test: move common tls connect setup into fixtures

TLS connection setup boilerplate is common to many TLS tests, factor it
into a test fixture so tests are clearer to read and faster to write.

PR-URL: https://github.com/nodejs/node/pull/10389
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>

1 files changed, 33 insertions, 45 deletions

diff --git a/test/parallel/test-tls-addca.js b/test/parallel/test-tls-addca.js
index 0e9571efdf..7a6f9a7751 100644
--- a/test/parallel/test-tls-addca.js
+++ b/test/parallel/test-tls-addca.js
@@ -1,62 +1,50 @@
 'use strict';
 const common = require('../common');
-const fs = require('fs');
 
-if (!common.hasCrypto) {
-  common.skip('missing crypto');
-  return;
-}
-const tls = require('tls');
-
-function filenamePEM(n) {
-  return require('path').join(common.fixturesDir, 'keys', n + '.pem');
-}
+// Adding a CA certificate to contextWithCert should not also add it to
+// contextWithoutCert. This is tested by trying to connect to a server that
+// depends on that CA using contextWithoutCert.
 
-function loadPEM(n) {
-  return fs.readFileSync(filenamePEM(n));
-}
+const join = require('path').join;
+const {
+  assert, connect, keys, tls
+} = require(join(common.fixturesDir, 'tls-connect'))();
 
-const caCert = loadPEM('ca1-cert');
 const contextWithoutCert = tls.createSecureContext({});
 const contextWithCert = tls.createSecureContext({});
-// Adding a CA certificate to contextWithCert should not also add it to
-// contextWithoutCert. This is tested by trying to connect to a server that
-// depends on that CA using contextWithoutCert.
-contextWithCert.context.addCACert(caCert);
+contextWithCert.context.addCACert(keys.agent1.ca);
 
 const serverOptions = {
-  key: loadPEM('agent1-key'),
-  cert: loadPEM('agent1-cert'),
+  key: keys.agent1.key,
+  cert: keys.agent1.cert,
 };
-const server = tls.createServer(serverOptions, function() {});
 
 const clientOptions = {
-  port: undefined,
-  ca: [caCert],
+  ca: [keys.agent1.ca],
   servername: 'agent1',
   rejectUnauthorized: true,
 };
 
-function startTest() {
-  // This client should fail to connect because it doesn't trust the CA
+// This client should fail to connect because it doesn't trust the CA
+// certificate.
+clientOptions.secureContext = contextWithoutCert;
+
+connect({
+  client: clientOptions,
+  server: serverOptions,
+}, function(err, pair, cleanup) {
+  assert(err);
+  assert.strictEqual(err.message, 'unable to verify the first certificate');
+  cleanup();
+
+  // This time it should connect because contextWithCert includes the needed CA
   // certificate.
-  clientOptions.secureContext = contextWithoutCert;
-  clientOptions.port = server.address().port;
-  const client = tls.connect(clientOptions, common.fail);
-  client.on('error', common.mustCall(() => {
-    client.destroy();
-
-    // This time it should connect because contextWithCert includes the needed
-    // CA certificate.
-    clientOptions.secureContext = contextWithCert;
-    const client2 = tls.connect(clientOptions, common.mustCall(() => {
-      client2.destroy();
-      server.close();
-    }));
-    client2.on('error', (e) => {
-      console.log(e);
-    });
-  }));
-}
-
-server.listen(0, startTest);
+  clientOptions.secureContext = contextWithCert;
+  connect({
+    client: clientOptions,
+    server: serverOptions,
+  }, function(err, pair, cleanup) {
+    assert.ifError(err);
+    cleanup();
+  });
+});