11cb0ef41Sopenharmony_ci'use strict';
21cb0ef41Sopenharmony_ci
31cb0ef41Sopenharmony_ciconst common = require('../common');
41cb0ef41Sopenharmony_ciif (!common.hasCrypto)
51cb0ef41Sopenharmony_ci  common.skip('missing crypto');
61cb0ef41Sopenharmony_ci
71cb0ef41Sopenharmony_ciconst assert = require('assert');
81cb0ef41Sopenharmony_ciconst {
91cb0ef41Sopenharmony_ci  generateKeyPair,
101cb0ef41Sopenharmony_ci} = require('crypto');
111cb0ef41Sopenharmony_ciconst {
121cb0ef41Sopenharmony_ci  assertApproximateSize,
131cb0ef41Sopenharmony_ci  testEncryptDecrypt,
141cb0ef41Sopenharmony_ci  testSignVerify,
151cb0ef41Sopenharmony_ci  pkcs1EncExp,
161cb0ef41Sopenharmony_ci} = require('../common/crypto');
171cb0ef41Sopenharmony_ci
181cb0ef41Sopenharmony_ci// Test async RSA key generation with an encrypted private key.
191cb0ef41Sopenharmony_ci{
201cb0ef41Sopenharmony_ci  generateKeyPair('rsa', {
211cb0ef41Sopenharmony_ci    publicExponent: 0x10001,
221cb0ef41Sopenharmony_ci    modulusLength: 512,
231cb0ef41Sopenharmony_ci    publicKeyEncoding: {
241cb0ef41Sopenharmony_ci      type: 'pkcs1',
251cb0ef41Sopenharmony_ci      format: 'der'
261cb0ef41Sopenharmony_ci    },
271cb0ef41Sopenharmony_ci    privateKeyEncoding: {
281cb0ef41Sopenharmony_ci      type: 'pkcs1',
291cb0ef41Sopenharmony_ci      format: 'pem',
301cb0ef41Sopenharmony_ci      cipher: 'aes-256-cbc',
311cb0ef41Sopenharmony_ci      passphrase: 'secret'
321cb0ef41Sopenharmony_ci    }
331cb0ef41Sopenharmony_ci  }, common.mustSucceed((publicKeyDER, privateKey) => {
341cb0ef41Sopenharmony_ci    assert(Buffer.isBuffer(publicKeyDER));
351cb0ef41Sopenharmony_ci    assertApproximateSize(publicKeyDER, 74);
361cb0ef41Sopenharmony_ci
371cb0ef41Sopenharmony_ci    assert.strictEqual(typeof privateKey, 'string');
381cb0ef41Sopenharmony_ci    assert.match(privateKey, pkcs1EncExp('AES-256-CBC'));
391cb0ef41Sopenharmony_ci
401cb0ef41Sopenharmony_ci    // Since the private key is encrypted, signing shouldn't work anymore.
411cb0ef41Sopenharmony_ci    const publicKey = {
421cb0ef41Sopenharmony_ci      key: publicKeyDER,
431cb0ef41Sopenharmony_ci      type: 'pkcs1',
441cb0ef41Sopenharmony_ci      format: 'der',
451cb0ef41Sopenharmony_ci    };
461cb0ef41Sopenharmony_ci    const expectedError = common.hasOpenSSL3 ? {
471cb0ef41Sopenharmony_ci      name: 'Error',
481cb0ef41Sopenharmony_ci      message: 'error:07880109:common libcrypto routines::interrupted or ' +
491cb0ef41Sopenharmony_ci               'cancelled'
501cb0ef41Sopenharmony_ci    } : {
511cb0ef41Sopenharmony_ci      name: 'TypeError',
521cb0ef41Sopenharmony_ci      code: 'ERR_MISSING_PASSPHRASE',
531cb0ef41Sopenharmony_ci      message: 'Passphrase required for encrypted key'
541cb0ef41Sopenharmony_ci    };
551cb0ef41Sopenharmony_ci    assert.throws(() => testSignVerify(publicKey, privateKey), expectedError);
561cb0ef41Sopenharmony_ci
571cb0ef41Sopenharmony_ci    const key = { key: privateKey, passphrase: 'secret' };
581cb0ef41Sopenharmony_ci    testEncryptDecrypt(publicKey, key);
591cb0ef41Sopenharmony_ci    testSignVerify(publicKey, key);
601cb0ef41Sopenharmony_ci  }));
611cb0ef41Sopenharmony_ci}
62