mirror of
https://github.com/valitydev/thrift.git
synced 2024-11-07 18:58:51 +00:00
647501693b
* use override * use make_shared * use emplace * use range for * fix error on MSVC * replace boost functions with std functions * fix static analyzer warnings * check api return value * initialize member * check the return value of SSL_peek > 0 * add override
287 lines
9.2 KiB
C++
287 lines
9.2 KiB
C++
/*
|
|
* Licensed to the Apache Software Foundation (ASF) under one
|
|
* or more contributor license agreements. See the NOTICE file
|
|
* distributed with this work for additional information
|
|
* regarding copyright ownership. The ASF licenses this file
|
|
* to you under the Apache License, Version 2.0 (the
|
|
* "License"); you may not use this file except in compliance
|
|
* with the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing,
|
|
* software distributed under the License is distributed on an
|
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
* KIND, either express or implied. See the License for the
|
|
* specific language governing permissions and limitations
|
|
* under the License.
|
|
*/
|
|
|
|
#define BOOST_TEST_MODULE TNonblockingSSLServerTest
|
|
#include <boost/test/unit_test.hpp>
|
|
#include <boost/filesystem.hpp>
|
|
#include <boost/format.hpp>
|
|
|
|
#include "thrift/server/TNonblockingServer.h"
|
|
#include "thrift/transport/TSSLSocket.h"
|
|
#include "thrift/transport/TNonblockingSSLServerSocket.h"
|
|
|
|
#include "gen-cpp/ParentService.h"
|
|
|
|
#include <event.h>
|
|
|
|
using namespace apache::thrift;
|
|
using apache::thrift::concurrency::Guard;
|
|
using apache::thrift::concurrency::Monitor;
|
|
using apache::thrift::concurrency::Mutex;
|
|
using apache::thrift::server::TServerEventHandler;
|
|
using apache::thrift::transport::TSSLSocketFactory;
|
|
using apache::thrift::transport::TSSLSocket;
|
|
|
|
struct Handler : public test::ParentServiceIf {
|
|
void addString(const std::string& s) override { strings_.push_back(s); }
|
|
void getStrings(std::vector<std::string>& _return) override { _return = strings_; }
|
|
std::vector<std::string> strings_;
|
|
|
|
// dummy overrides not used in this test
|
|
int32_t incrementGeneration() override { return 0; }
|
|
int32_t getGeneration() override { return 0; }
|
|
void getDataWait(std::string&, const int32_t) override {}
|
|
void onewayWait() override {}
|
|
void exceptionWait(const std::string&) override {}
|
|
void unexpectedExceptionWait(const std::string&) override {}
|
|
};
|
|
|
|
boost::filesystem::path keyDir;
|
|
boost::filesystem::path certFile(const std::string& filename)
|
|
{
|
|
return keyDir / filename;
|
|
}
|
|
|
|
struct GlobalFixtureSSL
|
|
{
|
|
GlobalFixtureSSL()
|
|
{
|
|
using namespace boost::unit_test::framework;
|
|
for (int i = 0; i < master_test_suite().argc; ++i)
|
|
{
|
|
BOOST_TEST_MESSAGE(boost::format("argv[%1%] = \"%2%\"") % i % master_test_suite().argv[i]);
|
|
}
|
|
|
|
#ifdef __linux__
|
|
// OpenSSL calls send() without MSG_NOSIGPIPE so writing to a socket that has
|
|
// disconnected can cause a SIGPIPE signal...
|
|
signal(SIGPIPE, SIG_IGN);
|
|
#endif
|
|
|
|
TSSLSocketFactory::setManualOpenSSLInitialization(true);
|
|
apache::thrift::transport::initializeOpenSSL();
|
|
|
|
keyDir = boost::filesystem::current_path().parent_path().parent_path().parent_path() / "test" / "keys";
|
|
if (!boost::filesystem::exists(certFile("server.crt")))
|
|
{
|
|
keyDir = boost::filesystem::path(master_test_suite().argv[master_test_suite().argc - 1]);
|
|
if (!boost::filesystem::exists(certFile("server.crt")))
|
|
{
|
|
throw std::invalid_argument("The last argument to this test must be the directory containing the test certificate(s).");
|
|
}
|
|
}
|
|
}
|
|
|
|
virtual ~GlobalFixtureSSL()
|
|
{
|
|
apache::thrift::transport::cleanupOpenSSL();
|
|
#ifdef __linux__
|
|
signal(SIGPIPE, SIG_DFL);
|
|
#endif
|
|
}
|
|
};
|
|
|
|
#if (BOOST_VERSION >= 105900)
|
|
BOOST_GLOBAL_FIXTURE(GlobalFixtureSSL);
|
|
#else
|
|
BOOST_GLOBAL_FIXTURE(GlobalFixtureSSL)
|
|
#endif
|
|
|
|
std::shared_ptr<TSSLSocketFactory> createServerSocketFactory() {
|
|
std::shared_ptr<TSSLSocketFactory> pServerSocketFactory;
|
|
|
|
pServerSocketFactory.reset(new TSSLSocketFactory());
|
|
pServerSocketFactory->ciphers("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
|
|
pServerSocketFactory->loadCertificate(certFile("server.crt").string().c_str());
|
|
pServerSocketFactory->loadPrivateKey(certFile("server.key").string().c_str());
|
|
pServerSocketFactory->server(true);
|
|
return pServerSocketFactory;
|
|
}
|
|
|
|
std::shared_ptr<TSSLSocketFactory> createClientSocketFactory() {
|
|
std::shared_ptr<TSSLSocketFactory> pClientSocketFactory;
|
|
|
|
pClientSocketFactory.reset(new TSSLSocketFactory());
|
|
pClientSocketFactory->authenticate(true);
|
|
pClientSocketFactory->loadCertificate(certFile("client.crt").string().c_str());
|
|
pClientSocketFactory->loadPrivateKey(certFile("client.key").string().c_str());
|
|
pClientSocketFactory->loadTrustedCertificates(certFile("CA.pem").string().c_str());
|
|
return pClientSocketFactory;
|
|
}
|
|
|
|
class Fixture {
|
|
private:
|
|
struct ListenEventHandler : public TServerEventHandler {
|
|
public:
|
|
ListenEventHandler(Mutex* mutex) : listenMonitor_(mutex), ready_(false) {}
|
|
|
|
void preServe() override /* override */ {
|
|
Guard g(listenMonitor_.mutex());
|
|
ready_ = true;
|
|
listenMonitor_.notify();
|
|
}
|
|
|
|
Monitor listenMonitor_;
|
|
bool ready_;
|
|
};
|
|
|
|
struct Runner : public apache::thrift::concurrency::Runnable {
|
|
int port;
|
|
std::shared_ptr<event_base> userEventBase;
|
|
std::shared_ptr<TProcessor> processor;
|
|
std::shared_ptr<server::TNonblockingServer> server;
|
|
std::shared_ptr<ListenEventHandler> listenHandler;
|
|
std::shared_ptr<TSSLSocketFactory> pServerSocketFactory;
|
|
std::shared_ptr<transport::TNonblockingSSLServerSocket> socket;
|
|
Mutex mutex_;
|
|
|
|
Runner():port(0) {
|
|
listenHandler.reset(new ListenEventHandler(&mutex_));
|
|
}
|
|
|
|
void run() override {
|
|
// When binding to explicit port, allow retrying to workaround bind failures on ports in use
|
|
int retryCount = port ? 10 : 0;
|
|
pServerSocketFactory = createServerSocketFactory();
|
|
startServer(retryCount);
|
|
}
|
|
|
|
void readyBarrier() {
|
|
// block until server is listening and ready to accept connections
|
|
Guard g(mutex_);
|
|
while (!listenHandler->ready_) {
|
|
listenHandler->listenMonitor_.wait();
|
|
}
|
|
}
|
|
private:
|
|
void startServer(int retry_count) {
|
|
try {
|
|
socket.reset(new transport::TNonblockingSSLServerSocket(port, pServerSocketFactory));
|
|
server.reset(new server::TNonblockingServer(processor, socket));
|
|
server->setServerEventHandler(listenHandler);
|
|
server->setNumIOThreads(1);
|
|
if (userEventBase) {
|
|
server->registerEvents(userEventBase.get());
|
|
}
|
|
server->serve();
|
|
} catch (const transport::TTransportException&) {
|
|
if (retry_count > 0) {
|
|
++port;
|
|
startServer(retry_count - 1);
|
|
} else {
|
|
throw;
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
struct EventDeleter {
|
|
void operator()(event_base* p) { event_base_free(p); }
|
|
};
|
|
|
|
protected:
|
|
Fixture() : processor(new test::ParentServiceProcessor(std::make_shared<Handler>())) {}
|
|
|
|
~Fixture() {
|
|
if (server) {
|
|
server->stop();
|
|
}
|
|
if (thread) {
|
|
thread->join();
|
|
}
|
|
}
|
|
|
|
void setEventBase(event_base* user_event_base) {
|
|
userEventBase_.reset(user_event_base, EventDeleter());
|
|
}
|
|
|
|
int startServer(int port) {
|
|
std::shared_ptr<Runner> runner(new Runner);
|
|
runner->port = port;
|
|
runner->processor = processor;
|
|
runner->userEventBase = userEventBase_;
|
|
|
|
std::unique_ptr<apache::thrift::concurrency::ThreadFactory> threadFactory(
|
|
new apache::thrift::concurrency::ThreadFactory(false));
|
|
thread = threadFactory->newThread(runner);
|
|
thread->start();
|
|
runner->readyBarrier();
|
|
|
|
server = runner->server;
|
|
return runner->port;
|
|
}
|
|
|
|
bool canCommunicate(int serverPort) {
|
|
std::shared_ptr<TSSLSocketFactory> pClientSocketFactory = createClientSocketFactory();
|
|
std::shared_ptr<TSSLSocket> socket = pClientSocketFactory->createSocket("localhost", serverPort);
|
|
socket->open();
|
|
test::ParentServiceClient client(std::make_shared<protocol::TBinaryProtocol>(
|
|
std::make_shared<transport::TFramedTransport>(socket)));
|
|
client.addString("foo");
|
|
std::vector<std::string> strings;
|
|
client.getStrings(strings);
|
|
return strings.size() == 1 && !(strings[0].compare("foo"));
|
|
}
|
|
|
|
private:
|
|
std::shared_ptr<event_base> userEventBase_;
|
|
std::shared_ptr<test::ParentServiceProcessor> processor;
|
|
protected:
|
|
std::shared_ptr<server::TNonblockingServer> server;
|
|
private:
|
|
std::shared_ptr<apache::thrift::concurrency::Thread> thread;
|
|
|
|
};
|
|
|
|
BOOST_AUTO_TEST_SUITE(TNonblockingSSLServerTest)
|
|
|
|
BOOST_FIXTURE_TEST_CASE(get_specified_port, Fixture) {
|
|
int specified_port = startServer(12345);
|
|
BOOST_REQUIRE_GE(specified_port, 12345);
|
|
BOOST_REQUIRE_EQUAL(server->getListenPort(), specified_port);
|
|
BOOST_CHECK(canCommunicate(specified_port));
|
|
|
|
server->stop();
|
|
}
|
|
|
|
BOOST_FIXTURE_TEST_CASE(get_assigned_port, Fixture) {
|
|
int specified_port = startServer(0);
|
|
BOOST_REQUIRE_EQUAL(specified_port, 0);
|
|
int assigned_port = server->getListenPort();
|
|
BOOST_REQUIRE_NE(assigned_port, 0);
|
|
BOOST_CHECK(canCommunicate(assigned_port));
|
|
|
|
server->stop();
|
|
}
|
|
|
|
BOOST_FIXTURE_TEST_CASE(provide_event_base, Fixture) {
|
|
event_base* eb = event_base_new();
|
|
setEventBase(eb);
|
|
startServer(0);
|
|
|
|
// assert that the server works
|
|
BOOST_CHECK(canCommunicate(server->getListenPort()));
|
|
#if LIBEVENT_VERSION_NUMBER > 0x02010400
|
|
// also assert that the event_base is actually used when it's easy
|
|
BOOST_CHECK_GT(event_base_get_num_events(eb, EVENT_BASE_COUNT_ADDED), 0);
|
|
#endif
|
|
}
|
|
|
|
BOOST_AUTO_TEST_SUITE_END()
|