1'use strict'; 2const common = require('../common'); 3if (!common.hasCrypto) common.skip('missing crypto'); 4const fixtures = require('../common/fixtures'); 5 6// Test sigalgs: option for TLS. 7 8const { 9 assert, connect, keys 10} = require(fixtures.path('tls-connect')); 11 12function assert_arrays_equal(left, right) { 13 assert.strictEqual(left.length, right.length); 14 for (let i = 0; i < left.length; i++) { 15 assert.strictEqual(left[i], right[i]); 16 } 17} 18 19function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) { 20 assert(shared_sigalgs || serr || cerr, 'test missing any expectations'); 21 connect({ 22 client: { 23 checkServerIdentity: (servername, cert) => { }, 24 ca: `${keys.agent1.cert}\n${keys.agent6.ca}`, 25 cert: keys.agent2.cert, 26 key: keys.agent2.key, 27 sigalgs: csigalgs 28 }, 29 server: { 30 cert: keys.agent6.cert, 31 key: keys.agent6.key, 32 ca: keys.agent2.ca, 33 context: { 34 requestCert: true, 35 rejectUnauthorized: true 36 }, 37 sigalgs: ssigalgs 38 }, 39 }, common.mustCall((err, pair, cleanup) => { 40 if (shared_sigalgs) { 41 assert.ifError(err); 42 assert.ifError(pair.server.err); 43 assert.ifError(pair.client.err); 44 assert(pair.server.conn); 45 assert(pair.client.conn); 46 assert_arrays_equal(pair.server.conn.getSharedSigalgs(), shared_sigalgs); 47 } else { 48 if (serr) { 49 assert(pair.server.err); 50 assert(pair.server.err.code, serr); 51 } 52 53 if (cerr) { 54 assert(pair.client.err); 55 assert(pair.client.err.code, cerr); 56 } 57 } 58 59 return cleanup(); 60 })); 61} 62 63// Have shared sigalgs 64test('RSA-PSS+SHA384', 'RSA-PSS+SHA384', ['RSA-PSS+SHA384']); 65test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256', 66 'RSA-PSS+SHA256:ECDSA+SHA256', 67 ['RSA-PSS+SHA256', 'ECDSA+SHA256']); 68 69// Do not have shared sigalgs. 70test('RSA-PSS+SHA384', 'ECDSA+SHA256', 71 undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS'); 72 73test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256', 74 undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS'); 75