node/test/parallel/test-tls-cert-chains-in-ca.js

'use strict';
require('../common');
const fixtures = require('../common/fixtures');

// Check cert chain is received by client, and is completed with the ca cert
// known to the client.

const {
  assert, connect, debug, keys
} = require(fixtures.path('tls-connect'));


// agent6-cert.pem includes cert for agent6 and ca3, split it apart and
// provide ca3 in the .ca property.
const agent6Chain = keys.agent6.cert.split(/(?=-----BEGIN CERTIFICATE-----)/);
const agent6End = agent6Chain[0];
const agent6Middle = agent6Chain[1];
connect({
  client: {
    checkServerIdentity: (servername, cert) => { },
    ca: keys.agent6.ca,
  },
  server: {
    cert: agent6End,
    key: keys.agent6.key,
    ca: agent6Middle,
  },
}, function(err, pair, cleanup) {
  assert.ifError(err);

  const peer = pair.client.conn.getPeerCertificate();
  debug('peer:\n', peer);
  assert.match(peer.serialNumber, /5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE/i);

  const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
  const root = next.issuerCertificate;
  delete next.issuerCertificate;
  debug('next:\n', next);
  assert.match(next.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A425/i);

  debug('root:\n', root);
  assert.match(root.serialNumber, /4AB16C8DFD6A7D0D2DFCABDF9C4B0E92C6AD0229/i);

  return cleanup();
});
test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 2016-12-20 22:16:29 +00:00			`'use strict';`
test: begin normalizing fixtures use Adds a new `../common/fixtures' module to begin normalizing `test/fixtures` use. Our test code is a bit inconsistent with regards to use of the fixtures directory. Some code uses `path.join()`, some code uses string concats, some other code uses template strings, etc. In mnay cases, significant duplication of code is seen when accessing fixture files, etc. This updates many (but by no means all) of the tests in the test suite to use the new consistent API. There are still many more to update, which would make an excelent Code-n-Learn exercise. PR-URL: https://github.com/nodejs/node/pull/14332 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com> 2017-07-17 22:33:46 +00:00			`require('../common');`
			`const fixtures = require('../common/fixtures');`
test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 2016-12-20 22:16:29 +00:00
			`// Check cert chain is received by client, and is completed with the ca cert`
			`// known to the client.`

			`const {`
			`assert, connect, debug, keys`
test: begin normalizing fixtures use Adds a new `../common/fixtures' module to begin normalizing `test/fixtures` use. Our test code is a bit inconsistent with regards to use of the fixtures directory. Some code uses `path.join()`, some code uses string concats, some other code uses template strings, etc. In mnay cases, significant duplication of code is seen when accessing fixture files, etc. This updates many (but by no means all) of the tests in the test suite to use the new consistent API. There are still many more to update, which would make an excelent Code-n-Learn exercise. PR-URL: https://github.com/nodejs/node/pull/14332 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michaël Zasso <targos@protonmail.com> 2017-07-17 22:33:46 +00:00			`} = require(fixtures.path('tls-connect'));`
test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 2016-12-20 22:16:29 +00:00

			`// agent6-cert.pem includes cert for agent6 and ca3, split it apart and`
			`// provide ca3 in the .ca property.`
test: refactor test-tls-cert-chains-in-ca When splitting PEM string into separate certs, use non-capturing regexp to avoid having to put the split string back with .map(). As a bonus, this splits the PEM into two certs, rather than 2 certs and a third crufty whitespace-only string. PR-URL: https://github.com/nodejs/node/pull/11367 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> 2017-02-14 04:29:33 +00:00			`const agent6Chain = keys.agent6.cert.split(/(?=-----BEGIN CERTIFICATE-----)/);`
test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 2016-12-20 22:16:29 +00:00			`const agent6End = agent6Chain[0];`
			`const agent6Middle = agent6Chain[1];`
			`connect({`
			`client: {`
			`checkServerIdentity: (servername, cert) => { },`
			`ca: keys.agent6.ca,`
			`},`
			`server: {`
			`cert: agent6End,`
			`key: keys.agent6.key,`
			`ca: agent6Middle,`
			`},`
			`}, function(err, pair, cleanup) {`
			`assert.ifError(err);`

			`const peer = pair.client.conn.getPeerCertificate();`
			`debug('peer:\n', peer);`
test: make more crypto tests work with BoringSSL PR-URL: https://github.com/nodejs/node/pull/46429 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2023-02-01 19:51:39 +00:00			`assert.match(peer.serialNumber, /5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE/i);`
test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 2016-12-20 22:16:29 +00:00
			`const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;`
			`const root = next.issuerCertificate;`
			`delete next.issuerCertificate;`
			`debug('next:\n', next);`
test: make more crypto tests work with BoringSSL PR-URL: https://github.com/nodejs/node/pull/46429 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2023-02-01 19:51:39 +00:00			`assert.match(next.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A425/i);`
test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 2016-12-20 22:16:29 +00:00
			`debug('root:\n', root);`
test: make more crypto tests work with BoringSSL PR-URL: https://github.com/nodejs/node/pull/46429 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 2023-02-01 19:51:39 +00:00			`assert.match(root.serialNumber, /4AB16C8DFD6A7D0D2DFCABDF9C4B0E92C6AD0229/i);`
test: tls cert chain completion scenarios PR-URL: https://github.com/nodejs/node/pull/10389 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 2016-12-20 22:16:29 +00:00
			`return cleanup();`
			`});`