tls: allow obvious key/passphrase combinations

Passphrase is now used whether keys are provided singly, in an array of string/buffer, or an array of object, where it used to be ignored in some argument combinations. Specifically, these now work as expected: key: [encryptedPem], passphrase: 'passphrase' and key: [{pem: encryptedPem}] passphrase: 'passphrase' and key: [{pem: unencryptedPem}] PR-URL: https://github.com/nodejs/node/pull/10294 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
author: Sam Roberts <vieuxtech@gmail.com> 2016-12-15 12:47:36 -0800
committer: Sam Roberts <vieuxtech@gmail.com> 2016-12-19 13:42:56 -0800
commit: 0b443845616437d0ccf7ce6ee10c79e1432bc3d7 (patch)
tree: e813250917fc0af26b9315c9b702e8129cbc0c5d /test/parallel/test-tls-passphrase.js
parent: 793d8719ebcb67e2758ba7fd6c50ff864d552716 (diff)
download: android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.tar.gz
android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.tar.bz2
android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.zip
1 files changed, 83 insertions, 14 deletions
diff --git a/test/parallel/test-tls-passphrase.js b/test/parallel/test-tls-passphrase.js
index 319c3511dc..4630fe236d 100644
--- a/test/parallel/test-tls-passphrase.js
+++ b/test/parallel/test-tls-passphrase.js
@@ -51,13 +51,12 @@ server.listen(0, common.mustCall(function() {
   tls.connect({
     port: this.address().port,
     key: rawKey,
-    passphrase: 'passphrase', // Ignored.
+    passphrase: 'ignored',
     cert: cert,
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
 
   // Buffer[]
-  /* XXX(sam) Should work, but its unimplemented ATM.
   tls.connect({
     port: this.address().port,
     key: [passKey],
@@ -65,7 +64,6 @@ server.listen(0, common.mustCall(function() {
     cert: [cert],
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
-  */
 
   tls.connect({
     port: this.address().port,
@@ -77,7 +75,7 @@ server.listen(0, common.mustCall(function() {
   tls.connect({
     port: this.address().port,
     key: [rawKey],
-    passphrase: 'passphrase', // Ignored.
+    passphrase: 'ignored',
     cert: [cert],
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
@@ -101,13 +99,12 @@ server.listen(0, common.mustCall(function() {
   tls.connect({
     port: this.address().port,
     key: rawKey.toString(),
-    passphrase: 'passphrase', // Ignored.
+    passphrase: 'ignored',
     cert: cert.toString(),
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
 
   // String[]
-  /* XXX(sam) Should work, but its unimplemented ATM.
   tls.connect({
     port: this.address().port,
     key: [passKey.toString()],
@@ -115,7 +112,6 @@ server.listen(0, common.mustCall(function() {
     cert: [cert.toString()],
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
-  */
 
   tls.connect({
     port: this.address().port,
@@ -127,7 +123,7 @@ server.listen(0, common.mustCall(function() {
   tls.connect({
     port: this.address().port,
     key: [rawKey.toString()],
-    passphrase: 'passphrase', // Ignored.
+    passphrase: 'ignored',
     cert: [cert.toString()],
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
@@ -142,6 +138,22 @@ server.listen(0, common.mustCall(function() {
 
   tls.connect({
     port: this.address().port,
+    key: [{pem: passKey, passphrase: 'passphrase'}],
+    passphrase: 'ignored',
+    cert: cert,
+    rejectUnauthorized: false
+  }, common.mustCall(function() {}));
+
+  tls.connect({
+    port: this.address().port,
+    key: [{pem: passKey}],
+    passphrase: 'passphrase',
+    cert: cert,
+    rejectUnauthorized: false
+  }, common.mustCall(function() {}));
+
+  tls.connect({
+    port: this.address().port,
     key: [{pem: passKey.toString(), passphrase: 'passphrase'}],
     cert: cert,
     rejectUnauthorized: false
@@ -149,23 +161,22 @@ server.listen(0, common.mustCall(function() {
 
   tls.connect({
     port: this.address().port,
-    key: [{pem: rawKey, passphrase: 'passphrase'}],
+    key: [{pem: rawKey, passphrase: 'ignored'}],
     cert: cert,
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
 
   tls.connect({
     port: this.address().port,
-    key: [{pem: rawKey.toString(), passphrase: 'passphrase'}],
+    key: [{pem: rawKey.toString(), passphrase: 'ignored'}],
     cert: cert,
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
 
-  /* XXX(sam) Should work, but unimplemented ATM
   tls.connect({
     port: this.address().port,
     key: [{pem: rawKey}],
-    passphrase: 'passphrase',
+    passphrase: 'ignored',
     cert: cert,
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
@@ -173,7 +184,7 @@ server.listen(0, common.mustCall(function() {
   tls.connect({
     port: this.address().port,
     key: [{pem: rawKey.toString()}],
-    passphrase: 'passphrase',
+    passphrase: 'ignored',
     cert: cert,
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
@@ -191,9 +202,37 @@ server.listen(0, common.mustCall(function() {
     cert: cert,
     rejectUnauthorized: false
   }, common.mustCall(function() {}));
-  */
 })).unref();
 
+// Missing passphrase
+assert.throws(function() {
+  tls.connect({
+    port: server.address().port,
+    key: passKey,
+    cert: cert,
+    rejectUnauthorized: false
+  });
+}, /bad password read/);
+
+assert.throws(function() {
+  tls.connect({
+    port: server.address().port,
+    key: [passKey],
+    cert: cert,
+    rejectUnauthorized: false
+  });
+}, /bad password read/);
+
+assert.throws(function() {
+  tls.connect({
+    port: server.address().port,
+    key: [{pem: passKey}],
+    cert: cert,
+    rejectUnauthorized: false
+  });
+}, /bad password read/);
+
+// Invalid passphrase
 assert.throws(function() {
   tls.connect({
     port: server.address().port,
@@ -203,3 +242,33 @@ assert.throws(function() {
     rejectUnauthorized: false
   });
 }, /bad decrypt/);
+
+assert.throws(function() {
+  tls.connect({
+    port: server.address().port,
+    key: [passKey],
+    passphrase: 'invalid',
+    cert: cert,
+    rejectUnauthorized: false
+  });
+}, /bad decrypt/);
+
+assert.throws(function() {
+  tls.connect({
+    port: server.address().port,
+    key: [{pem: passKey}],
+    passphrase: 'invalid',
+    cert: cert,
+    rejectUnauthorized: false
+  });
+}, /bad decrypt/);
+
+assert.throws(function() {
+  tls.connect({
+    port: server.address().port,
+    key: [{pem: passKey, passphrase: 'invalid'}],
+    passphrase: 'passphrase', // Valid but unused
+    cert: cert,
+    rejectUnauthorized: false
+  });
+}, /bad decrypt/);
author	Sam Roberts <vieuxtech@gmail.com>	2016-12-15 12:47:36 -0800
committer	Sam Roberts <vieuxtech@gmail.com>	2016-12-19 13:42:56 -0800
commit	0b443845616437d0ccf7ce6ee10c79e1432bc3d7 (patch)
tree	e813250917fc0af26b9315c9b702e8129cbc0c5d /test/parallel/test-tls-passphrase.js
parent	793d8719ebcb67e2758ba7fd6c50ff864d552716 (diff)
download	android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.tar.gz android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.tar.bz2 android-node-v8-0b443845616437d0ccf7ce6ee10c79e1432bc3d7.zip