refactor(repo): test self-signed certificate support

fixes #139 fixes #141

package.json

@@ -8,6 +8,7 @@
 		"clean": "rm -rf ./dist && rm -f ./tsconfig.tsbuildinfo",
 		"compile": "tsc --project tsconfig.json",
 		"docs": "rm -rf ./docs && typedoc",
+		"generate:grpc": "grpc_tools_node_protoc --plugin=protoc-gen-ts=./node_modules/.bin/protoc-gen-ts --js_out=import_style=commonjs,binary:./src/generated --grpc_out=./src/generated --ts_out=./src/generated -I ./src/proto ./src/proto/*.proto",
 		"test": "CAMUNDA_UNIT_TEST=true jest --detectOpenHandles --testPathIgnorePatterns integration --testPathIgnorePatterns local-integration --testPathIgnorePatterns disconnection --testPathIgnorePatterns multitenancy --testPathIgnorePatterns __tests__/config",
 		"test:integration": "jest --runInBand --testPathIgnorePatterns disconnection --testPathIgnorePatterns __tests__/config --testPathIgnorePatterns multitenancy --detectOpenHandles --verbose true -u",
 		"test:multitenancy": "jest --runInBand --testPathIgnorePatterns disconnection --testPathIgnorePatterns admin --testPathIgnorePatterns __tests__/config - --detectOpenHandles --verbose true -u",
@@ -85,6 +86,7 @@
 		"@semantic-release/git": "^10.0.1",
 		"@sitapati/testcontainers": "^2.8.1",
 		"@types/debug": "^4.1.12",
+		"@types/express": "^4.17.21",
 		"@types/jest": "^29.5.11",
 		"@types/lodash.mergewith": "^4.6.9",
 		"@types/node": "^20.9.4",
@@ -99,13 +101,16 @@
 		"eslint-config-prettier": "^9.1.0",
 		"eslint-plugin-import": "^2.29.1",
 		"eslint-plugin-prettier": "^5.0.1",
+		"express": "^4.19.2",
+		"grpc-tools": "^1.12.4",
 		"husky": "^8.0.3",
 		"jest": "^29.7.0",
 		"lint-staged": "^15.2.0",
 		"prettier": "^3.1.1",
 		"semantic-release": "^22.0.12",
 		"shx": "^0.3.4",
 		"ts-jest": "^29.1.1",
+		"ts-protoc-gen": "^0.15.0",
 		"tsconfig-paths": "^4.2.0",
 		"tsd": "^0.31.0",
 		"typedoc": "^0.25.9",

src/__tests__/lib/GetCustomCertificateBuffer.spec.ts

@@ -0,0 +1,156 @@
+import fs from 'fs'
+import https from 'https'
+import path from 'path'
+
+import { loadPackageDefinition, Server, ServerCredentials } from '@grpc/grpc-js'
+import { loadSync } from '@grpc/proto-loader'
+import express from 'express'
+
+import {
+	BrokerInfo,
+	Partition,
+	TopologyResponse,
+} from '../../generated/zeebe_pb'
+import { OperateApiClient } from '../../operate'
+import { ZeebeGrpcClient } from '../../zeebe'
+
+test('Can use a custom root certificate to connect to a REST API', async () => {
+	const app = express()
+
+	app.get('/v1/process-instances/:processInstanceKey', (_, res) => {
+		res.json({ bpmnProcessId: 'test' })
+	})
+
+	const options = {
+		key: fs.readFileSync(path.join(__dirname, 'localhost.key')),
+		cert: fs.readFileSync(path.join(__dirname, 'localhost.crt')),
+	}
+
+	const server = https.createServer(options, app)
+
+	server.listen(3012, () => {
+		// console.log('Server listening on port 3012')
+		// server.close()
+		// done()
+	})
+
+	const c = new OperateApiClient({
+		config: {
+			CAMUNDA_CUSTOM_ROOT_CERT_PATH: path.join(__dirname, 'localhost.crt'),
+			CAMUNDA_OAUTH_DISABLED: true,
+			CAMUNDA_OPERATE_BASE_URL: 'https://localhost:3012',
+		},
+	})
+
+	const res = await c.getProcessInstance('1')
+	expect(res.bpmnProcessId).toBe('test')
+	const c1 = new OperateApiClient({
+		config: {
+			CAMUNDA_OAUTH_DISABLED: true,
+			CAMUNDA_OPERATE_BASE_URL: 'https://localhost:3012',
+		},
+	})
+
+	let threw = false
+	try {
+		await c1.getProcessInstance('1')
+	} catch (e) {
+		threw = true
+		expect((e as { code: string }).code).toBe('DEPTH_ZERO_SELF_SIGNED_CERT')
+	}
+	expect(threw).toBe(true)
+	server.close()
+})
+
+test('gRPC server with self-signed certificate', (done) => {
+	// Load the protobuf definition
+	const packageDefinition = loadSync(
+		path.join(__dirname, '..', '..', 'proto', 'zeebe.proto'),
+		{
+			keepCase: true,
+			longs: String,
+			enums: String,
+			defaults: true,
+			oneofs: true,
+		}
+	)
+
+	const zeebeProto = loadPackageDefinition(
+		packageDefinition
+		// eslint-disable-next-line @typescript-eslint/no-explicit-any
+	) as unknown as { gateway_protocol: { Gateway: any } }
+
+	// Create the server
+	const server = new Server()
+
+	// Add a service to the server
+	server.addService(zeebeProto.gateway_protocol.Gateway.service, {
+		Topology: (_, callback) => {
+			const t = new TopologyResponse()
+			const b = new BrokerInfo()
+			b.setHost('localhost')
+			const partition = new Partition()
+			partition.setHealth(0)
+			partition.setPartitionid(0)
+			partition.setRole(0)
+			b.setPartitionsList([partition])
+			t.setBrokersList([b])
+			callback(null, t)
+		},
+		// Implement your service methods here
+	})
+
+	// Read the key and certificate
+	const key = fs.readFileSync(path.join(__dirname, 'localhost.key'))
+	const cert = fs.readFileSync(path.join(__dirname, 'localhost.crt'))
+
+	// Start the server
+	server.bindAsync(
+		'localhost:50051',
+		ServerCredentials.createSsl(null, [
+			{
+				private_key: key,
+				cert_chain: cert,
+			},
+		]),
+		(err) => {
+			if (err) {
+				console.error(err)
+				done()
+				return
+			}
+
+			server.start()
+
+			const zbc = new ZeebeGrpcClient({
+				config: {
+					CAMUNDA_OAUTH_DISABLED: true,
+					ZEEBE_ADDRESS: 'localhost:50051',
+					CAMUNDA_CUSTOM_ROOT_CERT_PATH: path.join(__dirname, 'localhost.crt'),
+					zeebeGrpcSettings: {
+						ZEEBE_CLIENT_LOG_LEVEL: 'NONE',
+					},
+				},
+			})
+			zbc.topology().then(() => {
+				expect(true).toBe(true)
+				zbc.close()
+				// Stop the server after the test
+				server.tryShutdown((err) => {
+					if (err) console.error(err)
+					done()
+				})
+			})
+			// const zbc2 = new ZeebeGrpcClient({
+			// 	config: {
+			// 		CAMUNDA_OAUTH_DISABLED: true,
+			// 		ZEEBE_ADDRESS: 'localhost:50051',
+			// 	},
+			// })
+			// zbc2.topology().catch((e) => {
+			// 	console.log(e)
+			// 	zbc2.close()
+			// })
+		}
+	)
+})

src/__tests__/lib/localhost.cnf

@@ -0,0 +1,13 @@
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+CN = localhost
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost

src/__tests__/lib/localhost.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdWgAwIBAgIUXlnuRfR2yE/v5t9A0ZoeVG4BvZowDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDUwMTAzMTIyNloXDTI1MDUw
+MTAzMTIyNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA57iCfaiUmW74QUb0MtX5MOCOfhKJ8zw0i4Ep+nwST03w
+Z/K5Z0W7OPmJDnPsko9DPC3bOeObriTcWgYg4zNaLNSKvDbkbLtDvpUyY8rdJAP3
+6H7uTZWMoUQzdIGdSFZHa8HRO1HUZGFZT55bi7czyMPFnzSOtcaz4pCvlhLRk+QA
+lsSG+4owhfDrpyPlFtEFNyeaE2fIsJtHxupkwGOmDNeh6iKV46lD8F0SGf2pl5qF
+nbbMn6IZlpH7heQqMdPNs1ikGOuDybJISu07S72RSoClgdFzepzXFHoNWwhucdvN
+UMJXWBnP/PoeNViI2+nBMrK/1Bwuhci0t5mjTujQNQIDAQABozcwNTAUBgNVHREE
+DTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFBuCDjLQbWjX7D+o9dt4nszcP3OIMA0G
+CSqGSIb3DQEBCwUAA4IBAQASgexBeY7Nz9i0qREk1RzpQDIT+jM/QAgmnH3G6Ehx
+tAYUMYLeDTmGhYhp3GJAU7/R3mbN6t5qg2d9Fa8b+JpBJRdxMY+CyjESoPvUHIE3
+lkgNGphT+8QPnh7uO5KOUVnk7Jc9MTwBntDouLHfuzJJnHPlRko3IWnwaivZYVRn
+VbnUoSMKKPzFaqqaY8uHPjvs4Gt4OGcYV8hHcjeI3fMHckmsXZclxb3pwF+x698o
+Htg5+ydbmWkTspvbMuHx/280Ow0JPSSXFnwWGWpyH7kI0EAfq75W3iGMRR6yL7Je
+ffZG7W8KARYx824nRlxbIN2rHo9VQwEBkbmoeg5nSkvi
+-----END CERTIFICATE-----

src/__tests__/lib/localhost.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDnuIJ9qJSZbvhB
+RvQy1fkw4I5+EonzPDSLgSn6fBJPTfBn8rlnRbs4+YkOc+ySj0M8Lds545uuJNxa
+BiDjM1os1Iq8NuRsu0O+lTJjyt0kA/fofu5NlYyhRDN0gZ1IVkdrwdE7UdRkYVlP
+nluLtzPIw8WfNI61xrPikK+WEtGT5ACWxIb7ijCF8OunI+UW0QU3J5oTZ8iwm0fG
+6mTAY6YM16HqIpXjqUPwXRIZ/amXmoWdtsyfohmWkfuF5Cox082zWKQY64PJskhK
+7TtLvZFKgKWB0XN6nNcUeg1bCG5x281QwldYGc/8+h41WIjb6cEysr/UHC6FyLS3
+maNO6NA1AgMBAAECggEABihPg2JO7JLX0vg9NfqcoBFfh/cbJlUDum9Iu8i/Pc8+
+46w+BAIE2xs6aqFm+HAJI9i+Ghgzw1lkZ5oBFrh/HXDabOzyffct8isJx0AVR0c5
+t7pjv7kJHyHuUhq9oLX2OOVSF4bxo2c41dZJ7XkFTcDyB+yAHFF25z7cA5tlaU4Z
+RtIb2EDUX39A6WZKxh5S3Q33LzSvLzrT+iP3QNfTdgVAZXG8yGpOgTJdzJRzXuek
+ag+YCCcUJebqUTsRpjhlZL9Psl9UTkqtCAI+h5SiyJ3jhNiPfc+jK/mdJa4VIxcO
+F7uSxj6F9aVs8HskKlLp+2OkacNRJxCCk8SIWS7gYwKBgQD+ySm6yrZmWnnsHYpr
+tglmR+DWA5ZceBGYF/fSfUkcpFCbPChWiKvFNYyXyH+ulSncrc+YFIZq+AhhEH/1
+b3VCmNjSzSAZxeDUzQEShOC2c90GqTe05kB1jKZcLV8ow8UAbU3Bvl3n2p7wfgDx
+zoSBXUa3+LirgnN+rgSbpJqRlwKBgQDo0zUffIGr/KB3LDmIBIXqJJbFp1IQSP/9
+mQ2Pt7x8WQ+sr95uX3XmSmDn10xy6LaVuUqjDQolGpiQqV9fa48u/LOkp5eSDfa9
+2LpSHAZUJkmjAEdgAQxXl3C+Sqjue9xEgQPC1Gqo028ocBvi+5jNIRvMQzXOqWsq
+rXh+tAxOEwKBgAKeywESyKFw2MQm4Z+N9bbJknRhARDeYz/vLytJApF61yFhkwCg
+0zNqA5IkC7wd6JpOZ04nF+LNvjhRVR+PD+OpcsFoPqZFNLS7jwFDwJPfySwiXWJM
+4+jRk3xrMwlWShZhCWWusYSK6QuMIDJcb1xtOyb1NeD9rHZnD8ESBkztAoGAUKaJ
+KmUIzjjupRmOvE1EzjzqdYFmbfm7o29XQUeWZUS8p0cst/Mddi6hru3nr45pYSgU
+cLLdpsi1vLbPMNCjgtVKrWjYmmF37X+b20GV96RjsbExCFKUoer1xRU7u5DwVlKS
+qPTIFb9YLBvZrSEWZ0hmxrUpeHM7ikcZDFr2QD0CgYEAxu9Woa25BiWxpaTRlsBO
+025LK6vr+wsOlASZCJXk7Qyr5fqWwHQFOSq42wKOBL25phZiYgl/ravWoDm8QIhs
+rRYBNj9gj4l4es4KasgO3mPYSoQIVCI5ZtMUaUx56DbskJJ8RbMJstM1/I4S/g70
+OwdkJkE82BAkg9yShEuAatc=
+-----END PRIVATE KEY-----

src/__tests__/tasklist/tasklist.integration.spec.ts

@@ -47,7 +47,11 @@ describe('TasklistApiClient', () => {
 
 	afterEach(async () => {
 		if (p && p.processInstanceKey) {
-			await zbc.cancelProcessInstance(p.processInstanceKey)
+			await zbc.cancelProcessInstance(p.processInstanceKey).catch((e) => {
+				if (!e.message.includes('NOT_FOUND')) {
+					throw e
+				}
+			})
 		}
 	})