Skip to content

Commit

Permalink
test: tls cert chain completion scenarios
Browse files Browse the repository at this point in the history
Backport-PR-URL: #12468
PR-URL: #10389
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
  • Loading branch information
sam-github authored and MylesBorins committed Apr 19, 2017
1 parent f1c2f26 commit 1d7fab3
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 0 deletions.
50 changes: 50 additions & 0 deletions test/parallel/test-tls-cert-chains-concat.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
'use strict';
const common = require('../common');

// Check cert chain is received by client, and is completed with the ca cert
// known to the client.

const join = require('path').join;
const {
assert, connect, debug, keys
} = require(join(common.fixturesDir, 'tls-connect'))();

// agent6-cert.pem includes cert for agent6 and ca3
connect({
client: {
checkServerIdentity: (servername, cert) => { },
ca: keys.agent6.ca,
},
server: {
cert: keys.agent6.cert,
key: keys.agent6.key,
},
}, function(err, pair, cleanup) {
assert.ifError(err);

const peer = pair.client.conn.getPeerCertificate();
debug('peer:\n', peer);
assert.strictEqual(peer.subject.emailAddress, 'adam.lippai@tresorit.com');
assert.strictEqual(peer.subject.CN, 'Ádám Lippai'),
assert.strictEqual(peer.issuer.CN, 'ca3');
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');

const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
const root = next.issuerCertificate;
delete next.issuerCertificate;
debug('next:\n', next);
assert.strictEqual(next.subject.CN, 'ca3');
assert.strictEqual(next.issuer.CN, 'ca1');
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');

debug('root:\n', root);
assert.strictEqual(root.subject.CN, 'ca1');
assert.strictEqual(root.issuer.CN, 'ca1');
assert.strictEqual(root.serialNumber, '8DF21C01468AF393');

// No client cert, so empty object returned.
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(), {});
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(true), {});

return cleanup();
});
46 changes: 46 additions & 0 deletions test/parallel/test-tls-cert-chains-in-ca.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
'use strict';
const common = require('../common');

// Check cert chain is received by client, and is completed with the ca cert
// known to the client.

const join = require('path').join;
const {
assert, connect, debug, keys
} = require(join(common.fixturesDir, 'tls-connect'))();


// agent6-cert.pem includes cert for agent6 and ca3, split it apart and
// provide ca3 in the .ca property.
const agent6Chain = keys.agent6.cert.split('-----END CERTIFICATE-----')
.map((c) => { return c + '-----END CERTIFICATE-----'; });
const agent6End = agent6Chain[0];
const agent6Middle = agent6Chain[1];
connect({
client: {
checkServerIdentity: (servername, cert) => { },
ca: keys.agent6.ca,
},
server: {
cert: agent6End,
key: keys.agent6.key,
ca: agent6Middle,
},
}, function(err, pair, cleanup) {
assert.ifError(err);

const peer = pair.client.conn.getPeerCertificate();
debug('peer:\n', peer);
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');

const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
const root = next.issuerCertificate;
delete next.issuerCertificate;
debug('next:\n', next);
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');

debug('root:\n', root);
assert.strictEqual(root.serialNumber, '8DF21C01468AF393');

return cleanup();
});

0 comments on commit 1d7fab3

Please sign in to comment.