summaryrefslogtreecommitdiff
path: root/test/parallel/test-tls-set-sigalgs.js
blob: 59dc2ca0c786cf2ead5ff5bddf3feaeb4d9c79bc (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

'use strict';
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');
const fixtures = require('../common/fixtures');

// Test sigalgs: option for TLS.

const {
  assert, connect, keys
} = require(fixtures.path('tls-connect'));

function assert_arrays_equal(left, right) {
  assert.strictEqual(left.length, right.length);
  for (let i = 0; i < left.length; i++) {
    assert.strictEqual(left[i], right[i]);
  }
}

function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) {
  assert(shared_sigalgs || serr || cerr, 'test missing any expectations');
  connect({
    client: {
      checkServerIdentity: (servername, cert) => { },
      ca: `${keys.agent1.cert}\n${keys.agent6.ca}`,
      cert: keys.agent2.cert,
      key: keys.agent2.key,
      sigalgs: csigalgs
    },
    server: {
      cert: keys.agent6.cert,
      key: keys.agent6.key,
      ca: keys.agent2.ca,
      context: {
        requestCert: true,
        rejectUnauthorized: true
      },
      sigalgs: ssigalgs
    },
  }, common.mustCall((err, pair, cleanup) => {
    if (shared_sigalgs) {
      assert.ifError(err);
      assert.ifError(pair.server.err);
      assert.ifError(pair.client.err);
      assert(pair.server.conn);
      assert(pair.client.conn);
      assert_arrays_equal(pair.server.conn.getSharedSigalgs(), shared_sigalgs);
    } else {
      if (serr) {
        assert(pair.server.err);
        assert(pair.server.err.code, serr);
      }

      if (cerr) {
        assert(pair.client.err);
        assert(pair.client.err.code, cerr);
      }
    }

    return cleanup();
  }));
}

// Have shared sigalgs
test('RSA-PSS+SHA384', 'RSA-PSS+SHA384', ['RSA-PSS+SHA384']);
test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
     'RSA-PSS+SHA256:ECDSA+SHA256',
     ['RSA-PSS+SHA256', 'ECDSA+SHA256']);

// Do not have shared sigalgs.
test('RSA-PSS+SHA384', 'ECDSA+SHA256',
     undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS');

test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256',
     undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS');
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 03:29:46 +0000