Skip to content

Commit

Permalink
More HTTPS tests (#1704)
Browse files Browse the repository at this point in the history
Co-authored-by: Sindre Sorhus <sindresorhus@gmail.com>
  • Loading branch information
Giotino and sindresorhus authored May 5, 2021
1 parent 05ee750 commit fe723a0
Show file tree
Hide file tree
Showing 2 changed files with 100 additions and 12 deletions.
11 changes: 10 additions & 1 deletion test/helpers/create-https-test-server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,15 @@ import net from 'net';
import express from 'express';
import pify from 'pify';
import pem from 'pem';
import type {SecureContextOptions} from 'tls';

export type HttpsServerOptions = {
commonName?: string;
days?: number;
ciphers?: SecureContextOptions['ciphers'];
honorCipherOrder?: SecureContextOptions['honorCipherOrder'];
minVersion?: SecureContextOptions['minVersion'];
maxVersion?: SecureContextOptions['maxVersion'];
};

export interface ExtendedHttpsTestServer extends express.Express {
Expand Down Expand Up @@ -49,7 +54,11 @@ const createHttpsTestServer = async (options: HttpsServerOptions = {}): Promise<
cert: serverCert,
ca: caCert,
requestCert: true,
rejectUnauthorized: false // This should be checked by the test
rejectUnauthorized: false, // This should be checked by the test
ciphers: options.ciphers,
honorCipherOrder: options.honorCipherOrder,
minVersion: options.minVersion,
maxVersion: options.maxVersion
},
server
);
Expand Down
101 changes: 90 additions & 11 deletions test/https.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import test from 'ava';
import {DetailedPeerCertificate} from 'tls';
import tls, {DetailedPeerCertificate} from 'tls';
import pEvent from 'p-event';
import pify from 'pify';
import pem from 'pem';
Expand Down Expand Up @@ -216,12 +216,18 @@ test('client certificate', withHttpsServer(), async (t, server, got) => {
const clientKey = clientResult.clientKey;
const clientCert = clientResult.certificate;

const response: any = await got({
const response = await got({
httpsOptions: {
key: clientKey,
certificate: clientCert
}
}).json();
}).json<{
authorized: boolean;
peerCertificate: {
subject: {CN: string};
issuer: {CN: string};
};
}>();

t.true(response.authorized);
t.is(response.peerCertificate.subject.CN, 'client');
Expand Down Expand Up @@ -249,12 +255,14 @@ test('invalid client certificate (self-signed)', withHttpsServer(), async (t, se
const clientKey = clientResult.clientKey;
const clientCert = clientResult.certificate;

const response: any = await got({
const response = await got({
httpsOptions: {
key: clientKey,
certificate: clientCert
}
}).json();
}).json<{
authorized: boolean;
}>();

t.is(response.authorized, false);
});
Expand Down Expand Up @@ -289,12 +297,18 @@ test('invalid client certificate (other CA)', withHttpsServer(), async (t, serve
const clientKey = clientResult.clientKey;
const clientCert = clientResult.certificate;

const response: any = await got({
const response = await got({
httpsOptions: {
key: clientKey,
certificate: clientCert
}
}).json();
}).json<{
authorized: boolean;
peerCertificate: {
subject: {CN: string};
issuer: {CN: string};
};
}>();

t.false(response.authorized);
t.is(response.peerCertificate.subject.CN, 'other-client');
Expand Down Expand Up @@ -337,13 +351,19 @@ test('key passphrase', withHttpsServer(), async (t, server, got) => {
});
const clientCert = clientResult.certificate;

const response: any = await got({
const response = await got({
httpsOptions: {
key: clientKey,
passphrase: 'randomPassword',
certificate: clientCert
}
}).json();
}).json<{
authorized: boolean;
peerCertificate: {
subject: {CN: string};
issuer: {CN: string};
};
}>();

t.true(response.authorized);
t.is(response.peerCertificate.subject.CN, 'client');
Expand Down Expand Up @@ -423,14 +443,73 @@ test('client certificate PFX', withHttpsServer(), async (t, server, got) => {

const {pkcs12} = await createPkcs12(clientKey, clientCert, 'randomPassword');

const response: any = await got({
const response = await got({
httpsOptions: {
pfx: pkcs12,
passphrase: 'randomPassword'
}
}).json();
}).json<{
authorized: boolean;
peerCertificate: {
subject: {CN: string};
issuer: {CN: string};
};
}>();

t.true(response.authorized);
t.is(response.peerCertificate.subject.CN, 'client');
t.is(response.peerCertificate.issuer.CN, 'authority');
});

const ciphers = tls.getCiphers().map(cipher => cipher.toUpperCase());

test('https request with `ciphers` option', withHttpsServer({ciphers: `${ciphers[0]!}:${ciphers[1]!}:${ciphers[2]!}`}), async (t, server, got) => {
server.get('/', (request, response) => {
response.json({
cipher: (request.socket as any).getCipher().name
});
});

const response = await got({
httpsOptions: {
ciphers: ciphers[0]
}
}).json<{cipher: string}>();

t.is(response.cipher, ciphers[0]);
});

test('https request with `honorCipherOrder` option', withHttpsServer({ciphers: `${ciphers[0]!}:${ciphers[1]!}`}), async (t, server, got) => {
server.get('/', (request, response) => {
response.json({
cipher: (request.socket as any).getCipher().name
});
});

const response = await got({
httpsOptions: {
ciphers: `${ciphers[1]!}:${ciphers[0]!}`,
honorCipherOrder: true
}
}).json<{cipher: string}>();

t.is(response.cipher, ciphers[0]);
});

test('https request with `minVersion` option', withHttpsServer({maxVersion: 'TLSv1.2'}), async (t, server, got) => {
server.get('/', (request, response) => {
response.json({
version: (request.socket as any).getCipher().version
});
});

const request = got({
httpsOptions: {
minVersion: 'TLSv1.3'
}
});

await t.throwsAsync(request, {
code: 'EPROTO'
});
});

0 comments on commit fe723a0

Please # to comment.