1 #include "async_resp.hpp"
2 #include "http/http2_connection.hpp"
3 #include "http/http_request.hpp"
4 #include "http/http_response.hpp"
5 
6 #include <nghttp2/nghttp2.h>
7 #include <unistd.h>
8 
9 #include <boost/asio/buffer.hpp>
10 #include <boost/asio/impl/write.hpp>
11 #include <boost/asio/io_context.hpp>
12 #include <boost/asio/steady_timer.hpp>
13 #include <boost/beast/_experimental/test/stream.hpp>
14 #include <boost/beast/http/field.hpp>
15 
16 #include <bit>
17 #include <cstddef>
18 #include <cstdint>
19 #include <functional>
20 #include <memory>
21 #include <string>
22 #include <string_view>
23 #include <utility>
24 #include <vector>
25 
26 #include "gmock/gmock.h"
27 #include "gtest/gtest.h"
28 namespace crow
29 {
30 
31 namespace
32 {
33 
34 using ::testing::Pair;
35 using ::testing::UnorderedElementsAre;
36 
37 struct FakeHandler
38 {
39     bool called = false;
40     void handle(Request& req,
41                 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
42     {
43         called = true;
44         EXPECT_EQ(req.url().buffer(), "/redfish/v1/");
45         EXPECT_EQ(req.methodString(), "GET");
46         EXPECT_EQ(req.getHeaderValue(boost::beast::http::field::user_agent),
47                   "curl/8.5.0");
48         EXPECT_EQ(req.getHeaderValue(boost::beast::http::field::accept), "*/*");
49         EXPECT_EQ(req.getHeaderValue(":authority"), "localhost:18080");
50         asyncResp->res.write("StringOutput");
51     }
52 };
53 
54 std::string getDateStr()
55 {
56     return "TestTime";
57 }
58 
59 void unpackHeaders(std::string_view dataField,
60                    std::vector<std::pair<std::string, std::string>>& headers)
61 {
62     nghttp2_hd_inflater_ex inflater;
63 
64     while (!dataField.empty())
65     {
66         nghttp2_nv nv;
67         int inflateFlags = 0;
68         const uint8_t* data = std::bit_cast<const uint8_t*>(dataField.data());
69         ssize_t parsed = inflater.hd2(&nv, &inflateFlags, data,
70                                       dataField.size(), 1);
71 
72         ASSERT_GT(parsed, 0);
73         dataField.remove_prefix(static_cast<size_t>(parsed));
74         if ((inflateFlags & NGHTTP2_HD_INFLATE_EMIT) > 0)
75         {
76             const char* namePtr = std::bit_cast<const char*>(nv.name);
77             std::string key(namePtr, nv.namelen);
78             const char* valPtr = std::bit_cast<const char*>(nv.value);
79             std::string value(valPtr, nv.valuelen);
80             headers.emplace_back(key, value);
81         }
82         if ((inflateFlags & NGHTTP2_HD_INFLATE_FINAL) > 0)
83         {
84             EXPECT_EQ(inflater.endHeaders(), 0);
85             break;
86         }
87     }
88     EXPECT_TRUE(dataField.empty());
89 }
90 
91 TEST(http_connection, RequestPropogates)
92 {
93     using namespace std::literals;
94     boost::asio::io_context io;
95     boost::beast::test::stream stream(io);
96     boost::beast::test::stream out(io);
97     stream.connect(out);
98     // This is a binary pre-encrypted stream captured from curl for a request to
99     // curl https://localhost:18080/redfish/v1/
100     std::string_view toSend =
101         // Hello
102         "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
103         // 18 byte settings frame
104         "\x00\x00\x12\x04\x00\x00\x00\x00\x00"
105         // Settings
106         "\x00\x03\x00\x00\x00\x64\x00\x04\x00\xa0\x00\x00\x00\x02\x00\x00\x00\x00"
107         // Window update frame
108         "\x00\x00\x04\x08\x00\x00\x00\x00\x00"
109         // Window update
110         "\x3e\x7f\x00\x01"
111         // Header frame END_STREAM, END_HEADERS set
112         "\x00\x00\x29\x01\x05\x00\x00\x00"
113         // Header payload
114         "\x01\x82\x87\x41\x8b\xa0\xe4\x1d\x13\x9d\x09\xb8\x17\x80\xf0\x3f"
115         "\x04\x89\x62\xc2\xc9\x29\x91\x3b\x1d\xc2\xc7\x7a\x88\x25\xb6\x50"
116         "\xc3\xcb\xb6\xb8\x3f\x53\x03\x2a\x2f\x2a"sv;
117 
118     boost::asio::write(out, boost::asio::buffer(toSend));
119 
120     FakeHandler handler;
121     boost::asio::steady_timer timer(io);
122     std::function<std::string()> date(getDateStr);
123     auto conn = std::make_shared<
124         HTTP2Connection<boost::beast::test::stream, FakeHandler>>(
125         std::move(stream), &handler, date);
126     conn->start();
127 
128     std::string_view expectedPrefix =
129         // Settings frame size 13
130         "\x00\x00\x0c\x04\x00\x00\x00\x00\x00"
131         // 4 max concurrent streams
132         "\x00\x03\x00\x00\x00\x04"
133         // Enable push = false
134         "\x00\x02\x00\x00\x00\x00"
135         // Settings ACK from server to client
136         "\x00\x00\x00\x04\x01\x00\x00\x00\x00"
137 
138         // Start Headers frame stream 1, size 0x034b
139         "\x00\x03\x4b\x01\x04\x00\x00\x00\x01"sv;
140 
141     std::string_view expectedPostfix =
142         // Data Frame, Length 12, Stream 1, End Stream flag set
143         "\x00\x00\x0c\x00\x01\x00\x00\x00\x01"
144         // The body expected
145         "StringOutput"sv;
146 
147     std::string_view outStr;
148     constexpr size_t headerSize = 0x34b;
149 
150     // Run until we receive the expected amount of data
151     while (outStr.size() <
152            expectedPrefix.size() + headerSize + expectedPostfix.size())
153     {
154         io.run_one();
155         outStr = out.str();
156     }
157     EXPECT_TRUE(handler.called);
158 
159     // check the stream output against expected
160     EXPECT_EQ(outStr.substr(0, expectedPrefix.size()), expectedPrefix);
161     outStr.remove_prefix(expectedPrefix.size());
162     std::vector<std::pair<std::string, std::string>> headers;
163     unpackHeaders(outStr.substr(0, headerSize), headers);
164     outStr.remove_prefix(headerSize);
165 
166     EXPECT_THAT(
167         headers,
168         UnorderedElementsAre(
169             Pair(":status", "200"), Pair("content-length", "12"),
170             Pair("strict-transport-security",
171                  "max-age=31536000; includeSubdomains"),
172             Pair("x-frame-options", "DENY"), Pair("pragma", "no-cache"),
173             Pair("cache-control", "no-store, max-age=0"),
174             Pair("x-content-type-options", "nosniff"),
175             Pair("referrer-policy", "no-referrer"),
176             Pair(
177                 "permissions-policy",
178                 "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wak-lock=(),web-share=(),xr-spatial-tracking=()"),
179             Pair("x-permitted-cross-domain-policies", "none"),
180             Pair("cross-origin-embedder-policy", "require-corp"),
181             Pair("cross-origin-opener-policy", "same-origin"),
182             Pair("cross-origin-resource-policy", "same-origin"),
183             Pair(
184                 "content-security-policy",
185                 "default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'"),
186             Pair("date", "TestTime")));
187 
188     EXPECT_EQ(outStr, expectedPostfix);
189 }
190 
191 } // namespace
192 } // namespace crow
193