| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| use t::APISIX 'no_plan'; |
| |
| log_level('debug'); |
| no_root_location(); |
| |
| $ENV{TEST_NGINX_HTML_DIR} ||= html_dir(); |
| |
| run_tests; |
| |
| __DATA__ |
| |
| === TEST 1: set ssl(sni: www.test.com) |
| --- config |
| location /t { |
| content_by_lua_block { |
| local core = require("apisix.core") |
| local t = require("lib.test_admin") |
| |
| local ssl_cert = t.read_file("t/certs/apisix.crt") |
| local ssl_key = t.read_file("t/certs/apisix.key") |
| local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com"} |
| |
| local code, body = t.test('/apisix/admin/ssl/1', |
| ngx.HTTP_PUT, |
| core.json.encode(data), |
| [[{ |
| "node": { |
| "value": { |
| "sni": "www.test.com" |
| }, |
| "key": "/apisix/ssl/1" |
| }, |
| "action": "set" |
| }]] |
| ) |
| |
| ngx.status = code |
| ngx.say(body) |
| } |
| } |
| --- request |
| GET /t |
| --- response_body |
| passed |
| --- no_error_log |
| [error] |
| |
| |
| |
| === TEST 2: set route(id: 1) |
| --- config |
| location /t { |
| content_by_lua_block { |
| local t = require("lib.test_admin").test |
| local code, body = t('/apisix/admin/routes/1', |
| ngx.HTTP_PUT, |
| [[{ |
| "upstream": { |
| "nodes": { |
| "127.0.0.1:1980": 1 |
| }, |
| "type": "roundrobin" |
| }, |
| "uri": "/hello" |
| }]] |
| ) |
| |
| if code >= 300 then |
| ngx.status = code |
| end |
| ngx.say(body) |
| } |
| } |
| --- request |
| GET /t |
| --- response_body |
| passed |
| --- no_error_log |
| [error] |
| |
| |
| |
| === TEST 3: client request |
| --- config |
| listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; |
| |
| location /t { |
| content_by_lua_block { |
| -- etcd sync |
| ngx.sleep(0.2) |
| |
| do |
| local sock = ngx.socket.tcp() |
| |
| sock:settimeout(2000) |
| |
| local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock") |
| if not ok then |
| ngx.say("failed to connect: ", err) |
| return |
| end |
| |
| ngx.say("connected: ", ok) |
| |
| local sess, err = sock:sslhandshake(nil, "www.test.com", true) |
| if not sess then |
| ngx.say("failed to do SSL handshake: ", err) |
| return |
| end |
| |
| ngx.say("ssl handshake: ", type(sess)) |
| |
| local req = "GET /hello HTTP/1.0\r\nHost: www.test.com\r\nConnection: close\r\n\r\n" |
| local bytes, err = sock:send(req) |
| if not bytes then |
| ngx.say("failed to send http request: ", err) |
| return |
| end |
| |
| ngx.say("sent http request: ", bytes, " bytes.") |
| |
| while true do |
| local line, err = sock:receive() |
| if not line then |
| -- ngx.say("failed to receive response status line: ", err) |
| break |
| end |
| |
| ngx.say("received: ", line) |
| end |
| |
| local ok, err = sock:close() |
| ngx.say("close: ", ok, " ", err) |
| end -- do |
| -- collectgarbage() |
| } |
| } |
| --- request |
| GET /t |
| --- response_body eval |
| qr{connected: 1 |
| ssl handshake: userdata |
| sent http request: 62 bytes. |
| received: HTTP/1.1 200 OK |
| received: Content-Type: text/plain |
| received: Content-Length: 12 |
| received: Connection: close |
| received: Server: APISIX/\d\.\d+(\.\d+)? |
| received: \nreceived: hello world |
| close: 1 nil} |
| --- error_log |
| lua ssl server name: "www.test.com" |
| --- no_error_log |
| [error] |
| [alert] |
| |
| |
| |
| === TEST 4: set second ssl(sni: *.test2.com) |
| --- config |
| location /t { |
| content_by_lua_block { |
| local core = require("apisix.core") |
| local t = require("lib.test_admin") |
| |
| local ssl_cert = t.read_file("t/certs/test2.crt") |
| local ssl_key = t.read_file("t/certs/test2.key") |
| local data = {cert = ssl_cert, key = ssl_key, sni = "*.test2.com"} |
| |
| local code, body = t.test('/apisix/admin/ssl/2', |
| ngx.HTTP_PUT, |
| core.json.encode(data), |
| [[{ |
| "node": { |
| "value": { |
| "sni": "*.test2.com" |
| }, |
| "key": "/apisix/ssl/2" |
| }, |
| "action": "set" |
| }]] |
| ) |
| |
| ngx.status = code |
| ngx.say(body) |
| } |
| } |
| --- request |
| GET /t |
| --- response_body |
| passed |
| --- no_error_log |
| [error] |
| |
| |
| |
| === TEST 5: client request: www.test2.com |
| --- config |
| listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; |
| |
| location /t { |
| content_by_lua_block { |
| -- etcd sync |
| ngx.sleep(0.2) |
| |
| do |
| local sock = ngx.socket.tcp() |
| |
| sock:settimeout(2000) |
| |
| local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock") |
| if not ok then |
| ngx.say("failed to connect: ", err) |
| return |
| end |
| |
| ngx.say("connected: ", ok) |
| |
| local sess, err = sock:sslhandshake(nil, "www.test2.com", true) |
| if not sess then |
| ngx.say("failed to do SSL handshake: ", err) |
| return |
| end |
| |
| ngx.say("ssl handshake: ", type(sess)) |
| end -- do |
| -- collectgarbage() |
| } |
| } |
| --- request |
| GET /t |
| --- response_body |
| connected: 1 |
| failed to do SSL handshake: 18: self signed certificate |
| --- error_log |
| lua ssl server name: "www.test2.com" |
| we have more than 1 ssl certs now |
| --- no_error_log |
| [error] |
| [alert] |
| |
| |
| |
| === TEST 6: set third ssl(sni: apisix.dev) |
| --- config |
| location /t { |
| content_by_lua_block { |
| local core = require("apisix.core") |
| local t = require("lib.test_admin") |
| |
| local ssl_cert = t.read_file("t/certs/apisix_admin_ssl.crt") |
| local ssl_key = t.read_file("t/certs/apisix_admin_ssl.key") |
| local data = {cert = ssl_cert, key = ssl_key, sni = "apisix.dev"} |
| |
| local code, body = t.test('/apisix/admin/ssl/3', |
| ngx.HTTP_PUT, |
| core.json.encode(data), |
| [[{ |
| "node": { |
| "value": { |
| "sni": "apisix.dev" |
| }, |
| "key": "/apisix/ssl/3" |
| }, |
| "action": "set" |
| }]] |
| ) |
| |
| ngx.status = code |
| ngx.say(body) |
| } |
| } |
| --- request |
| GET /t |
| --- response_body |
| passed |
| --- no_error_log |
| [error] |
| |
| |
| |
| === TEST 7: client request: apisix.dev |
| --- config |
| listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; |
| |
| location /t { |
| content_by_lua_block { |
| -- etcd sync |
| ngx.sleep(0.2) |
| |
| do |
| local sock = ngx.socket.tcp() |
| |
| sock:settimeout(2000) |
| |
| local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock") |
| if not ok then |
| ngx.say("failed to connect: ", err) |
| return |
| end |
| |
| ngx.say("connected: ", ok) |
| |
| local sess, err = sock:sslhandshake(nil, "apisix.dev", true) |
| if not sess then |
| ngx.say("failed to do SSL handshake: ", err) |
| return |
| end |
| |
| ngx.say("ssl handshake: ", type(sess)) |
| end -- do |
| -- collectgarbage() |
| } |
| } |
| --- request |
| GET /t |
| --- response_body |
| connected: 1 |
| failed to do SSL handshake: 18: self signed certificate |
| --- error_log |
| lua ssl server name: "apisix.dev" |
| we have more than 1 ssl certs now |
| --- no_error_log |
| [error] |
| [alert] |
| |
| |
| |
| === TEST 8: remove test ssl certs |
| --- config |
| location /t { |
| content_by_lua_block { |
| local core = require("apisix.core") |
| local t = require("lib.test_admin") |
| |
| t.test('/apisix/admin/ssl/1', ngx.HTTP_DELETE) |
| t.test('/apisix/admin/ssl/2', ngx.HTTP_DELETE) |
| t.test('/apisix/admin/ssl/3', ngx.HTTP_DELETE) |
| |
| } |
| } |
| --- request |
| GET /t |
| --- no_error_log |
| [error] |