Пример #1
0
function runTest (testIndex) {
  var tcase = testCases[testIndex];
  if (!tcase) return;

  console.error("Running '%s'", tcase.title);

  var cas = tcase.CAs.map(loadPEM);

  var crl = tcase.crl ? loadPEM(tcase.crl) : null;

  var serverOptions = {
    key: serverKey,
    cert: serverCert,
    ca: cas,
    crl: crl,
    requestCert: tcase.requestCert,
    rejectUnauthorized: tcase.rejectUnauthorized
  };

  var connections = 0;

  var server = tls.Server(serverOptions, function (c) {
    connections++;
    if (c.authorized) {
      console.error('- authed connection: ' +
                    c.getPeerCertificate().subject.CN);
      c.write('\n_authed\n');
    } else {
      console.error('- unauthed connection: %s', c.authorizationError);
      c.write('\n_unauthed\n');
    }
  });

  function runNextClient(clientIndex) {
    var options = tcase.clients[clientIndex];
    if (options) {
      runClient(options, function () {
        runNextClient(clientIndex + 1);
      });
    } else {
      server.close();
      successfulTests++;
      runTest(testIndex + 1);
    }
  }

  server.listen(common.PORT, function() {
    if (tcase.debug) {
      console.error("TLS server running on port " + common.PORT);
    } else {
      runNextClient(0);
    }
  });
}
Пример #2
0
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');
var path = require('path');

var options = {
  key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')),
  cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
};

var bufSize = 1024 * 1024;
var sent = 0;
var received = 0;

var server = tls.Server(options, function(socket) {
  socket.pipe(socket);
});

server.listen(common.PORT, function() {
  var resumed = false;
  var client = tls.connect({port: common.PORT}, function() {
    client.pause();
    common.debug('paused');
    send();
    function send() {
      if (client.write(new Buffer(bufSize))) {
        sent += bufSize;
        assert.ok(sent < 100 * 1024 * 1024); // max 100MB
        return process.nextTick(send);
      }
      sent += bufSize;
Пример #3
0
for (var i = 0; i < 1024 * 1024; i++) {
  body += 'hello world\n';
}
process.stdout.write('done\n');


var options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem')
};

var connections = 0;


var server = tls.Server(options, function(socket) {
  socket.end(body);
  connections++;
});

var recvCount = 0;

server.listen(common.PORT, function() {
  var client = tls.connect({
    port: common.PORT,
    rejectUnauthorized: false
  });

  client.on('data', function(d) {
    process.stdout.write('.');
    recvCount += d.length;

    client.pause();
Пример #4
0
function runTest(port, testIndex) {
  const prefix = `${testIndex} `;
  const tcase = testCases[testIndex];
  if (!tcase) return;

  console.error(`${prefix}Running '${tcase.title}'`);

  const cas = tcase.CAs.map(loadPEM);

  const crl = tcase.crl ? loadPEM(tcase.crl) : null;

  const serverOptions = {
    key: serverKey,
    cert: serverCert,
    ca: cas,
    crl: crl,
    requestCert: tcase.requestCert,
    rejectUnauthorized: tcase.rejectUnauthorized
  };

  /*
   * If renegotiating - session might be resumed and openssl won't request
   * client's certificate (probably because of bug in the openssl)
   */
  if (tcase.renegotiate) {
    serverOptions.secureOptions =
        SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
    // Renegotiation as a protocol feature was dropped after TLS1.2.
    serverOptions.maxVersion = 'TLSv1.2';
  }

  let renegotiated = false;
  const server = tls.Server(serverOptions, function handleConnection(c) {
    c.on('error', function(e) {
      // child.kill() leads ECONNRESET error in the TLS connection of
      // openssl s_client via spawn(). A test result is already
      // checked by the data of client.stdout before child.kill() so
      // these tls errors can be ignored.
    });
    if (tcase.renegotiate && !renegotiated) {
      renegotiated = true;
      setTimeout(function() {
        console.error(`${prefix}- connected, renegotiating`);
        c.write('\n_renegotiating\n');
        return c.renegotiate({
          requestCert: true,
          rejectUnauthorized: false
        }, function(err) {
          assert.ifError(err);
          c.write('\n_renegotiated\n');
          handleConnection(c);
        });
      }, 200);
      return;
    }

    if (c.authorized) {
      console.error(`${prefix}- authed connection: ${
        c.getPeerCertificate().subject.CN}`);
      c.write('\n_authed\n');
    } else {
      console.error(`${prefix}- unauthed connection: %s`, c.authorizationError);
      c.write('\n_unauthed\n');
    }
  });

  function runNextClient(clientIndex) {
    const options = tcase.clients[clientIndex];
    if (options) {
      runClient(`${prefix}${clientIndex} `, port, options, function() {
        runNextClient(clientIndex + 1);
      });
    } else {
      server.close();
      successfulTests++;
      runTest(0, nextTest++);
    }
  }

  server.listen(port, function() {
    port = server.address().port;
    if (tcase.debug) {
      console.error(`${prefix}TLS server running on port ${port}`);
    } else if (tcase.renegotiate) {
      runNextClient(0);
    } else {
      let clientsCompleted = 0;
      for (let i = 0; i < tcase.clients.length; i++) {
        runClient(`${prefix}${i} `, port, tcase.clients[i], function() {
          clientsCompleted++;
          if (clientsCompleted === tcase.clients.length) {
            server.close();
            successfulTests++;
            runTest(0, nextTest++);
          }
        });
      }
    }
  });
}
Пример #5
0
  process.exit();
}
var tls = require('tls');

var fs = require('fs');

var clientConnected = 0;
var serverConnected = 0;

var options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
};

var server = tls.Server(options, function(socket) {
  ++serverConnected;
  server.close();
});
server.listen(common.PIPE, function() {
  var options = { rejectUnauthorized: false };
  var client = tls.connect(common.PIPE, options, function() {
    ++clientConnected;
    client.end();
  });
});

process.on('exit', function() {
  assert.equal(clientConnected, 1);
  assert.equal(serverConnected, 1);
});
Пример #6
0
const fixtures = require('../common/fixtures');

const passKey = fixtures.readSync('pass-key.pem');
const rawKey = fixtures.readSync('raw-key.pem');
const cert = fixtures.readSync('pass-cert.pem');

assert(Buffer.isBuffer(passKey));
assert(Buffer.isBuffer(cert));
assert.strictEqual(typeof passKey.toString(), 'string');
assert.strictEqual(typeof cert.toString(), 'string');

const server = tls.Server({
  key: passKey,
  passphrase: 'passphrase',
  cert: cert,
  ca: [cert],
  requestCert: true,
  rejectUnauthorized: true
}, function(s) {
  s.end();
});

server.listen(0, common.mustCall(function() {
  // Buffer
  tls.connect({
    port: this.address().port,
    key: passKey,
    passphrase: 'passphrase',
    cert: cert,
    rejectUnauthorized: false
  }, common.mustCall());
Пример #7
0
const options = {
  key: fixtures.readKey('agent1-key.pem'),
  cert: fixtures.readKey('agent1-cert.pem')
};

const server = tls.Server(options, common.mustCall((socket) => {
  socket.on('error', common.mustCall((err) => {
    assert.strictEqual(
      err.message,
      'TLS session renegotiation disabled for this socket');
    socket.destroy();
    server.close();
  }));
  // Disable renegotiation after the first chunk of data received.
  // Demonstrates that renegotiation works successfully up until
  // disableRenegotiation is called.
  socket.on('data', common.mustCall((chunk) => {
    socket.write(chunk);
    socket.disableRenegotiation();
  }));
  socket.on('secure', common.mustCall(() => {
    assert(socket._handle.handshakes < 2,
           `Too many handshakes [${socket._handle.handshakes}]`);
  }));
}));


server.listen(0, common.mustCall(() => {
  const port = server.address().port;
  const options = {
    rejectUnauthorized: false,
Пример #8
0
const tls = require('tls');
const fixtures = require('../common/fixtures');

const options = {
  key: fixtures.readKey('agent2-key.pem'),
  cert: fixtures.readKey('agent2-cert.pem')
};

// Contains a UTF8 only character
const messageUtf8 = 'x√ab c';

// The same string above represented with ASCII
const messageAscii = 'xb\b\u001aab c';

const server = tls.Server(options, common.mustCall(function(socket) {
  socket.end(messageUtf8);
}));


server.listen(0, function() {
  const client = tls.connect({
    port: this.address().port,
    rejectUnauthorized: false
  });

  let buffer = '';

  client.setEncoding('ascii');

  client.on('data', function(d) {
    assert.ok(typeof d === 'string');
Пример #9
0
var common = require('../common');
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');
var path = require('path');

var options = {
  key: fs.readFileSync(path.join(common.fixturesDir, 'keys/agent1-key.pem')),
  cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
};
var serverErrorHappened = false;
var clientErrorHappened = false;

var server = tls.Server(options, function(socket) {
  assert(false);
});
server.on('clientError', function(err) {
  serverErrorHappened = true;
  common.debug('Server: ' + err);
  server.close();
});

server.listen(common.PORT, function() {
  var client = tls.connect(common.PORT, function() {
    assert(false);
  });
  client.on('error', function(err) {
    clientErrorHappened = true;
    common.debug('Client: ' + err);
  });
Пример #10
0
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');

var hadTimeout = false;

var options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
};

var server = tls.Server(options, function(socket) {
  socket.setTimeout(100);

  socket.on('timeout', function(err) {
    hadTimeout = true;
    socket.end();
    server.close();
  });
});

server.listen(common.PORT, function() {
  var socket = tls.connect({
    port: common.PORT,
    rejectUnauthorized: false
  });
});

process.on('exit', function() {
  assert.ok(hadTimeout);
});
Пример #11
0
util.inherits(Mediator, stream.Writable);

Mediator.prototype._write = function write(data, enc, cb) {
  this.buf += data;
  setTimeout(cb, 0);

  if (this.buf.length >= request.length) {
    assert.equal(this.buf, request.toString());
    server.close();
  }
};

var mediator = new Mediator();

var server = tls.Server(options, function(socket) {
  socket.pipe(mediator);
  serverConnected++;
});

server.listen(common.PORT, function() {
  var client1 = tls.connect({
    port: common.PORT,
    rejectUnauthorized: false
  }, function() {
    ++clientConnected;
    client1.end(request);
  });
});

process.on('exit', function() {
  assert.equal(clientConnected, 1);
  assert.equal(serverConnected, 1);
Пример #12
0
var tls = require('tls');

var fs = require('fs');

var hadTimeout = false;

var options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
};

var server = tls.Server(options, function(socket) {
  var s = socket.setTimeout(100);
  assert.ok(s instanceof tls.TLSSocket);

  socket.on('timeout', function(err) {
    hadTimeout = true;
    socket.end();
    server.close();
  });
});

server.listen(common.PORT, function() {
  var socket = tls.connect({
    port: common.PORT,
    rejectUnauthorized: false
  });
});

process.on('exit', function() {
  assert.ok(hadTimeout);
});
Пример #13
0
const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');

process.stdout.write('build body...');
const body = 'hello world\n'.repeat(1024 * 1024);
process.stdout.write('done\n');

const options = {
  key: fixtures.readKey('agent2-key.pem'),
  cert: fixtures.readKey('agent2-cert.pem')
};

const server = tls.Server(options, common.mustCall(function(socket) {
  socket.end(body);
}));

let recvCount = 0;

server.listen(common.PORT, function() {
  const client = tls.connect({
    port: common.PORT,
    rejectUnauthorized: false
  });

  client.on('data', function(d) {
    process.stdout.write('.');
    recvCount += d.length;

    client.pause();
Пример #14
0
var common = require('../common');
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');
var path = require('path');

var options = {
  key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')),
  cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
};

var server = tls.Server(options, function(s) {
  assert.equal(s.address().address, s.socket.address().address);
  assert.equal(s.address().port, s.socket.address().port);

  assert.equal(s.remoteAddress, s.socket.remoteAddress);
  assert.equal(s.remotePort, s.socket.remotePort);
  s.end();
});

server.listen(common.PORT, '127.0.0.1', function() {
  assert.equal(server.address().address, '127.0.0.1');
  assert.equal(server.address().port, common.PORT);

  var c = tls.connect(common.PORT, '127.0.0.1', function() {
    assert.equal(c.address().address, c.socket.address().address);
    assert.equal(c.address().port, c.socket.address().port);

    assert.equal(c.remoteAddress, '127.0.0.1');
    assert.equal(c.remotePort, common.PORT);
  });
Пример #15
0
const options = {
  key: fixtures.readKey('agent1-key.pem'),
  cert: fixtures.readKey('agent1-cert.pem')
};

const server = tls.Server(options, common.mustCall((socket) => {
  socket.on('error', common.mustCall((err) => {
    common.expectsError({
      type: Error,
      code: 'ERR_TLS_RENEGOTIATION_DISABLED',
      message: 'TLS session renegotiation disabled for this socket'
    })(err);
    socket.destroy();
    server.close();
  }));
  // Disable renegotiation after the first chunk of data received.
  // Demonstrates that renegotiation works successfully up until
  // disableRenegotiation is called.
  socket.on('data', common.mustCall((chunk) => {
    socket.write(chunk);
    socket.disableRenegotiation();
  }));
  socket.on('secure', common.mustCall(() => {
    assert(socket._handle.handshakes < 2,
           `Too many handshakes [${socket._handle.handshakes}]`);
  }));
}));


server.listen(0, common.mustCall(() => {
  const port = server.address().port;
  const options = {
Пример #16
0
const tls = require('tls');
const fixtures = require('../common/fixtures');

crypto.DEFAULT_ENCODING = 'buffer';

const certPem = fixtures.readSync('test_cert.pem', 'ascii');

const options = {
  key: fixtures.readKey('agent1-key.pem'),
  cert: fixtures.readKey('agent1-cert.pem')
};

const server = tls.Server(options, (socket) => {
  setImmediate(() => {
    verify();
    setImmediate(() => {
      socket.destroy();
    });
  });
});

function verify() {
  crypto.createVerify('SHA1')
    .update('Test')
    .verify(certPem, 'asdfasdfas', 'base64');
}

server.listen(0, common.mustCall(() => {
  tls.connect({
    port: server.address().port,
    rejectUnauthorized: false
  }, common.mustCall(() => {
Пример #17
0
const common = require('../common');
if (!common.hasCrypto)
  common.skip('missing crypto');

const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');

const options = {
  key: fixtures.readKey('agent2-key.pem'),
  cert: fixtures.readKey('agent2-cert.pem')
};

// create server
const server = tls.Server(options, common.mustCall((socket) => {
  socket.end('Goodbye');
}, 2));

// start listening
server.listen(0, function() {

  let session1 = null;
  const client1 = tls.connect({
    port: this.address().port,
    rejectUnauthorized: false
  }, () => {
    console.log('connect1');
    assert.ok(!client1.isSessionReused(), 'Session *should not* be reused.');
    session1 = client1.getSession();
  });
Пример #18
0
var common = require('../common');
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');

var options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem')
};

var connections = 0;

// create server
var server = tls.Server(options, function(socket) {
  socket.end('Goodbye');
  connections++;
});

// start listening
server.listen(common.PORT, function() {

  var session1 = null;
  var client1 = tls.connect({port: common.PORT}, function() {
    console.log('connect1');
    assert.ok(!client1.isSessionReused(), 'Session *should not* be reused.');
    session1 = client1.getSession();
  });

  client1.on('close', function() {
    console.log('close1');
Пример #19
0
const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');

const options = {
  key: fixtures.readSync('test_key.pem'),
  cert: fixtures.readSync('test_cert.pem')
};

const bufSize = 1024 * 1024;
let sent = 0;
let received = 0;

const server = tls.Server(options, function(socket) {
  socket.pipe(socket);
  socket.on('data', function(c) {
    console.error('data', c.length);
  });
});

server.listen(0, function() {
  let resumed = false;
  const client = tls.connect({
    port: this.address().port,
    rejectUnauthorized: false
  }, function() {
    console.error('connected');
    client.pause();
    console.error('paused');
    send();
    function send() {
      console.error('sending');
Пример #20
0
// Copyright & License details are available under JXCORE_LICENSE file


var common = require('../common');
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');

var options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
};

var server = tls.Server(options, function(socket) {
  socket.end('hello world');
});

server.listen(common.PORT, function() {
  var client = tls.connect({
    port: common.PORT,
    rejectUnauthorized: false
  });
  // test that setting the `ondata` function *prevents* data from
  // being pushed to the streams2 interface of the socket
  client.ondata = function (buf, start, length) {
    var b = buf.slice(start, length);
    process.nextTick(function () {
      var b2 = client.read();
      if (b2) {
        assert.notEqual(b.toString(), b2.toString());
      }
Пример #21
0
//     $> openssl s_client -connect localhost:12346 \
//        -key test/fixtures/agent.key -cert test/fixtures/agent.crt
//
//     $> openssl s_client -connect localhost:12346
//
var common = require('../common');
var tls = require('tls');
var fs = require('fs');
var join = require('path').join;

var key = fs.readFileSync(join(common.fixturesDir, 'agent.key')).toString();
var cert = fs.readFileSync(join(common.fixturesDir, 'agent.crt')).toString();

s = tls.Server({ key: key,
      cert: cert,
      ca: [],
      requestCert: true,
      rejectUnauthorized: true });

s.listen(common.PORT, function() {
  console.log('TLS server on 127.0.0.1:%d', common.PORT);
});


s.on('authorized', function(c) {
  console.log('authed connection');
  c.end('bye authorized friend.\n');
});

s.on('unauthorized', function(c, e) {
  console.log('unauthed connection: %s', e);
Пример #22
0
  common.skip('node compiled without OpenSSL CLI.');

const assert = require('assert');
const { spawn } = require('child_process');
const tls = require('tls');
const fixtures = require('../common/fixtures');

let success = false;

function loadPEM(n) {
  return fixtures.readKey(`${n}.pem`);
}

const server = tls.Server({
  secureProtocol: 'TLSv1_2_server_method',
  key: loadPEM('agent2-key'),
  cert: loadPEM('agent2-cert')
}, null).listen(0, function() {
  const args = ['s_client', '-quiet', '-tls1_1',
                '-connect', `127.0.0.1:${this.address().port}`];

  // for the performance and stability issue in s_client on Windows
  if (common.isWindows)
    args.push('-no_rand_screen');

  const client = spawn(common.opensslCli, args);
  let out = '';
  client.stderr.setEncoding('utf8');
  client.stderr.on('data', function(d) {
    out += d;
    if (/SSL alert number 70/.test(out)) {
Пример #23
0
var assert = require('assert');
var tls = require('tls');
var fs = require('fs');


var options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem')
};

var connections = 0;
var message = "hello world\n";


var server = tls.Server(options, function(socket) {
  socket.end(message);
  connections++;
});


server.listen(common.PORT, function() {
  var client = tls.connect(common.PORT);

  var buffer = '';

  client.setEncoding('utf8');

  client.on('data', function(d) {
    assert.ok(typeof d === 'string');
    buffer += d;
  });
Пример #24
0
const options = {
  key: fixtures.readKey('agent1-key.pem'),
  cert: fixtures.readKey('agent1-cert.pem')
};


const server = tls.Server(options, function(socket) {
  console.log('2) Server got request');
  socket.write('HTTP/1.1 200 OK\r\n' +
               'Date: Tue, 15 Feb 2011 22:14:54 GMT\r\n' +
               'Expires: -1\r\n' +
               'Cache-Control: private, max-age=0\r\n' +
               'Set-Cookie: xyz\r\n' +
               'Set-Cookie: abc\r\n' +
               'Server: gws\r\n' +
               'X-XSS-Protection: 1; mode=block\r\n' +
               'Connection: close\r\n' +
               '\r\n');

  socket.write('hello world\n');

  setTimeout(function() {
    socket.end('hello world\n');
    console.log('4) Server finished response');
  }, 100);
});

server.listen(0, common.mustCall(function() {
  console.log('1) Making Request');
  https.get({
    port: this.address().port,
    rejectUnauthorized: false