Merge pull request #590 from arnaudgeiser/559

client: Accept empty file with SSL

Author: KingMob

src/aleph/http/core.clj

@@ -461,13 +461,16 @@
     (netty/write ch fr)
     (netty/write-and-flush ch empty-last-content)))
 
+(defn- file->stream [^HttpFile file]
+  (-> file
+      (bs/to-byte-buffers {:chunk-size (.-chunk-size file)})
+      s/->source))
+
 (defn send-file-body [ch ssl? ^HttpMessage msg ^HttpFile file]
   (cond
     ssl?
-    (send-streaming-body ch msg
-      (-> file
-        (bs/to-byte-buffers {:chunk-size (.-chunk-size file)})
-        s/->source))
+    (let [body (when (pos-int? (.length file)) (file->stream file))]
+      (send-streaming-body ch msg body))
 
     (chunked-writer-enabled? ch)
     (send-chunked-file ch msg file)

test/aleph/http_test.clj

@@ -1,12 +1,15 @@
 (ns aleph.http-test
   (:require
+    [clojure.java.io :as io]
     [clojure.string :as str]
     [clojure.test :refer [deftest testing is]]
     [aleph
      [http :as http]
      [netty :as netty]
      [flow :as flow]
+     [ssl :as ssl]
      [tcp :as tcp]]
+    [aleph.http.core :as core]
     [byte-streams :as bs]
     [manifold.deferred :as d]
     [manifold.stream :as s])
@@ -192,9 +195,12 @@
      (with-server (http/start-server ~handler {:port port :compression-level 3})
        ~@body)))
 
-(defmacro with-ssl-handler [handler & body]
-  `(with-server (http/start-server ~handler {:port port, :ssl-context (netty/self-signed-ssl-context)})
-     ~@body))
+(def default-ssl-options {:port port, :ssl-context (netty/self-signed-ssl-context)})
+
+(defmacro with-handler-options
+   [handler options & body]
+   `(with-server (http/start-server ~handler ~options)
+      ~@body))
 
 (defmacro with-raw-handler [handler & body]
   `(with-server (http/start-server ~handler {:port port, :raw-stream? true})
@@ -228,8 +234,9 @@
       (is (some? unzipped) 'should-be-valid-gzip)
       (is (= result unzipped) 'decompressed-body-is-correct))))
 
+
 (deftest test-ssl-response-formats
-  (with-ssl-handler basic-handler
+  (with-handler-options basic-handler default-ssl-options
     (doseq [[index [path result]] (map-indexed vector expected-results)]
       (is
        (= result
@@ -238,6 +245,34 @@
             @(http-get (str "https://localhost:" port "/" path)))))
        (str path "path failed")))))
 
+(deftest test-files
+  (let [client-url (str "http://localhost:" port)]
+    (with-handler identity
+      (is (str/blank?
+             (bs/to-string
+              (:body @(http-put client-url
+                                {:body (io/file "test/empty.txt")})))))
+      (is (= (slurp "test/file.txt" :encoding "UTF-8")
+             (bs/to-string
+              (:body @(http-put client-url
+                                {:body (io/file "test/file.txt")}))))))))
+
+(deftest test-ssl-files
+  (let [client-url (str "https://localhost:" port)
+        client-options {:connection-options {:ssl-context ssl/client-ssl-context}}
+        client-pool    (http/connection-pool client-options)]
+    (with-handler-options identity (merge default-ssl-options {:ssl-context ssl/server-ssl-context})
+      (is (str/blank?
+           (bs/to-string
+            (:body @(http-put client-url
+                              {:body (io/file "test/empty.txt")
+                               :pool client-pool})))))
+      (is (= (slurp "test/file.txt" :encoding "UTF-8")
+             (bs/to-string
+              (:body @(http-put client-url
+                                {:body (io/file "test/file.txt")
+                                 :pool client-pool}))))))))
+
 (def characters
   (let [charset (conj (mapv char (range 32 127)) \newline)]
     (repeatedly #(rand-nth charset))))

test/aleph/ssl.clj

@@ -0,0 +1,55 @@
+(ns aleph.ssl
+  (:require [aleph.netty :as netty])
+  (:import [io.netty.handler.ssl SslContextBuilder ClientAuth]
+           [java.io ByteArrayInputStream]
+           [java.security KeyFactory PrivateKey]
+           [java.security.cert CertificateFactory X509Certificate]
+           [java.security.spec RSAPrivateCrtKeySpec]
+           [org.apache.commons.codec.binary Base64]))
+
+(set! *warn-on-reflection* false)
+
+(defn gen-cert
+  ^X509Certificate [^String pemstr]
+  (.generateCertificate (CertificateFactory/getInstance "X.509")
+                        (ByteArrayInputStream. (Base64/decodeBase64 pemstr))))
+
+(defn gen-key
+  ^PrivateKey [public-exponent k]
+  (let [k (zipmap
+           (keys k)
+           (->> k
+                vals
+                (map #(BigInteger. ^String % 16))))
+        spec (RSAPrivateCrtKeySpec.
+              (:modulus k)
+              (biginteger public-exponent)
+              (:privateExponent k)
+              (:prime1 k)
+              (:prime2 k)
+              (:exponent1 k)
+              (:exponent2 k)
+              (:coefficient k))
+        gen (KeyFactory/getInstance "RSA")]
+    (.generatePrivate gen spec)))
+
+(def server-cert (gen-cert (read-string (slurp "test/server_cert.edn"))))
+(def server-key (gen-key 65537 (read-string (slurp "test/server_key.edn"))))
+
+(def ca-cert (gen-cert (read-string (slurp "test/ca_cert.edn"))))
+(def ca-key (gen-key 65537 (read-string (slurp "test/ca_key.edn"))))
+
+(def ^X509Certificate client-cert (gen-cert (read-string (slurp "test/client_cert.edn"))))
+(def client-key (gen-key 65537 (read-string (slurp "test/client_key.edn"))))
+
+(def server-ssl-context
+  (-> (SslContextBuilder/forServer server-key (into-array X509Certificate [server-cert]))
+      (.trustManager (into-array X509Certificate [ca-cert]))
+      (.clientAuth ClientAuth/OPTIONAL)
+      .build))
+
+(def client-ssl-context
+  (netty/ssl-client-context
+   {:private-key client-key
+    :certificate-chain (into-array X509Certificate [client-cert])
+    :trust-store (into-array X509Certificate [ca-cert])}))

test/aleph/tcp_ssl_test.clj

@@ -1,79 +1,25 @@
 (ns aleph.tcp-ssl-test
-  (:use
-    [clojure test])
   (:require [aleph.tcp-test :refer [with-server]]
-    [aleph.tcp :as tcp]
-    [aleph.netty :as netty]
-    [manifold.stream :as s]
-    [byte-streams :as bs])
-  (:import
-   [java.security KeyFactory PrivateKey]
-   [java.security.cert CertificateFactory X509Certificate]
-   [java.io ByteArrayInputStream]
-   [java.security.spec RSAPrivateCrtKeySpec]
-   [io.netty.handler.ssl SslContextBuilder ClientAuth]
-   [org.apache.commons.codec.binary Base64]))
+            [aleph.tcp :as tcp]
+            [aleph.ssl :as ssl]
+            [aleph.netty :as netty]
+            [byte-streams :as bs]
+            [clojure.test :refer [deftest is]]
+            [manifold.stream :as s])
+  (:import [java.security.cert X509Certificate]))
 
 (netty/leak-detector-level! :paranoid)
 
 (set! *warn-on-reflection* false)
 
-(defn gen-key
-  ^PrivateKey [public-exponent k]
-  (let [k (zipmap
-            (keys k)
-            (->> k
-              vals
-              (map #(BigInteger. % 16))))
-        spec (RSAPrivateCrtKeySpec.
-               (:modulus k)
-               (biginteger public-exponent)
-               (:privateExponent k)
-               (:prime1 k)
-               (:prime2 k)
-               (:exponent1 k)
-               (:exponent2 k)
-               (:coefficient k))
-        gen (KeyFactory/getInstance "RSA")]
-    (.generatePrivate gen spec)))
-
-(defn gen-cert
-  ^X509Certificate [^String pemstr]
-  (.generateCertificate (CertificateFactory/getInstance "X.509")
-    (ByteArrayInputStream. (Base64/decodeBase64 pemstr))))
-
-(def ca-cert (gen-cert (read-string (slurp "test/ca_cert.edn"))))
-
-(def ca-key (gen-key 65537 (read-string (slurp "test/ca_key.edn"))))
-
-(def server-cert (gen-cert (read-string (slurp "test/server_cert.edn"))))
-
-(def server-key (gen-key 65537 (read-string (slurp "test/server_key.edn"))))
-
-(def ^X509Certificate client-cert (gen-cert (read-string (slurp "test/client_cert.edn"))))
-
-(def client-key (gen-key 65537 (read-string (slurp "test/client_key.edn"))))
-
-(def server-ssl-context
-  (-> (SslContextBuilder/forServer server-key (into-array X509Certificate [server-cert]))
-    (.trustManager (into-array X509Certificate [ca-cert]))
-    (.clientAuth ClientAuth/OPTIONAL)
-    .build))
-
-(def client-ssl-context
-  (netty/ssl-client-context
-    {:private-key client-key
-     :certificate-chain (into-array X509Certificate [client-cert])
-     :trust-store (into-array X509Certificate [ca-cert])}))
-
 (defn ssl-echo-handler
   [s c]
   (is (some? (:ssl-session c)) "SSL session should be defined")
   (s/connect
     ; note we need to inspect the SSL session *after* we start reading
     ; data. Otherwise, the session might not be set up yet.
     (s/map (fn [msg]
-             (is (= (.getSubjectDN ^X509Certificate client-cert)
+             (is (= (.getSubjectDN ^X509Certificate ssl/client-cert)
                    (.getSubjectDN ^X509Certificate (first (.getPeerCertificates (:ssl-session c))))))
              msg)
       s)
@@ -82,9 +28,9 @@
 (deftest test-ssl-echo
   (with-server (tcp/start-server ssl-echo-handler
                                  {:port 10001
-                                  :ssl-context server-ssl-context})
+                                  :ssl-context ssl/server-ssl-context})
     (let [c @(tcp/client {:host "localhost"
                           :port 10001
-                          :ssl-context client-ssl-context})]
+                          :ssl-context ssl/client-ssl-context})]
       (s/put! c "foo")
       (is (= "foo" (bs/to-string @(s/take! c)))))))