From c6b1c3a484e3a108e84544aec0d2e719e1fcef0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=82=9F=E7=A9=BA?= Date: Thu, 26 Sep 2024 18:00:58 +0800 Subject: [PATCH] chore: remove t/fips --- t/fips/jwt-auth.t | 267 ---------------------------------------- t/fips/openid-connect.t | 111 ----------------- t/fips/ssls.t | 75 ----------- 3 files changed, 453 deletions(-) delete mode 100644 t/fips/jwt-auth.t delete mode 100644 t/fips/openid-connect.t delete mode 100644 t/fips/ssls.t diff --git a/t/fips/jwt-auth.t b/t/fips/jwt-auth.t deleted file mode 100644 index ec1061315775..000000000000 --- a/t/fips/jwt-auth.t +++ /dev/null @@ -1,267 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -use t::APISIX 'no_plan'; - -repeat_each(2); -no_long_string(); -no_root_location(); -no_shuffle(); - -add_block_preprocessor(sub { - my ($block) = @_; - - if (!defined $block->request) { - $block->set_value("request", "GET /t"); - } -}); - -run_tests; - -__DATA__ - -=== TEST 1: create public API route (jwt-auth sign) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/routes/2', - ngx.HTTP_PUT, - [[{ - "plugins": { - "public-api": {} - }, - "uri": "/apisix/plugin/jwt/sign" - }]] - ) - - if code >= 300 then - ngx.status = code - end - ngx.say(body) - } - } ---- response_body -passed - - - -=== TEST 2: add consumer with username and plugins with public_key, private_key(private_key numbits = 512) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/consumers', - ngx.HTTP_PUT, - [[{ - "username": "kerouac", - "plugins": { - "jwt-auth": { - "key": "user-key-rs256", - "algorithm": "RS256", - "public_key": "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKebDxlvQMGyEesAL1r1nIJBkSdqu3Hr\n7noq/0ukiZqVQLSJPMOv0oxQSutvvK3hoibwGakDOza+xRITB7cs2cECAwEAAQ==\n-----END PUBLIC KEY-----", - "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKebDxlvQMGyEesAL1r1nIJBkSdqu3Hr7noq/0ukiZqVQLSJPMOv\n0oxQSutvvK3hoibwGakDOza+xRITB7cs2cECAwEAAQJAYPWh6YvjwWobVYC45Hz7\n+pqlt1DWeVQMlN407HSWKjdH548ady46xiQuZ5Cfx3YyCcnsfVWaQNbC+jFbY4YL\nwQIhANfASwz8+2sKg1xtvzyaChX5S5XaQTB+azFImBJumixZAiEAxt93Td6JH1RF\nIeQmD/K+DClZMqSrliUzUqJnCPCzy6kCIAekDsRh/UF4ONjAJkKuLedDUfL3rNFb\n2M4BBSm58wnZAiEAwYLMOg8h6kQ7iMDRcI9I8diCHM8yz0SfbfbsvzxIFxECICXs\nYvIufaZvBa8f+E/9CANlVhm5wKAyM8N8GJsiCyEG\n-----END RSA PRIVATE KEY-----" - } - } - }]] - ) - - if code >= 300 then - ngx.status = code - end - ngx.say(body) - } - } ---- response_body -passed - - - -=== TEST 3: JWT sign and verify use RS256 algorithm(private_key numbits = 512) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/routes/1', - ngx.HTTP_PUT, - [[{ - "plugins": { - "jwt-auth": {} - }, - "upstream": { - "nodes": { - "127.0.0.1:1980": 1 - }, - "type": "roundrobin" - }, - "uri": "/hello" - }]] - ) - - if code >= 300 then - ngx.status = code - end - ngx.say(body) - } - } ---- response_body -passed - - - -=== TEST 4: sign/verify use RS256 algorithm(private_key numbits = 512) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key-rs256', - ngx.HTTP_GET - ) - - if code > 200 then - ngx.status = code - ngx.say(err) - return - end - - local code, _, res = t('/hello?jwt=' .. sign, - ngx.HTTP_GET - ) - - ngx.status = code - } - } ---- error_code: 401 ---- error_log -JWT token invalid: invalid jwt string - - - -=== TEST 5: add consumer with username and plugins with public_key, private_key(private_key numbits = 1024) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/consumers', - ngx.HTTP_PUT, - [[{ - "username": "kerouac", - "plugins": { - "jwt-auth": { - "key": "user-key-rs256", - "algorithm": "RS256", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGxOfVe/seP5T/V8pkS5YNAPRC\n3Ffxxedi7v0pyZh/4d4p9Qx0P9wOmALwlOq4Ftgks311pxG0zL0LcTJY4ikbc3r0\nh8SM0yhj9UV1VGtuia4YakobvpM9U+kq3lyIMO9ZPRez0cP3AJIYCt5yf8E7bNYJ\njbJNjl8WxvM1tDHqVQIDAQAB\n-----END PUBLIC KEY-----", - ]] .. [[ - "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDGxOfVe/seP5T/V8pkS5YNAPRC3Ffxxedi7v0pyZh/4d4p9Qx0\nP9wOmALwlOq4Ftgks311pxG0zL0LcTJY4ikbc3r0h8SM0yhj9UV1VGtuia4Yakob\nvpM9U+kq3lyIMO9ZPRez0cP3AJIYCt5yf8E7bNYJjbJNjl8WxvM1tDHqVQIDAQAB\nAoGAYFy9eAXvLC7u8QuClzT9vbgksvVXvWKQVqo+GbAeOoEpz3V5YDJFYN3ZLwFC\n+ZQ5nTFXNV6Veu13CMEMA4NBIa8I4r3aYzSjq7X7UEBkLDBtEUge52mYakNfXD8D\nqViHkyJqvtVnBl7jNZVqbBderQnXA0kigaeZPL3+hkYKBgECQQDmiDbUL3FBynLy\nNX6/JdAbO4g1Nl/1RsGg8svhb6vRM8WQyIQWt5EKi7yoP/9nIRXcIgdwpVO6wZRU\nDojL0oy1AkEA3LpjqXxIRzcy2ALsqKN3hoNPGAlkPyG3Mlph91mqSZ2jYpXCX9LW\nhhQdf9GmfO8jZtYhYAJqEMOJrKeZHToLIQJBAJbrJbnTNTn05ztZehh5ELxDRPBR\nIJDaOXi8emyjRsA2PGiEXLTih7l3sZIUE4fYSQ9L18MO+LmScSB2Q2fr9uECQFc7\nIh/dCgN7ARD1Nun+kEIMqrlpHMEGZgv0RDsoqG+naOaRINwVysn6MR5OkGlXaLo/\nbbkvuxMc88/T/GLciYECQQC4oUveCOic4Qs6TQfMUKKv/kJ09slbD70HkcBzA5nY\nyro4RT4z/SN6T3SD+TuWn2//I5QxiQEIbOCTySci7yuh\n-----END RSA PRIVATE KEY-----" - } - } - } - ]] - ) - ngx.status = code - ngx.say(body) - } - } ---- response_body -passed - - - -=== TEST 6: JWT sign and verify use RS256 algorithm(private_key numbits = 1024) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/routes/1', - ngx.HTTP_PUT, - [[{ - "plugins": { - "jwt-auth": {} - }, - "upstream": { - "nodes": { - "127.0.0.1:1980": 1 - }, - "type": "roundrobin" - }, - "uri": "/hello" - }]] - ) - - if code >= 300 then - ngx.status = code - end - ngx.say(body) - } - } ---- response_body -passed - - - -=== TEST 7: sign/verify use RS256 algorithm(private_key numbits = 1024) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key-rs256', - ngx.HTTP_GET - ) - - if code > 200 then - ngx.status = code - ngx.say(err) - return - end - - local code, _, res = t('/hello?jwt=' .. sign, - ngx.HTTP_GET - ) - - ngx.status = code - } - } ---- error_code: 401 ---- error_log -JWT token invalid: invalid jwt string - - - -=== TEST 8: sign/verify use RS256 algorithm(private_key numbits = 1024,with extra payload) ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, err, sign = t('/apisix/plugin/jwt/sign?key=user-key-rs256&payload=%7B%22aaa%22%3A%2211%22%2C%22bb%22%3A%22222%22%7D', - ngx.HTTP_GET - ) - - if code > 200 then - ngx.status = code - ngx.say(err) - return - end - - local code, _, res = t('/hello?jwt=' .. sign, - ngx.HTTP_GET - ) - - ngx.status = code - } - } ---- error_code: 401 ---- error_log -JWT token invalid: invalid jwt string diff --git a/t/fips/openid-connect.t b/t/fips/openid-connect.t deleted file mode 100644 index 8a23501cd93f..000000000000 --- a/t/fips/openid-connect.t +++ /dev/null @@ -1,111 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -use t::APISIX 'no_plan'; - -log_level('warn'); -repeat_each(1); -no_long_string(); -no_root_location(); -no_shuffle(); - -add_block_preprocessor(sub { - my ($block) = @_; - - if ((!defined $block->error_log) && (!defined $block->no_error_log)) { - $block->set_value("no_error_log", "[error]"); - } - - if (!defined $block->request) { - $block->set_value("request", "GET /t"); - } -}); - -run_tests(); - -__DATA__ - -=== TEST 1: configure oidc plugin with small public key ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin").test - local code, body = t('/apisix/admin/routes/1', - ngx.HTTP_PUT, - [[{ "plugins": { - "openid-connect": { - "client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH", - "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa", - "discovery": "https://samples.auth0.com/.well-known/openid-configuration", - "redirect_uri": "https://iresty.com", - "ssl_verify": false, - "timeout": 10, - "bearer_only": true, - "scope": "apisix", - "public_key": "-----BEGIN PUBLIC KEY-----\n]] .. - [[MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANW16kX5SMrMa2t7F2R1w6Bk/qpjS4QQ\n]] .. - [[hnrbED3Dpsl9JXAx90MYsIWp51hBxJSE/EPVK8WF/sjHK1xQbEuDfEECAwEAAQ==\n]] .. - [[-----END PUBLIC KEY-----", - "token_signing_alg_values_expected": "RS256" - } - }, - "upstream": { - "nodes": { - "127.0.0.1:1980": 1 - }, - "type": "roundrobin" - }, - "uri": "/hello" - }]] - ) - - if code >= 300 then - ngx.status = code - end - ngx.say(body) - } - } ---- response_body -passed - - - -=== TEST 2: hit failed ---- config - location /t { - content_by_lua_block { - local http = require "resty.http" - local httpc = http.new() - local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello" - local res, err = httpc:request_uri(uri, { - method = "GET", - headers = { - ["Authorization"] = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9" .. - ".eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk" .. - "4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCB" .. - "jb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqX" .. - "RyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7w", - } - }) - ngx.status = res.status - if res.status == 200 then - ngx.say(true) - end - } - } ---- error_code: 401 ---- error_log -jwt signature verification failed: invalid key length diff --git a/t/fips/ssls.t b/t/fips/ssls.t deleted file mode 100644 index d7f08370483a..000000000000 --- a/t/fips/ssls.t +++ /dev/null @@ -1,75 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -use t::APISIX 'no_plan'; - -repeat_each(1); -log_level('warn'); -no_root_location(); -no_shuffle(); - -run_tests(); - -__DATA__ - -=== TEST 1: configure cert with smaller key ---- config - location /t { - content_by_lua_block { - local t = require("lib.test_admin") - local json = require("toolkit.json") - local ssl_cert = t.read_file("t/certs/server_1024.crt") - local ssl_key = t.read_file("t/certs/server_1024.key") - - local data = { - upstream = { - type = "roundrobin", - nodes = { - ["127.0.0.1:1980"] = 1, - }, - }, - uri = "/hello" - } - assert(t.test('/apisix/admin/routes/1', - ngx.HTTP_PUT, - json.encode(data) - )) - - local data = { - cert = ssl_cert, - key = ssl_key, - sni = "localhost", - } - local code = t.test('/apisix/admin/ssls/1', - ngx.HTTP_PUT, - json.encode(data) - ) - - if code >= 300 then - ngx.status = code - end - } - } ---- request -GET /t - - - -=== TEST 2: curl failed ---- exec -curl -k https://localhost:1994/hello -H "Host: localhost" ---- error_log -failed to set PEM cert: SSL_use_certificate() failed