diff options
author | Fedor Indutny <fedor.indutny@gmail.com> | 2014-03-07 03:27:01 +0400 |
---|---|---|
committer | Fedor Indutny <fedor@indutny.com> | 2014-03-29 12:01:43 +0400 |
commit | 5d2aef17ee56fbbf415ca1e3034cdb02cd97117c (patch) | |
tree | 4cdf828ffa9b6a3c33ff864539ed8afa83437a69 /test | |
parent | b55c9d68aa713e75ff5077cd425cbaafde010b92 (diff) | |
download | android-node-v8-5d2aef17ee56fbbf415ca1e3034cdb02cd97117c.tar.gz android-node-v8-5d2aef17ee56fbbf415ca1e3034cdb02cd97117c.tar.bz2 android-node-v8-5d2aef17ee56fbbf415ca1e3034cdb02cd97117c.zip |
crypto: move `createCredentials` to tls
Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.
fix #7249
Diffstat (limited to 'test')
-rw-r--r-- | test/pummel/test-tls-securepair-client.js | 2 | ||||
-rw-r--r-- | test/simple/test-crypto-binary-default.js | 19 | ||||
-rw-r--r-- | test/simple/test-crypto.js | 18 | ||||
-rw-r--r-- | test/simple/test-tls-client-default-ciphers.js | 3 | ||||
-rw-r--r-- | test/simple/test-tls-delayed-attach.js | 3 | ||||
-rw-r--r-- | test/simple/test-tls-honorcipherorder.js | 13 | ||||
-rw-r--r-- | test/simple/test-tls-npn-server-client.js | 9 | ||||
-rw-r--r-- | test/simple/test-tls-securepair-server.js | 3 | ||||
-rw-r--r-- | test/simple/test-tls-sni-option.js | 9 |
9 files changed, 43 insertions, 36 deletions
diff --git a/test/pummel/test-tls-securepair-client.js b/test/pummel/test-tls-securepair-client.js index 9ef2f6e1f2..711fae3642 100644 --- a/test/pummel/test-tls-securepair-client.js +++ b/test/pummel/test-tls-securepair-client.js @@ -128,7 +128,7 @@ function test(keyfn, certfn, check, next) { function startClient() { var s = new net.Stream(); - var sslcontext = crypto.createCredentials({key: key, cert: cert}); + var sslcontext = tls.createSecureContext({key: key, cert: cert}); sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA'); var pair = tls.createSecurePair(sslcontext, false); diff --git a/test/simple/test-crypto-binary-default.js b/test/simple/test-crypto-binary-default.js index ad0a30fdbf..fe7da668e2 100644 --- a/test/simple/test-crypto-binary-default.js +++ b/test/simple/test-crypto-binary-default.js @@ -29,6 +29,7 @@ var constants = require('constants'); try { var crypto = require('crypto'); + var tls = require('tls'); } catch (e) { console.log('Not compiled with OPENSSL support.'); process.exit(); @@ -49,11 +50,13 @@ var rsaPubPem = fs.readFileSync(common.fixturesDir + '/test_rsa_pubkey.pem', var rsaKeyPem = fs.readFileSync(common.fixturesDir + '/test_rsa_privkey.pem', 'ascii'); +// TODO(indutny): Move to a separate test eventually try { - var credentials = crypto.createCredentials( - {key: keyPem, - cert: certPem, - ca: caPem}); + var context = tls.createSecureContext({ + key: keyPem, + cert: certPem, + ca: caPem + }); } catch (e) { console.log('Not compiled with OPENSSL support.'); process.exit(); @@ -61,19 +64,19 @@ try { // PFX tests assert.doesNotThrow(function() { - crypto.createCredentials({pfx:certPfx, passphrase:'sample'}); + tls.createSecureContext({pfx:certPfx, passphrase:'sample'}); }); assert.throws(function() { - crypto.createCredentials({pfx:certPfx}); + tls.createSecureContext({pfx:certPfx}); }, 'mac verify failure'); assert.throws(function() { - crypto.createCredentials({pfx:certPfx, passphrase:'test'}); + tls.createSecureContext({pfx:certPfx, passphrase:'test'}); }, 'mac verify failure'); assert.throws(function() { - crypto.createCredentials({pfx:'sample', passphrase:'test'}); + tls.createSecureContext({pfx:'sample', passphrase:'test'}); }, 'not enough data'); // Test HMAC diff --git a/test/simple/test-crypto.js b/test/simple/test-crypto.js index e1b2682124..cdf066c3b9 100644 --- a/test/simple/test-crypto.js +++ b/test/simple/test-crypto.js @@ -58,11 +58,13 @@ var dsaKeyPemEncrypted = fs.readFileSync( common.fixturesDir + '/test_dsa_privkey_encrypted.pem', 'ascii'); +// TODO(indunty): move to a separate test eventually try { - var credentials = crypto.createCredentials( - {key: keyPem, - cert: certPem, - ca: caPem}); + var context = tls.createSecureContext({ + key: keyPem, + cert: certPem, + ca: caPem + }); } catch (e) { console.log('Not compiled with OPENSSL support.'); process.exit(); @@ -70,19 +72,19 @@ try { // PFX tests assert.doesNotThrow(function() { - crypto.createCredentials({pfx:certPfx, passphrase:'sample'}); + crypto.createSecureContext({pfx:certPfx, passphrase:'sample'}); }); assert.throws(function() { - crypto.createCredentials({pfx:certPfx}); + tls.createSecureContext({pfx:certPfx}); }, 'mac verify failure'); assert.throws(function() { - crypto.createCredentials({pfx:certPfx, passphrase:'test'}); + tls.createSecureContext({pfx:certPfx, passphrase:'test'}); }, 'mac verify failure'); assert.throws(function() { - crypto.createCredentials({pfx:'sample', passphrase:'test'}); + tls.createSecureContext({pfx:'sample', passphrase:'test'}); }, 'not enough data'); // Test HMAC diff --git a/test/simple/test-tls-client-default-ciphers.js b/test/simple/test-tls-client-default-ciphers.js index bc5e33b367..83f8f86db5 100644 --- a/test/simple/test-tls-client-default-ciphers.js +++ b/test/simple/test-tls-client-default-ciphers.js @@ -19,13 +19,12 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. -var crypto = require('crypto'); var assert = require('assert'); var tls = require('tls'); function test1() { var ciphers = ''; - crypto.createCredentials = function(options) { + tls.createSecureContext = function(options) { ciphers = options.ciphers } tls.connect(443); diff --git a/test/simple/test-tls-delayed-attach.js b/test/simple/test-tls-delayed-attach.js index 17ccb0b1bd..ceacedc738 100644 --- a/test/simple/test-tls-delayed-attach.js +++ b/test/simple/test-tls-delayed-attach.js @@ -28,7 +28,6 @@ var assert = require('assert'); var fs = require('fs'); var net = require('net'); var tls = require('tls'); -var crypto = require('crypto'); var common = require('../common'); @@ -45,7 +44,7 @@ var server = net.createServer(function(c) { setTimeout(function() { var s = new tls.TLSSocket(c, { isServer: true, - credentials: crypto.createCredentials(options) + secureContext: tls.createSecureContext(options) }); s.on('data', function(chunk) { diff --git a/test/simple/test-tls-honorcipherorder.js b/test/simple/test-tls-honorcipherorder.js index dac13d7265..6b24d75146 100644 --- a/test/simple/test-tls-honorcipherorder.js +++ b/test/simple/test-tls-honorcipherorder.js @@ -30,7 +30,7 @@ var SSL_Method = 'TLSv1_method'; var localhost = '127.0.0.1'; process.on('exit', function() { - assert.equal(nconns, 5); + assert.equal(nconns, 6); }); function test(honorCipherOrder, clientCipher, expectedCipher, cb) { @@ -38,7 +38,7 @@ function test(honorCipherOrder, clientCipher, expectedCipher, cb) { secureProtocol: SSL_Method, key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), - ciphers: 'DES-CBC-SHA:AES256-SHA:RC4-SHA', + ciphers: 'DES-CBC-SHA:AES256-SHA:RC4-SHA:ECDHE-RSA-AES256-SHA', honorCipherOrder: !!honorCipherOrder }; @@ -96,5 +96,12 @@ function test5() { // Client did not explicitly set ciphers. Ensure that client defaults to // sane ciphers. Even though server gives top priority to DES-CBC-SHA // it should not be negotiated because it's not in default client ciphers. - test(true, null, 'AES256-SHA'); + test(true, null, 'AES256-SHA', test6); +} + +function test6() { + // Ensure that `tls.DEFAULT_CIPHERS` is used + SSL_Method = 'TLSv1_2_method'; + tls.DEFAULT_CIPHERS = 'ECDHE-RSA-AES256-SHA'; + test(true, null, 'ECDHE-RSA-AES256-SHA'); } diff --git a/test/simple/test-tls-npn-server-client.js b/test/simple/test-tls-npn-server-client.js index ef89bd235e..0849cc8d2e 100644 --- a/test/simple/test-tls-npn-server-client.js +++ b/test/simple/test-tls-npn-server-client.js @@ -28,8 +28,7 @@ if (!process.features.tls_npn) { var common = require('../common'), assert = require('assert'), fs = require('fs'), - tls = require('tls'), - crypto = require('crypto'); + tls = require('tls'); function filenamePEM(n) { return require('path').join(common.fixturesDir, 'keys', n + '.pem'); @@ -43,12 +42,12 @@ var serverOptions = { key: loadPEM('agent2-key'), cert: loadPEM('agent2-cert'), crl: loadPEM('ca2-crl'), - SNICallback: function() { - return crypto.createCredentials({ + SNICallback: function(servername, cb) { + cb(null, tls.createSecureContext({ key: loadPEM('agent2-key'), cert: loadPEM('agent2-cert'), crl: loadPEM('ca2-crl'), - }).context; + })); }, NPNProtocols: ['a', 'b', 'c'] }; diff --git a/test/simple/test-tls-securepair-server.js b/test/simple/test-tls-securepair-server.js index 0d98ad7791..ece965c544 100644 --- a/test/simple/test-tls-securepair-server.js +++ b/test/simple/test-tls-securepair-server.js @@ -31,7 +31,6 @@ var assert = require('assert'); var join = require('path').join; var net = require('net'); var fs = require('fs'); -var crypto = require('crypto'); var tls = require('tls'); var spawn = require('child_process').spawn; @@ -46,7 +45,7 @@ function log(a) { var server = net.createServer(function(socket) { connections++; log('connection fd=' + socket.fd); - var sslcontext = crypto.createCredentials({key: key, cert: cert}); + var sslcontext = tls.createSecureContext({key: key, cert: cert}); sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA'); var pair = tls.createSecurePair(sslcontext, true); diff --git a/test/simple/test-tls-sni-option.js b/test/simple/test-tls-sni-option.js index 7de7dea074..57c17163a7 100644 --- a/test/simple/test-tls-sni-option.js +++ b/test/simple/test-tls-sni-option.js @@ -27,7 +27,6 @@ if (!process.features.tls_sni) { var common = require('../common'), assert = require('assert'), - crypto = require('crypto'), fs = require('fs'), tls = require('tls'); @@ -43,15 +42,15 @@ var serverOptions = { key: loadPEM('agent2-key'), cert: loadPEM('agent2-cert'), SNICallback: function(servername, callback) { - var credentials = SNIContexts[servername]; + var context = SNIContexts[servername]; // Just to test asynchronous callback setTimeout(function() { - if (credentials) { - if (credentials.emptyRegression) + if (context) { + if (context.emptyRegression) callback(null, {}); else - callback(null, crypto.createCredentials(credentials).context); + callback(null, tls.createSecureContext(context)); } else { callback(null, null); } |