From 689de40fe15a243a45189e614c4585b0e334fa11 Mon Sep 17 00:00:00 2001 From: joshblakeley Date: Tue, 13 Feb 2018 11:06:46 +0000 Subject: [PATCH] batch requests client checks for ssl config and add test --- batch_requests.go | 12 ++++- batch_requests_test.go | 104 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+), 1 deletion(-) diff --git a/batch_requests.go b/batch_requests.go index fc3b82cab11..8a4da004e5e 100644 --- a/batch_requests.go +++ b/batch_requests.go @@ -1,6 +1,7 @@ package main import ( + "crypto/tls" "encoding/json" "fmt" "io/ioutil" @@ -40,7 +41,16 @@ type BatchRequestHandler struct { // doRequest will make the same request but return a BatchReplyUnit func (b *BatchRequestHandler) doRequest(req *http.Request, relURL string) BatchReplyUnit { - resp, err := http.DefaultClient.Do(req) + tr := &http.Transport{TLSClientConfig: &tls.Config{}} + + if cert := getUpstreamCertificate(req.Host, b.API); cert != nil { + tr.TLSClientConfig.Certificates = []tls.Certificate{*cert} + } + + tr.TLSClientConfig.InsecureSkipVerify = config.Global.ProxySSLInsecureSkipVerify + client := &http.Client{Transport: tr} + + resp, err := client.Do(req) if err != nil { log.Error("Webhook request failed: ", err) return BatchReplyUnit{} diff --git a/batch_requests_test.go b/batch_requests_test.go index 35f7129ec91..75a1fe9d366 100644 --- a/batch_requests_test.go +++ b/batch_requests_test.go @@ -1,10 +1,16 @@ package main import ( + "crypto/tls" + "encoding/base64" "encoding/json" "io/ioutil" + "net/http" + "net/http/httptest" "testing" + "github.com/TykTechnologies/tyk/apidef" + "github.com/TykTechnologies/tyk/config" "github.com/TykTechnologies/tyk/test" ) @@ -65,3 +71,101 @@ func TestBatch(t *testing.T) { } } } + +const virtBatchTest = `function batchTest (request, session, config) { + // Set up a response object + var response = { + Body: "" + Headers: { + "content-type": "application/json" + }, + Code: 202 + } + + // Batch request + var batch = { + "requests": [ + { + "method": "GET", + "relative_url": "https://127.0.0.1:65504" + }, + ], + "suppress_parallel_execution": false + } + + log("[Virtual Test] Making Upstream Batch Request") + var newBody = TykBatchRequest(JSON.stringify(batch)) + + + var asJS = JSON.parse(newBody) + for (var i in asJS) { + asJS[i].body = JSON.parse(asJS[i].body) + } + + // We need to send a string object back to Tyk to embed in the response + response.Body = JSON.stringify(asJS) + + return TykJsResponse(response, session.meta_data) + +}` + +func TestSSLBatch(t *testing.T) { + + // _, _, combinedClientPEM, clientCert := genCertificate(&x509.Certificate{}) + // clientCert.Leaf, _ = x509.ParseCertificate(clientCert.Certificate[0]) + + // _, _, combinedPEM, _ := genServerCertificate() + // serverCertID, _ := CertificateManager.Add(combinedPEM, "") + // defer CertificateManager.Delete(serverCertID) + + upstream := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + })) + // Mutual TLS protected upstream + // pool := x509.NewCertPool() + upstream.TLS = &tls.Config{ + // ClientAuth: tls.RequireAndVerifyClientCert, + // ClientCAs: pool, + InsecureSkipVerify: true, + } + upstream.StartTLS() + upstream.URL = "https://127.0.0.1:65504" + + defer upstream.Close() + // clientCertID, _ := CertificateManager.Add(combinedClientPEM, "") + // defer CertificateManager.Delete(clientCertID) + + // pool.AddCert(clientCert.Leaf) + //config.Global.HttpServerOptions.UseSSL = true + //config.Global.HttpServerOptions.SSLCertificates = []string{serverCertID} + config.Global.ProxySSLInsecureSkipVerify = true + + defer resetTestConfig() + + ts := newTykTestServer() + defer ts.Close() + + buildAndLoadAPI(func(spec *APISpec) { + spec.Proxy.ListenPath = "/" + // spec.UpstreamCertificates = map[string]string{ + // "*": clientCertID, + // } + + virtualMeta := apidef.VirtualMeta{ + ResponseFunctionName: "virtBatchTest", + FunctionSourceType: "blob", + FunctionSourceURI: base64.StdEncoding.EncodeToString([]byte(virtBatchTest)), + Path: "/virt", + Method: "GET", + } + v := spec.VersionData.Versions["v1"] + v.UseExtendedPaths = true + v.ExtendedPaths = apidef.ExtendedPathsSet{ + Virtual: []apidef.VirtualMeta{virtualMeta}, + } + spec.VersionData.Versions["v1"] = v + }) + + ts.Run(t, test.TestCase{ + Path: "/virt", Code: 202, + }) +}