blob: 87e189377889c7417e9d08cd865cd1b7dce11b8b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
require "test_helper"
using Plum::BinaryString
class HTTPSConnectionNegotiationTest < Minitest::Test
def test_server_must_raise_cprotocol_error_invalid_magic_short
con = ServerConnection.new(StringIO.new.method(:write))
assert_connection_error(:protocol_error) {
con << "HELLO"
}
end
def test_server_must_raise_cprotocol_error_invalid_magic_long
con = ServerConnection.new(StringIO.new.method(:write))
assert_connection_error(:protocol_error) {
con << ("HELLO" * 100) # over 24
}
end
def test_server_must_raise_cprotocol_error_non_settings_after_magic
con = ServerConnection.new(StringIO.new.method(:write))
con << Connection::CLIENT_CONNECTION_PREFACE
assert_connection_error(:protocol_error) {
con << Frame.new(type: :window_update, stream_id: 0, payload: "".push_uint32(1)).assemble
}
end
def test_server_accept_fragmented_magic
magic = Connection::CLIENT_CONNECTION_PREFACE
con = ServerConnection.new(StringIO.new.method(:write))
assert_no_error {
con << magic[0...5]
con << magic[5..-1]
con << Frame.new(type: :settings, stream_id: 0).assemble
}
end
def test_inadequate_security_ssl_socket
run = false
ctx = OpenSSL::SSL::SSLContext.new
ctx.alpn_select_cb = -> protocols { "h2" }
ctx.cert = TLS_CERT
ctx.key = TLS_KEY
tcp_server = TCPServer.new("127.0.0.1", LISTEN_PORT)
ssl_server = OpenSSL::SSL::SSLServer.new(tcp_server, ctx)
server_thread = Thread.new {
begin
Timeout.timeout(3) {
sock = ssl_server.accept
plum = SSLSocketServerConnection.new(sock)
assert_connection_error(:inadequate_security) {
run = true
while !sock.closed? && !sock.eof?
plum << sock.readpartial(1024)
end
}
}
rescue Timeout::Error
flunk "server timeout"
rescue => e
flunk e
ensure
tcp_server.close
end
}
client_thread = Thread.new {
sock = TCPSocket.new("127.0.0.1", LISTEN_PORT)
begin
ctx = OpenSSL::SSL::SSLContext.new.tap { |ctx|
ctx.alpn_protocols = ["h2"]
ctx.ciphers = "AES256-GCM-SHA384"
}
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.connect
ssl.write Connection::CLIENT_CONNECTION_PREFACE
ssl.write Frame.settings.assemble
sleep
rescue => e
flunk e
ensure
sock.close
end
}
server_thread.join
client_thread.kill
flunk "test not run" unless run
end
end
|