From 542f65c66bcc36b0c47492ebf97d034a9725b4d8 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Tue, 20 Dec 2016 14:16:29 -0800 Subject: [PATCH] test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell Reviewed-By: Gibson Fahnestock Reviewed-By: Michael Dawson --- test/parallel/test-tls-cert-chains-concat.js | 50 ++++++++++++++++++++ test/parallel/test-tls-cert-chains-in-ca.js | 46 ++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 test/parallel/test-tls-cert-chains-concat.js create mode 100644 test/parallel/test-tls-cert-chains-in-ca.js diff --git a/test/parallel/test-tls-cert-chains-concat.js b/test/parallel/test-tls-cert-chains-concat.js new file mode 100644 index 00000000000000..d53edef89842b9 --- /dev/null +++ b/test/parallel/test-tls-cert-chains-concat.js @@ -0,0 +1,50 @@ +'use strict'; +const common = require('../common'); + +// Check cert chain is received by client, and is completed with the ca cert +// known to the client. + +const join = require('path').join; +const { + assert, connect, debug, keys +} = require(join(common.fixturesDir, 'tls-connect'))(); + +// agent6-cert.pem includes cert for agent6 and ca3 +connect({ + client: { + checkServerIdentity: (servername, cert) => { }, + ca: keys.agent6.ca, + }, + server: { + cert: keys.agent6.cert, + key: keys.agent6.key, + }, +}, function(err, pair, cleanup) { + assert.ifError(err); + + const peer = pair.client.conn.getPeerCertificate(); + debug('peer:\n', peer); + assert.strictEqual(peer.subject.emailAddress, 'adam.lippai@tresorit.com'); + assert.strictEqual(peer.subject.CN, 'Ádám Lippai'), + assert.strictEqual(peer.issuer.CN, 'ca3'); + assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC'); + + const next = pair.client.conn.getPeerCertificate(true).issuerCertificate; + const root = next.issuerCertificate; + delete next.issuerCertificate; + debug('next:\n', next); + assert.strictEqual(next.subject.CN, 'ca3'); + assert.strictEqual(next.issuer.CN, 'ca1'); + assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF'); + + debug('root:\n', root); + assert.strictEqual(root.subject.CN, 'ca1'); + assert.strictEqual(root.issuer.CN, 'ca1'); + assert.strictEqual(root.serialNumber, '8DF21C01468AF393'); + + // No client cert, so empty object returned. + assert.deepStrictEqual(pair.server.conn.getPeerCertificate(), {}); + assert.deepStrictEqual(pair.server.conn.getPeerCertificate(true), {}); + + return cleanup(); +}); diff --git a/test/parallel/test-tls-cert-chains-in-ca.js b/test/parallel/test-tls-cert-chains-in-ca.js new file mode 100644 index 00000000000000..69f62c3f72d859 --- /dev/null +++ b/test/parallel/test-tls-cert-chains-in-ca.js @@ -0,0 +1,46 @@ +'use strict'; +const common = require('../common'); + +// Check cert chain is received by client, and is completed with the ca cert +// known to the client. + +const join = require('path').join; +const { + assert, connect, debug, keys +} = require(join(common.fixturesDir, 'tls-connect'))(); + + +// agent6-cert.pem includes cert for agent6 and ca3, split it apart and +// provide ca3 in the .ca property. +const agent6Chain = keys.agent6.cert.split('-----END CERTIFICATE-----') + .map((c) => { return c + '-----END CERTIFICATE-----'; }); +const agent6End = agent6Chain[0]; +const agent6Middle = agent6Chain[1]; +connect({ + client: { + checkServerIdentity: (servername, cert) => { }, + ca: keys.agent6.ca, + }, + server: { + cert: agent6End, + key: keys.agent6.key, + ca: agent6Middle, + }, +}, function(err, pair, cleanup) { + assert.ifError(err); + + const peer = pair.client.conn.getPeerCertificate(); + debug('peer:\n', peer); + assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC'); + + const next = pair.client.conn.getPeerCertificate(true).issuerCertificate; + const root = next.issuerCertificate; + delete next.issuerCertificate; + debug('next:\n', next); + assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF'); + + debug('root:\n', root); + assert.strictEqual(root.serialNumber, '8DF21C01468AF393'); + + return cleanup(); +});