Start a simple TLS client verification test

2024-11-21 10:59:27 +00:00 · 2010-12-10 18:02:51 -08:00 · 2010-12-10 18:02:51 -08:00 · c444293be9
commit c444293be9
parent 32e8692b06
2 changed files with 127 additions and 16 deletions
--- a/lib/tls.js
+++ b/lib/tls.js
@ -373,7 +373,7 @@ SecurePair.prototype._error = function(err) {
    // Not really an error.
    this._destroy();
  } else {
-    this.emit('error', err);
+    this.cleartext.emit('error', err);
  }
 };

@ -470,7 +470,7 @@ function Server(/* [options], listener */) {
  net.Server.call(this, function(socket) {
    var creds = crypto.createCredentials(
        { key: self.key, cert: self.cert, ca: self.ca });
-    creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
+    //creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');

    var pair = new SecurePair(creds,
                              true,
@ -500,19 +500,6 @@ function Server(/* [options], listener */) {
        }
      }
    });
-
-    pair.on('error', function(e) {
-      console.error('pair got error: ' + e);
-      self.emit('error', e);
-    });
-
-    pair.cleartext.on('error', function(err) {
-      console.error('cleartext got error: ' + err);
-    });
-
-    pair.encrypted.on('error', function(err) {
-      console.log('encrypted got error: ' + err);
-    });
  });

  if (listener) {
@ -593,7 +580,7 @@ exports.connect = function(port /* host, options, cb */) {
  var socket = new net.Stream();

  var sslcontext = crypto.createCredentials(options);
-  sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
+  //sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');

  var pair = new SecurePair(sslcontext, false);

--- a/test/simple/test-tls-client-verify.js
+++ b/test/simple/test-tls-client-verify.js
@ -0,0 +1,124 @@
+var testCases =
+  [ { ca: ['ca1-cert'],
+      key: 'agent2-key',
+      cert: 'agent2-cert',
+      servers: [
+        { ok: true, key: 'agent1-key', cert: 'agent1-cert' },
+        { ok: false, key: 'agent2-key', cert: 'agent2-cert' },
+        { ok: false, key: 'agent3-key', cert: 'agent3-cert' },
+      ]
+    }, 
+  
+    { ca: [],
+      key: 'agent2-key',
+      cert: 'agent2-cert',
+      servers: [
+        { ok: false, key: 'agent1-key', cert: 'agent1-cert' },
+        { ok: false, key: 'agent2-key', cert: 'agent2-cert' },
+        { ok: false, key: 'agent3-key', cert: 'agent3-cert' },
+      ]
+    },
+
+    { ca: ['ca1-cert', 'ca2-cert'],
+      key: 'agent2-key',
+      cert: 'agent2-cert',
+      servers: [
+        { ok: true, key: 'agent1-key', cert: 'agent1-cert' },
+        { ok: false, key: 'agent2-key', cert: 'agent2-cert' },
+        { ok: true, key: 'agent3-key', cert: 'agent3-cert' },
+      ]
+    },
+  ];
+
+
+var common = require('../common');
+var assert = require('assert');
+var fs = require('fs');
+var tls = require('tls');
+
+
+function filenamePEM(n) {
+  return require('path').join(common.fixturesDir, 'keys', n + ".pem");
+}
+
+
+function loadPEM(n) {
+  return fs.readFileSync(filenamePEM(n));
+}
+
+var successfulTests = 0;
+
+function testServers(index, servers, clientOptions, cb) {
+  var serverOptions = servers[index];
+  if (!serverOptions) {
+    cb();
+    return;
+  }
+
+  var ok = serverOptions.ok;
+
+  if (serverOptions.key) {
+    serverOptions.key = loadPEM(serverOptions.key); 
+  }
+
+  if (serverOptions.cert) { 
+    serverOptions.cert = loadPEM(serverOptions.cert); 
+  }
+
+  var server = tls.createServer(serverOptions, function(s) {
+    s.end("hello world\n"); 
+  });
+
+  server.listen(common.PORT, function() {
+    var b = '';
+
+    console.error("connecting...");
+    var client = tls.connect(common.PORT, clientOptions, function () {
+
+      console.error("expected: " + ok + " authed: " + client.authorized);
+
+      assert.equal(ok, client.authorized); 
+      server.close();
+    });
+
+    client.on('data', function(d) {
+      b += d.toString();
+    });
+
+    client.on('end', function() {
+      // TODO: 
+      //assert.equal('hello world\n', b);
+    });
+
+    client.on('close', function() {
+      testServers(index + 1, servers, clientOptions, cb);
+    });
+  });
+}
+
+
+function runTest (testIndex) {
+  var tcase = testCases[testIndex];
+  if (!tcase) return;
+
+  var clientOptions = {
+    ca: tcase.ca.map(loadPEM),
+    key: loadPEM(tcase.key),
+    cert: loadPEM(tcase.cert)
+  };
+
+
+  testServers(0, tcase.servers, clientOptions, function () {
+    successfulTests++;
+    runTest(testIndex + 1);
+  });
+}
+
+
+runTest(0);
+
+
+process.on('exit', function() {
+  console.log("successful tests: %d", successfulTests);
+  assert.equal(successfulTests, testCases.length);
+});