nodejs/test/parallel/test-tls-disable-renegotiation.js

'use strict';
const common = require('../common');
const assert = require('assert');
const fixtures = require('../common/fixtures');

// Tests that calling disableRenegotiation on a TLSSocket stops renegotiation.

if (!common.hasCrypto)
  common.skip('missing crypto');

const tls = require('tls');

const options = {
  key: fixtures.readKey('agent1-key.pem'),
  cert: fixtures.readKey('agent1-cert.pem')
};

const server = tls.Server(options, common.mustCall((socket) => {
  socket.on('error', common.mustCall((err) => {
    common.expectsError({
      type: Error,
      code: 'ERR_TLS_RENEGOTIATION_DISABLED',
      message: 'TLS session renegotiation disabled for this socket'
    })(err);
    socket.destroy();
    server.close();
  }));
  // Disable renegotiation after the first chunk of data received.
  // Demonstrates that renegotiation works successfully up until
  // disableRenegotiation is called.
  socket.on('data', common.mustCall((chunk) => {
    socket.write(chunk);
    socket.disableRenegotiation();
  }));
  socket.on('secure', common.mustCall(() => {
    assert(socket._handle.handshakes < 2,
           `Too many handshakes [${socket._handle.handshakes}]`);
  }));
}));


server.listen(0, common.mustCall(() => {
  const port = server.address().port;
  const options = {
    rejectUnauthorized: false,
    port
  };
  const client =
    tls.connect(options, common.mustCall(() => {
      client.write('');
      // Negotiation is still permitted for this first
      // attempt. This should succeed.
      client.renegotiate(
        { rejectUnauthorized: false },
        common.mustCall(() => {
          // Once renegotiation completes, we write some
          // data to the socket, which triggers the on
          // data event on the server. After that data
          // is received, disableRenegotiation is called.
          client.write('data', common.mustCall(() => {
            client.write('');
            // This second renegotiation attempt should fail
            // and the callback should never be invoked. The
            // server will simply drop the connection after
            // emitting the error.
            client.renegotiate(
              { rejectUnauthorized: false },
              common.mustNotCall());
          }));
        }));
    }));
}));
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`'use strict';`
			`const common = require('../common');`
			`const assert = require('assert');`
test: replace fixturesDir with fixtures module PR-URL: https://github.com/nodejs/node/pull/15848 Reviewed-By: Ryan Graham <r.m.graham@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> 2017-10-06 18:52:35 +02:00			`const fixtures = require('../common/fixtures');`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00
			`// Tests that calling disableRenegotiation on a TLSSocket stops renegotiation.`

http2: remove redundant return in test PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2017-07-17 19:32:25 +02:00			`if (!common.hasCrypto)`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`common.skip('missing crypto');`
http2: remove redundant return in test PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2017-07-17 19:32:25 +02:00
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`const tls = require('tls');`

			`const options = {`
test: replace fixturesDir with fixtures module PR-URL: https://github.com/nodejs/node/pull/15848 Reviewed-By: Ryan Graham <r.m.graham@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> 2017-10-06 18:52:35 +02:00			`key: fixtures.readKey('agent1-key.pem'),`
			`cert: fixtures.readKey('agent1-cert.pem')`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`};`

			`const server = tls.Server(options, common.mustCall((socket) => {`
			`socket.on('error', common.mustCall((err) => {`
tls: migrate errors in _tls_wrap.js This migrates the old style error in _tls_wrap.js to the new style error ERR_TLS_RENEGOTIATION_DISABLED. Refs: https://github.com/nodejs/node/issues/17709 PR-URL: https://github.com/nodejs/node/pull/17792 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Jon Moss <me@jonathanmoss.me> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> 2017-12-20 12:58:03 +01:00			`common.expectsError({`
			`type: Error,`
			`code: 'ERR_TLS_RENEGOTIATION_DISABLED',`
			`message: 'TLS session renegotiation disabled for this socket'`
			`})(err);`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`socket.destroy();`
			`server.close();`
			`}));`
			`// Disable renegotiation after the first chunk of data received.`
			`// Demonstrates that renegotiation works successfully up until`
			`// disableRenegotiation is called.`
			`socket.on('data', common.mustCall((chunk) => {`
			`socket.write(chunk);`
			`socket.disableRenegotiation();`
			`}));`
			`socket.on('secure', common.mustCall(() => {`
			`assert(socket._handle.handshakes < 2,`
			`Too many handshakes [${socket._handle.handshakes}]`);
			`}));`
			`}));`


			`server.listen(0, common.mustCall(() => {`
			`const port = server.address().port;`
http2: add range support for respondWith{File\|FD} * respondWithFD now supports optional statCheck * respondWithFD and respondWithFile both support offset/length for range requests * Fix linting nits following most recent update PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2017-07-22 18:20:53 +02:00			`const options = {`
			`rejectUnauthorized: false,`
			`port`
			`};`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`const client =`
http2: add range support for respondWith{File\|FD} * respondWithFD now supports optional statCheck * respondWithFD and respondWithFile both support offset/length for range requests * Fix linting nits following most recent update PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2017-07-22 18:20:53 +02:00			`tls.connect(options, common.mustCall(() => {`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`client.write('');`
			`// Negotiation is still permitted for this first`
			`// attempt. This should succeed.`
			`client.renegotiate(`
http2: add range support for respondWith{File\|FD} * respondWithFD now supports optional statCheck * respondWithFD and respondWithFile both support offset/length for range requests * Fix linting nits following most recent update PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2017-07-22 18:20:53 +02:00			`{ rejectUnauthorized: false },`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`common.mustCall(() => {`
			`// Once renegotiation completes, we write some`
			`// data to the socket, which triggers the on`
			`// data event on the server. After that data`
			`// is received, disableRenegotiation is called.`
			`client.write('data', common.mustCall(() => {`
			`client.write('');`
			`// This second renegotiation attempt should fail`
			`// and the callback should never be invoked. The`
			`// server will simply drop the connection after`
			`// emitting the error.`
			`client.renegotiate(`
http2: add range support for respondWith{File\|FD} * respondWithFD now supports optional statCheck * respondWithFD and respondWithFile both support offset/length for range requests * Fix linting nits following most recent update PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2017-07-22 18:20:53 +02:00			`{ rejectUnauthorized: false },`
tls: add tlsSocket.disableRenegotiation() Allows TLS renegotiation to be disabled per `TLSSocket` instance. Per HTTP/2, TLS renegotiation is forbidden after the initial connection prefix is exchanged. PR-URL: https://github.com/nodejs/node/pull/14239 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> 2016-11-04 20:37:36 +01:00			`common.mustNotCall());`
			`}));`
			`}));`
			`}));`
			`}));`