spec/unit/network/http/webrick_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290

#! /usr/bin/env ruby
require 'spec_helper'
require 'puppet/network/http'
require 'puppet/network/http/webrick'

describe Puppet::Network::HTTP::WEBrick, "after initializing" do
  it "should not be listening" do
    Puppet::Network::HTTP::WEBrick.new.should_not be_listening
  end
end

describe Puppet::Network::HTTP::WEBrick do
  include PuppetSpec::Files

  let(:address) { '127.0.0.1' }
  let(:port) { 31337 }

  let(:server) do
    s = Puppet::Network::HTTP::WEBrick.new
    s.stubs(:setup_logger).returns(Hash.new)
    s.stubs(:setup_ssl).returns(Hash.new)
    s
  end

  let(:mock_ssl_context) do
    stub('ssl_context', :ciphers= => nil)
  end

  let(:mock_webrick) do
    stub('webrick',
         :[] => {},
         :listeners => [],
         :status => :Running,
         :mount => nil,
         :start => nil,
         :shutdown => nil,
         :ssl_context => mock_ssl_context)
  end

  before :each do
    WEBrick::HTTPServer.stubs(:new).returns(mock_webrick)
  end

  describe "when turning on listening" do
    it "should fail if already listening" do
      server.listen(address, port)
      expect { server.listen(address, port) }.to raise_error(RuntimeError, /server is already listening/)
    end

    it "should tell webrick to listen on the specified address and port" do
      WEBrick::HTTPServer.expects(:new).with(
        has_entries(:Port => 31337, :BindAddress => "127.0.0.1")
      ).returns(mock_webrick)
      server.listen(address, port)
    end

    it "should not perform reverse lookups" do
      WEBrick::HTTPServer.expects(:new).with(
        has_entry(:DoNotReverseLookup => true)
      ).returns(mock_webrick)
      BasicSocket.expects(:do_not_reverse_lookup=).with(true)

      server.listen(address, port)
    end

    it "should configure a logger for webrick" do
      server.expects(:setup_logger).returns(:Logger => :mylogger)

      WEBrick::HTTPServer.expects(:new).with {|args|
        args[:Logger] == :mylogger
      }.returns(mock_webrick)

      server.listen(address, port)
    end

    it "should configure SSL for webrick" do
      server.expects(:setup_ssl).returns(:Ssl => :testing, :Other => :yay)

      WEBrick::HTTPServer.expects(:new).with {|args|
        args[:Ssl] == :testing and args[:Other] == :yay
      }.returns(mock_webrick)

      server.listen(address, port)
    end

    it "should be listening" do
      server.listen(address, port)
      server.should be_listening
    end

    describe "when the REST protocol is requested" do
      it "should register the REST handler at /" do
        # We don't care about the options here.
        mock_webrick.expects(:mount).with("/", Puppet::Network::HTTP::WEBrickREST, anything)

        server.listen(address, port)
      end
    end
  end

  describe "when turning off listening" do
    it "should fail unless listening" do
      expect { server.unlisten }.to raise_error(RuntimeError, /server is not listening/)
    end

    it "should order webrick server to stop" do
      mock_webrick.expects(:shutdown)
      server.listen(address, port)
      server.unlisten
    end

    it "should no longer be listening" do
      server.listen(address, port)
      server.unlisten
      server.should_not be_listening
    end
  end

  describe "when configuring an http logger" do
    let(:server) { Puppet::Network::HTTP::WEBrick.new }

    before :each do
      Puppet.settings.stubs(:use)
      @filehandle = stub 'handle', :fcntl => nil, :sync= => nil

      File.stubs(:open).returns @filehandle
    end

    it "should use the settings for :main, :ssl, and :application" do
      Puppet.settings.expects(:use).with(:main, :ssl, :application)

      server.setup_logger
    end

    it "should use the masterhttplog if the run_mode is master" do
      Puppet.run_mode.stubs(:master?).returns(true)
      log = make_absolute("/master/log")
      Puppet[:masterhttplog] = log

      File.expects(:open).with(log, "a+").returns @filehandle

      server.setup_logger
    end

    it "should use the httplog if the run_mode is not master" do
      Puppet.run_mode.stubs(:master?).returns(false)
      log = make_absolute("/other/log")
      Puppet[:httplog] = log

      File.expects(:open).with(log, "a+").returns @filehandle

      server.setup_logger
    end

    describe "and creating the logging filehandle" do
      it "should set the close-on-exec flag if supported" do
        if defined? Fcntl::FD_CLOEXEC
          @filehandle.expects(:fcntl).with(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
        else
          @filehandle.expects(:fcntl).never
        end

        server.setup_logger
      end

      it "should sync the filehandle" do
        @filehandle.expects(:sync=).with(true)

        server.setup_logger
      end
    end

    it "should create a new WEBrick::Log instance with the open filehandle" do
      WEBrick::Log.expects(:new).with(@filehandle)

      server.setup_logger
    end

    it "should set debugging if the current loglevel is :debug" do
      Puppet::Util::Log.expects(:level).returns :debug

      WEBrick::Log.expects(:new).with { |handle, debug| debug == WEBrick::Log::DEBUG }

      server.setup_logger
    end

    it "should return the logger as the main log" do
      logger = mock 'logger'
      WEBrick::Log.expects(:new).returns logger

      server.setup_logger[:Logger].should == logger
    end

    it "should return the logger as the access log using both the Common and Referer log format" do
      logger = mock 'logger'
      WEBrick::Log.expects(:new).returns logger

      server.setup_logger[:AccessLog].should == [
        [logger, WEBrick::AccessLog::COMMON_LOG_FORMAT],
        [logger, WEBrick::AccessLog::REFERER_LOG_FORMAT]
      ]
    end
  end

  describe "when configuring ssl" do
    let(:server) { Puppet::Network::HTTP::WEBrick.new }
    let(:localcacert) { make_absolute("/ca/crt") }
    let(:ssl_server_ca_auth) { make_absolute("/ca/ssl_server_auth_file") }
    let(:key) { stub 'key', :content => "mykey" }
    let(:cert) { stub 'cert', :content => "mycert" }
    let(:host) { stub 'host', :key => key, :certificate => cert, :name => "yay", :ssl_store => "mystore" }

    before :each do
      Puppet::SSL::Certificate.indirection.stubs(:find).with('ca').returns cert
      Puppet::SSL::Host.stubs(:localhost).returns host
    end

    it "should use the key from the localhost SSL::Host instance" do
      Puppet::SSL::Host.expects(:localhost).returns host
      host.expects(:key).returns key

      server.setup_ssl[:SSLPrivateKey].should == "mykey"
    end

    it "should configure the certificate" do
      server.setup_ssl[:SSLCertificate].should == "mycert"
    end

    it "should fail if no CA certificate can be found" do
      Puppet::SSL::Certificate.indirection.stubs(:find).with('ca').returns nil

      expect { server.setup_ssl }.to raise_error(Puppet::Error, /Could not find CA certificate/)
    end

    it "should specify the path to the CA certificate" do
      Puppet.settings[:hostcrl] = 'false'
      Puppet.settings[:localcacert] = localcacert

      server.setup_ssl[:SSLCACertificateFile].should == localcacert
    end

    it "should specify the path to the CA certificate" do
      Puppet.settings[:hostcrl] = 'false'
      Puppet.settings[:localcacert] = localcacert
      Puppet.settings[:ssl_server_ca_auth] = ssl_server_ca_auth

      server.setup_ssl[:SSLCACertificateFile].should == ssl_server_ca_auth
    end

    it "should start ssl immediately" do
      server.setup_ssl[:SSLStartImmediately].should be_true
    end

    it "should enable ssl" do
      server.setup_ssl[:SSLEnable].should be_true
    end

    it "should reject SSLv2" do
      options = server.setup_ssl[:SSLOptions]

      expect(options & OpenSSL::SSL::OP_NO_SSLv2).to eq(OpenSSL::SSL::OP_NO_SSLv2)
    end

    it "should reject SSLv3" do
      options = server.setup_ssl[:SSLOptions]

      expect(options & OpenSSL::SSL::OP_NO_SSLv3).to eq(OpenSSL::SSL::OP_NO_SSLv3)
    end

    it "should configure the verification method as 'OpenSSL::SSL::VERIFY_PEER'" do
      server.setup_ssl[:SSLVerifyClient].should == OpenSSL::SSL::VERIFY_PEER
    end

    it "should add an x509 store" do
      host.expects(:ssl_store).returns "mystore"

      server.setup_ssl[:SSLCertificateStore].should == "mystore"
    end

    it "should set the certificate name to 'nil'" do
      server.setup_ssl[:SSLCertName].should be_nil
    end

    it "specifies the allowable ciphers" do
      mock_ssl_context.expects(:ciphers=).with(server.class::CIPHERS)

      server.create_server('localhost', '8888')
    end
  end
end