Expired AC and Empty voms attribute tests

t/empty_voms_proxy.t

+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, valid proxy certificate no voms attributes 
+--- main_config
+    env OPENSSL_ALLOW_PROXY_CERTS=1; 
+    env X509_VOMS_DIR=t/vomsdir;
+--- http_config
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            echo $voms_fqans $voms_user;
+        }
+    }
+--- config
+    location = / {
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/0.cert.pem;
+        proxy_ssl_certificate_key ../../certs/0.key.pem;
+    }
+--- request
+GET / 
+--- response_body_like eval
+qr/\n/
+--- error_log
+VOMS extension not found
+--- error_code: 200

t/expired_ac_proxy.t

+
+use Test::Nginx::Socket 'no_plan';
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: https with x509 client authentication, valid proxy certificate expired voms attributes 
+--- main_config
+    env OPENSSL_ALLOW_PROXY_CERTS=1; 
+    env X509_VOMS_DIR=t/vomsdir;
+--- http_config
+    server {
+        error_log logs/error.log debug;
+        listen 8443 ssl;
+        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
+        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
+        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
+        ssl_verify_depth 10;
+        ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            echo $voms_fqans $voms_user;
+        }
+    }
+--- config
+    location = / {
+        proxy_pass https://localhost:8443/;
+        proxy_ssl_certificate ../../certs/1.cert.pem;
+        proxy_ssl_certificate_key ../../certs/1.key.pem;
+    }
+--- request
+GET / 
+--- response_body_like eval
+qr/\n/
+--- error_log
+AC not valid anymore
+--- error_code: 200

t/expired_proxy.t

@@ -17,6 +17,10 @@ __DATA__
         ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
         ssl_verify_depth 10;
         ssl_verify_client on;
+	location = / {
+            default_type text/plain;
+            echo $ssl_client_s_dn;
+        }
     }
 --- config
     location = / {
@@ -26,7 +30,8 @@ __DATA__
     }
 --- request
 GET /
---- response_body_like: 400 Bad Request 
---- error_code: 400
+--- response_body_like eval
+qr/\n/ 
 --- error_log 
 certificate has expired
+--- error_code: 400

t/servroot/conf/nginx.conf

-worker_processes  1;
-daemon on;
-master_process off;
-error_log /home/build/ngx_http_voms_module/t/servroot/logs/error.log debug;
-pid       /home/build/ngx_http_voms_module/t/servroot/logs/nginx.pid;
-env MOCKEAGAIN_VERBOSE;
-env MOCKEAGAIN;
-env MOCKEAGAIN_WRITE_TIMEOUT_PATTERN;
-env LD_PRELOAD;
-env LD_LIBRARY_PATH;
-env DYLD_INSERT_LIBRARIES;
-env DYLD_FORCE_FLAT_NAMESPACE;
-#env LUA_PATH;
-#env LUA_CPATH;
-
-    env OPENSSL_ALLOW_PROXY_CERTS=1; 
-
-
-http {
-    access_log /home/build/ngx_http_voms_module/t/servroot/logs/access.log;
-    #access_log off;
-
-    default_type text/plain;
-    keepalive_timeout  68;
-
-    server {
-        error_log logs/error.log debug;
-        listen 8443 ssl;
-        ssl_certificate ../../certs/nginx_voms_example.cert.pem;
-        ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
-        ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
-        ssl_verify_depth 10;
-        ssl_verify_client on;
-    }
-
-
-    server {
-        listen          1984;
-        server_name     'localhost';
-
-        client_max_body_size 30M;
-        #client_body_buffer_size 4k;
-
-        # Begin preamble config...
-
-        # End preamble config...
-
-        # Begin test case config...
-    location = / {
-        proxy_pass https://localhost:8443/;
-        proxy_ssl_certificate ../../certs/2.cert.pem;
-        proxy_ssl_certificate_key ../../certs/2.key.pem;
-    }
-
-        # End test case config.
-
-        location / {
-            root /home/build/ngx_http_voms_module/t/servroot/html;
-            index index.html index.htm;
-        }
-    }
-}
-
-
-
-#timer_resolution 100ms;
-
-events {
-    accept_mutex off;
-
-    worker_connections  64;
-}
-env ASAN_OPTIONS;

t/servroot/html/index.html

-<html><head><title>It works!</title></head><body>It works!</body></html>
\ No newline at end of file

t/servroot/logs/access.log

-127.0.0.1 - - [05/Mar/2018:13:23:08 +0000] "GET / HTTP/1.0" 400 237 "-" "-"
-127.0.0.1 - - [05/Mar/2018:13:23:08 +0000] "GET / HTTP/1.1" 400 237 "-" "-"

t/servroot/logs/error.log

-2018/03/05 13:23:08 [notice] 8663#8663: using the "epoll" event method
-2018/03/05 13:23:08 [notice] 8663#8663: openresty/1.13.6.1
-2018/03/05 13:23:08 [notice] 8663#8663: built by gcc 7.2.1 20170829 (Red Hat 7.2.1-1) (GCC) 
-2018/03/05 13:23:08 [notice] 8663#8663: OS: Linux 4.13.0-26-generic
-2018/03/05 13:23:08 [notice] 8663#8663: getrlimit(RLIMIT_NOFILE): 1048576:1048576
-2018/03/05 13:23:08 [info] 8664#8664: *3 client SSL certificate verify error: (10:certificate has expired) while reading client request headers, client: 127.0.0.1, server: , request: "GET / HTTP/1.0", host: "localhost:8443"
-2018/03/05 13:23:08 [notice] 8664#8664: signal 3 (SIGQUIT) received from 8650, shutting down
-2018/03/05 13:23:08 [info] 8664#8664: epoll_wait() failed (4: Interrupted system call)
-2018/03/05 13:23:08 [notice] 8664#8664: signal 15 (SIGTERM) received from 8650, exiting
-2018/03/05 13:23:08 [notice] 8664#8664: exiting
-2018/03/05 13:23:08 [notice] 8664#8664: exit