mirror of
https://gitee.com/iresty/apisix.git
synced 2024-12-05 05:27:35 +08:00
362 lines
8.6 KiB
Perl
362 lines
8.6 KiB
Perl
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
use t::APISIX 'no_plan';
|
|
|
|
log_level('debug');
|
|
no_root_location();
|
|
|
|
$ENV{TEST_NGINX_HTML_DIR} ||= html_dir();
|
|
|
|
run_tests;
|
|
|
|
__DATA__
|
|
|
|
=== TEST 1: set ssl(sni: www.test.com)
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local core = require("apisix.core")
|
|
local t = require("lib.test_admin")
|
|
|
|
local ssl_cert = t.read_file("t/certs/apisix.crt")
|
|
local ssl_key = t.read_file("t/certs/apisix.key")
|
|
local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com"}
|
|
|
|
local code, body = t.test('/apisix/admin/ssl/1',
|
|
ngx.HTTP_PUT,
|
|
core.json.encode(data),
|
|
[[{
|
|
"node": {
|
|
"value": {
|
|
"sni": "www.test.com"
|
|
},
|
|
"key": "/apisix/ssl/1"
|
|
},
|
|
"action": "set"
|
|
}]]
|
|
)
|
|
|
|
ngx.status = code
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- response_body
|
|
passed
|
|
--- no_error_log
|
|
[error]
|
|
|
|
|
|
|
|
=== TEST 2: set route(id: 1)
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local t = require("lib.test_admin").test
|
|
local code, body = t('/apisix/admin/routes/1',
|
|
ngx.HTTP_PUT,
|
|
[[{
|
|
"upstream": {
|
|
"nodes": {
|
|
"127.0.0.1:1980": 1
|
|
},
|
|
"type": "roundrobin"
|
|
},
|
|
"uri": "/hello"
|
|
}]]
|
|
)
|
|
|
|
if code >= 300 then
|
|
ngx.status = code
|
|
end
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- response_body
|
|
passed
|
|
--- no_error_log
|
|
[error]
|
|
|
|
|
|
|
|
=== TEST 3: client request
|
|
--- config
|
|
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
|
|
|
|
location /t {
|
|
content_by_lua_block {
|
|
-- etcd sync
|
|
ngx.sleep(0.2)
|
|
|
|
do
|
|
local sock = ngx.socket.tcp()
|
|
|
|
sock:settimeout(2000)
|
|
|
|
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
|
|
if not ok then
|
|
ngx.say("failed to connect: ", err)
|
|
return
|
|
end
|
|
|
|
ngx.say("connected: ", ok)
|
|
|
|
local sess, err = sock:sslhandshake(nil, "www.test.com", true)
|
|
if not sess then
|
|
ngx.say("failed to do SSL handshake: ", err)
|
|
return
|
|
end
|
|
|
|
ngx.say("ssl handshake: ", type(sess))
|
|
|
|
local req = "GET /hello HTTP/1.0\r\nHost: www.test.com\r\nConnection: close\r\n\r\n"
|
|
local bytes, err = sock:send(req)
|
|
if not bytes then
|
|
ngx.say("failed to send http request: ", err)
|
|
return
|
|
end
|
|
|
|
ngx.say("sent http request: ", bytes, " bytes.")
|
|
|
|
while true do
|
|
local line, err = sock:receive()
|
|
if not line then
|
|
-- ngx.say("failed to receive response status line: ", err)
|
|
break
|
|
end
|
|
|
|
ngx.say("received: ", line)
|
|
end
|
|
|
|
local ok, err = sock:close()
|
|
ngx.say("close: ", ok, " ", err)
|
|
end -- do
|
|
-- collectgarbage()
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- response_body eval
|
|
qr{connected: 1
|
|
ssl handshake: userdata
|
|
sent http request: 62 bytes.
|
|
received: HTTP/1.1 200 OK
|
|
received: Content-Type: text/plain
|
|
received: Content-Length: 12
|
|
received: Connection: close
|
|
received: Server: APISIX/\d\.\d+(\.\d+)?
|
|
received: \nreceived: hello world
|
|
close: 1 nil}
|
|
--- error_log
|
|
lua ssl server name: "www.test.com"
|
|
--- no_error_log
|
|
[error]
|
|
[alert]
|
|
|
|
|
|
|
|
=== TEST 4: set second ssl(sni: *.test2.com)
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local core = require("apisix.core")
|
|
local t = require("lib.test_admin")
|
|
|
|
local ssl_cert = t.read_file("t/certs/test2.crt")
|
|
local ssl_key = t.read_file("t/certs/test2.key")
|
|
local data = {cert = ssl_cert, key = ssl_key, sni = "*.test2.com"}
|
|
|
|
local code, body = t.test('/apisix/admin/ssl/2',
|
|
ngx.HTTP_PUT,
|
|
core.json.encode(data),
|
|
[[{
|
|
"node": {
|
|
"value": {
|
|
"sni": "*.test2.com"
|
|
},
|
|
"key": "/apisix/ssl/2"
|
|
},
|
|
"action": "set"
|
|
}]]
|
|
)
|
|
|
|
ngx.status = code
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- response_body
|
|
passed
|
|
--- no_error_log
|
|
[error]
|
|
|
|
|
|
|
|
=== TEST 5: client request: www.test2.com
|
|
--- config
|
|
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
|
|
|
|
location /t {
|
|
content_by_lua_block {
|
|
-- etcd sync
|
|
ngx.sleep(0.2)
|
|
|
|
do
|
|
local sock = ngx.socket.tcp()
|
|
|
|
sock:settimeout(2000)
|
|
|
|
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
|
|
if not ok then
|
|
ngx.say("failed to connect: ", err)
|
|
return
|
|
end
|
|
|
|
ngx.say("connected: ", ok)
|
|
|
|
local sess, err = sock:sslhandshake(nil, "www.test2.com", true)
|
|
if not sess then
|
|
ngx.say("failed to do SSL handshake: ", err)
|
|
return
|
|
end
|
|
|
|
ngx.say("ssl handshake: ", type(sess))
|
|
end -- do
|
|
-- collectgarbage()
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- response_body
|
|
connected: 1
|
|
failed to do SSL handshake: 18: self signed certificate
|
|
--- error_log
|
|
lua ssl server name: "www.test2.com"
|
|
we have more than 1 ssl certs now
|
|
--- no_error_log
|
|
[error]
|
|
[alert]
|
|
|
|
|
|
|
|
=== TEST 6: set third ssl(sni: apisix.dev)
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local core = require("apisix.core")
|
|
local t = require("lib.test_admin")
|
|
|
|
local ssl_cert = t.read_file("t/certs/apisix_admin_ssl.crt")
|
|
local ssl_key = t.read_file("t/certs/apisix_admin_ssl.key")
|
|
local data = {cert = ssl_cert, key = ssl_key, sni = "apisix.dev"}
|
|
|
|
local code, body = t.test('/apisix/admin/ssl/3',
|
|
ngx.HTTP_PUT,
|
|
core.json.encode(data),
|
|
[[{
|
|
"node": {
|
|
"value": {
|
|
"sni": "apisix.dev"
|
|
},
|
|
"key": "/apisix/ssl/3"
|
|
},
|
|
"action": "set"
|
|
}]]
|
|
)
|
|
|
|
ngx.status = code
|
|
ngx.say(body)
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- response_body
|
|
passed
|
|
--- no_error_log
|
|
[error]
|
|
|
|
|
|
|
|
=== TEST 7: client request: apisix.dev
|
|
--- config
|
|
listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
|
|
|
|
location /t {
|
|
content_by_lua_block {
|
|
-- etcd sync
|
|
ngx.sleep(0.2)
|
|
|
|
do
|
|
local sock = ngx.socket.tcp()
|
|
|
|
sock:settimeout(2000)
|
|
|
|
local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
|
|
if not ok then
|
|
ngx.say("failed to connect: ", err)
|
|
return
|
|
end
|
|
|
|
ngx.say("connected: ", ok)
|
|
|
|
local sess, err = sock:sslhandshake(nil, "apisix.dev", true)
|
|
if not sess then
|
|
ngx.say("failed to do SSL handshake: ", err)
|
|
return
|
|
end
|
|
|
|
ngx.say("ssl handshake: ", type(sess))
|
|
end -- do
|
|
-- collectgarbage()
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- response_body
|
|
connected: 1
|
|
failed to do SSL handshake: 18: self signed certificate
|
|
--- error_log
|
|
lua ssl server name: "apisix.dev"
|
|
we have more than 1 ssl certs now
|
|
--- no_error_log
|
|
[error]
|
|
[alert]
|
|
|
|
|
|
|
|
=== TEST 8: remove test ssl certs
|
|
--- config
|
|
location /t {
|
|
content_by_lua_block {
|
|
local core = require("apisix.core")
|
|
local t = require("lib.test_admin")
|
|
|
|
t.test('/apisix/admin/ssl/1', ngx.HTTP_DELETE)
|
|
t.test('/apisix/admin/ssl/2', ngx.HTTP_DELETE)
|
|
t.test('/apisix/admin/ssl/3', ngx.HTTP_DELETE)
|
|
|
|
}
|
|
}
|
|
--- request
|
|
GET /t
|
|
--- no_error_log
|
|
[error]
|