2013-02-06 15:27:05 +01:00
|
|
|
/*
|
2014-03-30 12:09:21 +02:00
|
|
|
* nghttp2 - HTTP/2 C Library
|
2013-02-06 15:27:05 +01:00
|
|
|
*
|
|
|
|
* Copyright (c) 2013 Tatsuhiro Tsujikawa
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
* a copy of this software and associated documentation files (the
|
|
|
|
* "Software"), to deal in the Software without restriction, including
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
* the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
* included in all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
|
|
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
|
|
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
#include "shrpx_ssl_test.h"
|
|
|
|
|
|
|
|
#include <CUnit/CUnit.h>
|
|
|
|
|
|
|
|
#include "shrpx_ssl.h"
|
2014-08-27 17:45:12 +02:00
|
|
|
#include "util.h"
|
2015-02-02 14:47:12 +01:00
|
|
|
#include "template.h"
|
2014-08-27 17:45:12 +02:00
|
|
|
|
|
|
|
using namespace nghttp2;
|
2013-02-06 15:27:05 +01:00
|
|
|
|
|
|
|
namespace shrpx {
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
void test_shrpx_ssl_create_lookup_tree(void) {
|
2015-02-02 14:47:12 +01:00
|
|
|
auto tree = make_unique<ssl::CertLookupTree>();
|
2014-11-27 15:39:04 +01:00
|
|
|
SSL_CTX *ctxs[] = {
|
|
|
|
SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
|
|
|
|
SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
|
|
|
|
SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
|
|
|
|
SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
|
|
|
|
SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method())};
|
2013-02-13 16:28:55 +01:00
|
|
|
|
2016-03-24 15:16:20 +01:00
|
|
|
constexpr StringRef hostnames[] = {
|
|
|
|
StringRef::from_lit("example.com"),
|
|
|
|
StringRef::from_lit("www.example.org"),
|
|
|
|
StringRef::from_lit("*www.example.org"),
|
|
|
|
StringRef::from_lit("x*.host.domain"),
|
|
|
|
StringRef::from_lit("*yy.host.domain"),
|
|
|
|
StringRef::from_lit("nghttp2.sourceforge.net"),
|
|
|
|
StringRef::from_lit("sourceforge.net"),
|
|
|
|
StringRef::from_lit("sourceforge.net"), // duplicate
|
|
|
|
StringRef::from_lit("*.foo.bar"), // oo.bar is suffix of *.foo.bar
|
|
|
|
StringRef::from_lit("oo.bar")};
|
|
|
|
auto num = array_size(ctxs);
|
|
|
|
for (size_t i = 0; i < num; ++i) {
|
2016-03-24 15:32:57 +01:00
|
|
|
tree->add_cert(ctxs[i], hostnames[i]);
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
|
2016-03-24 15:16:20 +01:00
|
|
|
CU_ASSERT(ctxs[0] == tree->lookup(hostnames[0]));
|
|
|
|
CU_ASSERT(ctxs[1] == tree->lookup(hostnames[1]));
|
|
|
|
CU_ASSERT(ctxs[2] == tree->lookup(StringRef::from_lit("2www.example.org")));
|
|
|
|
CU_ASSERT(nullptr == tree->lookup(StringRef::from_lit("www2.example.org")));
|
|
|
|
CU_ASSERT(ctxs[3] == tree->lookup(StringRef::from_lit("x1.host.domain")));
|
2013-02-06 15:27:05 +01:00
|
|
|
// Does not match *yy.host.domain, because * must match at least 1
|
|
|
|
// character.
|
2016-03-24 15:16:20 +01:00
|
|
|
CU_ASSERT(nullptr == tree->lookup(StringRef::from_lit("yy.Host.domain")));
|
|
|
|
CU_ASSERT(ctxs[4] == tree->lookup(StringRef::from_lit("zyy.host.domain")));
|
|
|
|
CU_ASSERT(nullptr == tree->lookup(StringRef{}));
|
|
|
|
CU_ASSERT(ctxs[5] == tree->lookup(hostnames[5]));
|
|
|
|
CU_ASSERT(ctxs[6] == tree->lookup(hostnames[6]));
|
|
|
|
constexpr char h6[] = "pdylay.sourceforge.net";
|
2014-11-27 15:39:04 +01:00
|
|
|
for (int i = 0; i < 7; ++i) {
|
2016-03-24 15:16:20 +01:00
|
|
|
CU_ASSERT(0 == tree->lookup(StringRef{h6 + i, str_size(h6) - i}));
|
2013-02-13 16:28:55 +01:00
|
|
|
}
|
2016-03-24 15:16:20 +01:00
|
|
|
CU_ASSERT(ctxs[8] == tree->lookup(StringRef::from_lit("x.foo.bar")));
|
|
|
|
CU_ASSERT(ctxs[9] == tree->lookup(hostnames[9]));
|
2015-02-02 14:47:12 +01:00
|
|
|
|
2016-03-24 18:28:10 +01:00
|
|
|
for (size_t i = 0; i < num; ++i) {
|
2013-02-06 15:27:05 +01:00
|
|
|
SSL_CTX_free(ctxs[i]);
|
|
|
|
}
|
2013-02-15 18:33:16 +01:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
SSL_CTX *ctxs2[] = {
|
|
|
|
SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method()),
|
|
|
|
SSL_CTX_new(SSLv23_method()), SSL_CTX_new(SSLv23_method())};
|
2016-03-24 15:16:20 +01:00
|
|
|
constexpr StringRef names[] = {
|
|
|
|
StringRef::from_lit("rab"), StringRef::from_lit("zab"),
|
|
|
|
StringRef::from_lit("zzub"), StringRef::from_lit("ab")};
|
2015-02-06 14:44:09 +01:00
|
|
|
num = array_size(ctxs2);
|
2015-02-02 14:47:12 +01:00
|
|
|
|
|
|
|
tree = make_unique<ssl::CertLookupTree>();
|
2016-03-24 15:16:20 +01:00
|
|
|
for (size_t i = 0; i < num; ++i) {
|
2016-03-24 15:32:57 +01:00
|
|
|
tree->add_cert(ctxs2[i], names[i]);
|
2013-02-15 18:33:16 +01:00
|
|
|
}
|
2016-03-24 15:16:20 +01:00
|
|
|
for (size_t i = 0; i < num; ++i) {
|
|
|
|
CU_ASSERT(ctxs2[i] == tree->lookup(names[i]));
|
2013-02-15 18:33:16 +01:00
|
|
|
}
|
2015-02-02 14:47:12 +01:00
|
|
|
|
2016-03-24 15:16:20 +01:00
|
|
|
for (size_t i = 0; i < num; ++i) {
|
2013-02-15 18:33:16 +01:00
|
|
|
SSL_CTX_free(ctxs2[i]);
|
|
|
|
}
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
void test_shrpx_ssl_cert_lookup_tree_add_cert_from_file(void) {
|
2013-02-06 15:27:05 +01:00
|
|
|
int rv;
|
2015-02-02 14:47:12 +01:00
|
|
|
ssl::CertLookupTree tree;
|
|
|
|
auto ssl_ctx = SSL_CTX_new(SSLv23_method());
|
2014-11-27 15:39:04 +01:00
|
|
|
const char certfile[] = NGHTTP2_TESTS_DIR "/testdata/cacert.pem";
|
2015-02-02 14:47:12 +01:00
|
|
|
rv = ssl::cert_lookup_tree_add_cert_from_file(&tree, ssl_ctx, certfile);
|
2013-02-06 15:27:05 +01:00
|
|
|
CU_ASSERT(0 == rv);
|
2016-03-24 15:16:20 +01:00
|
|
|
CU_ASSERT(ssl_ctx == tree.lookup(StringRef::from_lit("localhost")));
|
2015-02-02 14:47:12 +01:00
|
|
|
|
2013-02-06 15:27:05 +01:00
|
|
|
SSL_CTX_free(ssl_ctx);
|
|
|
|
}
|
|
|
|
|
2016-01-16 15:54:21 +01:00
|
|
|
template <size_t N, size_t M>
|
|
|
|
bool tls_hostname_match_wrapper(const char(&pattern)[N],
|
|
|
|
const char(&hostname)[M]) {
|
2016-03-24 15:16:20 +01:00
|
|
|
return ssl::tls_hostname_match(StringRef{pattern, N}, StringRef{hostname, M});
|
2016-01-16 15:54:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void test_shrpx_ssl_tls_hostname_match(void) {
|
|
|
|
CU_ASSERT(tls_hostname_match_wrapper("example.com", "example.com"));
|
|
|
|
CU_ASSERT(tls_hostname_match_wrapper("example.com", "EXAMPLE.com"));
|
|
|
|
|
|
|
|
// check wildcard
|
|
|
|
CU_ASSERT(tls_hostname_match_wrapper("*.example.com", "www.example.com"));
|
|
|
|
CU_ASSERT(tls_hostname_match_wrapper("*w.example.com", "www.example.com"));
|
|
|
|
CU_ASSERT(tls_hostname_match_wrapper("www*.example.com", "www1.example.com"));
|
|
|
|
CU_ASSERT(
|
|
|
|
tls_hostname_match_wrapper("www*.example.com", "WWW12.EXAMPLE.com"));
|
|
|
|
// at least 2 dots are required after '*'
|
|
|
|
CU_ASSERT(!tls_hostname_match_wrapper("*.com", "example.com"));
|
|
|
|
CU_ASSERT(!tls_hostname_match_wrapper("*", "example.com"));
|
|
|
|
// '*' must be in left most label
|
|
|
|
CU_ASSERT(
|
|
|
|
!tls_hostname_match_wrapper("blog.*.example.com", "blog.my.example.com"));
|
|
|
|
// prefix is wrong
|
|
|
|
CU_ASSERT(
|
|
|
|
!tls_hostname_match_wrapper("client*.example.com", "server.example.com"));
|
|
|
|
// '*' must match at least one character
|
|
|
|
CU_ASSERT(!tls_hostname_match_wrapper("www*.example.com", "www.example.com"));
|
|
|
|
|
|
|
|
CU_ASSERT(!tls_hostname_match_wrapper("example.com", "nghttp2.org"));
|
|
|
|
CU_ASSERT(!tls_hostname_match_wrapper("www.example.com", "example.com"));
|
|
|
|
CU_ASSERT(!tls_hostname_match_wrapper("example.com", "www.example.com"));
|
|
|
|
}
|
|
|
|
|
2013-02-06 15:27:05 +01:00
|
|
|
} // namespace shrpx
|