-
Notifications
You must be signed in to change notification settings - Fork 30.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: tls cert chain completion scenarios
Backport-PR-URL: #12468 PR-URL: #10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
- Loading branch information
1 parent
c555f53
commit 54486c0
Showing
2 changed files
with
96 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
'use strict'; | ||
const common = require('../common'); | ||
|
||
// Check cert chain is received by client, and is completed with the ca cert | ||
// known to the client. | ||
|
||
const join = require('path').join; | ||
const { | ||
assert, connect, debug, keys | ||
} = require(join(common.fixturesDir, 'tls-connect'))(); | ||
|
||
// agent6-cert.pem includes cert for agent6 and ca3 | ||
connect({ | ||
client: { | ||
checkServerIdentity: (servername, cert) => { }, | ||
ca: keys.agent6.ca, | ||
}, | ||
server: { | ||
cert: keys.agent6.cert, | ||
key: keys.agent6.key, | ||
}, | ||
}, function(err, pair, cleanup) { | ||
assert.ifError(err); | ||
|
||
const peer = pair.client.conn.getPeerCertificate(); | ||
debug('peer:\n', peer); | ||
assert.strictEqual(peer.subject.emailAddress, 'adam.lippai@tresorit.com'); | ||
assert.strictEqual(peer.subject.CN, 'Ádám Lippai'), | ||
assert.strictEqual(peer.issuer.CN, 'ca3'); | ||
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC'); | ||
|
||
const next = pair.client.conn.getPeerCertificate(true).issuerCertificate; | ||
const root = next.issuerCertificate; | ||
delete next.issuerCertificate; | ||
debug('next:\n', next); | ||
assert.strictEqual(next.subject.CN, 'ca3'); | ||
assert.strictEqual(next.issuer.CN, 'ca1'); | ||
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF'); | ||
|
||
debug('root:\n', root); | ||
assert.strictEqual(root.subject.CN, 'ca1'); | ||
assert.strictEqual(root.issuer.CN, 'ca1'); | ||
assert.strictEqual(root.serialNumber, '8DF21C01468AF393'); | ||
|
||
// No client cert, so empty object returned. | ||
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(), {}); | ||
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(true), {}); | ||
|
||
return cleanup(); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
'use strict'; | ||
const common = require('../common'); | ||
|
||
// Check cert chain is received by client, and is completed with the ca cert | ||
// known to the client. | ||
|
||
const join = require('path').join; | ||
const { | ||
assert, connect, debug, keys | ||
} = require(join(common.fixturesDir, 'tls-connect'))(); | ||
|
||
|
||
// agent6-cert.pem includes cert for agent6 and ca3, split it apart and | ||
// provide ca3 in the .ca property. | ||
const agent6Chain = keys.agent6.cert.split('-----END CERTIFICATE-----') | ||
.map((c) => { return c + '-----END CERTIFICATE-----'; }); | ||
const agent6End = agent6Chain[0]; | ||
const agent6Middle = agent6Chain[1]; | ||
connect({ | ||
client: { | ||
checkServerIdentity: (servername, cert) => { }, | ||
ca: keys.agent6.ca, | ||
}, | ||
server: { | ||
cert: agent6End, | ||
key: keys.agent6.key, | ||
ca: agent6Middle, | ||
}, | ||
}, function(err, pair, cleanup) { | ||
assert.ifError(err); | ||
|
||
const peer = pair.client.conn.getPeerCertificate(); | ||
debug('peer:\n', peer); | ||
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC'); | ||
|
||
const next = pair.client.conn.getPeerCertificate(true).issuerCertificate; | ||
const root = next.issuerCertificate; | ||
delete next.issuerCertificate; | ||
debug('next:\n', next); | ||
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF'); | ||
|
||
debug('root:\n', root); | ||
assert.strictEqual(root.serialNumber, '8DF21C01468AF393'); | ||
|
||
return cleanup(); | ||
}); |