+++ /dev/null
-#include <iostream>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-extern "C"{
-#include <curl/curl.h>
-}
-#include "common/ceph_crypto.h"
-#include <map>
-#include <list>
-#define S3_BUCKET_NAME "s3testgw.fcgi"
-#define SWIFT_BUCKET_NAME "swift3testgw.fcgi"
-#define BUCKET_URL \
- ((g_test->get_key_type() == KEY_TYPE_S3)?(string("/" S3_BUCKET_NAME)):(string("/swift/v1/" SWIFT_BUCKET_NAME)))
-#define GTEST
-#ifdef GTEST
-#include <gtest/gtest.h>
-#else
-#define TEST(x, y) void y()
-#define ASSERT_EQ(v, s) if(v != s)cout << "Error at " << __LINE__ << "(" << #v << "!= " << #s << "\n"; \
- else cout << "(" << #v << "==" << #s << ") PASSED\n";
-#define EXPECT_EQ(v, s) ASSERT_EQ(v, s)
-#define ASSERT_TRUE(c) if(c)cout << "Error at " << __LINE__ << "(" << #c << ")" << "\n"; \
- else cout << "(" << #c << ") PASSED\n";
-#define EXPECT_TRUE(c) ASSERT_TRUE(c)
-#endif
-#include "common/code_environment.h"
-#include "common/ceph_argparse.h"
-#include "common/Finisher.h"
-#include "global/global_init.h"
-#include "rgw/rgw_cors.h"
-#include "rgw/rgw_cors_s3.h"
-
-using namespace std;
-
-#define CURL_VERBOSE 0
-#define HTTP_RESPONSE_STR "RespCode"
-#define CEPH_CRYPTO_HMACSHA1_DIGESTSIZE 20
-
-extern "C" int ceph_armor(char *dst, const char *dst_end,
- const char *src, const char *end);
-enum key_type {
- KEY_TYPE_UNDEFINED = 0,
- KEY_TYPE_SWIFT,
- KEY_TYPE_S3
-};
-
-static void print_usage(char *exec){
- cout << "Usage: " << exec << " <Options>\n";
- cout << "Options:\n"
- "-g <gw-ip> - The ip address of the gateway\n"
- "-p <gw-port> - The port number of the gateway\n"
- "-k <SWIFT|S3> - The key type, either SWIFT or S3\n"
- "-s3 <AWSAccessKeyId:SecretAccessKeyID> - Only, if the key type is S3, gives S3 credentials\n"
- "-swift <Auth-Token> - Only if the key type is SWIFT, and gives the SWIFT credentials\n";
-}
-class test_cors_helper {
- private:
- string host;
- string port;
- string creds;
- CURL *curl_inst;
- map<string, string> response;
- list<string> extra_hdrs;
- string *resp_data;
- unsigned resp_code;
- key_type kt;
- public:
- test_cors_helper() : curl_inst(NULL), resp_data(NULL), resp_code(0), kt(KEY_TYPE_UNDEFINED){
- curl_global_init(CURL_GLOBAL_ALL);
- }
- ~test_cors_helper(){
- curl_global_cleanup();
- }
- int send_request(string method, string uri,
- size_t (*function)(void *,size_t,size_t,void *) = 0,
- void *ud = 0, size_t length = 0);
- int extract_input(unsigned argc, char *argv[]);
- string& get_response(string hdr){
- return response[hdr];
- }
- void set_extra_header(string hdr){
- extra_hdrs.push_back(hdr);
- }
- void set_response(char *val);
- void set_response_data(char *data, size_t len){
- if(resp_data) delete resp_data;
- resp_data = new string(data, len);
- /*cout << resp_data->c_str() << "\n";*/
- }
- const string *get_response_data(){return resp_data;}
- unsigned get_resp_code(){return resp_code;}
- key_type get_key_type(){return kt;}
-};
-
-int test_cors_helper::extract_input(unsigned argc, char *argv[]){
-#define ERR_CHECK_NEXT_PARAM(o) \
- if((loop + 1) >= argc)return -1; \
- else o = argv[loop+1];
-
- for(unsigned loop = 1;loop < argc; loop += 2){
- if(strcmp(argv[loop], "-g") == 0){
- ERR_CHECK_NEXT_PARAM(host);
- }else if(strcmp(argv[loop], "-k") == 0){
- string type;
- ERR_CHECK_NEXT_PARAM(type);
- if(type.compare("S3") == 0)kt = KEY_TYPE_S3;
- else if(type.compare("SWIFT") == 0)kt = KEY_TYPE_SWIFT;
- }else if(strcmp(argv[loop],"-s3") == 0){
- ERR_CHECK_NEXT_PARAM(creds);
- }else if(strcmp(argv[loop],"-swift") == 0){
- ERR_CHECK_NEXT_PARAM(creds);
- }else if(strcmp(argv[loop],"-p") == 0){
- ERR_CHECK_NEXT_PARAM(port);
- }else return -1;
- }
- if(host.length() <= 0 ||
- creds.length() <= 0)
- return -1;
- return 0;
-}
-
-void test_cors_helper::set_response(char *r){
- string sr(r), h, v;
- size_t off = sr.find(": ");
- if(off != string::npos){
- h.assign(sr, 0, off);
- v.assign(sr, off + 2, sr.find("\r\n") - (off+2));
- }else{
- /*Could be the status code*/
- if(sr.find("HTTP/") != string::npos){
- h.assign(HTTP_RESPONSE_STR);
- off = sr.find(" ");
- v.assign(sr, off + 1, sr.find("\r\n") - (off + 1));
- resp_code = atoi((v.substr(0, 3)).c_str());
- }
- }
- response[h] = v;
-}
-
-size_t write_header(void *ptr, size_t size, size_t nmemb, void *ud){
- test_cors_helper *h = static_cast<test_cors_helper *>(ud);
- h->set_response((char *)ptr);
- return size*nmemb;
-}
-
-size_t write_data(void *ptr, size_t size, size_t nmemb, void *ud){
- test_cors_helper *h = static_cast<test_cors_helper *>(ud);
- h->set_response_data((char *)ptr, size*nmemb);
- return size*nmemb;
-}
-static inline void buf_to_hex(const unsigned char *buf, int len, char *str)
-{
- int i;
- str[0] = '\0';
- for (i = 0; i < len; i++) {
- sprintf(&str[i*2], "%02x", (int)buf[i]);
- }
-}
-
-static void calc_hmac_sha1(const char *key, int key_len,
- const char *msg, int msg_len, char *dest)
-/* destination should be CEPH_CRYPTO_HMACSHA1_DIGESTSIZE bytes long */
-{
- ceph::crypto::HMACSHA1 hmac((const unsigned char *)key, key_len);
- hmac.Update((const unsigned char *)msg, msg_len);
- hmac.Final((unsigned char *)dest);
-
- char hex_str[(CEPH_CRYPTO_HMACSHA1_DIGESTSIZE * 2) + 1];
- buf_to_hex((unsigned char *)dest, CEPH_CRYPTO_HMACSHA1_DIGESTSIZE, hex_str);
-}
-
-static int get_s3_auth(string method, string creds, string date, string res, string& out){
- string aid, secret, auth_hdr;
- size_t off = creds.find(":");
- out = "";
- if(off != string::npos){
- aid.assign(creds, 0, off);
- secret.assign(creds, off + 1, string::npos);
-
- /*sprintf(auth_hdr, "%s\n\n\n%s\n%s", req_type, date, res);*/
- char hmac_sha1[CEPH_CRYPTO_HMACSHA1_DIGESTSIZE];
- char b64[65]; /* 64 is really enough */
- auth_hdr.append(method + string("\n\n\n") + date + string("\n") + res);
- calc_hmac_sha1(secret.c_str(), secret.length(), auth_hdr.c_str(), auth_hdr.length(), hmac_sha1);
- int ret = ceph_armor(b64, b64 + 64, hmac_sha1,
- hmac_sha1 + CEPH_CRYPTO_HMACSHA1_DIGESTSIZE);
- if (ret < 0) {
- cout << "ceph_armor failed\n";
- return -1;
- }
- b64[ret] = 0;
- out.append(aid + string(":") + b64);
- }else return -1;
- return 0;
-}
-
-void get_date(string& d){
- struct timeval tv;
- char date[64];
- struct tm tm;
- char *days[] = {(char *)"Sun", (char *)"Mon", (char *)"Tue",
- (char *)"Wed", (char *)"Thu", (char *)"Fri",
- (char *)"Sat"};
- char *months[] = {(char *)"Jan", (char *)"Feb", (char *)"Mar",
- (char *)"Apr", (char *)"May", (char *)"Jun",
- (char *)"Jul",(char *) "Aug", (char *)"Sep",
- (char *)"Oct", (char *)"Nov", (char *)"Dec"};
- gettimeofday(&tv, NULL);
- gmtime_r(&tv.tv_sec, &tm);
- sprintf(date, "%s, %d %s %d %d:%d:%d GMT",
- days[tm.tm_wday],
- tm.tm_mday, months[tm.tm_mon],
- tm.tm_year + 1900,
- tm.tm_hour, tm.tm_min, 0 /*tm.tm_sec*/);
- d = date;
-}
-
-int test_cors_helper::send_request(string method, string res,
- size_t (*read_function)( void *,size_t,size_t,void *),
- void *ud,
- size_t length){
- string url;
- string auth, date;
- url.append(string("http://") + host);
- if(port.length() > 0)url.append(string(":") + port);
- url.append(res);
- curl_inst = curl_easy_init();
- if(curl_inst){
- curl_easy_setopt(curl_inst, CURLOPT_URL, url.c_str());
- curl_easy_setopt(curl_inst, CURLOPT_CUSTOMREQUEST, method.c_str());
- curl_easy_setopt(curl_inst, CURLOPT_VERBOSE, CURL_VERBOSE);
- curl_easy_setopt(curl_inst, CURLOPT_HEADERFUNCTION, write_header);
- curl_easy_setopt(curl_inst, CURLOPT_WRITEHEADER, (void *)this);
- curl_easy_setopt(curl_inst, CURLOPT_WRITEFUNCTION, write_data);
- curl_easy_setopt(curl_inst, CURLOPT_WRITEDATA, (void *)this);
- if(read_function){
- curl_easy_setopt(curl_inst, CURLOPT_READFUNCTION, read_function);
- curl_easy_setopt(curl_inst, CURLOPT_READDATA, (void *)ud);
- curl_easy_setopt(curl_inst, CURLOPT_UPLOAD, 1L);
- curl_easy_setopt(curl_inst, CURLOPT_INFILESIZE_LARGE, (curl_off_t)length);
- }
-
- get_date(date);
- string http_date;
- http_date.append(string("Date: ") + date);
- if(kt == KEY_TYPE_S3){
- string s3auth;
- if(get_s3_auth(method, creds, date, res, s3auth) < 0)return -1;
- auth.append(string("Authorization: AWS ") + s3auth);
- } else if(kt == KEY_TYPE_SWIFT){
- auth.append(string("X-Auth-Token: ") + creds);
- } else {
- cout << "Unknown state (" << kt << ")\n";
- return -1;
- }
-
- struct curl_slist *slist = NULL;
- slist = curl_slist_append(slist, auth.c_str());
- slist = curl_slist_append(slist, http_date.c_str());
- for(list<string>::iterator it = extra_hdrs.begin();
- it != extra_hdrs.end(); ++it){
- slist = curl_slist_append(slist, (*it).c_str());
- }
- if(read_function)
- curl_slist_append(slist, "Expect:");
- curl_easy_setopt(curl_inst, CURLOPT_HTTPHEADER, slist);
-
- response.erase(response.begin(), response.end());
- extra_hdrs.erase(extra_hdrs.begin(), extra_hdrs.end());
- CURLcode res = curl_easy_perform(curl_inst);
- if(res != CURLE_OK){
- cout << "Curl perform failed for " << url << ", res: " <<
- curl_easy_strerror(res) << "\n";
- return -1;
- }
- curl_slist_free_all(slist);
- }
- curl_easy_cleanup(curl_inst);
- return 0;
-}
-
-test_cors_helper *g_test;
-Finisher *finisher;
-
-static int create_bucket(void){
- if(g_test->get_key_type() == KEY_TYPE_S3){
- g_test->send_request(string("PUT"), string("/" S3_BUCKET_NAME));
- if(g_test->get_resp_code() != 200U){
- cout << "Error creating bucket, http code " << g_test->get_resp_code();
- return -1;
- }
- }else if(g_test->get_key_type() == KEY_TYPE_SWIFT){
- g_test->send_request(string("PUT"), string("/swift/v1/" SWIFT_BUCKET_NAME));
- if(g_test->get_resp_code() != 201U){
- cout << "Error creating bucket, http code " << g_test->get_resp_code();
- return -1;
- }
- }else return -1;
- return 0;
-}
-
-static int delete_bucket(void){
- if(g_test->get_key_type() == KEY_TYPE_S3){
- g_test->send_request(string("DELETE"), string("/" S3_BUCKET_NAME));
- if(g_test->get_resp_code() != 204U){
- cout << "Error deleting bucket, http code " << g_test->get_resp_code();
- return -1;
- }
- }else if(g_test->get_key_type() == KEY_TYPE_SWIFT){
- g_test->send_request(string("DELETE"), string("/swift/v1/" SWIFT_BUCKET_NAME));
- if(g_test->get_resp_code() != 204U){
- cout << "Error deleting bucket, http code " << g_test->get_resp_code();
- return -1;
- }
- }else return -1;
- return 0;
-}
-
-RGWCORSRule *xml_to_cors_rule(string s){
- RGWCORSConfiguration_S3 *cors_config;
- RGWCORSXMLParser_S3 parser(g_ceph_context);
- const string *data = g_test->get_response_data();
- if (!parser.init()) {
- return NULL;
- }
- if (!parser.parse(data->c_str(), data->length(), 1)) {
- return NULL;
- }
- cors_config = (RGWCORSConfiguration_S3 *)parser.find_first("CORSConfiguration");
- if (!cors_config) {
- return NULL;
- }
- return cors_config->host_name_rule(s.c_str());
-}
-
-size_t cors_read_xml(void *ptr, size_t s, size_t n, void *ud){
- stringstream *ss = (stringstream *)ud;
- size_t len = ss->str().length();
- if(s*n < len){
- cout << "Cannot copy xml data, as len is not enough\n";
- return 0;
- }
- memcpy(ptr, (void *)ss->str().c_str(), len);
- return len;
-}
-
-void send_cors(set<string> o, set<string> h,
- list<string> e, uint8_t flags,
- unsigned max_age){
- if(g_test->get_key_type() == KEY_TYPE_S3){
- RGWCORSRule rule(o, h, e, flags, max_age);
- RGWCORSConfiguration config;
- config.stack_rule(rule);
- stringstream ss;
- RGWCORSConfiguration_S3 *s3;
- s3 = static_cast<RGWCORSConfiguration_S3 *>(&config);
- s3->to_xml(ss);
-
- g_test->send_request(string("PUT"), string("/" S3_BUCKET_NAME "?cors"), cors_read_xml,
- (void *)&ss, ss.str().length());
- }else if(g_test->get_key_type() == KEY_TYPE_SWIFT){
- set<string>::iterator it;
- string a_o;
- for(it = o.begin(); it != o.end(); ++it){
- if(a_o.length() > 0)a_o.append(" ");
- a_o.append(*it);
- }
- g_test->set_extra_header(string("X-Container-Meta-Access-Control-Allow-Origin: ") + a_o);
-
- if(!h.empty()){
- string a_h;
- for(it = h.begin(); it != h.end(); ++it){
- if(a_h.length() > 0)a_h.append(" ");
- a_h.append(*it);
- }
- g_test->set_extra_header(string("X-Container-Meta-Access-Control-Allow-Headers: ") + a_h);
- }
- if(!e.empty()){
- string e_h;
- for(list<string>::iterator lit = e.begin(); lit != e.end(); ++lit){
- if(e_h.length() > 0)e_h.append(" ");
- e_h.append(*lit);
- }
- g_test->set_extra_header(string("X-Container-Meta-Access-Control-Expose-Headers: ") + e_h);
- }
- if(max_age != CORS_MAX_AGE_INVALID){
- char age[32];
- sprintf(age, "%u", max_age);
- g_test->set_extra_header(string("X-Container-Meta-Access-Control-Max-Age: ") + string(age));
- }
- //const char *data = "1";
- stringstream ss;
- ss << "1";
- g_test->send_request(string("POST"), string("/swift/v1/" SWIFT_BUCKET_NAME), cors_read_xml,
- (void *)&ss, 1);
- }
-}
-
-TEST(TestCORS, getcors_firsttime){
- if(g_test->get_key_type() == KEY_TYPE_SWIFT)return;
- ASSERT_EQ(0, create_bucket());
- g_test->send_request(string("GET"), string("/" S3_BUCKET_NAME "?cors"));
- EXPECT_EQ(404U, g_test->get_resp_code());
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, putcors_firsttime){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "example.com");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- /*Now get the CORS and check if its fine*/
- if(g_test->get_key_type() == KEY_TYPE_S3){
- g_test->send_request(string("GET"), string("/" S3_BUCKET_NAME "?cors"));
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- RGWCORSRule *r = xml_to_cors_rule(string("example.com"));
- EXPECT_TRUE(r != NULL);
- if(!r)return;
-
- EXPECT_TRUE((r->get_allowed_methods() & (RGW_CORS_GET | RGW_CORS_PUT))
- == (RGW_CORS_GET | RGW_CORS_PUT));
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, putcors_invalid_hostname){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "*.example.*");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ((400U), g_test->get_resp_code());
- origins.erase(origins.begin(), origins.end());
-
- if((g_test->get_key_type() != KEY_TYPE_SWIFT)){
- origins.insert(origins.end(), "");
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ((400U), g_test->get_resp_code());
- origins.erase(origins.begin(), origins.end());
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, putcors_invalid_headers){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "www.example.com");
- h.insert(h.end(), "*-Header-*");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ((400U), g_test->get_resp_code());
- h.erase(h.begin(), h.end());
-
- if((g_test->get_key_type() != KEY_TYPE_SWIFT)){
- h.insert(h.end(), "");
- flags = RGW_CORS_GET | RGW_CORS_PUT;
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ((400U), g_test->get_resp_code());
- h.erase(h.begin(), h.end());
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, optionscors_test_options_1){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "*.example.com");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: a.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->set_extra_header(string("Access-Control-Allow-Headers: SomeHeader"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("a.example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0U, s.length());
- s = g_test->get_response(string("Access-Control-Max-Age"));
- EXPECT_EQ(0U, s.length());
- s = g_test->get_response(string("Access-Control-Expose-Headers"));
- EXPECT_EQ(0U, s.length());
- }
-
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, optionscors_test_options_2){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "*.example.com");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT | RGW_CORS_DELETE | RGW_CORS_HEAD;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: a.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: HEAD"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("a.example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("HEAD"));
- }
-
- g_test->set_extra_header(string("Origin: foo.bar.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: HEAD"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("foo.bar.example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("HEAD"));
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, optionscors_test_options_3){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "*");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT | RGW_CORS_DELETE | RGW_CORS_HEAD;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- /*Check for HEAD in Access-Control-Allow-Methods*/
- g_test->set_extra_header(string("Origin: a.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: HEAD"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("a.example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("HEAD"));
- }
-
- /*Check for DELETE in Access-Control-Allow-Methods*/
- g_test->set_extra_header(string("Origin: foo.bar"));
- g_test->set_extra_header(string("Access-Control-Request-Method: DELETE"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("foo.bar"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("DELETE"));
- }
-
- /*Check for PUT in Access-Control-Allow-Methods*/
- g_test->set_extra_header(string("Origin: foo.bar"));
- g_test->set_extra_header(string("Access-Control-Request-Method: PUT"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("foo.bar"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("PUT"));
- }
-
- /*Check for POST in Access-Control-Allow-Methods*/
- g_test->set_extra_header(string("Origin: foo.bar"));
- g_test->set_extra_header(string("Access-Control-Request-Method: POST"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("foo.bar"));
- if(g_test->get_key_type() == KEY_TYPE_S3){
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0U, s.length());
- }else{
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("POST"));
- }
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, optionscors_test_options_4){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "example.com");
- h.insert(h.end(), "Header1");
- h.insert(h.end(), "Header2");
- h.insert(h.end(), "*");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0U, s.length());
- }
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->set_extra_header(string("Access-Control-Allow-Headers: Header1"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0, s.compare("Header1"));
- }
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->set_extra_header(string("Access-Control-Allow-Headers: Header2"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0, s.compare("Header2"));
- }
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->set_extra_header(string("Access-Control-Allow-Headers: Header2, Header1"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0, s.compare("Header2,Header1"));
- }
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->set_extra_header(string("Access-Control-Allow-Headers: Header1, Header2"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0, s.compare("Header1,Header2"));
- }
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->set_extra_header(string("Access-Control-Allow-Headers: Header1, Header2, Header3"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0, s.compare("Header1,Header2,Header3"));
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, optionscors_test_options_5){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "example.com");
- e.insert(e.end(), "Expose1");
- e.insert(e.end(), "Expose2");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Expose-Headers"));
- EXPECT_EQ(0, s.compare("Expose1,Expose2"));
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, optionscors_test_options_6){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
- unsigned err = (g_test->get_key_type() == KEY_TYPE_SWIFT)?401U:403U;
-
- origins.insert(origins.end(), "http://www.example.com");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(err, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: http://example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(err, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: www.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(err, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: http://www.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- origins.erase(origins.begin(), origins.end());
- origins.insert(origins.end(), "*.example.com");
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: .example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: http://example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(err, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: www.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: http://www.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: https://www.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- origins.erase(origins.begin(), origins.end());
- origins.insert(origins.end(), "https://example*.com");
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: https://example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: http://example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(err, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: www.example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(err, g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: https://example.a.b.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
-
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, optionscors_test_options_7){
- ASSERT_EQ(0, create_bucket());
- set<string> origins, h;
- list<string> e;
-
- origins.insert(origins.end(), "example.com");
- h.insert(h.end(), "Header*");
- h.insert(h.end(), "Hdr-*-Length");
- h.insert(h.end(), "*-Length");
- h.insert(h.end(), "foo*foo");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->set_extra_header(string("Origin: example.com"));
- g_test->set_extra_header(string("Access-Control-Request-Method: GET"));
- g_test->set_extra_header(string("Access-Control-Allow-Headers: Header1, Header2, Header3, "
- "Hdr--Length, Hdr-1-Length, Header-Length, Content-Length, foofoofoo"));
- g_test->send_request(string("OPTIONS"), BUCKET_URL);
- EXPECT_EQ(200U, g_test->get_resp_code());
- if(g_test->get_resp_code() == 200){
- string s = g_test->get_response(string("Access-Control-Allow-Origin"));
- EXPECT_EQ(0, s.compare("example.com"));
- s = g_test->get_response(string("Access-Control-Allow-Methods"));
- EXPECT_EQ(0, s.compare("GET"));
- s = g_test->get_response(string("Access-Control-Allow-Headers"));
- EXPECT_EQ(0, s.compare("Header1,Header2,Header3,"
- "Hdr--Length,Hdr-1-Length,Header-Length,Content-Length,foofoofoo"));
- }
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, deletecors_firsttime){
- if(g_test->get_key_type() == KEY_TYPE_SWIFT)return;
- ASSERT_EQ(0, create_bucket());
- g_test->send_request("DELETE", "/" S3_BUCKET_NAME "?cors");
- EXPECT_EQ(204U, g_test->get_resp_code());
- ASSERT_EQ(0, delete_bucket());
-}
-
-TEST(TestCORS, deletecors_test){
- set<string> origins, h;
- list<string> e;
- if(g_test->get_key_type() == KEY_TYPE_SWIFT)return;
- ASSERT_EQ(0, create_bucket());
- origins.insert(origins.end(), "example.com");
- uint8_t flags = RGW_CORS_GET | RGW_CORS_PUT;
-
- send_cors(origins, h, e, flags, CORS_MAX_AGE_INVALID);
- EXPECT_EQ(((g_test->get_key_type() == KEY_TYPE_SWIFT)?202U:200U), g_test->get_resp_code());
-
- g_test->send_request("GET", "/" S3_BUCKET_NAME "?cors");
- EXPECT_EQ(200U, g_test->get_resp_code());
- g_test->send_request("DELETE", "/" S3_BUCKET_NAME "?cors");
- EXPECT_EQ(204U, g_test->get_resp_code());
- g_test->send_request("GET", "/" S3_BUCKET_NAME "?cors");
- EXPECT_EQ(404U, g_test->get_resp_code());
- ASSERT_EQ(0, delete_bucket());
-}
-
-int main(int argc, char *argv[]){
- vector<const char*> args;
- argv_to_vec(argc, (const char **)argv, args);
-
- auto cct = global_init(NULL, args, CEPH_ENTITY_TYPE_CLIENT,
- CODE_ENVIRONMENT_UTILITY, 0);
- common_init_finish(g_ceph_context);
- g_test = new test_cors_helper();
- finisher = new Finisher(g_ceph_context);
-#ifdef GTEST
- ::testing::InitGoogleTest(&argc, argv);
-#endif
- finisher->start();
-
- if(g_test->extract_input((unsigned)argc, argv) < 0){
- print_usage(argv[0]);
- return -1;
- }
-#ifdef GTEST
- int r = RUN_ALL_TESTS();
- if (r >= 0) {
- cout << "There are failures in the test case\n";
- return -1;
- }
-#endif
- finisher->stop();
- delete g_test;
- delete finisher;
- return 0;
-}
-