caddy-frontend/test: Assert real QUIC access

e4e5824f · Łukasz Nowak · Łukasz Nowak · 9c691cc0 · e4e5824f
Commit e4e5824f authored Nov 28, 2018 by Łukasz Nowak Committed by Łukasz Nowak Dec 05, 2018
Show whitespace changes
Inline Side-by-side

Showing with 44 additions and 40 deletions

software/caddy-frontend/test/test.py software/caddy-frontend/test/test.py +44 -40

No files found.
--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -90,19 +90,21 @@ def createKey():
  return key, key_pem
-def createSelfSignedCertificate(common_name):
+def createSelfSignedCertificate(name_list):
  key, key_pem = createKey()
+  subject_alternative_name_list = x509.SubjectAlternativeName(
+    [x509.DNSName(unicode(q)) for q in name_list]
+  )
  subject = issuer = x509.Name([
-    x509.NameAttribute(NameOID.COUNTRY_NAME, u"XX"),
+    x509.NameAttribute(NameOID.COMMON_NAME, u'Test Self Signed Certificate'),
-    x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"YY"),
-    x509.NameAttribute(NameOID.LOCALITY_NAME, u"Xx Yy"),
-    x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Xyx Yxy"),
-    x509.NameAttribute(NameOID.COMMON_NAME, unicode(common_name)),
  ])
  certificate = x509.CertificateBuilder().subject_name(
    subject
  ).issuer_name(
    issuer
+  ).add_extension(
+      subject_alternative_name_list,
+      critical=False,
  ).public_key(
    key.public_key()
  ).serial_number(
@@ -183,6 +185,17 @@ def isHTTP2(domain, ip):
  return 'Using HTTP2, server supports multi-use' in err
+def getQUIC(url, ip, port):
+  quic_client_command = 'quic_client --disable-certificate-verification '\
+    '--port=%(port)s --host=%(host)s %(url)s' % dict(
+      port=port, host=ip, url=url)
+  try:
+    return True, subprocess.check_output(
+      quic_client_command.split(), stderr=subprocess.STDOUT)
+  except subprocess.CalledProcessError as e:
+    return False, e.output
 class TestDataMixin(object):
  @staticmethod
  def generateHashFromFiles(file_list):
@@ -515,7 +528,12 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
  @classmethod
  def createWildcardExampleComCertificate(cls):
    _, cls.key_pem, _, cls.certificate_pem = createSelfSignedCertificate(
-      '*.example.com')
+      [
+        '*.customdomain.example.com',
+        '*.example.com',
+        '*.nginx.example.com',
+        '*.alias1.example.com',
+      ])
  @classmethod
  def setUpClass(cls):
@@ -704,7 +722,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      'customdomainsslcrtsslkeysslcacrt.example.com')
    _, cls.customdomain_ca_certificate_pem = cls.ca.signCSR(csr)
    _, cls.customdomain_key_pem, _, cls.customdomain_certificate_pem = \
-        createSelfSignedCertificate('customdomainsslcrtsslkey.example.com')
+        createSelfSignedCertificate(['customdomainsslcrtsslkey.example.com'])
    super(TestSlave, cls).setUpSlaves()
  @classmethod
@@ -1404,15 +1422,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      parameter_dict
    )
-    result = self.fakeHTTPSResult(
+    with self.assertRaises(requests.exceptions.SSLError):
+      self.fakeHTTPSResult(
        parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-    self.assertEqual(
-      self.customdomain_ca_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
  def test_ssl_ca_crt_does_not_match(self):
    parameter_dict = self.parseSlaveParameterDict('ssl_ca_crt_does_not_match')
    self.assertLogAccessUrlWithPop(parameter_dict)
@@ -3205,35 +3218,26 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertKeyWithPop('Date', result.headers)
    self.assertKeyWithPop('Content-Length', result.headers)
-    self.assertEqual(
+    quic_status, quic_result = getQUIC(
-      {'Content-Encoding': 'gzip',
+      'https://%s/%s' % (parameter_dict['domain'], 'test-path'),
-       'Alt-Svc': 'quic=":11443"; ma=2592000; v="39"',  # QUIC advertises
+      parameter_dict['public-ipv4'],
-       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+      HTTPS_PORT
-       'Vary': 'Accept-Encoding',
-       'Server': 'Caddy, BaseHTTP/0.3 Python/2.7.14',
-       'Content-Type': 'application/json'},
-      result.headers
    )
-    result_http = self.fakeHTTPResult(
+    self.assertTrue(quic_status, quic_result)
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-    self.assertEqualResultJson(result_http, 'Path', '/test-path')
    try:
-      j = result_http.json()
+      quic_jsoned = quic_result.split('body: ')[2].split('trailers')[0]
    except Exception:
-      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+      raise ValueError('JSON not found at all in QUIC result:\n%s' % (
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+        quic_result,))
+    try:
-    self.assertEqual(
+      j = json.loads(quic_jsoned)
-      'gzip',
+    except Exception:
-      result_http.headers['Content-Encoding']
+      raise ValueError('JSON decode problem in:\n%s' % (quic_jsoned,))
-    )
+    key = 'Path'
+    self.assertTrue(key in j, 'No key %r in %s' % (key, j))
-    self.assertEqual(
+    self.assertEqual('/test-path', j[key])
-      'secured=value;secure, nonsecured=value',
-      result_http.headers['Set-Cookie']
-    )
 class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):