| /* ==================================================================== |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * ==================================================================== |
| */ |
| |
| #include <stdlib.h> |
| |
| #include <apr.h> |
| #include <apr_pools.h> |
| #include <apr_strings.h> |
| #include <apr_version.h> |
| |
| #include "serf.h" |
| #include "serf_private.h" |
| |
| #include "test_serf.h" |
| #include "server/test_server.h" |
| |
| /* Validate that requests are sent and completed in the order of creation. */ |
| static void test_serf_connection_request_create(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[2]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| int i; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "2")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server */ |
| status = test_http_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, NULL, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| create_new_request(tb, &handler_ctx[1], "GET", "/", 2); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| |
| /* Check that the requests were sent in the order we created them */ |
| for (i = 0; i < tb->sent_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->sent_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| |
| /* Check that the requests were received in the order we created them */ |
| for (i = 0; i < tb->handled_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->handled_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| } |
| |
| /* Validate that priority requests are sent and completed before normal |
| requests. */ |
| static void test_serf_connection_priority_request_create(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[3]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| int i; |
| |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "2")}, |
| {CHUNKED_REQUEST(1, "3")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server */ |
| status = test_http_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, NULL, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 2); |
| create_new_request(tb, &handler_ctx[1], "GET", "/", 3); |
| create_new_prio_request(tb, &handler_ctx[2], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| |
| /* Check that the requests were sent in the order we created them */ |
| for (i = 0; i < tb->sent_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->sent_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| |
| /* Check that the requests were received in the order we created them */ |
| for (i = 0; i < tb->handled_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->handled_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| } |
| |
| /* Test that serf correctly handles the 'Connection:close' header when the |
| server is planning to close the connection. */ |
| static void test_closed_connection(CuTest *tc) |
| { |
| test_baton_t *tb; |
| apr_status_t status; |
| handler_baton_t handler_ctx[10]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| int done = FALSE, i; |
| |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "2")}, |
| {CHUNKED_REQUEST(1, "3")}, |
| {CHUNKED_REQUEST(1, "4")}, |
| {CHUNKED_REQUEST(1, "5")}, |
| {CHUNKED_REQUEST(1, "6")}, |
| {CHUNKED_REQUEST(1, "7")}, |
| {CHUNKED_REQUEST(1, "8")}, |
| {CHUNKED_REQUEST(1, "9")}, |
| {CHUNKED_REQUEST(2, "10")} |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, |
| "HTTP/1.1 200 OK" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "Connection: close" CRLF |
| CRLF |
| "0" CRLF |
| CRLF |
| }, |
| {SERVER_IGNORE_AND_KILL_CONNECTION}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, |
| "HTTP/1.1 200 OK" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "Connection: close" CRLF |
| CRLF |
| "0" CRLF |
| CRLF |
| }, |
| {SERVER_IGNORE_AND_KILL_CONNECTION}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server. */ |
| status = test_http_server_setup(&tb, |
| message_list, num_requests, |
| action_list, 12, |
| 0, |
| NULL, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Send some requests on the connections */ |
| for (i = 0 ; i < num_requests ; i++) { |
| create_new_request(tb, &handler_ctx[i], "GET", "/", i+1); |
| } |
| |
| while (1) { |
| status = run_test_server(tb->serv_ctx, 0, test_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| status = serf_context_run(tb->context, 0, test_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Debugging purposes only! */ |
| serf_debug__closed_conn(tb->bkt_alloc); |
| |
| done = TRUE; |
| for (i = 0 ; i < num_requests ; i++) |
| if (handler_ctx[i].done == FALSE) { |
| done = FALSE; |
| break; |
| } |
| if (done) |
| break; |
| } |
| |
| /* Check that all requests were received */ |
| CuAssertTrue(tc, tb->sent_requests->nelts >= num_requests); |
| CuAssertIntEquals(tc, num_requests, tb->accepted_requests->nelts); |
| CuAssertIntEquals(tc, num_requests, tb->handled_requests->nelts); |
| } |
| |
| /* Test if serf is sending the request to the proxy, not to the server |
| directly. */ |
| static void test_setup_proxy(CuTest *tc) |
| { |
| test_baton_t *tb; |
| int i; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_pool_t *iter_pool; |
| apr_status_t status; |
| |
| test_server_message_t message_list[] = { |
| {"GET http://localhost:" SERV_PORT_STR " HTTP/1.1" CRLF\ |
| "Host: localhost:" SERV_PORT_STR CRLF\ |
| "Transfer-Encoding: chunked" CRLF\ |
| CRLF\ |
| "1" CRLF\ |
| "1" CRLF\ |
| "0" CRLF\ |
| CRLF} |
| }; |
| |
| test_server_action_t action_list_proxy[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server, no messages expected. */ |
| status = test_server_proxy_setup(&tb, |
| /* server messages and actions */ |
| NULL, 0, |
| NULL, 0, |
| /* server messages and actions */ |
| message_list, 1, |
| action_list_proxy, 1, |
| 0, |
| NULL, test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| apr_pool_create(&iter_pool, test_pool); |
| |
| while (!handler_ctx[0].done) |
| { |
| apr_pool_clear(iter_pool); |
| |
| status = run_test_server(tb->serv_ctx, 0, iter_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| status = run_test_server(tb->proxy_ctx, 0, iter_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| status = serf_context_run(tb->context, 0, iter_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Debugging purposes only! */ |
| serf_debug__closed_conn(tb->bkt_alloc); |
| } |
| apr_pool_destroy(iter_pool); |
| |
| /* Check that all requests were received */ |
| CuAssertIntEquals(tc, num_requests, tb->sent_requests->nelts); |
| CuAssertIntEquals(tc, num_requests, tb->accepted_requests->nelts); |
| CuAssertIntEquals(tc, num_requests, tb->handled_requests->nelts); |
| |
| |
| /* Check that the requests were sent in the order we created them */ |
| for (i = 0; i < tb->sent_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->sent_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| |
| /* Check that the requests were received in the order we created them */ |
| for (i = 0; i < tb->handled_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->handled_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| } |
| |
| /***************************************************************************** |
| * Test if we can make serf send requests one by one. |
| *****************************************************************************/ |
| |
| /* Resend the first request 4 times by reducing the pipeline bandwidth to |
| one request at a time, and by adding the first request again at the start of |
| the outgoing queue. */ |
| static apr_status_t |
| handle_response_keepalive_limit(serf_request_t *request, |
| serf_bucket_t *response, |
| void *handler_baton, |
| apr_pool_t *pool) |
| { |
| handler_baton_t *ctx = handler_baton; |
| |
| if (! response) { |
| return APR_SUCCESS; |
| } |
| |
| while (1) { |
| apr_status_t status; |
| const char *data; |
| apr_size_t len; |
| |
| status = serf_bucket_read(response, 2048, &data, &len); |
| if (SERF_BUCKET_READ_ERROR(status)) { |
| return status; |
| } |
| |
| if (APR_STATUS_IS_EOF(status)) { |
| APR_ARRAY_PUSH(ctx->handled_requests, int) = ctx->req_id; |
| ctx->done = TRUE; |
| if (ctx->req_id == 1 && ctx->handled_requests->nelts < 3) { |
| serf_connection_priority_request_create(ctx->tb->connection, |
| setup_request, |
| ctx); |
| ctx->done = FALSE; |
| } |
| return APR_EOF; |
| } |
| } |
| |
| return APR_SUCCESS; |
| } |
| |
| #define SEND_REQUESTS 5 |
| #define RCVD_REQUESTS 7 |
| static void test_keepalive_limit_one_by_one(CuTest *tc) |
| { |
| test_baton_t *tb; |
| apr_status_t status; |
| handler_baton_t handler_ctx[SEND_REQUESTS]; |
| int done = FALSE, i; |
| |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "2")}, |
| {CHUNKED_REQUEST(1, "3")}, |
| {CHUNKED_REQUEST(1, "4")}, |
| {CHUNKED_REQUEST(1, "5")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server. */ |
| status = test_http_server_setup(&tb, |
| message_list, RCVD_REQUESTS, |
| action_list, RCVD_REQUESTS, 0, NULL, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| for (i = 0 ; i < SEND_REQUESTS ; i++) { |
| create_new_request_with_resp_hdlr(tb, &handler_ctx[i], "GET", "/", i+1, |
| handle_response_keepalive_limit); |
| /* TODO: don't think this needs to be done in the loop. */ |
| serf_connection_set_max_outstanding_requests(tb->connection, 1); |
| } |
| |
| while (1) { |
| status = run_test_server(tb->serv_ctx, 0, test_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| status = serf_context_run(tb->context, 0, test_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Debugging purposes only! */ |
| serf_debug__closed_conn(tb->bkt_alloc); |
| |
| done = TRUE; |
| for (i = 0 ; i < SEND_REQUESTS ; i++) |
| if (handler_ctx[i].done == FALSE) { |
| done = FALSE; |
| break; |
| } |
| if (done) |
| break; |
| } |
| |
| /* Check that all requests were received */ |
| CuAssertIntEquals(tc, RCVD_REQUESTS, tb->sent_requests->nelts); |
| CuAssertIntEquals(tc, RCVD_REQUESTS, tb->accepted_requests->nelts); |
| CuAssertIntEquals(tc, RCVD_REQUESTS, tb->handled_requests->nelts); |
| } |
| #undef SEND_REQUESTS |
| #undef RCVD_REQUESTS |
| |
| /***************************************************************************** |
| * Test if we can make serf first send requests one by one, and then change |
| * back to burst mode. |
| *****************************************************************************/ |
| #define SEND_REQUESTS 5 |
| #define RCVD_REQUESTS 7 |
| /* Resend the first request 2 times by reducing the pipeline bandwidth to |
| one request at a time, and by adding the first request again at the start of |
| the outgoing queue. */ |
| static apr_status_t |
| handle_response_keepalive_limit_burst(serf_request_t *request, |
| serf_bucket_t *response, |
| void *handler_baton, |
| apr_pool_t *pool) |
| { |
| handler_baton_t *ctx = handler_baton; |
| |
| if (! response) { |
| return APR_SUCCESS; |
| } |
| |
| while (1) { |
| apr_status_t status; |
| const char *data; |
| apr_size_t len; |
| |
| status = serf_bucket_read(response, 2048, &data, &len); |
| if (SERF_BUCKET_READ_ERROR(status)) { |
| return status; |
| } |
| |
| if (APR_STATUS_IS_EOF(status)) { |
| APR_ARRAY_PUSH(ctx->handled_requests, int) = ctx->req_id; |
| ctx->done = TRUE; |
| if (ctx->req_id == 1 && ctx->handled_requests->nelts < 3) { |
| serf_connection_priority_request_create(ctx->tb->connection, |
| setup_request, |
| ctx); |
| ctx->done = FALSE; |
| } |
| else { |
| /* No more one-by-one. */ |
| serf_connection_set_max_outstanding_requests(ctx->tb->connection, |
| 0); |
| } |
| return APR_EOF; |
| } |
| |
| if (APR_STATUS_IS_EAGAIN(status)) { |
| return status; |
| } |
| } |
| |
| return APR_SUCCESS; |
| } |
| |
| static void test_keepalive_limit_one_by_one_and_burst(CuTest *tc) |
| { |
| test_baton_t *tb; |
| apr_status_t status; |
| handler_baton_t handler_ctx[SEND_REQUESTS]; |
| int done = FALSE, i; |
| |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "2")}, |
| {CHUNKED_REQUEST(1, "3")}, |
| {CHUNKED_REQUEST(1, "4")}, |
| {CHUNKED_REQUEST(1, "5")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server. */ |
| status = test_http_server_setup(&tb, |
| message_list, RCVD_REQUESTS, |
| action_list, RCVD_REQUESTS, 0, NULL, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| for (i = 0 ; i < SEND_REQUESTS ; i++) { |
| create_new_request_with_resp_hdlr(tb, &handler_ctx[i], "GET", "/", i+1, |
| handle_response_keepalive_limit_burst); |
| serf_connection_set_max_outstanding_requests(tb->connection, 1); |
| } |
| |
| while (1) { |
| status = run_test_server(tb->serv_ctx, 0, test_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| status = serf_context_run(tb->context, 0, test_pool); |
| if (APR_STATUS_IS_TIMEUP(status)) |
| status = APR_SUCCESS; |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Debugging purposes only! */ |
| serf_debug__closed_conn(tb->bkt_alloc); |
| |
| done = TRUE; |
| for (i = 0 ; i < SEND_REQUESTS ; i++) |
| if (handler_ctx[i].done == FALSE) { |
| done = FALSE; |
| break; |
| } |
| if (done) |
| break; |
| } |
| |
| /* Check that all requests were received */ |
| CuAssertIntEquals(tc, RCVD_REQUESTS, tb->sent_requests->nelts); |
| CuAssertIntEquals(tc, RCVD_REQUESTS, tb->accepted_requests->nelts); |
| CuAssertIntEquals(tc, RCVD_REQUESTS, tb->handled_requests->nelts); |
| } |
| #undef SEND_REQUESTS |
| #undef RCVD_REQUESTS |
| |
| typedef struct { |
| apr_off_t read; |
| apr_off_t written; |
| } progress_baton_t; |
| |
| static void |
| progress_cb(void *progress_baton, apr_off_t read, apr_off_t written) |
| { |
| test_baton_t *tb = progress_baton; |
| progress_baton_t *pb = tb->user_baton; |
| |
| pb->read = read; |
| pb->written = written; |
| } |
| |
| static apr_status_t progress_conn_setup(apr_socket_t *skt, |
| serf_bucket_t **input_bkt, |
| serf_bucket_t **output_bkt, |
| void *setup_baton, |
| apr_pool_t *pool) |
| { |
| test_baton_t *tb = setup_baton; |
| *input_bkt = serf_context_bucket_socket_create(tb->context, skt, tb->bkt_alloc); |
| return APR_SUCCESS; |
| } |
| |
| static void test_progress_callback(CuTest *tc) |
| { |
| test_baton_t *tb; |
| apr_status_t status; |
| handler_baton_t handler_ctx[5]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| int i; |
| progress_baton_t *pb; |
| |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "2")}, |
| {CHUNKED_REQUEST(1, "3")}, |
| {CHUNKED_REQUEST(1, "4")}, |
| {CHUNKED_REQUEST(1, "5")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_RESPONSE(1, "2")}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server. */ |
| status = test_http_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| progress_conn_setup, test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Set up the progress callback. */ |
| pb = apr_pcalloc(test_pool, sizeof(*pb)); |
| tb->user_baton = pb; |
| serf_context_set_progress_cb(tb->context, progress_cb, tb); |
| |
| /* Send some requests on the connections */ |
| for (i = 0 ; i < num_requests ; i++) { |
| create_new_request(tb, &handler_ctx[i], "GET", "/", i+1); |
| } |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| |
| /* Check that progress was reported. */ |
| CuAssertTrue(tc, pb->written > 0); |
| CuAssertTrue(tc, pb->read > 0); |
| } |
| |
| /* Test that username:password components in url are ignored. */ |
| static void test_connection_userinfo_in_url(CuTest *tc) |
| { |
| test_baton_t *tb; |
| apr_status_t status; |
| handler_baton_t handler_ctx[2]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| int i; |
| progress_baton_t *pb; |
| |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| {CHUNKED_REQUEST(1, "2")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| {SERVER_RESPOND, CHUNKED_RESPONSE(1, "2")}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server. */ |
| status = test_http_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| progress_conn_setup, test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Create a connection using user:password@hostname syntax */ |
| tb->serv_url = "http://user:password@localhost:" SERV_PORT_STR; |
| use_new_connection(tb, test_pool); |
| |
| /* Send some requests on the connections */ |
| for (i = 0 ; i < num_requests ; i++) { |
| create_new_request(tb, &handler_ctx[i], "GET", "/", i+1); |
| } |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| /***************************************************************************** |
| * Issue #91: test that serf correctly handle an incoming 4xx reponse while |
| * the outgoing request wasn't written completely yet. |
| *****************************************************************************/ |
| |
| #define REQUEST_PART1 "PROPFIND / HTTP/1.1" CRLF\ |
| "Host: lgo-ubuntu.local" CRLF\ |
| "User-Agent: SVN/1.8.0-dev (x86_64-apple-darwin11.4.2) serf/2.0.0" CRLF\ |
| "Content-Type: text/xml" CRLF\ |
| "Transfer-Encoding: chunked" CRLF \ |
| CRLF\ |
| "12d" CRLF\ |
| "<?xml version=""1.0"" encoding=""utf-8""?><propfind xmlns=""DAV:""><prop>" |
| |
| #define REQUEST_PART2 \ |
| "<resourcetype xmlns=""DAV:""/><getcontentlength xmlns=""DAV:""/>"\ |
| "<deadprop-count xmlns=""http://subversion.tigris.org/xmlns/dav/""/>"\ |
| "<version-name xmlns=""DAV:""/><creationdate xmlns=""DAV:""/>"\ |
| "<creator-displayname xmlns=""DAV:""/></prop></propfind>" CRLF\ |
| "0" CRLF \ |
| CRLF |
| |
| #define RESPONSE_408 "HTTP/1.1 408 Request Time-out" CRLF\ |
| "Date: Wed, 14 Nov 2012 19:50:35 GMT" CRLF\ |
| "Server: Apache/2.2.17 (Ubuntu)" CRLF\ |
| "Vary: Accept-Encoding" CRLF\ |
| "Content-Length: 305" CRLF\ |
| "Connection: close" CRLF\ |
| "Content-Type: text/html; charset=iso-8859-1" CRLF \ |
| CRLF\ |
| "<!DOCTYPE HTML PUBLIC ""-//IETF//DTD HTML 2.0//EN""><html><head>"\ |
| "<title>408 Request Time-out</title></head><body><h1>Request Time-out</h1>"\ |
| "<p>Server timeout waiting for the HTTP request from the client.</p><hr>"\ |
| "<address>Apache/2.2.17 (Ubuntu) Server at lgo-ubuntu.local Port 80</address>"\ |
| "</body></html>" |
| |
| |
| static apr_status_t detect_eof(void *baton, serf_bucket_t *aggregate_bucket) |
| { |
| serf_bucket_t *body_bkt; |
| handler_baton_t *ctx = baton; |
| |
| if (ctx->done) { |
| body_bkt = serf_bucket_simple_create(REQUEST_PART1, strlen(REQUEST_PART2), |
| NULL, NULL, |
| ctx->tb->bkt_alloc); |
| serf_bucket_aggregate_append(aggregate_bucket, body_bkt); |
| } |
| |
| return APR_EAGAIN; |
| } |
| |
| static apr_status_t setup_request_timeout( |
| serf_request_t *request, |
| void *setup_baton, |
| serf_bucket_t **req_bkt, |
| serf_response_acceptor_t *acceptor, |
| void **acceptor_baton, |
| serf_response_handler_t *handler, |
| void **handler_baton, |
| apr_pool_t *pool) |
| { |
| handler_baton_t *ctx = setup_baton; |
| serf_bucket_t *body_bkt; |
| |
| *req_bkt = serf__bucket_stream_create(serf_request_get_alloc(request), |
| detect_eof, |
| ctx); |
| |
| /* create a simple body text */ |
| body_bkt = serf_bucket_simple_create(REQUEST_PART1, strlen(REQUEST_PART1), |
| NULL, NULL, |
| serf_request_get_alloc(request)); |
| serf_bucket_aggregate_append(*req_bkt, body_bkt); |
| |
| APR_ARRAY_PUSH(ctx->sent_requests, int) = ctx->req_id; |
| |
| *acceptor = ctx->acceptor; |
| *acceptor_baton = ctx; |
| *handler = ctx->handler; |
| *handler_baton = ctx; |
| |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t handle_response_timeout( |
| serf_request_t *request, |
| serf_bucket_t *response, |
| void *handler_baton, |
| apr_pool_t *pool) |
| { |
| handler_baton_t *ctx = handler_baton; |
| serf_status_line sl; |
| apr_status_t status; |
| |
| if (! response) { |
| serf_connection_request_create(ctx->tb->connection, |
| setup_request, |
| ctx); |
| return APR_SUCCESS; |
| } |
| |
| if (serf_request_is_written(request) != APR_EBUSY) { |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| } |
| |
| |
| status = serf_bucket_response_status(response, &sl); |
| if (SERF_BUCKET_READ_ERROR(status)) { |
| return status; |
| } |
| if (!sl.version && (APR_STATUS_IS_EOF(status) || |
| APR_STATUS_IS_EAGAIN(status))) { |
| return status; |
| } |
| if (sl.code == 408) { |
| APR_ARRAY_PUSH(ctx->handled_requests, int) = ctx->req_id; |
| ctx->done = TRUE; |
| } |
| |
| /* discard the rest of the body */ |
| while (1) { |
| const char *data; |
| apr_size_t len; |
| |
| status = serf_bucket_read(response, 2048, &data, &len); |
| if (SERF_BUCKET_READ_ERROR(status) || |
| APR_STATUS_IS_EAGAIN(status) || |
| APR_STATUS_IS_EOF(status)) |
| return status; |
| } |
| |
| return APR_SUCCESS; |
| } |
| |
| static void test_request_timeout(CuTest *tc) |
| { |
| test_baton_t *tb; |
| apr_status_t status; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| |
| test_server_message_t message_list[] = { |
| {REQUEST_PART1}, |
| {REQUEST_PART2}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, RESPONSE_408}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server. */ |
| status = test_http_server_setup(&tb, |
| message_list, 2, |
| action_list, 1, 0, |
| NULL, test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* Send some requests on the connection */ |
| handler_ctx[0].method = "PROPFIND"; |
| handler_ctx[0].path = "/"; |
| handler_ctx[0].done = FALSE; |
| |
| handler_ctx[0].acceptor = accept_response; |
| handler_ctx[0].acceptor_baton = NULL; |
| handler_ctx[0].handler = handle_response_timeout; |
| handler_ctx[0].req_id = 1; |
| handler_ctx[0].accepted_requests = tb->accepted_requests; |
| handler_ctx[0].sent_requests = tb->sent_requests; |
| handler_ctx[0].handled_requests = tb->handled_requests; |
| handler_ctx[0].tb = tb; |
| |
| serf_connection_request_create(tb->connection, |
| setup_request_timeout, |
| &handler_ctx[0]); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| static const char *create_large_response_message(apr_pool_t *pool) |
| { |
| const char *response = "HTTP/1.1 200 OK" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| CRLF; |
| struct iovec vecs[500]; |
| const int num_vecs = 500; |
| int i, j; |
| apr_size_t len; |
| |
| vecs[0].iov_base = (char *)response; |
| vecs[0].iov_len = strlen(response); |
| |
| for (i = 1; i < num_vecs; i++) |
| { |
| int chunk_len = 10 * i * 3; |
| char *chunk; |
| char *buf; |
| |
| /* end with empty chunk */ |
| if (i == num_vecs - 1) |
| chunk_len = 0; |
| |
| buf = apr_pcalloc(pool, chunk_len + 1); |
| for (j = 0; j < chunk_len; j += 10) |
| memcpy(buf + j, "0123456789", 10); |
| |
| chunk = apr_pstrcat(pool, |
| apr_psprintf(pool, "%x", chunk_len), |
| CRLF, buf, CRLF, NULL); |
| vecs[i].iov_base = chunk; |
| vecs[i].iov_len = strlen(chunk); |
| } |
| |
| return apr_pstrcatv(pool, vecs, num_vecs, &len); |
| } |
| |
| /* Validate reading a large chunked response. */ |
| static void test_connection_large_response(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| test_server_action_t action_list[1]; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* create large chunked response message */ |
| const char *response = create_large_response_message(test_pool); |
| action_list[0].kind = SERVER_RESPOND; |
| action_list[0].text = response; |
| |
| /* Set up a test context with a server */ |
| status = test_http_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, NULL, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| static const char *create_large_request_message(apr_pool_t *pool) |
| { |
| const char *request = "GET / HTTP/1.1" CRLF |
| "Host: localhost:12345" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| CRLF; |
| struct iovec vecs[500]; |
| const int num_vecs = 500; |
| int i, j; |
| apr_size_t len; |
| |
| vecs[0].iov_base = (char *)request; |
| vecs[0].iov_len = strlen(request); |
| |
| for (i = 1; i < num_vecs; i++) |
| { |
| int chunk_len = 10 * i * 3; |
| char *chunk; |
| char *buf; |
| |
| /* end with empty chunk */ |
| if (i == num_vecs - 1) |
| chunk_len = 0; |
| |
| buf = apr_pcalloc(pool, chunk_len + 1); |
| for (j = 0; j < chunk_len; j += 10) |
| memcpy(buf + j, "0123456789", 10); |
| |
| chunk = apr_pstrcat(pool, |
| apr_psprintf(pool, "%x", chunk_len), |
| CRLF, buf, CRLF, NULL); |
| vecs[i].iov_base = chunk; |
| vecs[i].iov_len = strlen(chunk); |
| } |
| |
| return apr_pstrcatv(pool, vecs, num_vecs, &len); |
| } |
| |
| /* Validate sending a large chunked response. */ |
| static void test_connection_large_request(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| test_server_message_t message_list[1]; |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| const char *request; |
| apr_status_t status; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server */ |
| status = test_http_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, NULL, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* create large chunked request message */ |
| request = create_large_request_message(test_pool); |
| message_list[0].text = request; |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| handler_ctx[0].request = request; |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| /***************************************************************************** |
| * SSL handshake tests |
| *****************************************************************************/ |
| static const char *server_certs[] = { |
| "test/server/serfservercert.pem", |
| "test/server/serfcacert.pem", |
| NULL }; |
| |
| static const char *all_server_certs[] = { |
| "test/server/serfservercert.pem", |
| "test/server/serfcacert.pem", |
| "test/server/serfrootcacert.pem", |
| NULL }; |
| |
| static const char **server_certs_srcdir(const char **certs, |
| apr_pool_t *result_pool) |
| { |
| const char **result; |
| int i = 0; |
| while (certs[i]) |
| i++; |
| |
| result = apr_pcalloc(result_pool, sizeof(result[0]) * (i + 1)); |
| |
| while (i-- > 0) |
| result[i] = get_srcdir_file(result_pool, certs[i]); |
| |
| return result; |
| } |
| |
| static apr_status_t validate_servercert(const serf_ssl_certificate_t *cert, |
| apr_pool_t *pool) |
| { |
| apr_hash_t *subject; |
| subject = serf_ssl_cert_subject(cert, pool); |
| if (strcmp("localhost", |
| apr_hash_get(subject, "CN", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Test Suite Server", |
| apr_hash_get(subject, "OU", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("In Serf we trust, Inc.", |
| apr_hash_get(subject, "O", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Mechelen", |
| apr_hash_get(subject, "L", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Antwerp", |
| apr_hash_get(subject, "ST", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("BE", |
| apr_hash_get(subject, "C", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("serfserver@example.com", |
| apr_hash_get(subject, "E", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t validate_cacert(const serf_ssl_certificate_t *cert, |
| apr_pool_t *pool) |
| { |
| apr_hash_t *subject; |
| subject = serf_ssl_cert_subject(cert, pool); |
| if (strcmp("Serf CA", |
| apr_hash_get(subject, "CN", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Test Suite CA", |
| apr_hash_get(subject, "OU", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("In Serf we trust, Inc.", |
| apr_hash_get(subject, "O", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Mechelen", |
| apr_hash_get(subject, "L", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Antwerp", |
| apr_hash_get(subject, "ST", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("BE", |
| apr_hash_get(subject, "C", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("serfca@example.com", |
| apr_hash_get(subject, "E", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t validate_rootcacert(const serf_ssl_certificate_t *cert, |
| apr_pool_t *pool) |
| { |
| apr_hash_t *subject; |
| subject = serf_ssl_cert_subject(cert, pool); |
| if (strcmp("Serf Root CA", |
| apr_hash_get(subject, "CN", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Test Suite Root CA", |
| apr_hash_get(subject, "OU", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("In Serf we trust, Inc.", |
| apr_hash_get(subject, "O", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Mechelen", |
| apr_hash_get(subject, "L", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Antwerp", |
| apr_hash_get(subject, "ST", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("BE", |
| apr_hash_get(subject, "C", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("serfrootca@example.com", |
| apr_hash_get(subject, "E", APR_HASH_KEY_STRING)) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t |
| ssl_server_cert_cb_expect_failures(void *baton, int failures, |
| const serf_ssl_certificate_t *cert) |
| { |
| test_baton_t *tb = baton; |
| int expected_failures = *(int *)tb->user_baton; |
| |
| tb->result_flags |= TEST_RESULT_SERVERCERTCB_CALLED; |
| |
| /* We expect an error from the certificate validation function. */ |
| if (failures & expected_failures) |
| return APR_SUCCESS; |
| else |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| } |
| |
| static apr_status_t |
| ssl_server_cert_cb_expect_allok(void *baton, int failures, |
| const serf_ssl_certificate_t *cert) |
| { |
| test_baton_t *tb = baton; |
| tb->result_flags |= TEST_RESULT_SERVERCERTCB_CALLED; |
| |
| /* No error expected, certificate is valid. */ |
| if (failures) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| else |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t |
| ssl_server_cert_cb_reject(void *baton, int failures, |
| const serf_ssl_certificate_t *cert) |
| { |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| } |
| |
| /* Validate that we can connect successfully to an https server. This |
| certificate is not trusted, so a cert validation failure is expected. */ |
| static void test_ssl_handshake(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| int expected_failures; |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| static const char *server_cert[] = { "test/server/serfservercert.pem", |
| NULL }; |
| |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| NULL, /* default conn setup */ |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_cert, test_pool), |
| NULL, /* no client cert */ |
| ssl_server_cert_cb_expect_failures, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* This unknown failures is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, |
| meaning the chain has only the server cert. A good candidate for its |
| own failure code. */ |
| expected_failures = SERF_SSL_CERT_UNKNOWNCA; |
| tb->user_baton = &expected_failures; |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| /* Set up the ssl context with the CA and root CA certificates needed for |
| successful valiation of the server certificate. */ |
| static apr_status_t |
| https_set_root_ca_conn_setup(apr_socket_t *skt, |
| serf_bucket_t **input_bkt, |
| serf_bucket_t **output_bkt, |
| void *setup_baton, |
| apr_pool_t *pool) |
| { |
| serf_ssl_certificate_t *rootcacert; |
| test_baton_t *tb = setup_baton; |
| apr_status_t status; |
| |
| status = default_https_conn_setup(skt, input_bkt, output_bkt, |
| setup_baton, pool); |
| if (status) |
| return status; |
| |
| status = serf_ssl_load_cert_file(&rootcacert, |
| get_srcdir_file(pool, |
| "test/server/serfrootcacert.pem"), |
| pool); |
| if (status) |
| return status; |
| status = serf_ssl_trust_cert(tb->ssl_context, rootcacert); |
| if (status) |
| return status; |
| |
| return status; |
| } |
| |
| /* Validate that server certificate validation is ok when we |
| explicitly trust our self-signed root ca. */ |
| static void test_ssl_trust_rootca(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| ssl_server_cert_cb_expect_allok, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| /* Validate that when the application rejects the cert, the context loop |
| bails out with an error. */ |
| static void test_ssl_application_rejects_cert(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* The certificate is valid, but we tell serf to reject it. */ |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| ssl_server_cert_cb_reject, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| status = test_helper_run_requests_no_check(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| /* We expect an error from the certificate validation function. */ |
| CuAssert(tc, "Application told serf the certificate should be rejected," |
| " expected error!", status != APR_SUCCESS); |
| } |
| |
| /* Test for ssl certificate chain callback. */ |
| static apr_status_t |
| cert_chain_cb(void *baton, |
| int failures, |
| int error_depth, |
| const serf_ssl_certificate_t * const * certs, |
| apr_size_t certs_len) |
| { |
| test_baton_t *tb = baton; |
| apr_status_t status; |
| |
| tb->result_flags |= TEST_RESULT_SERVERCERTCHAINCB_CALLED; |
| |
| if (failures) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| if (certs_len != 3) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| status = validate_rootcacert(certs[2], tb->pool); |
| if (status) |
| return status; |
| |
| status = validate_cacert(certs[1], tb->pool); |
| if (status) |
| return status; |
| |
| status = validate_servercert(certs[0], tb->pool); |
| if (status) |
| return status; |
| |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t |
| chain_rootca_callback_conn_setup(apr_socket_t *skt, |
| serf_bucket_t **input_bkt, |
| serf_bucket_t **output_bkt, |
| void *setup_baton, |
| apr_pool_t *pool) |
| { |
| test_baton_t *tb = setup_baton; |
| apr_status_t status; |
| |
| status = https_set_root_ca_conn_setup(skt, input_bkt, output_bkt, |
| setup_baton, pool); |
| if (status) |
| return status; |
| |
| serf_ssl_server_cert_chain_callback_set(tb->ssl_context, |
| ssl_server_cert_cb_expect_allok, |
| cert_chain_cb, |
| tb); |
| |
| return APR_SUCCESS; |
| } |
| |
| /* Make the server return a partial certificate chain (server cert, CA cert), |
| the root CA cert is trusted explicitly in the client. Test the chain |
| callback. */ |
| static void test_ssl_certificate_chain_with_anchor(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| chain_rootca_callback_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| ssl_server_cert_cb_expect_allok, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCB_CALLED); |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCHAINCB_CALLED); |
| } |
| |
| static apr_status_t |
| cert_chain_all_certs_cb(void *baton, |
| int failures, |
| int error_depth, |
| const serf_ssl_certificate_t * const * certs, |
| apr_size_t certs_len) |
| { |
| /* Root CA cert is selfsigned, ignore this 'failure'. */ |
| failures &= ~SERF_SSL_CERT_SELF_SIGNED; |
| |
| return cert_chain_cb(baton, failures, error_depth, certs, certs_len); |
| } |
| |
| static apr_status_t |
| chain_callback_conn_setup(apr_socket_t *skt, |
| serf_bucket_t **input_bkt, |
| serf_bucket_t **output_bkt, |
| void *setup_baton, |
| apr_pool_t *pool) |
| { |
| test_baton_t *tb = setup_baton; |
| apr_status_t status; |
| |
| status = default_https_conn_setup(skt, input_bkt, output_bkt, |
| setup_baton, pool); |
| if (status) |
| return status; |
| |
| serf_ssl_server_cert_chain_callback_set(tb->ssl_context, |
| ssl_server_cert_cb_expect_allok, |
| cert_chain_all_certs_cb, |
| tb); |
| |
| return APR_SUCCESS; |
| } |
| |
| /* Make the server return the complete certificate chain (server cert, CA cert |
| and root CA cert). Test the chain callback. */ |
| static void test_ssl_certificate_chain_all_from_server(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| chain_callback_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(all_server_certs, test_pool), |
| NULL, /* no client cert */ |
| ssl_server_cert_cb_expect_allok, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCB_CALLED); |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCHAINCB_CALLED); |
| } |
| |
| /* Validate that the ssl handshake succeeds if no application callbacks |
| are set, and the ssl server certificate chains is ok. */ |
| static void test_ssl_no_servercert_callback_allok(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| apr_status_t status; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| } |
| |
| /* Validate that the ssl handshake fails if no application callbacks |
| are set, and the ssl server certificate chains is NOT ok. */ |
| static void test_ssl_no_servercert_callback_fail(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| apr_status_t status; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| NULL, /* default conn setup, no certs */ |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| status = test_helper_run_requests_no_check(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| /* We expect an error from the certificate validation function. */ |
| CuAssertIntEquals(tc, SERF_ERROR_SSL_CERT_FAILED, status); |
| } |
| |
| /* Similar to test_connection_large_response, validate reading a large |
| chunked response over SSL. */ |
| static void test_ssl_large_response(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| test_server_action_t action_list[1]; |
| apr_status_t status; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| const char *response; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* create large chunked response message */ |
| response = create_large_response_message(test_pool); |
| action_list[0].kind = SERVER_RESPOND; |
| action_list[0].text = response; |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| } |
| |
| /* Similar to test_connection_large_request, validate sending a large |
| chunked request over SSL. */ |
| static void test_ssl_large_request(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| test_server_message_t message_list[1]; |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| const char *request; |
| apr_status_t status; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* create large chunked request message */ |
| request = create_large_request_message(test_pool); |
| message_list[0].text = request; |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| handler_ctx[0].request = request; |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| } |
| |
| static apr_status_t client_cert_cb(void *data, const char **cert_path) |
| { |
| test_baton_t *tb = data; |
| |
| tb->result_flags |= TEST_RESULT_CLIENT_CERTCB_CALLED; |
| |
| *cert_path = get_srcdir_file(tb->pool, "test/server/serfclientcert.p12"); |
| |
| return APR_SUCCESS; |
| } |
| |
| static apr_status_t client_cert_pw_cb(void *data, |
| const char *cert_path, |
| const char **password) |
| { |
| test_baton_t *tb = data; |
| |
| tb->result_flags |= TEST_RESULT_CLIENT_CERTPWCB_CALLED; |
| if (strcmp(cert_path, |
| get_srcdir_file(tb->pool, "test/server/serfclientcert.p12")) == 0) |
| { |
| *password = "serftest"; |
| return APR_SUCCESS; |
| } |
| |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| } |
| |
| static apr_status_t |
| client_cert_conn_setup(apr_socket_t *skt, |
| serf_bucket_t **input_bkt, |
| serf_bucket_t **output_bkt, |
| void *setup_baton, |
| apr_pool_t *pool) |
| { |
| test_baton_t *tb = setup_baton; |
| apr_status_t status; |
| |
| status = https_set_root_ca_conn_setup(skt, input_bkt, output_bkt, |
| setup_baton, pool); |
| if (status) |
| return status; |
| |
| serf_ssl_client_cert_provider_set(tb->ssl_context, |
| client_cert_cb, |
| tb, |
| pool); |
| |
| serf_ssl_client_cert_password_set(tb->ssl_context, |
| client_cert_pw_cb, |
| tb, |
| pool); |
| |
| return APR_SUCCESS; |
| } |
| |
| static void test_ssl_client_certificate(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| apr_status_t status; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* The SSL server the complete certificate chain to validate the client |
| certificate. */ |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| client_cert_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(all_server_certs, test_pool), |
| "Serf Client", |
| NULL, /* No server cert callback */ |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_CLIENT_CERTCB_CALLED); |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_CLIENT_CERTPWCB_CALLED); |
| } |
| |
| /* Validate that the expired certificate is reported as failure in the |
| callback. */ |
| static void test_ssl_expired_server_cert(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| int expected_failures; |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| static const char *expired_server_certs[] = { |
| "test/server/serfserver_expired_cert.pem", |
| "test/server/serfcacert.pem", |
| "test/server/serfrootcacert.pem", |
| NULL }; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| NULL, /* default conn setup */ |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(expired_server_certs, test_pool), |
| NULL, /* no client cert */ |
| ssl_server_cert_cb_expect_failures, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| expected_failures = SERF_SSL_CERT_SELF_SIGNED | |
| SERF_SSL_CERT_EXPIRED; |
| tb->user_baton = &expected_failures; |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| /* Validate that the expired certificate is reported as failure in the |
| callback. */ |
| static void test_ssl_future_server_cert(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| int expected_failures; |
| apr_status_t status; |
| test_server_message_t message_list[] = { |
| {CHUNKED_REQUEST(1, "1")}, |
| }; |
| |
| test_server_action_t action_list[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| static const char *future_server_certs[] = { |
| "test/server/serfserver_future_cert.pem", |
| "test/server/serfcacert.pem", |
| "test/server/serfrootcacert.pem", |
| NULL }; |
| |
| /* Set up a test context with a server */ |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| status = test_https_server_setup(&tb, |
| message_list, num_requests, |
| action_list, num_requests, 0, |
| NULL, /* default conn setup */ |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(future_server_certs, test_pool), |
| NULL, /* no client cert */ |
| ssl_server_cert_cb_expect_failures, |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| expected_failures = SERF_SSL_CERT_SELF_SIGNED | |
| SERF_SSL_CERT_NOTYETVALID; |
| tb->user_baton = &expected_failures; |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx, |
| test_pool); |
| } |
| |
| |
| /* Test if serf is sets up an SSL tunnel to the proxy and doesn't contact the |
| https server directly. */ |
| static void test_setup_ssltunnel(CuTest *tc) |
| { |
| test_baton_t *tb; |
| int i; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| |
| /* TODO: issue 83: should be relative uri instead of absolute. */ |
| test_server_message_t message_list_server[] = { |
| {"GET / HTTP/1.1" CRLF\ |
| "Host: localhost:" SERV_PORT_STR CRLF\ |
| "Transfer-Encoding: chunked" CRLF\ |
| CRLF\ |
| "1" CRLF\ |
| "1" CRLF\ |
| "0" CRLF\ |
| CRLF} |
| }; |
| test_server_action_t action_list_server[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| test_server_message_t message_list_proxy[] = { |
| {"CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF\ |
| "Host: localhost:" SERV_PORT_STR CRLF\ |
| CRLF }, |
| { NULL } |
| }; |
| test_server_action_t action_list_proxy[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| /* Forward the remainder of the data to the server without validation */ |
| {PROXY_FORWARD, "https://localhost:" SERV_PORT_STR}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server and a proxy. Serf should send a |
| CONNECT request to the server. */ |
| status = test_https_server_proxy_setup(&tb, |
| /* server messages and actions */ |
| message_list_server, 1, |
| action_list_server, 1, |
| /* proxy messages and actions */ |
| message_list_proxy, 2, |
| action_list_proxy, 2, |
| 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| |
| /* Check that the requests were sent in the order we created them */ |
| for (i = 0; i < tb->sent_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->sent_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| |
| /* Check that the requests were received in the order we created them */ |
| for (i = 0; i < tb->handled_requests->nelts; i++) { |
| int req_nr = APR_ARRAY_IDX(tb->handled_requests, i, int); |
| CuAssertIntEquals(tc, i + 1, req_nr); |
| } |
| } |
| |
| /* Test error if no creds callback */ |
| static void test_ssltunnel_no_creds_cb(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| |
| test_server_message_t message_list_proxy[] = { |
| {"CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF\ |
| "Host: localhost:" SERV_PORT_STR CRLF\ |
| CRLF }, |
| }; |
| test_server_action_t action_list_proxy[] = { |
| {SERVER_RESPOND, "HTTP/1.1 407 Unauthorized" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "Proxy-Authenticate: Basic realm=""Test Suite Proxy""" CRLF |
| CRLF |
| "0" CRLF CRLF}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server and a proxy. Serf should send a |
| CONNECT request to the server. */ |
| status = test_https_server_proxy_setup(&tb, |
| /* server messages and actions */ |
| NULL, 0, |
| NULL, 0, |
| /* proxy messages and actions */ |
| message_list_proxy, 1, |
| action_list_proxy, 1, |
| 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| /* No credentials callback configured. */ |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| status = test_helper_run_requests_no_check(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| CuAssertIntEquals(tc, SERF_ERROR_SSLTUNNEL_SETUP_FAILED, status); |
| } |
| |
| static apr_status_t |
| ssltunnel_basic_authn_callback(char **username, |
| char **password, |
| serf_request_t *request, void *baton, |
| int code, const char *authn_type, |
| const char *realm, |
| apr_pool_t *pool) |
| { |
| handler_baton_t *handler_ctx = baton; |
| test_baton_t *tb = handler_ctx->tb; |
| |
| serf__log(TEST_VERBOSE, __FILE__, "ssltunnel_basic_authn_callback\n"); |
| |
| tb->result_flags |= TEST_RESULT_AUTHNCB_CALLED; |
| |
| if (strcmp("Basic", authn_type) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| if (code == 401) { |
| if (strcmp("<https://localhost:12345> Test Suite", realm) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| *username = "serf"; |
| *password = "serftest"; |
| } |
| else if (code == 407) { |
| if (strcmp("<http://localhost:23456> Test Suite Proxy", realm) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| *username = "serfproxy"; |
| *password = "serftest"; |
| } else |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| serf__log(TEST_VERBOSE, __FILE__, "ssltunnel_basic_authn_callback finished successfully.\n"); |
| |
| return APR_SUCCESS; |
| } |
| |
| /* Test if serf can successfully authenticate to a proxy used for an ssl |
| tunnel. Retry the authentication a few times to test requeueing of the |
| CONNECT request. */ |
| static void ssltunnel_basic_auth(CuTest *tc, const char *server_resp_hdrs, |
| const char *proxy_407_resp_hdrs, |
| const char *proxy_200_resp_hdrs) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| int num_requests_sent, num_requests_recvd; |
| test_server_message_t message_list_server[2]; |
| test_server_action_t action_list_proxy[7]; |
| test_server_action_t action_list_server[2]; |
| apr_pool_t *test_pool = tc->testBaton; |
| apr_status_t status; |
| |
| test_server_message_t message_list_proxy[] = { |
| {"CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF |
| "Host: localhost:" SERV_PORT_STR CRLF |
| CRLF }, |
| {"CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF |
| "Host: localhost:" SERV_PORT_STR CRLF |
| "Proxy-Authorization: Basic c2VyZnByb3h5OnNlcmZ0ZXN0" CRLF |
| CRLF }, |
| {"CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF |
| "Host: localhost:" SERV_PORT_STR CRLF |
| "Proxy-Authorization: Basic c2VyZnByb3h5OnNlcmZ0ZXN0" CRLF |
| CRLF }, |
| {"CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF |
| "Host: localhost:" SERV_PORT_STR CRLF |
| "Proxy-Authorization: Basic c2VyZnByb3h5OnNlcmZ0ZXN0" CRLF |
| CRLF }, |
| {"CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF |
| "Host: localhost:" SERV_PORT_STR CRLF |
| "Proxy-Authorization: Basic c2VyZnByb3h5OnNlcmZ0ZXN0" CRLF |
| CRLF }, |
| }; |
| |
| action_list_proxy[0].kind = SERVER_RESPOND; |
| action_list_proxy[0].text = apr_psprintf(test_pool, |
| "HTTP/1.1 407 Unauthorized" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "Proxy-Authenticate: Basic realm=""Test Suite Proxy""" CRLF |
| "%s" |
| CRLF |
| "0" CRLF CRLF, proxy_407_resp_hdrs); |
| action_list_proxy[1].kind = SERVER_RESPOND; |
| action_list_proxy[1].text = apr_psprintf(test_pool, |
| "HTTP/1.1 407 Unauthorized" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "Proxy-Authenticate: Basic realm=""Test Suite Proxy""" CRLF |
| "%s" |
| CRLF |
| "0" CRLF CRLF, proxy_407_resp_hdrs); |
| |
| action_list_proxy[2].kind = SERVER_RESPOND; |
| action_list_proxy[2].text = apr_psprintf(test_pool, |
| "HTTP/1.1 407 Unauthorized" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "Proxy-Authenticate: Basic realm=""Test Suite Proxy""" CRLF |
| "%s" |
| CRLF |
| "0" CRLF CRLF, proxy_407_resp_hdrs); |
| |
| action_list_proxy[3].kind = SERVER_RESPOND; |
| action_list_proxy[3].text = apr_psprintf(test_pool, |
| "HTTP/1.1 200 Connection Established" CRLF |
| "%s" |
| CRLF, proxy_200_resp_hdrs); |
| /* Forward the remainder of the data to the server without validation */ |
| action_list_proxy[4].kind = PROXY_FORWARD; |
| action_list_proxy[4].text = "https://localhost:" SERV_PORT_STR; |
| /* If the client or the server closes the connection, stop forwarding.*/ |
| action_list_proxy[5].kind = SERVER_RESPOND; |
| action_list_proxy[5].text = CHUNKED_EMPTY_RESPONSE; |
| /* Again after disconnect. */ |
| action_list_proxy[6].kind = PROXY_FORWARD; |
| action_list_proxy[6].text = "https://localhost:" SERV_PORT_STR; |
| |
| /* Make the server also require Basic authentication */ |
| message_list_server[0].text = |
| "GET / HTTP/1.1" CRLF |
| "Host: localhost:" SERV_PORT_STR CRLF |
| "Transfer-Encoding: chunked" CRLF |
| CRLF |
| "1" CRLF |
| "1" CRLF |
| "0" CRLF |
| CRLF; |
| message_list_server[1].text = |
| "GET / HTTP/1.1" CRLF |
| "Host: localhost:" SERV_PORT_STR CRLF |
| "Authorization: Basic c2VyZjpzZXJmdGVzdA==" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| CRLF |
| "1" CRLF |
| "1" CRLF |
| "0" CRLF |
| CRLF; |
| |
| action_list_server[0].kind = SERVER_RESPOND; |
| action_list_server[0].text = apr_psprintf(test_pool, |
| "HTTP/1.1 401 Unauthorized" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "WWW-Authenticate: Basic realm=""Test Suite""" CRLF |
| "%s" |
| CRLF |
| "0" CRLF CRLF, server_resp_hdrs); |
| action_list_server[1].kind = SERVER_RESPOND; |
| action_list_server[1].text = CHUNKED_EMPTY_RESPONSE; |
| |
| /* Set up a test context with a server and a proxy. Serf should send a |
| CONNECT request to the server. */ |
| status = test_https_server_proxy_setup(&tb, |
| /* server messages and actions */ |
| message_list_server, 2, |
| action_list_server, 2, |
| /* proxy messages and actions */ |
| message_list_proxy, 5, |
| action_list_proxy, 7, |
| 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| serf_config_authn_types(tb->context, SERF_AUTHN_BASIC); |
| serf_config_credentials_callback(tb->context, ssltunnel_basic_authn_callback); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/", 1); |
| |
| /* Test that a request is retried and authentication headers are set |
| correctly. */ |
| num_requests_sent = 1; |
| num_requests_recvd = 2; |
| |
| status = test_helper_run_requests_no_check(tc, tb, num_requests_sent, |
| handler_ctx, test_pool); |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| CuAssertIntEquals(tc, num_requests_recvd, tb->sent_requests->nelts); |
| CuAssertIntEquals(tc, num_requests_recvd, tb->accepted_requests->nelts); |
| CuAssertIntEquals(tc, num_requests_sent, tb->handled_requests->nelts); |
| |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_AUTHNCB_CALLED); |
| } |
| |
| static void test_ssltunnel_basic_auth(CuTest *tc) |
| { |
| /* KeepAlive On for both proxy and server */ |
| ssltunnel_basic_auth(tc, "", "", ""); |
| } |
| |
| static void test_ssltunnel_basic_auth_server_has_keepalive_off(CuTest *tc) |
| { |
| /* Add Connection:Close header to server response */ |
| ssltunnel_basic_auth(tc, "Connection: close" CRLF, "", ""); |
| } |
| |
| static void test_ssltunnel_basic_auth_proxy_has_keepalive_off(CuTest *tc) |
| { |
| /* Add Connection:Close header to proxy 407 response */ |
| ssltunnel_basic_auth(tc, "", "Connection: close" CRLF, ""); |
| } |
| |
| static void test_ssltunnel_basic_auth_proxy_close_conn_on_200resp(CuTest *tc) |
| { |
| /* Add Connection:Close header to proxy 200 Conn. Establ. response */ |
| ssltunnel_basic_auth(tc, "", "", "Connection: close" CRLF); |
| } |
| |
| static apr_status_t |
| proxy_digest_authn_callback(char **username, |
| char **password, |
| serf_request_t *request, void *baton, |
| int code, const char *authn_type, |
| const char *realm, |
| apr_pool_t *pool) |
| { |
| handler_baton_t *handler_ctx = baton; |
| test_baton_t *tb = handler_ctx->tb; |
| |
| tb->result_flags |= TEST_RESULT_AUTHNCB_CALLED; |
| |
| if (code != 407) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("Digest", authn_type) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| if (strcmp("<http://localhost:23456> Test Suite Proxy", realm) != 0) |
| return SERF_ERROR_ISSUE_IN_TESTSUITE; |
| |
| *username = "serf"; |
| *password = "serftest"; |
| |
| return APR_SUCCESS; |
| } |
| |
| /* Test if serf can successfully authenticate to a proxy used for an ssl |
| tunnel. */ |
| static void test_ssltunnel_digest_auth(CuTest *tc) |
| { |
| test_baton_t *tb; |
| handler_baton_t handler_ctx[1]; |
| const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]); |
| apr_status_t status; |
| |
| test_server_message_t message_list_server[] = { |
| {"GET /test/index.html HTTP/1.1" CRLF\ |
| "Host: localhost:" SERV_PORT_STR CRLF\ |
| "Transfer-Encoding: chunked" CRLF\ |
| CRLF\ |
| "1" CRLF\ |
| "1" CRLF\ |
| "0" CRLF\ |
| CRLF} |
| }; |
| test_server_action_t action_list_server[] = { |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| }; |
| |
| #define CONNECT_REQ\ |
| "CONNECT localhost:" SERV_PORT_STR " HTTP/1.1" CRLF\ |
| "Host: localhost:" SERV_PORT_STR CRLF |
| |
| test_server_message_t message_list_proxy[] = { |
| { CONNECT_REQ CRLF }, |
| { CONNECT_REQ |
| "Proxy-Authorization: Digest realm=\"Test Suite Proxy\", " |
| "username=\"serf\", " |
| "nonce=\"ABCDEF1234567890\", uri=\"localhost:" SERV_PORT_STR "\", " |
| "response=\"15b1841822273b0fd44d2f6457f64213\", opaque=\"myopaque\", " |
| "algorithm=\"MD5\"" CRLF |
| CRLF }, |
| }; |
| /* Add a Basic header before Digest header, to test that serf uses the most |
| secure authentication scheme first, instead of following the order of |
| the headers. */ |
| /* Use non standard case for Proxy-Authenticate header to test case |
| insensitivity for http headers. */ |
| test_server_action_t action_list_proxy[] = { |
| {SERVER_RESPOND, "HTTP/1.1 407 Unauthorized" CRLF |
| "Transfer-Encoding: chunked" CRLF |
| "Proxy-Authenticate: Basic c2VyZjpzZXJmdGVzdA==" CRLF |
| "Proxy-Authenticate: NonExistent blablablabla" CRLF |
| "proXy-Authenticate: Digest realm=\"Test Suite Proxy\"," |
| "nonce=\"ABCDEF1234567890\",opaque=\"myopaque\"," |
| "algorithm=\"MD5\",qop-options=\"auth\"" CRLF |
| CRLF |
| "0" CRLF CRLF}, |
| {SERVER_RESPOND, CHUNKED_EMPTY_RESPONSE}, |
| /* Forward the remainder of the data to the server without validation */ |
| {PROXY_FORWARD, "https://localhost:" SERV_PORT_STR}, |
| }; |
| |
| apr_pool_t *test_pool = tc->testBaton; |
| |
| /* Set up a test context with a server and a proxy. Serf should send a |
| CONNECT request to the server. */ |
| status = test_https_server_proxy_setup(&tb, |
| /* server messages and actions */ |
| message_list_server, 1, |
| action_list_server, 1, |
| /* proxy messages and actions */ |
| message_list_proxy, 2, |
| action_list_proxy, 3, |
| 0, |
| https_set_root_ca_conn_setup, |
| get_srcdir_file(test_pool, "test/server/serfserverkey.pem"), |
| server_certs_srcdir(server_certs, test_pool), |
| NULL, /* no client cert */ |
| NULL, /* No server cert callback */ |
| test_pool); |
| |
| CuAssertIntEquals(tc, APR_SUCCESS, status); |
| |
| serf_config_authn_types(tb->context, SERF_AUTHN_BASIC | SERF_AUTHN_DIGEST); |
| serf_config_credentials_callback(tb->context, proxy_digest_authn_callback); |
| |
| create_new_request(tb, &handler_ctx[0], "GET", "/test/index.html", 1); |
| test_helper_run_requests_expect_ok(tc, tb, num_requests, |
| handler_ctx, test_pool); |
| |
| CuAssertTrue(tc, tb->result_flags & TEST_RESULT_AUTHNCB_CALLED); |
| } |
| |
| /*****************************************************************************/ |
| CuSuite *test_context(void) |
| { |
| CuSuite *suite = CuSuiteNew(); |
| |
| CuSuiteSetSetupTeardownCallbacks(suite, test_setup, test_teardown); |
| |
| SUITE_ADD_TEST(suite, test_serf_connection_request_create); |
| SUITE_ADD_TEST(suite, test_serf_connection_priority_request_create); |
| SUITE_ADD_TEST(suite, test_closed_connection); |
| SUITE_ADD_TEST(suite, test_setup_proxy); |
| SUITE_ADD_TEST(suite, test_keepalive_limit_one_by_one); |
| SUITE_ADD_TEST(suite, test_keepalive_limit_one_by_one_and_burst); |
| SUITE_ADD_TEST(suite, test_progress_callback); |
| SUITE_ADD_TEST(suite, test_request_timeout); |
| SUITE_ADD_TEST(suite, test_connection_large_response); |
| SUITE_ADD_TEST(suite, test_connection_large_request); |
| SUITE_ADD_TEST(suite, test_connection_userinfo_in_url); |
| SUITE_ADD_TEST(suite, test_ssl_handshake); |
| SUITE_ADD_TEST(suite, test_ssl_trust_rootca); |
| SUITE_ADD_TEST(suite, test_ssl_application_rejects_cert); |
| SUITE_ADD_TEST(suite, test_ssl_certificate_chain_with_anchor); |
| SUITE_ADD_TEST(suite, test_ssl_certificate_chain_all_from_server); |
| SUITE_ADD_TEST(suite, test_ssl_no_servercert_callback_allok); |
| SUITE_ADD_TEST(suite, test_ssl_no_servercert_callback_fail); |
| SUITE_ADD_TEST(suite, test_ssl_large_response); |
| SUITE_ADD_TEST(suite, test_ssl_large_request); |
| SUITE_ADD_TEST(suite, test_ssl_client_certificate); |
| SUITE_ADD_TEST(suite, test_ssl_expired_server_cert); |
| SUITE_ADD_TEST(suite, test_ssl_future_server_cert); |
| SUITE_ADD_TEST(suite, test_setup_ssltunnel); |
| SUITE_ADD_TEST(suite, test_ssltunnel_no_creds_cb); |
| SUITE_ADD_TEST(suite, test_ssltunnel_basic_auth); |
| SUITE_ADD_TEST(suite, test_ssltunnel_basic_auth_server_has_keepalive_off); |
| SUITE_ADD_TEST(suite, test_ssltunnel_basic_auth_proxy_has_keepalive_off); |
| SUITE_ADD_TEST(suite, test_ssltunnel_basic_auth_proxy_close_conn_on_200resp); |
| SUITE_ADD_TEST(suite, test_ssltunnel_digest_auth); |
| |
| return suite; |
| } |