Permalink
Browse files

Add a test of HTTPS strict with CA checking

  • Loading branch information...
1 parent 8d85b57 commit 37446f54bb21cf9c83ffa81d354d799ae7ecf9ed @isaacs isaacs committed Mar 1, 2012
Showing with 261 additions and 4 deletions.
  1. +2 โˆ’1 tests/run.js
  2. +10 โˆ’3 tests/server.js
  3. +20 โˆ’0 tests/ssl/ca/ca.cnf
  4. 0 tests/ssl/ca/ca.crl
  5. +17 โˆ’0 tests/ssl/ca/ca.crt
  6. +13 โˆ’0 tests/ssl/ca/ca.csr
  7. +18 โˆ’0 tests/ssl/ca/ca.key
  8. +1 โˆ’0 tests/ssl/ca/ca.srl
  9. +19 โˆ’0 tests/ssl/ca/server.cnf
  10. +16 โˆ’0 tests/ssl/ca/server.crt
  11. +11 โˆ’0 tests/ssl/ca/server.csr
  12. +28 โˆ’0 tests/ssl/ca/server.js
  13. +9 โˆ’0 tests/ssl/ca/server.key
  14. +97 โˆ’0 tests/test-https-strict.js
View
3 tests/run.js
@@ -11,6 +11,7 @@ var tests = [
, 'test-headers.js'
, 'test-httpModule.js'
, 'test-https.js'
+ , 'test-https-strict.js'
, 'test-oauth.js'
, 'test-pipes.js'
, 'test-proxy.js'
@@ -32,4 +33,4 @@ var next = function () {
next()
})
}
-next()
+next()
View
13 tests/server.js
@@ -17,12 +17,19 @@ exports.createServer = function (port) {
return s;
}
-exports.createSSLServer = function(port) {
+exports.createSSLServer = function(port, opts) {
port = port || 16767
- var options = { 'key' : fs.readFileSync(path.join(__dirname, 'ssl', 'test.key'))
- , 'cert': fs.readFileSync(path.join(__dirname, 'ssl', 'test.crt'))
+ var options = { 'key' : path.join(__dirname, 'ssl', 'test.key')
+ , 'cert': path.join(__dirname, 'ssl', 'test.crt')
}
+ if (opts) {
+ for (var i in opts) options[i] = opts[i]
+ }
+
+ for (var i in options) {
+ options[i] = fs.readFileSync(options[i])
+ }
var s = https.createServer(options, function (req, resp) {
s.emit(req.url, req, resp);
View
20 tests/ssl/ca/ca.cnf
@@ -0,0 +1,20 @@
+[ req ]
+default_bits = 1024
+days = 3650
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+prompt = no
+output_password = password
+
+[ req_distinguished_name ]
+C = US
+ST = CA
+L = Oakland
+O = request
+OU = request Certificate Authority
+CN = requestCA
+emailAddress = mikeal@mikealrogers.com
+
+[ req_attributes ]
+challengePassword = password challenge
+
View
0 tests/ssl/ca/ca.crl
No changes.
View
17 tests/ssl/ca/ca.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvTCCAiYCCQDn+P/MSbDsWjANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdPYWtsYW5kMRAwDgYDVQQKEwdyZXF1
+ZXN0MSYwJAYDVQQLEx1yZXF1ZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eTESMBAG
+A1UEAxMJcmVxdWVzdENBMSYwJAYJKoZIhvcNAQkBFhdtaWtlYWxAbWlrZWFscm9n
+ZXJzLmNvbTAeFw0xMjAzMDEyMjUwNTZaFw0yMjAyMjcyMjUwNTZaMIGiMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExEDAOBgNVBAcTB09ha2xhbmQxEDAOBgNVBAoT
+B3JlcXVlc3QxJjAkBgNVBAsTHXJlcXVlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
+MRIwEAYDVQQDEwlyZXF1ZXN0Q0ExJjAkBgkqhkiG9w0BCQEWF21pa2VhbEBtaWtl
+YWxyb2dlcnMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7t9pQUAK4
+5XJYTI6NrF0n3G2HZsfN+rPYSVzzL8SuVyb1tHXos+vbPm3NKI4E8X1yVAXU8CjJ
+5SqXnp4DAypAhaseho81cbhk7LXUhFz78OvAa+OD+xTAEAnNQ8tGUr4VGyplEjfD
+xsBVuqV2j8GPNTftr+drOCFlqfAgMrBn4wIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
+ADVdTlVAL45R+PACNS7Gs4o81CwSclukBu4FJbxrkd4xGQmurgfRrYYKjtqiopQm
+D7ysRamS3HMN9/VKq2T7r3z1PMHPAy7zM4uoXbbaTKwlnX4j/8pGPn8Ca3qHXYlo
+88L/OOPc6Di7i7qckS3HFbXQCTiULtxWmy97oEuTwrAj
+-----END CERTIFICATE-----
View
13 tests/ssl/ca/ca.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICBjCCAW8CAQAwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UE
+BxMHT2FrbGFuZDEQMA4GA1UEChMHcmVxdWVzdDEmMCQGA1UECxMdcmVxdWVzdCBD
+ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEjAQBgNVBAMTCXJlcXVlc3RDQTEmMCQGCSqG
+SIb3DQEJARYXbWlrZWFsQG1pa2VhbHJvZ2Vycy5jb20wgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBALu32lBQArjlclhMjo2sXSfcbYdmx836s9hJXPMvxK5XJvW0
+deiz69s+bc0ojgTxfXJUBdTwKMnlKpeengMDKkCFqx6GjzVxuGTstdSEXPvw68Br
+44P7FMAQCc1Dy0ZSvhUbKmUSN8PGwFW6pXaPwY81N+2v52s4IWWp8CAysGfjAgMB
+AAGgIzAhBgkqhkiG9w0BCQcxFBMScGFzc3dvcmQgY2hhbGxlbmdlMA0GCSqGSIb3
+DQEBBQUAA4GBAGJO7grHeVHXetjHEK8urIxdnvfB2qeZeObz4GPKIkqUurjr0rfj
+bA3EK1kDMR5aeQWR8RunixdM16Q6Ry0lEdLVWkdSwRN9dmirIHT9cypqnD/FYOia
+SdezZ0lUzXgmJIwRYRwB1KSMMocIf52ll/xC2bEGg7/ZAEuAyAgcZV3X
+-----END CERTIFICATE REQUEST-----
View
18 tests/ssl/ca/ca.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C8B5887048377F02
+
+nyD5ZH0Wup2uWsDvurq5mKDaDrf8lvNn9w0SH/ZkVnfR1/bkwqrFriqJWvZNUG+q
+nS0iBYczsWLJnbub9a1zLOTENWUKVD5uqbC3aGHhnoUTNSa27DONgP8gHOn6JgR+
+GAKo01HCSTiVT4LjkwN337QKHnMP2fTzg+IoC/CigvMcq09hRLwU1/guq0GJKGwH
+gTxYNuYmQC4Tjh8vdS4liF+Ve/P3qPR2CehZrIOkDT8PHJBGQJRo4xGUIB7Tpk38
+VCk+UZ0JCS2coY8VkY/9tqFJp/ZnnQQVmaNbdRqg7ECKL+bXnNo7yjzmazPZmPe3
+/ShbE0+CTt7LrjCaQAxWbeDzqfo1lQfgN1LulTm8MCXpQaJpv7v1VhIhQ7afjMYb
+4thW/ypHPiYS2YJCAkAVlua9Oxzzh1qJoh8Df19iHtpd79Q77X/qf+1JvITlMu0U
+gi7yEatmQcmYNws1mtTC1q2DXrO90c+NZ0LK/Alse6NRL/xiUdjug2iHeTf/idOR
+Gg/5dSZbnnlj1E5zjSMDkzg6EHAFmHV4jYGSAFLEQgp4V3ZhMVoWZrvvSHgKV/Qh
+FqrAK4INr1G2+/QTd09AIRzfy3/j6yD4A9iNaOsEf9Ua7Qh6RcALRCAZTWR5QtEf
+dX+iSNJ4E85qXs0PqwkMDkoaxIJ+tmIRJY7y8oeylV8cfGAi8Soubt/i3SlR8IHC
+uDMas/2OnwafK3N7ODeE1i7r7wkzQkSHaEz0TrF8XRnP25jAICCSLiMdAAjKfxVb
+EvzsFSuAy3Jt6bU3hSLY9o4YVYKE+68ITMv9yNjvTsEiW+T+IbN34w==
+-----END RSA PRIVATE KEY-----
View
1 tests/ssl/ca/ca.srl
@@ -0,0 +1 @@
+ADF62016AA40C9C3
View
19 tests/ssl/ca/server.cnf
@@ -0,0 +1,19 @@
+[ req ]
+default_bits = 1024
+days = 3650
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+prompt = no
+
+[ req_distinguished_name ]
+C = US
+ST = CA
+L = Oakland
+O = request
+OU = testing
+CN = testing.request.mikealrogers.com
+emailAddress = mikeal@mikealrogers.com
+
+[ req_attributes ]
+challengePassword = password challenge
+
View
16 tests/ssl/ca/server.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICejCCAeMCCQCt9iAWqkDJwzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdPYWtsYW5kMRAwDgYDVQQKEwdyZXF1
+ZXN0MSYwJAYDVQQLEx1yZXF1ZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eTESMBAG
+A1UEAxMJcmVxdWVzdENBMSYwJAYJKoZIhvcNAQkBFhdtaWtlYWxAbWlrZWFscm9n
+ZXJzLmNvbTAeFw0xMjAzMDEyMjUwNTZaFw0yMjAyMjcyMjUwNTZaMIGjMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExEDAOBgNVBAcTB09ha2xhbmQxEDAOBgNVBAoT
+B3JlcXVlc3QxEDAOBgNVBAsTB3Rlc3RpbmcxKTAnBgNVBAMTIHRlc3RpbmcucmVx
+dWVzdC5taWtlYWxyb2dlcnMuY29tMSYwJAYJKoZIhvcNAQkBFhdtaWtlYWxAbWlr
+ZWFscm9nZXJzLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDgVl0jMumvOpmM
+20W5v9yhGgZj8hPhEQF/N7yCBVBn/rWGYm70IHC8T/pR5c0LkWc5gdnCJEvKWQjh
+DBKxZD8FAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEABShRkNgFbgs4vUWW9R9deNJj
+7HJoiTmvkmoOC7QzcYkjdgHbOxsSq3rBnwxsVjY9PAtPwBn0GRspOeG7KzKRgySB
+kb22LyrCFKbEOfKO/+CJc80ioK9zEPVjGsFMyAB+ftYRqM+s/4cQlTg/m89l01wC
+yapjN3RxZbInGhWR+jA=
+-----END CERTIFICATE-----
View
11 tests/ssl/ca/server.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBgjCCASwCAQAwgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UE
+BxMHT2FrbGFuZDEQMA4GA1UEChMHcmVxdWVzdDEQMA4GA1UECxMHdGVzdGluZzEp
+MCcGA1UEAxMgdGVzdGluZy5yZXF1ZXN0Lm1pa2VhbHJvZ2Vycy5jb20xJjAkBgkq
+hkiG9w0BCQEWF21pa2VhbEBtaWtlYWxyb2dlcnMuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAOBWXSMy6a86mYzbRbm/3KEaBmPyE+ERAX83vIIFUGf+tYZibvQg
+cLxP+lHlzQuRZzmB2cIkS8pZCOEMErFkPwUCAwEAAaAjMCEGCSqGSIb3DQEJBzEU
+ExJwYXNzd29yZCBjaGFsbGVuZ2UwDQYJKoZIhvcNAQEFBQADQQBD3E5WekQzCEJw
+7yOcqvtPYIxGaX8gRKkYfLPoj3pm3GF5SGqtJKhylKfi89szHXgktnQgzff9FN+A
+HidVJ/3u
+-----END CERTIFICATE REQUEST-----
View
28 tests/ssl/ca/server.js
@@ -0,0 +1,28 @@
+var fs = require("fs")
+var https = require("https")
+var options = { key: fs.readFileSync("./server.key")
+ , cert: fs.readFileSync("./server.crt") }
+
+var server = https.createServer(options, function (req, res) {
+ res.writeHead(200)
+ res.end()
+ server.close()
+})
+server.listen(1337)
+
+var ca = fs.readFileSync("./ca.crt")
+var agent = new https.Agent({ host: "localhost", port: 1337, ca: ca })
+
+https.request({ host: "localhost"
+ , method: "HEAD"
+ , port: 1337
+ , headers: { host: "testing.request.mikealrogers.com" }
+ , agent: agent
+ , ca: [ ca ]
+ , path: "/" }, function (res) {
+ if (res.client.authorized) {
+ console.log("node test: OK")
+ } else {
+ throw new Error(res.client.authorizationError)
+ }
+}).end()
View
9 tests/ssl/ca/server.key
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAOBWXSMy6a86mYzbRbm/3KEaBmPyE+ERAX83vIIFUGf+tYZibvQg
+cLxP+lHlzQuRZzmB2cIkS8pZCOEMErFkPwUCAwEAAQJAK+r8ZM2sze8s7FRo/ApB
+iRBtO9fCaIdJwbwJnXKo4RKwZDt1l2mm+fzZ+/QaQNjY1oTROkIIXmnwRvZWfYlW
+gQIhAPKYsG+YSBN9o8Sdp1DMyZ/rUifKX3OE6q9tINkgajDVAiEA7Ltqh01+cnt0
+JEnud/8HHcuehUBLMofeg0G+gCnSbXECIQCqDvkXsWNNLnS/3lgsnvH0Baz4sbeJ
+rjIpuVEeg8eM5QIgbu0+9JmOV6ybdmmiMV4yAncoF35R/iKGVHDZCAsQzDECIQDZ
+0jGz22tlo5YMcYSqrdD3U4sds1pwiAaWFRbCunoUJw==
+-----END RSA PRIVATE KEY-----
View
97 tests/test-https-strict.js
@@ -0,0 +1,97 @@
+// a test where we validate the siguature of the keys
+// otherwise exactly the same as the ssl test
+
+var server = require('./server')
+ , assert = require('assert')
+ , request = require('../main.js')
+ , fs = require('fs')
+ , path = require('path')
+ , opts = { key: path.resolve(__dirname, 'ssl/ca/server.key')
+ , cert: path.resolve(__dirname, 'ssl/ca/server.crt') }
+ , s = server.createSSLServer(null, opts)
+ , caFile = path.resolve(__dirname, 'ssl/ca/ca.crt')
+ , ca = fs.readFileSync(caFile)
+
+var tests =
+ { testGet :
+ { resp : server.createGetResponse("TESTING!")
+ , expectBody: "TESTING!"
+ }
+ , testGetChunkBreak :
+ { resp : server.createChunkResponse(
+ [ new Buffer([239])
+ , new Buffer([163])
+ , new Buffer([191])
+ , new Buffer([206])
+ , new Buffer([169])
+ , new Buffer([226])
+ , new Buffer([152])
+ , new Buffer([131])
+ ])
+ , expectBody: "๏ฃฟฮฉโ˜ƒ"
+ }
+ , testGetJSON :
+ { resp : server.createGetResponse('{"test":true}', 'application/json')
+ , json : true
+ , expectBody: {"test":true}
+ }
+ , testPutString :
+ { resp : server.createPostValidator("PUTTINGDATA")
+ , method : "PUT"
+ , body : "PUTTINGDATA"
+ }
+ , testPutBuffer :
+ { resp : server.createPostValidator("PUTTINGDATA")
+ , method : "PUT"
+ , body : new Buffer("PUTTINGDATA")
+ }
+ , testPutJSON :
+ { resp : server.createPostValidator(JSON.stringify({foo: 'bar'}))
+ , method: "PUT"
+ , json: {foo: 'bar'}
+ }
+ , testPutMultipart :
+ { resp: server.createPostValidator(
+ '--frontier\r\n' +
+ 'content-type: text/html\r\n' +
+ '\r\n' +
+ '<html><body>Oh hi.</body></html>' +
+ '\r\n--frontier\r\n\r\n' +
+ 'Oh hi.' +
+ '\r\n--frontier--'
+ )
+ , method: "PUT"
+ , multipart:
+ [ {'content-type': 'text/html', 'body': '<html><body>Oh hi.</body></html>'}
+ , {'body': 'Oh hi.'}
+ ]
+ }
+ }
+
+s.listen(s.port, function () {
+
+ var counter = 0
+
+ for (i in tests) {
+ (function () {
+ var test = tests[i]
+ s.on('/'+i, test.resp)
+ test.uri = s.url + '/' + i
+ test.strictSSL = true
+ test.ca = ca
+ test.headers = { host: 'testing.request.mikealrogers.com' }
+ request(test, function (err, resp, body) {
+ if (err) throw err
+ if (test.expectBody) {
+ assert.deepEqual(test.expectBody, body)
+ }
+ counter = counter - 1;
+ if (counter === 0) {
+ console.log(Object.keys(tests).length+" tests passed.")
+ s.close()
+ }
+ })
+ counter++
+ })()
+ }
+})

0 comments on commit 37446f5

Please sign in to comment.