mirror of
https://github.com/denoland/deno.git
synced 2024-11-25 15:29:32 -05:00
chore: fix and deflake cert store fetch tests (#21241)
This commit is contained in:
parent
daab366b03
commit
b563e76f3f
1 changed files with 103 additions and 51 deletions
|
@ -732,8 +732,11 @@ mod tests {
|
||||||
use deno_core::url::Url;
|
use deno_core::url::Url;
|
||||||
use deno_runtime::deno_fetch::create_http_client;
|
use deno_runtime::deno_fetch::create_http_client;
|
||||||
use deno_runtime::deno_fetch::CreateHttpClientOptions;
|
use deno_runtime::deno_fetch::CreateHttpClientOptions;
|
||||||
|
use deno_runtime::deno_tls::rustls::RootCertStore;
|
||||||
use deno_runtime::deno_web::Blob;
|
use deno_runtime::deno_web::Blob;
|
||||||
use deno_runtime::deno_web::InMemoryBlobPart;
|
use deno_runtime::deno_web::InMemoryBlobPart;
|
||||||
|
use std::collections::hash_map::RandomState;
|
||||||
|
use std::collections::HashSet;
|
||||||
use std::fs::read;
|
use std::fs::read;
|
||||||
use test_util::TempDir;
|
use test_util::TempDir;
|
||||||
|
|
||||||
|
@ -2011,15 +2014,94 @@ mod tests {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static PUBLIC_HTTPS_URLS: &[&str] = &[
|
||||||
|
"https://deno.com/",
|
||||||
|
"https://example.com/",
|
||||||
|
"https://github.com/",
|
||||||
|
"https://www.w3.org/",
|
||||||
|
];
|
||||||
|
|
||||||
|
/// This test depends on external servers, so we need to be careful to avoid mistaking an offline machine with a
|
||||||
|
/// test failure.
|
||||||
#[tokio::test]
|
#[tokio::test]
|
||||||
async fn test_fetch_with_default_certificate_store() {
|
async fn test_fetch_with_default_certificate_store() {
|
||||||
let _http_server_guard = test_util::http_server();
|
let urls: HashSet<_, RandomState> =
|
||||||
|
HashSet::from_iter(PUBLIC_HTTPS_URLS.iter());
|
||||||
|
|
||||||
|
// Rely on the randomization of hashset iteration
|
||||||
|
for url in urls {
|
||||||
|
// Relies on external http server with a valid mozilla root CA cert.
|
||||||
|
let url = Url::parse(url).unwrap();
|
||||||
|
eprintln!("Attempting to fetch {url}...");
|
||||||
|
|
||||||
|
let client = HttpClient::from_client(
|
||||||
|
create_http_client(
|
||||||
|
version::get_user_agent(),
|
||||||
|
CreateHttpClientOptions::default(),
|
||||||
|
)
|
||||||
|
.unwrap(),
|
||||||
|
);
|
||||||
|
|
||||||
|
let result = fetch_once(
|
||||||
|
&client,
|
||||||
|
FetchOnceArgs {
|
||||||
|
url,
|
||||||
|
maybe_accept: None,
|
||||||
|
maybe_etag: None,
|
||||||
|
maybe_auth_token: None,
|
||||||
|
maybe_progress_guard: None,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
match result {
|
||||||
|
Err(_) => {
|
||||||
|
eprintln!("Fetch error: {result:?}");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
Ok(
|
||||||
|
FetchOnceResult::Code(..)
|
||||||
|
| FetchOnceResult::NotModified
|
||||||
|
| FetchOnceResult::Redirect(..),
|
||||||
|
) => return,
|
||||||
|
Ok(
|
||||||
|
FetchOnceResult::RequestError(_) | FetchOnceResult::ServerError(_),
|
||||||
|
) => {
|
||||||
|
eprintln!("HTTP error: {result:?}");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
// Use 1.1.1.1 and 8.8.8.8 as our last-ditch internet check
|
||||||
|
if std::net::TcpStream::connect("8.8.8.8:80").is_err()
|
||||||
|
&& std::net::TcpStream::connect("1.1.1.1:80").is_err()
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
panic!("None of the expected public URLs were available but internet appears to be available");
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn test_fetch_with_empty_certificate_store() {
|
||||||
|
let root_cert_store = RootCertStore::empty();
|
||||||
|
let urls: HashSet<_, RandomState> =
|
||||||
|
HashSet::from_iter(PUBLIC_HTTPS_URLS.iter());
|
||||||
|
|
||||||
|
// Rely on the randomization of hashset iteration
|
||||||
|
let url = urls.into_iter().next().unwrap();
|
||||||
// Relies on external http server with a valid mozilla root CA cert.
|
// Relies on external http server with a valid mozilla root CA cert.
|
||||||
let url = Url::parse("https://deno.land/x").unwrap();
|
let url = Url::parse(url).unwrap();
|
||||||
|
eprintln!("Attempting to fetch {url}...");
|
||||||
|
|
||||||
let client = HttpClient::from_client(
|
let client = HttpClient::from_client(
|
||||||
create_http_client(
|
create_http_client(
|
||||||
version::get_user_agent(),
|
version::get_user_agent(),
|
||||||
CreateHttpClientOptions::default(),
|
CreateHttpClientOptions {
|
||||||
|
root_cert_store: Some(root_cert_store),
|
||||||
|
..Default::default()
|
||||||
|
},
|
||||||
)
|
)
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
);
|
);
|
||||||
|
@ -2036,55 +2118,25 @@ mod tests {
|
||||||
)
|
)
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
println!("{result:?}");
|
match result {
|
||||||
if let Ok(FetchOnceResult::Code(body, _headers)) = result {
|
Err(_) => {
|
||||||
assert!(!body.is_empty());
|
eprintln!("Fetch error (expected): {result:?}");
|
||||||
} else {
|
return;
|
||||||
panic!();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO(@justinmchase): Windows should verify certs too and fail to make this request without ca certs
|
|
||||||
#[cfg(not(windows))]
|
|
||||||
#[tokio::test]
|
|
||||||
#[ignore] // https://github.com/denoland/deno/issues/12561
|
|
||||||
async fn test_fetch_with_empty_certificate_store() {
|
|
||||||
use deno_runtime::deno_tls::rustls::RootCertStore;
|
|
||||||
use deno_runtime::deno_tls::RootCertStoreProvider;
|
|
||||||
|
|
||||||
struct ValueRootCertStoreProvider(RootCertStore);
|
|
||||||
|
|
||||||
impl RootCertStoreProvider for ValueRootCertStoreProvider {
|
|
||||||
fn get_or_try_init(&self) -> Result<&RootCertStore, AnyError> {
|
|
||||||
Ok(&self.0)
|
|
||||||
}
|
}
|
||||||
}
|
Ok(
|
||||||
|
FetchOnceResult::Code(..)
|
||||||
let _http_server_guard = test_util::http_server();
|
| FetchOnceResult::NotModified
|
||||||
// Relies on external http server with a valid mozilla root CA cert.
|
| FetchOnceResult::Redirect(..),
|
||||||
let url = Url::parse("https://deno.land").unwrap();
|
) => {
|
||||||
let client = HttpClient::new(
|
panic!("Should not have successfully fetched a URL");
|
||||||
// no certs loaded at all
|
}
|
||||||
Some(Arc::new(ValueRootCertStoreProvider(RootCertStore::empty()))),
|
Ok(
|
||||||
None,
|
FetchOnceResult::RequestError(_) | FetchOnceResult::ServerError(_),
|
||||||
);
|
) => {
|
||||||
|
eprintln!("HTTP error (expected): {result:?}");
|
||||||
let result = fetch_once(
|
return;
|
||||||
&client,
|
}
|
||||||
FetchOnceArgs {
|
};
|
||||||
url,
|
|
||||||
maybe_accept: None,
|
|
||||||
maybe_etag: None,
|
|
||||||
maybe_auth_token: None,
|
|
||||||
maybe_progress_guard: None,
|
|
||||||
},
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
|
|
||||||
if let Ok(FetchOnceResult::Code(_body, _headers)) = result {
|
|
||||||
// This test is expected to fail since to CA certs have been loaded
|
|
||||||
panic!();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[tokio::test]
|
#[tokio::test]
|
||||||
|
|
Loading…
Reference in a new issue