacert_filename) {|f| + assert_equal("200", f.status[0]) + assert_equal("proxy", f.read) + } + ensure + proxy.shutdown + srv.shutdown + end + } + proxy_thread2 = Thread.new { + proxy_thread.join + assert_match(%r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ], proxy_access_log.string) + assert_equal('', proxy_log.string) + } + assert_join_threads([client_thread, proxy_thread2, server_thread]) + } + end + + def test_proxy_cacert_dir + with_https_proxy {|srv, dr, url, server_thread, server_log, cacert_filename, cacert_directory, proxy, proxy_host, proxy_port, proxy_thread, proxy_access_log, proxy_log| + client_thread = Thread.new { + begin + open("#{url}/proxy", :proxy=>"http://#{proxy_host}:#{proxy_port}/", :ssl_ca_cert => cacert_directory) {|f| + assert_equal("200", f.status[0]) + assert_equal("proxy", f.read) + } + ensure + proxy.shutdown + srv.shutdown + end + } + proxy_thread2 = Thread.new { + proxy_thread.join + assert_match(%r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ], proxy_access_log.string) + assert_equal('', proxy_log.string) + } + assert_join_threads([client_thread, proxy_thread2, server_thread]) + } end end if defined?(OpenSSL) |