1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
// Flags: --expose-internals
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const fixtures = require('../common/fixtures');
const h2 = require('http2');
const { kSocket } = require('internal/http2/util');
const tls = require('tls');
function loadKey(keyname) {
return fixtures.readKey(keyname, 'binary');
}
function onStream(stream, headers) {
const socket = stream.session[kSocket];
assert(stream.session.encrypted);
assert.strictEqual(stream.session.alpnProtocol, 'h2');
const originSet = stream.session.originSet;
assert(Array.isArray(originSet));
assert.strictEqual(originSet[0],
`https://${socket.servername}:${socket.remotePort}`);
assert(headers[':authority'].startsWith(socket.servername));
stream.respond({ 'content-type': 'application/json' });
stream.end(JSON.stringify({
servername: socket.servername,
alpnProtocol: socket.alpnProtocol
}));
}
function verifySecureSession(key, cert, ca, opts) {
const server = h2.createSecureServer({ cert, key });
server.on('stream', common.mustCall(onStream));
server.on('close', common.mustCall());
server.listen(0, common.mustCall(() => {
opts = opts || { };
opts.secureContext = tls.createSecureContext({ ca });
const client = h2.connect(`https://localhost:${server.address().port}`,
opts);
// Verify that a 'secureConnect' listener is attached
assert.strictEqual(client.socket.listenerCount('secureConnect'), 1);
const req = client.request();
client.on('connect', common.mustCall(() => {
assert(client.encrypted);
assert.strictEqual(client.alpnProtocol, 'h2');
const originSet = client.originSet;
assert(Array.isArray(originSet));
assert.strictEqual(originSet.length, 1);
assert.strictEqual(
originSet[0],
`https://${opts.servername || 'localhost'}:${server.address().port}`);
}));
req.on('response', common.mustCall((headers) => {
assert.strictEqual(headers[':status'], 200);
assert.strictEqual(headers['content-type'], 'application/json');
assert(headers.date);
}));
let data = '';
req.setEncoding('utf8');
req.on('data', (d) => data += d);
req.on('end', common.mustCall(() => {
const jsonData = JSON.parse(data);
assert.strictEqual(jsonData.servername,
opts.servername || 'localhost');
assert.strictEqual(jsonData.alpnProtocol, 'h2');
server.close(common.mustCall());
client[kSocket].destroy();
}));
}));
}
// The server can be connected as 'localhost'.
verifySecureSession(
loadKey('agent8-key.pem'),
loadKey('agent8-cert.pem'),
loadKey('fake-startcom-root-cert.pem'));
// Custom servername is specified.
verifySecureSession(
loadKey('agent1-key.pem'),
loadKey('agent1-cert.pem'),
loadKey('ca1-cert.pem'),
{ servername: 'agent1' });
|
