Skip to content

Commit fad1d5a

Browse files
bavshin-f5bavshin-f5
committed
Tests: ACME configuration parsing test.
1 parent 52151fc commit fad1d5a

File tree

2 files changed

+333
-0
lines changed

2 files changed

+333
-0
lines changed

t/acme_conf_certificate.t

Lines changed: 132 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,132 @@
1+
#!/usr/bin/perl
2+
3+
# (C) Aleksei Bavshin
4+
# (C) Nginx, Inc.
5+
6+
# Tests for ACME client: configuration parsing and validation.
7+
8+
###############################################################################
9+
10+
use warnings;
11+
use strict;
12+
13+
use Test::More;
14+
15+
use IO::Select;
16+
17+
BEGIN { use FindBin; chdir($FindBin::Bin); }
18+
19+
use lib 'lib';
20+
use Test::Nginx;
21+
22+
###############################################################################
23+
24+
select STDERR; $| = 1;
25+
select STDOUT; $| = 1;
26+
27+
my $t = Test::Nginx->new()->has(qw/http http_ssl/)->plan(4);
28+
29+
use constant TEMPLATE_CONF => <<'EOF';
30+
31+
%%TEST_GLOBALS%%
32+
33+
daemon off;
34+
35+
events {
36+
}
37+
38+
http {
39+
%%TEST_GLOBALS_HTTP%%
40+
41+
server {
42+
listen 127.0.0.1:8080;
43+
server_name example.test;
44+
}
45+
46+
server {
47+
listen 127.0.0.1:8443 ssl;
48+
49+
%%ACME_CERTIFICATE%%
50+
51+
ssl_certificate $acme_certificate;
52+
ssl_certificate_key $acme_certificate_key;
53+
}
54+
55+
acme_issuer example {
56+
uri https://localhost:%%PORT_9000%%/dir;
57+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
58+
ssl_verify off;
59+
}
60+
}
61+
62+
EOF
63+
64+
###############################################################################
65+
66+
is(check($t, <<'EOF' ), undef, 'valid');
67+
68+
acme_certificate example .example.test;
69+
70+
EOF
71+
72+
73+
is(check($t, <<'EOF' ), undef, 'valid - server_name');
74+
75+
server_name .example.test;
76+
acme_certificate example;
77+
78+
EOF
79+
80+
81+
like(check($t, <<'EOF' ), qr/\[emerg].*no identifiers/, 'no identifiers');
82+
83+
acme_certificate example;
84+
85+
EOF
86+
87+
88+
like(check($t, <<'EOF'), qr/\[emerg].*issuer "[^"]+" is missing/, 'no issuer');
89+
90+
acme_certificate no-such-issuer .example.test;
91+
92+
EOF
93+
94+
# stop and clear the log to avoid triggering sanitizer checks
95+
96+
$t->stop()->write_file('error.log', '');
97+
98+
###############################################################################
99+
100+
sub check {
101+
my ($t, $cert) = @_;
102+
103+
$t->write_file_expand('nginx.conf',
104+
TEMPLATE_CONF =~ s/%%ACME_CERTIFICATE%%/$cert/r);
105+
106+
return try_run($t);
107+
}
108+
109+
sub try_run {
110+
my $t = shift;
111+
112+
# clean up after a successfull try
113+
114+
$t->stop();
115+
unlink $t->testdir() . '/error.log';
116+
117+
eval {
118+
open OLDERR, ">&", \*STDERR; close STDERR;
119+
$t->run();
120+
open STDERR, ">&", \*OLDERR;
121+
};
122+
123+
return unless $@;
124+
125+
my $log = $t->read_file('error.log');
126+
127+
if ($ENV{TEST_NGINX_VERBOSE}) {
128+
map { Test::Nginx::log_core($_) } split(/^/m, $log);
129+
}
130+
131+
return $log;
132+
}

t/acme_conf_issuer.t

Lines changed: 201 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,201 @@
1+
#!/usr/bin/perl
2+
3+
# (C) Aleksei Bavshin
4+
# (C) Nginx, Inc.
5+
6+
# Tests for ACME client: configuration parsing and validation.
7+
8+
###############################################################################
9+
10+
use warnings;
11+
use strict;
12+
13+
use Test::More;
14+
15+
use IO::Select;
16+
17+
BEGIN { use FindBin; chdir($FindBin::Bin); }
18+
19+
use lib 'lib';
20+
use Test::Nginx;
21+
22+
###############################################################################
23+
24+
select STDERR; $| = 1;
25+
select STDOUT; $| = 1;
26+
27+
my $t = Test::Nginx->new()->has(qw/http http_ssl/)->plan(8);
28+
29+
use constant TEMPLATE_CONF => <<'EOF';
30+
31+
%%TEST_GLOBALS%%
32+
33+
daemon off;
34+
35+
events {
36+
}
37+
38+
http {
39+
%%TEST_GLOBALS_HTTP%%
40+
41+
server {
42+
listen 127.0.0.1:8080;
43+
server_name example.test;
44+
}
45+
46+
server {
47+
listen 127.0.0.1:8443 ssl;
48+
server_name example.test;
49+
50+
acme_certificate example example.test;
51+
52+
ssl_certificate $acme_certificate;
53+
ssl_certificate_key $acme_certificate_key;
54+
}
55+
56+
%%ACME_ISSUER%%
57+
}
58+
59+
EOF
60+
61+
###############################################################################
62+
63+
is(check($t, <<'EOF' ), undef, 'valid');
64+
65+
acme_shared_zone zone=ngx_acme_shared:1M;
66+
67+
acme_issuer example {
68+
uri https://localhost:%%PORT_9000%%/dir;
69+
account_key ecdsa:256;
70+
contact mailto:admin@example.test;
71+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
72+
resolver_timeout 5s;
73+
ssl_verify off;
74+
state_path %%TESTDIR%%;
75+
}
76+
77+
EOF
78+
79+
80+
is(check($t, <<'EOF' ), undef, 'valid - resolver in server');
81+
82+
acme_issuer example {
83+
uri https://localhost:%%PORT_9000%%/dir;
84+
ssl_verify off;
85+
}
86+
87+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
88+
89+
EOF
90+
91+
92+
like(check($t, <<'EOF' ), qr/\[emerg].*resolver is not/, 'no resolver');
93+
94+
acme_issuer example {
95+
uri https://localhost:%%PORT_9000%%/dir;
96+
ssl_verify off;
97+
}
98+
99+
EOF
100+
101+
102+
like(check($t, <<'EOF' ), qr/\[emerg].*must have "zone"/, 'bad zone value');
103+
104+
acme_shared_zone bad-value;
105+
106+
acme_issuer example {
107+
uri https://localhost:%%PORT_9000%%/dir;
108+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
109+
ssl_verify off;
110+
}
111+
112+
EOF
113+
114+
115+
like(check($t, <<'EOF' ), qr/\[emerg].*invalid zone size/, 'bad zone size');
116+
117+
acme_shared_zone zone=test:bad-size;
118+
119+
acme_issuer example {
120+
uri https://localhost:%%PORT_9000%%/dir;
121+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
122+
ssl_verify off;
123+
}
124+
125+
EOF
126+
127+
128+
like(check($t, <<'EOF' ), qr/\[emerg].*cannot load/, 'bad key file');
129+
130+
acme_issuer example {
131+
uri https://localhost:%%PORT_9000%%/dir;
132+
account_key no-such-file.key;
133+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
134+
ssl_verify off;
135+
}
136+
137+
EOF
138+
139+
140+
like(check($t, <<'EOF' ), qr/\[emerg].*unsupported curve/, 'bad key curve');
141+
142+
acme_issuer example {
143+
uri https://localhost:%%PORT_9000%%/dir;
144+
account_key ecdsa:234;
145+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
146+
ssl_verify off;
147+
}
148+
149+
EOF
150+
151+
152+
like(check($t, <<'EOF' ), qr/\[emerg].*unsupported key size/, 'bad key size');
153+
154+
acme_issuer example {
155+
uri https://localhost:%%PORT_9000%%/dir;
156+
account_key rsa:1024;
157+
resolver 127.0.0.1:%%PORT_8980_UDP%%;
158+
ssl_verify off;
159+
}
160+
161+
EOF
162+
163+
# stop and clear the log to avoid triggering sanitizer checks
164+
165+
$t->stop()->write_file('error.log', '');
166+
167+
###############################################################################
168+
169+
sub check {
170+
my ($t, $issuer) = @_;
171+
172+
$t->write_file_expand('nginx.conf',
173+
TEMPLATE_CONF =~ s/%%ACME_ISSUER%%/$issuer/r);
174+
175+
return try_run($t);
176+
}
177+
178+
sub try_run {
179+
my $t = shift;
180+
181+
# clean up after a successfull try
182+
183+
$t->stop();
184+
unlink $t->testdir() . '/error.log';
185+
186+
eval {
187+
open OLDERR, ">&", \*STDERR; close STDERR;
188+
$t->run();
189+
open STDERR, ">&", \*OLDERR;
190+
};
191+
192+
return unless $@;
193+
194+
my $log = $t->read_file('error.log');
195+
196+
if ($ENV{TEST_NGINX_VERBOSE}) {
197+
map { Test::Nginx::log_core($_) } split(/^/m, $log);
198+
}
199+
200+
return $log;
201+
}

0 commit comments

Comments
 (0)