1// Copyright Joyent, Inc. and other Node contributors. 2// 3// Permission is hereby granted, free of charge, to any person obtaining a 4// copy of this software and associated documentation files (the 5// "Software"), to deal in the Software without restriction, including 6// without limitation the rights to use, copy, modify, merge, publish, 7// distribute, sublicense, and/or sell copies of the Software, and to permit 8// persons to whom the Software is furnished to do so, subject to the 9// following conditions: 10// 11// The above copyright notice and this permission notice shall be included 12// in all copies or substantial portions of the Software. 13// 14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN 17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 20// USE OR OTHER DEALINGS IN THE SOFTWARE. 21 22'use strict'; 23const common = require('../common'); 24if (!common.hasCrypto) 25 common.skip('missing crypto'); 26 27const assert = require('assert'); 28const tls = require('tls'); 29const fixtures = require('../common/fixtures'); 30 31const passKey = fixtures.readKey('rsa_private_encrypted.pem'); 32const rawKey = fixtures.readKey('rsa_private.pem'); 33const cert = fixtures.readKey('rsa_cert.crt'); 34 35assert(Buffer.isBuffer(passKey)); 36assert(Buffer.isBuffer(cert)); 37assert.strictEqual(typeof passKey.toString(), 'string'); 38assert.strictEqual(typeof cert.toString(), 'string'); 39 40function onSecureConnect() { 41 return common.mustCall(function() { this.end(); }); 42} 43 44const server = tls.Server({ 45 key: passKey, 46 passphrase: 'password', 47 cert: cert, 48 ca: [cert], 49 requestCert: true, 50 rejectUnauthorized: true 51}); 52 53server.listen(0, common.mustCall(function() { 54 // Buffer 55 tls.connect({ 56 port: this.address().port, 57 key: passKey, 58 passphrase: 'password', 59 cert: cert, 60 rejectUnauthorized: false 61 }, onSecureConnect()); 62 63 tls.connect({ 64 port: this.address().port, 65 key: rawKey, 66 cert: cert, 67 rejectUnauthorized: false 68 }, onSecureConnect()); 69 70 tls.connect({ 71 port: this.address().port, 72 key: rawKey, 73 passphrase: 'ignored', 74 cert: cert, 75 rejectUnauthorized: false 76 }, onSecureConnect()); 77 78 // Buffer[] 79 tls.connect({ 80 port: this.address().port, 81 key: [passKey], 82 passphrase: 'password', 83 cert: [cert], 84 rejectUnauthorized: false 85 }, onSecureConnect()); 86 87 tls.connect({ 88 port: this.address().port, 89 key: [rawKey], 90 cert: [cert], 91 rejectUnauthorized: false 92 }, onSecureConnect()); 93 94 tls.connect({ 95 port: this.address().port, 96 key: [rawKey], 97 passphrase: 'ignored', 98 cert: [cert], 99 rejectUnauthorized: false 100 }, onSecureConnect()); 101 102 // string 103 tls.connect({ 104 port: this.address().port, 105 key: passKey.toString(), 106 passphrase: 'password', 107 cert: cert.toString(), 108 rejectUnauthorized: false 109 }, onSecureConnect()); 110 111 tls.connect({ 112 port: this.address().port, 113 key: rawKey.toString(), 114 cert: cert.toString(), 115 rejectUnauthorized: false 116 }, onSecureConnect()); 117 118 tls.connect({ 119 port: this.address().port, 120 key: rawKey.toString(), 121 passphrase: 'ignored', 122 cert: cert.toString(), 123 rejectUnauthorized: false 124 }, onSecureConnect()); 125 126 // String[] 127 tls.connect({ 128 port: this.address().port, 129 key: [passKey.toString()], 130 passphrase: 'password', 131 cert: [cert.toString()], 132 rejectUnauthorized: false 133 }, onSecureConnect()); 134 135 tls.connect({ 136 port: this.address().port, 137 key: [rawKey.toString()], 138 cert: [cert.toString()], 139 rejectUnauthorized: false 140 }, onSecureConnect()); 141 142 tls.connect({ 143 port: this.address().port, 144 key: [rawKey.toString()], 145 passphrase: 'ignored', 146 cert: [cert.toString()], 147 rejectUnauthorized: false 148 }, onSecureConnect()); 149 150 // Object[] 151 tls.connect({ 152 port: this.address().port, 153 key: [{ pem: passKey, passphrase: 'password' }], 154 cert: cert, 155 rejectUnauthorized: false 156 }, onSecureConnect()); 157 158 tls.connect({ 159 port: this.address().port, 160 key: [{ pem: passKey, passphrase: 'password' }], 161 passphrase: 'ignored', 162 cert: cert, 163 rejectUnauthorized: false 164 }, onSecureConnect()); 165 166 tls.connect({ 167 port: this.address().port, 168 key: [{ pem: passKey }], 169 passphrase: 'password', 170 cert: cert, 171 rejectUnauthorized: false 172 }, onSecureConnect()); 173 174 tls.connect({ 175 port: this.address().port, 176 key: [{ pem: passKey.toString(), passphrase: 'password' }], 177 cert: cert, 178 rejectUnauthorized: false 179 }, onSecureConnect()); 180 181 tls.connect({ 182 port: this.address().port, 183 key: [{ pem: rawKey, passphrase: 'ignored' }], 184 cert: cert, 185 rejectUnauthorized: false 186 }, onSecureConnect()); 187 188 tls.connect({ 189 port: this.address().port, 190 key: [{ pem: rawKey.toString(), passphrase: 'ignored' }], 191 cert: cert, 192 rejectUnauthorized: false 193 }, onSecureConnect()); 194 195 tls.connect({ 196 port: this.address().port, 197 key: [{ pem: rawKey }], 198 passphrase: 'ignored', 199 cert: cert, 200 rejectUnauthorized: false 201 }, onSecureConnect()); 202 203 tls.connect({ 204 port: this.address().port, 205 key: [{ pem: rawKey.toString() }], 206 passphrase: 'ignored', 207 cert: cert, 208 rejectUnauthorized: false 209 }, onSecureConnect()); 210 211 tls.connect({ 212 port: this.address().port, 213 key: [{ pem: rawKey }], 214 cert: cert, 215 rejectUnauthorized: false 216 }, onSecureConnect()); 217 218 tls.connect({ 219 port: this.address().port, 220 key: [{ pem: rawKey.toString() }], 221 cert: cert, 222 rejectUnauthorized: false 223 }, onSecureConnect()); 224})).unref(); 225 226const errMessagePassword = /bad decrypt/; 227 228// Missing passphrase 229assert.throws(function() { 230 tls.connect({ 231 port: server.address().port, 232 key: passKey, 233 cert: cert, 234 rejectUnauthorized: false 235 }); 236}, errMessagePassword); 237 238assert.throws(function() { 239 tls.connect({ 240 port: server.address().port, 241 key: [passKey], 242 cert: cert, 243 rejectUnauthorized: false 244 }); 245}, errMessagePassword); 246 247assert.throws(function() { 248 tls.connect({ 249 port: server.address().port, 250 key: [{ pem: passKey }], 251 cert: cert, 252 rejectUnauthorized: false 253 }); 254}, errMessagePassword); 255 256const errMessageDecrypt = /bad decrypt/; 257 258// Invalid passphrase 259assert.throws(function() { 260 tls.connect({ 261 port: server.address().port, 262 key: passKey, 263 passphrase: 'invalid', 264 cert: cert, 265 rejectUnauthorized: false 266 }); 267}, errMessageDecrypt); 268 269assert.throws(function() { 270 tls.connect({ 271 port: server.address().port, 272 key: [passKey], 273 passphrase: 'invalid', 274 cert: cert, 275 rejectUnauthorized: false 276 }); 277}, errMessageDecrypt); 278 279assert.throws(function() { 280 tls.connect({ 281 port: server.address().port, 282 key: [{ pem: passKey }], 283 passphrase: 'invalid', 284 cert: cert, 285 rejectUnauthorized: false 286 }); 287}, errMessageDecrypt); 288 289assert.throws(function() { 290 tls.connect({ 291 port: server.address().port, 292 key: [{ pem: passKey, passphrase: 'invalid' }], 293 passphrase: 'password', // Valid but unused 294 cert: cert, 295 rejectUnauthorized: false 296 }); 297}, errMessageDecrypt); 298