2016-12-12 18:30:31 +01:00
package main
import (
"crypto/tls"
2017-06-19 13:22:41 +02:00
"errors"
2016-12-12 18:30:31 +01:00
"net/http"
"os"
"os/exec"
"time"
"github.com/containous/traefik/integration/utils"
2017-06-19 13:22:41 +02:00
"github.com/go-check/check"
2016-12-12 18:30:31 +01:00
checker "github.com/vdemeester/shakers"
)
// ACME test suites (using libcompose)
type AcmeSuite struct {
BaseSuite
2017-06-19 13:22:41 +02:00
boulderIP string
}
// Acme tests configuration
type AcmeTestCase struct {
onDemand bool
traefikConfFilePath string
domainToCheck string
2016-12-12 18:30:31 +01:00
}
2017-06-19 13:22:41 +02:00
// Domain to check
const acmeDomain = "traefik.acme.wtf"
// Wildcard domain to chekc
const wildcardDomain = "*.acme.wtf"
2016-12-12 18:30:31 +01:00
func ( s * AcmeSuite ) SetUpSuite ( c * check . C ) {
s . createComposeProject ( c , "boulder" )
s . composeProject . Start ( c )
2017-06-19 13:22:41 +02:00
s . boulderIP = s . composeProject . Container ( c , "boulder" ) . NetworkSettings . IPAddress
2016-12-12 18:30:31 +01:00
// wait for boulder
err := utils . Try ( 120 * time . Second , func ( ) error {
2017-06-19 13:22:41 +02:00
resp , err := http . Get ( "http://" + s . boulderIP + ":4000/directory" )
2016-12-12 18:30:31 +01:00
if err != nil {
return err
}
if resp . StatusCode != 200 {
return errors . New ( "Expected http 200 from boulder" )
}
return nil
} )
c . Assert ( err , checker . IsNil )
}
func ( s * AcmeSuite ) TearDownSuite ( c * check . C ) {
// shutdown and delete compose project
if s . composeProject != nil {
s . composeProject . Stop ( c )
}
}
2017-06-19 13:22:41 +02:00
// Test OnDemand option with none provided certificate
func ( s * AcmeSuite ) TestOnDemandRetrieveAcmeCertificate ( c * check . C ) {
aTestCase := AcmeTestCase {
traefikConfFilePath : "fixtures/acme/acme.toml" ,
onDemand : true ,
domainToCheck : acmeDomain }
s . retrieveAcmeCertificate ( c , aTestCase )
}
// Test OnHostRule option with none provided certificate
func ( s * AcmeSuite ) TestOnHostRuleRetrieveAcmeCertificate ( c * check . C ) {
aTestCase := AcmeTestCase {
traefikConfFilePath : "fixtures/acme/acme.toml" ,
onDemand : false ,
domainToCheck : acmeDomain }
s . retrieveAcmeCertificate ( c , aTestCase )
}
// Test OnDemand option with a wildcard provided certificate
func ( s * AcmeSuite ) TestOnDemandRetrieveAcmeCertificateWithWildcard ( c * check . C ) {
aTestCase := AcmeTestCase {
traefikConfFilePath : "fixtures/acme/acme_provided.toml" ,
onDemand : true ,
domainToCheck : wildcardDomain }
s . retrieveAcmeCertificate ( c , aTestCase )
}
// Test onHostRule option with a wildcard provided certificate
func ( s * AcmeSuite ) TestOnHostRuleRetrieveAcmeCertificateWithWildcard ( c * check . C ) {
aTestCase := AcmeTestCase {
traefikConfFilePath : "fixtures/acme/acme_provided.toml" ,
onDemand : false ,
domainToCheck : wildcardDomain }
s . retrieveAcmeCertificate ( c , aTestCase )
}
// Doing an HTTPS request and test the response certificate
func ( s * AcmeSuite ) retrieveAcmeCertificate ( c * check . C , a AcmeTestCase ) {
file := s . adaptFile ( c , a . traefikConfFilePath , struct {
BoulderHost string
OnDemand , OnHostRule bool
} { s . boulderIP , a . onDemand , ! a . onDemand } )
2016-12-12 18:30:31 +01:00
defer os . Remove ( file )
cmd := exec . Command ( traefikBinary , "--configFile=" + file )
err := cmd . Start ( )
c . Assert ( err , checker . IsNil )
defer cmd . Process . Kill ( )
backend := startTestServer ( "9010" , 200 )
defer backend . Close ( )
tr := & http . Transport {
TLSClientConfig : & tls . Config { InsecureSkipVerify : true } ,
}
client := & http . Client { Transport : tr }
// wait for traefik (generating acme account take some seconds)
err = utils . Try ( 30 * time . Second , func ( ) error {
_ , err := client . Get ( "https://127.0.0.1:5001" )
if err != nil {
return err
}
return nil
} )
c . Assert ( err , checker . IsNil )
tr = & http . Transport {
TLSClientConfig : & tls . Config {
InsecureSkipVerify : true ,
2017-06-19 13:22:41 +02:00
ServerName : acmeDomain ,
2016-12-12 18:30:31 +01:00
} ,
}
client = & http . Client { Transport : tr }
req , _ := http . NewRequest ( "GET" , "https://127.0.0.1:5001/" , nil )
2017-06-19 13:22:41 +02:00
req . Host = acmeDomain
req . Header . Set ( "Host" , acmeDomain )
2016-12-12 18:30:31 +01:00
req . Header . Set ( "Accept" , "*/*" )
2017-06-19 13:22:41 +02:00
var resp * http . Response
// Retry to send a Request which uses the LE generated certificate
err = utils . Try ( 60 * time . Second , func ( ) error {
resp , err = client . Do ( req )
// /!\ If connection is not closed, SSLHandshake will only be done during the first trial /!\
req . Close = true
if err != nil {
return err
} else if resp . TLS . PeerCertificates [ 0 ] . Subject . CommonName != a . domainToCheck {
return errors . New ( "Domain " + resp . TLS . PeerCertificates [ 0 ] . Subject . CommonName + " found in place of " + a . domainToCheck )
}
return nil
} )
2016-12-12 18:30:31 +01:00
c . Assert ( err , checker . IsNil )
2017-06-19 13:22:41 +02:00
// Check Domain into response certificate
c . Assert ( resp . TLS . PeerCertificates [ 0 ] . Subject . CommonName , checker . Equals , a . domainToCheck )
2016-12-12 18:30:31 +01:00
// Expected a 200
c . Assert ( resp . StatusCode , checker . Equals , 200 )
2017-06-19 13:22:41 +02:00
2016-12-12 18:30:31 +01:00
}