1'use strict'; 2const common = require('../common'); 3if (!common.hasCrypto) 4 common.skip('missing crypto'); 5 6const assert = require('assert'); 7const tls = require('tls'); 8const fixtures = require('../common/fixtures'); 9 10let finished = 0; 11 12function loadPEM(n) { 13 return fixtures.readKey(`${n}.pem`); 14} 15 16const testCases = [ 17 { // agent8 is signed by fake-startcom-root with notBefore of 18 // Oct 20 23:59:59 2016 GMT. It passes StartCom/WoSign check. 19 serverOpts: { 20 key: loadPEM('agent8-key'), 21 cert: loadPEM('agent8-cert') 22 }, 23 clientOpts: { 24 ca: loadPEM('fake-startcom-root-cert'), 25 port: undefined, 26 rejectUnauthorized: true 27 }, 28 errorCode: 'CERT_REVOKED' 29 }, 30 { // agent9 is signed by fake-startcom-root with notBefore of 31 // Oct 21 00:00:01 2016 GMT. It fails StartCom/WoSign check. 32 serverOpts: { 33 key: loadPEM('agent9-key'), 34 cert: loadPEM('agent9-cert') 35 }, 36 clientOpts: { 37 ca: loadPEM('fake-startcom-root-cert'), 38 port: undefined, 39 rejectUnauthorized: true 40 }, 41 errorCode: 'CERT_REVOKED' 42 }, 43]; 44 45 46function runNextTest(server, tindex) { 47 server.close(function() { 48 finished++; 49 runTest(tindex + 1); 50 }); 51} 52 53 54function runTest(tindex) { 55 const tcase = testCases[tindex]; 56 57 if (!tcase) return; 58 59 const server = tls.createServer(tcase.serverOpts, function(s) { 60 s.resume(); 61 }).listen(0, function() { 62 tcase.clientOpts.port = this.address().port; 63 const client = tls.connect(tcase.clientOpts); 64 client.on('error', function(e) { 65 assert.strictEqual(e.code, tcase.errorCode); 66 runNextTest(server, tindex); 67 }); 68 69 client.on('secureConnect', function() { 70 // agent8 can pass StartCom/WoSign check so that the secureConnect 71 // is established. 72 assert.strictEqual(tcase.errorCode, 'CERT_REVOKED'); 73 client.end(); 74 runNextTest(server, tindex); 75 }); 76 }); 77} 78 79 80runTest(0); 81 82process.on('exit', function() { 83 assert.strictEqual(finished, testCases.length); 84}); 85