0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
nodejs/test/fixtures/tls-connect.js
Sam Roberts e5878eaf5e test: test TLS client authentication
TLS client authentication should be tested, including failure scenarios.

PR-URL: https://github.com/nodejs/node/pull/24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2018-12-11 15:28:54 -08:00

109 lines
2.9 KiB
JavaScript

// One shot call to connect a TLS client and server based on options to
// tls.createServer() and tls.connect(), so assertions can be made on both ends
// of the connection.
'use strict';
const common = require('../common');
// Check if Node was compiled --without-ssl and if so exit early
// as the require of tls will otherwise throw an Error.
if (!common.hasCrypto)
common.skip('missing crypto');
const fixtures = require('../common/fixtures');
const tls = require('tls');
const util = require('util');
exports.assert = require('assert');
exports.debug = util.debuglog('test');
exports.tls = tls;
// Pre-load keys from common fixtures for ease of use by tests.
const keys = exports.keys = {
agent1: load('agent1', 'ca1'),
agent2: load('agent2', 'agent2'),
agent3: load('agent3', 'ca2'),
agent4: load('agent4', 'ca2'),
agent5: load('agent5', 'ca2'),
agent6: load('agent6', 'ca1'),
agent7: load('agent7', 'fake-cnnic-root'),
agent10: load('agent10', 'ca2'),
ec10: load('ec10', 'ca5'),
ec: load('ec', 'ec'),
};
// root is the self-signed root of the trust chain, not an intermediate ca.
function load(cert, root) {
root = root || cert; // Assume self-signed if no issuer
const id = {
key: fixtures.readKey(cert + '-key.pem', 'binary'),
cert: fixtures.readKey(cert + '-cert.pem', 'binary'),
ca: fixtures.readKey(root + '-cert.pem', 'binary'),
};
return id;
}
exports.connect = function connect(options, callback) {
callback = common.mustCall(callback);
const server = {};
const client = {};
const pair = { server, client };
try {
tls.createServer(options.server, function(conn) {
server.conn = conn;
conn.pipe(conn);
maybeCallback()
}).listen(0, function() {
server.server = this;
const optClient = util._extend({
port: this.address().port,
}, options.client);
try {
tls.connect(optClient)
.on('secureConnect', function() {
client.conn = this;
maybeCallback();
})
.on('error', function(err) {
client.err = err;
client.conn = this;
maybeCallback();
});
} catch (err) {
client.err = err;
// The server won't get a connection, we are done.
callback(err, pair, cleanup);
callback = null;
}
}).on('tlsClientError', function(err, sock) {
server.conn = sock;
server.err = err;
maybeCallback();
});
} catch (err) {
// Invalid options can throw, report the error.
pair.server.err = err;
callback(err, pair, () => {});
}
function maybeCallback() {
if (!callback)
return;
if (server.conn && (client.conn || client.err)) {
const err = pair.client.err || pair.server.err;
callback(err, pair, cleanup);
callback = null;
}
}
function cleanup() {
if (server.server)
server.server.close();
if (client.conn)
client.conn.end();
}
}