Skip to content

Commit 1d7fab3

Browse files
sam-githubMylesBorins
sam-github
authored and
MylesBorins
committed
test: tls cert chain completion scenarios
Backport-PR-URL: #12468 PR-URL: #10389 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Gibson Fahnestock <[email protected]> Reviewed-By: Michael Dawson <[email protected]>
1 parent f1c2f26 commit 1d7fab3

File tree

2 files changed

+96
-0
lines changed

2 files changed

+96
-0
lines changed

test/parallel/test-tls-cert-chains-concat.js

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
'use strict';
2+
const common = require('../common');
3+
4+
// Check cert chain is received by client, and is completed with the ca cert
5+
// known to the client.
6+
7+
const join = require('path').join;
8+
const {
9+
assert, connect, debug, keys
10+
} = require(join(common.fixturesDir, 'tls-connect'))();
11+
12+
// agent6-cert.pem includes cert for agent6 and ca3
13+
connect({
14+
client: {
15+
checkServerIdentity: (servername, cert) => { },
16+
ca: keys.agent6.ca,
17+
},
18+
server: {
19+
cert: keys.agent6.cert,
20+
key: keys.agent6.key,
21+
},
22+
}, function(err, pair, cleanup) {
23+
assert.ifError(err);
24+
25+
const peer = pair.client.conn.getPeerCertificate();
26+
debug('peer:\n', peer);
27+
assert.strictEqual(peer.subject.emailAddress, '[email protected]');
28+
assert.strictEqual(peer.subject.CN, 'Ádám Lippai'),
29+
assert.strictEqual(peer.issuer.CN, 'ca3');
30+
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');
31+
32+
const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
33+
const root = next.issuerCertificate;
34+
delete next.issuerCertificate;
35+
debug('next:\n', next);
36+
assert.strictEqual(next.subject.CN, 'ca3');
37+
assert.strictEqual(next.issuer.CN, 'ca1');
38+
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');
39+
40+
debug('root:\n', root);
41+
assert.strictEqual(root.subject.CN, 'ca1');
42+
assert.strictEqual(root.issuer.CN, 'ca1');
43+
assert.strictEqual(root.serialNumber, '8DF21C01468AF393');
44+
45+
// No client cert, so empty object returned.
46+
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(), {});
47+
assert.deepStrictEqual(pair.server.conn.getPeerCertificate(true), {});
48+
49+
return cleanup();
50+
});

test/parallel/test-tls-cert-chains-in-ca.js

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
'use strict';
2+
const common = require('../common');
3+
4+
// Check cert chain is received by client, and is completed with the ca cert
5+
// known to the client.
6+
7+
const join = require('path').join;
8+
const {
9+
assert, connect, debug, keys
10+
} = require(join(common.fixturesDir, 'tls-connect'))();
11+
12+
13+
// agent6-cert.pem includes cert for agent6 and ca3, split it apart and
14+
// provide ca3 in the .ca property.
15+
const agent6Chain = keys.agent6.cert.split('-----END CERTIFICATE-----')
16+
.map((c) => { return c + '-----END CERTIFICATE-----'; });
17+
const agent6End = agent6Chain[0];
18+
const agent6Middle = agent6Chain[1];
19+
connect({
20+
client: {
21+
checkServerIdentity: (servername, cert) => { },
22+
ca: keys.agent6.ca,
23+
},
24+
server: {
25+
cert: agent6End,
26+
key: keys.agent6.key,
27+
ca: agent6Middle,
28+
},
29+
}, function(err, pair, cleanup) {
30+
assert.ifError(err);
31+
32+
const peer = pair.client.conn.getPeerCertificate();
33+
debug('peer:\n', peer);
34+
assert.strictEqual(peer.serialNumber, 'C4CD893EF9A75DCC');
35+
36+
const next = pair.client.conn.getPeerCertificate(true).issuerCertificate;
37+
const root = next.issuerCertificate;
38+
delete next.issuerCertificate;
39+
debug('next:\n', next);
40+
assert.strictEqual(next.serialNumber, '9A84ABCFB8A72ABF');
41+
42+
debug('root:\n', root);
43+
assert.strictEqual(root.serialNumber, '8DF21C01468AF393');
44+
45+
return cleanup();
46+
});

0 commit comments

Comments
 (0)