From 03ba8396f338269fbdf11290c146b2c63e4c2e38 Mon Sep 17 00:00:00 2001
From: SALLEYRON Julien <julien.salleyron@gmail.com>
Date: Wed, 6 Sep 2017 09:36:02 +0200
Subject: [PATCH] Add test for SSL TERMINATION in Websocket

---
 .../fixtures/websocket/config_https.toml      | 27 +++++++++
 integration/websocket_test.go                 | 58 +++++++++++++++++++
 2 files changed, 85 insertions(+)
 create mode 100644 integration/fixtures/websocket/config_https.toml

diff --git a/integration/fixtures/websocket/config_https.toml b/integration/fixtures/websocket/config_https.toml
new file mode 100644
index 000000000..59a5df545
--- /dev/null
+++ b/integration/fixtures/websocket/config_https.toml
@@ -0,0 +1,27 @@
+defaultEntryPoints = ["wss"]
+
+logLevel = "DEBUG"
+
+[entryPoints]
+  [entryPoints.wss]
+  address = ":8000"
+  [entryPoints.wss.tls]
+  [[entryPoints.wss.tls.certificates]]
+    CertFile = "resources/tls/local.cert"
+    KeyFile = "resources/tls/local.key"
+
+[web]
+  address = ":8080"
+
+[file]
+
+[backends]
+  [backends.backend1]
+    [backends.backend1.servers.server1]
+    url = "{{ .WebsocketServer }}"
+
+[frontends]
+  [frontends.frontend1]
+  backend = "backend1"
+    [frontends.frontend1.routes.test_1]
+    rule = "Path:/ws"
diff --git a/integration/websocket_test.go b/integration/websocket_test.go
index 2bccf0b5f..d2a4dd988 100644
--- a/integration/websocket_test.go
+++ b/integration/websocket_test.go
@@ -1,6 +1,9 @@
 package integration
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -232,3 +235,58 @@ func (suite *WebsocketSuite) TestWrongOriginIgnoredByServer(c *check.C) {
 	c.Assert(string(msg), checker.Equals, "OK")
 
 }
+
+func (suite *WebsocketSuite) TestSSLTermination(c *check.C) {
+	var upgrader = gorillawebsocket.Upgrader{} // use default options
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		c, err := upgrader.Upgrade(w, r, nil)
+		if err != nil {
+			return
+		}
+		defer c.Close()
+		for {
+			mt, message, err := c.ReadMessage()
+			if err != nil {
+				break
+			}
+			err = c.WriteMessage(mt, message)
+			if err != nil {
+				break
+			}
+		}
+	}))
+	file := suite.adaptFile(c, "fixtures/websocket/config_https.toml", struct {
+		WebsocketServer string
+	}{
+		WebsocketServer: srv.URL,
+	})
+
+	defer os.Remove(file)
+	cmd, _ := suite.cmdTraefik(withConfigFile(file), "--debug")
+
+	err := cmd.Start()
+	c.Assert(err, check.IsNil)
+	defer cmd.Process.Kill()
+
+	// wait for traefik
+	err = try.GetRequest("http://127.0.0.1:8080/api/providers", 10*time.Second, try.BodyContains("127.0.0.1"))
+	c.Assert(err, checker.IsNil)
+
+	//Add client self-signed cert
+	roots := x509.NewCertPool()
+	certContent, err := ioutil.ReadFile("./resources/tls/local.cert")
+	roots.AppendCertsFromPEM(certContent)
+	gorillawebsocket.DefaultDialer.TLSClientConfig = &tls.Config{
+		RootCAs: roots,
+	}
+	conn, _, err := gorillawebsocket.DefaultDialer.Dial("wss://127.0.0.1:8000/ws", nil)
+	c.Assert(err, checker.IsNil)
+
+	err = conn.WriteMessage(gorillawebsocket.TextMessage, []byte("OK"))
+	c.Assert(err, checker.IsNil)
+
+	_, msg, err := conn.ReadMessage()
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(msg), checker.Equals, "OK")
+}