11cb0ef41Sopenharmony_ci// Flags: --expose-internals
21cb0ef41Sopenharmony_ci'use strict';
31cb0ef41Sopenharmony_ciconst common = require('../common');
41cb0ef41Sopenharmony_ci
51cb0ef41Sopenharmony_ciif (!common.hasCrypto)
61cb0ef41Sopenharmony_ci  common.skip('missing crypto');
71cb0ef41Sopenharmony_ci
81cb0ef41Sopenharmony_ciconst {
91cb0ef41Sopenharmony_ci  X509Certificate,
101cb0ef41Sopenharmony_ci  createPrivateKey,
111cb0ef41Sopenharmony_ci  generateKeyPairSync,
121cb0ef41Sopenharmony_ci  createSign,
131cb0ef41Sopenharmony_ci} = require('crypto');
141cb0ef41Sopenharmony_ci
151cb0ef41Sopenharmony_ciconst {
161cb0ef41Sopenharmony_ci  isX509Certificate
171cb0ef41Sopenharmony_ci} = require('internal/crypto/x509');
181cb0ef41Sopenharmony_ci
191cb0ef41Sopenharmony_ciconst assert = require('assert');
201cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures');
211cb0ef41Sopenharmony_ciconst { readFileSync } = require('fs');
221cb0ef41Sopenharmony_ci
231cb0ef41Sopenharmony_ciconst cert = readFileSync(fixtures.path('keys', 'agent1-cert.pem'));
241cb0ef41Sopenharmony_ciconst key = readFileSync(fixtures.path('keys', 'agent1-key.pem'));
251cb0ef41Sopenharmony_ciconst ca = readFileSync(fixtures.path('keys', 'ca1-cert.pem'));
261cb0ef41Sopenharmony_ci
271cb0ef41Sopenharmony_ciconst privateKey = createPrivateKey(key);
281cb0ef41Sopenharmony_ci
291cb0ef41Sopenharmony_ci[1, {}, false, null].forEach((i) => {
301cb0ef41Sopenharmony_ci  assert.throws(() => new X509Certificate(i), {
311cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_TYPE'
321cb0ef41Sopenharmony_ci  });
331cb0ef41Sopenharmony_ci});
341cb0ef41Sopenharmony_ci
351cb0ef41Sopenharmony_ciconst subjectCheck = `C=US
361cb0ef41Sopenharmony_ciST=CA
371cb0ef41Sopenharmony_ciL=SF
381cb0ef41Sopenharmony_ciO=Joyent
391cb0ef41Sopenharmony_ciOU=Node.js
401cb0ef41Sopenharmony_ciCN=agent1
411cb0ef41Sopenharmony_ciemailAddress=ry@tinyclouds.org`;
421cb0ef41Sopenharmony_ci
431cb0ef41Sopenharmony_ciconst issuerCheck = `C=US
441cb0ef41Sopenharmony_ciST=CA
451cb0ef41Sopenharmony_ciL=SF
461cb0ef41Sopenharmony_ciO=Joyent
471cb0ef41Sopenharmony_ciOU=Node.js
481cb0ef41Sopenharmony_ciCN=ca1
491cb0ef41Sopenharmony_ciemailAddress=ry@tinyclouds.org`;
501cb0ef41Sopenharmony_ci
511cb0ef41Sopenharmony_cilet infoAccessCheck = `OCSP - URI:http://ocsp.nodejs.org/
521cb0ef41Sopenharmony_ciCA Issuers - URI:http://ca.nodejs.org/ca.cert`;
531cb0ef41Sopenharmony_ciif (!common.hasOpenSSL3)
541cb0ef41Sopenharmony_ci  infoAccessCheck += '\n';
551cb0ef41Sopenharmony_ci
561cb0ef41Sopenharmony_ciconst der = Buffer.from(
571cb0ef41Sopenharmony_ci  '308203e8308202d0a0030201020214147d36c1c2f74206de9fab5f2226d78adb00a42630' +
581cb0ef41Sopenharmony_ci  '0d06092a864886f70d01010b0500307a310b3009060355040613025553310b3009060355' +
591cb0ef41Sopenharmony_ci  '04080c024341310b300906035504070c025346310f300d060355040a0c064a6f79656e74' +
601cb0ef41Sopenharmony_ci  '3110300e060355040b0c074e6f64652e6a73310c300a06035504030c036361313120301e' +
611cb0ef41Sopenharmony_ci  '06092a864886f70d010901161172794074696e79636c6f7564732e6f72673020170d3232' +
621cb0ef41Sopenharmony_ci  '303930333231343033375a180f32323936303631373231343033375a307d310b30090603' +
631cb0ef41Sopenharmony_ci  '55040613025553310b300906035504080c024341310b300906035504070c025346310f30' +
641cb0ef41Sopenharmony_ci  '0d060355040a0c064a6f79656e743110300e060355040b0c074e6f64652e6a73310f300d' +
651cb0ef41Sopenharmony_ci  '06035504030c066167656e74313120301e06092a864886f70d010901161172794074696e' +
661cb0ef41Sopenharmony_ci  '79636c6f7564732e6f726730820122300d06092a864886f70d01010105000382010f0030' +
671cb0ef41Sopenharmony_ci  '82010a0282010100d456320afb20d3827093dc2c4284ed04dfbabd56e1ddae529e28b790' +
681cb0ef41Sopenharmony_ci  'cd4256db273349f3735ffd337c7a6363ecca5a27b7f73dc7089a96c6d886db0c62388f1c' +
691cb0ef41Sopenharmony_ci  'dd6a963afcd599d5800e587a11f908960f84ed50ba25a28303ecda6e684fbe7baedc9ce8' +
701cb0ef41Sopenharmony_ci  '801327b1697af25097cee3f175e400984c0db6a8eb87be03b4cf94774ba56fffc8c63c68' +
711cb0ef41Sopenharmony_ci  'd6adeb60abbe69a7b14ab6a6b9e7baa89b5adab8eb07897c07f6d4fa3d660dff574107d2' +
721cb0ef41Sopenharmony_ci  '8e8f63467a788624c574197693e959cea1362ffae1bba10c8c0d88840abfef103631b2e8' +
731cb0ef41Sopenharmony_ci  'f5c39b5548a7ea57e8a39f89291813f45a76c448033a2b7ed8403f4baa147cf35e2d2554' +
741cb0ef41Sopenharmony_ci  'aa65ce49695797095bf4dc6b0203010001a361305f305d06082b06010505070101045130' +
751cb0ef41Sopenharmony_ci  '4f302306082b060105050730018617687474703a2f2f6f6373702e6e6f64656a732e6f72' +
761cb0ef41Sopenharmony_ci  '672f302806082b06010505073002861c687474703a2f2f63612e6e6f64656a732e6f7267' +
771cb0ef41Sopenharmony_ci  '2f63612e63657274300d06092a864886f70d01010b05000382010100c3349810632ccb7d' +
781cb0ef41Sopenharmony_ci  'a585de3ed51e34ed154f0f7215608cf2701c00eda444dc2427072c8aca4da6472c1d9e68' +
791cb0ef41Sopenharmony_ci  'f177f99a90a8b5dbf3884586d61cb1c14ea7016c8d38b70d1b46b42947db30edc1e9961e' +
801cb0ef41Sopenharmony_ci  'd46c0f0e35da427bfbe52900771817e733b371adf19e12137235141a34347db0dfc05579' +
811cb0ef41Sopenharmony_ci  '8b1f269f3bdf5e30ce35d1339d56bb3c570de9096215433047f87ca42447b44e7e6b5d0e' +
821cb0ef41Sopenharmony_ci  '48f7894ab186f85b6b1a74561b520952fea888617f32f582afce1111581cd63efcc68986' +
831cb0ef41Sopenharmony_ci  '00d248bb684dedb9c3d6710c38de9e9bc21f9c3394b729d5f707d64ea890603e5989f8fa' +
841cb0ef41Sopenharmony_ci  '59c19ad1a00732e7adc851b89487cc00799dde068aa64b3b8fd976e8bc113ef2',
851cb0ef41Sopenharmony_ci  'hex');
861cb0ef41Sopenharmony_ci
871cb0ef41Sopenharmony_ci{
881cb0ef41Sopenharmony_ci  const x509 = new X509Certificate(cert);
891cb0ef41Sopenharmony_ci
901cb0ef41Sopenharmony_ci  assert(isX509Certificate(x509));
911cb0ef41Sopenharmony_ci
921cb0ef41Sopenharmony_ci  assert(!x509.ca);
931cb0ef41Sopenharmony_ci  assert.strictEqual(x509.subject, subjectCheck);
941cb0ef41Sopenharmony_ci  assert.strictEqual(x509.subjectAltName, undefined);
951cb0ef41Sopenharmony_ci  assert.strictEqual(x509.issuer, issuerCheck);
961cb0ef41Sopenharmony_ci  assert.strictEqual(x509.infoAccess, infoAccessCheck);
971cb0ef41Sopenharmony_ci  assert.strictEqual(x509.validFrom, 'Sep  3 21:40:37 2022 GMT');
981cb0ef41Sopenharmony_ci  assert.strictEqual(x509.validTo, 'Jun 17 21:40:37 2296 GMT');
991cb0ef41Sopenharmony_ci  assert.strictEqual(
1001cb0ef41Sopenharmony_ci    x509.fingerprint,
1011cb0ef41Sopenharmony_ci    '8B:89:16:C4:99:87:D2:13:1A:64:94:36:38:A5:32:01:F0:95:3B:53');
1021cb0ef41Sopenharmony_ci  assert.strictEqual(
1031cb0ef41Sopenharmony_ci    x509.fingerprint256,
1041cb0ef41Sopenharmony_ci    '2C:62:59:16:91:89:AB:90:6A:3E:98:88:A6:D3:C5:58:58:6C:AE:FF:9C:33:' +
1051cb0ef41Sopenharmony_ci    '22:7C:B6:77:D3:34:E7:53:4B:05'
1061cb0ef41Sopenharmony_ci  );
1071cb0ef41Sopenharmony_ci  assert.strictEqual(
1081cb0ef41Sopenharmony_ci    x509.fingerprint512,
1091cb0ef41Sopenharmony_ci    '0B:6F:D0:4D:6B:22:53:99:66:62:51:2D:2C:96:F2:58:3F:95:1C:CC:4C:44:' +
1101cb0ef41Sopenharmony_ci    '9D:B5:59:AA:AD:A8:F6:2A:24:8A:BB:06:A5:26:42:52:30:A3:37:61:30:A9:' +
1111cb0ef41Sopenharmony_ci    '5A:42:63:E0:21:2F:D6:70:63:07:96:6F:27:A7:78:12:08:02:7A:8B'
1121cb0ef41Sopenharmony_ci  );
1131cb0ef41Sopenharmony_ci  assert.strictEqual(x509.keyUsage, undefined);
1141cb0ef41Sopenharmony_ci  assert.strictEqual(x509.serialNumber, '147D36C1C2F74206DE9FAB5F2226D78ADB00A426');
1151cb0ef41Sopenharmony_ci
1161cb0ef41Sopenharmony_ci  assert.deepStrictEqual(x509.raw, der);
1171cb0ef41Sopenharmony_ci
1181cb0ef41Sopenharmony_ci  assert(x509.publicKey);
1191cb0ef41Sopenharmony_ci  assert.strictEqual(x509.publicKey.type, 'public');
1201cb0ef41Sopenharmony_ci
1211cb0ef41Sopenharmony_ci  assert.strictEqual(x509.toString().replaceAll('\r\n', '\n'),
1221cb0ef41Sopenharmony_ci                     cert.toString().replaceAll('\r\n', '\n'));
1231cb0ef41Sopenharmony_ci  assert.strictEqual(x509.toJSON(), x509.toString());
1241cb0ef41Sopenharmony_ci
1251cb0ef41Sopenharmony_ci  assert(x509.checkPrivateKey(privateKey));
1261cb0ef41Sopenharmony_ci  assert.throws(() => x509.checkPrivateKey(x509.publicKey), {
1271cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_VALUE'
1281cb0ef41Sopenharmony_ci  });
1291cb0ef41Sopenharmony_ci
1301cb0ef41Sopenharmony_ci  assert.strictEqual(x509.checkIP('127.0.0.1'), undefined);
1311cb0ef41Sopenharmony_ci  assert.strictEqual(x509.checkIP('::'), undefined);
1321cb0ef41Sopenharmony_ci  assert.strictEqual(x509.checkHost('agent1'), 'agent1');
1331cb0ef41Sopenharmony_ci  assert.strictEqual(x509.checkHost('agent2'), undefined);
1341cb0ef41Sopenharmony_ci  assert.strictEqual(x509.checkEmail('ry@tinyclouds.org'), 'ry@tinyclouds.org');
1351cb0ef41Sopenharmony_ci  assert.strictEqual(x509.checkEmail('sally@example.com'), undefined);
1361cb0ef41Sopenharmony_ci  assert.throws(() => x509.checkHost('agent\x001'), {
1371cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_VALUE'
1381cb0ef41Sopenharmony_ci  });
1391cb0ef41Sopenharmony_ci  assert.throws(() => x509.checkIP('[::]'), {
1401cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_VALUE'
1411cb0ef41Sopenharmony_ci  });
1421cb0ef41Sopenharmony_ci  assert.throws(() => x509.checkEmail('not\x00hing'), {
1431cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_VALUE'
1441cb0ef41Sopenharmony_ci  });
1451cb0ef41Sopenharmony_ci
1461cb0ef41Sopenharmony_ci  [1, false, null].forEach((i) => {
1471cb0ef41Sopenharmony_ci    assert.throws(() => x509.checkHost('agent1', i), {
1481cb0ef41Sopenharmony_ci      code: 'ERR_INVALID_ARG_TYPE'
1491cb0ef41Sopenharmony_ci    });
1501cb0ef41Sopenharmony_ci    assert.throws(() => x509.checkHost('agent1', { subject: i }), {
1511cb0ef41Sopenharmony_ci      code: 'ERR_INVALID_ARG_TYPE'
1521cb0ef41Sopenharmony_ci    });
1531cb0ef41Sopenharmony_ci  });
1541cb0ef41Sopenharmony_ci
1551cb0ef41Sopenharmony_ci  [
1561cb0ef41Sopenharmony_ci    'wildcards',
1571cb0ef41Sopenharmony_ci    'partialWildcards',
1581cb0ef41Sopenharmony_ci    'multiLabelWildcards',
1591cb0ef41Sopenharmony_ci    'singleLabelSubdomains',
1601cb0ef41Sopenharmony_ci  ].forEach((key) => {
1611cb0ef41Sopenharmony_ci    [1, '', null, {}].forEach((i) => {
1621cb0ef41Sopenharmony_ci      assert.throws(() => x509.checkHost('agent1', { [key]: i }), {
1631cb0ef41Sopenharmony_ci        code: 'ERR_INVALID_ARG_TYPE'
1641cb0ef41Sopenharmony_ci      });
1651cb0ef41Sopenharmony_ci    });
1661cb0ef41Sopenharmony_ci  });
1671cb0ef41Sopenharmony_ci
1681cb0ef41Sopenharmony_ci  const ca_cert = new X509Certificate(ca);
1691cb0ef41Sopenharmony_ci
1701cb0ef41Sopenharmony_ci  assert(x509.checkIssued(ca_cert));
1711cb0ef41Sopenharmony_ci  assert(!x509.checkIssued(x509));
1721cb0ef41Sopenharmony_ci  assert(x509.verify(ca_cert.publicKey));
1731cb0ef41Sopenharmony_ci  assert(!x509.verify(x509.publicKey));
1741cb0ef41Sopenharmony_ci
1751cb0ef41Sopenharmony_ci  assert.throws(() => x509.checkIssued({}), {
1761cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_TYPE'
1771cb0ef41Sopenharmony_ci  });
1781cb0ef41Sopenharmony_ci  assert.throws(() => x509.checkIssued(''), {
1791cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_TYPE'
1801cb0ef41Sopenharmony_ci  });
1811cb0ef41Sopenharmony_ci  assert.throws(() => x509.verify({}), {
1821cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_TYPE'
1831cb0ef41Sopenharmony_ci  });
1841cb0ef41Sopenharmony_ci  assert.throws(() => x509.verify(''), {
1851cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_TYPE'
1861cb0ef41Sopenharmony_ci  });
1871cb0ef41Sopenharmony_ci  assert.throws(() => x509.verify(privateKey), {
1881cb0ef41Sopenharmony_ci    code: 'ERR_INVALID_ARG_VALUE'
1891cb0ef41Sopenharmony_ci  });
1901cb0ef41Sopenharmony_ci
1911cb0ef41Sopenharmony_ci  {
1921cb0ef41Sopenharmony_ci    // https://github.com/nodejs/node/issues/45377
1931cb0ef41Sopenharmony_ci    // https://github.com/nodejs/node/issues/45485
1941cb0ef41Sopenharmony_ci    // Confirm failures of
1951cb0ef41Sopenharmony_ci    // X509Certificate:verify()
1961cb0ef41Sopenharmony_ci    // X509Certificate:CheckPrivateKey()
1971cb0ef41Sopenharmony_ci    // X509Certificate:CheckCA()
1981cb0ef41Sopenharmony_ci    // X509Certificate:CheckIssued()
1991cb0ef41Sopenharmony_ci    // X509Certificate:ToLegacy()
2001cb0ef41Sopenharmony_ci    // do not affect other functions that use OpenSSL.
2011cb0ef41Sopenharmony_ci    // Subsequent calls to e.g. createPrivateKey should not throw.
2021cb0ef41Sopenharmony_ci    const keyPair = generateKeyPairSync('ed25519');
2031cb0ef41Sopenharmony_ci    assert(!x509.verify(keyPair.publicKey));
2041cb0ef41Sopenharmony_ci    createPrivateKey(key);
2051cb0ef41Sopenharmony_ci    assert(!x509.checkPrivateKey(keyPair.privateKey));
2061cb0ef41Sopenharmony_ci    createPrivateKey(key);
2071cb0ef41Sopenharmony_ci    const certPem = `
2081cb0ef41Sopenharmony_ci-----BEGIN CERTIFICATE-----
2091cb0ef41Sopenharmony_ciMIID6zCCAtOgAwIBAgIUTUREAaNcNL0zPkxAlMX0GJtJ/FcwDQYJKoZIhvcNAQEN
2101cb0ef41Sopenharmony_ciBQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQH
2111cb0ef41Sopenharmony_ciDAhDYXJsc2JhZDEPMA0GA1UECgwGVmlhc2F0MR0wGwYDVQQLDBRWaWFzYXQgU2Vj
2121cb0ef41Sopenharmony_cidXJlIE1vYmlsZTEiMCAGA1UEAwwZSGFja2VyT25lIHJlcG9ydCAjMTgwODU5NjAi
2131cb0ef41Sopenharmony_ciGA8yMDIyMTIxNjAwMDAwMFoYDzIwMjMxMjE1MjM1OTU5WjCBiTELMAkGA1UEBhMC
2141cb0ef41Sopenharmony_ciVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCENhcmxzYmFkMQ8wDQYD
2151cb0ef41Sopenharmony_ciVQQKDAZWaWFzYXQxHTAbBgNVBAsMFFZpYXNhdCBTZWN1cmUgTW9iaWxlMSIwIAYD
2161cb0ef41Sopenharmony_ciVQQDDBlIYWNrZXJPbmUgcmVwb3J0ICMxODA4NTk2MIIBIjANBgkqhkiG9w0BAQEF
2171cb0ef41Sopenharmony_ciAAOCAQ8AMIIBCgKCAQEA6I7RBPm4E/9rIrCHV5lfsHI/yYzXtACJmoyP8OMkjbeB
2181cb0ef41Sopenharmony_cih21oSJJF9FEnbivk6bYaHZIPasa+lSAydRM2rbbmfhF+jQoWYCIbV2ztrbFR70S1
2191cb0ef41Sopenharmony_ciwAuJrlYYm+8u+1HUru5UBZWUr/p1gFtv3QjpA8+43iwE4pXytTBKPXFo1f5iZwGI
2201cb0ef41Sopenharmony_ciD5Bz6DohT7Tyb8cpQ1uMCMCT0EJJ4n8wUrvfBgwBO94O4qlhs9vYgnDKepJDjptc
2211cb0ef41Sopenharmony_ciuSuEpvHALO8+EYkQ7nkM4Xzl/WK1yFtxxE93Jvd1OvViDGVrRVfsq+xYTKknGLX0
2221cb0ef41Sopenharmony_ciQIeoDDnIr0OjlYPd/cqyEgMcFyFxwDSzSc1esxdCpQIDAQABo0UwQzAdBgNVHQ4E
2231cb0ef41Sopenharmony_ciFgQUurygsEKdtQk0T+sjM0gEURdveRUwEgYDVR0TAQH/BAgwBgEB/wIB/zAOBgNV
2241cb0ef41Sopenharmony_ciHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQENBQADggEBAH7mIIXiQsQ4/QGNNFOQzTgP
2251cb0ef41Sopenharmony_ci/bUbMSZJsY5TPAvS9rF9yQVzs4dJZnQk5kEb/qrDQSe27oP0L0hfFm1wTGy+aKfa
2261cb0ef41Sopenharmony_ciBVGHdRmmvHtDUPLA9URCFShqKuS+GXp+6zt7dyZPRrPmiZaciiCMPHOnx59xSdPm
2271cb0ef41Sopenharmony_ciAZG8cD3fmK2ThC4FAMyvRb0qeobka3s22xTQ2kjwJO5gykTkZ+BR6SzRHQTjYMuT
2281cb0ef41Sopenharmony_ciiry9Bu8Kvbzu3r5n+/bmNz+xRNmEeehgT2qsHjA5b2YBVTr9MdN9Ro3H3saA3upr
2291cb0ef41Sopenharmony_cioans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
2301cb0ef41Sopenharmony_ci-----END CERTIFICATE-----`.trim();
2311cb0ef41Sopenharmony_ci    const c = new X509Certificate(certPem);
2321cb0ef41Sopenharmony_ci    assert(!c.ca);
2331cb0ef41Sopenharmony_ci    const signer = createSign('SHA256');
2341cb0ef41Sopenharmony_ci    assert(signer.sign(key, 'hex'));
2351cb0ef41Sopenharmony_ci
2361cb0ef41Sopenharmony_ci    const c1 = new X509Certificate(certPem);
2371cb0ef41Sopenharmony_ci    assert(!c1.checkIssued(c1));
2381cb0ef41Sopenharmony_ci    const signer1 = createSign('SHA256');
2391cb0ef41Sopenharmony_ci    assert(signer1.sign(key, 'hex'));
2401cb0ef41Sopenharmony_ci
2411cb0ef41Sopenharmony_ci    const c2 = new X509Certificate(certPem);
2421cb0ef41Sopenharmony_ci    assert(c2.toLegacyObject());
2431cb0ef41Sopenharmony_ci    const signer2 = createSign('SHA256');
2441cb0ef41Sopenharmony_ci    assert(signer2.sign(key, 'hex'));
2451cb0ef41Sopenharmony_ci  }
2461cb0ef41Sopenharmony_ci
2471cb0ef41Sopenharmony_ci  // X509Certificate can be cloned via MessageChannel/MessagePort
2481cb0ef41Sopenharmony_ci  const mc = new MessageChannel();
2491cb0ef41Sopenharmony_ci  mc.port1.onmessage = common.mustCall(({ data }) => {
2501cb0ef41Sopenharmony_ci    assert(isX509Certificate(data));
2511cb0ef41Sopenharmony_ci    assert.deepStrictEqual(data.raw, x509.raw);
2521cb0ef41Sopenharmony_ci    mc.port1.close();
2531cb0ef41Sopenharmony_ci  });
2541cb0ef41Sopenharmony_ci  mc.port2.postMessage(x509);
2551cb0ef41Sopenharmony_ci
2561cb0ef41Sopenharmony_ci  // Verify that legacy encoding works
2571cb0ef41Sopenharmony_ci  const legacyObjectCheck = {
2581cb0ef41Sopenharmony_ci    subject: Object.assign(Object.create(null), {
2591cb0ef41Sopenharmony_ci      C: 'US',
2601cb0ef41Sopenharmony_ci      ST: 'CA',
2611cb0ef41Sopenharmony_ci      L: 'SF',
2621cb0ef41Sopenharmony_ci      O: 'Joyent',
2631cb0ef41Sopenharmony_ci      OU: 'Node.js',
2641cb0ef41Sopenharmony_ci      CN: 'agent1',
2651cb0ef41Sopenharmony_ci      emailAddress: 'ry@tinyclouds.org',
2661cb0ef41Sopenharmony_ci    }),
2671cb0ef41Sopenharmony_ci    issuer: Object.assign(Object.create(null), {
2681cb0ef41Sopenharmony_ci      C: 'US',
2691cb0ef41Sopenharmony_ci      ST: 'CA',
2701cb0ef41Sopenharmony_ci      L: 'SF',
2711cb0ef41Sopenharmony_ci      O: 'Joyent',
2721cb0ef41Sopenharmony_ci      OU: 'Node.js',
2731cb0ef41Sopenharmony_ci      CN: 'ca1',
2741cb0ef41Sopenharmony_ci      emailAddress: 'ry@tinyclouds.org',
2751cb0ef41Sopenharmony_ci    }),
2761cb0ef41Sopenharmony_ci    infoAccess: Object.assign(Object.create(null), {
2771cb0ef41Sopenharmony_ci      'OCSP - URI': ['http://ocsp.nodejs.org/'],
2781cb0ef41Sopenharmony_ci      'CA Issuers - URI': ['http://ca.nodejs.org/ca.cert']
2791cb0ef41Sopenharmony_ci    }),
2801cb0ef41Sopenharmony_ci    modulus: 'D456320AFB20D3827093DC2C4284ED04DFBABD56E1DDAE529E28B790CD42' +
2811cb0ef41Sopenharmony_ci              '56DB273349F3735FFD337C7A6363ECCA5A27B7F73DC7089A96C6D886DB0C' +
2821cb0ef41Sopenharmony_ci              '62388F1CDD6A963AFCD599D5800E587A11F908960F84ED50BA25A28303EC' +
2831cb0ef41Sopenharmony_ci              'DA6E684FBE7BAEDC9CE8801327B1697AF25097CEE3F175E400984C0DB6A8' +
2841cb0ef41Sopenharmony_ci              'EB87BE03B4CF94774BA56FFFC8C63C68D6ADEB60ABBE69A7B14AB6A6B9E7' +
2851cb0ef41Sopenharmony_ci              'BAA89B5ADAB8EB07897C07F6D4FA3D660DFF574107D28E8F63467A788624' +
2861cb0ef41Sopenharmony_ci              'C574197693E959CEA1362FFAE1BBA10C8C0D88840ABFEF103631B2E8F5C3' +
2871cb0ef41Sopenharmony_ci              '9B5548A7EA57E8A39F89291813F45A76C448033A2B7ED8403F4BAA147CF3' +
2881cb0ef41Sopenharmony_ci              '5E2D2554AA65CE49695797095BF4DC6B',
2891cb0ef41Sopenharmony_ci    bits: 2048,
2901cb0ef41Sopenharmony_ci    exponent: '0x10001',
2911cb0ef41Sopenharmony_ci    valid_from: 'Sep  3 21:40:37 2022 GMT',
2921cb0ef41Sopenharmony_ci    valid_to: 'Jun 17 21:40:37 2296 GMT',
2931cb0ef41Sopenharmony_ci    fingerprint: '8B:89:16:C4:99:87:D2:13:1A:64:94:36:38:A5:32:01:F0:95:3B:53',
2941cb0ef41Sopenharmony_ci    fingerprint256:
2951cb0ef41Sopenharmony_ci      '2C:62:59:16:91:89:AB:90:6A:3E:98:88:A6:D3:C5:58:58:6C:AE:FF:9C:33:' +
2961cb0ef41Sopenharmony_ci      '22:7C:B6:77:D3:34:E7:53:4B:05',
2971cb0ef41Sopenharmony_ci    fingerprint512:
2981cb0ef41Sopenharmony_ci      '51:62:18:39:E2:E2:77:F5:86:11:E8:C0:CA:54:43:7C:76:83:19:05:D0:03:' +
2991cb0ef41Sopenharmony_ci      '24:21:B8:EB:14:61:FB:24:16:EB:BD:51:1A:17:91:04:30:03:EB:68:5F:DC:' +
3001cb0ef41Sopenharmony_ci      '86:E1:D1:7C:FB:AF:78:ED:63:5F:29:9C:32:AF:A1:8E:22:96:D1:02',
3011cb0ef41Sopenharmony_ci    serialNumber: '147D36C1C2F74206DE9FAB5F2226D78ADB00A426'
3021cb0ef41Sopenharmony_ci  };
3031cb0ef41Sopenharmony_ci
3041cb0ef41Sopenharmony_ci  const legacyObject = x509.toLegacyObject();
3051cb0ef41Sopenharmony_ci
3061cb0ef41Sopenharmony_ci  assert.deepStrictEqual(legacyObject.raw, x509.raw);
3071cb0ef41Sopenharmony_ci  assert.deepStrictEqual(legacyObject.subject, legacyObjectCheck.subject);
3081cb0ef41Sopenharmony_ci  assert.deepStrictEqual(legacyObject.issuer, legacyObjectCheck.issuer);
3091cb0ef41Sopenharmony_ci  assert.deepStrictEqual(legacyObject.infoAccess, legacyObjectCheck.infoAccess);
3101cb0ef41Sopenharmony_ci  assert.strictEqual(legacyObject.modulus, legacyObjectCheck.modulus);
3111cb0ef41Sopenharmony_ci  assert.strictEqual(legacyObject.bits, legacyObjectCheck.bits);
3121cb0ef41Sopenharmony_ci  assert.strictEqual(legacyObject.exponent, legacyObjectCheck.exponent);
3131cb0ef41Sopenharmony_ci  assert.strictEqual(legacyObject.valid_from, legacyObjectCheck.valid_from);
3141cb0ef41Sopenharmony_ci  assert.strictEqual(legacyObject.valid_to, legacyObjectCheck.valid_to);
3151cb0ef41Sopenharmony_ci  assert.strictEqual(legacyObject.fingerprint, legacyObjectCheck.fingerprint);
3161cb0ef41Sopenharmony_ci  assert.strictEqual(
3171cb0ef41Sopenharmony_ci    legacyObject.fingerprint256,
3181cb0ef41Sopenharmony_ci    legacyObjectCheck.fingerprint256);
3191cb0ef41Sopenharmony_ci  assert.strictEqual(
3201cb0ef41Sopenharmony_ci    legacyObject.serialNumber,
3211cb0ef41Sopenharmony_ci    legacyObjectCheck.serialNumber);
3221cb0ef41Sopenharmony_ci}
3231cb0ef41Sopenharmony_ci
3241cb0ef41Sopenharmony_ci{
3251cb0ef41Sopenharmony_ci  // This X.509 Certificate can be parsed by OpenSSL because it contains a
3261cb0ef41Sopenharmony_ci  // structurally sound TBSCertificate structure. However, the SPKI field of the
3271cb0ef41Sopenharmony_ci  // TBSCertificate contains the subjectPublicKey as a BIT STRING, and this bit
3281cb0ef41Sopenharmony_ci  // sequence is not a valid public key. Ensure that X509Certificate.publicKey
3291cb0ef41Sopenharmony_ci  // does not abort in this case.
3301cb0ef41Sopenharmony_ci
3311cb0ef41Sopenharmony_ci  const certPem = `-----BEGIN CERTIFICATE-----
3321cb0ef41Sopenharmony_ciMIIDpDCCAw0CFEc1OZ8g17q+PZnna3iQ/gfoZ7f3MA0GCSqGSIb3DQEBBQUAMIHX
3331cb0ef41Sopenharmony_ciMRMwEQYLKwYBBAGCNzwCAQMTAkdJMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXph
3341cb0ef41Sopenharmony_cidGlvbjEOMAwGA1UEBRMFOTkxOTExCzAJBgNVBAYTAkdJMRIwEAYDVQQIFAlHaWJy
3351cb0ef41Sopenharmony_ciYWx0YXIxEjAQBgNVBAcUCUdpYnJhbHRhcjEgMB4GA1UEChQXV0hHIChJbnRlcm5h
3361cb0ef41Sopenharmony_cidGlvbmFsKSBMdGQxHDAaBgNVBAsUE0ludGVyYWN0aXZlIEJldHRpbmcxHDAaBgNV
3371cb0ef41Sopenharmony_ciBAMUE3d3dy53aWxsaWFtaGlsbC5jb20wIhgPMjAxNDAyMDcwMDAwMDBaGA8yMDE1
3381cb0ef41Sopenharmony_ciMDIyMTIzNTk1OVowgbAxCzAJBgNVBAYTAklUMQ0wCwYDVQQIEwRSb21lMRAwDgYD
3391cb0ef41Sopenharmony_ciVQQHEwdQb21lemlhMRYwFAYDVQQKEw1UZWxlY29taXRhbGlhMRIwEAYDVQQrEwlB
3401cb0ef41Sopenharmony_ciRE0uQVAuUE0xHTAbBgNVBAMTFHd3dy50ZWxlY29taXRhbGlhLml0MTUwMwYJKoZI
3411cb0ef41Sopenharmony_cihvcNAQkBFiZ2YXNlc2VyY2l6aW9wb3J0YWxpY29AdGVsZWNvbWl0YWxpYS5pdDCB
3421cb0ef41Sopenharmony_cinzANBgkqhkiG9w0BAQEFAAOBjQA4gYkCgYEA5m/Vf7PevH+inMfUJOc8GeR7WVhM
3431cb0ef41Sopenharmony_ciCQwcMM5k46MSZo7kCk7VZuaq5G2JHGAGnLPaPUkeXlrf5qLpTxXXxHNtz+WrDlFt
3441cb0ef41Sopenharmony_ciboAdnTcqpX3+72uBGOaT6Wi/9YRKuCs5D5/cAxAc3XjHfpRXMoXObj9Vy7mLndfV
3451cb0ef41Sopenharmony_ci/wsnTfU9QVeBkgsCAwEAAaOBkjCBjzAdBgNVHQ4EFgQUfLjAjEiC83A+NupGrx5+
3461cb0ef41Sopenharmony_ciQe6nhRMwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAH
3471cb0ef41Sopenharmony_ciBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVy
3481cb0ef41Sopenharmony_ciaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4GBALLiAMX0cIMp
3491cb0ef41Sopenharmony_ci+V/JgMRhMEUKbrt5lYKfv9dil/f22ezZaFafb070jGMMPVy9O3/PavDOkHtTv3vd
3501cb0ef41Sopenharmony_citAt3hIKFD1bJt6c6WtMH2Su3syosWxmdmGk5ihslB00lvLpfj/wed8i3bkcB1doq
3511cb0ef41Sopenharmony_ciUcXd/5qu2GhokrKU2cPttU+XAN2Om6a0
3521cb0ef41Sopenharmony_ci-----END CERTIFICATE-----`;
3531cb0ef41Sopenharmony_ci
3541cb0ef41Sopenharmony_ci  const cert = new X509Certificate(certPem);
3551cb0ef41Sopenharmony_ci  assert.throws(() => cert.publicKey, {
3561cb0ef41Sopenharmony_ci    message: common.hasOpenSSL3 ? /decode error/ : /wrong tag/,
3571cb0ef41Sopenharmony_ci    name: 'Error'
3581cb0ef41Sopenharmony_ci  });
3591cb0ef41Sopenharmony_ci
3601cb0ef41Sopenharmony_ci  assert.strictEqual(cert.checkIssued(cert), false);
3611cb0ef41Sopenharmony_ci}
362