Skip to content

(v6.x backport) Doc and test cert apis #12468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sam-github wants to merge 6 commits into from
Closed

(v6.x backport) Doc and test cert apis #12468

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
cc1d02d
test: getgroups() may contain duplicate GIDs
sam-github Dec 21, 2016
05039c3
doc,test: tls .ca option supports multi-PEM files
sam-github Dec 21, 2016
d59c9f5
test: tls cert chain completion scenarios
sam-github Dec 20, 2016
7c6aec6
doc: use correct tls certificate property name
sam-github Dec 20, 2016
fd97d25
test: check tls server verification with addCACert
sam-github Dec 20, 2016
8db0443
test: move common tls connect setup into fixtures
sam-github Dec 17, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
test: tls cert chain completion scenarios 
PR-URL: #10389
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
  • Loading branch information
@sam-github
sam-github committed Apr 17, 2017
commit d59c9f5dc3b4bf96f7886f531309136af20618c5
50 changes: 50 additions & 0 deletions test/parallel/test-tls-cert-chains-concat.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
'use strict';
const common = require('../common');

// Check cert chain is received by client, and is completed with the ca cert
// known to the client.

const join = require('path').join;
const {
assert, connect, debug, keys
} = require(join(common.fixturesDir, 'tls-connect'))();

// agent6-cert.pem includes cert for agent6 and ca3
connect({
client: {
checkServerIdentity: (servername, cert) => { },
ca: keys.agent6.ca,
},
server: {
cert: keys.agent6.cert,
key: keys.agent6.key,
},
}, function(err, pair, cleanup) {
assert.ifError(err);

const peer = pair.client.conn.getPeerCertificate();
debug('peer:\n', peer);
assert.strictEqual(peer.subject.emailAddress, 'adam.lippai@tresorit.com');
assert.strictEqual(peer.subject.CN, 'Ádám Lippai'),
assert.strictEqual(peer.issuer.CN, 'ca3');
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');

const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
const root = next.issuerCertificate;
delete next.issuerCertificate;
debug('next:\n', next);
assert.strictEqual(next.subject.CN, 'ca3');
assert.strictEqual(next.issuer.CN, 'ca1');
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');

debug('root:\n', root);
assert.strictEqual(root.subject.CN, 'ca1');
assert.strictEqual(root.issuer.CN, 'ca1');
assert.strictEqual(root.serialNumber, '8DF21C01468AF393');

// No client cert, so empty object returned.
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(), {});
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(true), {});

return cleanup();
});
46 changes: 46 additions & 0 deletions test/parallel/test-tls-cert-chains-in-ca.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
'use strict';
const common = require('../common');

// Check cert chain is received by client, and is completed with the ca cert
// known to the client.

const join = require('path').join;
const {
assert, connect, debug, keys
} = require(join(common.fixturesDir, 'tls-connect'))();


// agent6-cert.pem includes cert for agent6 and ca3, split it apart and
// provide ca3 in the .ca property.
const agent6Chain = keys.agent6.cert.split('-----END CERTIFICATE-----')
.map((c) => { return c + '-----END CERTIFICATE-----'; });
const agent6End = agent6Chain[0];
const agent6Middle = agent6Chain[1];
connect({
client: {
checkServerIdentity: (servername, cert) => { },
ca: keys.agent6.ca,
},
server: {
cert: agent6End,
key: keys.agent6.key,
ca: agent6Middle,
},
}, function(err, pair, cleanup) {
assert.ifError(err);

const peer = pair.client.conn.getPeerCertificate();
debug('peer:\n', peer);
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');

const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
const root = next.issuerCertificate;
delete next.issuerCertificate;
debug('next:\n', next);
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');

debug('root:\n', root);
assert.strictEqual(root.serialNumber, '8DF21C01468AF393');

return cleanup();
});