1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
let finished = 0;
function loadPEM(n) {
return fixtures.readKey(`${n}.pem`);
}
const testCases = [
{ // agent8 is signed by fake-startcom-root with notBefore of
// Oct 20 23:59:59 2016 GMT. It passes StartCom/WoSign check.
serverOpts: {
key: loadPEM('agent8-key'),
cert: loadPEM('agent8-cert')
},
clientOpts: {
ca: loadPEM('fake-startcom-root-cert'),
port: undefined,
rejectUnauthorized: true
},
errorCode: 'CERT_REVOKED'
},
{ // agent9 is signed by fake-startcom-root with notBefore of
// Oct 21 00:00:01 2016 GMT. It fails StartCom/WoSign check.
serverOpts: {
key: loadPEM('agent9-key'),
cert: loadPEM('agent9-cert')
},
clientOpts: {
ca: loadPEM('fake-startcom-root-cert'),
port: undefined,
rejectUnauthorized: true
},
errorCode: 'CERT_REVOKED'
}
];
function runNextTest(server, tindex) {
server.close(function() {
finished++;
runTest(tindex + 1);
});
}
function runTest(tindex) {
const tcase = testCases[tindex];
if (!tcase) return;
const server = tls.createServer(tcase.serverOpts, function(s) {
s.resume();
}).listen(0, function() {
tcase.clientOpts.port = this.address().port;
const client = tls.connect(tcase.clientOpts);
client.on('error', function(e) {
assert.strictEqual(e.code, tcase.errorCode);
runNextTest(server, tindex);
});
client.on('secureConnect', function() {
// agent8 can pass StartCom/WoSign check so that the secureConnect
// is established.
assert.strictEqual(tcase.errorCode, 'CERT_REVOKED');
client.end();
runNextTest(server, tindex);
});
});
}
runTest(0);
process.on('exit', function() {
assert.strictEqual(finished, testCases.length);
});
|
