diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2016-12-15 12:47:36 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2016-12-19 13:42:56 -0800 |
commit | 0b443845616437d0ccf7ce6ee10c79e1432bc3d7 (patch) | |
tree | e813250917fc0af26b9315c9b702e8129cbc0c5d /test/parallel/test-tls-passphrase.js | |
parent | 793d8719ebcb67e2758ba7fd6c50ff864d552716 (diff) | |
download | android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.tar.gz android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.tar.bz2 android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.zip |
tls: allow obvious key/passphrase combinations
Passphrase is now used whether keys are provided singly, in an array of
string/buffer, or an array of object, where it used to be ignored in
some argument combinations. Specifically, these now work as expected:
key: [encryptedPem],
passphrase: 'passphrase'
and
key: [{pem: encryptedPem}]
passphrase: 'passphrase'
and
key: [{pem: unencryptedPem}]
PR-URL: https://github.com/nodejs/node/pull/10294
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'test/parallel/test-tls-passphrase.js')
-rw-r--r-- | test/parallel/test-tls-passphrase.js | 97 |
1 files changed, 83 insertions, 14 deletions
diff --git a/test/parallel/test-tls-passphrase.js b/test/parallel/test-tls-passphrase.js index 319c3511dc..4630fe236d 100644 --- a/test/parallel/test-tls-passphrase.js +++ b/test/parallel/test-tls-passphrase.js @@ -51,13 +51,12 @@ server.listen(0, common.mustCall(function() { tls.connect({ port: this.address().port, key: rawKey, - passphrase: 'passphrase', // Ignored. + passphrase: 'ignored', cert: cert, rejectUnauthorized: false }, common.mustCall(function() {})); // Buffer[] - /* XXX(sam) Should work, but its unimplemented ATM. tls.connect({ port: this.address().port, key: [passKey], @@ -65,7 +64,6 @@ server.listen(0, common.mustCall(function() { cert: [cert], rejectUnauthorized: false }, common.mustCall(function() {})); - */ tls.connect({ port: this.address().port, @@ -77,7 +75,7 @@ server.listen(0, common.mustCall(function() { tls.connect({ port: this.address().port, key: [rawKey], - passphrase: 'passphrase', // Ignored. + passphrase: 'ignored', cert: [cert], rejectUnauthorized: false }, common.mustCall(function() {})); @@ -101,13 +99,12 @@ server.listen(0, common.mustCall(function() { tls.connect({ port: this.address().port, key: rawKey.toString(), - passphrase: 'passphrase', // Ignored. + passphrase: 'ignored', cert: cert.toString(), rejectUnauthorized: false }, common.mustCall(function() {})); // String[] - /* XXX(sam) Should work, but its unimplemented ATM. tls.connect({ port: this.address().port, key: [passKey.toString()], @@ -115,7 +112,6 @@ server.listen(0, common.mustCall(function() { cert: [cert.toString()], rejectUnauthorized: false }, common.mustCall(function() {})); - */ tls.connect({ port: this.address().port, @@ -127,7 +123,7 @@ server.listen(0, common.mustCall(function() { tls.connect({ port: this.address().port, key: [rawKey.toString()], - passphrase: 'passphrase', // Ignored. + passphrase: 'ignored', cert: [cert.toString()], rejectUnauthorized: false }, common.mustCall(function() {})); @@ -142,6 +138,22 @@ server.listen(0, common.mustCall(function() { tls.connect({ port: this.address().port, + key: [{pem: passKey, passphrase: 'passphrase'}], + passphrase: 'ignored', + cert: cert, + rejectUnauthorized: false + }, common.mustCall(function() {})); + + tls.connect({ + port: this.address().port, + key: [{pem: passKey}], + passphrase: 'passphrase', + cert: cert, + rejectUnauthorized: false + }, common.mustCall(function() {})); + + tls.connect({ + port: this.address().port, key: [{pem: passKey.toString(), passphrase: 'passphrase'}], cert: cert, rejectUnauthorized: false @@ -149,23 +161,22 @@ server.listen(0, common.mustCall(function() { tls.connect({ port: this.address().port, - key: [{pem: rawKey, passphrase: 'passphrase'}], + key: [{pem: rawKey, passphrase: 'ignored'}], cert: cert, rejectUnauthorized: false }, common.mustCall(function() {})); tls.connect({ port: this.address().port, - key: [{pem: rawKey.toString(), passphrase: 'passphrase'}], + key: [{pem: rawKey.toString(), passphrase: 'ignored'}], cert: cert, rejectUnauthorized: false }, common.mustCall(function() {})); - /* XXX(sam) Should work, but unimplemented ATM tls.connect({ port: this.address().port, key: [{pem: rawKey}], - passphrase: 'passphrase', + passphrase: 'ignored', cert: cert, rejectUnauthorized: false }, common.mustCall(function() {})); @@ -173,7 +184,7 @@ server.listen(0, common.mustCall(function() { tls.connect({ port: this.address().port, key: [{pem: rawKey.toString()}], - passphrase: 'passphrase', + passphrase: 'ignored', cert: cert, rejectUnauthorized: false }, common.mustCall(function() {})); @@ -191,9 +202,37 @@ server.listen(0, common.mustCall(function() { cert: cert, rejectUnauthorized: false }, common.mustCall(function() {})); - */ })).unref(); +// Missing passphrase +assert.throws(function() { + tls.connect({ + port: server.address().port, + key: passKey, + cert: cert, + rejectUnauthorized: false + }); +}, /bad password read/); + +assert.throws(function() { + tls.connect({ + port: server.address().port, + key: [passKey], + cert: cert, + rejectUnauthorized: false + }); +}, /bad password read/); + +assert.throws(function() { + tls.connect({ + port: server.address().port, + key: [{pem: passKey}], + cert: cert, + rejectUnauthorized: false + }); +}, /bad password read/); + +// Invalid passphrase assert.throws(function() { tls.connect({ port: server.address().port, @@ -203,3 +242,33 @@ assert.throws(function() { rejectUnauthorized: false }); }, /bad decrypt/); + +assert.throws(function() { + tls.connect({ + port: server.address().port, + key: [passKey], + passphrase: 'invalid', + cert: cert, + rejectUnauthorized: false + }); +}, /bad decrypt/); + +assert.throws(function() { + tls.connect({ + port: server.address().port, + key: [{pem: passKey}], + passphrase: 'invalid', + cert: cert, + rejectUnauthorized: false + }); +}, /bad decrypt/); + +assert.throws(function() { + tls.connect({ + port: server.address().port, + key: [{pem: passKey, passphrase: 'invalid'}], + passphrase: 'passphrase', // Valid but unused + cert: cert, + rejectUnauthorized: false + }); +}, /bad decrypt/); |