зеркало из https://github.com/github/ruby.git
542 строки
15 KiB
Ruby
542 строки
15 KiB
Ruby
# frozen_string_literal: true
|
|
require_relative "helper"
|
|
require "rubygems/request"
|
|
require "ostruct"
|
|
require "base64"
|
|
|
|
unless Gem::HAVE_OPENSSL
|
|
warn "Skipping Gem::Request tests. openssl not found."
|
|
end
|
|
|
|
class TestGemRequest < Gem::TestCase
|
|
CA_CERT_FILE = cert_path "ca"
|
|
CHILD_CERT = load_cert "child"
|
|
EXPIRED_CERT = load_cert "expired"
|
|
PUBLIC_CERT = load_cert "public"
|
|
PUBLIC_CERT_FILE = cert_path "public"
|
|
SSL_CERT = load_cert "ssl"
|
|
|
|
def make_request(uri, request_class, last_modified, proxy)
|
|
Gem::Request.create_with_proxy uri, request_class, last_modified, proxy
|
|
end
|
|
|
|
def setup
|
|
@proxies = %w[http_proxy https_proxy HTTP_PROXY http_proxy_user HTTP_PROXY_USER http_proxy_pass HTTP_PROXY_PASS no_proxy NO_PROXY]
|
|
@old_proxies = @proxies.map {|k| ENV[k] }
|
|
@proxies.each {|k| ENV[k] = nil }
|
|
|
|
super
|
|
|
|
@proxy_uri = "http://localhost:1234"
|
|
@uri = URI("http://example")
|
|
|
|
@request = make_request @uri, nil, nil, nil
|
|
end
|
|
|
|
def teardown
|
|
super
|
|
Gem.configuration[:http_proxy] = nil
|
|
@proxies.each_with_index {|k, i| ENV[k] = @old_proxies[i] }
|
|
end
|
|
|
|
def test_initialize_proxy
|
|
proxy_uri = "http://proxy.example.com"
|
|
|
|
request = make_request @uri, nil, nil, proxy_uri
|
|
|
|
assert_equal proxy_uri, request.proxy_uri.to_s
|
|
end
|
|
|
|
def test_initialize_proxy_URI
|
|
proxy_uri = "http://proxy.example.com"
|
|
|
|
request = make_request @uri, nil, nil, URI(proxy_uri)
|
|
|
|
assert_equal proxy_uri, request.proxy_uri.to_s
|
|
end
|
|
|
|
def test_initialize_proxy_ENV
|
|
ENV["http_proxy"] = @proxy_uri
|
|
ENV["http_proxy_user"] = "foo"
|
|
ENV["http_proxy_pass"] = "bar"
|
|
|
|
request = make_request @uri, nil, nil, nil
|
|
|
|
proxy = request.proxy_uri
|
|
|
|
assert_equal "foo", proxy.user
|
|
assert_equal "bar", proxy.password
|
|
end
|
|
|
|
def test_initialize_proxy_ENV_https
|
|
ENV["https_proxy"] = @proxy_uri
|
|
|
|
request = make_request URI("https://example"), nil, nil, nil
|
|
|
|
proxy = request.proxy_uri
|
|
|
|
assert_equal URI(@proxy_uri), proxy
|
|
end
|
|
|
|
def test_proxy_ENV
|
|
ENV["http_proxy"] = "http://proxy"
|
|
ENV["https_proxy"] = ""
|
|
|
|
request = make_request URI("https://example"), nil, nil, nil
|
|
|
|
proxy = request.proxy_uri
|
|
|
|
assert_nil proxy
|
|
end
|
|
|
|
def test_configure_connection_for_https
|
|
connection = Net::HTTP.new "localhost", 443
|
|
|
|
request = Class.new(Gem::Request) do
|
|
def self.get_cert_files
|
|
[TestGemRequest::PUBLIC_CERT_FILE]
|
|
end
|
|
end.create_with_proxy URI("https://example"), nil, nil, nil
|
|
|
|
Gem::Request.configure_connection_for_https connection, request.cert_files
|
|
|
|
cert_store = connection.cert_store
|
|
|
|
assert cert_store.verify CHILD_CERT
|
|
end
|
|
|
|
def test_configure_connection_for_https_ssl_ca_cert
|
|
ssl_ca_cert, Gem.configuration.ssl_ca_cert =
|
|
Gem.configuration.ssl_ca_cert, CA_CERT_FILE
|
|
|
|
connection = Net::HTTP.new "localhost", 443
|
|
|
|
request = Class.new(Gem::Request) do
|
|
def self.get_cert_files
|
|
[TestGemRequest::PUBLIC_CERT_FILE]
|
|
end
|
|
end.create_with_proxy URI("https://example"), nil, nil, nil
|
|
|
|
Gem::Request.configure_connection_for_https connection, request.cert_files
|
|
|
|
cert_store = connection.cert_store
|
|
|
|
assert cert_store.verify CHILD_CERT
|
|
assert cert_store.verify SSL_CERT
|
|
ensure
|
|
Gem.configuration.ssl_ca_cert = ssl_ca_cert
|
|
end
|
|
|
|
def test_get_proxy_from_env_fallback
|
|
ENV["http_proxy"] = @proxy_uri
|
|
request = make_request @uri, nil, nil, nil
|
|
proxy = request.proxy_uri
|
|
|
|
assert_equal URI(@proxy_uri), proxy
|
|
end
|
|
|
|
def test_get_proxy_from_env_https
|
|
ENV["https_proxy"] = @proxy_uri
|
|
uri = URI("https://example")
|
|
request = make_request uri, nil, nil, nil
|
|
|
|
proxy = request.proxy_uri
|
|
|
|
assert_equal URI(@proxy_uri), proxy
|
|
end
|
|
|
|
def test_get_proxy_from_env_domain
|
|
ENV["http_proxy"] = @proxy_uri
|
|
ENV["http_proxy_user"] = 'foo\user'
|
|
ENV["http_proxy_pass"] = "my bar"
|
|
request = make_request @uri, nil, nil, nil
|
|
|
|
proxy = request.proxy_uri
|
|
|
|
assert_equal 'foo\user', Gem::UriFormatter.new(proxy.user).unescape
|
|
assert_equal "my bar", Gem::UriFormatter.new(proxy.password).unescape
|
|
end
|
|
|
|
def test_get_proxy_from_env_escape
|
|
ENV["http_proxy"] = @proxy_uri
|
|
ENV["http_proxy_user"] = "foo@user"
|
|
ENV["http_proxy_pass"] = "my@bar"
|
|
request = make_request @uri, nil, nil, nil
|
|
|
|
proxy = request.proxy_uri
|
|
|
|
assert_equal "foo%40user", proxy.user
|
|
assert_equal "my%40bar", proxy.password
|
|
end
|
|
|
|
def test_get_proxy_from_env_normalize
|
|
ENV["HTTP_PROXY"] = "fakeurl:12345"
|
|
request = make_request @uri, nil, nil, nil
|
|
|
|
assert_equal "http://fakeurl:12345", request.proxy_uri.to_s
|
|
end
|
|
|
|
def test_get_proxy_from_env_empty
|
|
ENV["HTTP_PROXY"] = ""
|
|
ENV.delete "http_proxy"
|
|
request = make_request @uri, nil, nil, nil
|
|
|
|
assert_nil request.proxy_uri
|
|
end
|
|
|
|
def test_fetch
|
|
uri = Gem::Uri.new(URI.parse "#{@gem_repo}/specs.#{Gem.marshal_version}")
|
|
response = util_stub_net_http(:body => :junk, :code => 200) do
|
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
|
|
|
@request.fetch
|
|
end
|
|
|
|
assert_equal 200, response.code
|
|
assert_equal :junk, response.body
|
|
end
|
|
|
|
def test_fetch_basic_auth
|
|
Gem.configuration.verbose = :really
|
|
uri = Gem::Uri.new(URI.parse "https://user:pass@example.rubygems/specs.#{Gem.marshal_version}")
|
|
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
|
use_ui @ui do
|
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
|
@request.fetch
|
|
end
|
|
c
|
|
end
|
|
|
|
auth_header = conn.payload["Authorization"]
|
|
assert_equal "Basic #{Base64.encode64('user:pass')}".strip, auth_header
|
|
assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}"
|
|
end
|
|
|
|
def test_fetch_basic_auth_encoded
|
|
Gem.configuration.verbose = :really
|
|
uri = Gem::Uri.new(URI.parse "https://user:%7BDEScede%7Dpass@example.rubygems/specs.#{Gem.marshal_version}")
|
|
|
|
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
|
use_ui @ui do
|
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
|
@request.fetch
|
|
end
|
|
c
|
|
end
|
|
|
|
auth_header = conn.payload["Authorization"]
|
|
assert_equal "Basic #{Base64.encode64('user:{DEScede}pass')}".strip, auth_header
|
|
assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}"
|
|
end
|
|
|
|
def test_fetch_basic_oauth_encoded
|
|
Gem.configuration.verbose = :really
|
|
uri = Gem::Uri.new(URI.parse "https://%7BDEScede%7Dpass:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}")
|
|
|
|
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
|
use_ui @ui do
|
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
|
@request.fetch
|
|
end
|
|
c
|
|
end
|
|
|
|
auth_header = conn.payload["Authorization"]
|
|
assert_equal "Basic #{Base64.encode64('{DEScede}pass:x-oauth-basic')}".strip, auth_header
|
|
assert_includes @ui.output, "GET https://REDACTED:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}"
|
|
end
|
|
|
|
def test_fetch_head
|
|
uri = Gem::Uri.new(URI.parse "#{@gem_repo}/specs.#{Gem.marshal_version}")
|
|
response = util_stub_net_http(:body => "", :code => 200) do |conn|
|
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
|
@request.fetch
|
|
end
|
|
|
|
assert_equal 200, response.code
|
|
assert_equal "", response.body
|
|
end
|
|
|
|
def test_fetch_unmodified
|
|
uri = Gem::Uri.new(URI.parse "#{@gem_repo}/specs.#{Gem.marshal_version}")
|
|
t = Time.utc(2013, 1, 2, 3, 4, 5)
|
|
conn, response = util_stub_net_http(:body => "", :code => 304) do |c|
|
|
@request = make_request(uri, Net::HTTP::Get, t, nil)
|
|
[c, @request.fetch]
|
|
end
|
|
|
|
assert_equal 304, response.code
|
|
assert_equal "", response.body
|
|
|
|
modified_header = conn.payload["if-modified-since"]
|
|
|
|
assert_equal "Wed, 02 Jan 2013 03:04:05 GMT", modified_header
|
|
end
|
|
|
|
def test_user_agent
|
|
ua = make_request(@uri, nil, nil, nil).user_agent
|
|
|
|
assert_match %r{^RubyGems/\S+ \S+ Ruby/\S+ \(.*?\)}, ua
|
|
assert_match %r{RubyGems/#{Regexp.escape Gem::VERSION}}, ua
|
|
assert_match %r{ #{Regexp.escape Gem::Platform.local.to_s} }, ua
|
|
assert_match %r{Ruby/#{Regexp.escape RUBY_VERSION}}, ua
|
|
assert_match %r{\(#{Regexp.escape RUBY_RELEASE_DATE} }, ua
|
|
end
|
|
|
|
def test_user_agent_engine
|
|
util_save_version
|
|
|
|
Object.send :remove_const, :RUBY_ENGINE
|
|
Object.send :const_set, :RUBY_ENGINE, "vroom"
|
|
|
|
ua = make_request(@uri, nil, nil, nil).user_agent
|
|
|
|
assert_match %r{\) vroom}, ua
|
|
ensure
|
|
util_restore_version
|
|
end
|
|
|
|
def test_user_agent_engine_ruby
|
|
util_save_version
|
|
|
|
Object.send :remove_const, :RUBY_ENGINE
|
|
Object.send :const_set, :RUBY_ENGINE, "ruby"
|
|
|
|
ua = make_request(@uri, nil, nil, nil).user_agent
|
|
|
|
assert_match %r{\)}, ua
|
|
ensure
|
|
util_restore_version
|
|
end
|
|
|
|
def test_user_agent_patchlevel
|
|
util_save_version
|
|
|
|
Object.send :remove_const, :RUBY_PATCHLEVEL
|
|
Object.send :const_set, :RUBY_PATCHLEVEL, 5
|
|
|
|
ua = make_request(@uri, nil, nil, nil).user_agent
|
|
|
|
assert_match %r{ patchlevel 5\)}, ua
|
|
ensure
|
|
util_restore_version
|
|
end
|
|
|
|
def test_user_agent_revision
|
|
util_save_version
|
|
|
|
Object.send :remove_const, :RUBY_PATCHLEVEL
|
|
Object.send :const_set, :RUBY_PATCHLEVEL, -1
|
|
Object.send :remove_const, :RUBY_REVISION if defined?(RUBY_REVISION)
|
|
Object.send :const_set, :RUBY_REVISION, 6
|
|
|
|
ua = make_request(@uri, nil, nil, nil).user_agent
|
|
|
|
assert_match %r{ revision 6\)}, ua
|
|
assert_match %r{Ruby/#{Regexp.escape RUBY_VERSION}dev}, ua
|
|
ensure
|
|
util_restore_version
|
|
end
|
|
|
|
def test_user_agent_revision_missing
|
|
util_save_version
|
|
|
|
Object.send :remove_const, :RUBY_PATCHLEVEL
|
|
Object.send :const_set, :RUBY_PATCHLEVEL, -1
|
|
Object.send :remove_const, :RUBY_REVISION if defined?(RUBY_REVISION)
|
|
|
|
ua = make_request(@uri, nil, nil, nil).user_agent
|
|
|
|
assert_match %r{\(#{Regexp.escape RUBY_RELEASE_DATE}\)}, ua
|
|
ensure
|
|
util_restore_version
|
|
end
|
|
|
|
def test_verify_certificate
|
|
pend if Gem.java_platform?
|
|
|
|
error_number = OpenSSL::X509::V_ERR_OUT_OF_MEM
|
|
|
|
store = OpenSSL::X509::Store.new
|
|
context = OpenSSL::X509::StoreContext.new store
|
|
context.error = error_number
|
|
|
|
use_ui @ui do
|
|
Gem::Request.verify_certificate context
|
|
end
|
|
|
|
assert_equal "ERROR: SSL verification error at depth 0: out of memory (#{error_number})\n",
|
|
@ui.error
|
|
end
|
|
|
|
def test_verify_certificate_extra_message
|
|
pend if Gem.java_platform?
|
|
|
|
error_number = OpenSSL::X509::V_ERR_INVALID_CA
|
|
|
|
store = OpenSSL::X509::Store.new
|
|
context = OpenSSL::X509::StoreContext.new store
|
|
context.error = error_number
|
|
|
|
use_ui @ui do
|
|
Gem::Request.verify_certificate context
|
|
end
|
|
|
|
expected = <<-ERROR
|
|
ERROR: SSL verification error at depth 0: invalid CA certificate (#{error_number})
|
|
ERROR: Certificate is an invalid CA certificate
|
|
ERROR
|
|
|
|
assert_equal expected, @ui.error
|
|
end
|
|
|
|
def test_verify_certificate_message_CERT_HAS_EXPIRED
|
|
error_number = OpenSSL::X509::V_ERR_CERT_HAS_EXPIRED
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, EXPIRED_CERT
|
|
|
|
assert_equal "Certificate #{EXPIRED_CERT.subject} expired at #{EXPIRED_CERT.not_before.iso8601}",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_CERT_NOT_YET_VALID
|
|
error_number = OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, EXPIRED_CERT
|
|
|
|
assert_equal "Certificate #{EXPIRED_CERT.subject} not valid until #{EXPIRED_CERT.not_before.iso8601}",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_CERT_REJECTED
|
|
error_number = OpenSSL::X509::V_ERR_CERT_REJECTED
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, CHILD_CERT
|
|
|
|
assert_equal "Certificate #{CHILD_CERT.subject} is rejected",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_CERT_UNTRUSTED
|
|
error_number = OpenSSL::X509::V_ERR_CERT_UNTRUSTED
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, CHILD_CERT
|
|
|
|
assert_equal "Certificate #{CHILD_CERT.subject} is not trusted",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_DEPTH_ZERO_SELF_SIGNED_CERT
|
|
error_number = OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, CHILD_CERT
|
|
|
|
assert_equal "Certificate #{CHILD_CERT.issuer} is not trusted",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_INVALID_CA
|
|
error_number = OpenSSL::X509::V_ERR_INVALID_CA
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, CHILD_CERT
|
|
|
|
assert_equal "Certificate #{CHILD_CERT.subject} is an invalid CA certificate",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_INVALID_PURPOSE
|
|
error_number = OpenSSL::X509::V_ERR_INVALID_PURPOSE
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, CHILD_CERT
|
|
|
|
assert_equal "Certificate #{CHILD_CERT.subject} has an invalid purpose",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_SELF_SIGNED_CERT_IN_CHAIN
|
|
error_number = OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, EXPIRED_CERT
|
|
|
|
assert_equal "Root certificate is not trusted (#{EXPIRED_CERT.subject})",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
|
|
error_number = OpenSSL::X509::V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, EXPIRED_CERT
|
|
|
|
assert_equal "You must add #{EXPIRED_CERT.issuer} to your local trusted store",
|
|
message
|
|
end
|
|
|
|
def test_verify_certificate_message_UNABLE_TO_VERIFY_LEAF_SIGNATURE
|
|
error_number = OpenSSL::X509::V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
|
|
|
|
message =
|
|
Gem::Request.verify_certificate_message error_number, EXPIRED_CERT
|
|
|
|
assert_equal "Cannot verify certificate issued by #{EXPIRED_CERT.issuer}",
|
|
message
|
|
end
|
|
|
|
def util_restore_version
|
|
Object.send :remove_const, :RUBY_ENGINE
|
|
Object.send :const_set, :RUBY_ENGINE, @orig_RUBY_ENGINE if
|
|
defined?(@orig_RUBY_ENGINE)
|
|
|
|
Object.send :remove_const, :RUBY_PATCHLEVEL
|
|
Object.send :const_set, :RUBY_PATCHLEVEL, @orig_RUBY_PATCHLEVEL
|
|
|
|
Object.send :remove_const, :RUBY_REVISION if defined?(RUBY_REVISION)
|
|
Object.send :const_set, :RUBY_REVISION, @orig_RUBY_REVISION if
|
|
defined?(@orig_RUBY_REVISION)
|
|
end
|
|
|
|
def util_save_version
|
|
@orig_RUBY_ENGINE = RUBY_ENGINE
|
|
@orig_RUBY_PATCHLEVEL = RUBY_PATCHLEVEL
|
|
@orig_RUBY_REVISION = RUBY_REVISION if defined? RUBY_REVISION
|
|
end
|
|
|
|
def util_stub_net_http(hash)
|
|
old_client = Gem::Request::ConnectionPools.client
|
|
conn = Conn.new OpenStruct.new(hash)
|
|
Gem::Request::ConnectionPools.client = conn
|
|
yield conn
|
|
ensure
|
|
Gem::Request::ConnectionPools.client = old_client
|
|
end
|
|
|
|
class Conn
|
|
attr_accessor :payload
|
|
|
|
def new(*args); self; end
|
|
def use_ssl=(bool); end
|
|
def verify_callback=(setting); end
|
|
def verify_mode=(setting); end
|
|
def cert_store=(setting); end
|
|
def start; end
|
|
|
|
def initialize(response)
|
|
@response = response
|
|
self.payload = nil
|
|
end
|
|
|
|
def request(req)
|
|
self.payload = req
|
|
@response
|
|
end
|
|
end
|
|
end if Gem::HAVE_OPENSSL
|