forked from 3scale/APIcast
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmutual-ssl.t
61 lines (54 loc) · 1.6 KB
/
mutual-ssl.t
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
use lib 't';
use Test::APIcast::Blackbox 'no_plan';
env_to_apicast(
'APICAST_PROXY_HTTPS_CERTIFICATE' => "$Test::Nginx::Util::ServRoot/html/client.crt",
'APICAST_PROXY_HTTPS_CERTIFICATE_KEY' => "$Test::Nginx::Util::ServRoot/html/client.key",
'APICAST_PROXY_HTTPS_PASSWORD_FILE' => "$Test::Nginx::Util::ServRoot/html/passwords.file",
'APICAST_PROXY_HTTPS_SESSION_REUSE' => 'on',
);
run_tests();
__DATA__
=== TEST 1: Mutual SSL with password file
--- ssl random_port
--- configuration
{
"services": [
{
"id": 42,
"backend_version": 1,
"backend_authentication_type": "service_token",
"backend_authentication_value": "token-value",
"proxy": {
"api_backend": "https://test:$TEST_NGINX_RANDOM_PORT/",
"proxy_rules": [
{ "pattern": "/", "http_method": "GET", "metric_system_name": "hits", "delta": 2 }
]
}
}
]
}
--- backend
location /transactions/authrep.xml {
content_by_lua_block {
ngx.exit(200)
}
}
--- upstream env
listen $TEST_NGINX_RANDOM_PORT ssl;
ssl_certificate $TEST_NGINX_SERVER_ROOT/html/server.crt;
ssl_certificate_key $TEST_NGINX_SERVER_ROOT/html/server.key;
ssl_client_certificate $TEST_NGINX_SERVER_ROOT/html/client.crt;
ssl_verify_client on;
location / {
echo 'ssl_client_s_dn: $ssl_client_s_dn';
echo 'ssl_client_i_dn: $ssl_client_i_dn';
}
--- request
GET /?user_key=uk
--- response_body
ssl_client_s_dn: CN=localhost,OU=APIcast,O=3scale
ssl_client_i_dn: CN=localhost,OU=APIcast,O=3scale
--- error_code: 200
--- no_error_log
[error]
--- user_files fixture=mutual_ssl.pl eval