Skip to content
Permalink
Browse files Browse the repository at this point in the history
First attempt at test for GHSA-2cpx-6pqp-wf35
  • Loading branch information
armanbilge committed Jul 22, 2022
1 parent 6bff27d commit 6598243
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 3 deletions.
49 changes: 48 additions & 1 deletion io/js/src/test/scala/fs2/io/net/tls/TLSSocketSuite.scala
Expand Up @@ -106,7 +106,7 @@ class TLSSocketSuite extends TLSSuite {
val msg = Chunk.array(("Hello, world! " * 20000).getBytes)

val setup = for {
tlsContext <- Resource.eval(testTlsContext)
tlsContext <- Resource.eval(testTlsContext(true))
addressAndConnections <- Network[IO].serverResource(Some(ip"127.0.0.1"))
(serverAddress, server) = addressAndConnections
client <- Network[IO]
Expand Down Expand Up @@ -180,5 +180,52 @@ class TLSSocketSuite extends TLSSuite {
.intercept[SSLException]
}

test("mTLS client verification".only) { // GHSA-2cpx-6pqp-wf35
val msg = Chunk.array(("Hello, world! " * 20000).getBytes)

val setup = for {
serverContext <- Resource.eval(testTlsContext(true))
clientContext <- Resource.eval(testTlsContext(false))
addressAndConnections <- Network[IO].serverResource(Some(ip"127.0.0.1"))
(serverAddress, server) = addressAndConnections
client <- Network[IO]
.client(serverAddress)
.flatMap(
clientContext
.clientBuilder(_)
.withParameters(
TLSParameters(checkServerIdentity =
Some((sn, _) => Either.cond(sn == "localhost", (), new RuntimeException()))
)
)
.build
)
} yield server.flatMap(s =>
Stream.resource(
serverContext
.serverBuilder(s)
.withParameters(TLSParameters(requestCert = true.some)) // mTLS
.build
)
) -> client

Stream
.resource(setup)
.flatMap { case (server, clientSocket) =>
val echoServer = server.map { socket =>
socket.reads.chunks.foreach(socket.write(_))
}.parJoinUnbounded

val client =
Stream.exec(clientSocket.write(msg)) ++
clientSocket.reads.take(msg.size.toLong)

client.concurrently(echoServer)
}
.compile
.to(Chunk)
.intercept[SSLException]
}

}
}
7 changes: 5 additions & 2 deletions io/js/src/test/scala/fs2/io/net/tls/TLSSuite.scala
Expand Up @@ -32,7 +32,8 @@ import fs2.io.file.Path
import scala.scalajs.js

abstract class TLSSuite extends Fs2Suite {
def testTlsContext: IO[TLSContext[IO]] = Files[IO]

def testTlsContext(privateKey: Boolean): IO[TLSContext[IO]] = Files[IO]
.readAll(Path("io/shared/src/test/resources/keystore.json"))
.through(text.utf8.decode)
.compile
Expand All @@ -43,7 +44,9 @@ abstract class TLSSuite extends Fs2Suite {
SecureContext(
ca = List(certKey.cert.asRight).some,
cert = List(certKey.cert.asRight).some,
key = List(SecureContext.Key(certKey.key.asRight, "password".some)).some
key =
if (privateKey) List(SecureContext.Key(certKey.key.asRight, "password".some)).some
else None
)
)
}
Expand Down

0 comments on commit 6598243

Please sign in to comment.