mirror of https://github.com/lukechilds/node.git
Ryan Dahl
14 years ago
18 changed files with 411 additions and 1 deletions
@ -0,0 +1,12 @@ |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIBvTCCASYCCQCvwklkWmMPbzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
|||
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 |
|||
cyBQdHkgTHRkMB4XDTEwMTIwNjA0MTgzMFoXDTExMDEwNTA0MTgzMFowRTELMAkG |
|||
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 |
|||
IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQD9JxFi0amR |
|||
7dROTGDs1dUFYWfAp6Z7LvkTnRtFHBBNdk2TCSC1Zz8SLxMVIlfyT08GW/vNVxyH |
|||
ExtfhS86o/kdAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT70viMg4+FYnhEAkAISs |
|||
uXh8D3SqCGsVqaiQP/6jZGAbLfX1QrbI/SAnaCrLX5pjsb5oBfv1tMbF3MBeYC2q |
|||
SJz/tzUc8FaP3l8mUM8UuPNTo1iNBUmR0VfliC4lE5Lvh39EbqGs630mmScHYLCW |
|||
WA518TIEw1K8CsrkYu63Ueo= |
|||
-----END CERTIFICATE----- |
@ -0,0 +1,8 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIH/MIGqAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw |
|||
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF |
|||
AANLADBIAkEA/ScRYtGpke3UTkxg7NXVBWFnwKemey75E50bRRwQTXZNkwkgtWc/ |
|||
Ei8TFSJX8k9PBlv7zVcchxMbX4UvOqP5HQIDAQABoAAwDQYJKoZIhvcNAQEFBQAD |
|||
QQC0NPuOJB+Ustg8uBUKq0btzWii2vNWlmcDR5E9gf/egVRndSNMB+KWZtNiBe0g |
|||
Z/0TM0zIty4gBCTBahpkd0yw |
|||
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,9 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIBOgIBAAJBAP0nEWLRqZHt1E5MYOzV1QVhZ8Cnpnsu+ROdG0UcEE12TZMJILVn |
|||
PxIvExUiV/JPTwZb+81XHIcTG1+FLzqj+R0CAwEAAQJAfDTd7+lE1KenAh+xcqJb |
|||
2T74Y+sd4NSkOr5bseXaDdai2tBTLg+WFSuNYz6+Ots/22JTcWWMR2J86IfFNiGJ |
|||
4QIhAP/44ymsR9QjN0XOfaKI994jlbnGhp4HMN1PFUkhA711AiEA/S4aKosF/NxP |
|||
LJeFyFrdJcnclUoe2GByJqpXmkKfEAkCIQC+gfZPpbEv6aXRhoVq2pXf9owQ3/iA |
|||
1MlBbQJikve9oQIgBV6q82gLcneBvmJgVgWHVzvWz9vIl7JD+Yn3XbA4C3ECIGjp |
|||
eu/FQAYgB5y1DpwWejth/iva2OTg8j65ze524S62 |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,10 @@ |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIBfDCCASYCCQCojwzqgiZi4jANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
|||
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 |
|||
cyBQdHkgTHRkMB4XDTEwMTIwNjA0MTg0N1oXDTExMDEwNTA0MTg0N1owRTELMAkG |
|||
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 |
|||
IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDjl3L8IstA |
|||
r6OakBtAh9WRpnhqzfdAgbSIAX43jr/uxovu9S9TNc9qK0WyMAbJVePHuRwDtgTr |
|||
957EUd4LLGUzAgMBAAEwDQYJKoZIhvcNAQEFBQADQQCN78Y26RpPlfDm5uDSoAgU |
|||
hY09yDWKp0he03SH3V5AW/WMwT6Q6K2+ATK4g/W8f8+ZmS3FIff7Atcc6to3Lez7 |
|||
-----END CERTIFICATE----- |
@ -0,0 +1,8 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIH/MIGqAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw |
|||
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF |
|||
AANLADBIAkEA45dy/CLLQK+jmpAbQIfVkaZ4as33QIG0iAF+N46/7saL7vUvUzXP |
|||
aitFsjAGyVXjx7kcA7YE6/eexFHeCyxlMwIDAQABoAAwDQYJKoZIhvcNAQEFBQAD |
|||
QQC0HpucL+WqX0AkP5y/644GyTjrq1rxsoWm0708pAdInMjBTNQicjVfFWcoTTQA |
|||
zPQBqOuEsNtktcJyYfryhtWW |
|||
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,9 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIBPAIBAAJBAOOXcvwiy0Cvo5qQG0CH1ZGmeGrN90CBtIgBfjeOv+7Gi+71L1M1 |
|||
z2orRbIwBslV48e5HAO2BOv3nsRR3gssZTMCAwEAAQJBAMlC7dEgZ8NNTw1o8GCR |
|||
foCtyQESINtvmBlJ0LcKypo4WLb2OkI2T/kG8mnoiUM2GyTf8MMGh7V5DeZskh3L |
|||
pNkCIQD89pQtqNsDxC/vujdDIlT/0gHhUOZsnIXHZpYv+fzJfQIhAOZS5ZjkNpvb |
|||
YcTqpk2HNgu0wFW0nKJ5bnFaTaPjY6hvAiBoDsrPqYlGmFqbw79d126duXbah9vx |
|||
y8VgTDv1ymEJRQIhAJuWHhD1AMqyHM53sFWo4+JufIqo0jKTEv8xgEcYgSazAiEA |
|||
hWqzWF/qpQ/JT/QaNE6agQWV6MydGAce56EGcpp22mA= |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,12 @@ |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIBvTCCASYCCQDXXCDdhOcSNTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
|||
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 |
|||
cyBQdHkgTHRkMB4XDTEwMTIwNjA0NDMwOVoXDTExMDEwNTA0NDMwOVowRTELMAkG |
|||
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 |
|||
IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNOPrBqq2b |
|||
/gxs0WELdkSHvAkjJdEjuWia2Q+FI3v5asDXj6w4t+ZY46m6D3PCgTZ9FJmZjUH2 |
|||
prGyMbBS3Uf9AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAabTyzBk4tlG08+FTZtdb |
|||
5bDELkPVHNCQapQVsKYqnnKzt3xLjIOEoSa67pKXm2gcupiVYOmC0Pz76pZinRhH |
|||
IJ8gVp7dhv0sdog6+VMfrMTlR7gUEu7gQHF69ras7oswPV/kNH4YVljqUQpVDs+4 |
|||
VgOaivgOfhPZb4H5tz/P1Ms= |
|||
-----END CERTIFICATE----- |
@ -0,0 +1,8 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIH/MIGqAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw |
|||
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF |
|||
AANLADBIAkEAzTj6waqtm/4MbNFhC3ZEh7wJIyXRI7lomtkPhSN7+WrA14+sOLfm |
|||
WOOpug9zwoE2fRSZmY1B9qaxsjGwUt1H/QIDAQABoAAwDQYJKoZIhvcNAQEFBQAD |
|||
QQCsta4frzeUIkZrqt3EEG9cAI1FTGphl/5bA0fYpIlZOanR5V6kKPG6mgXiHDaN |
|||
r46fwkE/AKS7mnIz6XGzXfCn |
|||
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,9 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIBOwIBAAJBAM04+sGqrZv+DGzRYQt2RIe8CSMl0SO5aJrZD4Uje/lqwNePrDi3 |
|||
5ljjqboPc8KBNn0UmZmNQfamsbIxsFLdR/0CAwEAAQJAT3v9KxtXCG76Ev95bb4N |
|||
xuCeTV2tRf/esvLVHwTiVHRBw3ZcU4VsIwarwQy/CkPwGtWT91AN/xAgvLptwwmE |
|||
AQIhAOuymRnLkS795CluenO5ybuF53ro3S9wFBY9jYJX46L9AiEA3uZfEeNTUVYR |
|||
dJ56zqUxfakguhF/ibHT/lXRgkpVyQECIQCuRk5h/l0JS/2KjP/J1dPN7kKsZMY3 |
|||
Lz4K+9RITkgo2QIgTABs5iKG5DLenM70vMUizOAAIrGYtRCHYi9M0ooaGgECIQDK |
|||
nWMUePU/NHBC2AYyp9KzF8ZEBIcItgppTeNtkdF7mw== |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,15 @@ |
|||
-----BEGIN CERTIFICATE----- |
|||
MIICWDCCAcGgAwIBAgIJAPlzZCsvV/DFMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV |
|||
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX |
|||
aWRnaXRzIFB0eSBMdGQwHhcNMTAxMjA2MDQxNzA3WhcNMTEwMTA1MDQxNzA3WjBF |
|||
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 |
|||
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
|||
gQC/HthOlERITtsUA7FJ0l/U4qFNLri6QKLRoHPn8tGRCXDg/jEAh/pwrycIjvA4 |
|||
V66RatOhdxC7bGDC2FOjoofMNHTsdXoCoC9f9pNoU5BlLoal12V5gfL+AklJNJny |
|||
lL15FnmiQdUThLGDhRM918bWQdJTRJ+dkyVlUink/5wlxQIDAQABo1AwTjAdBgNV |
|||
HQ4EFgQU5LAV1SB/xh57MHsWgEwl8MpiDhYwHwYDVR0jBBgwFoAU5LAV1SB/xh57 |
|||
MHsWgEwl8MpiDhYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAqgne5 |
|||
uBwDiQaCuWkBHDw5WGtcvzqc0HIoQ+qopwfTxGNaLv0dZ7N3wGsGIqSh0OCMYgxA |
|||
0Ku7hdL9faEHrq8f2T6yUUMMDcMLOJgFDESl/hip8jRdCZy45CWAJNpQ8PfshSkR |
|||
b/oae/TW79lT9Y5uzcV4YRwPFNU6RREuxq++hA== |
|||
-----END CERTIFICATE----- |
@ -0,0 +1 @@ |
|||
AFC249645A630F6F |
@ -0,0 +1,17 @@ |
|||
-----BEGIN ENCRYPTED PRIVATE KEY----- |
|||
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIztmO4Z3hxi4CAggA |
|||
MBQGCCqGSIb3DQMHBAgUmHxBmTJBNASCAoCeXNS3EkxMoX4QuAT4BIQF/qgXBiOV |
|||
rcO8D5fHCca8kolzxOyk0LduS327TL2CAjKSK9NmpsQzZRQOWlKasmsWHzBD8I34 |
|||
AWcSbtAL+GGAgnD7XwFUPYHNzWVad5mmDJPWtsQMkcx6plwvQLFFvUAL5nmRe4vE |
|||
5Brp88UvRp8wGzyBiotTzGbITdZEyKFLYVAni0KeApx2rqwAigmmWTqY2jXnUAxG |
|||
zS8b9xy+aDya+UYQooFmYRLlQ8PlKl6B/zW/po/DJ38CofaSIR4zRWDs3lJrt4fL |
|||
Q0hLJwz6ATRIOwGWxR2oQQ+1qgBr9Y4hhxk5tLSjDd0turiEwgul8cgJdHbshuan |
|||
sD7J3k3teo2u/fR0CmYCo42l3hnGkvYPOdoXYfXDz3804a4ZkZhnsRMl5oH66ElZ |
|||
MEmCY4t4VhsQTXleV1b6lK43vrKV+pSollrLvBKQhk3k+v0lq2wmBXsm4rB1vVv4 |
|||
KDgdOD7ITYte3C+EvaEwbnqaUYfURAYeF+td0212/wiwFIYhicjrwzN2Cq0E29pj |
|||
23Vbe0JIwnpG6lfmzKVqmN3NT+e2e9G0zP7g3tDaWE4sUCcHxkgK7kmBryj272+j |
|||
S4WClFgtSr/QJ/cNvU6Qlr8oO6EIG1rJuY1eLX/tHtbAwsDREXf612qtnFEXgFTA |
|||
5QQmp02BPq2DCSJEOfQIN2LeaYJM0mFrotDCbtdS1Pje791CJq3C/+4h3gOye0br |
|||
5QwiKb5IcgS5hAMu2ghhU01zmClDbFa98zIe3D8pjdrYt8zrZVVCTopcWxY6LU3g |
|||
wvh9cdSKJ/Hgq3yRrnBwSolHUP9vMyC/EXRJ/T1CQHABjq0HNLOwhXuq |
|||
-----END ENCRYPTED PRIVATE KEY----- |
@ -0,0 +1,15 @@ |
|||
-----BEGIN CERTIFICATE----- |
|||
MIICWDCCAcGgAwIBAgIJAKXrRJ3rkOnNMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV |
|||
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX |
|||
aWRnaXRzIFB0eSBMdGQwHhcNMTAxMjA2MDQxNzI4WhcNMTEwMTA1MDQxNzI4WjBF |
|||
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 |
|||
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
|||
gQDW5D3i3vuLpsekzkvF+pyZq6YDzESJQh0uGpWTk0oyBe/BCiTwHtZwyPpvO6UQ |
|||
wpBPSMfwgmY30HoofXSKSBGW5ixyLvVa+brvJ0etqnNojI0NcNBk0/b+ynOCJ3A8 |
|||
O/fFotYdsg9C1sDusW2htymyYvEfyxX7/WR7+u+b5vclCwIDAQABo1AwTjAdBgNV |
|||
HQ4EFgQUpKdzYuzbjpcqwWDiB8SgFiy3WxkwHwYDVR0jBBgwFoAUpKdzYuzbjpcq |
|||
wWDiB8SgFiy3WxkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAkc5++ |
|||
vmqCTlTzfNHL0cV24M8FR9Xl/4UOqbxl/pfyXXrGbZleww0B0EPXW5cjRW2Kb3FC |
|||
kLznCyLJQ62pcSSvsQeQGayYmrmDiImmw+sfezrte27RNWqmqxl5w/r0Jte4xszC |
|||
OP6UKrFcr2XXty/koGlgIQtAU0JenKLZuLhW1A== |
|||
-----END CERTIFICATE----- |
@ -0,0 +1 @@ |
|||
D75C20DD84E71235 |
@ -0,0 +1,17 @@ |
|||
-----BEGIN ENCRYPTED PRIVATE KEY----- |
|||
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIH5Qu64G4EEACAggA |
|||
MBQGCCqGSIb3DQMHBAjiP/COBBl6LwSCAoDJ7fSWqLoz0Xv4ASmipwDghszUQDEu |
|||
sJyeehMxRNPNqarbvXPR/6GJtfoOyhcaWiCuRvsISL61B4mw90bbgcksscaXqXGU |
|||
KsR5H10ut3hfFfDxvy2NYPGiowg2Kvfoe+4ENDqYb1ilWs9YaJ0rFcohweHfUNcV |
|||
W5A3WRfZ1zRyfEYlBbCpq45eMkxWCJ2X2YgqaK9itynqYbuBVXgqK+qP6rTSxvDC |
|||
GZ+POdiT0GHcPQ2Z79NIEQI7kyzcQkJ0IzWqgIRNyrmIzBP0Et/zH/Z+Y6/5q+vX |
|||
2fl0ox4IkDiTWVER8lN8E0u5w1pCBD0NFtwqTXC3HMqnYKJDRAaqK0Fad5qVCwZq |
|||
bKjXT7xWB2QqrZ4T3Nf/cLnd/fb1sRE6oYfLG706lY7dYh1RpIITZLavmceMSDfG |
|||
emwaSS4RoTJOpuOufUCrrFHW2EB+BgCADBgS4uD5PsrOvRLUj0CekTkJOJV0RFpY |
|||
K12Pp5wk3y+69IsD2jlUO50Bx2hZz10snvBCbJhLIDf9VSy9pPunOXqsr+i3MY8v |
|||
WdusJYnRxXN6ZbAb4d/Zi3mE3kcTG3YUwAIJiELAhWkZqRpK/O9SMXRb4+EMZ1nT |
|||
LSicMzLfhRdY/IqrV5PGvcmyJUffAD2PF4dXX4cEqyODFBet7/6zIEIhivuEATad |
|||
qNwE32FJxKpULPsLXgzSeIaZn71KrKiHaBIjRdGmfH7txBHIEwIW+fX2LzreZBqP |
|||
LuYPFpTEvDCdJ7mcRLSrSCixyZRAQVqJEXcP2OpTb0lfqPlpE+AoMdpeUEdj9Jci |
|||
ndyjWhrC/2emjHoHb1wrVVv4KdGcyz+uHdgFwXjtKugAYGA1Pb5Hq640 |
|||
-----END ENCRYPTED PRIVATE KEY----- |
@ -0,0 +1,49 @@ |
|||
# Create Certificate Authority: ca1 |
|||
# |
|||
# ('password' is used for the CA password.) |
|||
openssl req -new -x509 -extensions v3_ca -keyout ca1-key.pem -out ca1-cert.pem |
|||
|
|||
# Create Certificate Authority: ca2 |
|||
# |
|||
# ('password' is used for the CA password.) |
|||
openssl req -new -x509 -extensions v3_ca -keyout ca2-key.pem -out ca2-cert.pem |
|||
|
|||
|
|||
# |
|||
# agent1 is signed by ca1. |
|||
# |
|||
# Generate new private key |
|||
openssl genrsa -out agent1-key.pem |
|||
# Create a Certificate Signing Request for the key |
|||
openssl req -new -key agent1-key.pem -out agent1-csr.pem |
|||
# Create a Certificate for the agent. |
|||
openssl x509 -req -in agent1-csr.pem -CA ca1-cert.pem -CAkey ca1-key.pem -CAcreateserial -out agent1-cert.pem |
|||
|
|||
|
|||
|
|||
# |
|||
# agent2 has a self signed cert |
|||
# |
|||
# Generate new private key |
|||
openssl genrsa -out agent2-key.pem |
|||
# Create a Certificate Signing Request for the key |
|||
openssl req -new -key agent2-key.pem -out agent2-csr.pem |
|||
# Create a Certificate for the agent. |
|||
openssl x509 -req -in agent2-csr.pem -signkey agent2-key.pem -out agent2-cert.pem |
|||
|
|||
|
|||
|
|||
# |
|||
# agent3 is signed by ca2. |
|||
# |
|||
# Generate new private key |
|||
openssl genrsa -out agent3-key.pem |
|||
# Create a Certificate Signing Request for the key |
|||
openssl req -new -key agent3-key.pem -out agent3-csr.pem |
|||
# Create a Certificate for the agent. |
|||
openssl x509 -req -in agent3-csr.pem -CA ca2-cert.pem -CAkey ca2-key.pem -CAcreateserial -out agent3-cert.pem |
|||
|
|||
|
|||
#### TODO: agent on CRL |
|||
|
|||
|
@ -0,0 +1,210 @@ |
|||
// This is a rather complex test which sets up various TLS servers with node
|
|||
// and connects to them using the 'openssl s_client' command line utility
|
|||
// with various keys. Depending on the certificate authority and other
|
|||
// parameters given to the server, the various clients are
|
|||
// - rejected,
|
|||
// - accepted and "unauthorized", or
|
|||
// - accepted and "authorized".
|
|||
|
|||
var testCases = |
|||
[ { title: "Do not request certs. Everyone is unauthorized.", |
|||
requestCert: false, |
|||
rejectUnauthorized: false, |
|||
CAs: ['ca1-cert'], |
|||
clients: |
|||
[ { name: 'agent1', shouldReject: false, shouldAuth: false }, |
|||
{ name: 'agent2', shouldReject: false, shouldAuth: false }, |
|||
{ name: 'agent3', shouldReject: false, shouldAuth: false }, |
|||
{ name: 'agent4', shouldReject: false, shouldAuth: false } |
|||
] |
|||
}, |
|||
|
|||
{ title: "Allow both authed and unauthed connections with CA1", |
|||
requestCert: true, |
|||
rejectUnauthorized: false, |
|||
CAs: ['ca1-cert'], |
|||
clients: |
|||
[ { name: 'agent1', shouldReject: false, shouldAuth: true }, |
|||
{ name: 'agent2', shouldReject: false, shouldAuth: false }, |
|||
{ name: 'agent3', shouldReject: false, shouldAuth: false }, |
|||
{ name: 'agent4', shouldReject: false, shouldAuth: false } |
|||
] |
|||
}, |
|||
|
|||
{ title: "Allow only authed connections with CA1", |
|||
requestCert: true, |
|||
rejectUnauthorized: true, |
|||
CAs: ['ca1-cert'], |
|||
clients: |
|||
[ { name: 'agent1', shouldReject: false, shouldAuth: true }, |
|||
{ name: 'agent2', shouldReject: true }, |
|||
{ name: 'agent3', shouldReject: true }, |
|||
{ name: 'agent4', shouldReject: true } |
|||
] |
|||
}, |
|||
|
|||
]; |
|||
|
|||
|
|||
var common = require('../common'); |
|||
var assert = require('assert'); |
|||
var fs = require('fs'); |
|||
var tls = require('tls'); |
|||
var spawn = require('child_process').spawn; |
|||
|
|||
|
|||
function filenamePEM(n) { |
|||
return require('path').join(common.fixturesDir, 'keys', n + ".pem"); |
|||
} |
|||
|
|||
|
|||
function loadPEM(n) { |
|||
return fs.readFileSync(filenamePEM(n)).toString(); |
|||
} |
|||
|
|||
|
|||
var serverKey = loadPEM('agent2-key'); |
|||
var serverCert = loadPEM('agent2-cert'); |
|||
|
|||
|
|||
function runClient (options, cb) { |
|||
|
|||
// Client can connect in three ways:
|
|||
// - Self-signed cert
|
|||
// - Certificate, but not signed by CA.
|
|||
// - Certificate signed by CA.
|
|||
|
|||
var args = ['s_client', '-connect', '127.0.0.1:' + common.PORT]; |
|||
|
|||
switch (options.name) { |
|||
case 'agent1': |
|||
// Signed by CA1
|
|||
args.push('-key'); |
|||
args.push(filenamePEM('agent1-key')); |
|||
args.push('-cert'); |
|||
args.push(filenamePEM('agent1-cert')); |
|||
break; |
|||
|
|||
case 'agent2': |
|||
// Self-signed
|
|||
// This is also the key-cert pair that the server will use.
|
|||
args.push('-key'); |
|||
args.push(filenamePEM('agent2-key')); |
|||
args.push('-cert'); |
|||
args.push(filenamePEM('agent2-cert')); |
|||
break; |
|||
|
|||
case 'agent3': |
|||
// Signed by CA2
|
|||
args.push('-key'); |
|||
args.push(filenamePEM('agent3-key')); |
|||
args.push('-cert'); |
|||
args.push(filenamePEM('agent3-cert')); |
|||
break; |
|||
|
|||
case 'agent4': |
|||
// Self-signed
|
|||
break; |
|||
|
|||
default: |
|||
throw new Error("Unknown agent name"); |
|||
} |
|||
|
|||
// To test use: openssl s_client -connect localhost:8000
|
|||
var client = spawn('openssl', args); |
|||
//console.error(args);
|
|||
|
|||
var out = ''; |
|||
|
|||
var rejected = true; |
|||
var authed = false; |
|||
|
|||
client.stdout.setEncoding('utf8'); |
|||
client.stdout.on('data', function(d) { |
|||
out += d; |
|||
|
|||
if (/_unauthed/g.test(out)) { |
|||
console.error(" * unauthed"); |
|||
client.stdin.end('goodbye\n'); |
|||
authed = false; |
|||
rejected = false; |
|||
} |
|||
|
|||
if (/_authed/g.test(out)) { |
|||
console.error(" * authed"); |
|||
client.stdin.end('goodbye\n'); |
|||
authed = true; |
|||
rejected = false; |
|||
} |
|||
}); |
|||
|
|||
//client.stdout.pipe(process.stdout);
|
|||
|
|||
client.on('exit', function(code) { |
|||
if (options.shouldReject) { |
|||
assert.equal(true, rejected); |
|||
} else { |
|||
assert.equal(false, rejected); |
|||
assert.equal(options.shouldAuth, authed); |
|||
} |
|||
|
|||
cb(); |
|||
}); |
|||
} |
|||
|
|||
|
|||
// Run the tests
|
|||
var successfulTests = 0; |
|||
function runTest (testIndex) { |
|||
var tcase = testCases[testIndex]; |
|||
if (!tcase) return; |
|||
|
|||
console.error("Running '%s'", tcase.title); |
|||
|
|||
var cas = tcase.CAs.map(loadPEM); |
|||
|
|||
var server = tls.Server({ key: serverKey, |
|||
cert: serverCert, |
|||
ca: cas, |
|||
requestCert: tcase.requestCert, |
|||
rejectUnauthorized: tcase.rejectUnauthorized }); |
|||
|
|||
var connections = 0; |
|||
|
|||
server.on('authorized', function(c) { |
|||
connections++; |
|||
console.error('- authed connection'); |
|||
c.write('\n_authed\n'); |
|||
}); |
|||
|
|||
server.on('unauthorized', function(c, e) { |
|||
connections++; |
|||
console.error('- unauthed connection: %s', e); |
|||
c.write('\n_unauthed\n'); |
|||
}); |
|||
|
|||
function runNextClient (clientIndex) { |
|||
var options = tcase.clients[clientIndex]; |
|||
if (options) { |
|||
runClient(options, function () { |
|||
runNextClient(clientIndex + 1); |
|||
}); |
|||
} else { |
|||
server.close(); |
|||
successfulTests++; |
|||
runTest(testIndex + 1); |
|||
} |
|||
} |
|||
|
|||
server.listen(common.PORT, function() { |
|||
runNextClient(0); |
|||
}); |
|||
} |
|||
|
|||
|
|||
runTest(0); |
|||
|
|||
|
|||
process.on('exit', function() { |
|||
assert.equal(successfulTests, testCases.length); |
|||
}); |
Loading…
Reference in new issue