From ea1eb3e252f116633e97bc2db6940a94156d40bd Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Tue, 12 Feb 2019 16:07:15 +0000
Subject: ci: add ssl proxy tests

In theory, we support proxies over HTTPS.  Test that we can support this
_in fact_.
---
 ci/proxy_keystore.jks | Bin 0 -> 4245 bytes
 ci/test.ps1           |  26 +++++++++++++++++++++++---
 ci/test.sh            |  26 ++++++++++++++++++++------
 3 files changed, 43 insertions(+), 9 deletions(-)
 create mode 100644 ci/proxy_keystore.jks

diff --git a/ci/proxy_keystore.jks b/ci/proxy_keystore.jks
new file mode 100644
index 000000000..83ff59679
Binary files /dev/null and b/ci/proxy_keystore.jks differ
diff --git a/ci/test.ps1 b/ci/test.ps1
index 68b53e269..449789b51 100644
--- a/ci/test.ps1
+++ b/ci/test.ps1
@@ -37,16 +37,16 @@ Write-Host "####################################################################
 Write-Host "## Configuring test environment"
 Write-Host "##############################################################################"
 
-if (-not $Env:SKIP_PROXY_TESTS) {
+if (-not $Env:SKIP_PROXY_TESTS -and -not $Env:SKIP_PROXY_SSL_TESTS) {
 	Invoke-WebRequest -Method GET -Uri https://github.com/ethomson/poxyproxy/releases/download/v0.7.0/poxyproxy-0.7.0.jar -OutFile poxyproxy.jar
 
 	Write-Host ""
 	Write-Host "Starting HTTP proxy (Basic)..."
-	javaw -jar poxyproxy.jar --port 8080 --credentials foo:bar --auth-type basic --quiet
+	javaw -jar poxyproxy.jar --port 8080 --ssl-port 8081 --ssl-keystore "$SourceDir/ci/proxy_keystore.jks" --ssl-keystore-password password --credentials foo:bar --auth-type basic --quiet
 
 	Write-Host ""
 	Write-Host "Starting HTTP proxy (NTLM)..."
-	javaw -jar poxyproxy.jar --port 8090 --credentials foo:bar --auth-type ntlm --quiet
+	javaw -jar poxyproxy.jar --port 8090 --ssl-port 8091 --ssl-keystore "$SourceDir/ci/proxy_keystore.jks" --ssl-keystore-password password --credentials foo:bar --auth-type ntlm --quiet
 }
 
 if (-not $Env:SKIP_OFFLINE_TESTS) {
@@ -106,7 +106,27 @@ if (-not $Env:SKIP_PROXY_TESTS) {
 	$Env:GITTEST_REMOTE_PROXY_HOST=$null
 	$Env:GITTEST_REMOTE_PROXY_USER=$null
 	$Env:GITTEST_REMOTE_PROXY_PASS=$null
+}
+
+if (-not $Env:SKIP_SSL_PROXY_TESTS) {
+	Write-Host ""
+	Write-Host "Running proxy (SSL) tests"
+	Write-Host ""
+
+    $Env:GITTEST_REMOTE_PROXY_SCHEME="https"
+	$Env:GITTEST_REMOTE_PROXY_HOST="localhost:8081"
+	$Env:GITTEST_REMOTE_PROXY_USER="foo"
+	$Env:GITTEST_REMOTE_PROXY_PASS="bar"
+    $Env:GITTEST_REMOTE_PROXY_SELFSIGNED=1
+    run_test proxy
+    $Env:GITTEST_REMOTE_PROXY_SCHEME=$null
+    $Env:GITTEST_REMOTE_PROXY_HOST=$null
+    $Env:GITTEST_REMOTE_PROXY_USER=$null
+    $Env:GITTEST_REMOTE_PROXY_PASS=$null
+    $Env:GITTEST_REMOTE_PROXY_SELFSIGNED=$null
+}
 
+if (-not $Env:SKIP_PROXY_TESTS -and -not $Env:SKIP_SSL_PROXY_TESTS) {
 	taskkill /F /IM javaw.exe
 }
 
diff --git a/ci/test.sh b/ci/test.sh
index e3caa8086..6c1d84ffb 100755
--- a/ci/test.sh
+++ b/ci/test.sh
@@ -77,16 +77,16 @@ if [ -z "$SKIP_GITDAEMON_TESTS" ]; then
 	git daemon --listen=localhost --export-all --enable=receive-pack --pid-file="${GITDAEMON_DIR}/pid" --base-path="${GITDAEMON_DIR}" "${GITDAEMON_DIR}" 2>/dev/null &
 fi
 
-if [ -z "$SKIP_PROXY_TESTS" ]; then
+if [ -z "$SKIP_PROXY_TESTS" -a -z "$SKIP_PROXY_SSL_TESTS" ]; then
 	curl -L https://github.com/ethomson/poxyproxy/releases/download/v0.7.0/poxyproxy-0.7.0.jar >poxyproxy.jar
 
 	echo ""
 	echo "Starting HTTP proxy (Basic)..."
-	java -jar poxyproxy.jar --address 127.0.0.1 --port 8080 --credentials foo:bar --auth-type basic --quiet &
+	java -jar poxyproxy.jar --address 127.0.0.1 --port 8080 --ssl-port 8081 --ssl-keystore "${SOURCE_DIR}/ci/proxy_keystore.jks" --ssl-keystore-password password --credentials foo:bar --auth-type basic --quiet &
 
 	echo ""
 	echo "Starting HTTP proxy (NTLM)..."
-	java -jar poxyproxy.jar --address 127.0.0.1 --port 8090 --credentials foo:bar --auth-type ntlm --quiet &
+	java -jar poxyproxy.jar --address 127.0.0.1 --port 8090 --ssl-port 8091 --ssl-keystore "${SOURCE_DIR}/ci/proxy_keystore.jks" --ssl-keystore-password password --credentials foo:bar --auth-type ntlm --quiet &
 fi
 
 if [ -z "$SKIP_SSH_TESTS" ]; then
@@ -188,9 +188,6 @@ if [ -z "$SKIP_PROXY_TESTS" ]; then
 	export GITTEST_REMOTE_PROXY_USER="foo"
 	export GITTEST_REMOTE_PROXY_PASS="bar"
 	run_test proxy
-	unset GITTEST_REMOTE_PROXY_HOST
-	unset GITTEST_REMOTE_PROXY_USER
-	unset GITTEST_REMOTE_PROXY_PASS
 
 	echo ""
 	echo "Running proxy tests (NTLM authentication)"
@@ -205,6 +202,23 @@ if [ -z "$SKIP_PROXY_TESTS" ]; then
 	unset GITTEST_REMOTE_PROXY_PASS
 fi
 
+if [ -z "$SKIP_PROXY_SSL_TESTS" ]; then
+	echo ""
+	echo "Running proxy (SSL) tests"
+	echo ""
+	export GITTEST_REMOTE_PROXY_SCHEME="https"
+	export GITTEST_REMOTE_PROXY_HOST="localhost:8081"
+	export GITTEST_REMOTE_PROXY_SELFSIGNED=1
+	export GITTEST_REMOTE_PROXY_USER="foo"
+	export GITTEST_REMOTE_PROXY_PASS="bar"
+	run_test proxy
+	unset GITTEST_REMOTE_PROXY_SCHEME
+	unset GITTEST_REMOTE_PROXY_HOST
+	unset GITTEST_REMOTE_PROXY_USER
+	unset GITTEST_REMOTE_PROXY_PASS
+	unset GITTEST_REMOTE_PROXY_SELFSIGNED
+fi
+
 if [ -z "$SKIP_SSH_TESTS" ]; then
 	echo ""
 	echo "Running ssh tests"
-- 
cgit v1.2.1