1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
'use strict';
var common = require('../common');
var assert = require('assert');
if (!common.hasCrypto) {
console.log('1..0 # Skipped: missing crypto');
process.exit();
}
var tls = require('tls');
var fs = require('fs');
var hosterr = /Hostname\/IP doesn\'t match certificate\'s altnames/g;
var testCases =
[{ ca: ['ca1-cert'],
key: 'agent2-key',
cert: 'agent2-cert',
servers: [
{ ok: true, key: 'agent1-key', cert: 'agent1-cert' },
{ ok: false, key: 'agent2-key', cert: 'agent2-cert' },
{ ok: false, key: 'agent3-key', cert: 'agent3-cert' }
]
},
{ ca: [],
key: 'agent2-key',
cert: 'agent2-cert',
servers: [
{ ok: false, key: 'agent1-key', cert: 'agent1-cert' },
{ ok: false, key: 'agent2-key', cert: 'agent2-cert' },
{ ok: false, key: 'agent3-key', cert: 'agent3-cert' }
]
},
{ ca: ['ca1-cert', 'ca2-cert'],
key: 'agent2-key',
cert: 'agent2-cert',
servers: [
{ ok: true, key: 'agent1-key', cert: 'agent1-cert' },
{ ok: false, key: 'agent2-key', cert: 'agent2-cert' },
{ ok: true, key: 'agent3-key', cert: 'agent3-cert' }
]
}
];
function filenamePEM(n) {
return require('path').join(common.fixturesDir, 'keys', n + '.pem');
}
function loadPEM(n) {
return fs.readFileSync(filenamePEM(n));
}
var successfulTests = 0;
function testServers(index, servers, clientOptions, cb) {
var serverOptions = servers[index];
if (!serverOptions) {
cb();
return;
}
var ok = serverOptions.ok;
if (serverOptions.key) {
serverOptions.key = loadPEM(serverOptions.key);
}
if (serverOptions.cert) {
serverOptions.cert = loadPEM(serverOptions.cert);
}
var server = tls.createServer(serverOptions, function(s) {
s.end('hello world\n');
});
server.listen(common.PORT, function() {
var b = '';
console.error('connecting...');
var client = tls.connect(clientOptions, function() {
var authorized = client.authorized ||
hosterr.test(client.authorizationError);
console.error('expected: ' + ok + ' authed: ' + authorized);
assert.equal(ok, authorized);
server.close();
});
client.on('data', function(d) {
b += d.toString();
});
client.on('end', function() {
assert.equal('hello world\n', b);
});
client.on('close', function() {
testServers(index + 1, servers, clientOptions, cb);
});
});
}
function runTest(testIndex) {
var tcase = testCases[testIndex];
if (!tcase) return;
var clientOptions = {
port: common.PORT,
ca: tcase.ca.map(loadPEM),
key: loadPEM(tcase.key),
cert: loadPEM(tcase.cert),
rejectUnauthorized: false
};
testServers(0, tcase.servers, clientOptions, function() {
successfulTests++;
runTest(testIndex + 1);
});
}
runTest(0);
process.on('exit', function() {
console.log('successful tests: %d', successfulTests);
assert.equal(successfulTests, testCases.length);
});
|
