Mercurial > hg > orthanc
comparison UnitTestsSources/RestApiTests.cpp @ 1534:95b3b0260240
Options to validate peers against CA certificates in HTTPS requests
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Thu, 13 Aug 2015 12:42:32 +0200 |
| parents | 0011cc99443c |
| children | 33d34bc4ac15 |
comparison
equal
deleted
inserted
replaced
| 1533:0011cc99443c | 1534:95b3b0260240 |
|---|---|
| 48 | 48 |
| 49 #if !defined(UNIT_TESTS_WITH_HTTP_CONNEXIONS) | 49 #if !defined(UNIT_TESTS_WITH_HTTP_CONNEXIONS) |
| 50 #error "Please set UNIT_TESTS_WITH_HTTP_CONNEXIONS" | 50 #error "Please set UNIT_TESTS_WITH_HTTP_CONNEXIONS" |
| 51 #endif | 51 #endif |
| 52 | 52 |
| 53 | |
| 54 | |
| 53 TEST(HttpClient, Basic) | 55 TEST(HttpClient, Basic) |
| 54 { | 56 { |
| 55 HttpClient c; | 57 HttpClient c; |
| 56 ASSERT_FALSE(c.IsVerbose()); | 58 ASSERT_FALSE(c.IsVerbose()); |
| 57 c.SetVerbose(true); | 59 c.SetVerbose(true); |
| 67 #endif | 69 #endif |
| 68 } | 70 } |
| 69 | 71 |
| 70 | 72 |
| 71 #if UNIT_TESTS_WITH_HTTP_CONNEXIONS == 1 | 73 #if UNIT_TESTS_WITH_HTTP_CONNEXIONS == 1 |
| 74 | |
| 75 /** | |
| 76 The HTTPS CA certificates for BitBucket were extracted as follows: | |
| 77 | |
| 78 (1) We retrieve the certification chain of BitBucket: | |
| 79 | |
| 80 # echo | openssl s_client -showcerts -connect www.bitbucket.org:443 | |
| 81 | |
| 82 (2) We see that the certification authority (CA) is | |
| 83 "www.digicert.com", and the root certificate is "DigiCert High | |
| 84 Assurance EV Root CA". As a consequence, we navigate to DigiCert to | |
| 85 find the URL to this CA certificate: | |
| 86 | |
| 87 firefox https://www.digicert.com/digicert-root-certificates.htm | |
| 88 | |
| 89 (3) Once we get the URL to the CA certificate, we convert it to a C | |
| 90 macro that can be used by libcurl: | |
| 91 | |
| 92 # cd UnitTestsSources | |
| 93 # ../Resources/RetrieveCACertificates.py BITBUCKET_CERTIFICATES https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt > BitbucketCACertificates.h | |
| 94 **/ | |
| 95 | |
| 96 #include "BitbucketCACertificates.h" | |
| 97 | |
| 72 TEST(HttpClient, Ssl) | 98 TEST(HttpClient, Ssl) |
| 73 { | 99 { |
| 100 Toolbox::WriteFile(BITBUCKET_CERTIFICATES, "UnitTestsResults/bitbucket.cert"); | |
| 101 | |
| 102 /*{ | |
| 103 std::string s; | |
| 104 Toolbox::ReadFile(s, "/usr/share/ca-certificates/mozilla/WoSign.crt"); | |
| 105 Toolbox::WriteFile(s, "UnitTestsResults/bitbucket.cert"); | |
| 106 }*/ | |
| 107 | |
| 74 HttpClient c; | 108 HttpClient c; |
| 109 c.SetHttpsVerifyPeers(true); | |
| 110 c.SetHttpsCACertificates("UnitTestsResults/bitbucket.cert"); | |
| 75 c.SetUrl("https://bitbucket.org/sjodogne/orthanc/raw/Orthanc-0.9.3/Resources/Configuration.json"); | 111 c.SetUrl("https://bitbucket.org/sjodogne/orthanc/raw/Orthanc-0.9.3/Resources/Configuration.json"); |
| 76 | 112 |
| 77 std::string s; | 113 Json::Value v; |
| 78 c.Apply(s); | |
| 79 | |
| 80 /*Json::Value v; | |
| 81 c.Apply(v); | 114 c.Apply(v); |
| 82 ASSERT_TRUE(v.isMember("LuaScripts"));*/ | 115 ASSERT_TRUE(v.isMember("LuaScripts")); |
| 83 } | 116 } |
| 117 | |
| 118 TEST(HttpClient, SslNoVerification) | |
| 119 { | |
| 120 HttpClient c; | |
| 121 c.SetHttpsVerifyPeers(false); | |
| 122 c.SetUrl("https://bitbucket.org/sjodogne/orthanc/raw/Orthanc-0.9.3/Resources/Configuration.json"); | |
| 123 | |
| 124 Json::Value v; | |
| 125 c.Apply(v); | |
| 126 ASSERT_TRUE(v.isMember("LuaScripts")); | |
| 127 } | |
| 128 | |
| 84 #endif | 129 #endif |
| 85 | 130 |
| 86 | 131 |
| 87 TEST(RestApi, ChunkedBuffer) | 132 TEST(RestApi, ChunkedBuffer) |
| 88 { | 133 { |