mirror of
https://github.com/swift-server/async-http-client.git
synced 2026-05-03 07:32:29 +00:00
Adam Fowler
9cdf8a01e5
This PR is a result of another #321. In that PR I provided an alternative structure to TLSConfiguration for when connecting with Transport Services. In this one I construct the NWProtocolTLS.Options from TLSConfiguration. It does mean a little more work for whenever we make a connection, but having spoken to @weissi he doesn't seem to think that is an issue. Also there is no method to create a SecIdentity at the moment. We need to generate a pkcs#12 from the certificate chain and private key, which can then be used to create the SecIdentity. This should resolve #292
130 lines
4.7 KiB
Swift
130 lines
4.7 KiB
Swift
//===----------------------------------------------------------------------===//
|
|
//
|
|
// This source file is part of the AsyncHTTPClient open source project
|
|
//
|
|
// Copyright (c) 2018-2019 Apple Inc. and the AsyncHTTPClient project authors
|
|
// Licensed under Apache License v2.0
|
|
//
|
|
// See LICENSE.txt for license information
|
|
// See CONTRIBUTORS.txt for the list of AsyncHTTPClient project authors
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
//
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
@testable import AsyncHTTPClient
|
|
#if canImport(Network)
|
|
import Network
|
|
#endif
|
|
import NIO
|
|
import NIOSSL
|
|
import NIOTransportServices
|
|
import XCTest
|
|
|
|
class HTTPClientNIOTSTests: XCTestCase {
|
|
var clientGroup: EventLoopGroup!
|
|
|
|
override func setUp() {
|
|
XCTAssertNil(self.clientGroup)
|
|
self.clientGroup = getDefaultEventLoopGroup(numberOfThreads: 3)
|
|
}
|
|
|
|
override func tearDown() {
|
|
XCTAssertNotNil(self.clientGroup)
|
|
XCTAssertNoThrow(try self.clientGroup.syncShutdownGracefully())
|
|
self.clientGroup = nil
|
|
}
|
|
|
|
func testCorrectEventLoopGroup() {
|
|
let httpClient = HTTPClient(eventLoopGroupProvider: .createNew)
|
|
defer {
|
|
XCTAssertNoThrow(try httpClient.syncShutdown())
|
|
}
|
|
#if canImport(Network)
|
|
if #available(macOS 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *) {
|
|
XCTAssertTrue(httpClient.eventLoopGroup is NIOTSEventLoopGroup)
|
|
return
|
|
}
|
|
#endif
|
|
XCTAssertTrue(httpClient.eventLoopGroup is MultiThreadedEventLoopGroup)
|
|
}
|
|
|
|
func testTLSFailError() {
|
|
guard isTestingNIOTS() else { return }
|
|
|
|
let httpBin = HTTPBin(ssl: true)
|
|
let httpClient = HTTPClient(eventLoopGroupProvider: .shared(self.clientGroup))
|
|
defer {
|
|
XCTAssertNoThrow(try httpClient.syncShutdown(requiresCleanClose: true))
|
|
XCTAssertNoThrow(try httpBin.shutdown())
|
|
}
|
|
|
|
#if canImport(Network)
|
|
do {
|
|
_ = try httpClient.get(url: "https://localhost:\(httpBin.port)/get").wait()
|
|
XCTFail("This should have failed")
|
|
} catch let error as HTTPClient.NWTLSError {
|
|
XCTAssert(error.status == errSSLHandshakeFail || error.status == errSSLBadCert,
|
|
"unexpected NWTLSError with status \(error.status)")
|
|
} catch {
|
|
XCTFail("Error should have been NWTLSError not \(type(of: error))")
|
|
}
|
|
#else
|
|
XCTFail("wrong OS")
|
|
#endif
|
|
}
|
|
|
|
func testConnectionFailError() {
|
|
guard isTestingNIOTS() else { return }
|
|
let httpBin = HTTPBin(ssl: true)
|
|
let httpClient = HTTPClient(eventLoopGroupProvider: .shared(self.clientGroup),
|
|
configuration: .init(timeout: .init(connect: .milliseconds(100),
|
|
read: .milliseconds(100))))
|
|
|
|
defer {
|
|
XCTAssertNoThrow(try httpClient.syncShutdown(requiresCleanClose: true))
|
|
}
|
|
|
|
let port = httpBin.port
|
|
XCTAssertNoThrow(try httpBin.shutdown())
|
|
|
|
XCTAssertThrowsError(try httpClient.get(url: "https://localhost:\(port)/get").wait()) { error in
|
|
XCTAssertEqual(.connectTimeout(.milliseconds(100)), error as? ChannelError)
|
|
}
|
|
}
|
|
|
|
func testTLSVersionError() {
|
|
guard isTestingNIOTS() else { return }
|
|
#if canImport(Network)
|
|
let httpBin = HTTPBin(ssl: true)
|
|
let httpClient = HTTPClient(
|
|
eventLoopGroupProvider: .shared(self.clientGroup),
|
|
configuration: .init(tlsConfiguration: TLSConfiguration.forClient(minimumTLSVersion: .tlsv11, maximumTLSVersion: .tlsv1, certificateVerification: .none))
|
|
)
|
|
defer {
|
|
XCTAssertNoThrow(try httpClient.syncShutdown(requiresCleanClose: true))
|
|
XCTAssertNoThrow(try httpBin.shutdown())
|
|
}
|
|
|
|
XCTAssertThrowsError(try httpClient.get(url: "https://localhost:\(httpBin.port)/get").wait()) { error in
|
|
XCTAssertEqual((error as? HTTPClient.NWTLSError)?.status, errSSLHandshakeFail)
|
|
}
|
|
#endif
|
|
}
|
|
|
|
func testTrustRootCertificateLoadFail() {
|
|
guard isTestingNIOTS() else { return }
|
|
#if canImport(Network)
|
|
let tlsConfig = TLSConfiguration.forClient(trustRoots: .file("not/a/certificate"))
|
|
XCTAssertThrowsError(try tlsConfig.getNWProtocolTLSOptions()) { error in
|
|
switch error {
|
|
case let error as NIOSSL.NIOSSLError where error == .failedToLoadCertificate:
|
|
break
|
|
default:
|
|
XCTFail("\(error)")
|
|
}
|
|
}
|
|
#endif
|
|
}
|
|
}
|