• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright Joyent, Inc. and other Node contributors.
2//
3// Permission is hereby granted, free of charge, to any person obtaining a
4// copy of this software and associated documentation files (the
5// "Software"), to deal in the Software without restriction, including
6// without limitation the rights to use, copy, modify, merge, publish,
7// distribute, sublicense, and/or sell copies of the Software, and to permit
8// persons to whom the Software is furnished to do so, subject to the
9// following conditions:
10//
11// The above copyright notice and this permission notice shall be included
12// in all copies or substantial portions of the Software.
13//
14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20// USE OR OTHER DEALINGS IN THE SOFTWARE.
21
22'use strict';
23
24const common = require('../common');
25
26if (!common.opensslCli)
27  common.skip('node compiled without OpenSSL CLI.');
28
29if (!common.hasCrypto)
30  common.skip('missing crypto');
31
32if (common.isWindows)
33  common.skip('test does not work on Windows'); // ...but it should!
34
35const net = require('net');
36const assert = require('assert');
37const fixtures = require('../common/fixtures');
38const tls = require('tls');
39const spawn = require('child_process').spawn;
40
41test1();
42
43// simple/test-tls-securepair-client
44function test1() {
45  test('keys/rsa_private.pem', 'keys/rsa_cert.crt', null, test2);
46}
47
48// simple/test-tls-ext-key-usage
49function test2() {
50  function check(pair) {
51    // "TLS Web Client Authentication"
52    assert.strictEqual(pair.cleartext.getPeerCertificate().ext_key_usage.length,
53                       1);
54    assert.strictEqual(pair.cleartext.getPeerCertificate().ext_key_usage[0],
55                       '1.3.6.1.5.5.7.3.2');
56  }
57  test('keys/agent4-key.pem', 'keys/agent4-cert.pem', check);
58}
59
60function test(keyPath, certPath, check, next) {
61  const key = fixtures.readSync(keyPath).toString();
62  const cert = fixtures.readSync(certPath).toString();
63
64  const server = spawn(common.opensslCli, ['s_server',
65                                           '-accept', 0,
66                                           '-cert', fixtures.path(certPath),
67                                           '-key', fixtures.path(keyPath)]);
68  server.stdout.pipe(process.stdout);
69  server.stderr.pipe(process.stdout);
70
71
72  let state = 'WAIT-ACCEPT';
73
74  let serverStdoutBuffer = '';
75  server.stdout.setEncoding('utf8');
76  server.stdout.on('data', function(s) {
77    serverStdoutBuffer += s;
78    console.log(state);
79    switch (state) {
80      case 'WAIT-ACCEPT':
81        const matches = serverStdoutBuffer.match(/ACCEPT .*?:(\d+)/);
82        if (matches) {
83          const port = matches[1];
84          state = 'WAIT-HELLO';
85          startClient(port);
86        }
87        break;
88
89      case 'WAIT-HELLO':
90        if (/hello/.test(serverStdoutBuffer)) {
91
92          // End the current SSL connection and exit.
93          // See s_server(1ssl).
94          server.stdin.write('Q');
95
96          state = 'WAIT-SERVER-CLOSE';
97        }
98        break;
99
100      default:
101        break;
102    }
103  });
104
105
106  const timeout = setTimeout(function() {
107    server.kill();
108    process.exit(1);
109  }, 5000);
110
111  let gotWriteCallback = false;
112  let serverExitCode = -1;
113
114  server.on('exit', function(code) {
115    serverExitCode = code;
116    clearTimeout(timeout);
117    if (next) next();
118  });
119
120
121  function startClient(port) {
122    const s = new net.Stream();
123
124    const sslcontext = tls.createSecureContext({ key, cert });
125    sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
126
127    const pair = tls.createSecurePair(sslcontext, false);
128
129    assert.ok(pair.encrypted.writable);
130    assert.ok(pair.cleartext.writable);
131
132    pair.encrypted.pipe(s);
133    s.pipe(pair.encrypted);
134
135    s.connect(port);
136
137    s.on('connect', function() {
138      console.log('client connected');
139      setTimeout(function() {
140        pair.cleartext.write('hello\r\n', function() {
141          gotWriteCallback = true;
142        });
143      }, 500);
144    });
145
146    pair.on('secure', function() {
147      console.log('client: connected+secure!');
148      console.log('client pair.cleartext.getPeerCertificate(): %j',
149                  pair.cleartext.getPeerCertificate());
150      console.log('client pair.cleartext.getCipher(): %j',
151                  pair.cleartext.getCipher());
152      if (check) check(pair);
153    });
154
155    pair.cleartext.on('data', function(d) {
156      console.log('cleartext: %s', d.toString());
157    });
158
159    s.on('close', function() {
160      console.log('client close');
161    });
162
163    pair.encrypted.on('error', function(err) {
164      console.log(`encrypted error: ${err}`);
165    });
166
167    s.on('error', function(err) {
168      console.log(`socket error: ${err}`);
169    });
170
171    pair.on('error', function(err) {
172      console.log(`secure error: ${err}`);
173    });
174  }
175
176
177  process.on('exit', function() {
178    assert.strictEqual(serverExitCode, 0);
179    assert.strictEqual(state, 'WAIT-SERVER-CLOSE');
180    assert.ok(gotWriteCallback);
181  });
182}
183