1 # frozen_string_literal: true
4 require_relative 'utils'
10 class TestOpenURISSL < Test::Unit::TestCase
11 include TestOpenURIUtils
14 @proxies = %w[http_proxy HTTP_PROXY https_proxy HTTPS_PROXY ftp_proxy FTP_PROXY no_proxy]
15 @old_proxies = @proxies.map {|k| ENV[k] }
16 @proxies.each {|k| ENV[k] = nil }
20 @proxies.each_with_index {|k, i| ENV[k] = @old_proxies[i] }
23 def setup_validation(srv, dr)
24 cacert_filename = "#{dr}/cacert.pem"
25 URI.open(cacert_filename, "w") {|f| f << CA_CERT }
26 if srv.respond_to?(:mount_proc)
27 srv.mount_proc("/data", lambda { |req, res| res.body = "ddd" } )
32 def test_validation_success
33 with_https {|srv, dr, url|
34 cacert_filename = setup_validation(srv, dr)
35 URI.open("#{url}/data", :ssl_ca_cert => cacert_filename) {|f|
36 assert_equal("200", f.status[0])
37 assert_equal("ddd", f.read)
42 def test_validation_noverify
43 with_https {|srv, dr, url|
44 setup_validation(srv, dr)
45 URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE) {|f|
46 assert_equal("200", f.status[0])
47 assert_equal("ddd", f.read)
52 def test_validation_failure
53 with_https(nil) {|srv, dr, url|
54 setup_validation(srv, dr)
55 assert_raise(OpenSSL::SSL::SSLError) { URI.open("#{url}/data") {} }
56 sleep 0.5 unless RUBY_PLATFORM =~ /mswin|mingw/
60 def test_ssl_min_version
61 with_https {|srv, dr, url|
62 setup_validation(srv, dr)
63 URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_min_version => :TLS1_2) {|f|
64 assert_equal("200", f.status[0])
65 assert_equal("ddd", f.read)
70 def test_bad_ssl_version
71 with_https(nil) {|srv, dr, url|
72 setup_validation(srv, dr)
73 assert_raise(ArgumentError) {
74 URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_min_version => :TLS_no_such_version) {}
79 def test_proxy_cacert_file
81 proxy_log_tester = lambda {|proxy_log, proxy_access_log|
82 assert_equal(1, proxy_access_log.length)
83 assert_match(%r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ], proxy_access_log[0])
84 assert_equal([], proxy_log)
86 with_https_proxy(proxy_log_tester) {|srv, dr, url_, cacert_filename, cacert_directory, proxy_host, proxy_port|
88 URI.open("#{url}/proxy", :proxy=>"http://#{proxy_host}:#{proxy_port}/", :ssl_ca_cert => cacert_filename) {|f|
89 assert_equal("200", f.status[0])
90 assert_equal("proxy", f.read)
95 def test_proxy_cacert_dir
97 proxy_log_tester = lambda {|proxy_log, proxy_access_log|
98 assert_equal(1, proxy_access_log.length)
99 assert_match(%r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ], proxy_access_log[0])
100 assert_equal([], proxy_log)
102 with_https_proxy(proxy_log_tester) {|srv, dr, url_, cacert_filename, cacert_directory, proxy_host, proxy_port|
104 URI.open("#{url}/proxy", :proxy=>"http://#{proxy_host}:#{proxy_port}/", :ssl_ca_cert => cacert_directory) {|f|
105 assert_equal("200", f.status[0])
106 assert_equal("proxy", f.read)
111 end if defined?(OpenSSL::SSL)