1// Copyright Joyent, Inc. and other Node contributors. 2// 3// Permission is hereby granted, free of charge, to any person obtaining a 4// copy of this software and associated documentation files (the 5// "Software"), to deal in the Software without restriction, including 6// without limitation the rights to use, copy, modify, merge, publish, 7// distribute, sublicense, and/or sell copies of the Software, and to permit 8// persons to whom the Software is furnished to do so, subject to the 9// following conditions: 10// 11// The above copyright notice and this permission notice shall be included 12// in all copies or substantial portions of the Software. 13// 14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN 17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 20// USE OR OTHER DEALINGS IN THE SOFTWARE. 21 22'use strict'; 23const common = require('../common'); 24const fixtures = require('../common/fixtures'); 25if (!common.hasCrypto) { 26 common.skip('missing crypto'); 27} 28const crypto = require('crypto'); 29 30// Verify that detailed getPeerCertificate() return value has all certs. 31 32const { 33 assert, connect, debug, keys 34} = require(fixtures.path('tls-connect')); 35 36function sha256(s) { 37 return crypto.createHash('sha256').update(s); 38} 39 40connect({ 41 client: { rejectUnauthorized: false }, 42 server: keys.agent1, 43}, function(err, pair, cleanup) { 44 assert.ifError(err); 45 const socket = pair.client.conn; 46 const localCert = socket.getCertificate(); 47 assert.deepStrictEqual(localCert, {}); 48 let peerCert = socket.getPeerCertificate(); 49 assert.ok(!peerCert.issuerCertificate); 50 51 peerCert = socket.getPeerCertificate(true); 52 debug('peerCert:\n', peerCert); 53 54 assert.ok(peerCert.issuerCertificate); 55 assert.strictEqual(peerCert.subject.emailAddress, 'ry@tinyclouds.org'); 56 assert.strictEqual(peerCert.serialNumber, 'ECC9B856270DA9A8'); 57 assert.strictEqual(peerCert.exponent, '0x10001'); 58 assert.strictEqual(peerCert.bits, 1024); 59 // The conversion to bits is odd because modulus isn't a buffer, its a hex 60 // string. There are two hex chars for every byte of modulus, and 8 bits per 61 // byte. 62 assert.strictEqual(peerCert.modulus.length / 2 * 8, peerCert.bits); 63 assert.strictEqual( 64 peerCert.fingerprint, 65 'D7:FD:F6:42:92:A8:83:51:8E:80:48:62:66:DA:85:C2:EE:A6:A1:CD' 66 ); 67 assert.strictEqual( 68 peerCert.fingerprint256, 69 'B0:BE:46:49:B8:29:63:E0:6F:63:C8:8A:57:9C:3F:9B:72:C6:F5:89:E3:0D:84:AC:' + 70 '5B:08:9A:20:89:B6:8F:D6' 71 ); 72 73 // SHA256 fingerprint of the public key 74 assert.strictEqual( 75 sha256(peerCert.pubkey).digest('hex'), 76 '221fcc8593146e9eee65b2f7f9c1504993ece8de014657a4a1cde55c5e35d06e' 77 ); 78 79 // HPKP / RFC7469 "pin-sha256" of the public key 80 assert.strictEqual( 81 sha256(peerCert.pubkey).digest('base64'), 82 'Ih/MhZMUbp7uZbL3+cFQSZPs6N4BRlekoc3lXF410G4=' 83 ); 84 85 assert.deepStrictEqual(peerCert.infoAccess['OCSP - URI'], 86 [ 'http://ocsp.nodejs.org/' ]); 87 88 const issuer = peerCert.issuerCertificate; 89 assert.strictEqual(issuer.issuerCertificate, issuer); 90 assert.strictEqual(issuer.serialNumber, 'CB153AE212609FC6'); 91 92 return cleanup(); 93}); 94 95connect({ 96 client: { rejectUnauthorized: false }, 97 server: keys.ec, 98}, function(err, pair, cleanup) { 99 assert.ifError(err); 100 const socket = pair.client.conn; 101 let peerCert = socket.getPeerCertificate(true); 102 assert.ok(peerCert.issuerCertificate); 103 104 peerCert = socket.getPeerCertificate(true); 105 debug('peerCert:\n', peerCert); 106 107 assert.ok(peerCert.issuerCertificate); 108 assert.strictEqual(peerCert.subject.emailAddress, 'ry@tinyclouds.org'); 109 assert.strictEqual(peerCert.serialNumber, 'C1EA7B03D5956D52'); 110 assert.strictEqual(peerCert.exponent, undefined); 111 assert.strictEqual(peerCert.pubKey, undefined); 112 assert.strictEqual(peerCert.modulus, undefined); 113 assert.strictEqual( 114 peerCert.fingerprint, 115 'DF:F0:D3:6B:C3:E7:74:7C:C7:F3:FB:1E:33:12:AE:6C:8D:53:5F:74' 116 ); 117 assert.strictEqual( 118 peerCert.fingerprint256, 119 'AB:08:3C:40:C7:07:D7:D1:79:32:92:3B:96:52:D0:38:4C:22:ED:CD:23:51:D0:A1:' + 120 '67:AA:33:A0:D5:26:5C:41' 121 ); 122 123 assert.strictEqual( 124 sha256(peerCert.pubkey).digest('hex'), 125 'ec68fc7d5e32cd4e1da5a7b59c0a2229be6f82fcc9bf8c8691a2262aacb14f53' 126 ); 127 assert.strictEqual(peerCert.asn1Curve, 'prime256v1'); 128 assert.strictEqual(peerCert.nistCurve, 'P-256'); 129 assert.strictEqual(peerCert.bits, 256); 130 131 assert.deepStrictEqual(peerCert.infoAccess, undefined); 132 133 const issuer = peerCert.issuerCertificate; 134 assert.strictEqual(issuer.issuerCertificate, issuer); 135 assert.strictEqual(issuer.serialNumber, 'C1EA7B03D5956D52'); 136 137 return cleanup(); 138}); 139