summaryrefslogtreecommitdiff
path: root/test/webrick/test_https.rb
blob: ec0aac354af03bdb62fb7f7d653fa8d852a93e51 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# frozen_string_literal: false
require "test/unit"
require "net/http"
require "webrick"
require "webrick/https"
require "webrick/utils"
require_relative "utils"

class TestWEBrickHTTPS < Test::Unit::TestCase
  empty_log = Object.new
  def empty_log.<<(str)
    assert_equal('', str)
    self
  end
  NoLog = WEBrick::Log.new(empty_log, WEBrick::BasicLog::WARN)

  class HTTPSNITest < ::Net::HTTP
    attr_accessor :sni_hostname

    def ssl_socket_connect(s, timeout)
      s.hostname = sni_hostname
      super
    end
  end

  def teardown
    WEBrick::Utils::TimeoutHandler.terminate
    super
  end

  def https_get(addr, port, hostname, path, verifyname = nil)
    subject = nil
    http = HTTPSNITest.new(addr, port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    http.verify_callback = proc { |x, store| subject = store.chain[0].subject.to_s; x }
    http.sni_hostname = hostname
    req = Net::HTTP::Get.new(path)
    req["Host"] = "#{hostname}:#{port}"
    response = http.start { http.request(req).body }
    assert_equal("/CN=#{verifyname || hostname}", subject)
    response
  end

  def test_sni
    config = {
      :ServerName => "localhost",
      :SSLEnable => true,
      :SSLCertName => "/CN=localhost",
    }
    TestWEBrick.start_httpserver(config){|server, addr, port, log|
      server.mount_proc("/") {|req, res| res.body = "master" }

      # catch stderr in create_self_signed_cert
      stderr_buffer = StringIO.new
      old_stderr, $stderr = $stderr, stderr_buffer

      begin
        vhost_config1 = {
          :ServerName => "vhost1",
          :Port => port,
          :DoNotListen => true,
          :Logger => NoLog,
          :AccessLog => [],
          :SSLEnable => true,
          :SSLCertName => "/CN=vhost1",
        }
        vhost1 = WEBrick::HTTPServer.new(vhost_config1)
        vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
        server.virtual_host(vhost1)

        vhost_config2 = {
          :ServerName => "vhost2",
          :ServerAlias => ["vhost2alias"],
          :Port => port,
          :DoNotListen => true,
          :Logger => NoLog,
          :AccessLog => [],
          :SSLEnable => true,
          :SSLCertName => "/CN=vhost2",
        }
        vhost2 = WEBrick::HTTPServer.new(vhost_config2)
        vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
        server.virtual_host(vhost2)
      ensure
        # restore stderr
        $stderr = old_stderr
      end

      assert_match(/\A([.+*]+\n)+\z/, stderr_buffer.string)
      assert_equal("master", https_get(addr, port, "localhost", "/localhost"))
      assert_equal("master", https_get(addr, port, "unknown", "/unknown", "localhost"))
      assert_equal("vhost1", https_get(addr, port, "vhost1", "/vhost1"))
      assert_equal("vhost2", https_get(addr, port, "vhost2", "/vhost2"))
      assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias", "vhost2"))
    }
  end

  def test_check_ssl_virtual
    config = {
      :ServerName => "localhost",
      :SSLEnable => true,
      :SSLCertName => "/CN=localhost",
    }
    TestWEBrick.start_httpserver(config){|server, addr, port, log|
      assert_raise ArgumentError do
        vhost = WEBrick::HTTPServer.new({:DoNotListen => true, :Logger => NoLog})
        server.virtual_host(vhost)
      end
    }
  end
end