fix(certificates): Handle --secure flag correctly, rejecting/allowing…

… unauthorised certificates based on this flag.

Fixes #416

.gitignore

@@ -137,3 +137,4 @@ tasktree.json
 tasktable.csv
 task-chain.csv
 .vscode/launch.json
+.vscode/launch.json

src/__tests__/app_cert.test.js

@@ -8,6 +8,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',

src/__tests__/app_export_cert.test.js

@@ -11,6 +11,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -31,6 +32,7 @@ describe('export apps to QVF files (cert auth)', () => {
     test('get tasks (verify parameters)', async () => {
         expect(options.authCertFile).not.toHaveLength(0);
         expect(options.authCertKeyFile).not.toHaveLength(0);
+        expect(options.authRootCertFile).not.toHaveLength(0);
         expect(options.host).not.toHaveLength(0);
         expect(options.authUserDir).not.toHaveLength(0);
         expect(options.authUserId).not.toHaveLength(0);

src/__tests__/app_import_cert.test.js

@@ -9,6 +9,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -34,6 +35,7 @@ describe('import apps from QVF files (cert auth)', () => {
     test('get tasks (verify parameters)', async () => {
         expect(options.authCertFile).not.toHaveLength(0);
         expect(options.authCertKeyFile).not.toHaveLength(0);
+        expect(options.authRootCertFile).not.toHaveLength(0);
         expect(options.host).not.toHaveLength(0);
         expect(options.authUserDir).not.toHaveLength(0);
         expect(options.authUserId).not.toHaveLength(0);

src/__tests__/bookmark_get_cert.test.js

@@ -8,6 +8,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4747',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -32,6 +33,7 @@ const appIdExistsHasBookmarks1Bookmark2 = 'c49210ea-3005-4f2c-8697-52fe541b51d8'
 test('get bookmark (verify parameters)', async () => {
     expect(options.authCertFile).not.toHaveLength(0);
     expect(options.authCertKeyFile).not.toHaveLength(0);
+    expect(options.authRootCertFile).not.toHaveLength(0);
     expect(options.host).not.toHaveLength(0);
     expect(options.authUserDir).not.toHaveLength(0);
     expect(options.authUserId).not.toHaveLength(0);

src/__tests__/bookmark_get_jwt.test.js

@@ -8,6 +8,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4747',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -37,6 +38,7 @@ options.virtualProxy = 'jwt';
 test('get bookmark (verify parameters)', async () => {
     expect(options.authCertFile).not.toHaveLength(0);
     expect(options.authCertKeyFile).not.toHaveLength(0);
+    expect(options.authRootCertFile).not.toHaveLength(0);
     expect(options.host).not.toHaveLength(0);
     expect(options.authUserDir).not.toHaveLength(0);
     expect(options.authUserId).not.toHaveLength(0);

src/__tests__/connection_test_cert.test.js

@@ -8,6 +8,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE,
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '',
     virtualProxy: process.env.CTRL_Q_VIRTUAL_PROXY || '',
@@ -30,6 +31,7 @@ describe('connection test (cert auth)', () => {
         expect(options.authType).toBe('cert');
         expect(options.authCertFile).not.toHaveLength(0);
         expect(options.authCertKeyFile).not.toHaveLength(0);
+        expect(options.authRootCertFile).not.toHaveLength(0);
         expect(options.host).not.toHaveLength(0);
         expect(options.authUserDir).not.toHaveLength(0);
         expect(options.authUserId).not.toHaveLength(0);

src/__tests__/connection_test_jwt.test.js

@@ -6,8 +6,6 @@ import testConnection from '../lib/cmd/testconnection.js';
 const options = {
     logLevel: process.env.CTRL_Q_LOG_LEVEL || 'info',
     authType: process.env.CTRL_Q_AUTH_TYPE,
-    authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
-    authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '',
     virtualProxy: process.env.CTRL_Q_VIRTUAL_PROXY || '',

src/__tests__/script_get_cert.test.js

@@ -8,6 +8,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4747',
     virtualProxy: process.env.CTRL_Q_VIRTUAL_PROXY || '',
@@ -27,6 +28,7 @@ describe('get app script (cert auth)', () => {
     test('Verify parameters', async () => {
         expect(options.authCertFile).not.toHaveLength(0);
         expect(options.authCertKeyFile).not.toHaveLength(0);
+        expect(options.authRootCertFile).not.toHaveLength(0);
         expect(options.host).not.toHaveLength(0);
         expect(options.authUserDir).not.toHaveLength(0);
         expect(options.authUserId).not.toHaveLength(0);

src/__tests__/task_cert.test.js

@@ -8,6 +8,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',

src/__tests__/task_custom_property_set_cert.test.js

@@ -9,6 +9,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -34,6 +35,7 @@ const existingTaskId = 'e9100e69-4e8e-414b-bf88-10a1110c43a9';
 test('set custom properties (verify parameters)', async () => {
     expect(options.authCertFile).not.toHaveLength(0);
     expect(options.authCertKeyFile).not.toHaveLength(0);
+    expect(options.authRootCertFile).not.toHaveLength(0);
     expect(options.host).not.toHaveLength(0);
     expect(options.authUserDir).not.toHaveLength(0);
     expect(options.authUserId).not.toHaveLength(0);

src/__tests__/task_custom_property_set_jwt.test.js

@@ -9,6 +9,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'jwt',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '443',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -30,6 +31,7 @@ const existingTaskId = 'e9100e69-4e8e-414b-bf88-10a1110c43a9';
 test('set custom properties (verify parameters)', async () => {
     expect(options.authCertFile).not.toHaveLength(0);
     expect(options.authCertKeyFile).not.toHaveLength(0);
+    expect(options.authRootCertFile).not.toHaveLength(0);
     expect(options.host).not.toHaveLength(0);
     expect(options.authUserDir).not.toHaveLength(0);
     expect(options.authUserId).not.toHaveLength(0);

src/__tests__/task_get_cert.test.js

@@ -10,6 +10,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -28,6 +29,7 @@ jest.setTimeout(defaultTestTimeout);
 test('get tasks (verify parameters) ', async () => {
     expect(options.authCertFile).not.toHaveLength(0);
     expect(options.authCertKeyFile).not.toHaveLength(0);
+    expect(options.authRootCertFile).not.toHaveLength(0);
     expect(options.host).not.toHaveLength(0);
     expect(options.authUserDir).not.toHaveLength(0);
     expect(options.authUserId).not.toHaveLength(0);

src/__tests__/task_import_cert.test.js

@@ -11,6 +11,7 @@ const options = {
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
     authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
     authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
+    authRootCertFile: process.env.CTRL_Q_AUTH_ROOT_CERT_FILE || './cert/root.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
@@ -29,6 +30,7 @@ describe('import task (cert auth)', () => {
     test('get tasks (verify parameters)', async () => {
         expect(options.authCertFile).not.toHaveLength(0);
         expect(options.authCertKeyFile).not.toHaveLength(0);
+        expect(options.authRootCertFile).not.toHaveLength(0);
         expect(options.host).not.toHaveLength(0);
         expect(options.authUserDir).not.toHaveLength(0);
         expect(options.authUserId).not.toHaveLength(0);

src/__tests__/task_jwt.test.js

@@ -6,15 +6,14 @@ import { taskExistById, getTaskByName, getTaskById } from '../lib/util/task.js';
 const options = {
     logLevel: process.env.CTRL_Q_LOG_LEVEL || 'info',
     authType: process.env.CTRL_Q_AUTH_TYPE || 'cert',
-    authCertFile: process.env.CTRL_Q_AUTH_CERT_FILE || './cert/client.pem',
-    authCertKeyFile: process.env.CTRL_Q_AUTH_CERT_KEY_FILE || './cert/client_key.pem',
     host: process.env.CTRL_Q_HOST || '',
     port: process.env.CTRL_Q_PORT || '4242',
     schemaVersion: process.env.CTRL_Q_SCHEMA_VERSION || '12.612.0',
     virtualProxy: process.env.CTRL_Q_VIRTUAL_PROXY || '',
     secure: process.env.CTRL_Q_SECURE || true,
     authUserDir: process.env.CTRL_Q_AUTH_USER_DIR || '',
     authUserId: process.env.CTRL_Q_AUTH_USER_ID || '',
+    authJwt: process.env.CTRL_Q_AUTH_JWT || '',
 
     taskType: process.env.CTRL_Q_TASK_TYPE || 'reload',
 };
@@ -36,8 +35,12 @@ const multipleMatchingTaskNames = '[ctrl-q unit test] app 1, task 2 (duplicates
 const nonExistingTaskId = '9f0d0e02-cccc-bbbb-aaaa-3e9a4d0c8a3d';
 const nonExistingTaskName = 'Non-existing task 298374293874298734';
 
+options.authType = 'jwt';
+options.port = '443';
+options.virtualProxy = 'jwt';
+
 // Check if task exists by ID
-describe('taskExistById: Check if task exists by ID (cert auth)', () => {
+describe('taskExistById: Check if task exists by ID (jwt auth)', () => {
     test('existing task', async () => {
         const result = await taskExistById(existingTaskId, options);
         expect(result).toBe(true);
@@ -50,7 +53,7 @@ describe('taskExistById: Check if task exists by ID (cert auth)', () => {
 });
 
 // Get task by name
-describe('getTaskByName: Get task by name (cert auth)', () => {
+describe('getTaskByName: Get task by name (jwt auth)', () => {
     test('no matching task', async () => {
         const result = await getTaskByName(nonExistingTaskName, options);
         expect(result).toBe(false);
@@ -80,7 +83,7 @@ describe('getTaskByName: Get task by name (cert auth)', () => {
 });
 
 // Get task by ID
-describe('getTaskById: Get task by ID (cert auth)', () => {
+describe('getTaskById: Get task by ID (jwt auth)', () => {
     test('no matching task', async () => {
         const result = await getTaskById(nonExistingTaskId, options);
         expect(result).toEqual(false);