feat: cache.clear

fix failing tests rename ocsp.js to index.js fix failing gen-certs.js
spurreiter · Apr 20, 2020 · 6a2f012 · 6a2f012
1 parent f4dc9a0
commit 6a2f012
Show file tree

Hide file tree

Showing 18 changed files with 186 additions and 102 deletions.
diff --git a/lib/ocsp.js → lib/index.js b/lib/ocsp.js → lib/index.js
diff --git a/lib/ocsp/agent.js b/lib/ocsp/agent.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 var util = require('util')
 var http = require('http')
@@ -33,7 +33,7 @@ Agent.prototype.createConnection = function createConnection (port,
 
   if (typeof host === 'string') { options.host = host }
 
-  var ocspOptions = Object.assign({ requestOCSP: true }, options)
+  var ocspOptions = Object.assign({}, options, { requestOCSP: true })
   var socket = https.Agent.prototype.createConnection.call(
     this, port, host, ocspOptions)
 
@@ -60,8 +60,9 @@ Agent.prototype.createConnection = function createConnection (port,
 
 Agent.prototype.handleOCSPResponse = function handleOCSPResponse (socket,
   stapling,
-  cb) {
-  var cert = socket.ssl.getPeerCertificate(true)
+  cb
+) {
+  var cert = (socket.ssl || socket).getPeerCertificate(true) || {}
   var issuer = cert.issuerCertificate
 
   cert = cert.raw

diff --git a/lib/ocsp/api.js b/lib/ocsp/api.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 var rfc2560 = require('asn1.js-rfc2560')
 var rfc5280 = require('asn1.js-rfc5280')
 

diff --git a/lib/ocsp/cache.js b/lib/ocsp/cache.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 function Cache (options) {
   this.options = options || {}
@@ -99,3 +99,11 @@ Cache.prototype.getMaxStoreTime = function getMaxStoreTime (response, callback)
 
   return callback(null, Math.max(0, nextUpdate - new Date()))
 }
+
+Cache.prototype.clear = function clear () {
+  var cacheIds = Object.keys(this.cache)
+  cacheIds.forEach((cacheId) => {
+    clearTimeout(this.cache[cacheId].timer)
+  })
+  this.cache.length = 0
+}
diff --git a/lib/ocsp/check.js b/lib/ocsp/check.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 var rfc2560 = require('asn1.js-rfc2560')
 

diff --git a/lib/ocsp/request.js b/lib/ocsp/request.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 var crypto = require('crypto')
 var rfc2560 = require('asn1.js-rfc2560')
 var rfc5280 = require('asn1.js-rfc5280')

diff --git a/lib/ocsp/server.js b/lib/ocsp/server.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 
 var http = require('http')
 var util = require('util')

diff --git a/lib/ocsp/utils.js b/lib/ocsp/utils.js
@@ -60,11 +60,15 @@ exports.parseResponse = function parseResponse (raw) {
   })
 
   var status = response.responseStatus
-  if (status !== 'successful') { throw new Error('Bad OCSP response status: ' + status) }
+  if (status !== 'successful') {
+    throw new Error('Bad OCSP response status: ' + status)
+  }
 
   // Unknown response type
   var responseType = response.responseBytes.responseType
-  if (responseType !== 'id-pkix-ocsp-basic') { throw new Error('Unknown OCSP response type: ' + responseType) }
+  if (responseType !== 'id-pkix-ocsp-basic') {
+    throw new Error('Unknown OCSP response type: ' + responseType)
+  }
 
   var bytes = response.responseBytes.response
 

diff --git a/lib/ocsp/verify.js b/lib/ocsp/verify.js
@@ -1,6 +1,6 @@
 'use strict'
 
-var ocsp = require('../ocsp')
+var ocsp = require('..')
 var rfc5280 = require('asn1.js-rfc5280')
 var crypto = require('crypto')
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -13,11 +13,15 @@
   },
   "license": "MIT",
   "author": "Fedor Indutny <fedor@indutny.com>",
-  "main": "lib/ocsp.js",
+  "main": "lib/index.js",
   "scripts": {
+    "certs": "node scripts/certs.js",
     "lint": "eslint lib test",
     "test": "mocha"
   },
+  "mocha": {
+    "exit": true
+  },
   "dependencies": {
     "asn1.js": "^5.3.0",
     "asn1.js-rfc2560": "^5.0.1",
@@ -33,6 +37,7 @@
     "eslint-plugin-promise": "^4.2.1",
     "eslint-plugin-standard": "^4.0.1",
     "mocha": "^7.1.1",
-    "selfsigned.js": "^3.0.2"
+    "selfsigned.js": "^3.0.2",
+    "shelljs": "^0.8.3"
   }
 }
diff --git a/scripts/certs.js b/scripts/certs.js
@@ -0,0 +1,15 @@
+const { exec } = require('shelljs')
+const fs = require('fs')
+
+const dir = `${__dirname}/../test/fixtures`
+
+function getCerts (domain, file) {
+  const { stdout } = exec(`openssl s_client -showcerts -verify 5 -connect ${domain}:443 < /dev/null`)
+  const [cert, issuer] = stdout.match(/(-----BEGIN CERTIFICATE-----[^]+?-----END CERTIFICATE-----)/mg)
+  if (file) {
+    fs.writeFileSync(`${dir}/${file}-cert.pem`, cert, 'utf8')
+    fs.writeFileSync(`${dir}/${file}-issuer.pem`, issuer, 'utf8')
+  }
+}
+
+getCerts('google.com', 'google')
diff --git a/test/api-test.js b/test/api-test.js
@@ -12,17 +12,16 @@ describe('OCSP Stapling Provider', function () {
         issuer: fixtures.googleIssuer
       }, function (err, res) {
         if (err) { throw err }
-
         assert.equal(res.type, 'good')
         cb()
       })
     })
   })
 
   describe('.verify()', function () {
-    it('should verify reddit.com\'s stapling', function (cb) {
+    it('should verify wikipedia.org\'s stapling', function (cb) {
       var req = https.request({
-        host: 'reddit.com',
+        host: 'wikipedia.org',
         port: 443,
         requestOCSP: true
       }, function (res) {
@@ -35,19 +34,20 @@ describe('OCSP Stapling Provider', function () {
           onOCSPResponse(socket, stapling)
         })
       })
+      req.on('error', () => {})
 
       function onOCSPResponse (socket, stapling) {
         var cert = socket.getPeerCertificate(true)
 
-        var req = ocsp.request.generate(cert.raw, cert.issuerCertificate.raw)
+        var request = ocsp.request.generate(cert.raw, cert.issuerCertificate.raw)
         ocsp.verify({
-          request: req,
+          request,
           response: stapling
         }, function (err, res) {
           assert(!err)
 
           assert.equal(res.type, 'good')
-          socket.destroy()
+          socket.end()
           cb()
         })
       }

diff --git a/test/cache-test.js b/test/cache-test.js
@@ -1,4 +1,4 @@
-var ocsp = require('../')
+var ocsp = require('..')
 var fixtures = require('./fixtures')
 
 var https = require('https')
@@ -64,10 +64,11 @@ describe('OCSP Cache', function () {
       https.get({
         agent: agent,
         ca: issuer.cert,
-        rejectUnauthorized: !/^v0.12/.test(process.version),
+        rejectUnauthorized: false,
         servername: 'local.host',
         port: 8001
       }, function (res) {
+        cache.clear()
         cb()
       })
     })

diff --git a/test/fixtures/gen-certs.js b/test/fixtures/gen-certs.js
@@ -11,8 +11,8 @@ var options = {
 }
 
 fixtures.getOCSPCert(options, function (cert, key) {
-  fs.writeFileSync(resolve(__dirname, '/issuer-cert.pem', cert))
-  fs.writeFileSync(resolve(__dirname, '/issuer-key.pem', key))
+  fs.writeFileSync(resolve(__dirname, 'issuer-cert.pem'), cert)
+  fs.writeFileSync(resolve(__dirname, 'issuer-key.pem'), key)
 
   var options = {
     issuer: cert,
@@ -22,14 +22,14 @@ fixtures.getOCSPCert(options, function (cert, key) {
   }
 
   fixtures.getOCSPCert(options, function (cert, key) {
-    fs.writeFileSync(resolve(__dirname, '/good-cert.pem', cert))
-    fs.writeFileSync(resolve(__dirname, '/good-key.pem', key))
+    fs.writeFileSync(resolve(__dirname, 'good-cert.pem'), cert)
+    fs.writeFileSync(resolve(__dirname, 'good-key.pem'), key)
 
     options.serial++
 
     fixtures.getOCSPCert(options, function (cert, key) {
-      fs.writeFileSync(resolve(__dirname, '/revoked-cert.pem', cert))
-      fs.writeFileSync(resolve(__dirname, '/revoked-key.pem', key))
+      fs.writeFileSync(resolve(__dirname, 'revoked-cert.pem'), cert)
+      fs.writeFileSync(resolve(__dirname, 'revoked-key.pem'), key)
     })
   })
 })