You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by GitBox <gi...@apache.org> on 2019/01/15 14:36:47 UTC
[trafficserver] Diff for: [GitHub] jrushford merged pull request #4777: Add unit tests for the URI signing plugin

diff --git a/.gitignore b/.gitignore
index f721723dc9..a63e882a58 100644
--- a/.gitignore
+++ b/.gitignore
@@ -116,6 +116,8 @@ plugins/esi/processor_test
 plugins/esi/utils_test
 plugins/esi/vars_test
 
+plugins/experimental/uri_signing/test_uri_signing
+
 mgmt/api/traffic_api_cli_remote
 mgmt/tools/traffic_mcast_snoop
 mgmt/tools/traffic_net_config
diff --git a/plugins/experimental/uri_signing/Makefile.inc b/plugins/experimental/uri_signing/Makefile.inc
index 9499479b4a..e9807baf67 100644
--- a/plugins/experimental/uri_signing/Makefile.inc
+++ b/plugins/experimental/uri_signing/Makefile.inc
@@ -26,3 +26,17 @@ experimental_uri_signing_uri_signing_la_SOURCES = \
   experimental/uri_signing/timing.c
 
 experimental_uri_signing_uri_signing_la_LIBADD = @LIBJANSSON@ @LIBCJOSE@ @LIBPCRE@ -lm -lcrypto
+
+check_PROGRAMS += experimental/uri_signing/test_uri_signing
+
+experimental_uri_signing_test_uri_signing_CPPFLAGS = $(AM_CPPFLAGS) -I$(abs_top_srcdir)/tests/include -DURI_SIGNING_UNIT_TEST 
+experimental_uri_signing_test_uri_signing_LDADD = @LIBJANSSON@ @LIBCJOSE@ @LIBPCRE@ -lm -lcrypto
+experimental_uri_signing_test_uri_signing_SOURCES = \
+	experimental/uri_signing/unit_tests/uri_signing_test.cc \
+    experimental/uri_signing/jwt.c \
+    experimental/uri_signing/common.c \
+    experimental/uri_signing/parse.c \
+    experimental/uri_signing/cookie.c \
+    experimental/uri_signing/config.c \
+    experimental/uri_signing/timing.c \
+    experimental/uri_signing/match.c
diff --git a/plugins/experimental/uri_signing/README.md b/plugins/experimental/uri_signing/README.md
index fe242d8d98..f4fef0c85b 100644
--- a/plugins/experimental/uri_signing/README.md
+++ b/plugins/experimental/uri_signing/README.md
@@ -147,6 +147,9 @@ This builds in-tree with the rest of the ATS plugins. Of special note, however,
 are the first two libraries: cjose and jansson. These libraries are not
 currently used anywhere else, so they may not be installed.
 
+Note that the default prefix value for cjose is /usr/local. Ensure this is visible to
+any executables that are being run using this library.
+
 As of this writing, both libraries install a dynamic library and a static
 archive. However, by default, the static archive is not compiled with Position
 Independent Code. The build script will detect this and build a dynamic
diff --git a/plugins/experimental/uri_signing/common.c b/plugins/experimental/uri_signing/common.c
new file mode 100644
index 0000000000..bae8b6d911
--- /dev/null
+++ b/plugins/experimental/uri_signing/common.c
@@ -0,0 +1,32 @@
+/*
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+#include "common.h"
+
+#ifdef URI_SIGNING_UNIT_TEST
+
+void
+PrintToStdErr(const char *fmt, ...)
+{
+  va_list args;
+  va_start(args, fmt);
+  vfprintf(stderr, fmt, args);
+  va_end(args);
+}
+
+#endif
diff --git a/plugins/experimental/uri_signing/uri_signing.h b/plugins/experimental/uri_signing/common.h
similarity index 72%
rename from plugins/experimental/uri_signing/uri_signing.h
rename to plugins/experimental/uri_signing/common.h
index 6cb5046c2d..c9304085f5 100644
--- a/plugins/experimental/uri_signing/uri_signing.h
+++ b/plugins/experimental/uri_signing/common.h
@@ -18,5 +18,17 @@
 
 #define PLUGIN_NAME "uri_signing"
 
+#ifdef URI_SIGNING_UNIT_TEST
+#include <stdio.h>
+#include <stdarg.h>
+
+#define PluginDebug(fmt, ...) PrintToStdErr("(%s) %s:%d:%s() " fmt "\n", PLUGIN_NAME, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
+#define PluginError(fmt, ...) PrintToStdErr("(%s) %s:%d:%s() " fmt "\n", PLUGIN_NAME, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
+void PrintToStdErr(const char *fmt, ...);
+
+#else
+
 #define PluginDebug(...) TSDebug("uri_signing", PLUGIN_NAME " " __VA_ARGS__)
 #define PluginError(...) PluginDebug(__VA_ARGS__), TSError(PLUGIN_NAME " " __VA_ARGS__)
+
+#endif
diff --git a/plugins/experimental/uri_signing/config.c b/plugins/experimental/uri_signing/config.c
index 83083f8fbd..b52b94470b 100644
--- a/plugins/experimental/uri_signing/config.c
+++ b/plugins/experimental/uri_signing/config.c
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-#include "uri_signing.h"
+#include "common.h"
 #include "config.h"
 #include "timing.h"
 #include "jwt.h"
diff --git a/plugins/experimental/uri_signing/cookie.c b/plugins/experimental/uri_signing/cookie.c
index 70dd1aa846..45a2e43b96 100644
--- a/plugins/experimental/uri_signing/cookie.c
+++ b/plugins/experimental/uri_signing/cookie.c
@@ -17,7 +17,7 @@
  */
 
 #include "cookie.h"
-#include "uri_signing.h"
+#include "common.h"
 #include <ts/ts.h>
 #include <string.h>
 
diff --git a/plugins/experimental/uri_signing/jwt.c b/plugins/experimental/uri_signing/jwt.c
index 9324ca866e..997448bfb2 100644
--- a/plugins/experimental/uri_signing/jwt.c
+++ b/plugins/experimental/uri_signing/jwt.c
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-#include "uri_signing.h"
+#include "common.h"
 #include "jwt.h"
 #include "match.h"
 #include "ts/ts.h"
diff --git a/plugins/experimental/uri_signing/match.c b/plugins/experimental/uri_signing/match.c
index ad376a251e..b665dc47bc 100644
--- a/plugins/experimental/uri_signing/match.c
+++ b/plugins/experimental/uri_signing/match.c
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-#include "uri_signing.h"
+#include "common.h"
 #include "ts/ts.h"
 #include <stdbool.h>
 #include <pcre.h>
diff --git a/plugins/experimental/uri_signing/parse.c b/plugins/experimental/uri_signing/parse.c
index 603c4ec9f5..99ded7b71a 100644
--- a/plugins/experimental/uri_signing/parse.c
+++ b/plugins/experimental/uri_signing/parse.c
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-#include "uri_signing.h"
+#include "common.h"
 #include "parse.h"
 #include "config.h"
 #include "jwt.h"
diff --git a/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc b/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc
new file mode 100644
index 0000000000..d89bf9c189
--- /dev/null
+++ b/plugins/experimental/uri_signing/unit_tests/uri_signing_test.cc
@@ -0,0 +1,92 @@
+/*
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+/*
+ * These are misc unit tests for uri signing
+ */
+
+#define CATCH_CONFIG_MAIN
+#include "catch.hpp"
+
+extern "C" {
+#include <jansson.h>
+#include <cjose/cjose.h>
+#include "../jwt.h"
+}
+
+bool
+jwt_parsing_helper(const char *jwt_string)
+{
+  fprintf(stderr, "Parsing JWT from string: %s\n", jwt_string);
+  bool resp;
+  json_error_t jerr = {};
+  size_t pt_ct      = strlen(jwt_string);
+  struct jwt *jwt   = parse_jwt(json_loadb(jwt_string, pt_ct, 0, &jerr));
+
+  if (jwt) {
+    resp = jwt_validate(jwt);
+  } else {
+    resp = false;
+  }
+
+  jwt_delete(jwt);
+  return resp;
+}
+
+TEST_CASE("1", "[JWSParsingTest]")
+{
+  INFO("TEST 1, Test JWT Parsing From Token Strings");
+
+  SECTION("Standard JWT Parsing")
+  {
+    REQUIRE(jwt_parsing_helper("{\"cdniets\":30,\"cdnistt\":1,\"exp\":7284188499,\"iss\":\"Content Access "
+                               "Manager\",\"cdniuc\":\"uri-regex:http://foobar.local/testDir/*\"}"));
+  }
+
+  SECTION("JWT Parsing With Unknown Claim")
+  {
+    REQUIRE(jwt_parsing_helper("{\"cdniets\":30,\"cdnistt\":1,\"exp\":7284188499,\"iss\":\"Content Access "
+                               "Manager\",\"cdniuc\":\"uri-regex:http://foobar.local/testDir/"
+                               "*\",\"jamesBond\":\"Something,Something_else\"}"));
+  }
+
+  SECTION("JWT Parsing with unsupported crit claim passed")
+  {
+    REQUIRE(!jwt_parsing_helper("{\"cdniets\":30,\"cdnistt\":1,\"exp\":7284188499,\"iss\":\"Content Access "
+                                "Manager\",\"cdniuc\":\"uri-regex:http://foobar.local/testDir/"
+                                "*\",\"cdnicrit\":\"Something,Something_else\"}"));
+  }
+
+  SECTION("JWT Parsing with empty exp claim")
+  {
+    REQUIRE(jwt_parsing_helper("{\"cdniets\":30,\"cdnistt\":1,\"iss\":\"Content Access "
+                               "Manager\",\"cdniuc\":\"uri-regex:http://foobar.local/testDir/*\"}"));
+  }
+
+  SECTION("JWT Parsing with unsupported cdniip claim")
+  {
+    REQUIRE(!jwt_parsing_helper("{\"cdniets\":30,\"cdnistt\":1,\"cdniip\":\"123.123.123.123\",\"iss\":\"Content Access "
+                                "Manager\",\"cdniuc\":\"uri-regex:http://foobar.local/testDir/*\"}"));
+  }
+
+  SECTION("JWT Parsing with unsupported value for cdnistd claim")
+  {
+    REQUIRE(!jwt_parsing_helper("{\"cdniets\":30,\"cdnistt\":1,\"cdnistd\":4,\"iss\":\"Content Access "
+                                "Manager\",\"cdniuc\":\"uri-regex:http://foobar.local/testDir/*\"}"));
+  }
+}
diff --git a/plugins/experimental/uri_signing/uri_signing.c b/plugins/experimental/uri_signing/uri_signing.c
index e9a2a81579..044731b98a 100644
--- a/plugins/experimental/uri_signing/uri_signing.c
+++ b/plugins/experimental/uri_signing/uri_signing.c
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-#include "uri_signing.h"
+#include "common.h"
 #include "config.h"
 #include "parse.h"
 #include "jwt.h"


With regards,
Apache Git Services