crypto: move `createCredentials` to tls

Move `createCredentials` to `tls` module and rename it to
`createSecureContext`. Make it use default values from `tls` module:
`DEFAULT_CIPHERS` and `DEFAULT_ECDH_CURVE`.

fix #7249

9 files changed, 43 insertions, 36 deletions

diff --git a/test/pummel/test-tls-securepair-client.js b/test/pummel/test-tls-securepair-client.js
index 9ef2f6e1f2..711fae3642 100644
--- a/test/pummel/test-tls-securepair-client.js
+++ b/test/pummel/test-tls-securepair-client.js
@@ -128,7 +128,7 @@ function test(keyfn, certfn, check, next) {
   function startClient() {
     var s = new net.Stream();
 
-    var sslcontext = crypto.createCredentials({key: key, cert: cert});
+    var sslcontext = tls.createSecureContext({key: key, cert: cert});
     sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
 
     var pair = tls.createSecurePair(sslcontext, false);
diff --git a/test/simple/test-crypto-binary-default.js b/test/simple/test-crypto-binary-default.js
index ad0a30fdbf..fe7da668e2 100644
--- a/test/simple/test-crypto-binary-default.js
+++ b/test/simple/test-crypto-binary-default.js
@@ -29,6 +29,7 @@ var constants = require('constants');
 
 try {
   var crypto = require('crypto');
+  var tls = require('tls');
 } catch (e) {
   console.log('Not compiled with OPENSSL support.');
   process.exit();
@@ -49,11 +50,13 @@ var rsaPubPem = fs.readFileSync(common.fixturesDir + '/test_rsa_pubkey.pem',
 var rsaKeyPem = fs.readFileSync(common.fixturesDir + '/test_rsa_privkey.pem',
     'ascii');
 
+// TODO(indutny): Move to a separate test eventually
 try {
-  var credentials = crypto.createCredentials(
-                                             {key: keyPem,
-                                               cert: certPem,
-                                               ca: caPem});
+  var context = tls.createSecureContext({
+    key: keyPem,
+    cert: certPem,
+    ca: caPem
+  });
 } catch (e) {
   console.log('Not compiled with OPENSSL support.');
   process.exit();
@@ -61,19 +64,19 @@ try {
 
 // PFX tests
 assert.doesNotThrow(function() {
-  crypto.createCredentials({pfx:certPfx, passphrase:'sample'});
+  tls.createSecureContext({pfx:certPfx, passphrase:'sample'});
 });
 
 assert.throws(function() {
-  crypto.createCredentials({pfx:certPfx});
+  tls.createSecureContext({pfx:certPfx});
 }, 'mac verify failure');
 
 assert.throws(function() {
-  crypto.createCredentials({pfx:certPfx, passphrase:'test'});
+  tls.createSecureContext({pfx:certPfx, passphrase:'test'});
 }, 'mac verify failure');
 
 assert.throws(function() {
-  crypto.createCredentials({pfx:'sample', passphrase:'test'});
+  tls.createSecureContext({pfx:'sample', passphrase:'test'});
 }, 'not enough data');
 
 // Test HMAC
diff --git a/test/simple/test-crypto.js b/test/simple/test-crypto.js
index e1b2682124..cdf066c3b9 100644
--- a/test/simple/test-crypto.js
+++ b/test/simple/test-crypto.js
@@ -58,11 +58,13 @@ var dsaKeyPemEncrypted = fs.readFileSync(
   common.fixturesDir + '/test_dsa_privkey_encrypted.pem', 'ascii');
 
 
+// TODO(indunty): move to a separate test eventually
 try {
-  var credentials = crypto.createCredentials(
-                                             {key: keyPem,
-                                               cert: certPem,
-                                               ca: caPem});
+  var context = tls.createSecureContext({
+    key: keyPem,
+    cert: certPem,
+    ca: caPem
+  });
 } catch (e) {
   console.log('Not compiled with OPENSSL support.');
   process.exit();
@@ -70,19 +72,19 @@ try {
 
 // PFX tests
 assert.doesNotThrow(function() {
-  crypto.createCredentials({pfx:certPfx, passphrase:'sample'});
+  crypto.createSecureContext({pfx:certPfx, passphrase:'sample'});
 });
 
 assert.throws(function() {
-  crypto.createCredentials({pfx:certPfx});
+  tls.createSecureContext({pfx:certPfx});
 }, 'mac verify failure');
 
 assert.throws(function() {
-  crypto.createCredentials({pfx:certPfx, passphrase:'test'});
+  tls.createSecureContext({pfx:certPfx, passphrase:'test'});
 }, 'mac verify failure');
 
 assert.throws(function() {
-  crypto.createCredentials({pfx:'sample', passphrase:'test'});
+  tls.createSecureContext({pfx:'sample', passphrase:'test'});
 }, 'not enough data');
 
 // Test HMAC
diff --git a/test/simple/test-tls-client-default-ciphers.js b/test/simple/test-tls-client-default-ciphers.js
index bc5e33b367..83f8f86db5 100644
--- a/test/simple/test-tls-client-default-ciphers.js
+++ b/test/simple/test-tls-client-default-ciphers.js
@@ -19,13 +19,12 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-var crypto = require('crypto');
 var assert = require('assert');
 var tls = require('tls');
 
 function test1() {
   var ciphers = '';
-  crypto.createCredentials = function(options) {
+  tls.createSecureContext = function(options) {
     ciphers = options.ciphers
   }
   tls.connect(443);
diff --git a/test/simple/test-tls-delayed-attach.js b/test/simple/test-tls-delayed-attach.js
index 17ccb0b1bd..ceacedc738 100644
--- a/test/simple/test-tls-delayed-attach.js
+++ b/test/simple/test-tls-delayed-attach.js
@@ -28,7 +28,6 @@ var assert = require('assert');
 var fs = require('fs');
 var net = require('net');
 var tls = require('tls');
-var crypto = require('crypto');
 
 var common = require('../common');
 
@@ -45,7 +44,7 @@ var server = net.createServer(function(c) {
   setTimeout(function() {
     var s = new tls.TLSSocket(c, {
       isServer: true,
-      credentials: crypto.createCredentials(options)
+      secureContext: tls.createSecureContext(options)
     });
 
     s.on('data', function(chunk) {
diff --git a/test/simple/test-tls-honorcipherorder.js b/test/simple/test-tls-honorcipherorder.js
index dac13d7265..6b24d75146 100644
--- a/test/simple/test-tls-honorcipherorder.js
+++ b/test/simple/test-tls-honorcipherorder.js
@@ -30,7 +30,7 @@ var SSL_Method = 'TLSv1_method';
 var localhost = '127.0.0.1';
 
 process.on('exit', function() {
-  assert.equal(nconns, 5);
+  assert.equal(nconns, 6);
 });
 
 function test(honorCipherOrder, clientCipher, expectedCipher, cb) {
@@ -38,7 +38,7 @@ function test(honorCipherOrder, clientCipher, expectedCipher, cb) {
     secureProtocol: SSL_Method,
     key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
     cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
-    ciphers: 'DES-CBC-SHA:AES256-SHA:RC4-SHA',
+    ciphers: 'DES-CBC-SHA:AES256-SHA:RC4-SHA:ECDHE-RSA-AES256-SHA',
     honorCipherOrder: !!honorCipherOrder
   };
 
@@ -96,5 +96,12 @@ function test5() {
   // Client did not explicitly set ciphers. Ensure that client defaults to
   // sane ciphers. Even though server gives top priority to DES-CBC-SHA
   // it should not be negotiated because it's not in default client ciphers.
-  test(true, null, 'AES256-SHA');
+  test(true, null, 'AES256-SHA', test6);
+}
+
+function test6() {
+  // Ensure that `tls.DEFAULT_CIPHERS` is used
+  SSL_Method = 'TLSv1_2_method';
+  tls.DEFAULT_CIPHERS = 'ECDHE-RSA-AES256-SHA';
+  test(true, null, 'ECDHE-RSA-AES256-SHA');
 }
diff --git a/test/simple/test-tls-npn-server-client.js b/test/simple/test-tls-npn-server-client.js
index ef89bd235e..0849cc8d2e 100644
--- a/test/simple/test-tls-npn-server-client.js
+++ b/test/simple/test-tls-npn-server-client.js
@@ -28,8 +28,7 @@ if (!process.features.tls_npn) {
 var common = require('../common'),
     assert = require('assert'),
     fs = require('fs'),
-    tls = require('tls'),
-    crypto = require('crypto');
+    tls = require('tls');
 
 function filenamePEM(n) {
   return require('path').join(common.fixturesDir, 'keys', n + '.pem');
@@ -43,12 +42,12 @@ var serverOptions = {
   key: loadPEM('agent2-key'),
   cert: loadPEM('agent2-cert'),
   crl: loadPEM('ca2-crl'),
-  SNICallback: function() {
-    return crypto.createCredentials({
+  SNICallback: function(servername, cb) {
+    cb(null, tls.createSecureContext({
       key: loadPEM('agent2-key'),
       cert: loadPEM('agent2-cert'),
       crl: loadPEM('ca2-crl'),
-    }).context;
+    }));
   },
   NPNProtocols: ['a', 'b', 'c']
 };
diff --git a/test/simple/test-tls-securepair-server.js b/test/simple/test-tls-securepair-server.js
index 0d98ad7791..ece965c544 100644
--- a/test/simple/test-tls-securepair-server.js
+++ b/test/simple/test-tls-securepair-server.js
@@ -31,7 +31,6 @@ var assert = require('assert');
 var join = require('path').join;
 var net = require('net');
 var fs = require('fs');
-var crypto = require('crypto');
 var tls = require('tls');
 var spawn = require('child_process').spawn;
 
@@ -46,7 +45,7 @@ function log(a) {
 var server = net.createServer(function(socket) {
   connections++;
   log('connection fd=' + socket.fd);
-  var sslcontext = crypto.createCredentials({key: key, cert: cert});
+  var sslcontext = tls.createSecureContext({key: key, cert: cert});
   sslcontext.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
 
   var pair = tls.createSecurePair(sslcontext, true);
diff --git a/test/simple/test-tls-sni-option.js b/test/simple/test-tls-sni-option.js
index 7de7dea074..57c17163a7 100644
--- a/test/simple/test-tls-sni-option.js
+++ b/test/simple/test-tls-sni-option.js
@@ -27,7 +27,6 @@ if (!process.features.tls_sni) {
 
 var common = require('../common'),
     assert = require('assert'),
-    crypto = require('crypto'),
     fs = require('fs'),
     tls = require('tls');
 
@@ -43,15 +42,15 @@ var serverOptions = {
   key: loadPEM('agent2-key'),
   cert: loadPEM('agent2-cert'),
   SNICallback: function(servername, callback) {
-    var credentials = SNIContexts[servername];
+    var context = SNIContexts[servername];
 
     // Just to test asynchronous callback
     setTimeout(function() {
-      if (credentials) {
-        if (credentials.emptyRegression)
+      if (context) {
+        if (context.emptyRegression)
           callback(null, {});
         else
-          callback(null, crypto.createCredentials(credentials).context);
+          callback(null, tls.createSecureContext(context));
       } else {
         callback(null, null);
       }