mirror of
https://github.com/denoland/deno.git
synced 2025-01-02 12:28:46 -05:00
7f15126f23
This adds a new `PathRef` struct to test_util for making it easier to work with paths in test code. I'm going to expand on this more in the future.
312 lines
9.2 KiB
Rust
312 lines
9.2 KiB
Rust
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
|
|
|
|
use deno_runtime::deno_net::ops_tls::TlsStream;
|
|
use deno_runtime::deno_tls::rustls;
|
|
use deno_runtime::deno_tls::rustls_pemfile;
|
|
use lsp_types::Url;
|
|
use std::io::BufReader;
|
|
use std::io::Cursor;
|
|
use std::io::Read;
|
|
use std::process::Command;
|
|
use std::sync::Arc;
|
|
use test_util as util;
|
|
use test_util::TempDir;
|
|
use util::TestContext;
|
|
|
|
itest_flaky!(cafile_url_imports {
|
|
args: "run --quiet --reload --cert tls/RootCA.pem cert/cafile_url_imports.ts",
|
|
output: "cert/cafile_url_imports.ts.out",
|
|
http_server: true,
|
|
});
|
|
|
|
itest_flaky!(cafile_ts_fetch {
|
|
args:
|
|
"run --quiet --reload --allow-net --cert tls/RootCA.pem cert/cafile_ts_fetch.ts",
|
|
output: "cert/cafile_ts_fetch.ts.out",
|
|
http_server: true,
|
|
});
|
|
|
|
itest_flaky!(cafile_eval {
|
|
args: "eval --cert tls/RootCA.pem fetch('https://localhost:5545/cert/cafile_ts_fetch.ts.out').then(r=>r.text()).then(t=>console.log(t.trimEnd()))",
|
|
output: "cert/cafile_ts_fetch.ts.out",
|
|
http_server: true,
|
|
});
|
|
|
|
itest_flaky!(cafile_info {
|
|
args:
|
|
"info --quiet --cert tls/RootCA.pem https://localhost:5545/cert/cafile_info.ts",
|
|
output: "cert/cafile_info.ts.out",
|
|
http_server: true,
|
|
});
|
|
|
|
itest_flaky!(cafile_url_imports_unsafe_ssl {
|
|
args: "run --quiet --reload --unsafely-ignore-certificate-errors=localhost cert/cafile_url_imports.ts",
|
|
output: "cert/cafile_url_imports_unsafe_ssl.ts.out",
|
|
http_server: true,
|
|
});
|
|
|
|
itest_flaky!(cafile_ts_fetch_unsafe_ssl {
|
|
args:
|
|
"run --quiet --reload --allow-net --unsafely-ignore-certificate-errors cert/cafile_ts_fetch.ts",
|
|
output: "cert/cafile_ts_fetch_unsafe_ssl.ts.out",
|
|
http_server: true,
|
|
});
|
|
|
|
// TODO(bartlomieju): reenable, this test was flaky on macOS CI during 1.30.3 release
|
|
// itest!(deno_land_unsafe_ssl {
|
|
// args:
|
|
// "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=deno.land cert/deno_land_unsafe_ssl.ts",
|
|
// output: "cert/deno_land_unsafe_ssl.ts.out",
|
|
// });
|
|
|
|
itest!(ip_address_unsafe_ssl {
|
|
args:
|
|
"run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=1.1.1.1 cert/ip_address_unsafe_ssl.ts",
|
|
output: "cert/ip_address_unsafe_ssl.ts.out",
|
|
});
|
|
|
|
itest!(localhost_unsafe_ssl {
|
|
args: "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=deno.land cert/cafile_url_imports.ts",
|
|
output: "cert/localhost_unsafe_ssl.ts.out",
|
|
http_server: true,
|
|
exit_code: 1,
|
|
});
|
|
|
|
#[flaky_test::flaky_test]
|
|
fn cafile_env_fetch() {
|
|
let module_url =
|
|
Url::parse("https://localhost:5545/cert/cafile_url_imports.ts").unwrap();
|
|
let context = TestContext::with_http_server();
|
|
let cafile = context.testdata_path().join("tls/RootCA.pem");
|
|
|
|
context
|
|
.new_command()
|
|
.args(format!("cache {module_url}"))
|
|
.env("DENO_CERT", cafile)
|
|
.run()
|
|
.assert_exit_code(0)
|
|
.skip_output_check();
|
|
}
|
|
|
|
#[flaky_test::flaky_test]
|
|
fn cafile_fetch() {
|
|
let module_url =
|
|
Url::parse("http://localhost:4545/cert/cafile_url_imports.ts").unwrap();
|
|
let context = TestContext::with_http_server();
|
|
let cafile = context.testdata_path().join("tls/RootCA.pem");
|
|
context
|
|
.new_command()
|
|
.args(format!("cache --quiet --cert {} {}", cafile, module_url,))
|
|
.run()
|
|
.assert_exit_code(0)
|
|
.assert_matches_text("");
|
|
}
|
|
|
|
#[test]
|
|
fn cafile_compile() {
|
|
let context = TestContext::with_http_server();
|
|
let temp_dir = context.temp_dir().path();
|
|
let output_exe = if cfg!(windows) {
|
|
temp_dir.join("cert.exe")
|
|
} else {
|
|
temp_dir.join("cert")
|
|
};
|
|
let output = context.new_command()
|
|
.args(format!("compile --quiet --cert ./tls/RootCA.pem --allow-net --output {} ./cert/cafile_ts_fetch.ts", output_exe))
|
|
.run();
|
|
output.skip_output_check();
|
|
|
|
context
|
|
.new_command()
|
|
.command_name(output_exe)
|
|
.run()
|
|
.assert_matches_text("[WILDCARD]\nHello\n");
|
|
}
|
|
|
|
#[flaky_test::flaky_test]
|
|
fn cafile_install_remote_module() {
|
|
let _g = util::http_server();
|
|
let temp_dir = TempDir::new();
|
|
let bin_dir = temp_dir.path().join("bin");
|
|
std::fs::create_dir(&bin_dir).unwrap();
|
|
let deno_dir = TempDir::new();
|
|
let cafile = util::testdata_path().join("tls/RootCA.pem");
|
|
|
|
let install_output = Command::new(util::deno_exe_path())
|
|
.env("DENO_DIR", deno_dir.path())
|
|
.current_dir(util::testdata_path())
|
|
.arg("install")
|
|
.arg("--cert")
|
|
.arg(cafile)
|
|
.arg("--root")
|
|
.arg(temp_dir.path())
|
|
.arg("-n")
|
|
.arg("echo_test")
|
|
.arg("https://localhost:5545/echo.ts")
|
|
.output()
|
|
.expect("Failed to spawn script");
|
|
println!("{}", std::str::from_utf8(&install_output.stdout).unwrap());
|
|
eprintln!("{}", std::str::from_utf8(&install_output.stderr).unwrap());
|
|
assert!(install_output.status.success());
|
|
|
|
let mut echo_test_path = bin_dir.join("echo_test");
|
|
if cfg!(windows) {
|
|
echo_test_path = echo_test_path.with_extension("cmd");
|
|
}
|
|
assert!(echo_test_path.exists());
|
|
|
|
let output = Command::new(echo_test_path)
|
|
.current_dir(temp_dir.path())
|
|
.arg("foo")
|
|
.env("PATH", util::target_dir())
|
|
.output()
|
|
.expect("failed to spawn script");
|
|
let stdout = std::str::from_utf8(&output.stdout).unwrap().trim();
|
|
assert!(stdout.ends_with("foo"));
|
|
}
|
|
|
|
#[flaky_test::flaky_test]
|
|
fn cafile_bundle_remote_exports() {
|
|
let _g = util::http_server();
|
|
|
|
// First we have to generate a bundle of some remote module that has exports.
|
|
let mod1 = "https://localhost:5545/subdir/mod1.ts";
|
|
let cafile = util::testdata_path().join("tls/RootCA.pem");
|
|
let t = TempDir::new();
|
|
let bundle = t.path().join("mod1.bundle.js");
|
|
let mut deno = util::deno_cmd()
|
|
.current_dir(util::testdata_path())
|
|
.arg("bundle")
|
|
.arg("--cert")
|
|
.arg(cafile)
|
|
.arg(mod1)
|
|
.arg(&bundle)
|
|
.spawn()
|
|
.expect("failed to spawn script");
|
|
let status = deno.wait().expect("failed to wait for the child process");
|
|
assert!(status.success());
|
|
assert!(bundle.is_file());
|
|
|
|
// Now we try to use that bundle from another module.
|
|
let test = t.path().join("test.js");
|
|
std::fs::write(
|
|
&test,
|
|
"
|
|
import { printHello3 } from \"./mod1.bundle.js\";
|
|
printHello3(); ",
|
|
)
|
|
.expect("error writing file");
|
|
|
|
let output = util::deno_cmd()
|
|
.current_dir(util::testdata_path())
|
|
.arg("run")
|
|
.arg("--check")
|
|
.arg(&test)
|
|
.output()
|
|
.expect("failed to spawn script");
|
|
// check the output of the test.ts program.
|
|
assert!(std::str::from_utf8(&output.stdout)
|
|
.unwrap()
|
|
.trim()
|
|
.ends_with("Hello"));
|
|
assert_eq!(output.stderr, b"");
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn listen_tls_alpn() {
|
|
let mut child = util::deno_cmd()
|
|
.current_dir(util::testdata_path())
|
|
.arg("run")
|
|
.arg("--unstable")
|
|
.arg("--quiet")
|
|
.arg("--allow-net")
|
|
.arg("--allow-read")
|
|
.arg("./cert/listen_tls_alpn.ts")
|
|
.arg("4504")
|
|
.stdout(std::process::Stdio::piped())
|
|
.spawn()
|
|
.unwrap();
|
|
let stdout = child.stdout.as_mut().unwrap();
|
|
let mut msg = [0; 5];
|
|
let read = stdout.read(&mut msg).unwrap();
|
|
assert_eq!(read, 5);
|
|
assert_eq!(&msg, b"READY");
|
|
|
|
let mut reader = &mut BufReader::new(Cursor::new(include_bytes!(
|
|
"../testdata/tls/RootCA.crt"
|
|
)));
|
|
let certs = rustls_pemfile::certs(&mut reader).unwrap();
|
|
let mut root_store = rustls::RootCertStore::empty();
|
|
root_store.add_parsable_certificates(&certs);
|
|
let mut cfg = rustls::ClientConfig::builder()
|
|
.with_safe_defaults()
|
|
.with_root_certificates(root_store)
|
|
.with_no_client_auth();
|
|
cfg.alpn_protocols.push(b"foobar".to_vec());
|
|
let cfg = Arc::new(cfg);
|
|
|
|
let hostname = rustls::ServerName::try_from("localhost").unwrap();
|
|
|
|
let tcp_stream = tokio::net::TcpStream::connect("localhost:4504")
|
|
.await
|
|
.unwrap();
|
|
let mut tls_stream = TlsStream::new_client_side(tcp_stream, cfg, hostname);
|
|
|
|
tls_stream.handshake().await.unwrap();
|
|
|
|
let (_, rustls_connection) = tls_stream.get_ref();
|
|
let alpn = rustls_connection.alpn_protocol().unwrap();
|
|
assert_eq!(alpn, b"foobar");
|
|
|
|
let status = child.wait().unwrap();
|
|
assert!(status.success());
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn listen_tls_alpn_fail() {
|
|
let mut child = util::deno_cmd()
|
|
.current_dir(util::testdata_path())
|
|
.arg("run")
|
|
.arg("--unstable")
|
|
.arg("--quiet")
|
|
.arg("--allow-net")
|
|
.arg("--allow-read")
|
|
.arg("./cert/listen_tls_alpn_fail.ts")
|
|
.arg("4505")
|
|
.stdout(std::process::Stdio::piped())
|
|
.spawn()
|
|
.unwrap();
|
|
let stdout = child.stdout.as_mut().unwrap();
|
|
let mut msg = [0; 5];
|
|
let read = stdout.read(&mut msg).unwrap();
|
|
assert_eq!(read, 5);
|
|
assert_eq!(&msg, b"READY");
|
|
|
|
let mut reader = &mut BufReader::new(Cursor::new(include_bytes!(
|
|
"../testdata/tls/RootCA.crt"
|
|
)));
|
|
let certs = rustls_pemfile::certs(&mut reader).unwrap();
|
|
let mut root_store = rustls::RootCertStore::empty();
|
|
root_store.add_parsable_certificates(&certs);
|
|
let mut cfg = rustls::ClientConfig::builder()
|
|
.with_safe_defaults()
|
|
.with_root_certificates(root_store)
|
|
.with_no_client_auth();
|
|
cfg.alpn_protocols.push(b"boofar".to_vec());
|
|
let cfg = Arc::new(cfg);
|
|
|
|
let hostname = rustls::ServerName::try_from("localhost").unwrap();
|
|
|
|
let tcp_stream = tokio::net::TcpStream::connect("localhost:4505")
|
|
.await
|
|
.unwrap();
|
|
let mut tls_stream = TlsStream::new_client_side(tcp_stream, cfg, hostname);
|
|
|
|
tls_stream.handshake().await.unwrap_err();
|
|
|
|
let (_, rustls_connection) = tls_stream.get_ref();
|
|
assert!(rustls_connection.alpn_protocol().is_none());
|
|
|
|
let status = child.wait().unwrap();
|
|
assert!(status.success());
|
|
}
|