mirror of https://github.com/lukechilds/node.git
Ryan Dahl
14 years ago
18 changed files with 411 additions and 1 deletions
@ -0,0 +1,12 @@ |
|||||
|
-----BEGIN CERTIFICATE----- |
||||
|
MIIBvTCCASYCCQCvwklkWmMPbzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
||||
|
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 |
||||
|
cyBQdHkgTHRkMB4XDTEwMTIwNjA0MTgzMFoXDTExMDEwNTA0MTgzMFowRTELMAkG |
||||
|
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 |
||||
|
IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQD9JxFi0amR |
||||
|
7dROTGDs1dUFYWfAp6Z7LvkTnRtFHBBNdk2TCSC1Zz8SLxMVIlfyT08GW/vNVxyH |
||||
|
ExtfhS86o/kdAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT70viMg4+FYnhEAkAISs |
||||
|
uXh8D3SqCGsVqaiQP/6jZGAbLfX1QrbI/SAnaCrLX5pjsb5oBfv1tMbF3MBeYC2q |
||||
|
SJz/tzUc8FaP3l8mUM8UuPNTo1iNBUmR0VfliC4lE5Lvh39EbqGs630mmScHYLCW |
||||
|
WA518TIEw1K8CsrkYu63Ueo= |
||||
|
-----END CERTIFICATE----- |
@ -0,0 +1,8 @@ |
|||||
|
-----BEGIN CERTIFICATE REQUEST----- |
||||
|
MIH/MIGqAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw |
||||
|
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF |
||||
|
AANLADBIAkEA/ScRYtGpke3UTkxg7NXVBWFnwKemey75E50bRRwQTXZNkwkgtWc/ |
||||
|
Ei8TFSJX8k9PBlv7zVcchxMbX4UvOqP5HQIDAQABoAAwDQYJKoZIhvcNAQEFBQAD |
||||
|
QQC0NPuOJB+Ustg8uBUKq0btzWii2vNWlmcDR5E9gf/egVRndSNMB+KWZtNiBe0g |
||||
|
Z/0TM0zIty4gBCTBahpkd0yw |
||||
|
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,9 @@ |
|||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||
|
MIIBOgIBAAJBAP0nEWLRqZHt1E5MYOzV1QVhZ8Cnpnsu+ROdG0UcEE12TZMJILVn |
||||
|
PxIvExUiV/JPTwZb+81XHIcTG1+FLzqj+R0CAwEAAQJAfDTd7+lE1KenAh+xcqJb |
||||
|
2T74Y+sd4NSkOr5bseXaDdai2tBTLg+WFSuNYz6+Ots/22JTcWWMR2J86IfFNiGJ |
||||
|
4QIhAP/44ymsR9QjN0XOfaKI994jlbnGhp4HMN1PFUkhA711AiEA/S4aKosF/NxP |
||||
|
LJeFyFrdJcnclUoe2GByJqpXmkKfEAkCIQC+gfZPpbEv6aXRhoVq2pXf9owQ3/iA |
||||
|
1MlBbQJikve9oQIgBV6q82gLcneBvmJgVgWHVzvWz9vIl7JD+Yn3XbA4C3ECIGjp |
||||
|
eu/FQAYgB5y1DpwWejth/iva2OTg8j65ze524S62 |
||||
|
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,10 @@ |
|||||
|
-----BEGIN CERTIFICATE----- |
||||
|
MIIBfDCCASYCCQCojwzqgiZi4jANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
||||
|
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 |
||||
|
cyBQdHkgTHRkMB4XDTEwMTIwNjA0MTg0N1oXDTExMDEwNTA0MTg0N1owRTELMAkG |
||||
|
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 |
||||
|
IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDjl3L8IstA |
||||
|
r6OakBtAh9WRpnhqzfdAgbSIAX43jr/uxovu9S9TNc9qK0WyMAbJVePHuRwDtgTr |
||||
|
957EUd4LLGUzAgMBAAEwDQYJKoZIhvcNAQEFBQADQQCN78Y26RpPlfDm5uDSoAgU |
||||
|
hY09yDWKp0he03SH3V5AW/WMwT6Q6K2+ATK4g/W8f8+ZmS3FIff7Atcc6to3Lez7 |
||||
|
-----END CERTIFICATE----- |
@ -0,0 +1,8 @@ |
|||||
|
-----BEGIN CERTIFICATE REQUEST----- |
||||
|
MIH/MIGqAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw |
||||
|
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF |
||||
|
AANLADBIAkEA45dy/CLLQK+jmpAbQIfVkaZ4as33QIG0iAF+N46/7saL7vUvUzXP |
||||
|
aitFsjAGyVXjx7kcA7YE6/eexFHeCyxlMwIDAQABoAAwDQYJKoZIhvcNAQEFBQAD |
||||
|
QQC0HpucL+WqX0AkP5y/644GyTjrq1rxsoWm0708pAdInMjBTNQicjVfFWcoTTQA |
||||
|
zPQBqOuEsNtktcJyYfryhtWW |
||||
|
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,9 @@ |
|||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||
|
MIIBPAIBAAJBAOOXcvwiy0Cvo5qQG0CH1ZGmeGrN90CBtIgBfjeOv+7Gi+71L1M1 |
||||
|
z2orRbIwBslV48e5HAO2BOv3nsRR3gssZTMCAwEAAQJBAMlC7dEgZ8NNTw1o8GCR |
||||
|
foCtyQESINtvmBlJ0LcKypo4WLb2OkI2T/kG8mnoiUM2GyTf8MMGh7V5DeZskh3L |
||||
|
pNkCIQD89pQtqNsDxC/vujdDIlT/0gHhUOZsnIXHZpYv+fzJfQIhAOZS5ZjkNpvb |
||||
|
YcTqpk2HNgu0wFW0nKJ5bnFaTaPjY6hvAiBoDsrPqYlGmFqbw79d126duXbah9vx |
||||
|
y8VgTDv1ymEJRQIhAJuWHhD1AMqyHM53sFWo4+JufIqo0jKTEv8xgEcYgSazAiEA |
||||
|
hWqzWF/qpQ/JT/QaNE6agQWV6MydGAce56EGcpp22mA= |
||||
|
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,12 @@ |
|||||
|
-----BEGIN CERTIFICATE----- |
||||
|
MIIBvTCCASYCCQDXXCDdhOcSNTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
||||
|
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 |
||||
|
cyBQdHkgTHRkMB4XDTEwMTIwNjA0NDMwOVoXDTExMDEwNTA0NDMwOVowRTELMAkG |
||||
|
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 |
||||
|
IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNOPrBqq2b |
||||
|
/gxs0WELdkSHvAkjJdEjuWia2Q+FI3v5asDXj6w4t+ZY46m6D3PCgTZ9FJmZjUH2 |
||||
|
prGyMbBS3Uf9AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAabTyzBk4tlG08+FTZtdb |
||||
|
5bDELkPVHNCQapQVsKYqnnKzt3xLjIOEoSa67pKXm2gcupiVYOmC0Pz76pZinRhH |
||||
|
IJ8gVp7dhv0sdog6+VMfrMTlR7gUEu7gQHF69ras7oswPV/kNH4YVljqUQpVDs+4 |
||||
|
VgOaivgOfhPZb4H5tz/P1Ms= |
||||
|
-----END CERTIFICATE----- |
@ -0,0 +1,8 @@ |
|||||
|
-----BEGIN CERTIFICATE REQUEST----- |
||||
|
MIH/MIGqAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw |
||||
|
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwXDANBgkqhkiG9w0BAQEF |
||||
|
AANLADBIAkEAzTj6waqtm/4MbNFhC3ZEh7wJIyXRI7lomtkPhSN7+WrA14+sOLfm |
||||
|
WOOpug9zwoE2fRSZmY1B9qaxsjGwUt1H/QIDAQABoAAwDQYJKoZIhvcNAQEFBQAD |
||||
|
QQCsta4frzeUIkZrqt3EEG9cAI1FTGphl/5bA0fYpIlZOanR5V6kKPG6mgXiHDaN |
||||
|
r46fwkE/AKS7mnIz6XGzXfCn |
||||
|
-----END CERTIFICATE REQUEST----- |
@ -0,0 +1,9 @@ |
|||||
|
-----BEGIN RSA PRIVATE KEY----- |
||||
|
MIIBOwIBAAJBAM04+sGqrZv+DGzRYQt2RIe8CSMl0SO5aJrZD4Uje/lqwNePrDi3 |
||||
|
5ljjqboPc8KBNn0UmZmNQfamsbIxsFLdR/0CAwEAAQJAT3v9KxtXCG76Ev95bb4N |
||||
|
xuCeTV2tRf/esvLVHwTiVHRBw3ZcU4VsIwarwQy/CkPwGtWT91AN/xAgvLptwwmE |
||||
|
AQIhAOuymRnLkS795CluenO5ybuF53ro3S9wFBY9jYJX46L9AiEA3uZfEeNTUVYR |
||||
|
dJ56zqUxfakguhF/ibHT/lXRgkpVyQECIQCuRk5h/l0JS/2KjP/J1dPN7kKsZMY3 |
||||
|
Lz4K+9RITkgo2QIgTABs5iKG5DLenM70vMUizOAAIrGYtRCHYi9M0ooaGgECIQDK |
||||
|
nWMUePU/NHBC2AYyp9KzF8ZEBIcItgppTeNtkdF7mw== |
||||
|
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,15 @@ |
|||||
|
-----BEGIN CERTIFICATE----- |
||||
|
MIICWDCCAcGgAwIBAgIJAPlzZCsvV/DFMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV |
||||
|
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX |
||||
|
aWRnaXRzIFB0eSBMdGQwHhcNMTAxMjA2MDQxNzA3WhcNMTEwMTA1MDQxNzA3WjBF |
||||
|
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 |
||||
|
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
||||
|
gQC/HthOlERITtsUA7FJ0l/U4qFNLri6QKLRoHPn8tGRCXDg/jEAh/pwrycIjvA4 |
||||
|
V66RatOhdxC7bGDC2FOjoofMNHTsdXoCoC9f9pNoU5BlLoal12V5gfL+AklJNJny |
||||
|
lL15FnmiQdUThLGDhRM918bWQdJTRJ+dkyVlUink/5wlxQIDAQABo1AwTjAdBgNV |
||||
|
HQ4EFgQU5LAV1SB/xh57MHsWgEwl8MpiDhYwHwYDVR0jBBgwFoAU5LAV1SB/xh57 |
||||
|
MHsWgEwl8MpiDhYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAqgne5 |
||||
|
uBwDiQaCuWkBHDw5WGtcvzqc0HIoQ+qopwfTxGNaLv0dZ7N3wGsGIqSh0OCMYgxA |
||||
|
0Ku7hdL9faEHrq8f2T6yUUMMDcMLOJgFDESl/hip8jRdCZy45CWAJNpQ8PfshSkR |
||||
|
b/oae/TW79lT9Y5uzcV4YRwPFNU6RREuxq++hA== |
||||
|
-----END CERTIFICATE----- |
@ -0,0 +1 @@ |
|||||
|
AFC249645A630F6F |
@ -0,0 +1,17 @@ |
|||||
|
-----BEGIN ENCRYPTED PRIVATE KEY----- |
||||
|
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIztmO4Z3hxi4CAggA |
||||
|
MBQGCCqGSIb3DQMHBAgUmHxBmTJBNASCAoCeXNS3EkxMoX4QuAT4BIQF/qgXBiOV |
||||
|
rcO8D5fHCca8kolzxOyk0LduS327TL2CAjKSK9NmpsQzZRQOWlKasmsWHzBD8I34 |
||||
|
AWcSbtAL+GGAgnD7XwFUPYHNzWVad5mmDJPWtsQMkcx6plwvQLFFvUAL5nmRe4vE |
||||
|
5Brp88UvRp8wGzyBiotTzGbITdZEyKFLYVAni0KeApx2rqwAigmmWTqY2jXnUAxG |
||||
|
zS8b9xy+aDya+UYQooFmYRLlQ8PlKl6B/zW/po/DJ38CofaSIR4zRWDs3lJrt4fL |
||||
|
Q0hLJwz6ATRIOwGWxR2oQQ+1qgBr9Y4hhxk5tLSjDd0turiEwgul8cgJdHbshuan |
||||
|
sD7J3k3teo2u/fR0CmYCo42l3hnGkvYPOdoXYfXDz3804a4ZkZhnsRMl5oH66ElZ |
||||
|
MEmCY4t4VhsQTXleV1b6lK43vrKV+pSollrLvBKQhk3k+v0lq2wmBXsm4rB1vVv4 |
||||
|
KDgdOD7ITYte3C+EvaEwbnqaUYfURAYeF+td0212/wiwFIYhicjrwzN2Cq0E29pj |
||||
|
23Vbe0JIwnpG6lfmzKVqmN3NT+e2e9G0zP7g3tDaWE4sUCcHxkgK7kmBryj272+j |
||||
|
S4WClFgtSr/QJ/cNvU6Qlr8oO6EIG1rJuY1eLX/tHtbAwsDREXf612qtnFEXgFTA |
||||
|
5QQmp02BPq2DCSJEOfQIN2LeaYJM0mFrotDCbtdS1Pje791CJq3C/+4h3gOye0br |
||||
|
5QwiKb5IcgS5hAMu2ghhU01zmClDbFa98zIe3D8pjdrYt8zrZVVCTopcWxY6LU3g |
||||
|
wvh9cdSKJ/Hgq3yRrnBwSolHUP9vMyC/EXRJ/T1CQHABjq0HNLOwhXuq |
||||
|
-----END ENCRYPTED PRIVATE KEY----- |
@ -0,0 +1,15 @@ |
|||||
|
-----BEGIN CERTIFICATE----- |
||||
|
MIICWDCCAcGgAwIBAgIJAKXrRJ3rkOnNMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV |
||||
|
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX |
||||
|
aWRnaXRzIFB0eSBMdGQwHhcNMTAxMjA2MDQxNzI4WhcNMTEwMTA1MDQxNzI4WjBF |
||||
|
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 |
||||
|
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB |
||||
|
gQDW5D3i3vuLpsekzkvF+pyZq6YDzESJQh0uGpWTk0oyBe/BCiTwHtZwyPpvO6UQ |
||||
|
wpBPSMfwgmY30HoofXSKSBGW5ixyLvVa+brvJ0etqnNojI0NcNBk0/b+ynOCJ3A8 |
||||
|
O/fFotYdsg9C1sDusW2htymyYvEfyxX7/WR7+u+b5vclCwIDAQABo1AwTjAdBgNV |
||||
|
HQ4EFgQUpKdzYuzbjpcqwWDiB8SgFiy3WxkwHwYDVR0jBBgwFoAUpKdzYuzbjpcq |
||||
|
wWDiB8SgFiy3WxkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAkc5++ |
||||
|
vmqCTlTzfNHL0cV24M8FR9Xl/4UOqbxl/pfyXXrGbZleww0B0EPXW5cjRW2Kb3FC |
||||
|
kLznCyLJQ62pcSSvsQeQGayYmrmDiImmw+sfezrte27RNWqmqxl5w/r0Jte4xszC |
||||
|
OP6UKrFcr2XXty/koGlgIQtAU0JenKLZuLhW1A== |
||||
|
-----END CERTIFICATE----- |
@ -0,0 +1 @@ |
|||||
|
D75C20DD84E71235 |
@ -0,0 +1,17 @@ |
|||||
|
-----BEGIN ENCRYPTED PRIVATE KEY----- |
||||
|
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIH5Qu64G4EEACAggA |
||||
|
MBQGCCqGSIb3DQMHBAjiP/COBBl6LwSCAoDJ7fSWqLoz0Xv4ASmipwDghszUQDEu |
||||
|
sJyeehMxRNPNqarbvXPR/6GJtfoOyhcaWiCuRvsISL61B4mw90bbgcksscaXqXGU |
||||
|
KsR5H10ut3hfFfDxvy2NYPGiowg2Kvfoe+4ENDqYb1ilWs9YaJ0rFcohweHfUNcV |
||||
|
W5A3WRfZ1zRyfEYlBbCpq45eMkxWCJ2X2YgqaK9itynqYbuBVXgqK+qP6rTSxvDC |
||||
|
GZ+POdiT0GHcPQ2Z79NIEQI7kyzcQkJ0IzWqgIRNyrmIzBP0Et/zH/Z+Y6/5q+vX |
||||
|
2fl0ox4IkDiTWVER8lN8E0u5w1pCBD0NFtwqTXC3HMqnYKJDRAaqK0Fad5qVCwZq |
||||
|
bKjXT7xWB2QqrZ4T3Nf/cLnd/fb1sRE6oYfLG706lY7dYh1RpIITZLavmceMSDfG |
||||
|
emwaSS4RoTJOpuOufUCrrFHW2EB+BgCADBgS4uD5PsrOvRLUj0CekTkJOJV0RFpY |
||||
|
K12Pp5wk3y+69IsD2jlUO50Bx2hZz10snvBCbJhLIDf9VSy9pPunOXqsr+i3MY8v |
||||
|
WdusJYnRxXN6ZbAb4d/Zi3mE3kcTG3YUwAIJiELAhWkZqRpK/O9SMXRb4+EMZ1nT |
||||
|
LSicMzLfhRdY/IqrV5PGvcmyJUffAD2PF4dXX4cEqyODFBet7/6zIEIhivuEATad |
||||
|
qNwE32FJxKpULPsLXgzSeIaZn71KrKiHaBIjRdGmfH7txBHIEwIW+fX2LzreZBqP |
||||
|
LuYPFpTEvDCdJ7mcRLSrSCixyZRAQVqJEXcP2OpTb0lfqPlpE+AoMdpeUEdj9Jci |
||||
|
ndyjWhrC/2emjHoHb1wrVVv4KdGcyz+uHdgFwXjtKugAYGA1Pb5Hq640 |
||||
|
-----END ENCRYPTED PRIVATE KEY----- |
@ -0,0 +1,49 @@ |
|||||
|
# Create Certificate Authority: ca1 |
||||
|
# |
||||
|
# ('password' is used for the CA password.) |
||||
|
openssl req -new -x509 -extensions v3_ca -keyout ca1-key.pem -out ca1-cert.pem |
||||
|
|
||||
|
# Create Certificate Authority: ca2 |
||||
|
# |
||||
|
# ('password' is used for the CA password.) |
||||
|
openssl req -new -x509 -extensions v3_ca -keyout ca2-key.pem -out ca2-cert.pem |
||||
|
|
||||
|
|
||||
|
# |
||||
|
# agent1 is signed by ca1. |
||||
|
# |
||||
|
# Generate new private key |
||||
|
openssl genrsa -out agent1-key.pem |
||||
|
# Create a Certificate Signing Request for the key |
||||
|
openssl req -new -key agent1-key.pem -out agent1-csr.pem |
||||
|
# Create a Certificate for the agent. |
||||
|
openssl x509 -req -in agent1-csr.pem -CA ca1-cert.pem -CAkey ca1-key.pem -CAcreateserial -out agent1-cert.pem |
||||
|
|
||||
|
|
||||
|
|
||||
|
# |
||||
|
# agent2 has a self signed cert |
||||
|
# |
||||
|
# Generate new private key |
||||
|
openssl genrsa -out agent2-key.pem |
||||
|
# Create a Certificate Signing Request for the key |
||||
|
openssl req -new -key agent2-key.pem -out agent2-csr.pem |
||||
|
# Create a Certificate for the agent. |
||||
|
openssl x509 -req -in agent2-csr.pem -signkey agent2-key.pem -out agent2-cert.pem |
||||
|
|
||||
|
|
||||
|
|
||||
|
# |
||||
|
# agent3 is signed by ca2. |
||||
|
# |
||||
|
# Generate new private key |
||||
|
openssl genrsa -out agent3-key.pem |
||||
|
# Create a Certificate Signing Request for the key |
||||
|
openssl req -new -key agent3-key.pem -out agent3-csr.pem |
||||
|
# Create a Certificate for the agent. |
||||
|
openssl x509 -req -in agent3-csr.pem -CA ca2-cert.pem -CAkey ca2-key.pem -CAcreateserial -out agent3-cert.pem |
||||
|
|
||||
|
|
||||
|
#### TODO: agent on CRL |
||||
|
|
||||
|
|
@ -0,0 +1,210 @@ |
|||||
|
// This is a rather complex test which sets up various TLS servers with node
|
||||
|
// and connects to them using the 'openssl s_client' command line utility
|
||||
|
// with various keys. Depending on the certificate authority and other
|
||||
|
// parameters given to the server, the various clients are
|
||||
|
// - rejected,
|
||||
|
// - accepted and "unauthorized", or
|
||||
|
// - accepted and "authorized".
|
||||
|
|
||||
|
var testCases = |
||||
|
[ { title: "Do not request certs. Everyone is unauthorized.", |
||||
|
requestCert: false, |
||||
|
rejectUnauthorized: false, |
||||
|
CAs: ['ca1-cert'], |
||||
|
clients: |
||||
|
[ { name: 'agent1', shouldReject: false, shouldAuth: false }, |
||||
|
{ name: 'agent2', shouldReject: false, shouldAuth: false }, |
||||
|
{ name: 'agent3', shouldReject: false, shouldAuth: false }, |
||||
|
{ name: 'agent4', shouldReject: false, shouldAuth: false } |
||||
|
] |
||||
|
}, |
||||
|
|
||||
|
{ title: "Allow both authed and unauthed connections with CA1", |
||||
|
requestCert: true, |
||||
|
rejectUnauthorized: false, |
||||
|
CAs: ['ca1-cert'], |
||||
|
clients: |
||||
|
[ { name: 'agent1', shouldReject: false, shouldAuth: true }, |
||||
|
{ name: 'agent2', shouldReject: false, shouldAuth: false }, |
||||
|
{ name: 'agent3', shouldReject: false, shouldAuth: false }, |
||||
|
{ name: 'agent4', shouldReject: false, shouldAuth: false } |
||||
|
] |
||||
|
}, |
||||
|
|
||||
|
{ title: "Allow only authed connections with CA1", |
||||
|
requestCert: true, |
||||
|
rejectUnauthorized: true, |
||||
|
CAs: ['ca1-cert'], |
||||
|
clients: |
||||
|
[ { name: 'agent1', shouldReject: false, shouldAuth: true }, |
||||
|
{ name: 'agent2', shouldReject: true }, |
||||
|
{ name: 'agent3', shouldReject: true }, |
||||
|
{ name: 'agent4', shouldReject: true } |
||||
|
] |
||||
|
}, |
||||
|
|
||||
|
]; |
||||
|
|
||||
|
|
||||
|
var common = require('../common'); |
||||
|
var assert = require('assert'); |
||||
|
var fs = require('fs'); |
||||
|
var tls = require('tls'); |
||||
|
var spawn = require('child_process').spawn; |
||||
|
|
||||
|
|
||||
|
function filenamePEM(n) { |
||||
|
return require('path').join(common.fixturesDir, 'keys', n + ".pem"); |
||||
|
} |
||||
|
|
||||
|
|
||||
|
function loadPEM(n) { |
||||
|
return fs.readFileSync(filenamePEM(n)).toString(); |
||||
|
} |
||||
|
|
||||
|
|
||||
|
var serverKey = loadPEM('agent2-key'); |
||||
|
var serverCert = loadPEM('agent2-cert'); |
||||
|
|
||||
|
|
||||
|
function runClient (options, cb) { |
||||
|
|
||||
|
// Client can connect in three ways:
|
||||
|
// - Self-signed cert
|
||||
|
// - Certificate, but not signed by CA.
|
||||
|
// - Certificate signed by CA.
|
||||
|
|
||||
|
var args = ['s_client', '-connect', '127.0.0.1:' + common.PORT]; |
||||
|
|
||||
|
switch (options.name) { |
||||
|
case 'agent1': |
||||
|
// Signed by CA1
|
||||
|
args.push('-key'); |
||||
|
args.push(filenamePEM('agent1-key')); |
||||
|
args.push('-cert'); |
||||
|
args.push(filenamePEM('agent1-cert')); |
||||
|
break; |
||||
|
|
||||
|
case 'agent2': |
||||
|
// Self-signed
|
||||
|
// This is also the key-cert pair that the server will use.
|
||||
|
args.push('-key'); |
||||
|
args.push(filenamePEM('agent2-key')); |
||||
|
args.push('-cert'); |
||||
|
args.push(filenamePEM('agent2-cert')); |
||||
|
break; |
||||
|
|
||||
|
case 'agent3': |
||||
|
// Signed by CA2
|
||||
|
args.push('-key'); |
||||
|
args.push(filenamePEM('agent3-key')); |
||||
|
args.push('-cert'); |
||||
|
args.push(filenamePEM('agent3-cert')); |
||||
|
break; |
||||
|
|
||||
|
case 'agent4': |
||||
|
// Self-signed
|
||||
|
break; |
||||
|
|
||||
|
default: |
||||
|
throw new Error("Unknown agent name"); |
||||
|
} |
||||
|
|
||||
|
// To test use: openssl s_client -connect localhost:8000
|
||||
|
var client = spawn('openssl', args); |
||||
|
//console.error(args);
|
||||
|
|
||||
|
var out = ''; |
||||
|
|
||||
|
var rejected = true; |
||||
|
var authed = false; |
||||
|
|
||||
|
client.stdout.setEncoding('utf8'); |
||||
|
client.stdout.on('data', function(d) { |
||||
|
out += d; |
||||
|
|
||||
|
if (/_unauthed/g.test(out)) { |
||||
|
console.error(" * unauthed"); |
||||
|
client.stdin.end('goodbye\n'); |
||||
|
authed = false; |
||||
|
rejected = false; |
||||
|
} |
||||
|
|
||||
|
if (/_authed/g.test(out)) { |
||||
|
console.error(" * authed"); |
||||
|
client.stdin.end('goodbye\n'); |
||||
|
authed = true; |
||||
|
rejected = false; |
||||
|
} |
||||
|
}); |
||||
|
|
||||
|
//client.stdout.pipe(process.stdout);
|
||||
|
|
||||
|
client.on('exit', function(code) { |
||||
|
if (options.shouldReject) { |
||||
|
assert.equal(true, rejected); |
||||
|
} else { |
||||
|
assert.equal(false, rejected); |
||||
|
assert.equal(options.shouldAuth, authed); |
||||
|
} |
||||
|
|
||||
|
cb(); |
||||
|
}); |
||||
|
} |
||||
|
|
||||
|
|
||||
|
// Run the tests
|
||||
|
var successfulTests = 0; |
||||
|
function runTest (testIndex) { |
||||
|
var tcase = testCases[testIndex]; |
||||
|
if (!tcase) return; |
||||
|
|
||||
|
console.error("Running '%s'", tcase.title); |
||||
|
|
||||
|
var cas = tcase.CAs.map(loadPEM); |
||||
|
|
||||
|
var server = tls.Server({ key: serverKey, |
||||
|
cert: serverCert, |
||||
|
ca: cas, |
||||
|
requestCert: tcase.requestCert, |
||||
|
rejectUnauthorized: tcase.rejectUnauthorized }); |
||||
|
|
||||
|
var connections = 0; |
||||
|
|
||||
|
server.on('authorized', function(c) { |
||||
|
connections++; |
||||
|
console.error('- authed connection'); |
||||
|
c.write('\n_authed\n'); |
||||
|
}); |
||||
|
|
||||
|
server.on('unauthorized', function(c, e) { |
||||
|
connections++; |
||||
|
console.error('- unauthed connection: %s', e); |
||||
|
c.write('\n_unauthed\n'); |
||||
|
}); |
||||
|
|
||||
|
function runNextClient (clientIndex) { |
||||
|
var options = tcase.clients[clientIndex]; |
||||
|
if (options) { |
||||
|
runClient(options, function () { |
||||
|
runNextClient(clientIndex + 1); |
||||
|
}); |
||||
|
} else { |
||||
|
server.close(); |
||||
|
successfulTests++; |
||||
|
runTest(testIndex + 1); |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
server.listen(common.PORT, function() { |
||||
|
runNextClient(0); |
||||
|
}); |
||||
|
} |
||||
|
|
||||
|
|
||||
|
runTest(0); |
||||
|
|
||||
|
|
||||
|
process.on('exit', function() { |
||||
|
assert.equal(successfulTests, testCases.length); |
||||
|
}); |
Loading…
Reference in new issue